50 Recent Changes in Main Web retrieved at 09:09 (GMT)

TWiki Site Statistics Monthly Site Statistics Data Month WebsTotal WebsViewed Websupdated TopicsTotal TopicsViewed TopicsUpdated Attach ...
#alert tcp $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN PTsecurity Malicious SSL connection (Upatre Downloader CnC) 5`; flow:established,to client; content ...
#alert tcp $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN PTsecurity Malicious SSL connection (Upatre Downloader CnC) 4`; flow:established,to client; content ...
#alert tcp $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN PTsecurity Malicious SSL connection (Upatre Downloader CnC) 3`; flow:established,to client; content ...
#alert tcp $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN PTsecurity Malicious SSL connection (Upatre Downloader CnC) 2`; flow:established,to client; content ...
#alert tcp $HOME NET any $EXTERNAL NET 443 (msg:`ET TROJAN PTsecurity Malicious SSL connection (Upatre Downloader CnC) 1`; flow:established,to server; content ...
#alert tcp $HOME NET any $EXTERNAL NET 443 (msg:`ET TROJAN PTsecurity Malicious SSL connection (Upatre Downloader CnC) 0`; flow:established,to server; content ...
#alert tcp $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN PTsecurity Malicious SSL connection (Upatre Downloader CnC) cert`; flow:established,to client; content ...
alert http any any $HOME NET,$HTTP SERVERS any (msg:`ET EXPLOIT Possible rConfig 3.9.2 Remote Code Execution PoC M1 (CVE 2019 16662)`; flow:established,to server ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Generic gate .php GET with minimal headers`; flow:established,to server; content:`GET`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE WiseCleaner Installed (PUA)`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert tcp any ! 21,25,110,143,443,465,587,636,989:995,5061,5222,8443 any any (msg:`ET POLICY TLS possible TOR SSL traffic`; flow:established,from server; tls cert ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE EMO/PCPrivacyCleaner Rougue Secuirty App GET Checkin`; flow:established,to server; content:`GET`; nocase ...
alert tcp $EXTERNAL NET any $HOME NET 8888 (msg:`ET EXPLOIT CloudMe Sync Buffer Overflow`; flow:established,to server; content:` fe e7 d1 61 a8 98 03 69 10 06 e7 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Malicious Macro EXE DL AlphaNumL`; flow:established,to server; urilen:1040; content:`.exe`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Malicious Macro DL EXE Feb 2016`; flow:established,to server; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity Trickbot Data Exfiltration`; flow:established,to server; content:`POST`; http method; pcre ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY External IP Lookup Domain (ifconfig .me)`; flow:established,to server; content:`GET`; http method; content ...
alert tcp $HOME NET any $EXTERNAL NET 5938,1935,3265,2394,1514 (msg:`ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 106`; flow:to server,established ...
alert udp $EXTERNAL NET 53 $HOME NET any (msg:`ET TROJAN CobaltStrike DNS Beacon Response`; content:` 81 80 00 01 00 01 00 00 00 00 `; offset:2; depth:10; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN APT1 WEBC2 UGX Related Pingbed/Downbot User Agent (Windows NT 5.x)`; flow:established,to server; content ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Suspected Stitch Variant Backdoor CnC`; flow:established,to server; content:` 00 00 00 0f stitch626hctits ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android Lightspy Implant CnC`; flow:established,to server; content:` 0d 0a 0d 0a udid `; fast ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB SPECIFIC APPS Possible CVE 2020 8518 (Horde Groupware RCE)`; flow:established,to server; content:`POST` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kimsuky Related Host Data Exfil`; flow:established,to server; content:`GET`; http method; content:`/wp ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ObliqueRAT CnC Checkin`; flow:established,to server; content:` 3e 57 69 6e 64 6f 77 73 20 `; fast pattern ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ObliqueRAT CnC Heartbeat Packet`; flow:established,to server; dsize:4; content:` 61 63 6b 00 `; reference ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kimsuky Related CnC`; flow:established,to server; content:`GET`; http method; content:`.php?WORD com ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Kimsuky Related Download`; flow:established,to server; urilen:21; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Kimsuky Related Exfil`; flow:established,to server; urilen:25; content:`POST`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kimsuky Related CnC`; flow:established,to server; content:`GET`; http method; content:`indox.php?v ` ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MalDoc DL 2019 09 17 1)`; flow:established,to client; tls cert subject; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE ezday.co .kr Related Spyware User Agent (Ezshop)`; flow:established,to server; content:`Ezshop`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Shopcenter.co .kr Spyware Install Report`; flow:established,to server; content:`/RewardInstall.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE my247eshop .com User Agent`; flow:established,to server; content:`EShopee`; http user agent; depth:7 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Shopathomeselect .com Spyware User Agent (WebDownloader)`; flow: to server,established; content:`WebDownloader ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Adware pricepeep Adware.Shopper.297`; flow: established,to server; content:`GET`; nocase; http method ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Shop at Home Select Spyware Install`; flow: established,to server; content:`/arcadecash/setup`; nocase ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Shopnav Spyware Install`; flow: to server,established; content:`/toolbarv3.cgi?UID `; nocase; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Shop at Home Select Spyware Heartbeat`; flow: established,to server; content:`/s.dll?MfcISAPICommand ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Shop at Home Select Spyware User Agent (SAH)`; flow: established,to server; content:`SAH Agent`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Shop at Home Select Spyware User Agent (Bundle)`; flow: established,to server; content:`Bundle`; http ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE Shop At Home Select.com Install Download`; flow: from server,established; content:` ab 3b d4 97 d4 ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Shop At Home Select.com Install Attempt`; flow: to server,established; content:`/mindset/bunsetup.cab ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Buer Loader Update Request`; flow:established,to server; urilen: 200; content:`GET`; http method; content ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed Buer Loader CnC Domain (kkjjhhdff .site in TLS SNI)`; flow:established,to server; tls sni; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN SSL/TLS Certificate Observed (Buer Loader)`; flow:established,to client; tls cert subject; content:`CN ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Buer Loader Successful Payload Download`; flow:established,to client; flowbits:isset,ETPRO.wacatac.b ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Buer Loader Download Request`; flow:established,to server; flowbits:set,ETPRO.wacatac.b.download; urilen ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Buer Loader Update Request`; flow:established,to server; urilen: 200; content:`GET`; http method; content ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats