Last 50 Rule Changes

Results from Main web retrieved at 06:25 (GMT)

alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Netwire RAT Check in 2`; flow:established,to client; stream size:server, Added 2022 08 10 17:48:04 UTC ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Netwire RAT Check in 2`; flow:established,to server; stream size:server, Added 2022 08 10 17:48:04 UTC ...
alert tcp $EXTERNAL NET ! 22,23,25,80,139,443,445 $HOME NET any (msg:`ET TROJAN Netwire RAT Check in`; flow:established,to client; stream size:server, Added 2022 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Netwire RAT Check in (set)`; flow:established,to server; stream size:server, Added 2022 08 10 17:48:04 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Netwire RAT Check in (set)`; flow:established,to server; stream size:server, Added 2022 08 10 17:48:04 ...
alert http any any any 5555,7547 (msg:`ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE`; flow:to server,established; content:`urn 3a dslforum org 3a service 3a Time ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET ATTACK RESPONSE Microsoft Powershell Banner Outbound`; flow:established; content:`Windows PowerShell`; nocase ...
alert dns $HOME NET any any any (msg:`ET TROJAN IoT reaper DNS Lookup M5 (bbk80 .com)`; dns query; content:`bbk80.com`; fast pattern; nocase; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN IoT reaper DNS Lookup M6 (bbk86 .com)`; dns query; content:`bbk86.com`; fast pattern; nocase; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN IoT reaper DNS Lookup M7 (ha859 .com)`; dns query; content:`ha859.com`; fast pattern; nocase; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET INFO DYNAMIC DNS Query to .myddns.me Domain`; flow:established,to server; dns query; content:`.myddns.me`; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN IoT reaper DNS Lookup M4 (cbk99 .com)`; dns query; content:`cbk99.com`; fast pattern; nocase; isdataat:1,relative ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Landing April 29 2015`; flow:established,from server; file data; content ...
alert ftp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN AgentTesla Exfil via FTP`; flow:established,to server; content:`STOR 20 PW `; depth:8; fast pattern; content ...
#alert tcp $EXTERNAL NET any $HOME NET 617 (msg:`ET EXPLOIT Arkeia full remote access without password or authentication`; flow:to server,established; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Arkei Stealer IP Lookup`; flow:established,to server; content:`POST`; http method; content:`Arkei/`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Arkei Stealer Config Download Request`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Vidar/Arkei Stealer Client Data Upload`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Vidar/Arkei/Megumin/Oski Stealer Data Exfil`; flow:established,to server; content:`POST`; http method ...
alert dns $HOME NET any any any (msg:`ET TROJAN SunOrcal Reaver Domain Observed (tashdqdxp .com) in DNS Lookup`; dns query; content:`tashdqdxp.com`; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN RouteX CnC Domain (3ec9b600789b3bacf2c72ebae142a9c3 .net) in DNS Lookup`; dns query; content:`3ec9b600789b3bacf2c72ebae142a9c3 ...
alert dns $HOME NET any any any (msg:`ET TROJAN RouteX CnC Domain (2fa3c2fa16c47d9b9bff8986a42b048f .com) in DNS Lookup`; dns query; content:`2fa3c2fa16c47d9b9bff8986a42b048f ...
alert dns $HOME NET any any any (msg:`ET TROJAN RouteX CnC Domain (c13a856f4a879a89e9a638207efd6c94 .biz) in DNS Lookup`; dns query; content:`c13a856f4a879a89e9a638207efd6c94 ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE AON / Glancelove DNS Lookup 5 (updatemobapp .website)`; dns query; content:`updatemobapp.website`; fast ...
alert dns $HOME NET any any any (msg:`ET TROJAN SunOrcal Reaver Domain Observed (olinaodi .com) in DNS Lookup`; dns query; content:`olinaodi.com`; fast pattern ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE AON / Glancelove DNS Lookup 2 (glancelove .com)`; dns query; content:`glancelove.com`; fast pattern; nocase ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE AON / Glancelove DNS Lookup 3 (autoandroidup .website)`; dns query; content:`autoandroidup.website`; fast ...
alert dns $HOME NET any any any (msg:`ET TROJAN SunOrcal Reaver Domain Observed (fyoutside .com) in DNS Lookup`; dns query; content:`fyoutside.com`; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN SunOrcal Reaver Domain Observed (weryhstui .com) in DNS Lookup`; dns query; content:`weryhstui.com`; fast pattern ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE AON / Glancelove DNS Lookup 4 (mobilestoreupdate .website)`; dns query; content:`mobilestoreupdate.website ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE AON / Glancelove DNS Lookup 1 (goldncup .com)`; dns query; content:`goldncup.com`; fast pattern; nocase ...
alert dns $HOME NET any any any (msg:`ET TROJAN IoT reaper DNS Lookup M3 (hi8529 .com)`; dns query; content:`hi8520.com`; nocase; isdataat:1,relative; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN Downeks/Quasar DNS Lookup (ping .topsite .life)`; dns query; content:`ping.topsite.life`; fast pattern; nocase; ...
alert dns $HOME NET any any any (msg:`ET TROJAN Downeks/Quasar DNS Lookup (moreoffer .life)`; dns query; content:`moreoffer.life`; fast pattern; nocase; depth:14 ...
alert dns $HOME NET any any any (msg:`ET TROJAN RouteX CnC Domain (aaafc94b3a37b75ae9cb60afc42e86fe .org) in DNS Lookup`; dns query; content:`aaafc94b3a37b75ae9cb60afc42e86fe ...
alert dns $HOME NET any any any (msg:`ET TROJAN RouteX CnC Domain (18bca7c5fd709ac468ba148c590ef6bf .net) in DNS Lookup`; dns query; content:`18bca7c5fd709ac468ba148c590ef6bf ...
alert dns $HOME NET any any any (msg:`ET TROJAN RouteX CnC Domain (73780fbd309561e201a4aee9914d882d .org) in DNS Lookup`; dns query; content:`73780fbd309561e201a4aee9914d882d ...
alert dns $HOME NET any any any (msg:`ET TROJAN RouteX CnC Domain (322ffbbc7c1b312c2f9d942f20422f8d .com) in DNS Lookup`; dns query; content:`322ffbbc7c1b312c2f9d942f20422f8d ...
alert dns $HOME NET any any any (msg:`ET TROJAN IoT reaper DNS Lookup M1 (hl852 .com)`; dns query; content:`hl852.com`; nocase; isdataat:1,relative; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN RouteX CnC Domain (0a0074066c49886a39b5a3072582f5d6 .net) in DNS Lookup`; dns query; content:`0a0074066c49886a39b5a3072582f5d6 ...
alert dns $HOME NET any any any (msg:`ET TROJAN Downeks/Quasar DNS Lookup (signup .updatesforme .club)`; dns query; content:`signup.updatesforme.club`; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN Downeks/Quasar DNS Lookup (download .data server .cloudns .club)`; dns query; content:`download.data server.cloudns ...
alert dns $HOME NET any any any (msg:`ET TROJAN IoT reaper DNS Lookup M2 (hl859 .com)`; dns query; content:`hl859.com`; nocase; isdataat:1,relative; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN RouteX CnC Domain (cba4a6e5d3c956548a337c52388473f1 .com) in DNS Lookup`; dns query; content:`cba4a6e5d3c956548a337c52388473f1 ...
alert dns $HOME NET any any any (msg:`ET TROJAN RouteX CnC Domain (dcb5684707f6c66492aaa9f7d9bfb5a6 .biz) in DNS Lookup`; dns query; content:`dcb5684707f6c66492aaa9f7d9bfb5a6 ...
alert dns $HOME NET any any any (msg:`ET POLICY Observed IP Lookup Domain (formyip .com in DNS Lookup)`; dns query; content:`formyip.com`; fast pattern; nocase ...
alert dns $HOME NET any any any (msg:`ET TROJAN OSX/Proton.C/D Domain (handbrakestore .com) in DNS Lookup`; dns query; content:`handbrakestore.com`; fast pattern ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN OSX/Proton.C/D Domain (handbrake .cc) in TLS SNI`; flow:established,to server; tls sni; content:`handbrake ...
alert dns $HOME NET any any any (msg:`ET TROJAN OSX/Proton.C/D Domain (handbrake .cc) in DNS Lookup`; dns query; content:`handbrake.cc`; fast pattern; nocase; isdataat ...
alert dns $HOME NET any any any (msg:`ET TROJAN BadRabbit Ransomware Payment Onion Domain`; dns query; content:`caforssztxqzf2nm.`; fast pattern; nocase; reference ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats