Search
Keyword: bec_suspicious.ers
Description Name: Suspicious file rename - SMB2 (Request) .
Description Name: Tunneling - DNS (Response) . This is the Trend Micro detection for malicious DNS network packet that manifest any of the following actions:Suspicious TrafficThis attack is used for Point of Entry or Lateral Movement
Description Name: Suspicious PowerQuery - HTTP (Response) .
(ATT&CK: T1013) 1009618 - PowerShell & CommandLine (ATT&CK: T1086 & T1059) 1006805* - TMTR-0009: Suspicious Files Detected In System Folder 1006804* - TMTR-0010: Suspicious Files Detected In
Description Name: Data Exfiltration - DNS (Response) . This is Trend Micro detection for packets passing through DNS network protocols that manifests Suspicious Traffic activities which can be a potential intrusion. Below are some indicators of unusu...
Description Name: Copy BAT Files - SMB2 (Request) . This is Trend Micro detection for packets passing through SMB2 network protocols that manifests Suspicious File Download activities which can be a potential intrusion. Below are some indicators of u...
Description Name: Executable file download from root directory - HTTP (Response) .
Description Name: Suspicious network activity matching object in Suspicious Objects list - Variant 1 . This is Trend Micro detection for packets passing through any network protocols that manifests unusual behavior which can be a potential intrusion....
Description Name: Suspicious network activity matching object in Suspicious Objects list - Variant 3 . This is Trend Micro detection for packets passing through any network protocols that manifests unusual behavior which can be a potential intrusion....
Description Name: Suspicious file with low prevalence . This is Trend Micro detection for packets passing through File Transfer and HTTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators o...
Description Name: Possible DGA - DNS (Response) .
Description Name: Host DNS IAXFR/IXFR request from a non-trusted source . This is Trend Micro detection for packets passing through any network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of...
Description Name: Powershell Remote Command Execution Via WinRM - HTTP (Request) .
Description Name: Suspicious file in SMB network share identified by file reputation database . This is Trend Micro detection for packets passing through SMB2 and SMB network protocols that manifests unusual behavior which can be a potential intrusio...
Description Name: PsExec - SMB - Variant 2 . This is Trend Micro detection for packets passing through SMB2 and SMB network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Su...
Description Name: HTA Download - HTTP (Request) .
Description Name: Possible Self-Signed SSL certificate detected .
Description Name: Debugging Symbol Download - WDIGEST . This is Trend Micro detection for packets passing through HTTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior...
Description Name: Covert Iodine tunnel - DNS (Request) .
Description Name: DEMO RULE - SMTP (Request) . This is Trend Micro detection for packets passing through SMTP network protocols that manifests Suspicious Email activities which can be a potential intrusion. Below are some indicators of unusual behavi...