50 Recent Changes in Main Web retrieved at 22:56 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Patchwork APT CnC Beacon 2`; flow:established,to server; content:`GET`; http method; content:`.php?profile ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Bolek HTTP Checkin`; flow: to server,established; content:`GET`; http method; content:`User Agent 3a ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS SUSPICIOUS EXE Download from specific file share site (used in recent maldoc campaign)`; flow ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Qarallax RAT Downloading Modules`; flow:to server,established; content:`GET`; http method; content:`qarallax ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN BandarChor/CryptON Ransomware Checkin`; flow:to server,established; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FastPOS RAM Scraper Sending Details`; flow:to server,established; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FastPOS Sending Keystrokes`; flow:to server,established; content:`GET`; http method; content:`/cdosys ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FastPOS Successful Software Update Request`; flow:to server,established; content:`GET`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FastPOS Reporting Error Code`; flow:to server,established; content:`GET`; http method; content:`/cdosys ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FastPOS Software Update Request`; flow:to server,established; content:`GET`; http method; content:`/cdosys ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FastPOS Sending Status Logs`; flow:to server,established; content:`GET`; http method; content:`/cdosys ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FastPOS Version Checkin`; flow:to server,established; content:`GET`; http method; content:`/cdosys.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FastPOS Initial Checkin`; flow:to server,established; content:`GET`; http method; content:`/cdosys.php ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Possible CVE 2016 5118 Exploit SVG attempt M2`; flow:established,to server; content:` Added 2020 ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Possible CVE 2016 5118 Exploit SVG attempt M1`; flow:established,to server; content:` Added 2020 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Criptobit/Mobef Ransomware Checkin`; flow:to server,established; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Ransomware Locky CnC Beacon 4 21 May`; flow:established,to server; content:`POST`; http method; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Possible Godzilla Loader Base64 Filename`; flow:from server,established; content:`200`; http stat code ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Joanap CnC Checkin`; flow:to server,established; content:`.ico`; http uri; content:`Mozillar`; depth ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Neurevt.A/Betabot checkin`; flow:established,to server; content:`POST`; http method; nocase; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Mailbox Update Phishing Landing M1 2016 05 16`; flow:from server,established; content:`200`; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Mailbox Update Phishing Landing M2 2016 05 16`; flow:from server,established; content:`200`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Possible SQLi Attempt in User Agent (Outbound)`; flow:established,from client; content:`User Agent 3a ...
alert udp $EXTERNAL NET 53 $HOME NET any (msg:`ET TROJAN CobaltStrike DNS Beacon Response`; content:` 81 80 00 01 00 01 `; depth:6; offset:2; content:` c0 0c 00 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DCRat CnC Activity`; flow:established,to server; urilen: 100; content:`GET`; http method; content:` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DCRat Initial CnC Activity`; flow:established,to server; urilen: 100; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor.Darpapox/Jaku Initial C2 Checkin`; flow:to server,established; urilen:10; content:`POST`; http ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS Magento Shoplift Exploit Inbound`; flow:to server,established; content:`POST`; http method ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET USER AGENTS BLEXBot User Agent`; flow:established,to server; content:`Mozilla/5.0 (compatible 3b 20 BLEXBot ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET DOS Linux/Tsunami DOS User Agent (x00 gawa.sa.pilipinas.2015) INBOUND`; flow:to server,established; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Blackmoon/Banbra Configuration Request`; flow:to server,established; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN APT.Fwits CnC Beacon M2`; flow:established,to server; content:`GET`; http method; content:`? `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN APT.Fwits CnC Beacon M1`; flow:established,to server; content:`GET`; http method; content:`/al?`; depth ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Gaudox Checkin`; flow:to server,established; content:`.php`; http uri; content:`Mozilla/5.0 (X11 ...
alert http any any $HOME NET 8080 (msg:`ET WORM TheMoon.linksys.router 3`; flow:to server,established; content:`POST`; http method; content:`/hndUnblock.cgi`; http ...
alert http any any $HOME NET 8080 (msg:`ET WORM TheMoon.linksys.router 2`; flow:to server,established; content:`POST`; http method; content:`/tmUnblock.cgi`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN XST/UP007 Checkin 2`; flow:established,to server; content:`POST`; http method; content:!`Referer 3a ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Windows Quicktime User Agent EOL With Known Bugs`; flow:established,to server; content:`QuickTime`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Virus Encoder Ransomware Checkin`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO PhishMe.com Phishing Exercise Client Plugins`; flow:to server,established; urilen:15; content:`POST` ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Quanta LTE Router RDE Exploit Attempt 2 (traceroute)`; flow:to server,established; content:`POST`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Quanta LTE Router RDE Exploit Attempt 1 (ping)`; flow:to server,established; content:`POST`; http method ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Quanta LTE Router Information Disclosure Exploit Attempt`; flow:to server,established; content:`GET ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Likely Evil Macro EXE DL mar 28 2016`; flow:established,to server; content:`HEAD`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY HotSpotShield Activity`; flow:established,to server; content:`POST`; http method; content:`Content Type ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS RIG Exploit URI Struct March 20 2015`; flow:established,to server; urilen: 220; content:`/index ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Ponmocup.A Checkin`; flow:to server,established; content:`GET`; http method; urilen:10; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY EgyPack Exploit Kit Cookie Set`; flow:established,from server; content:`Cookie 3a visited ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Ransomware Locky CnC Beacon`; flow:established,to server; content:`POST`; http method; urilen:11; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN IrcBot Fantasy Name Gen`; flow:established,to server; content:`Host 3a 20 www.fantasynamegen.com`; http ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats