Last 50 Rule Changes

Results from Main web retrieved at 08:56 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Generic POST To .php w/Extended ASCII Characters`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Apple iPhone Implant Boundary Observed`; flow:established,to server; content:`multipart/form ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Apple iPhone Implant Upload Files`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Apple iPhone Implant Command Executed`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PAC Retreiving Malicious VBScript`; flow:established,to server; content:`GET`; http method; content: ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN eSentire ADIO CnC Checkin`; flow:to server,established; dsize: Added 2021 01 13 19:01:53 UTC ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Banload CnC Activity`; flow:to server,established; content:`POST`; http method; content:`.php`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Obfuscated Javascript // ptth`; flow:from server,established; content:`200`; http stat code; file ...
#alert smb any any $HOME NET any (msg:`ET TROJAN 401TRG SMB Create AndX Request For Emotet Spreader`; flow:established,to server; content:`SMB`; depth:8; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Mobile Device Posting Phone Number`; flow:established,to server; content:`POST`; nocase; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TRM Data Exfil (sysinfo)`; flow:established,to server; content:`POST`; http method; content:`dkv `; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Worm W32.Svich or Other Infection Request for setting.ini`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN User Agent in Referer Field Likely Malware`; flow:established,to server; content:`Referer 3A 20 Mozilla ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Bedep Connectivity Check (2)`; flow:established,to server; content:`POST`; http method; urilen ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET INFO 3XX redirect to data URL`; flow:from server,established; content:`3`; depth:1; http stat code; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET INFO PDF Containing Subform with JavaScript`; flow:established,to client; file data; content:`%PDF`; within ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Poweliks GET Request`; flow:established,to server; content:`GET`; http method; urilen:4; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Paypal Phishing Redirect M1 Feb 24 2017`; flow:from server,established; content:`302`; http stat ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET INFO Suspicious Redirect to Download EXE from Bitbucket`; flow:established,to client; content:`302`; http stat ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Successful Fedex/DHL Phish 2018 10 22`; flow:established,from server; flowbits:isset,ET.Fedex ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Poweliks Clickfraud CnC M3`; flow:to server,established; content:`GET`; http method; content:`.php?c ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Possible Phishing Redirect Feb 24 2017`; flow:from server,established; content:`302`; http stat code ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Zeprox.B Checkin`; flow:to server,established; content:`GET`; http method; content:`.php?a n 60 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.Nitol.K Variant CnC`; flow:established,to server; content:` 0b 00 00 00 `; depth:4; content:`Windows ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Backdoor.Randrew.A CnC Checkin`; flow:established,to server; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Ransom.Win32.Birele.gsg Checkin`; flow:established,to server; content:`.html`; http uri; content:`From ...
#alert tcp $HOME NET 25565 $EXTERNAL NET any (msg:`ET GAMES MINECRAFT Server response outbound`; flow:established,from server; content:` 7B 22 `; depth:10; classtype ...
#alert tcp $HOME NET any $EXTERNAL NET 443 (msg:`ET TROJAN Downloader.Win32.Tesch.A Bot Command Checkin 1`; flow:established,to server; dsize:51; content:` 03 00 ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Rincux CnC (set)`; content:` 01 00 00 00 `; depth:4; content:` 00 00 00 00 00 00 00 00 `; distance:0 ...
#alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Linux/DDoS.M distributed via CVE 2014 6271 Checkin`; flow:established,to server; content:`BUILD `; depth ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Possible Office Doc with Embedded VBA containing Reverse Meterpreter Shell`; flow:established,from server ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Gulcrypt.B Downloading components set`; flow:established,to server; urilen:8; content:`GET` ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN BePush/Kilim Checkin`; flow:established,to server; content:`GET`; http method; content:`/ok.txt`; http ...
#alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN RAT Keep Alive (flowbit set)`; flow:established,to server; dsize:2; content:`/P`; depth:2; flowbits ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Scieron Retrieving Information`; flow:established,to server; content:`GET`; http method; urilen:7; content ...
#alert tcp any any any 445 (msg:`ET TROJAN Possible KAPTOXA SMB Naming Format`; flow:to server,established; content:`SMB A2 `; content:` 5c 00 W 00 I 00 N 00 D ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN SpamBot Configuration File Request`; flow:established,to server; content:`/lts.txt`; fast pattern; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE CruseWin Retriving XML File from Hard Coded CnC`; flow:established,to server; content:`/flash ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)`; flow:established,to server; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Successful Generic Personalized Phish 2019 02 13`; flow:from server,established; content:`302 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Successful Poloniex Cryptocurrency Exchange Phish Aug 28 2017`; flow:to client,established; flowbits ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Successful Paxful Cryptocurrency Wallet Phish Aug 30 2017`; flow:to client,established; flowbits ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Suspicious Decimal IP Redirect Observed in RIG EK Redirects M2`; flow:from server,established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Suspicious Decimal IP Redirect Observed in RIG EK Redirects M3`; flow:from server,established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Suspicious Decimal IP Redirect Observed in RIG EK Redirects M1`; flow:from server,established ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN JS/WSF Downloader Dec 08 2016 M6`; flow:from server,established; flowbits:isset,et.IE7.NoRef.NoCookie ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Suspicious Decimal IP Redirect Observed in RIG EK Redirects M8`; flow:from server,established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Suspicious Decimal IP Redirect Observed in RIG EK Redirects M6`; flow:from server,established ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Successful Exmo Cryptocurrency Exchange Phish Aug 28 2017`; flow:to client,established; flowbits ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PHPs Labyrinth Backdoor Stage1 CnC Activity`; flow:established,to server; content:`GET`; http method ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats