50 Recent Changes in Main Web retrieved at 05:53 (GMT)

alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert dns $HOME NET any any any (msg:`ET MALWARE Fake ProtonVPN/AZORult CnC Domain Query`; dns query; content:`accounts.protonvpn.store`; nocase; depth:24; isdataat ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (PHPs Labyrinth Stage1 CnC)`; flow:established,to client; tls cert subject ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`vosmas ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`devata ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`semasa ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`piastas ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`medsource ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`dolodos ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`tretas ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`piasuna ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`vtoras ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`tdreg ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`pervas ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`tdreg ...
alert dns $HOME NET any any any (msg:`ET POLICY Observed DNS Query for Suspicious TLD (.management)`; dns query; content:`.management`; nocase; isdataat:1,relative ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart CnC)`; flow:from server,established; tls cert subject; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kimsuky Related CnC`; flow:established,to server; content:`GET`; http method; content:`.php?WORD com ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN VBScript Redirect Style Exe File Download`; flow:to client,established; flowbits:isset,ET.Locky; file ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE 180solutions Spyware Keywords Download`; flow: to server,established; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE SurfSidekick Download`; flow: established,to server; content:`/requestimpression.aspx?ver `; nocase ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Webhancer Data Post`; flow: to server,established; content:`POST`; nocase; http method; content:`http ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS PHPNuke general SQL injection attempt`; flow: to server,established; content:`/modules ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Suspected Gamaredon Downloader Activity`; flow:established,to server; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PHPs Labyrinth Backdoor Stage1 CnC Activity`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PHPs Labyrinth Backdoor Stage2 CnC Activity M2`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PHPs Labyrinth Backdoor Stage2 CnC Activity M1`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mermaid Ransomware Variant CnC Activity M4`; flow:established,to server; content:`GET`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Charming Kitten Backdoor CnC Activity`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Charming Kitten Backdoor Checkin`; flow:established,to server; content:`POST`; http method; ...
alert dns $HOME NET any any any (msg:`ET CURRENT EVENTS Possible Glitch.me Phishing Domain`; dns query; content:`.glitch.me`; nocase; isdataat:1,relative; pcre ...
alert dns $HOME NET any any any (msg:`ET TROJAN Spark Backdoor CnC Domain Query`; dns query; content:`nysura.com`; nocase; depth:10; isdataat:1,relative; metadata ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Nexus Stealer CnC Data Exfil`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Powershell Download Command Observed within Flash File Probable EK Activity`; flow:established ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN BadPatch CnC Activity`; flow:established,to server; content:`python requests/`; http user agent; depth ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Onliner Mailer Module Communicating with CnC`; flow:established,to server; content:`POST`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE LNKR landing page (possible compromised site) M5`; flow:established,from server; content:`200`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE LNKR landing page (possible compromised site) M3`; flow:established,from server; content:`200`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE LNKR landing page (possible compromised site) M2`; flow:established,from server; content:`200`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE LNKR landing page (possible compromised site) M1`; flow:established,from server; content:`200`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE LNKR Possible Response for LNKR js file`; flow:established,from server; content:`200`; http stat code ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET GAMES Wolfteam HileYapak Server Response`; flow:established,from server; content:`200`; http stat code; file ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Xwo CnC Activity`; flow:established,to server; content:`POST`; http method; content:`Accept Charset 3a ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats