Last 50 Rule Changes

Results from Main web retrieved at 12:35 (GMT)

alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Panda Banker Injects)`; flow:established,to client; tls cert subject; content ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Panda Banker C2 Domain (uiaoduiiej .chimkent .su in TLS SNI)`; flow:established,to server; tls sni; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity Tinba (Banking Trojan) HTTP Header`; flow:established,to server; content:`POST`; http method ...
alert dns $HOME NET any any any (msg:`ET TROJAN Panda Banker C2 Domain (uiaoduiiej .chimkent .su in DNS Lookup)`; dns query; content:`uiaoduiiej.chimkent.su`; isdataat ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity Tinba (Banking Trojan) Check in`; flow:established,to server; content:`Mozilla/5.0 (compatible ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Panda Banker C2)`; flow:established,to client; tls cert subject; content ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Panda Banker Injects Domain (urimchi3dt4 .website in TLS SNI)`; flow:established,to server; tls sni; content ...
alert dns $HOME NET any any any (msg:`ET TROJAN Panda Banker Injects Domain (urimchi3dt4 .website in DNS Lookup)`; dns query; content:`urimchi3dt4.website`; isdataat ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity PMJ (MICROPSIA)`; flow:established, to server; content:`POST`; http method; content:`daenerys ...
alert smb any any $HOME NET any (msg:`ET EXPLOIT Possible ETERNALBLUE Probe MS17 010 (MSF style)`; flow:to server,established; content:` ff SMB 25 00 00 00 00 18 ...
alert smb $HOME NET any any any (msg:`ET EXPLOIT ETERNALBLUE Probe Vulnerable System Response MS17 010`; flow:from server,established; content:` ff SMB 25 05 02 ...
alert smb any any $HOME NET any (msg:`ET EXPLOIT Possible ETERNALBLUE Probe MS17 010 (Generic Flags)`; flow:to server,established; content:` ff SMB 25 00 00 00 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Sharik/Smoke CnC Beacon 11`; flow:established,to server; content:`POST`; http method; content:`/`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Lazarus Downloader (JEUSD) CnC Beacon`; flow:established,to server; content:`POST`; http method; content ...
alert tcp $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN SSL Cert Associated with Lazarus Downloader (JEUSD)`; flow:established,from server; content:` 55 04 03 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Suspicious User Agent (HTTP CONNECT )`; flow:established,to server; content:`HTTP Connect `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Arkei Stealer Client Data Upload`; flow:established,to server; content:`POST`; http method; content ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO AutoIt User Agent Downloading EXE`; flow:established,to server; content:`GET`; http method; content:`.exe ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Outdated Flash Version M2`; flow:established,to server; content:`X Requested With 3a 20 ShockwaveFlash ...
alert udp $HOME NET any $EXTERNAL NET 53 (msg:`ET DNS Query to a .tk domain Likely Hostile`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Trojan Spy.AndroidOS.CrazyMango.a Checkin 2`; flow:to server,established; content:`POST`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET INFO Adobe PDX in HTTP Flowbit Set`; flow:from server,established; file data; content:`%PDX `; within:5; flowbits ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Trojan Spy.AndroidOS.CrazyMango.a CnC Beacon`; flow:to server,established; content:`POST`; http ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET INFO MP3 with ID3 in HTTP Flowbit Set`; flow:from server,established; file data; content:`ID3`; within ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Trojan Spy.AndroidOS.CrazyMango.a Checkin`; flow:to server,established; content:`POST`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET INFO Adobe Flash Uncompressed in HTTP Flowbit Set`; flow:from server,established; file data; content:`FWS`; ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN eSentire Remcos RAT Checkin 25`; flow:established,to server; dsize: Added 2018 08 09 17:39:45 UTC
alert tcp pkt any 445 $HOME NET any (msg:`ET EXPLOIT SMB Null Pointer Dereference PoC Inbound (CVE 2018 0833)`; flow:from server,established; content:` FD 53 4D ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Suspicious User Agent (1 space)`; flow:to server,established; content:`User Agent 3a 20 0d 0a `; http ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL/Eredel Stealer CnC Checkin`; flow:established,to server; content:`POST`; http method; content:` ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Microsoft Phishing Landing 2018 08 07`; flow:established,to client; file data; content:`sign ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Alibaba Phishing Landing 2018 08 07`; flow:established,to client; file data; content:`content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET POLICY TRR DNS over HTTPS detected`; flow:established,to server; content:`application/dns udpwireformat ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Adobe Phishing Landing 2018 08 07`; flow:established,to client; file data; content:`adobe pdf ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Microsoft Ajax Phishing Landing 2018 08 07`; flow:established,to client; file data; content: ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Free Mobile Phishing Landing 2018 08 07`; flow:established,to client; file data; content:`free ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Paypal Phishing Landing 2018 08 07`; flow:established,to client; file data; content:`log in to ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Christian Mingle Phishing Landing 2018 08 07`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Microsoft Account Phishing Landing 2018 08 07`; flow:established,to client; file data; content ...
alert tcp any any $HOME NET any (msg:`ET EXPLOIT Mikrotik Winbox RCE Attempt`; flow:established,to server; content:` 680100664d320500ff010600ff09050700ff090701000021352f2f2f2f2f2e2f2e2e2f2f2f2f2f2f2e2f2e2e2f2f2f2f2f2f2e2f2e2e2f666c6173682f72772f73746f72652f757365722e6461740200ff88020000000000080000000100ff8802000200000002000000 ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE NSO Related Domain 40`; dns query; content:`breakthenews.net`; nocase; isdataat:1,relative; reference:url ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE NSO Related Domain 38`; dns query; content:`breaking news.co`; nocase; isdataat:1,relative; reference:url ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE NSO Related Domain 39`; dns query; content:`breakingnewsasia.com`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE NSO Related Domain 35`; dns query; content:`arabnews365.com`; nocase; isdataat:1,relative; reference:url ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE NSO Related Domain 34`; dns query; content:`eltiempo news.com`; nocase; isdataat:1,relative; reference:url ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE NSO Related Domain 36`; dns query; content:`arabworldnews.info`; nocase; isdataat:1,relative; reference ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats