Search
Keyword: bec_suspicious.ers
Description Name: APT - Suspicious Cgi - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting this type of network behavi...
Description Name: Remote CreateService - SMB2 (Request) .
Description Name: CHOPPER - HTTP (REQUEST) - Variant 2 . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below are some ...
Description Name: SMB File Infection detected . This is Trend Micro detection for packets passing through SMB network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Suspicio...
Description Name: Suspicious LNK file transfer detected . This is Trend Micro detection for packets passing through SMTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavi...
Description Name: Remote Schedule Tasks through SMB2 protocol detected - Delete Command . This is Trend Micro detection for packets passing through SMB2 network protocols that manifests unusual behavior which can be a potential intrusion. Below are s...
Description Name: Possible EDELLROOT certificate detected . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for N/A.The host exhibiting this type of network behavior is likely compromised by m...
Description Name: Certificate fields with missing or useless data - SSL - Variant 2 . This is Trend Micro detection for packets passing through HTTPS network protocols that manifests unusual behavior which can be a potential intrusion. Below are some...
Description Name: Email/Instant message containing malicious URL . This is Trend Micro detection for packets passing through SMTP, MSN and instant messaging network protocols that manifests unusual behavior which can be a potential intrusion. Below a...
Description Name: Hotmail cross-site scripting exploit - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Exploit activities which can be a potential intrusion. Below are some indicators...
Description Name: A privileged user attempted to log on to MSSQL service . This is Trend Micro detection for packets passing through MSSQL network protocols that manifests Database Access activities which can be a potential intrusion. Below are some ...
Description Name: Executable file - Email . This is Trend Micro detection for packets passing through SMTP, POP3 and IMAP4 network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual beha...
Description Name: Shodan Internet Scan - Possible Exposed Device/Service . This is Trend Micro detection for packets passing through any network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators o...
Description Name: URL containing hardcoded IP address - Email . This is Trend Micro detection for packets passing through SMTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual ...
Description Name: Pseudorandom Domain name query . This is Trend Micro detection for packets passing through UDP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Suspi...
Description Name: File Download From known CNC Server detected . This is Trend Micro detection for packets passing through HTTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual...
Description Name: Unauthorized Read MODBUS Request . This is Trend Micro detection for packets passing through MODBUS-TCP and PROTOCOL_42 network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators ...
Description Name: Session using non-standard port - IRC (Request) . This is Trend Micro detection for packets passing through IRC network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusu...
Description Name: Compromised site with malicious URL injection . This is Trend Micro detection for packets passing through HTTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusua...
Description Name: Suspicious URL - IM . This is Trend Micro detection for packets passing through MSN and instant messaging network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual beh...