Tags:
create new tag
view all tags

Recent Changes in Main Web retrieved at 22:53 (GMT)

5002816
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS SYSMON Suspicious WMIC call computersystem get model`; content: ` 1: `; content: `wmic`; nocase;...
5002815
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS SYSMON Suspicious WMIC call csproduct Get Name`; content: ` 1: `; content: `wmic`; nocase; content...
5002814
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS SYSMON Suspicious WMIC call bios Get SerialNumber`; content: ` 1: `; content: `wmic`; nocase; content...
5002813
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS SYSMON Suspicious WMIC call bios Get Version`; content: ` 1: `; content: `wmic`; nocase; content...
5002812
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS SYSMON Suspicious WMIC call bios Get SerialNumber`; content: ` 1: `; content: `wmic`; nocase; content...
5002811
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS SYSMON Suspicious WMIC call csproduct GET UUID`; content: ` 1: `; content: `wmic`; nocase; content...
5002810
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS SYSMON Suspicious WMIC call shadowcopy delete`; content: ` 1: `; content: `wmic`; nocase; content...
5002809
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS MALWARE Teslacrypt ransomware note type 2 detected.`; pcre: `/ 4663: 567: 5145: /`; pcre: `/\ xxx...
5002808
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS MALWARE TeslaCrypt ransomware note detected.`; pcre: `/ 4663: 567: 5145: /`; pcre: `/HELP TO DECRYPT...
5002807
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS MALWARE CryptInfinite/DecryptorMax ransomware note detected.`; pcre: `/ 4663: 567: 5145: /`; content...
5002806
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS MALWARE Cryptowall ransomware note detected.`; pcre: `/ 4663: 567: 5145: /`; content: `HELP DECRYPT...
5002804
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS MALWARE Locky ransomware note detected.`; pcre: `/ 4663: 567: 5145: /`; content: ` Locky recover...
5002803
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS SYSMON vssadmin.exe execution. Possible ransomware`; content: ` 1: `; content: `vssadmin.exe`; nocase...
5002802
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS SYSMON Locky ransomware instructions detected!`; content: ` 1: `; content: `notepad.exe`; nocase; content...
5002801
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $HOME NET any $EXTERNAL NET any (msg: ` WINDOWS MALWARE Locky or AutoLocky ransomware extension detected.`; pcre: `/ 4663: 567: 5145: /`; content...
5002799
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` WINDOWS SYSMON PSExec execution detected`; content: ` 1: `; meta content: `MD5 ,`,$PSEXEC MD5; classtype: suspicious...
5002798
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` BRO RFC1918 address scanning the network`; content: `Scan 3a 3a Port Scan`; pcre:`/((192)\.(168)\.(\d )\....
5002797
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` Trendmicro Virus Found Unable to Quarantine`; content: `SLF INCIDENT EVT VIRUS FOUND PASS THRU`; content:...
5002795
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg: ` Barracuda System Password Changed`; content: `system password`; content: `CHANGE`; program: web; parse src...
5002781
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP GEOIP Unsuccessful Configuration Utility Login from outside HOME COUNTRY`; content: `failed...
5002780
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP GEOIP Successful Configuration Utility Login from outside HOME COUNTRY`; content: `mod auth...
5002779
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP GEOIP Unsuccessful Command line Login from outside HOME COUNTRY`; content: `Authentication...
5002778
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP GEOIP Unsuccessful Command line Login from outside HOME COUNTRY`; content: `failed to login...
5002777
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP GEOIP Command line Logout from outside HOME COUNTRY`; content: `start `; content: `end `; content...
5002776
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $HTTPS PORT (msg: ` F5 BIG IP GEOIP Command line Login from outside HOME COUNTRY`; content: `start `; content: !`end `; content...
5002773
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET $SSH PORT (msg: ` ScreenOS GEOIP Juniper ScreenOS Admin Login from Outside of Home Country`; content: `Admin user`; content...
5002772
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET $SSH PORT (msg:` ScreenOS Juniper ScreenOS Login for Suspicious Admin user username`; content `Admin user`; content:`username...
5002771
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET $SSH PORT (msg:` ScreenOS Juniper ScreenOS Login for Suspicious Admin user system`; content: `Admin user system has logged...
5002770
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` FIPAYPIN Replace macro from outside RFC1918`; content: `S 300000`; content: `RTS1 IP`; meta content:!`value...
5002769
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` FIPAYPIN Failed to open pinpad 0/2 `; content: `S 300000`; content: `Failed to open pinpad`; classtype: misc...
5002768
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` FIPAYPIN Blocked the response to POS`; content: `S 300000`; content: `Blocked the response to POS`; classtype...
5002767
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` FIPAYPIN Bad/No Pin Block and KSN returned`; content: `S 300000`; content: `Bad/No Pin Block and KSN returned...
5002766
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` FIPAYPIN Invalid credit card detected`; content: `S 300000`; content: `Swpe: Response`; meta content:!`track...
5002765
4 years ago - NEW   Sagan-Wiki-Add

alert syslog $EXTERNAL NET any $HOME NET any (msg:` FIPAYPIN Slow send!`; content: `S 302046`; classtype: misc activity; program: FIPEMV ; after: track by src...
5002764
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET any (msg:` FIPAYPIN Connection failed to Fipay 5/2 `; content: `C 400008`; classtype: misc activity; program: FIPAYPIN...
5002763
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET any (msg: ` PALO ALTO Suspicious DNS Request`; content:`THREAT,spyware,`; content:`,Suspicious DNS Query`; normalize; parse...
5002761
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET any (msg: ` PALO ALTO Medium Severity Exploit Outbound`; content:`THREAT,vulnerability`;pcre: `/vsys\d{1,2},Trust, vsys\d...
5002760
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET any (msg: ` PALO ALTO Medium Severity Exploit Inbound`; content:`THREAT,vulnerability`; pcre: `/vsys\d{1,2},Untrust, vsys...
5002759
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET any (msg: ` PALO ALTO High Severity Exploit Outbound`; content:`THREAT,vulnerability`; pcre: `/vsys\d{1,2},Trust, vsys\d...
5002758
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET any (msg: ` PALO ALTO High Severity Exploit Inbound`; content:`THREAT,vulnerability`; pcre: `/vsys\d{1,2},Untrust, vsys\d...
5002757
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET any (msg: ` PALO ALTO Critical Severity Exploit Outbound`; content:`THREAT,vulnerability`; pcre: `/vsys\d{1,2},Trust, vsys...
5002756
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET any (msg: ` PALO ALTO Critical Severity Exploit Inbound`; content:`THREAT,vulnerability`; pcre: `/vsys\d{1,2},Untrust, vsys...
5002755
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET any (msg: ` PALO ALTO Virus Detected`; content:`THREAT,virus`; normalize; parse proto; parse port; parse src ip: 1; parse...
5002753
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET any (msg: ` PALO ALTO Foreign URL of unknown category`; content:`THREAT,url`; content:`,unknown,`; normalize; parse port...
5002752
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET any (msg: ` PALO ALTO Url Blocked by policy or category`; content:`,THREAT,url,`; content:`,block url,`; content:!`,online...
5002751
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET any (msg: ` PALO ALTO Spyware or Adware URL Blocked`; content:`,THREAT,url,`; content:`,block url,`; content:!`,online personal...
5002750
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET any (msg: ` PALO ALTO Phishing URL Blocked`; content:`,THREAT,url,`; content:`,block url,`; content:!`,online personal storage...
5002749
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $HOME NET any $EXTERNAL NET any (msg: ` PALO ALTO Malware URL Blocked`; content:`,THREAT,url,`; content:`,block url,`; content:!`,online personal storage...
5002748
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access IISamples Page`; content:`/iisamples` classtype: web application attack...
5002747
4 years ago - NEW   Sagan-Wiki-Add

alert tcp $EXTERNAL NET any $HOME NET $HTTP PORT (msg: ` WEB ATTACKS Attempt to Access default DeVL`s ClanPortal Page`; content:`/inc/mysql.php` classtype: web...

«Previous   1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16   Next»

Show 10, 20, 50, 100, 500, 1000 results per page, or show all.

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback