50 Recent Changes in Main Web retrieved at 14:07 (GMT)

alert http any any any 10000 (msg:`ET WEB SERVER Webmin RCE CVE 2019 15107`; flow:to server,established; content:`POST`; http method; content:`/password change ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Clipsa Stealer Exfiltration Activity`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Clipsa Stealer Coinminer Download`; flow:established,to server; content:`GET`; http method; urilen ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Clipsa Stealer CnC Checkin`; flow:established,to server; content:`POST`; http method; content:`/wp ...
alert udp $HOME NET any $EXTERNAL NET 8000 (msg:`ET TROJAN Win32/Dostre CnC Activity`; content:` af 7d a7 38 eb f9 f7 47 `; depth:8; fast pattern; content:` 00 ...
#alert udp $EXTERNAL NET any $HOME NET 162 (msg:`ET SNMP Cisco Non Trap PDU request on SNMPv1 trap port`; content:` 02 01 00 `; depth:3; byte test:1, ,159,8,relative ...
alert ftp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TGI Py.Machete FTP Exfil 2`; flow:established,to server; content:`STOR 20 CRHOMEPER.zip`; depth:18; ...
alert ftp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TGI Py.Machete FTP Exfil 1`; flow:established,to server; content:`STOR 20 FIREPERF.zip`; depth:17; metadata ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TGI Py.Machete HTTP CnC Exfil`; flow:established,to server; content:`POST`; http method; content:`namepc ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/DarkRAT CnC Activity`; flow:established,to server; content:`POST`; http method; content:!`.php ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Possible Zoom Client Auto Join (CVE 2019 13450)`; flow:established,to client; file data; content:`localhost ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Observed Cloudflare DNS over HTTPS Domain (cloudflare dns .com in TLS SNI)`; flow:established,to server ...
alert dns $HOME NET any any any (msg:`ET TROJAN Inter Skimmer CnC Domain in DNS Lookup`; dns query; content:`routingzen.com`; nocase; depth:14; isdataat:1,relative ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Observed Suspicious UA (My Agent)`; flow:established,to server; content:`My Agent`; http user agent ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Observed Suspicious UA (zwt)`; flow:established,to server; content:`zwt`; http user agent; depth ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Observed Suspicious UA (Hello World)`; flow:established,to server; content:`Hello World`; http user ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Observed Suspicious UA (Hello, World)`; flow:established,to server; content:`Hello, World`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET GAMES Wolfteam HileYapak Server Response`; flow:established,from server; content:`200`; http stat code; content ...
alert dns $HOME NET any any any (msg:`ET POLICY Observed DNS Query to External IP Lookup Domain ( iplocation .truevue .org)`; dns query; content:`iplocation.truevue ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY External IP Lookup iplocation .truevue .org`; flow:established,to server; content:`iplocation.truevue ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO DYNAMIC DNS HTTP Request to a .autoddns.com Domain`; flow:established,to server; content:`.autoddns.com ...
alert dns $HOME NET any any any (msg:`ET INFO DYNAMIC DNS Query to .autoddns .com Domain`; dns query; content:`.autoddns.com`; nocase; isdataat:1,relative; threshold ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO DYNAMIC DNS HTTP Request to a .myddns.me Domain`; flow:established,to server; content:`.myddns.me`; http ...
alert dns $HOME NET any any 53 (msg:`ET INFO DYNAMIC DNS Query to .myddns.me Domain`; flow:established,to server; dns query; content:`.myddns.me`; nocase; isdataat ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Outbound POST Request with ps PowerShell Command Output`; flow:established,to server; content:`POST` ...
alert smb any any $HOME NET 445 (msg:`ET POLICY Possible WMI .mof Managed Object File Use Over SMB`; flow:established,to server; content:`SMB`; depth:8; content ...
alert smb any any $HOME NET 445 (msg:`ET POLICY Possible WMI .mof Managed Object File Use Over SMB`; flow:established,to server; content:`SMB`; depth:8; content ...
alert smb any any $HOME NET 445 (msg:`ET POLICY Possible Powershell .ps1 Script Use Over SMB`; flow:established,to server; content:`SMB`; depth:8; content:` 00 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Tech Support Scam Landing M2 2019 04 15`; flow:established,from server; content:`200`; http stat ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Tech Support Scam Landing M1 2019 04 15`; flow:established,from server; content:`200`; http stat ...
#alert tcp any any $HOME NET any (msg:`ET NETBIOS DCERPC WMI Remote Process Execution`; flow:to server,established; dce iface:00000143 0000 0000 c000 000000000046 ...
alert http any any $HOME NET any (msg:`ET USER AGENTS ELF/Mirai Variant UA Inbound (Shaolin)`; flow:established,to server; content:`Shaolin`; http user agent; nocase ...
alert http any any $HOME NET any (msg:`ET USER AGENTS ELF/Mirai Variant UA Inbound (muhstik)`; flow:established,to server; content:`muhstik`; http user agent; nocase ...
alert http any any $HOME NET any (msg:`ET USER AGENTS ELF/Mirai Variant UA Inbound (Solar)`; flow:established,to server; content:`Solar`; http user agent; nocase ...
alert http any any $HOME NET any (msg:`ET USER AGENTS ELF/Mirai Variant UA Inbound (Damien)`; flow:established,to server; content:`Damien`; http user agent; nocase ...
alert http any any $HOME NET any (msg:`ET USER AGENTS ELF/Mirai Variant UA Inbound (Cakle)`; flow:established,to server; content:`Cakle`; http user agent; nocase ...
alert http any any $HOME NET any (msg:`ET USER AGENTS ELF/Mirai Variant UA Inbound (lessie)`; flow:established,to server; content:`lessie`; http user agent; nocase ...
alert http any any $HOME NET any (msg:`ET USER AGENTS ELF/Mirai Variant UA Inbound (Hentai)`; flow:established,to server; content:`Hentai`; http user agent; nocase ...
alert http any any $HOME NET any (msg:`ET USER AGENTS ELF/Mirai Variant UA Inbound (Yakuza)`; flow:established,to server; content:`Yakuza`; http user agent; nocase ...
alert http any any $HOME NET any (msg:`ET USER AGENTS ELF/Mirai Variant UA Inbound (Yowai)`; flow:established,to server; content:`Yowai`; http user agent; nocase ...
alert http any any $HOME NET any (msg:`ET USER AGENTS ELF/Mirai Variant UA Inbound (Tsunami)`; flow:established,to server; content:`Tsunami`; http user agent; nocase ...
alert http any any $HOME NET any (msg:`ET USER AGENTS ELF/Mirai Variant UA Inbound (Rift)`; flow:established,to server; content:`Rift`; http user agent; nocase ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS Rails Arbitrary File Disclosure Attempt`; flow:established,to server; http accept; content ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS WP Cost Estimator Plugin AFI Vulnerability`; flow:established,to server; content:`/wp ...
alert smb any any $HOME NET any (msg:`ET POLICY Possible winexe over SMB Possible Lateral Movement`; flow:to server,established; content:` ff SMB`; offset:4; ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET POLICY Observed SSL Cert (Tor Proxy Domain (.onion. ws))`; flow:established,to client; tls cert subject; content ...
alert dns $HOME NET any any any (msg:`ET POLICY DNS Query to .onion proxy domain (onion .ws)`; dns query; content:`.onion.ws`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET POLICY DNS Query to .onion proxy domain (onion .pet)`; dns query; content:`.onion.pet`; nocase; isdataat:1,relative; metadata ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET POLICY Observed SSL Cert (Tor Proxy Domain (.onion. pet))`; flow:established,to client; tls cert subject; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO maas.io Image Download Flowbit Set`; flow:established,to server; content:`GET`; http method; content:`maas ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats