Last 50 Rule Changes

Results from Main web retrieved at 01:56 (GMT)

My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert tcp any any any 4786 (msg:`ET EXPLOIT Cisco Smart Install Exploitation Tool GetConfig`; flow:established,to server; content:` 00 00 00 01 00 00 00 01 00 ...
alert udp $EXTERNAL NET 53 $HOME NET any (msg:`ET TROJAN DNS Reply Sinkhole Anubis 195.22.26.192/26`; content:` 00 01 00 01 `; content:` 00 04 c3 16 1a `; distance ...
alert tcp any any any 4786 (msg:`ET EXPLOIT Cisco Smart Install Exploitation Tool ChangeConfig`; flow:established,to server; content:` 00 00 00 01 00 00 00 01 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Quant Loader Download Response M2`; flow:from server,established; content:`200`; http stat code; content ...
alert tcp any any any 4786 (msg:`ET INFO Cisco Smart Install Protocol Observed`; flow:established,only stream; content:` 00 00 00 01 00 00 00 01 `; depth:8; metadata ...
alert tcp any any any 4786 (msg:`ET EXPLOIT Cisco Smart Install Exploitation Tool Update Ios and Execute`; flow:established,to server; content:` 00 00 00 01 00 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Generic Popupwnd Phishing Landing 2018 04 19`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS MyADP Phishing Landing 2018 04 19`; flow:established,to client; file data; content:`Login to ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Centurylink Phishing Landing 2018 04 19`; flow:established,to client; file data; content:`centurylink ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Microsoft Account Phishing Landing M2 2018 04 19`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Comcast/Xfinity Phishing Landing 2018 04 19`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Microsoft Account Phishing Landing M1 2018 04 19`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS LCL Banque Phishing Landing 2018 04 19`; flow:established,to client; file data; content:`lcl ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Vulnerable Java Version 10.0.x Detected`; flow:established,to server; content:`Java/10.0.`; http user ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS PDF Cloud Phishing Landing 2018 04 19`; flow:established,to client; file data; content:`Sign ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Dropbox 000webhost Phishing Landing 2018 04 19`; flow:established,to client; file data; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Vulnerable Java Version 9.0.x Detected`; flow:established,to server; content:`Java/9.`; http user agent ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Evil Redirector Leading to EK Sep 12 2016`; flow:established,from server; content:`Set Cookie 3a 20 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Java Download non Jar file`; flow:established,to server; content:!`.jar`; http uri; nocase; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Bank of America Phishing Landing 2018 04 19`; flow:established,to client; file data; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Vulnerable Java Version 1.4.x Detected`; flow:established,to server; content:`Java/1.4.`; http user agent ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Vulnerable Java Version 1.5.x Detected`; flow:established,to server; content:` Java/1.5.`; nocase; http ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
TWiki Site Statistics Monthly Site Statistics Data Month WebsTotal WebsViewed Websupdated TopicsTotal TopicsViewed TopicsUpdated Attach ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Mail Verification Phishing Landing 2018 04 18`; flow:established,to client; file data; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic Phish (set) 2018 04 17`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Internal Host Retrieving External IP via myip.dnsomatic.com`; flow:established,to server; content:`Host ...
alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH Locky C2 Domain (dyoravdkiavfkbkx in DNS Lookup)`; dns query; content:`dyoravdkiavfkbkx`;depth:16; reference ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Halkbank Phish M1 2018 04 16`; flow:established,to server; content:`POST`; http method ...
alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH Locky C2 Domain (dypmoywmjrevboat in DNS Lookup)`; dns query; content:`dypmoywmjrevboat`;depth:16; reference ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Facebook Phish 2018 04 16`; flow:established,to server; content:`POST`; http method ...
alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH Locky C2 Domain (lvanwwbyabcfevyi in DNS Lookup)`; dns query; content:`lvanwwbyabcfevyi`;depth:16; reference ...
alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH Locky C2 Domain (yaynawvtuqcarjwc in DNS Lookup)`; dns query; content:`yaynawvtuqcarjwc`;depth:16; reference ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Google Drive Phishing Landing 2018 04 14`; flow:established,to client; file data; content:`method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful DenizBank Phish 2018 04 16`; flow:established,to server; content:`POST`; http method ...
alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH Locky C2 Domain (jjjooyeohgghgtwn in DNS Lookup)`; dns query; content:`jjjooyeohgghgtwn`;depth:16; reference ...
alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH Locky C2 Domain (uxwavkmttywsuynt in DNS Lookup)`; dns query; content:`uxwavkmttywsuynt`;depth:16; reference ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Halkbank Phish M2 2018 04 16`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Possible EXE Download From Suspicious TLD (.work) set`; flow:established,to server; content:`.work 0d ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Possible EXE Download From Suspicious TLD (.gq) set`; flow:established,to server; content:`.gq 0d 0a ...
alert dns $HOME NET any any any (msg:`ET TROJAN Observed GandCrab Payment Domain (gandcrab2pie73et in DNS Lookup)`; dns query; content:`gandcrab2pie73et`; nocase ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN LokiBot Fake 404 Response`; flow:established,from server; flowbits:isset,ET.LokiBot; content:`404`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Possible EXE Download From Suspicious TLD (.webcam) set`; flow:established,to server; content:`.webcam ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN LokiBot Keylogger Data Exfiltration Detected M1`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN LokiBot User Agent (Charon/Inferno)`; flow:established,to server; content:`(Charon 3b Inferno)`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN LokiBot File Exfiltration Detected`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Possible EXE Download From Suspicious TLD (.men) set`; flow:established,to server; content:`.men 0d 0a ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN LokiBot Request for C2 Commands Detected M2`; flow:established,to server; content:`POST`; http method ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats