EmergingThreats> Main Web>RuleChanges (revision 4)EditAttach

Last 50 Rule Changes

Results from Main web retrieved at 10:21 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible TA505 Maldoc Check in`; flow:established,to server; content:`GET`; http method; content:`.php ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET POLICY EXE Base64 Encoded potential malware`; flow:established,from server; file data; content:`TVqQAAMAAAAEAAAA ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB SPECIFIC APPS Attempted Microsoft Exchange RCE (CVE 2020 0688)`; flow:established,to server; content:`GET ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful iCloud Phish Apr 20 2017`; flow:to server,established; content:`POST`; http method ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Wells Fargo Phishing Landing 2018 02 02 M10`; flow:established,to client; file data; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Get2 CnC)`; flow:established,to client; tls cert subject; content:`CN mays ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Snatch CnC)`; flow:established,from server; content:` 55 04 03 `; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS EITest Keitaro Evil Redirect Leading to SocENG July 25 2017`; flow:established,to server; content ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`xijymvzq4zkyubfe`; depth:16; fast ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M2`; flow:established,from server; content ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`zuotmsnm7vh2jx77`; depth:16; fast ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M3`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M4`; flow:established,from server; content ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain `; dns query; content:`zmsr22fviy7kxihf`; depth:16; fast ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Brazilian Banker SSL Cert`; flow:established,from server; tls cert subject; content:`CN robervalmotores ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ELF/Roboto Possible Encrypted Roboto P2P Payload Requested M1`; flow:established,to server; content ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`u73tcilcw2cw2by5`; depth:16; fast ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Santander Phish M1 Apr 07 2017`; flow:to server,established; content:`POST`; http ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`zxungms47m6ecj7t`; depth:16; fast ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (IcedID CnC)`; flow:established,from server; content:` 09 00 b9 5a 68 02 ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Possible Trickbot/Dyre Serial Number in SSL Cert`; flow:established,to client; tls cert serial; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M5`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M6`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)`; flow:established,to client ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M8`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M7`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M9`; flow:established,from server; content ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Chthonic MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Android Marcher C2)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`sloryvugp4abxnfu`; depth:16; fast ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`mjs2bcdrttpmm7pp`; depth:16; fast ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 35`; dns query; content:`googlemaps.servehttp.com`; depth:24; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Banker.Win32.Alreay DNS Lookup (exbonus .mrbasic .com)`; dns query; content:`exbonus.mrbasic.com`; depth:19; nocase ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 27`; dns query; content:`quota notification.servehttp.com`; depth:32; nocase ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Unknown Malicious SSL Cert 5`; flow:established,from server; content:` 07 Makeups`; content:` 55 04 03 ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Unknown Malicious SSL Cert 6`; flow:established,from server; content:` 55 04 03 `; content:` 15 latest ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 25`; dns query; content:`securityteam notify.servehttp.com`; depth:33; nocase ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 31`; dns query; content:`restricted videos.servehttp.com`; depth:31; nocase ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 30`; dns query; content:`docs mails.servehttp.com`; depth:24; nocase; isdataat ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Unknown Malicious SSL Cert 4`; flow:established,from server; content:` 55 04 03 `; content:` 1c referenceblog ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 26`; dns query; content:`secure alert.servehttp.com`; depth:26; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 32`; dns query; content:`dropboxnotification.servehttp.com`; depth:33; nocase ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Banker.Win32.Alreay DNS Lookup (tradeboard .mefound .com)`; dns query; content:`tradeboard.mefound.com`; depth ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Unknown Malicious SSL Cert 7`; flow:established,from server; content:` 55 04 03 `; content:` 15 tipnews ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Unknown Malicious SSL Cert 2`; flow:established,from server; content:` 55 04 03 `; content:` 14 estimate ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Unknown Malicious SSL Cert 3`; flow:established,from server; content:` 55 04 03 `; content:` 16 tradeboard ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Banker.Win32.Alreay DNS Lookup (movis es .ignorelist .com)`; dns query; content:`movis es.ignorelist.com`; depth ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 28`; dns query; content:`notification team.servehttp.com`; depth:31; nocase ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 33`; dns query; content:`moi gov.serveftp.com`; depth:20; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 34`; dns query; content:`activate google.servehttp.com`; depth:29; nocase; ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 29`; dns query; content:`fedex notification.servehttp.com`; depth:32; nocase ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Unknown Malicious SSL Cert 1`; flow:established,from server; content:` 55 04 03 `; content:` 14 giftshop ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 24`; dns query; content:`verification team.servehttp.com`; depth:31; nocase ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake AV Phone Scam Landing Feb 2`; flow:from server,established; content:`200`; http stat code; ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 20`; dns query; content:`verification acc.servehttp.com`; depth:30; nocase ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 06`; dns query; content:`dropboxsupport.servehttp.com`; depth:28; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 12`; dns query; content:`google maps.servehttp.com`; depth:25; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 15`; dns query; content:`googleverify signin.servehttp.com`; depth:33; nocase ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 09`; dns query; content:`fedex sign.servehttp.com`; depth:24; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 04`; dns query; content:`dropbox service.serveftp.com`; depth:28; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 22`; dns query; content:`fedex s.servehttp.com`; depth:21; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 21`; dns query; content:`dropbox verfy.servehttp.com`; depth:27; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 03`; dns query; content:`device activation.servehttp.com`; depth:31; nocase ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 11`; dns query; content:`googledrive sign.servehttp.com`; depth:30; nocase ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 07`; dns query; content:`fedex mail.servehttp.com`; depth:24; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 05`; dns query; content:`dropbox sign.servehttp.com`; depth:26; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 17`; dns query; content:`myaccount.servehttp.com`; depth:23; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 02`; dns query; content:`aramex shipping.servehttp.com`; depth:29; nocase; ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 19`; dns query; content:`security myaccount.servehttp.com`; depth:32; nocase ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 10`; dns query; content:`googledriver sign.ddns.net`; depth:26; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 14`; dns query; content:`googlesignin.servehttp.com`; depth:26; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 23`; dns query; content:`watchyoutube.servehttp.com`; depth:26; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 01`; dns query; content:`account google.serveftp.com`; depth:27; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 13`; dns query; content:`googlesecure serv.servehttp.com`; depth:31; nocase ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CryptoWall .onion Proxy Domain`; dns query; content:`rq5w3yn6qgbu4mo5`; depth:16; fast ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 16`; dns query; content:`mailgooglesign.servehttp.com`; depth:28; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 08`; dns query; content:`fedex shipping.servehttp.com`; depth:28; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET WEB CLIENT DNS Request to NilePhish Domain 18`; dns query; content:`secure team.servehttp.com`; depth:25; nocase; isdataat ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Mirai Botnet Domain Observed`; dns query; content:`exvdaajegjur.support`; depth:20; nocase; isdataat:1,relative ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Mirai Botnet Domain Observed`; dns query; content:`binpt.pw`; depth:8; nocase; isdataat:1,relative; fast pattern ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`r4i3izmyccncfrsr`; depth:16; fast ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Quakbot CnC)`; flow:established ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Mirai Botnet Domain Observed`; dns query; content:`tro69.support`; depth:13; nocase; isdataat:1,relative; fast ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware PadCrypt .onion Proxy Domain`; dns query; content:`padcrympj5rvgwed`; depth:16; fast ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Mirai Botnet Domain Observed`; dns query; content:`tro69.online`; depth:12; nocase; isdataat:1,relative; fast pattern ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Mirai Botnet Domain Observed`; dns query; content:`qjqubpciajoc.tech`; depth:17; nocase; isdataat:1,relative; fast ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware PadCrypt .onion Proxy Domain`; dns query; content:`hctppfblwfot6ces`; depth:16; fast ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Ransomware Maktub .onion Payment Domain (maktubebz6z6cgtw)`; dns query; content:`maktubebz6z6cgtw`; depth:16; fast ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Mirai Botnet Domain Observed`; dns query; content:`xpknpxmywqsrhe.online`; depth:21; nocase; isdataat:1,relative ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Mirai Botnet Domain Observed`; dns query; content:`tro69.tech`; depth:10; nocase; isdataat:1,relative; fast pattern ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN JS/WSF Downloader Dec 08 2016 M5`; flow:from server,established; flowbits:isset,et.IE7.NoRef.NoCookie ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware PadCrypt .onion Proxy Domain`; dns query; content:`qli26fihoid5qwo5`; depth:16; fast ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`j24ojpexpgaorlxj`; depth:16; fast ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Mirai Botnet Domain Observed`; dns query; content:`vmdefmnsndoj.tech`; depth:17; nocase; isdataat:1,relative; fast ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Chthonic MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Tuhkit C2)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN JS/WSF Downloader Dec 08 2016 M2`; flow:from server,established; file data; content:` 76 7e 72 20 7e ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Unknown AutoIt Bot DNS Lookup (webmail .duia.in)`; dns query; content:`webmail.duia.in`; depth:15; nocase; isdataat ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Unknown Landing URI Nov 17 2016`; flow:to server,established; content:`/kt/JpNx9n`; http uri ...
#alert dns $HOME NET any any any (msg:`ET TROJAN XRatLocker/AiraCrop Ransomware Payment Domain`; dns query; content:`mvy3kbqc4adhosdy`; depth:16; nocase; fast pattern ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN JS/WSF Downloader Dec 08 2016`; flow:to server,established; content:`GET`; http method; content:`/counter ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Chthonic CnC)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Ransomware Goldeneye .onion Payment Domain (goldenhjnqvc2lld)`; dns query; content:`goldenhjnqvc2lld`; depth:16 ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Ransomware Goldeneye .onion Payment Domain (golden2uqpiqcs6j)`; dns query; content:`golden2uqpiqcs6j`; depth:16 ...
#alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker C2)`; dns query; content:`27c73bq66y4xqoh7`; depth:16; fast ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Ransomware Popcorn Time .onion Payment Domain (3hnuhydu4pd247qb)`; dns query; content:`3hnuhydu4pd247qb`; depth ...
#alert dns $HOME NET any any any (msg:`ET TROJAN XRatLocker/AiraCrop Ransomware Payment Domain`; dns query; content:`6kaqkavhpu5dln6x`; depth:16; nocase; fast pattern ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH SSL Blacklist DNS Lookup (Gozi MITM) (sdpvss .com)`; dns query; content:`sdpvss.com`; depth:10; nocase ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Malicious SSL certificate detected (Powershell Trojan)`; flow:from server,established; content:` 16 ...
#alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH TorrenLocker Payment Domain Detected`; dns query; content:`anbqjdoyw6wkmpeu`; depth:16; fast pattern; ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tcp $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN CryptoWall/TeslaCrypt Payment Domain`; dns query; content:`aterdunst.com`; depth:13; nocase; isdataat:1,relative ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tcp $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS EITest Inject (compromised site) Sep 12 2016`; flow:established,from server; file data; content ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tcp $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Microsoft Tech Support Scam M3 Sept 15 2016`; flow:to client,established; content:`200`; http stat ...
#alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH SSL Blacklist DNS Lookup (Gozi MITM) (gtldsfs .com )`; dns query; content:`gtldsfs.com `; depth:12; nocase ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH SSL Blacklist DNS Lookup (Gozi MITM) (cdnfastnetwork .com)`; dns query; content:`cdnfastnetwork.com`; ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT SMS Fake Mobile Virus Scam Aug 16 2016`; flow:established,from server; content:`200`; http stat ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Hidden Tear Ransomware Variant (.bloccato) DNS Request to CnC Domain`; dns query; content:`ur232dkkwpdkwp.xyz` ...
#alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH Ransomware Domain Detected`; dns query; content:`yuysikankhqvdwdv`; depth:16; fast pattern; nocase; metadata ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu CnC)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Apple Suspended Account Phish M1 Aug 09 2016`; flow:to server,established; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN BartCrypt Payment DNS Query to .onion proxy Domain (s3clm4lufbmfhmeb)`; dns query; content:`.s3clm4lufbmfhmeb` ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN SHUJIN .onion Payment Page`; dns query; content:`eqlc75eumpb77ced`; depth:16; fast pattern; nocase; reference:md5 ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Retefe Banker .onion Domain`; dns query; content:`j2pjkgrlaopysagn`; depth:16; fast pattern; nocase; reference ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Maktub Locker Payment Domain`; dns query; content:`bs7aygotd2rnjl4o`; depth:16; fast pattern; nocase; reference ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Ransomware/Coverton Onion Domain Lookup`; dns query; content:`lnc57humvaxpqfv3`; depth:16; nocase; fast pattern ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Retefe Banker .onion Domain`; dns query; content:`yycqx6ay5oedto5f`; depth:16; fast pattern; nocase; reference ...
#alert tls $EXTERNAL NET 80,443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC)`; flow:established,from ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Retefe Banker .onion Domain`; dns query; content:`i3e5y4ml7ru76n5e`; depth:16; fast pattern; nocase; reference ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN Malicious SSL certificate detected (Ursnif Injects)`; flow:from server,established; content:` 55 04 03 ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scarlet Mimic DNS Lookup 47`; dns query; content:`filegoogle.firewall gateway.com`; depth:31; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scarlet Mimic DNS Lookup 46`; dns query; content:`accountgoogle.firewall gateway.com`; depth:34; nocase; isdataat ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Microsoft Fake Support Phone Scam May 10`; flow:from server,established; content:`200`; http stat ...
#alert dns $HOME NET any any any (msg:`ET TROJAN ABUSE.CH Ransomware Domain Detected (Locky Payment)`; dns query; content:`twbers4hmi6dc65f`; depth:16; fast pattern ...
#alert dns $HOME NET any any any (msg:`ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Payment Domain(xzjvzkgjxebzreap)`; dns query; content:`xzjvzkgjxebzreap`; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Evil Redirect Leading to EK Feb 25 2016`; flow:established,from server; file data; content: ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Retefe Banker .onion Domain`; dns query; content:`5qgerbbyhdz5bwca`; depth:16; fast pattern; nocase; reference ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Unknown PowerShell Loader DNS Lookup (spl.noip.me)`; dns query; content:`spl.noip.me`; depth:11; nocase; isdataat ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Evil Redirector Leading to EK Apr 21 2016 M2`; flow:established,to server; content:`/idx.aspx ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Retefe Banker .onion Domain`; dns query; content:`iabni66w5xvwawbe`; depth:16; fast pattern; nocase; reference ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Evil Redirector Leading to EK April 12 2016 M1`; flow:established,to server; content:`/2016 ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Zeus CnC)`; flow:from server,established; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)`; flow:established,from server; content ...
#alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE AndroidOS.Torec.a .onion Proxy Domain`; dns query; content:`yuwurw46taaep6ip`; depth:16; nocase; fast pattern ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE Android/Fakeinst.KD .onion Proxy Domain`; dns query; content:`pc35hiptpcwqezgs`; depth:16; nocase; fast ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Chrome Tech Support Scam Landing Jan 26 2016`; flow:to client,established; content:`200`; http stat ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Ransomware Locky .onion Payment Domain`; dns query; content:`6dtxgqam4crv6rr6`; nocase; depth:16; reference:md5 ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake Virus Phone Scam Landing Jan 13 M3`; flow:to client,established; content:`200`; http stat code ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Ursnif Injects)`; flow:from server,established ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE AndroidOS.Torec.a .onion Proxy Domain 2`; dns query; content:`voooxrrw2wxnoyew`; depth:16; nocase; fast ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scarlet Mimic DNS Lookup 38`; dns query; content:`qq.yourturbe.org`; depth:16; nocase; isdataat:1,relative; fast ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Evil Redirector Leading to EK Jan 27 2016 (Evil Keitaro FB Set)`; flow:established,to server ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Evil Redirector Leadking to EK Nov 2015`; flow:to server,established; content:`.pw 0d 0a `; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN TeslaCrypt/AlphaCrypt Variant .onion Payment Domain (czc57cr2pn3zfn4b)`; dns query; content:`czc57cr2pn3zfn4b` ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Evil Redirector Leading to EK Mon Dec 26 2015`; flow:to server,established; content:`/st1.phtml ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Retefe CnC)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Critroni .onion Proxy Domain (tmclybfqzgkaeilm)`; dns query; content:`tmclybfqzgkaeilm`; depth:16; fast pattern ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake Virus Phone Scam Landing Nov 4 M2`; flow:established,from server; file data; content:`SYSTEM ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake Virus Phone Scam Landing Nov 4 M1`; flow:established,from server; file data; content:`Microsoft ...
#alert dns $HOME NET any any any (msg:`ET TROJAN EncryptorRaas .onion Domain (75nzutdjjtnpgscz)`; dns query; content:`75nzutdjjtnpgscz`; depth:16; fast pattern ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake AV Phone Scam Landing Nov 20`; flow:established,from server; file data; content:`VIRUS WARNING ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Facebook password stealing inject Jan 04`; flow:from server,established; file data; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake Virus Phone Scam Landing Nov 16`; flow:established,from server; file data; content:`Windows ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET WEB CLIENT Fake Virus Phone Scam Landing Oct 19 M4`; flow:established,to server; content:`GET`; http method ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Retefe CnC)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN PlugX or EvilGrab DNS Lookup (appeur.gnway.cc)`; dns query; content:`appeur.gnway.cc`; depth:15; nocase; isdataat ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Landing M5 2 Oct 05 2015`; flow:established,from server; file data; content:`str2long ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake Virus Phone Scam Landing Oct 19 M2`; flow:established,from server; file data; content:`WARNING ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake Virus Phone Scam Landing Oct 19 M5`; flow:established,from server; file data; content:`SECURITY ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi CnC)`; flow:established,from server; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake Virus Phone Scam Landing Oct 30`; flow:established,from server; file data; content:` Security ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Possible PlugX DNS Lookup (operaa.net)`; dns query; content:`operaa.net`; depth:10; nocase; isdataat:1,relative ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)`; flow:from server,established ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Landing M5 3 Oct 05 2015`; flow:established,from server; file data; content:`long2str ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake AV Phone Scam Landing Sept 21 2015`; flow:established,to client; file data; content:`malware ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi CnC)`; flow:established,from server; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443,4443 $HOME NET any (msg:`ET TROJAN Possible Upatre/Dyre/Kegotip SSL Cert Sept 14 2015`; flow:established,from server; content:` 16 ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $HOME NET any $EXTERNAL NET 443 (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Secondary Landing URI Struct Aug 17 2015`; flow:established,to server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert http $HOME NET any $EXTERNAL NET 443 (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Exploit URI Struct Aug 17 2015`; flow:established,to server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi)`; flow:established,from server; content ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET 443 $HOME NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Secondary Landing Aug 17 2015`; flow:established,from server; file data ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (VMZeuS MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:established,from server; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake AV Phone Scam Landing June 26 2015 M3`; flow:established,to client; file data; content:`e.ctrlKey ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (VMZeuS MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Critroni .onion Proxy Domain`; dns query; content:`des7siw5vfkznjhi`; depth:16; fast pattern; nocase; reference ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (VMZeuS MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Payload June 19 2015`; flow:established,to server; content:`/4/`; http ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely CottonCastle/Niteris EK Response June 19 2015`; flow:established,from server; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Landing URI Struct June 19 2015 M3`; flow:established,to server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake AV Phone Scam Landing June 17 2015 M1`; flow:established,to client; file data; content:`/Alert ...
#alert dns $HOME NET any any any (msg:`ET TROJAN AlphaCrypt .onion proxy Domain (tkjthigtqlvohs7z)`; dns query; content:`tkjthigtqlvohs7z`; depth:16; fast pattern ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Ransomware Variant .onion proxy Domain (kurrmpfx6kgmsopm)`; dns query; content:`kurrmpfx6kgmsopm`; depth:16; fast ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake AV Phone Scam Landing June 8 2015 M1`; flow:established,to client; file data; content:`INTERNET ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Landing June 19 2015`; flow:established,from server; file data; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM)`; flow:established,from server ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET WEB CLIENT Fake AV Phone Scam Landing June 17 2015 M2`; flow:established,to server; content:`GET`; http method ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK SWF Exploit April 30 2015`; flow:established,from server; content:`Content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Exploit Struct April 30 2015`; flow:established,to server; content: ...
#alert dns $HOME NET any any any (msg:`ET TROJAN CryptoLocker .onion Proxy Domain (v7lfogalalzc2c4d)`; dns query; content:`v7lfogalalzc2c4d`; depth:16; fast pattern ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake AV Phone Scam Landing June 4 2015 M3`; flow:established,to client; file data; content:`Advised ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Java Exploit URI Struct April 29 2015`; flow:established,to server; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK SilverLight Exploit April 30 2015`; flow:established,from server; file ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake AV Phone Scam Landing June 4 2015 M1`; flow:established,to client; file data; content:`MICROSOFT ...
#alert dns $HOME NET any any any (msg:`ET TROJAN CryptoLocker .onion Proxy Domain (33p5mqkaj22irv4z)`; dns query; content:`33p5mqkaj22irv4z`; depth:16; fast pattern ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Receiving Payload May 7 2015`; flow:established,from server; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Landing URI Struct April 29 2015 M2`; flow:established,to server; content ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Teerac/CryptoFortress .onion Proxy Domain (cld7vqwcvn2bii67)`; dns query; content:`cld7vqwcvn2bii67`; depth:16 ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Malware CnC)`; flow:from server,established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK SWF Exploit April 30 2015`; flow:established,from server; content:`Content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Payload April 29 2015`; flow:established,to server; content:`/5/`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS SPL2 EK Post Compromise Data Dump M3`; flow:established,to server; content:`POST`; http method ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Ursnif SSL Cert`; flow:established,from server; content:` 55 04 03 `; content:` 16 athereforeencourage ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert dns $HOME NET any any any (msg:`ET TROJAN CryptoLocker .onion Proxy Domain (pf3tlgkpks7pu7yr)`; dns query; content:`pf3tlgkpks7pu7yr`; depth:16; fast pattern ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN Qadars WebInject SSL Cert`; flow:established,from server; content:` 55 04 03 `; content:` 1e www.freechristmasgifts2014 ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK Landing URI Struct April 29 2015 M1`; flow:established,to server; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS CottonCastle/Niteris EK POST Beacon April 29 2015`; flow:established,to server; content:`POST ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM)`; flow:from server,established ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Sundown EK Flash Exploit Struct T2 Apr 24 2015`; flow:established,to server; flowbits ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Chrome Cookie Data Theft April 06 2015`; flow:established,to server; content:`.php?type cookie ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Chrome Form Data Theft April 06 2015`; flow:established,to server; content:`.php?type form site ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DNS Query for Suspicious crptcj7wd4oaafdl Domain CryptoWall Domains`; dns query; content:`crptcj7wd4oaafdl`; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Possible Scam FakeAV Alert Landing March 2 2015`; flow:established,from server; file data; content ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (text first.trickip.org)`; dns query; content:`text first.trickip.org`; depth:22; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Cryptolocker .onion Proxy Domain (juf5pjk4sl7uojh4)`; dns query; content:`juf5pjk4sl7uojh4`; depth:16; fast pattern ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake Windows Security Warning Alert`; flow:established,to client; file data; content:`WARNING ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS KaiXin EK Possible Jar Download`; flow:established,to server; content:`Java/1.`; http user agent ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS SPL2 EK Post Compromise Data Dump M1`; flow:established,to server; content:`POST`; http method ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DNS Query for Suspicious crptbfoi5i54ubez Domain CryptoWall Domains`; dns query; content:`crptbfoi5i54ubez`; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (sorry.ns2.name)`; dns query; content:`sorry.ns2.name`; depth:14; nocase; isdataat:1,relative ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (uudog.4pu.com)`; dns query; content:`uudog.4pu.com`; depth:13; nocase; isdataat:1,relative ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Cryptolocker .onion Proxy Domain (4elcqmis624seeo7)`; dns query; content:`4elcqmis624seeo7`; depth:16; fast pattern ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (text First.flnet.org)`; dns query; content:`text First.flnet.org`; depth:20; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DNS Query for Suspicious crptarv4hcu24ijv Domain CryptoWall Domains`; dns query; content:`crptarv4hcu24ijv`; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert dns $HOME NET any any any (msg:`ET TROJAN TorrentLocker DNS Lookup (nigerianbrothers.net)`; dns query; content:`nigerianbrothers.net`; depth:20; nocase; ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (newoutlook.darktech.org)`; dns query; content:`newoutlook.darktech.org`; depth:23; nocase; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Critroni Variant .onion Proxy Domain`; dns query; content:`tzsvejrzduo52siy`; depth:16; nocase; fast pattern; reference ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (lehnjb.epac.to)`; dns query; content:`lehnjb.epac.to`; depth:14; nocase; isdataat:1,relative ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (dynamic.ddns.mobi)`; dns query; content:`dynamic.ddns.mobi`; depth:17; nocase; isdataat:1,relative ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DNS Query for Cloud Atlas haarmannsi.cz`; dns query; content:`haarmannsi.cz`; depth:13; fast pattern; isdataat ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (football.mrbasic.com)`; dns query; content:`football.mrbasic.com`; depth:20; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (expert.4irc.com)`; dns query; content:`expert.4irc.com`; depth:15; nocase; isdataat:1,relative ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (nazgul.zyns.com)`; dns query; content:`nazgul.zyns.com`; depth:15; nocase; isdataat:1,relative ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (shutdown.25u.com)`; dns query; content:`shutdown.25u.com`; depth:16; nocase; isdataat:1,relative ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (logoff.25u.com)`; dns query; content:`logoff.25u.com`; depth:14; nocase; isdataat:1,relative ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (cew58e.xxxy.info)`; dns query; content:`cew58e.xxxy.info`; depth:16; nocase; isdataat:1,relative ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (blackblog.chatnook.com)`; dns query; content:`blackblog.chatnook.com`; depth:22; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (mailru.25u.com)`; dns query; content:`mailru.25u.com`; depth:14; nocase; isdataat:1,relative ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (pricetag.deaftone.com)`; dns query; content:`pricetag.deaftone.com`; depth:21; nocase; isdataat ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Scieron DNS Lookup (imirnov.ddns.info)`; dns query; content:`imirnov.ddns.info`; depth:17; nocase; isdataat:1,relative ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:from server,established; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:from server,established; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)`; flow:established,from server; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:established,from server; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:from server,established; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:established,from server; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT DRIVEBY FakeSupport Landing Page Windows Firewall Warning`; flow:established,to client; file ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:established,from ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT DRIVEBY FakeSupport Landing Page Operating System Check`; flow:established,to client; file data ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)`; flow:from server,established; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:established,from server; content ...
#alert tcp $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN BitCrypt site accessed via .onion SSL Proxy`; flow:established,from server; content:` 55 04 03 `; content ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Tor based locker .onion Proxy DNS lookup July 31 2014`; dns query; content:`iet7v4dciocgxhdv`; depth:16; nocase ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Perl/Calfbot C C DNS request`; dns query; content:`vqvsaergek.info`; depth:15; fast pattern; nocase; isdataat:1 ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Perl/Calfbot C C DNS request`; dns query; content:`btloxcyrok.info`; depth:15; fast pattern; nocase; isdataat:1 ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak MITM)`; flow:established,from server ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS CrimePack PDF Exploit`; flow:established,to server; content:`/pdf.php?pdf `; http uri; fast ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak MITM)`; flow:established,from server ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Perl/Calfbot C C DNS request`; dns query; content:`afwyhvinmw.info`; depth:15; fast pattern; nocase; isdataat:1 ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Plugin Detect with global % replace on unescaped string (Sakura)`; flow:established,to client ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Perl/Calfbot C C DNS request`; dns query; content:`tyixfhsfax.info`; depth:15; fast pattern; nocase; isdataat:1 ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS CrimePack Java Exploit`; flow:established,to server; content:`Java/1.`; http user agent; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Tor based locker Ransom Page`; flow:established,to server; content:`/buy.php?`; http uri; content:`iet7v4dciocgxhdv ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Sakura EK Landing Sep 06 2013`; flow:established,from server; file data; content:`/deployJava ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Perl/Calfbot C C DNS request`; dns query; content:`njdyqrbioh.info`; depth:15; fast pattern; nocase; isdataat:1 ...
#alert dns $HOME NET any any any (msg:`ET TROJAN Perl/Calfbot C C DNS request`; dns query; content:`qemyxsdigi.info`; depth:15; fast pattern; nocase; isdataat:1 ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Fake MS Security Update (Jar)`; flow:established,from server; file data; content:`Microsoft Security ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN BitCrypt Ransomware Domain`; flow:established,to server; content:`bitcrypt.cc`; nocase; http header ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS MITM)`; flow:established,from server ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET WEB CLIENT DRIVEBY FakeUpdate URI Payload Requested`; flow:established,to server; content:`DDL Java Installer ...
#alert tcp $HOME NET any $EXTERNAL NET 443 (msg:`ET TROJAN Tor based locker .onion Proxy domain in SNI July 31 2014`; flow:established,to server; content:`iet7v4dciocgxhdv ...
Number of topics: 500
Edit | Attach | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r4 - 2014-01-10 - JinsuNa?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats