Last 50 Rule Changes

Results from Main web retrieved at 11:21 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/FakeAlert Fake Security Tool Checkin`; flow:established,to server; content:` /count.htm`; http uri ...
#alert dns $HOME NET any any any (msg:`ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain (gzc7lj4rvmkg25dm)`; dns query; content:`gzc7lj4rvmkg25dm`; depth ...
alert tcp $HOME NET 1023: $EXTERNAL NET 1024: (msg:`ET TROJAN Backdoor.Win32.VB.Alsci/Dragon Eye RAT Checkin (sending user info)`; flow:to server,established; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ISRStealer Checkin`; flow:to server,established; content:`?action `; http uri; content:` username `; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Comisproc Checkin`; flow:to server,established; content:`.asp?mac `; http uri; content:` ver ` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Trojan.Generic.5325921 Checkin`; flow:to server,established; content:`?p `; http uri; content:` botmajor ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Trojan.Win32.Antavmu.guw Checkin`; flow:to server,established; content:`/smadstat.php?mac `; fast pattern ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Suspicious User Agent Smart RTP`; flow: established,to server; content:`Smart RTP`; depth:9; nocase ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Win32/Xtrat C2 Response`; flow:established,from server; content:`S 00 T 00 A 00 R 00 T 00 S 00 E 00 R ...
#alert dns $HOME NET any any any (msg:`ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain (bpq4dub4rlivvswu)`; dns query; content:`bpq4dub4rlivvswu`; depth ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor.Win32/Likseput.A Checkin Windows Vista/7/8`; flow:to server,established; content:`User Agent ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN VBS/Wimmie.A Set`; flow:to server,established; content:`POST`; nocase; http method; content:`/count.php ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Win32/SmartTab PUP Install Activity`; flow:established,to server; content:`GET`; nocase; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Small.XR Checkin 2 WEBC2 CSON APT1 Related`; flow:to server,established; urilen:27; content:`/Default ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Xtrat.A Checkin`; flow:established,to server; content:`.functions`; http uri; fast pattern; isdataat ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Vundo.OD Checkin`; flow:to server,established; content:`/get.php?`; http uri; content:`id `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Fareit/Pony Downloader Checkin 3`; flow:established,to server; content:`GET`; http method; content:`Mozilla ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN WEBC2 CSON Checkin APT1 Related`; flow:to server,established; content:`/Default.aspx?INDEX `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.Fareit.A/Pony Downloader Checkin (2)`; flow:to server,established; content:`ch 1`; http uri; fast ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor.Win32/Likseput.A Checkin`; flow:to server,established; content:`User Agent 3a 20 5 2e `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Trojan Downloader.Win32.AutoIt.mj Checkin`; flow:established,to server; content:`GET`; http method; nocase ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Emold.C Checkin`; flow:to server,established; content:`GET`; http method; content:`.php?v `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Usteal.B Checkin`; flow:to server,established; content:`/ufr.php`; http uri; fast pattern; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN VBS/Wimmie.A Checkin`; flow:to server,established; content:`POST`; nocase; http method; content:`/count ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/vas.php`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Fareit/Pony Downloader Checkin 2`; flow:established,to server; content:`POST`; nocase; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TROJAN Win32 WebSec Reporting`; flow:established,to server; content:`GET`; nocase; http method; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Rimecud.A User Agent (counters)`; flow:to server,established; content:`User Agent 3a counters ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Win32/SWInformer.B Checkin`; flow:to server,established; content:`log.php?`; http uri; content:`FDMuiless ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Backdoor.Win32.Svlk Server Reply`; flow:from server,established; dsize:44; content:` 33 39 0d ff 0a c4 ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN VBKrypt.dytr Checkin`; flow:to server,established; content:`/gate.php?id `; http uri; content:` pc ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.Fareit.A/Pony Downloader Checkin`; flow:to server,established; content:`CRYPTED0`; depth:8; nocase ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Adware Win32/EoRezo Reporting`; flow:established,to server; content:`/advert/get`; nocase; http uri ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Rimecud.A User Agent (needit)`; flow:to server,established; content:`User Agent 3a needit 0d ...
#alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor.Win32.Svlk Client Ping`; flow:from client,established; dsize:7; content:` 33 0D FF 0A C5 F8 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Adware.Gen5 Reporting`; flow:established,to server; content:`GET`; nocase; http method; content:`/cmd ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Rimecud.A User Agent (giftz)`; flow:to server,established; content:`User Agent 3a giftz 0d 0a ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TR/Rimecud.aksa User Agent (indy)`; flow:to server,established; content:`User Agent 3a indy 0d 0a ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Dofoil.L Checkin`; flow:to server,established; content:`/index.php?cmd `; http uri; content:` login ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Request for utu.dat Likely Ponmocup checkin`; flow:to server,established; content:`GET`; nocase; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TROJAN OnlineGames.Bft Reporting`; flow:established,to server; content:`GET`; nocase; http method; content ...
#alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Dropper.Win32.Npkon Client Checkin`; flow:established,to server; content:` 40 1f `; offset:1; depth:2 ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Win32.Cerberus RAT Server ping`; flow:from server,established; content:`wBmpf3Pb7RJe 0d0a `; depth:14 ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Dropper.Win32.Npkon Server Responce`; flow:from server,established; content:` 40 1f `; offset:1; depth ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Sefbov.E Reporting`; flow:to server,established; content:`POST`; nocase; http method; content ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.Cerberus RAT Checkin Outbound`; flow:established,to server; content:`Ypmw1Syv023QZD`; depth:30; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.PEx.Delphi.1151005043 Post infection Checkin`; flow:established,to server; content:`GET`; nocase ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.Cerberus RAT Client pong`; flow:from client,established; content:`wZ2pla`; depth:6; reference:md5 ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.Scar.dvov Searchstar.co.kr related Checkin`; flow:established,to server; content:`GET`; nocase ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats