Last 50 Rule Changes

Results from Main web retrieved at 14:07 (GMT)

alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Steganographic Encoded WAV File Inbound via HTTP M1`; flow:established,from server; content:`200`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Steganographic Encoded WAV File Inbound via HTTP M2`; flow:established,from server; content:`200`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Vulnerable Java Version 12.0.x Detected`; flow:established,to server; content:`Java/12.0.`; http user ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE SoftwareTracking Site Install Report`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Vulnerable Java Version 12.0.x Detected`; flow:established,to server; content:`Java/13.0.`; http user ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT C 27 CnC Domain Observed in DNS Query`; dns query; content:`privatehd.us.to`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT C 27 CnC Domain Observed in DNS Query`; dns query; content:`chatsecure.uk.to`; nocase; isdataat:1,relative; ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT C 27 CnC Domain Observed in DNS Query`; dns query; content:`sex17.us.to`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT C 27 CnC Domain Observed in DNS Query`; dns query; content:`chatsecurelite.uk.to`; nocase; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT C 27 CnC Domain Observed in DNS Query`; dns query; content:`chatsecurelite.us.to`; nocase; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT C 27 CnC Domain Observed in DNS Query`; dns query; content:`encryptit.qc.to`; nocase; isdataat:1,relative; metadata ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Vulnerable Java Version 11.0.x Detected`; flow:established,to server; content:`Java/11.0.`; http user ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Vulnerable Java Version 10.0.x Detected`; flow:established,to server; content:`Java/10.0.`; http user ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Spelevo Download Payload Landing`; flow:established,to client; file data; content:`Please, wait ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Spelevo VBS Payload Downloaded`; flow:established,to server; content:`POST`; http method; content ...
alert dns $HOME NET any any any (msg:`ET TROJAN FatDuke Domain Observed`; dns query; content:`skagenyoga.com`; nocase; isdataat:1,relative; reference:url,www.welivesecurity ...
alert dns $HOME NET any any any (msg:`ET TROJAN LiteDuke Domain Observed`; dns query; content:`bandabonga.fr`; nocase; isdataat:1,relative; reference:url,www.welivesecurity ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE SoftwareTracking Site Download Report`; flow:established,to server; content:`POST`; http method; content ...
alert dns $HOME NET any any any (msg:`ET TROJAN FatDuke Domain Observed`; dns query; content:`ministernetwork.org`; nocase; isdataat:1,relative; reference:url,www ...
alert dns $HOME NET any any any (msg:`ET TROJAN MiniDuke Domain Observed`; dns query; content:`salesappliances.com`; nocase; isdataat:1,relative; reference:url ...
alert dns $HOME NET any any any (msg:`ET TROJAN FatDuke Domain Observed`; dns query; content:`fairfieldsch.org`; nocase; isdataat:1,relative; reference:url,www ...
alert dns $HOME NET any any any (msg:`ET TROJAN MiniDuke Domain Observed`; dns query; content:`ecolesndmessines.org`; nocase; isdataat:1,relative; reference:url ...
alert dns $HOME NET any any any (msg:`ET TROJAN FatDuke Domain Observed`; dns query; content:`westmedicalgroup.net`; nocase; isdataat:1,relative; reference:url ...
alert dns $HOME NET any any any (msg:`ET TROJAN FatDuke Domain Observed`; dns query; content:`busseylawoffice.com`; nocase; isdataat:1,relative; reference:url,www ...
alert tcp $EXTERNAL NET any $HOME NET 53 (msg:`ET TROJAN APT 41 LOWKEY Backdoor Initalisation Bytes Received from CnC`; flow:established,from server; content ...
alert dns $HOME NET any any any (msg:`ET TROJAN PolyglotDuke Domain Observed`; dns query; content:`varuhusmc.org`; nocase; isdataat:1,relative; reference:url,www ...
alert dns $HOME NET any any any (msg:`ET TROJAN PolyglotDuke Domain Observed`; dns query; content:`rulourialuminiu.co.uk`; nocase; isdataat:1,relative; reference ...
alert dns $HOME NET any any any (msg:`ET TROJAN PolyglotDuke Domain Observed`; dns query; content:`fisioterapiabb.it`; nocase; isdataat:1,relative; reference:url ...
alert dns $HOME NET any any any (msg:`ET TROJAN PolyglotDuke Domain Observed`; dns query; content:`acciaio.com.br`; nocase; isdataat:1,relative; metadata: former ...
alert dns $HOME NET any any any (msg:`ET TROJAN PolyglotDuke Domain Observed`; dns query; content:`lorriratzlaff.com`; nocase; isdataat:1,relative; reference:url ...
alert dns $HOME NET any any any (msg:`ET TROJAN PolyglotDuke Domain Observed`; dns query; content:`sistemikan.com`; nocase; isdataat:1,relative; reference:url,www ...
alert dns $HOME NET any any any (msg:`ET TROJAN PolyglotDuke Domain Observed`; dns query; content:`motherlodebulldogclub.com`; nocase; isdataat:1,relative; reference ...
alert dns $HOME NET any any any (msg:`ET TROJAN PolyglotDuke Domain Observed`; dns query; content:`publiccouncil.org`; nocase; isdataat:1,relative; reference:url ...
alert dns $HOME NET any any any (msg:`ET TROJAN PolyglotDuke Domain Observed`; dns query; content:`ceycarb.com`; nocase; isdataat:1,relative; reference:url,www ...
alert dns $HOME NET any any any (msg:`ET TROJAN PolyglotDuke Domain Observed`; dns query; content:`coachandcook.at`; nocase; isdataat:1,relative; reference:url ...
alert dns $HOME NET any any any (msg:`ET TROJAN PolyglotDuke Domain Observed`; dns query; content:`powerpolymerindustry.com`; nocase; isdataat:1,relative; reference ...
alert dns $HOME NET any any any (msg:`ET TROJAN PolyglotDuke Domain Observed`; dns query; content:`mavin21c.dothome.co.kr`; nocase; isdataat:1,relative; reference ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Possible APT 41 Fake Server Response`; flow:established,from server; content:`200`; http stat code; content ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT 41 CnC Domain Observed in DNS Query`; dns query; content:`ssl.dyn dns.com`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT 41 CnC Domain Observed in DNS Query`; dns query; content:`xp101.dyn dns.com`; nocase; isdataat:1,relative; metadata ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Staging Domain)`; flow:from server,established; tls cert subject ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Suspicious User Agent (reqwest/)`; flow:established,to server; content:`reqwest/`; http user agent ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT 41 CnC Domain Observed in DNS Query`; dns query; content:`svn dns.ahnlabinc.com`; nocase; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT 41 CnC Domain Observed in DNS Query`; dns query; content:`dns1 1.7release.com`; nocase; isdataat:1,relative ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Scieron A Checkin via HTTP POST`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Andromeda Checkin Dec 29 2014`; flow:established,to server; content:`POST`; nocase; http method; content ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER MorXploit Shell Command`; flow:established,to server; content:`?cmd ZXhpdA `; http uri; fast ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Enosch.A gtalk connectivity check`; flow:to server; content:`/index.html`; http uri; content:`User ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Privdog Checkin`; flow:established,to server; content:`Mozilla/5.0 (Windows 3b 20 U 3b 20 MSIE 7.0 3b ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED Dropper YABROD Downloading Files`; flow:from client,established; urilen:11; content:`/Yabrod.pdf`; ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats