Last 50 Rule Changes

Results from Main web retrieved at 14:46 (GMT)

alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN SSL/TLS Certificate Observed (Magecart)`; flow:established,to client; tls cert subject; content:`OU Domain ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Possible Magecart Credit Card Information JS Script`; flow:established,to client; content:`200`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Legion Loader Activity Observed (neva project)`; flow:established,to server; content:`User Agent 3a 20 ...
alert dns $HOME NET any any any (msg:`ET TROJAN Magecart CnC Domain Observed in DNS Query`; dns query; content:`marketplace magento.com`; nocase; isdataat:1,relative ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN SSL/TLS Certificate Observed (Various Crimeware)`; flow:established,to client; tls cert subject; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Legion Loader Activity Observed (Mylegion666)`; flow:established,to server; content:`User Agent 3a 20 ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (ACBackdoor CnC)`; flow:established,from server; tls cert serial; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Legion Loader Activity Observed (salmonella symptome)`; flow:established,to server; content:`User Agent ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Ursnif CnC)`; flow:from server,established; tls cert subject; content:`CN ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Legion Loader Activity Observed (satan)`; flow:established,to server; content:`User Agent 3a 20 satan ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Possible Godlua CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET POLICY Observed SSL Cert (DoH Service)`; flow:from server,established; tls cert subject; content:`CN www.rubyfish ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Legion Loader Activity Observed (suspira)`; flow:established,to server; content:`User Agent 3a 20 suspiria ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (ACBackdoor CnC)`; flow:established,from server; tls cert serial; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Legion Loader Activity Observed (YourUserAgent)`; flow:established,to server; content:`User Agent 3a ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 Kayla`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Legion Loader Activity Observed`; flow:established,to server; content:`User Agent 3a 20 fuck u`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Legion Loader Activity Observed (Amen)`; flow:established,to server; content:`User Agent 3a 20 Amen` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Legion Loader Activity Observed (lilith)`; flow:established,to server; content:`User Agent 3a 20 lilith ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 OSIRIS`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Legion Loader Activity Observed (legion)`; flow:established,to server; content:`User Agent 3a 20 legion ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Legion Loader Activity Observed (the devil)`; flow:established,to server; content:`User Agent 3a 20 The ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN Zmap User Agent (Inbound)`; flow:established,to server; content:`Mozilla/5.0 zgrab/0.x`; http user agent; depth ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 Sector`; ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 Messiah`; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ELF/Mirai Variant UA Outbound (ph0ne)`; flow:established,to server; content:`User Agent 3a 20 ph0ne` ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 Sector`; http header ...
alert http $EXTERNAL NET any any any (msg:`ET TROJAN ELF/Mirai Variant UA Inbound (muhstik)`; flow:established,to server; content:`muhstik`; http user agent; nocase ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 B4ckdoor 0d 0a `; ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 Kayla`; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 Gemini`; ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 Gemini`; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 Nija`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 Hakai`; http ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 Liquor`; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 B4ckdoor ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 Hakai`; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 DEMONS`; ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 DEMONS`; http header ...
alert http $EXTERNAL NET any any any (msg:`ET TROJAN ELF/Mirai Variant UA Inbound (Shaolin)`; flow:established,to server; content:`Shaolin`; http user agent; nocase ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 Liquor`; ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 OSIRIS`; http header ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 Nija`; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 Messiah` ...
alert http $EXTERNAL NET any any any (msg:`ET TROJAN ELF/Mirai Variant UA Inbound (Damien)`; flow:established,to server; content:`Damien`; http user agent; nocase ...
alert http $EXTERNAL NET any any any (msg:`ET TROJAN ELF/Mirai Variant UA Inbound (Cakle)`; flow:established,to server; content:`Cakle`; http user agent; nocase ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Windows TaskList Microsoft Windows DOS prompt command exit OUTBOUND`; flow:established,to server; content ...
alert http $EXTERNAL NET any any any (msg:`ET TROJAN ELF/Mirai Variant UA Inbound (Yowai)`; flow:established,to server; content:`Yowai`; http user agent; nocase ...
alert http $EXTERNAL NET any any any (msg:`ET TROJAN ELF/Mirai Variant UA Inbound (Tsunami)`; flow:established,to server; content:`Tsunami`; http user agent; nocase ...
alert http $EXTERNAL NET any any any (msg:`ET TROJAN ELF/Mirai Variant UA Inbound (Hentai)`; flow:established,to server; content:`Hentai`; http user agent; nocase ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats