50 Recent Changes in Main Web retrieved at 12:40 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN HTTP Request with suspicious filename myguy`; flow:established,to server; content:`myguy`; http uri ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Bitshifter Ransomware CnC Checkin`; flow:established,to server; content:`GET`; http method; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible NotPetya Related DNS query`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0d ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible NotPetya Related DNS query`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0e ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Shifr Ransomware Malicious Domain in SNI Observed`; flow:to server,established; content:` 00 00 19 v5t5z6a55ksmt3oh ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET INFO HTTP POST to Free Webhost Possible Successful Phish (site40 . net) Jul 18 2017`; flow:to server ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed Malicious Domain SSL Cert in SNI (Unknown Stealer CnC)`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE ProxyGearPro Proxy Tool PUA`; flow:to server,established; content:`GET`; http method; content:`Proxy ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DarkHotel Downloader CnC Beacon 2`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DarkHotel Downloader CnC Beacon 1`; flow:established,to server; content:`GET`; http method; content: ...
alert udp $HOME NET any $EXTERNAL NET 69 (msg:`ET TFTP Outbound TFTP Data Transfer With Cisco Config 2`; content:` 00 03 `; depth:2; content:`NVRAM config last ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Tech Support Scam Landing Jul 19 2017`; flow:from server,established; content:`200`; http stat ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN Win32/Parite.B Checkin 3`; flow:to server,established; dsize: 1000; content:` 00 00 00 00 9c 00 00 00 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN InstallCore Variant CnC Checkin`; flow:established,to server; urilen:1; content:`POST`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Trojan Banker.AndroidOS.Marcher.a Checkin`; flow:to server,established; content:`POST`; http ...
alert udp $HOME NET any any 53 (msg:`ET POLICY OpenDNS IP Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 04 myip 07 opendns 03 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Possible External IP Lookup whoer.net`; flow:established,to server; content:`Host 3a 20 whoer.net 0d ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.Chroject.B Retrieving encoded payload`; flow:to server,established; content:`GET`; http method ...
alert tcp $HOME NET any $EXTERNAL NET 442,443,446,447,8001 (msg:`ET TROJAN Win32/Ramnit Checkin`; flow:established,to server; dsize:6; content:` 00 ff `; depth ...
alert udp $HOME NET any $EXTERNAL NET 69 (msg:`ET TFTP Outbound TFTP Data Transfer with Cisco config`; content:` 00 03 `; depth:2; content:` 0a 21 20 version 20 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN CoinMiner Known Malicious Stratum Authline (2017 07 17 7)`; flow:established,to server; dsize: Added 2017 ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN Win32/Parite.B Checkin 3`; flow:to server,established; dsize: 1000; content:` 00 00 00 00 9c 00 00 00 ...
alert tcp $HOME NET any $EXTERNAL NET 6666:7000 (msg:`ET TROJAN IRC Private message on non standard port`; flow:to server,established; dsize: Added 2017 06 06 16 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Observed Malicious DNS Query (Reyptson Ransomware CnC)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN CoinMiner Known Malicious Stratum Authline (2017 07 11 1)`; flow:established,to server; dsize: Added 2017 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Tinba Banker CnC Response`; flow:established,from server; file data; content:` 00 00 00 00 48 65 61 44 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Excel Online Phishing Landing Title over non SSL`; flow:established,to client; file ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Tesco Bank Phish M1 Nov 08 2016`; flow:to server,established; content:`POST`; http ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http any any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS OGNL Expression Injection (CVE 2017 9791)`; flow:established,to server; content:`POST`; http method ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Observed DNS Query to Known Fenrir Ransomware CnC Domain`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Remax Phish Other Creds Jun 23 2015`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Remax Phish AOL Creds Jun 23 2015`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Dropbox Phish June 17 2015`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Google Drive Phish June 17 2015`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Adobe Phish Jun 17 2015`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Remax Phish Hotmail Creds Nov 25 2013`; flow:established,to server; content ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Striked Ransomware CnC Checkin`; flow:established,to server; content:`POST`; depth:4; content:` ...
alert udp $HOME NET any any 53 (msg:`ET CURRENT EVENTS DNS Query to Generic 107 Phishing Domain`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic 107 Phish Jul 13 2017`; flow:to server,established; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Netflix Payment Phish M1 Jan 04 2017`; flow:to server,established; content:`POST` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN LockPOS CnC`; flow:to server,established; content:`POST`; http method; content:`lock`; fast pattern; ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats