50 Recent Changes in Main Web retrieved at 05:14 (GMT)

alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE ANA (shileyfetwell .com in DNS Lookup)`; dns query; content:`shileyfetwell.com`; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE ANA (sharpion .org in DNS Lookup)`; dns query; content:`sharpion.org`; isdataat:1,relative; metadata: former ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE ANA (mediamobilereg .com in DNS Lookup)`; dns query; content:`mediamobilereg.com`; isdataat:1,relative; ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE ANA (mediadownload .space in DNS Lookup)`; dns query; content:`mediadownload.space`; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE ANA (secandroid .com in DNS Lookup)`; dns query; content:`secandroid.com`; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE ANA (androidssystem .com in DNS Lookup)`; dns query; content:`androidssystem.com`; isdataat:1,relative; ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE ANA (androidsmedia .com in DNS Lookup)`; dns query; content:`androidsmedia.com`; isdataat:1,relative; metadata ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT MiCasaVerde VeraLite Remote Code Execution Inbound (CVE 2016 6255)`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET EXPLOIT MiCasaVerde VeraLite Remote Code Execution Outbound (CVE 2016 6255)`; flow:established,to server; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET EXPLOIT Belkin Wemo Enabled Crock Pot Unauthenticated Command Injection Outbound (CVE 2019 12780)`; flow:established ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Belkin Wemo Enabled Crock Pot Unauthenticated Command Injection Inbound (CVE 2019 12780)`; flow:established ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET EXPLOIT Hootoo TripMate Attempted Remote Command Injection Inbound`; flow:established,to server; content ...
alert http $HTTP SERVERS any $EXTERNAL NET any (msg:`ET EXPLOIT Hootoo TripMate Attempted Remote Command Injection Outbound`; flow:established,to server; content ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET EXPLOIT Geutebruck Attempted Remote Command Injection Inbound`; flow:established,to server; content:`POST ...
alert http $HTTP SERVERS any $EXTERNAL NET any (msg:`ET EXPLOIT Geutebruck Attempted Remote Command Injection Outbound`; flow:established,to server; content:`POST ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET EXPLOIT Dell KACE Attempted Remote Command Injection Inbound`; flow:established,to server; content:`POST ...
alert http $HTTP SERVERS any $EXTERNAL NET any (msg:`ET EXPLOIT Dell KACE Attempted Remote Command Injection Outbound`; flow:established,to server; content:`POST ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET EXPLOIT Possible OpenDreamBox Attempted Remote Command Injection Inbound`; flow:established,to server; content ...
alert http $HTTP SERVERS any $EXTERNAL NET any (msg:`ET EXPLOIT Possible OpenDreamBox Attempted Remote Command Injection Outbound`; flow:established,to server; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN XLS.Unk DDE rar Drop Attempt (.live)`; flow:established,to server; content:`GET`; http method; urilen ...
alert http any any $HOME NET any (msg:`ET EXPLOIT Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution`; flow:to server,established; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO AutoIt User Agent Executable Request`; flow:established,to server; content:`GET`; http method; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (IcedID CnC)`; flow:from server,established; tls cert subject; content:`CN ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Suspicious UA Observed (YourUserAgent)`; flow:established,to server; content:`YourUserAgent`; http ...
alert dns $HOME NET any any any (msg:`ET TROJAN Chafer CnC Domain in DNS Lookup`; dns query; content:`sabre airlinesolutions.com`; nocase; isdataat:1,relative; ...
alert dns $HOME NET any any any (msg:`ET TROJAN Chafer CnC Domain in DNS Lookup`; dns query; content:`sabre css.com`; nocase; isdataat:1,relative; metadata: former ...
alert dns $HOME NET any any any (msg:`ET TROJAN Chafer CnC Domain in DNS Lookup`; dns query; content:`nvidia services.com`; nocase; isdataat:1,relative; metadata ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Chafer Win32/TREKX Uploading to CnC (Modified CAB)`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Chafer Win32/TREKX Uploading to CnC`; flow:established,to server; content:`POST`; http method; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Packed Perl with Eval Statement`; flow:established,to client; content:`200`; http stat code; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN SSL/TLS Certificate Observed (Maldoc CnC)`; flow:established,to client; tls cert subject; content:`CN ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart CnC)`; flow:from server,established; tls cert subject; content: ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart CnC)`; flow:from server,established; tls cert subject; content: ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart CnC)`; flow:from server,established; tls cert subject; content: ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart CnC)`; flow:from server,established; tls cert subject; content: ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart CnC)`; flow:from server,established; tls cert subject; content: ...
alert dns any any $HOME NET any (msg:`ET INFO Suspicious Registrar Nameservers in DNS Response (carbon2u)`; content:` 00 02 00 01 `; content:` 03 ns1 08 carbon2u ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN cryptodefense Checkin`; flow:established,to server; content:`POST`; http method; content:`Content Type ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Win32.Bicololo Response 2`; flow:established,to client; flowbits:isset,ET.Bicololo.Request; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Urausy.C Checkin 3`; flow:to server,established; urilen: 80; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Likely Zbot Generic Request to gate.php Dotted Quad`; flow:established,to server; content:`/gate.php ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Encoded Wide PowerShell (IEX) in Certificate Inbound`; flow:established,from server ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET EXPLOIT Attempted Remote Command Injection Inbound (CVE 2018 7841)`; flow:established,to server; content ...
alert http $HTTP SERVERS any $EXTERNAL NET any (msg:`ET EXPLOIT Attempted Remote Command Injection Outbound (CVE 2018 7841)`; flow:established,to server; content ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET EXPLOIT Attempted Remote Command Injection Inbound (CVE 2019 3929)`; flow:established,to server; content ...
alert http $HTTP SERVERS any $EXTERNAL NET any (msg:`ET EXPLOIT Attempted Remote Command Injection Outbound (CVE 2019 3929)`; flow:established,to server; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN WSHRAT Credential Dump Module Download Command Inbound`; flow:established,from server; content:`200` ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN WSHRAT Keylogger Module Download Command Inbound`; flow:established,from server; content:`200`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN WSHRAT CnC Checkin`; flow:established,to server; content:`POST`; http method; content:`WSHRAT 7c `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Buran Ransomware Activity M1`; flow:established,to server; content:`GET`; http method; content:`User ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats