EmergingThreats> Main Web>RuleChanges (revision 5)EditAttach

Last 50 Rule Changes

Results from Main web retrieved at 11:37 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible TA505 Maldoc Check in`; flow:established,to server; content:`GET`; http method; content:`.php ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB SPECIFIC APPS Attempted Microsoft Exchange RCE (CVE 2020 0688)`; flow:established,to server; content:`GET ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET POLICY EXE Base64 Encoded potential malware`; flow:established,from server; file data; content:`TVqQAAMAAAAEAAAA ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M5`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M3`; flow:established,from server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ELF/Roboto Possible Encrypted Roboto P2P Payload Requested M1`; flow:established,to server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M2`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Possible Trickbot/Dyre Serial Number in SSL Cert`; flow:established,to client; tls cert serial; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS EITest Keitaro Evil Redirect Leading to SocENG July 25 2017`; flow:established,to server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Brazilian Banker SSL Cert`; flow:established,from server; tls cert subject; content:`CN robervalmotores ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Santander Phish M1 Apr 07 2017`; flow:to server,established; content:`POST`; http ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M7`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M4`; flow:established,from server; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Wells Fargo Phishing Landing 2018 02 02 M10`; flow:established,to client; file data; content ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`xijymvzq4zkyubfe`; depth:16; fast ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (IcedID CnC)`; flow:established,from server; content:` 09 00 b9 5a 68 02 ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Get2 CnC)`; flow:established,to client; tls cert subject; content:`CN mays ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`zxungms47m6ecj7t`; depth:16; fast ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain `; dns query; content:`zmsr22fviy7kxihf`; depth:16; fast ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M8`; flow:established,from server; content ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`zuotmsnm7vh2jx77`; depth:16; fast ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`u73tcilcw2cw2by5`; depth:16; fast ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M6`; flow:established,from server; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful iCloud Phish Apr 20 2017`; flow:to server,established; content:`POST`; http method ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Snatch CnC)`; flow:established,from server; content:` 55 04 03 `; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M9`; flow:established,from server; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC)`; flow:established,to client ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Chthonic MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Android Marcher C2)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`sloryvugp4abxnfu`; depth:16; fast ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert dns $HOME NET any any any (msg:`ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain`; dns query; content:`mjs2bcdrttpmm7pp`; depth:16; fast ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM)`; flow:established ...
Number of topics: 50
Edit | Attach | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats