Last 50 Rule Changes

Results from Main web retrieved at 18:39 (GMT)

My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CCleaner Backdoor DGA Jul 2017`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0d ab1abad1d0c2a ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CCleaner Backdoor DGA Jun 2017`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0d ab1c403220c27 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CCleaner Backdoor DGA Dec 2017`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0c ab70a139cc3a ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CCleaner Backdoor DGA Mar 2017`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0c aba9a949bc1d ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CCleaner Backdoor DGA Feb 2017`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0c ab6d54340c1a ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CCleaner Backdoor DGA May 2017`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0c ab3520430c23 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Possible Mobile Malware POST of IMSI International Mobile Subscriber Identity in URI`; flow:established ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Malicious Invoice EXE`; flow:established,to server; content:`GET`; http method; content:`/invoice ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CCleaner Backdoor DGA Apr 2017`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0d ab2da3d400c20 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CCleaner Backdoor DGA Sep 2017`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0d ab1145b758c30 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Lucifer Loader Requesting Payload`; flow:established,to server; urilen:15; content:`/demonsgate.php` ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Apple Phishing Landing Title over non SSL`; flow:established,to client; file data ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CCleaner Backdoor DGA Nov 2017`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0c ab3d685a0c37 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CCleaner Backdoor DGA Aug 2017`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0b ab8cee60c2d ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CCleaner Backdoor DGA Oct 2017`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0c ab890e964c34 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible CVE 2017 8759 Soap File DL`; flow:established,from server; file data; content:`process ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Turla Snake OSX DNS Lookup (car service .effers.com)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Zbot Activity Common Download Struct`; flow:to server,established; content:`.bin`; fast pattern ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kazuar CnC Beacon`; flow:established,to server; content:`GET`; http method; content:!`Accept`; http header ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Apple Phishing Landing M1 Sep 14 2017`; flow:to client,established; content:`200`; http stat ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Apple Phishing Landing M2 Sep 14 2017`; flow:to client,established; content:`200`; http stat ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Apple Phishing Landing M3 Sep 14 2017`; flow:to client,established; content:`200`; http stat ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN ABUSE.CH Cryptolocker Payment Page (de2nuvwegoo32oqv)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/ASPC Bot CnC Checkin M3`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible CVE 2017 8759 Soap File DL`; flow:established,from server; file data; content:`process ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Suspicious User Agent (1 space)`; flow:to server,established; content:`User Agent 3a 20 0d 0a `; http ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS HoeflerText Chrome Popup DriveBy Download Attempt 1`; flow:established,to client; file data; ...
alert udp any any any 53 (msg:`ET POLICY DNS Query to .onion proxy Domain (onion.top)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Outdated Flash Version M2`; flow:established,to server; content:`X Requested With 3a 20 ShockwaveFlash ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS RIG EK encrypted payload Sept 11 (1)`; flow:established,to client; file data; content:` 8d b1 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE PTsecurity Adware/Rukometa(LoadMoney) Fake PNG File`; flow:established,to client; content:`200`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL/August Stealer CnC Activity`; flow:established,to server; content:`POST`; http method; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS HoeflerText Chrome Popup DriveBy Download Attempt 2`; flow:established,to client; file data; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity JS.Trojan Downloader.Nemucod.yo HTTP POST (:Exec:)`; flow: established, to server; content ...
#alert tcp $EXTERNAL NET !$HTTP PORTS $HOME NET any (msg:`ET TROJAN PTsecurity pkt checker 1`; flow:established, to client; dsize:3033; stream size:server,,0 ...
#alert tcp $EXTERNAL NET !$HTTP PORTS $HOME NET any (msg:`ET TROJAN PTsecurity pkt checker 3`; flow:established, to client; dsize:3033; stream size:server, ,0 ...
#alert tcp $HOME NET any $EXTERNAL NET !$HTTP PORTS (msg:`ET TROJAN PTsecurity Backdoor.Win32/Remcos RAT pkt checker 4`; flow:established, to server; dsize:8193 ...
#alert tcp $HOME NET any $EXTERNAL NET !$HTTP PORTS (msg:`ET TROJAN PTsecurity pkt checker 0`; flow:established, to server; dsize:200513; stream size:client, ...
#alert tcp $HOME NET any $EXTERNAL NET !$HTTP PORTS (msg:`ET TROJAN PTsecurity pkt checker 2`; flow:established, to server; dsize:5093; stream size:server, ,0 ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET WEB CLIENT Download of .MOV Content flowbit set`; flow:established,to client; file data; content:` 6D ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET WEB CLIENT Download of Multimedia Content flowbit set`; flow:established,to client; file data; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Win32/LoadMoney Adware Activity`; flow:to server,established; content:`POST`; http method; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Unk.Bot CnC Checkin 2`; flow:established,to server; content:`GET`; http method; content:`.php?hwid ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Unk.Bot CnC Checkin`; flow:established,to server; content:`GET`; http method; content:`.php?hwid ...
alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Adwind)`; flow:established,from ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN ABUSE.CH Zloader CnC Domain Detected`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 1c ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats