50 Recent Changes in Main Web retrieved at 09:08 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY External IP Lookup Domain (ifconfig .me)`; flow:established,to server; content:`GET`; http method; content ...
alert tcp $HOME NET any $EXTERNAL NET 27 (msg:`ET TROJAN ELF/Samba CnC Checkin`; flow:established,to server; dsize:8; content:` 11 10 10 01 22 32 21 52 `; fast ...
alert tcp $EXTERNAL NET 443 $HOME NET any (msg:`ET POLICY Logmein.com/Join.me SSL Remote Control Access`; flow:established,from server; content:` 16 03 `; depth ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN APT33/CharmingKitten Encrypted Payload Inbound`; flow:established,from server; content:`200`; http stat ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`document.cdn one.biz`; distance:0; nocase ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`fundsxe.com`; distance:0; nocase; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`transef.biz`; distance:0; nocase; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`alotile.biz`; distance:0; nocase; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`freecloud.biz`; distance:0; nocase; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`usasecurefiles.com`; distance:0; nocase; fast ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`contents.bz`; distance:0; nocase; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`cloudpallets32.com`; distance:0; nocase; fast ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`api.miria.kz`; distance:0; nocase; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`api.asus.org.kz`; distance:0; nocase; fast ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`api.fujitsu.org.kz`; distance:0; nocase; fast ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`api.toshiba.org.kz`; distance:0; nocase; fast ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cobalt Group/More Eggs CnC Domain in DNS Lookup`; dns query; content:`outlooklive.org.kz`; distance:0; nocase; fast ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Cobalt Group/More Eggs CnC)`; flow:from server,established; tls cert subject ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN APT33/CharmingKitten Retrieving New Payload (flowbit set)`; flow:established,to server; content:`GET ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`zwfaxi.com`; nocase; fast pattern; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`world paper.net`; nocase; fast pattern; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`tempdomain8899.com`; nocase; fast pattern; isdataat ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`sharedriver.us`; nocase; fast pattern; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`sharedriver.pw`; nocase; fast pattern; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`secozco.com`; nocase; fast pattern; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`scaurri.com`; nocase; fast pattern; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`pqexport.com`; nocase; fast pattern; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`grsvps.com`; nocase; fast pattern; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`docsdriver.com`; nocase; fast pattern; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`client screenfonts.com`; nocase; fast pattern; isdataat ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`client message.com`; nocase; fast pattern; isdataat ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`bizsonet.com`; nocase; fast pattern; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN STOLENPENCIL CnC Domain in DNS Lookup`; dns query; content:`bizsonet.ayar.biz`; nocase; fast pattern; isdataat:1 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity WeChat (Ransomware/Stealer) HttpHeader`; flow:established,to server; content:`GET`; http ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN PTsecurity WeChat (Ransomware/Stealer) Config`; flow:established,to client; content:`200`; http stat ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Outdated Flash Version M2`; flow:established,to server; content:`X Requested With 3a 20 ShockwaveFlash ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Possible Cookie Based BackDoor Used in Drupal Attacks`; flow:established,to server; content: ...
alert dns $HOME NET any any any (msg:`ET CURRENT EVENTS Observed DNS Query for MageCart Data Exfil Domain`; dns query; content:`jquery js.com`; nocase; isdataat ...
alert dns $HOME NET any any any (msg:`ET CURRENT EVENTS Observed DNS Query for MageCart Data Exfil Domain`; dns query; content:`g analytics.com`; nocase; depth ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET INFO Certificate with Unknown Content M2`; flow:established,to client; file data; content:` BEGIN CERTIFICATE ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET INFO Certificate with Unknown Content M1`; flow:established,to client; file data; content:` BEGIN CERTIFICATE ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED CozyDuke APT HTTP Checkin`; flow:established,to server; content:`GET`; http method; content:`.php? ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL APT28 Zebrocy/Zekapab Reporting to CnC`; flow:established,to server; content:`POST`; http method ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED Delphi APT28 Zebrocy/Zekapab Reporting to CnC`; flow:established,to server; content:`POST`; http method ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DNSpionage Requesting Config`; flow:established,to server; content:`GET`; http method; content:`/Login ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats