50 Recent Changes in Main Web retrieved at 18:06 (GMT)

alert tcp $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS ELF file magic encoded ASCII Inbound Web Servers Likely Command Execution 4`; flow:established ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE iOS/Bahamut DNS Lookup 5`; dns query; content:`wpitcher.com`; nocase; isdataat:1,relative; metadata: former ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE iOS/Bahamut DNS Lookup 4`; dns query; content:`techwach.com`; nocase; isdataat:1,relative; metadata: former ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE iOS/Bahamut DNS Lookup 3`; dns query; content:`voguextra.com`; nocase; isdataat:1,relative; metadata: former ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE iOS/Bahamut DNS Lookup 2`; dns query; content:`al enayah.com`; nocase; isdataat:1,relative; metadata: former ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE iOS/Bahamut DNS Lookup`; dns query; content:`ios certificate update.com`; nocase; isdataat:1,relative; metadata ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY WMIC WMI Request Over SMB Likely Lateral Movement`; flow:established,to server; content:`SMB`; depth:8; content ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY RunDll Request Over SMB Likely Lateral Movement`; flow:established,to server; content:`SMB`; depth:8; content ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY Powershell Command With NonInteractive Argument Over SMB Likely Lateral Movement`; flow:established,to server ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY Powershell Command With Execution Bypass Argument Over SMB Likely Lateral Movement`; flow:established,to server ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY Powershell Command With No Profile Argument Over SMB Likely Lateral Movement`; flow:established,to server; content ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY Powershell Command With Encoded Argument Over SMB Likely Lateral Movement`; flow:established,to server; content ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY Powershell Command With Hidden Window Argument Over SMB Likely Lateral Movement`; flow:established,to server; ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY Powershell Activity Over SMB Likely Lateral Movement`; flow:established,to server; content:`SMB`; depth:8; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Vulnerable Java Version 10.0.x Detected`; flow:established,to server; content:`Java/10.0.`; http user ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Vulnerable Java Version 9.0.x Detected`; flow:established,to server; content:`Java/9.`; http user agent ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32.Berbew Check in`; flow:to server,established; content:`POST`; http method; content:`.NET CLR 00000000 ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
Malware Strain Docs Navigation MattJonkman 11 Jul 2008
alert tcp $EXTERNAL NET any $HOME NET 23 (msg:`ET EXPLOIT Cisco Telnet Buffer Overflow`; flow: to server,established; content:` 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f 3f ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 3`; flow:established ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 2`; flow:established ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 1`; flow:established ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Fake Adobe Software Update Landing`; flow:established,to client; content:`200`; http stat code ...
alert tcp $HOME NET 445 any any (msg:`ET POLICY SMB Remote AT Scheduled Job Pipe Creation`; flow:established,to client; content:`SMB`; depth:8; content:`\\PIPE ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB2 Remote AT Scheduled Job Create Request`; flow:established,to server; content:`SMB`; depth:8; content:` 05 00 ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB Remote AT Scheduled Job Create Request Possible Lateral Movement`; flow:established,to server; content:`SMB ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB2 NT Create AndX Request For a .sys File Possible Lateral Movement`; flow:established,to server; content:`SMB ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB NT Create AndX Request For a .sys File Possible Lateral Movement`; flow:established,to server; content:`SMB ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB2 NT Create AndX Request For a DLL File Possible Lateral Movement`; flow:established,to server; content:`SMB ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB NT Create AndX Request For a DLL File`; flow:established,to server; content:`SMB A2 `; depth:9; content:` 2E ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB2 NT Create AndX Request For a .bat File`; flow:established,to server; content:`SMB`; depth:8; content:` 05 00 ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB NT Create AndX Request For a .bat File`; flow:established,to server; content:`SMB A2 `; depth:9; content:` 2E ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB2 NT Create AndX Request For a Powershell .ps1 File`; flow:established,to server; content:`SMB`; depth:8; content ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB NT Create AndX Request For a Powershell .ps1 File`; flow:established,to server; content:`SMB A2 `; depth:9; ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB2 NT Create AndX Request For an Executable File In a Temp Directory`; flow:established,to server; content:`SMB ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB NT Create AndX Request For an Executable File In a Temp Directory`; flow:established,to server; content:`SMB ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB2 NT Create AndX Request For an Executable File`; flow:established,to server; content:`SMB`; depth:8; content ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB NT Create AndX Request For an Executable File`; flow:established,to server; content:`SMB A2 `; depth:9; content ...
alert tcp any any $HOME NET 445 (msg:`ET POLICY SMB Executable File Transfer`; flow:established,to server; content:`SMB`; depth:8; content:`MZ`; distance:0; byte ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Bank of America Phishing Landing`; flow:established,to client; content:`200`; http stat code ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Rostpay Downloader User Agent`; flow:established,to server; content:`Rostpay Downloader`; nocase; depth ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Suspicious Wordpress Redirect Possible Phishing Landing (set) Jan 7`; flow:to server,established ...
alert ip $EXTERNAL NET any $HOME NET any (msg:`ET SHELLCODE Execve(/bin/sh) Shellcode`; content:` 31 c0 50 68 2f 2f 73 68 68 2f 62 69 6e 89 e3 50 53 89 e1 b0 0b ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Adobe Online Document Phishing Landing M1 Mar 25 2017`; flow:established,to client; content: ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Apple Phishing Landing Nov 10 2017`; flow:established,to client; file data; content:` Added 2018 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Chase Account Phish Landing Oct 22`; flow:established,from server; file data; content:`Sign in ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Chase Mobile Phishing Landing M2`; flow:established,to client; content:`200`; http stat code ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DHL Phish Landing Sept 14 2015`; flow:established,to client; file data; content:`DHL 7c Tracking ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Dropbox Phishing Landing Feb 27 2017`; flow:from server,established; file data; content:`Dropbox ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats