Miroslav Stampar stamparm
stamparm
/ sinkhole_emails.txt
Last active
June 30, 2020 11:32
Email addresses used in WHOIS registrations of sinkholed malicious/malware domains
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] |
stamparm
/ 2017-5638.rules
Last active
January 30, 2018 05:29
Snort rule for Apache Struts Remote Code Execution (2017-5638)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"WEB_SERVER Apache Struts Remote Code Execution (2017-5638)"; flow:established,to_server; content:"opensymphony"; fast_pattern:only; content:"Content-Type|3a 20|"; http_header; pcre:"/Content-Type: [ ]*[%$]{[^\r\n]*#\w+/Hi"; reference:cve,2017-5638; classtype:web-application-attack; sid:9000101; rev:2;) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b ./installed.ete | |
| 0439628816cabe113315751e7113a9e9f720d7e499ffdd78acbac1ed8ba35887 ./bins/coli-0.dll | |
| 52e88433f2106cc9a3a961cd8c3d0a8939d8de28f2ef3ee8ea648534a8b036a4 ./bins/tibe-1.dll | |
| d3db1e56360b25e7f36abb822e03c18d23a19a9b5f198e16c16e06785fc8c5fa ./bins/cnli-0.dll | |
| 13ce3731db5b926f980855e923e1c754c4a15a5cdad47b7ef27e6dd54cf5293d ./bins/Eternalsynergy-1.0.1.0.xml | |
| 96edea8d08ab10eee86776cfb9e32b4701096d21c39dbffeb49bd638f09d726a ./bins/trfo.dll | |
| 8a5cce25f1bf60e716709c724b96630b95e55cc0e488d74d60ea50ffba7d6946 ./bins/etebCore-2.x64.dll | |
| 5f30aa2fe338191b972705412b8043b0a134cdb287d754771fc225f2309e82ee ./bins/libeay32.dll | |
| 47e16f7db53d9adf24d193ff4d523b1bc7ae59ff8520cfa012365bdb947c96f9 ./bins/posh.dll | |
| 36107f74be98f15a45ff716e37dad70f1ff9515bc72a0a1ec583b803c220aa92 ./bins/tucl.dll |
stamparm
/ drupalgeddon2.rules
Last active
October 16, 2018 22:06
Snort rule for "Drupalgeddon2 (CVE-2018-7600)"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Drupalgeddon2 (CVE-2018-7600)"; flow: to_server,established; content:"POST"; http_method; content:"markup"; fast_pattern; content: "/user/register"; http_uri; pcre:"/(access_callback|pre_render|lazy_builder|post_render)/i"; classtype:web-application-attack; sid:9000110; rev:1;) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 000000 Xerox | |
| 000001 Xerox | |
| 000002 Xerox | |
| 000003 Xerox | |
| 000004 Xerox | |
| 000005 Xerox | |
| 000006 Xerox | |
| 000007 Xerox | |
| 000008 Xerox | |
| 000009 Xerox |
OlderNewer