Last 50 Rule Changes

Results from Main web retrieved at 21:03 (GMT)

My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Samsung Galaxy Knox Android Browser RCE smdm attempt`; flow:to client,established; file data; content ...
alert tcp any any $HOME NET 445 (msg:`ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (NT Create AndX .so) (CVE 2017 7494)`; flow:to server,established ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN APT32 Komprogo DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 04 news 0a lightpress ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE User Agent (???)`; flow:established,to server; content:` 0d 0a User Agent 3a ???`; http header; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Banco do Brasil Phish May 25 2017`; flow:to server,established; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Banco do Brasil Phish Mar 30 2017`; flow:to server,established; content:`POST`; http ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN APT32 Komprogo DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 03 syn 07 timeizu ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN APT32 Komprogo DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 05 check 0b ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN APT32 Komprogo DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 06 mobile 0a ...
alert tcp any any $HOME NET 445 (msg:`ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (.so file write to share) (CVE 2017 7494)`; flow:to server,established ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN APT32 Komprogo DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 04 blog 08 docksugs ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Scotiabank Phish M1 May 24 2017`; flow:to server,established; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Scotiabank Phish M2 May 24 2017`; flow:to server,established; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MalDoc Retrieving Payload May 23 2017 2`; flow:established,to server; content:`GET`; http method; content ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN UIWIX Ransomware .onion Payment Domain (4ujngbdqqm6t2c53)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Spora Ransomware DNS Query`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 05 spora 02 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 3`; flow:established,to server; content:`ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf ...
alert smtp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Agent Tesla Keylogger Report SMTP`; flow:established,to server; content:`From 3a `; nocase; content: ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible WannaCry DNS Lookup 3`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 29 ayylmaotjhsstasdfasdfasdfasdfasdfasdfasdf ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 2`; flow:established,to server; content:`iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1`; flow:established,to server; content:`iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible WannaCry DNS Lookup 5`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 29 iuqerfsodp9ifjaposdfjhgosurijfaewrwergweb ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible WannaCry DNS Lookup 4`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 29 iuqssfsodp9ifjaposdfjhgosurijfaewrwergwea ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible WannaCry DNS Lookup 1`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 29 iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 5`; flow:established,to server; content:`iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible WannaCry DNS Lookup 2`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 29 ifferfsodp9ifjaposdfjhgosurijfaewrwergwea ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 4`; flow:established,to server; content:`iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/ASPC Bot CnC Checkin M2`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL/EasyLocker Ransomware CnC Activity`; flow:established,to server; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/ASPC Bot CnC Checkin M1`; flow:established,to server; content:`GET`; http method; content:`.php ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Suspicious Mozilla User Agent Likely Fake (Mozilla/4.0)`; flow:to server,established; content:`User ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Loki Bot Request for C2 Commands Detected M2`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Loki Bot Screenshot Exfiltration Detected`; flow:established,to server; content:`POST`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M2`; flow:established,to server; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M1`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET 8080 (msg:`ET TROJAN W32/Dridex POST CnC Beacon`; flow:established,to server; urilen:1; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MWI Maldoc Posting Host Data`; flow:established,to server; content:`POST`; http method; content:` act ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Multibrowser Resource Exhaustion observed in Tech Support Scam`; flow:from server,established ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MWI Maldoc Load Payload`; flow:established,to server; content:` act `; http uri; fast pattern:only; pcre ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Loki Bot Request for C2 Commands Detected M1`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Loki Bot File Exfiltration Detected`; flow:established,to server; content:`POST`; http method; content ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats