Search

Description Name: Possible CHCHES - HTTP (Request) - Variant 2 . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Below ar...

Description Name: APT - Possible EMDIVI - HTTP (Request) - Variant 5 . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Be...

Description Name: Possible PHP Admin Bruteforce - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Intelligence Gathering. This also indicates a malware infection. Below are some in...

}/kys_allow_get.asp?name=getkys.jpg&hostname={hostname}-{IP Address} to download a possible configuration file that contains its intended routines. It also sends back information such as host name and IP address to the

them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.

Description Name: APT - Possible SIMBOT - HTTP (Request) - Variant 3 . This is Trend Micro detection for packets passing through TCP network protocols that can be used as Command and Control Communication. This also indicates a malware infection. Bel...

Description Name: POSSIBLE MALICIOUS CHROME EXTENSION - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Point of Entry. This also indicates a malware infection. Below are some indi...

Description Name: Possible WEBSHELL Command - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Point of Entry or Lateral Movement. This also indicates a malware infection. Below are...

Description Name: Possible MEMCACHED Amplified DDOS Attempt - UDP (Request) . This is Trend Micro detection for packets passing through UDP network protocols that can be used as N/A. This also indicates a malware infection. Below are some indicators ...

Description Name: Possible BIFROSE - TCP . BIFROSE malware are backdoors that often arrive on systems either downloaded by unsuspecting users when visiting malicious sites or downloaded by other malware/spyware from remote sites. They may also be dro...

{BLOCKED}ound.com/iphone5.gif.exe Installation This Trojan drops the following file(s)/component(s): %Windows%\Temp\Cookies\aliases.ini %Windows%\Temp\Cookies\away.txt - list of possible messages to be sent

be executed: config.db Or else it displays the following error message: It displays the following upon execution: It detects possible old version of VPN driver installed on the system. It installs

screenshots access a variety of services, steal files and credentials steal customer data, proprietary information, etc. It is capable of the following: Information Theft Backdoor commands Possible impact of

Description Name: Possible CVE-2017-9506 Atlassian OAth Proxy Exploit - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Point of Entry or Lateral Movement. This also indicates a ma...

Description Name: Metasploit(Payload) - Possible Reverse TCP Certificate . This is Trend Micro detection for packets passing through TCP network protocols that can be used as Point of Entry or Lateral Movement. This also indicates a malware infection...

Description Name: Possible PNG Exploit - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Point of Entry or Lateral Movement. This also indicates a malware infection. Below are some...

Rules. 1005045| 1005045 - MySQL Database Server Possible Login Brute Force Attempt

computer? QUERVAR’s exact origin is unknown. In our continuing investigation and analysis of QUERVAR variants, most were downloaded from sites that host possible Java or PDF exploits . Trend Micro first

be executed: config.db Or else it displays the following error message: It displays the following upon execution: It detects possible old version of VPN driver installed on the system. It installs

1.2 for possible failures in synchronization. To continue with the completion of the synchronization, datas are required. You must be connected to the Internet. Variant Information This spyware has the