50 Recent Changes in Main Web retrieved at 19:33 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Punto Loader Checkin`; flow:established,to server; content:`POST`; http method; content:`/klog.php`; ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (LazarusGroup CnC)`; flow:from server,established; tls cert serial; content ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Invoke Command (52b2tlLUNvbW1hbm) in DNS TXT Reponse`; content ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Invoke Command (dm9rZS1Db21tYW) in DNS TXT Reponse`; content ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Invoke Command (52b2tlLUNvbW1) in DNS TXT Reponse`; content: ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Invoke Command (nZva2UtQ29tbW) in DNS TXT Reponse`; content: ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Invoke Command (dm9rZS1Db21) in DNS TXT Reponse`; content:` 00 ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Invoke Command (Zva2UtQ29) in DNS TXT Reponse`; content:` 00 ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Invoke WmiMethod (dm9rZS1XbWlNZXRob2) in DNS TXT Reponse`; content ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Invoke WmiMethod (nZva2UtV21pTWV0aG) in DNS TXT Reponse`; content ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Invoke WmiMethod (52b2tlLVdtaU1ldG) in DNS TXT Reponse`; content ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Invoke WmiMethod (dm9rZS1XbWlNZXR) in DNS TXT Reponse`; content ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Invoke WmiMethod (52b2tlLVdtaU1) in DNS TXT Reponse`; content ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Invoke WmiMethod (Zva2UtV21pTWV) in DNS TXT Reponse`; content ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Start Process (YXJ0LVByb2Nlc3) in DNS TXT Reponse`; content: ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Start Process (GFydC1Qcm9jZX) in DNS TXT Reponse`; content:` ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Start Process (RhcnQtUHJvY2) in DNS TXT Reponse`; content:` 00 ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Start Process (YXJ0LVByb2N) in DNS TXT Reponse`; content:` 00 ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Start Process (RhcnQtUHJ) in DNS TXT Reponse`; content:` 00 00 ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded Start Process (FydC1Qcm9) in DNS TXT Reponse`; content:` 00 00 ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded New Object (dy1PYmplY3) in DNS TXT Reponse`; content:` 00 00 ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded New Object (XctT2JqZW) in DNS TXT Reponse`; content:` 00 00 10 ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded New Object (V3LU9iam) in DNS TXT Reponse`; content:` 00 00 10 ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded New Object (dy1PYmp) in DNS TXT Reponse`; content:` 00 00 10 ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded New Object (ctT2J) in DNS TXT Reponse`; content:` 00 00 10 00 ...
alert dns any any $HOME NET any (msg:`ET CURRENT EVENTS PowerShell Execution String Base64 Encoded New Object (V3LU9) in DNS TXT Reponse`; content:` 00 00 10 00 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Possible SharpShooter Framework Generated VBS Script`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Possible SharpShooter Framework Generated Script`; flow:established,to client; file data; content:`rc4 ...
alert tcp $EXTERNAL NET any $HOME NET 44818 (msg:`ET EXPLOIT Possible MicroLogix 1100 PCCC DoS Condition (CVE 2017 7924)`; flow:to server,established; content: ...
alert smb any any $HOME NET 445 (msg:`ET POLICY Powershell Command With Encoded Argument Over SMB Likely Lateral Movement`; flow:established,to server; content ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN DirectsX Checkin Response`; flow:established,from server; dsize:25; content:` 19 00 00 00 `; offset:17 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DirectsX CnC Checkin`; flow:established,to server; content:`GET`; http method; content:`AAAAAAAAAAAAAA ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cayosin/Mirai CnC Domain in DNS Lookup`; dns query; content:`hostnamepxssy.club`; nocase; isdataat:1,relative; metadata ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS SFML User Agent (libsfml network) `; flow:established,to server; content:`libsfml network/`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN OSX/Shlayer CnC Activity M4`; flow:established,to server; content:`GET`; http method; content:`/sd/?c ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN OSX/Shlayer CnC Activity M3`; flow:established,to server; content:`GET`; http method; content:`/?campid ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN OSX/Shlayer CnC Activity M2`; flow:established,to server; content:`GET`; http method; content:`/hyllkjit ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN OSX/Shlayer CnC Activity M1`; flow:established,to server; content:`GET`; http method; content:`/?b9zd1 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Suspicious CVV Parameter in HTTP POST Possible Phishing`; flow:established,to server; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Suspicious SSN Parameter in HTTP POST Possible Phishing`; flow:established,to server; content:`POST ...
Emerging Threats Rule Documentation Wiki This wiki contains all current rules, added as each is put into the main ruleset. UserDocs AllRulesets EmergingFAQ ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android/Xnore Fake Facebook Login Credentials Collected`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Astaroth User Agent Observed`; flow:established,to server; content:`Mozilla/4.0 (compatible ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) 2019 02 13`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) 2019 02 13`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) 2019 02 13`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) 2019 02 13`; flow:to server,established; content:`POST ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 84`; flow:established,to server; dsize: Added 2019 02 13 16:58:14 UTC
alert tls $HOME NET any $EXTERNAL NET 443 (msg:`ET TROJAN BrushaLoader CnC Domain in SNI`; flow:to server,established; tls sni; content:`traderserviceinfo.info ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)`; flow:established,from server; content:`traderserviceinfo ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats