EmergingThreats> Main Web>RuleChanges (revision 6)EditAttach

Last 50 Rule Changes

Results from Main web retrieved at 12:53 (GMT)

alert http $EXTERNAL NET any any any (msg:`ET EXPLOIT Multiple DrayTek Products Pre authentication Remote RCE Inbound (CVE 2020 8515) M1`; flow:established,to server ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ELF/Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 XTC BOTNET ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE EQO Variant CnC Activity`; flow:established,to server; content:`POST`; http method; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET EXPLOIT Multiple DrayTek Products Pre authentication Remote RCE Outbound (CVE 2020 8515) M1`; flow:established ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET EXPLOIT Multiple DrayTek Products Pre authentication Remote RCE Outbound (CVE 2020 8515) M2`; flow:established ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FTCode Stealer Init Activity`; flow:established,to server; content:`POST`; http method; content:`guid ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Dridex Download URI Struct with no referer`; flow:established,to server; content:`GET`; http ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN ELF/Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 XTC 0d 0a `; http ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN ELF/Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 XTC BOTNET 0d ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FTCode Stealer CnC Activity`; flow:established,to server; content:`POST`; http method; content:`l dj0 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Malicious VBE Script (COVID 19 Phish 04 03 2020)`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ELF/Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 XTC 0d ...
alert http $EXTERNAL NET any any any (msg:`ET EXPLOIT Multiple DrayTek Products Pre authentication Remote RCE Inbound (CVE 2020 8515) M2`; flow:established,to server ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN APT29 Implant8 MAL REFERER`; flow:established,to server; content:`GET`; http method; content:` bvm ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Suspected CHAOS CnC Inbound (upload command)`; flow:established,to client; dsize:9; content:`dXBsb2Fk ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Suspected CHAOS CnC Inbound (persistence enable)`; flow:established,to client; dsize:25; content:`cGVyc2lzdGVuY2VfZW5hYmxl ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Suspected CHAOS CnC Inbound (screenshot command)`; flow:established,to client; dsize:17; content:`c2NyZWVuc2hvdA ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Suspected CHAOS CnC Inbound (keylogger start)`; flow:established,to client; dsize:21; content:`a2V5bG9nZ2VyX3N0YXJ0 ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Suspected CHAOS CnC Inbound (openurl)`; flow:established,to client; dsize:13; content:`b3BlbnVybA 0a ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Suspected CHAOS CnC Inbound (getos)`; flow:established,to client; dsize:9; content:`Z2V0b3M 0a `; metadata ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Suspected CHAOS CnC Inbound (download command)`; flow:established,to client; dsize:13; content:`ZG93bmxvYWQ ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Canada Revenue Agency COVID 19 Assistance Eligability Phishing Landing 2020 04 01`; flow:established ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Canada Revenue Agency COVID 19 Assistance Eligability Phishing Landing 2020 04 01`; flow:established ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Suspected Stitch Variant Backdoor CnC`; flow:established,to server; content:` 00 00 00 0f stitch626hctits ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ELF/Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 Hello ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN ELF/Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 Hello/`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Suspicious GET Request with Possible COVID 19 URI M2`; content:`GET`; http method; content:`corona`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Suspicious POST Request with Possible COVID 19 URI M1`; content:`POST`; http method; content:`covid`; nocase ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Suspicious GET Request with Possible COVID 19 URI M1`; content:`GET`; http method; content:`covid`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Suspicious POST Request with Possible COVID 19 URI M2`; content:`POST`; http method; content:`corona`; ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN Linux/Agent.HX CnC Activity M1`; flow:established,to server; flowbits:isset,ET.LinuxAgent.HX; flowbits ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Canada Revenue Agency COVID 19 Assistance Eligability (FR) Phish 2020 04 01`; flow ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN Linux/Agent.HX CnC Activity (set)`; flow:established,to server; flowbits:set,ET.LinuxAgent.HX; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Canada Revenue Agency COVID 19 Assistance Eligability Phish 2020 04 01`; flow:established ...
alert tcp $EXTERNAL NET 1024: $HOME NET any (msg:`ET TROJAN Linux/Agent.HX CnC Activity M2`; flow:established,to client; flowbits:isset,ET.LinuxAgent.HX; flowbits ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET GAMES Growtopia Hack WrongGrow CnC Activity`; flow:established,to client; content:`200`; http stat code; file ...
alert smtp $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Covid19 Themed Email Spam Outbound M2`; flow:to server,established; content:`coronavirus ...
alert dns $HOME NET any any any (msg:`ET TROJAN Observed DNS Query to Stitch C2 Domain`; dns query; content:`sys andriod20 designer.dynamic dns.net`; nocase; depth ...
alert http $EXTERNAL NET any any any (msg:`ET SCAN Mirai Variant User Agent (Inbound)`; flow:established,to server; content:`User Agent 3a 20 NoIr x.86/`; http ...
alert dns $HOME NET any any any (msg:`ET TROJAN Observed DNS Query to Stitch C2 Domain`; content:`system0 update04driver roots.dynamic dns.net`; nocase; depth:44 ...
alert smtp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Tofsee Malformed Spam Template String`; flow:to server,established; content:`receive 20 further ...
alert smtp $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Covid19 Themed Email Spam Outbound M3`; flow:to server,established; content:`covid19 ...
alert smtp $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Covid19 Themed Email Spam Outbound M5`; flow:to server,established; content:`covid 19 ...
alert smtp $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Covid19 Themed Email Spam Outbound M6`; flow:to server,established; content:`sars cov ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Willowcoin Cryptocurrency UA Observed`; flow:established,to server; content:`User Agent 3a 20 WillowCoin ...
alert smtp $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Covid19 Themed Email Spam Outbound M4`; flow:to server,established; content:`corona ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mirai Variant User Agent (Outbound)`; flow:established,to server; content:`User Agent 3a 20 NoIr x.86 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Buer Loader Update Request`; flow:established,to server; urilen: 200; content:`GET`; http method; content ...
alert smtp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Tofsee Unique Email Body Byte Sequence Observed`; flow:to server,established; content:` 0d 0a 0d ...
alert smtp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Tofsee Covid19 Spam Template 1 Active Outbound Email Spam`; flow:to server,established; content ...
Number of topics: 50
Topic attachments
I Attachment Action Size DateSorted ascending Who Comment
Texttxt malurl.txt manage 239.0 K 2018-07-19 - 07:23 UnknownUser  
Edit | Attach | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r6 - 2018-07-19 - TestTest?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats