Network Content Inspection Rules
Confidence Level:
Low
Medium
High
Default Rule:
Enable
Disable
Rule ID | Rule Description | Confidence Level | DDI Default Rule | Network Content Inspection Pattern Release Date | ||
---|---|---|---|---|---|---|
DDI RULE 5271 | CVE-2024-43572 - Microsoft Windows Management Console RCE Exploit - HTTP (Response) | 2024/11/21 | DDI RULE 5271 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5271 | ||
DDI RULE 5265 | CVE-2024-40711 - VEEAM BACKUP RCE EXPLOIT - TCP (Request) | 2024/11/14 | DDI RULE 5265 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5265 | ||
DDI RULE 5263 | CVE-2024-41874 - ADOBE COLDFUSION RCE EXPLOIT - HTTP (Response) | 2024/11/13 | DDI RULE 5263 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5263 | ||
DDI RULE 5257 | CVE-2024-28988 - SOLARWINDS RCE EXPLOIT - HTTP (Response) | 2024/11/07 | DDI RULE 5257 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5257 | ||
DDI RULE 5081 | CVE-2024-36401 - GEOSERVER EXPLOIT - HTTP (REQUEST) | 2024/11/06 | DDI RULE 5081 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5081 | ||
DDI RULE 4219 | GHOSTMINER - HTTP (Request) | 2024/11/06 | DDI RULE 4219 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4219 | ||
DDI RULE 4484 | GOLDENSPY - HTTP (REQUEST) | 2024/11/06 | DDI RULE 4484 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4484 | ||
DDI RULE 4572 | GLUPTEBA - HTTP (REQUEST) | 2024/11/06 | DDI RULE 4572 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4572 | ||
DDI RULE 5139 | PYC Download - HTTP (Response) | 2024/11/05 | DDI RULE 5139 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5139 | ||
DDI RULE 5140 | Python Download - HTTP (Response) | 2024/11/05 | DDI RULE 5140 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5140 | ||
DDI RULE 5254 | Possible Domain Controller List Discovery - DCERPC (Request) | 2024/11/04 | DDI RULE 5254 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5254 | ||
DDI RULE 1770 | GHOLE - HTTP (Request) | 2024/11/04 | DDI RULE 1770 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-1770 | ||
DDI RULE 5253 | CVE-2024-29830 - IVANTI SQL INJECTION EXPLOIT - HTTP(REQUEST) | 2024/10/30 | DDI RULE 5253 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5253 | ||
DDI RULE 5243 | WebDAV Successful File Download - HTTP (Response) | 2024/10/29 | DDI RULE 5243 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5243 | ||
DDI RULE 5244 | WebDAV Unsuccessful File Download - HTTP (Response) | 2024/10/29 | DDI RULE 5244 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5244 | ||
DDI RULE 5249 | KeyLogEXE Exfiltration - HTTP (Request) | 2024/10/28 | DDI RULE 5249 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5249 | ||
DDI RULE 5250 | C2 SHELLCODE Transfer - HTTP (Response) | 2024/10/24 | DDI RULE 5250 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5250 | ||
DDI RULE 5251 | REMCOS DOWNLOADER - HTTP (Request) | 2024/10/24 | DDI RULE 5251 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5251 | ||
DDI RULE 5252 | CONOLEATHLOADER - HTTP (Request) | 2024/10/24 | DDI RULE 5252 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5252 | ||
DDI RULE 5248 | URIVAR EXFILTRATION - HTTP(REQUEST) | 2024/10/24 | DDI RULE 5248 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5248 | ||
DDI RULE 5238 | CVE-2024-32766 - PRIVWIZARD INJECTION EXPLOIT - HTTP (Request) | 2024/10/22 | DDI RULE 5238 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5238 | ||
DDI RULE 1886 | Data Exfiltration - DNS (Response) | 2024/10/22 | DDI RULE 1886 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-1886 | ||
DDI RULE 5240 | CVE-2024-5932 - WordPress RCE Exploit - HTTP (Request) | 2024/10/17 | DDI RULE 5240 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5240 | ||
DDI RULE 5242 | CVE-2024-5932 - GIVEWP RCE EXPLOIT - HTTP (Request) | 2024/10/16 | DDI RULE 5242 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5242 | ||
DDI RULE 5231 | CVE-2024-32842 - Ivanti Endpoint Manager SQL Injection Exploit - HTTP (Response) | 2024/10/16 | DDI RULE 5231 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5231 | ||
DDI RULE 5232 | CVE-2024-45519 - ZIMBRA RCE EXPLOIT - SMTP (REQUEST) | 2024/10/15 | DDI RULE 5232 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5232 | ||
DDI RULE 5241 | CVE-2024-37397 - Ivanti EPM Improper Restriction of XML External Entity Exploit - HTTP (Response) | 2024/10/15 | DDI RULE 5241 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5241 | ||
DDI RULE 5230 | CVE-2024-32845 - Ivanti Endpoint Manager SQL Injection Exploit - HTTP (Response) | 2024/10/15 | DDI RULE 5230 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5230 | ||
DDI RULE 5239 | SYSTEMBC Shellcode Download - HTTP (Response) | 2024/10/14 | DDI RULE 5239 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5239 | ||
DDI RULE 5229 | Advanced Port Scanner - HTTP (Request) | 2024/10/10 | DDI RULE 5229 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5229 | ||
DDI RULE 5233 | CVE-2024-32846 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/10/10 | DDI RULE 5233 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5233 | ||
DDI RULE 5234 | CVE-2024-32843 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/10/10 | DDI RULE 5234 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5234 | ||
DDI RULE 5235 | CVE-2024-34779 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/10/10 | DDI RULE 5235 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5235 | ||
DDI RULE 5236 | CVE-2024-34785 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/10/10 | DDI RULE 5236 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5236 | ||
DDI RULE 5237 | SYSTEMBC C2 - HTTP (Request) | 2024/10/10 | DDI RULE 5237 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5237 | ||
DDI RULE 5227 | VALLEYRAT C2 - TCP (Response) | 2024/10/09 | DDI RULE 5227 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5227 | ||
DDI RULE 5228 | Advanced IP Scanner - HTTP (Request) | 2024/10/09 | DDI RULE 5228 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5228 | ||
DDI RULE 5225 | ONCESVC C2 - HTTP (Response) | 2024/10/08 | DDI RULE 5225 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5225 | ||
DDI RULE 5226 | CVE-2024-6497 - SQUIRLLY EXPLOIT - HTTP (Request) | 2024/10/08 | DDI RULE 5226 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5226 | ||
DDI RULE 5221 | CVE-2024-47177 - CUPS PRINTING RCE EXPLOIT - HTTP (REQUEST) | 2024/10/03 | DDI RULE 5221 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5221 | ||
DDI RULE 5223 | LUMMAC - HTTP (Request) | 2024/10/03 | DDI RULE 5223 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5223 | ||
DDI RULE 5222 | CVE-2024-2876 - WORDPRESS SQL INJECTION EXPLOIT - HTTP (Request) | 2024/10/02 | DDI RULE 5222 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5222 | ||
DDI RULE 5217 | CVE-2024-8190 - Ivanti Cloud Service Appliance Authenticated Command Injection Exploit - HTTP (Response) | 2024/10/02 | DDI RULE 5217 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5217 | ||
DDI RULE 5218 | CVE-2020-8599 - Trend Micro Apex One and OfficeScan Directory Traversal Exploit - HTTP (Request) | 2024/10/01 | DDI RULE 5218 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5218 | ||
DDI RULE 5219 | CVE-2024-38077 - MS RDL RCE EXPLOIT - DCERPC (Request) | 2024/10/01 | DDI RULE 5219 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5219 | ||
DDI RULE 5220 | CVE-2024-6670 - WhatsUp SQL Injection Exploit - HTTP (Response) | 2024/10/01 | DDI RULE 5220 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5220 | ||
DDI RULE 5216 | Possible Generic Database Query - MySQL (Request) | 2024/09/26 | DDI RULE 5216 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5216 | ||
DDI RULE 5206 | Remote Access Tool VNC - VNC (Response) | 2024/09/23 | DDI RULE 5206 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5206 | ||
DDI RULE 5207 | Remote Access Tool RealVNC - VNC (Response) | 2024/09/23 | DDI RULE 5207 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5207 | ||
DDI RULE 5208 | Remote Access Tool TightVNC - VNC (Response) | 2024/09/23 | DDI RULE 5208 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5208 | ||
DDI RULE 5209 | Remote Access Tool UltraVNC - VNC (Response) | 2024/09/23 | DDI RULE 5209 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5209 | ||
DDI RULE 5214 | CVE-2024-5505 - NETGEAR TRAVERSAL EXPLOIT - HTTP (REQUEST) | 2024/09/17 | DDI RULE 5214 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5214 | ||
DDI RULE 5215 | CVE-2024-43461 - MSHTML SPOOFING EXPLOIT - HTTP (RESPONSE) | 2024/09/17 | DDI RULE 5215 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5215 | ||
DDI RULE 5082 | CVE-2024-32113 - Apache OFBiz Directory Traversal Exploit - HTTP (Request) | 2024/09/16 | DDI RULE 5082 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5082 | ||
DDI RULE 5212 | CVE-2023-51364 - QNAP RCE EXPLOIT - HTTP (RESPONSE) | 2024/09/12 | DDI RULE 5212 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5212 | ||
DDI RULE 5213 | WebP Image Sensor - HTTP (Response) | 2024/09/12 | DDI RULE 5213 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5213 | ||
DDI RULE 5211 | CVE-2023-38205 - Adobe ColdFusion Policy Bypass Exploit - HTTP (Request) | 2024/09/11 | DDI RULE 5211 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5211 | ||
DDI RULE 5210 | Metasploit Web Delivery through PowerShell - HTTP (Response) | 2024/09/10 | DDI RULE 5210 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5210 | ||
DDI RULE 2793 | APT - WINNTI - HTTP (Response) | 2024/09/09 | DDI RULE 2793 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-2793 | ||
DDI RULE 5203 | CVE-2024-5721 - LOGSIGN RCE EXPLOIT - HTTP (RESPONSE) | 2024/09/05 | DDI RULE 5203 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5203 | ||
DDI RULE 5204 | CVE-2024-7928 - FASTADMIN TRAVERSAL EXPLOIT - HTTP (RESPONSE) | 2024/09/05 | DDI RULE 5204 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5204 | ||
DDI RULE 5205 | CVE-2024-29826 - IVANTI ENDPOINT RCE EXPLOIT - HTTP (REQUEST) | 2024/09/05 | DDI RULE 5205 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5205 | ||
DDI RULE 5200 | CVE-2024-38652 - IVANTI TRAVERSAL EXPLOIT - HTTP (RESPONSE) | 2024/09/04 | DDI RULE 5200 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5200 | ||
DDI RULE 5202 | MAGICRAT EXFIL - HTTP(REQUEST) | 2024/09/04 | DDI RULE 5202 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5202 | ||
DDI RULE 5097 | CVE-2023-27532 - Veeam Backup and Replication Backup Service Authentication Bypass Exploit - TCP (Request) | 2024/09/04 | DDI RULE 5097 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5097 | ||
DDI RULE 4345 | EMOTET - HTTP (Request) - Variant 7 | 2024/09/03 | DDI RULE 4345 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4345 | ||
DDI RULE 5098 | JUPITERRAT - HTTP (REQUEST) | 2024/08/29 | DDI RULE 5098 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5098 | ||
DDI RULE 5099 | FAKEBAT DOWNLOADER - HTTP(REQUEST) | 2024/08/29 | DDI RULE 5099 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5099 | ||
DDI RULE 5090 | CVE-2021-26858 - Possible MS Exchange SSRF Exploit - HTTP (Response) | 2024/08/28 | DDI RULE 5090 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5090 | ||
DDI RULE 5096 | ZOMBIEDROP - HTTP (REQUEST) | 2024/08/27 | DDI RULE 5096 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5096 | ||
DDI RULE 5095 | CVE-2024-4885 - WHATSUP GOLD TRAVERSAL EXPLOIT - HTTP (REQUEST) | 2024/08/22 | DDI RULE 5095 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5095 | ||
DDI RULE 5075 | CVE-2024-49606 - TINYPROXY RCE EXPLOIT - HTTP (REQUEST) | 2024/08/22 | DDI RULE 5075 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5075 | ||
DDI RULE 5092 | CVE-2024-7120 - RAISECOM COMMAND INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/08/20 | DDI RULE 5092 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5092 | ||
DDI RULE 5093 | Prometei C2 - HTTP (Request) | 2024/08/20 | DDI RULE 5093 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5093 | ||
DDI RULE 5094 | Possible STEALBIT Exfiltration - HTTP (Request) | 2024/08/20 | DDI RULE 5094 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5094 | ||
DDI RULE 5091 | RUTHENS ENCRYPTION - SMB2 (REQUEST) | 2024/08/19 | DDI RULE 5091 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5091 | ||
DDI RULE 5087 | DAMEWARE RCE EXPLOIT - HTTP (REQUEST) | 2024/08/15 | DDI RULE 5087 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5087 | ||
DDI RULE 5088 | Possible Faker Generated Self-Signed Certificate - HTTPS | 2024/08/14 | DDI RULE 5088 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5088 | ||
DDI RULE 5089 | COBEACON Default Named Pipe - SMB2 (Request) - Variant 2 | 2024/08/14 | DDI RULE 5089 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5089 | ||
DDI RULE 5085 | CVE-2024-5008 - WHATSUP GOLD RCE EXPLOIT - HTTP (REQUEST) | 2024/08/13 | DDI RULE 5085 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5085 | ||
DDI RULE 5086 | CVE-2019-0708 - Microsoft Windows Remote Desktop Services Remote Code Execution Exploit - TCP (Request) | 2024/08/13 | DDI RULE 5086 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5086 | ||
DDI RULE 5079 | CVE-2023-42000 - Arcserve Unified Data Protection Path Traversal Exploit - HTTP (Request) | 2024/08/12 | DDI RULE 5079 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5079 | ||
DDI RULE 5084 | CVE-2024-4883 - Progress WhatsUp Gold Traversal Exploit - TCP (Request) | 2024/08/12 | DDI RULE 5084 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5084 | ||
DDI RULE 5083 | CVE-2024-38856 - APACHE OFBIZ RCE EXPLOIT - HTTP (Request) | 2024/08/09 | DDI RULE 5083 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5083 | ||
DDI RULE 5072 | ADRECON QUERY - LDAP(Request) | 2024/08/09 | DDI RULE 5072 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5072 | ||
DDI RULE 5077 | CVE-2024-2863 - LG LED Directory Traversal Exploit - HTTP (Request) | 2024/08/05 | DDI RULE 5077 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5077 | ||
DDI RULE 5078 | CVE-2024-36991 - Splunk Directory Traversal Exploit - HTTP (Response) | 2024/08/05 | DDI RULE 5078 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5078 | ||
DDI RULE 5076 | CVE-2024-4879 - ServiceNow Template Injection Exploit - HTTP (Response) | 2024/08/01 | DDI RULE 5076 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5076 | ||
DDI RULE 5074 | CVE-2024-5015 - WHATSUP SSRF EXPLOIT - HTTP (REQUEST) | 2024/08/01 | DDI RULE 5074 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5074 | ||
DDI RULE 5073 | CVE-2024-38112 - MSHTML RCE EXPLOIT - SMB2 (REQUEST) | 2024/07/31 | DDI RULE 5073 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5073 | ||
DDI RULE 4886 | TRUEBOT - HTTP (REQUEST) - Variant 2 | 2024/07/31 | DDI RULE 4886 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4886 | ||
DDI RULE 5063 | CVE-2024-5806 - MOVEit Authentication Bypass Exploit - HTTP(Request) | 2024/07/29 | DDI RULE 5063 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5063 | ||
DDI RULE 5067 | CVE-2024-4358 - TELERIK AUTHBYPASS EXPLOIT - HTTP (REQUEST) | 2024/07/25 | DDI RULE 5067 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5067 | ||
DDI RULE 5068 | CVE-2024-37389 - APACHE NIFI EXPLOIT - HTTP (REQUEST) | 2024/07/25 | DDI RULE 5068 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5068 | ||
DDI RULE 5069 | PHP DEV EXPLOIT - HTTP (REQUEST) | 2024/07/25 | DDI RULE 5069 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5069 | ||
DDI RULE 5070 | CVE-2024-27348 - APACHE HUGEGRAPH RCE EXPLOIT - HTTP (REQUEST) | 2024/07/25 | DDI RULE 5070 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5070 | ||
DDI RULE 5071 | RC4 Encryption in Pre-Authentication - Kerberos (Request) | 2024/07/25 | DDI RULE 5071 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5071 | ||
DDI RULE 5064 | CVE-2024-38112 - MSHTML RCE EXPLOIT - HTTP (RESPONSE) | 2024/07/24 | DDI RULE 5064 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5064 | ||
DDI RULE 5065 | CVE-2024-28995 - DIRECTORY TRAVERSAL EXPLOIT - HTTP (REQUEST) | 2024/07/24 | DDI RULE 5065 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5065 | ||
DDI RULE 5066 | CVE-2024-4040 - CRUSHFTP RCE EXPLOIT - HTTP (REQUEST) | 2024/07/24 | DDI RULE 5066 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5066 | ||
DDI RULE 4682 | MULTIPLE LATERAL MOVEMENT - SMB2(REQUEST) | 2024/07/23 | DDI RULE 4682 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4682 | ||
DDI RULE 5052 | CVE-2024-0769 - D-Link Directory Traversal Exploit - HTTP (Response) | 2024/07/18 | DDI RULE 5052 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5052 | ||
DDI RULE 5059 | POSSIBLE KIMSUKY C2 - HTTP (Request) | 2024/07/18 | DDI RULE 5059 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5059 | ||
DDI RULE 5061 | CVE-2024-21683 - Atlassian Confluence Server RCE Exploit - HTTP (Request) | 2024/07/17 | DDI RULE 5061 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5061 | ||
DDI RULE 5062 | CVE-2024-23692 - Rejetto HTTP File Server Command Injection Exploit - HTTP (Response) | 2024/07/16 | DDI RULE 5062 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5062 | ||
DDI RULE 5060 | HNAP RCE EXPLOIT - HTTP (Request) | 2024/07/16 | DDI RULE 5060 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5060 | ||
DDI RULE 5057 | PRIVATELOADER C2 - HTTP (Request) | 2024/07/16 | DDI RULE 5057 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5057 | ||
DDI RULE 5027 | Telegram Bot API Sensor - HTTP (Response) | 2024/07/16 | DDI RULE 5027 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5027 | ||
DDI RULE 5058 | KOI LOADER C2 - HTTP (Request) | 2024/07/15 | DDI RULE 5058 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5058 | ||
DDI RULE 5053 | HTA File Download Root Directory Sensor- HTTP(RESPONSE) | 2024/07/15 | DDI RULE 5053 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5053 | ||
DDI RULE 5054 | HTA File Download Sub Root Directory Sensor - HTTP(RESPONSE) | 2024/07/15 | DDI RULE 5054 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5054 | ||
DDI RULE 5055 | SH File Download Root Directory Sensor- HTTP(RESPONSE) | 2024/07/15 | DDI RULE 5055 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5055 | ||
DDI RULE 5056 | SH File Download Sub Root Directory Sensor - HTTP(RESPONSE) | 2024/07/15 | DDI RULE 5056 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5056 | ||
DDI RULE 5047 | CVE-2021-20837 - Movable Type XMLRPC Command Injection Exploit - HTTP (Response) | 2024/07/11 | DDI RULE 5047 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5047 | ||
DDI RULE 5050 | ISO File Download Sensor - HTTP (Response) | 2024/07/11 | DDI RULE 5050 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5050 | ||
DDI RULE 5049 | APT - DARKPINK Exfiltration - SMTP (Request) | 2024/07/10 | DDI RULE 5049 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5049 | ||
DDI RULE 5051 | AMADEY C2 - HTTP (Request) | 2024/07/09 | DDI RULE 5051 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5051 | ||
DDI RULE 4449 | Remote Service execution through SMB2 SVCCTL detected - Variant 3 | 2024/07/05 | DDI RULE 4449 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4449 | ||
DDI RULE 5048 | METASPLOIT (Payload) - Reverse HTTP Encrypted - HTTP (Response) | 2024/07/03 | DDI RULE 5048 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5048 | ||
DDI RULE 5046 | Exfiltration SSH Private Key - HTTP (Response) | 2024/06/24 | DDI RULE 5046 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5046 | ||
DDI RULE 5044 | CVE-2024-24919 - Check Point Information Disclosure Exploit - HTTP (Response) | 2024/06/19 | DDI RULE 5044 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5044 | ||
DDI RULE 5045 | CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution - HTTP (Request) | 2024/06/19 | DDI RULE 5045 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5045 | ||
DDI RULE 5033 | METASPLOIT (Payload) - Reverse TCP Encrypted - TCP (Response) | 2024/06/13 | DDI RULE 5033 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5033 | ||
DDI RULE 5043 | Gomir C2 - HTTP (Request) | 2024/06/04 | DDI RULE 5043 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5043 | ||
DDI RULE 5042 | CVE-2024-4956 - Nexus Repository 3 Path Traversal Exploit - HTTP (Response) | 2024/05/30 | DDI RULE 5042 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5042 | ||
DDI RULE 5035 | JSOUTPROX - HTTP (REQUEST) | 2024/05/29 | DDI RULE 5035 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5035 | ||
DDI RULE 5037 | CVE-2024-3272 - D-LINK NAS devices Hardcoded Credential Exploit - HTTP (Request) | 2024/05/29 | DDI RULE 5037 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5037 | ||
DDI RULE 5038 | CVE-2024-3273 - D-LINK NAS devices Command Injection Exploit - HTTP (Request) | 2024/05/29 | DDI RULE 5038 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5038 | ||
DDI RULE 5039 | SOAP API RCE - HTTP (Request) | 2024/05/29 | DDI RULE 5039 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5039 | ||
DDI RULE 5040 | DLINK RCE - HTTP (Request) | 2024/05/29 | DDI RULE 5040 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5040 | ||
DDI RULE 5041 | IDB EXFILTRATION - HTTP(REQUEST) | 2024/05/29 | DDI RULE 5041 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5041 | ||
DDI RULE 5036 | MELTED Hidden VNC - TCP (REQUEST) | 2024/05/27 | DDI RULE 5036 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5036 | ||
DDI RULE 5034 | TINYNUKE DOWNLOADER - HTTP (REQUEST) | 2024/05/27 | DDI RULE 5034 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5034 | ||
DDI RULE 5031 | CVE-2022-30333 - RARLab UnRAR Directory Traversal Exploit - HTTP (Response) | 2024/05/27 | DDI RULE 5031 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5031 | ||
DDI RULE 5032 | Copy BAT Files - SMB2 (Request) | 2024/05/21 | DDI RULE 5032 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5032 | ||
DDI RULE 5030 | MIMIC C2 - HTTP (Request) | 2024/05/15 | DDI RULE 5030 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5030 | ||
DDI RULE 4887 | COBALTSTRIKE - HTTP (REQUEST) - Variant 4 | 2024/05/09 | DDI RULE 4887 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4887 | ||
DDI RULE 5028 | EVILPROXY - HTTP (Response) | 2024/05/07 | DDI RULE 5028 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5028 | ||
DDI RULE 5024 | CVE-2024-31138 - JetBrains TeamCity Cross-Site Scripting Exploit - HTTP (Request) | 2024/05/06 | DDI RULE 5024 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5024 | ||
DDI RULE 5025 | CVE-2024-24401 - Nagios XI SQL Injection Exploit - HTTP (Response) | 2024/05/06 | DDI RULE 5025 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5025 | ||
DDI RULE 5026 | POSSIBLE GOOTLOADER C2 - HTTP (Response) | 2024/05/06 | DDI RULE 5026 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5026 | ||
DDI RULE 5023 | BATLOADER C2 - HTTP (Request) | 2024/04/29 | DDI RULE 5023 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5023 | ||
DDI RULE 5021 | CVE-2023-48788 - FortiClientEMS SQL Injection Exploit - TCP (Request) | 2024/04/18 | DDI RULE 5021 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5021 | ||
DDI RULE 5022 | CVE-2024-3400 - Palo Alto Command Injection Exploit - HTTP (Request) | 2024/04/17 | DDI RULE 5022 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5022 | ||
DDI RULE 5020 | BUNNYLOADER - HTTP (REQUEST) | 2024/04/15 | DDI RULE 5020 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5020 | ||
DDI RULE 5017 | CVE-2024-20767 - Cold Fusion Directory Traversal Exploit - HTTP (Response) | 2024/04/08 | DDI RULE 5017 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5017 | ||
DDI RULE 5018 | CVE-2023-32315 - Ignite Realtime Openfire Directory Traversal Exploit - HTTP (Response) | 2024/04/08 | DDI RULE 5018 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5018 | ||
DDI RULE 5019 | CVE-2023-42793 - Teamcity Server - HTTP(Response) | 2024/04/08 | DDI RULE 5019 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5019 | ||
DDI RULE 5016 | Raccoon Stealer - HTTP (Request) | 2024/04/02 | DDI RULE 5016 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5016 | ||
DDI RULE 5015 | COMEBACKER - HTTP (Request) | 2024/04/01 | DDI RULE 5015 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5015 | ||
DDI RULE 5014 | APT - LOOKBACK - TCP (Request) | 2024/03/25 | DDI RULE 5014 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5014 | ||
DDI RULE 5013 | Default GUID on External IP - SMB2 (Response) | 2024/03/14 | DDI RULE 5013 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5013 | ||
DDI RULE 5011 | CVE-2024-27198 - JetBrains TeamCity Auth Bypass Exploit - HTTP (Response) | 2024/03/11 | DDI RULE 5011 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5011 | ||
DDI RULE 5012 | CVE-2024-27199 - JetBrains TeamCity Directory Traversal Exploit - HTTP (Response) | 2024/03/11 | DDI RULE 5012 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5012 | ||
DDI RULE 5005 | APT - LOOKBACK - TCP (Response) | 2024/03/11 | DDI RULE 5005 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5005 | ||
DDI RULE 5010 | NTLM Challenge from External IP Address - SMB2 (Response) | 2024/03/07 | DDI RULE 5010 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5010 | ||
DDI RULE 4923 | Splashtop Business Access Remote Desktop RMM - DNS (Response) | 2024/03/05 | DDI RULE 4923 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4923 | ||
DDI RULE 4999 | CVE-2023-48365 - Qlik HTTP Smuggling - HTTP (Response) | 2024/02/27 | DDI RULE 4999 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4999 | ||
DDI RULE 5008 | CVE-2023-41265 - QLIK Request Tunneling Exploit - HTTP (Request) | 2024/02/26 | DDI RULE 5008 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5008 | ||
DDI RULE 5009 | CVE-2023-41266 - QLIK Directory Traversal Exploit - HTTP (Request) | 2024/02/26 | DDI RULE 5009 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5009 | ||
DDI RULE 5001 | TeamViewer RMM - UDP (Request) | 2024/02/26 | DDI RULE 5001 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5001 | ||
DDI RULE 5002 | TeamViewer RMM - DNS (Response) | 2024/02/26 | DDI RULE 5002 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5002 | ||
DDI RULE 5006 | CVE-2024-1708 - ConnectWise ScreenConnect Directory Traversal Exploit - HTTP (Request) | 2024/02/23 | DDI RULE 5006 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5006 | ||
DDI RULE 5007 | CVE-2024-1709 - ConnectWise ScreenConnect Authentication Bypass Exploit - HTTP (Response) | 2024/02/23 | DDI RULE 5007 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5007 | ||
DDI RULE 5003 | CVE-2024-22024 - Ivanti Connect Secure & Policy Secure Authentication Bypass Exploit - HTTP (Request) | 2024/02/22 | DDI RULE 5003 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5003 | ||
DDI RULE 5004 | SuperOps RMM Sensor - DNS (Response) | 2024/02/22 | DDI RULE 5004 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5004 | ||
DDI RULE 4996 | CVE-2024-21893 - Ivanti Connect Secure & Policy Secure Gateways Server-Side Request Forgery Exploit - HTTP (Request) | 2024/02/19 | DDI RULE 4996 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4996 | ||
DDI RULE 4998 | DARKME - TCP (Request) | 2024/02/15 | DDI RULE 4998 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4998 | ||
DDI RULE 5000 | GhostLocker Exfiltration - HTTP (Request) | 2024/02/15 | DDI RULE 5000 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-5000 | ||
DDI RULE 4997 | CVE-2024-23897 - Jenkins Authentication Bypass Exploit - HTTP (Request) | 2024/02/12 | DDI RULE 4997 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4997 | ||
DDI RULE 4995 | CVE-2023-46805 - Ivanti Connect Secure & Policy Secure Gateways Authentication Bypass Exploit - HTTP (Response) | 2024/02/12 | DDI RULE 4995 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4995 | ||
DDI RULE 4994 | CVE-2024-0204 - Fortra GoAnywhere MFT AuthBypass Exploit - HTTP(Request) | 2024/02/01 | DDI RULE 4994 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4994 | ||
DDI RULE 4992 | CVE-2023-32252 - Linux Kernel ksmbd NULL Pointer Exploit - SMB2 (Request) | 2024/01/31 | DDI RULE 4992 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4992 | ||
DDI RULE 4973 | Possible Encryption Downgrade Attack - Kerberos (Response) | 2024/01/31 | DDI RULE 4973 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4973 | ||
DDI RULE 4993 | MAGIC HOUND SOAP - HTTP(Request) | 2024/01/29 | DDI RULE 4993 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4993 | ||
DDI RULE 4991 | PIKABOT EXFIL - HTTP (Request) | 2024/01/29 | DDI RULE 4991 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4991 | ||
DDI RULE 4986 | CVE-2023-46604 - Possible Apache ActiveMQ RCE Exploit - HTTP (Response) | 2024/01/29 | DDI RULE 4986 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4986 | ||
DDI RULE 4990 | CVE-2023-22527 - Atlassian OGNL Injection Exploit - HTTP (Request) | 2024/01/25 | DDI RULE 4990 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4990 | ||
DDI RULE 4974 | HAVOC - HTTP (Request) | 2024/01/25 | DDI RULE 4974 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4974 | ||
DDI RULE 4987 | TPRC - HTTP (Request) | 2024/01/24 | DDI RULE 4987 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4987 | ||
DDI RULE 4988 | CVE-2023-46805 - Ivanti Connect Secure and Policy Secure Gateways Authentication Bypass Exploit - HTTP (Request) | 2024/01/24 | DDI RULE 4988 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4988 | ||
DDI RULE 4989 | CVE-2024-21887 - Ivanti Connect Secure and Policy Secure Gateways Command Injection Exploit - HTTP (Request) | 2024/01/24 | DDI RULE 4989 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4989 | ||
DDI RULE 4859 | ZIP TLD MOVED - HTTP(RESPONSE) | 2024/01/23 | DDI RULE 4859 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4859 | ||
DDI RULE 4984 | CVE-2023-44487 - HTTP2 DDOS EXPLOIT - TCP (REQUEST) - Variant 2 | 2024/01/22 | DDI RULE 4984 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4984 | ||
DDI RULE 4985 | CVE-2023-46604 - Apache ActiveMQ RCE Exploit - TCP (Request) | 2024/01/22 | DDI RULE 4985 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4985 | ||
DDI RULE 4983 | Micosoft Windows SmartScreen Exploit(ZDI-CAN-23100) - HTTP(Response) | 2024/01/18 | DDI RULE 4983 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4983 | ||
DDI RULE 4982 | COPY FILES - SMB2(REQUEST) | 2024/01/16 | DDI RULE 4982 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4982 | ||
DDI RULE 4975 | CVE-2023-51467- Apache OFBiz Pre-Auth RCE Exploit - HTTP (Response) | 2024/01/11 | DDI RULE 4975 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4975 | ||
DDI RULE 4976 | SYSTEM INFORMATION DISCOVERY - LDAP(REQUEST) | 2024/01/11 | DDI RULE 4976 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4976 | ||
DDI RULE 4977 | TRUSTED DOMAIN DISCOVERY - LDAP(REQUEST) | 2024/01/11 | DDI RULE 4977 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4977 | ||
DDI RULE 4978 | PASSWORD POLICY DISCOVERY - LDAP(REQUEST) | 2024/01/11 | DDI RULE 4978 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4978 | ||
DDI RULE 4979 | PERMISSION GROUP DISCOVERY - LDAP(REQUEST) | 2024/01/11 | DDI RULE 4979 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4979 | ||
DDI RULE 4980 | SYSTEM OWNER DISCOVERY - LDAP(REQUEST) | 2024/01/11 | DDI RULE 4980 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4980 | ||
DDI RULE 4981 | ACCOUNT DISCOVERY - LDAP(REQUEST) | 2024/01/11 | DDI RULE 4981 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4981 | ||
DDI RULE 4972 | PIKABOT DLL Dropper - HTTP (Request) | 2024/01/10 | DDI RULE 4972 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4972 | ||
DDI RULE 4968 | Remcos - TCP | 2024/01/03 | DDI RULE 4968 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4968 | ||
DDI RULE 4969 | Fonelab - Certificate - HTTPS | 2024/01/03 | DDI RULE 4969 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4969 | ||
DDI RULE 4970 | CVE-2021-20016 - SonicWall SSLVPN SMA100 SQL Injection Exploit - HTTP (Request) | 2024/01/03 | DDI RULE 4970 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4970 | ||
DDI RULE 4971 | APT CONN - UDP(REQUEST) | 2024/01/02 | DDI RULE 4971 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4971 | ||
DDI RULE 4928 | CVE-2023-2914 - Rockwell Automation ThinManager ThinServer Type 13 Synchronization Integer Overflow Exploit - TCP (Request) | 2023/12/21 | DDI RULE 4928 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4928 | ||
DDI RULE 4967 | CVE-2023-50164 - Apace Struts2 Path Traversal Exploit - HTTP (Request) | 2023/12/19 | DDI RULE 4967 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4967 | ||
DDI RULE 4965 | LVRAN - HTTP (Request) | 2023/12/18 | DDI RULE 4965 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4965 | ||
DDI RULE 4966 | BIGIP TMSH Path Exploit - HTTP (Response) | 2023/12/14 | DDI RULE 4966 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4966 | ||
DDI RULE 4964 | CVE-2023-49070 - Apache OFBiz Pre-Auth RCE Exploit - HTTP (Request) | 2023/12/12 | DDI RULE 4964 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4964 | ||
DDI RULE 4949 | CVE-2023-46747 - BIGIP Smug Exploit - HTTP (Request) | 2023/12/12 | DDI RULE 4949 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4949 | ||
DDI RULE 4962 | BRUTEFORCE - SMB(RESPONSE) | 2023/12/12 | DDI RULE 4962 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4962 | ||
DDI RULE 4963 | CVE-2023-44487 - HTTP2 DDOS EXPLOIT - TCP(REQUEST) | 2023/12/11 | DDI RULE 4963 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4963 | ||
DDI RULE 4958 | POSSIBLE TUNNELING - DNS (Response) - Variant 2 | 2023/12/05 | DDI RULE 4958 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4958 | ||
DDI RULE 4959 | COBEACON C2 - HTTP(RESPONSE) | 2023/12/05 | DDI RULE 4959 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4959 | ||
DDI RULE 4961 | TRAMPIKABOT - HTTP(REQUEST) | 2023/12/05 | DDI RULE 4961 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4961 | ||
DDI RULE 4960 | CVE-2023-46604 - Possible Apache ActiveMQ RCE Exploit - HTTP (Request) | 2023/11/30 | DDI RULE 4960 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4960 | ||
DDI RULE 4930 | RHYSIDA - SMB2 (Request) | 2023/11/30 | DDI RULE 4930 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4930 | ||
DDI RULE 4956 | CVE-2023-47246 - SYSAID TRAVERSAL EXPLOIT - HTTP (Request) | 2023/11/22 | DDI RULE 4956 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4956 | ||
DDI RULE 4957 | CVE-2023-4634 - Wordpress Plugin Media-Library-Assistant RCE Exploit - HTTP (Request) | 2023/11/22 | DDI RULE 4957 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4957 | ||
DDI RULE 4894 | CVE-2023-28771 - Zyxel RCE Exploit - UDP (Request) | 2023/11/21 | DDI RULE 4894 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4894 | ||
DDI RULE 4879 | Possible CVE-2021-27876 - Veritas RCE Exploit - TCP (Response) | 2023/11/21 | DDI RULE 4879 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4879 | ||
DDI RULE 4954 | CVE-2022-42475 - Fortinet FortiOS SSL-VPN Buffer Overflow Exploit - HTTP (Request) | 2023/11/20 | DDI RULE 4954 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4954 | ||
DDI RULE 4955 | PIKABOT - Malicious Certificate - HTTPS | 2023/11/20 | DDI RULE 4955 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4955 | ||
DDI RULE 4952 | APT CONN - TCP(REQUEST) | 2023/11/20 | DDI RULE 4952 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4952 | ||
DDI RULE 4953 | CVE-2023-20198 - Cisco IOS XE WebUI Authentication Bypass Exploit - HTTP (Request) | 2023/11/16 | DDI RULE 4953 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4953 | ||
DDI RULE 4947 | GOOTLOADER XMLRPC - HTTP (Request) | 2023/11/16 | DDI RULE 4947 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4947 | ||
DDI RULE 4935 | ANOMALIES - HTTP(REQUEST) | 2023/11/16 | DDI RULE 4935 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4935 | ||
DDI RULE 4942 | CVE-2023-4966 - NetScaler ADC and Gateway Buffer Overflow Exploit - HTTP (Request) | 2023/11/16 | DDI RULE 4942 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4942 | ||
DDI RULE 4944 | CVE-2023-28288 - MS Sharepoint Information Disclosure Exploit - HTTP(Request) | 2023/11/16 | DDI RULE 4944 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4944 | ||
DDI RULE 4936 | CVE-2023-29516 - XWIKI RCE Exploit - HTTP (Request) | 2023/11/14 | DDI RULE 4936 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4936 | ||
DDI RULE 4937 | CVE-2023-37462 - XWIKI RCE Exploit - HTTP (Request) | 2023/11/14 | DDI RULE 4937 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4937 | ||
DDI RULE 4946 | SQL Injection Exploit Sensor - HTTP (Request) | 2023/11/14 | DDI RULE 4946 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4946 | ||
DDI RULE 4951 | TURLA - HTTP(REQUEST) | 2023/11/14 | DDI RULE 4951 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4951 | ||
DDI RULE 4913 | CVE-2023-40044 - WS FTP RCE Exploit - HTTP (Request) | 2023/11/14 | DDI RULE 4913 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4913 | ||
DDI RULE 4948 | CVE-2023-36745 - MS Exchange Powershell RCE EXPLOIT - HTTP (Request) | 2023/11/13 | DDI RULE 4948 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4948 | ||
DDI RULE 4950 | CVE-2023-20273 - Cisco IOS XE WebUI RCE Exploit - HTTP (Request) | 2023/11/13 | DDI RULE 4950 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4950 | ||
DDI RULE 4931 | Cisco IOS XE Vulnerability Implant Detection Exploit - HTTP (Response) | 2023/11/13 | DDI RULE 4931 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4931 | ||
DDI RULE 4945 | Confluence Improper Authorization Vulnerability Exploit Sensor - HTTP (Response) | 2023/11/10 | DDI RULE 4945 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4945 | ||
DDI RULE 4943 | CVE-2023-38545 - Libcurl Exploit - HTTP(Response) | 2023/11/10 | DDI RULE 4943 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4943 | ||
DDI RULE 4941 | CVE-2023-22518 - Confluence Improper Authorization Vulnerability Exploit - HTTP (Request) | 2023/11/10 | DDI RULE 4941 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4941 | ||
DDI RULE 4940 | APT URL - HTTP(REQUEST) | 2023/11/09 | DDI RULE 4940 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4940 | ||
DDI RULE 4938 | APT DOMAINS - DNS(RESPONSE) | 2023/11/08 | DDI RULE 4938 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4938 | ||
DDI RULE 4904 | PRIVATE LOADER STATUS - HTTP (Request) | 2023/11/08 | DDI RULE 4904 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4904 | ||
DDI RULE 4932 | CVE-2023-44414 - DLINK RCE EXPLOIT - HTTP(REQUEST) | 2023/10/31 | DDI RULE 4932 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4932 | ||
DDI RULE 4933 | CVE-2023-42117 - Exim RCE EXPLOIT - SMTP(Request) | 2023/10/26 | DDI RULE 4933 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4933 | ||
DDI RULE 4934 | CVE-2023-22515 - Atlassian Confluence Data Center Broken Access Control Exploit - HTTP (Request) | 2023/10/26 | DDI RULE 4934 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4934 | ||
DDI RULE 4929 | CVE-2023-2917 - Rockwell Automation ThinManager ThinServer Type 38 Synchronization Message Directory Traversal Exploit - TCP (Request) | 2023/10/25 | DDI RULE 4929 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4929 | ||
DDI RULE 4922 | CVE-2023-38831 - WINRAR POE EXPLOIT - HTTP (Response) | 2023/10/25 | DDI RULE 4922 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4922 | ||
DDI RULE 4814 | CVE-2022-41080 - MS Exchange Server Outlook Web Access Exploit - HTTP(Request) | 2023/10/25 | DDI RULE 4814 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4814 | ||
DDI RULE 4927 | CVE-2023-0210 - Linux Kernel ksmbd Integer Underflow Exploit - SMB2 (Request) | 2023/10/24 | DDI RULE 4927 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4927 | ||
DDI RULE 4918 | CVE-2023-29525 - XWiki LegacyNotificationAdministration Code Injection Exploit - HTTP (Request) | 2023/10/24 | DDI RULE 4918 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4918 | ||
DDI RULE 4926 | CVE-2023-39361 - Cacti Group Cacti graph_view.php SQL Injection Exploit - HTTP (Request) | 2023/10/23 | DDI RULE 4926 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4926 | ||
DDI RULE 4924 | Linux Kernel ksmbd NULL Pointer Exploit - SMB2(Request) | 2023/10/23 | DDI RULE 4924 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4924 | ||
DDI RULE 4916 | CVE-2022-27255 - SIP BUFFEROVERFLOW EXPLOIT - ICMP(REQUEST) | 2023/10/23 | DDI RULE 4916 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4916 | ||
DDI RULE 4920 | LUMMAC2CONF - HTTP (Request) | 2023/10/19 | DDI RULE 4920 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4920 | ||
DDI RULE 4921 | DARKGATE - HTTP (Request) | 2023/10/19 | DDI RULE 4921 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4921 | ||
DDI RULE 4925 | LUMMAC2SOCK - HTTP (Request) | 2023/10/19 | DDI RULE 4925 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4925 | ||
DDI RULE 4919 | CVE-2023-24488 - Citrix Gateway Open Redirect and XSS Exploit - HTTP (Request) | 2023/10/18 | DDI RULE 4919 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4919 | ||
DDI RULE 4914 | CVE-2023-35166 - XWiKi RCE Exploit - HTTP (Request) | 2023/10/17 | DDI RULE 4914 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4914 | ||
DDI RULE 4911 | CVE-2023-32563 - Ivanti Avalanche Directory Traversal Exploit - HTTP(Request) | 2023/10/17 | DDI RULE 4911 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4911 | ||
DDI RULE 4912 | Possible Overpass-The-Hash Technique - Kerberos (Request) | 2023/10/17 | DDI RULE 4912 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4912 | ||
DDI RULE 4915 | CVE-2023-42121 - CONTROLWEBPANEL RCE EXPLOIT - HTTP(REQUEST) | 2023/10/11 | DDI RULE 4915 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4915 | ||
DDI RULE 4909 | BUMBLELOADER Exfil - HTTP (Response) | 2023/10/10 | DDI RULE 4909 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4909 | ||
DDI RULE 4910 | CVE-2023-20890 - VMware Aria Operations Directory Traversal Exploit - HTTP (Request) | 2023/10/09 | DDI RULE 4910 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4910 | ||
DDI RULE 4908 | BUMBLE LOADER FALCON - DNS (Request) | 2023/10/05 | DDI RULE 4908 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4908 | ||
DDI RULE 4906 | CVE-2023-38126 - Softing edgeAggregator Restore Configuration Directory Traversal Exploit - HTTPS (Request) | 2023/10/04 | DDI RULE 4906 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4906 | ||
DDI RULE 4907 | CVE-2023-39750 - D-Link DAP-2660 Buffer Overflow Exploit - HTTP (Request) | 2023/10/04 | DDI RULE 4907 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4907 | ||
DDI RULE 4903 | CVE-2023-36932 - MOVEit Transfer FolderListRecursive SQL Injection Exploit - HTTPS (Request) | 2023/10/02 | DDI RULE 4903 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4903 | ||
DDI RULE 4905 | CVE-2023-4711 - DLink RCE Exploit - HTTP (Request) | 2023/10/02 | DDI RULE 4905 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4905 | ||
DDI RULE 4901 | CVE-2023-28651 - Contec CONPROSYS HMI System XSS Exploit - HTTP (Request) | 2023/10/02 | DDI RULE 4901 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4901 | ||
DDI RULE 4898 | A normal user attempted to log on to the POSTGRES service | 2023/09/28 | DDI RULE 4898 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4898 | ||
DDI RULE 4899 | CVE-2023-38204 - Adobe ColdFusion RCE Exploit - HTTP (Request) | 2023/09/28 | DDI RULE 4899 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4899 | ||
DDI RULE 4900 | CVE-2023-32165 - D-Link D-View Directory Traversal Exploit - TFTP (Request) | 2023/09/28 | DDI RULE 4900 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4900 | ||
DDI RULE 4902 | QAKBOT - HTTP (REQUEST) - Variant 9 | 2023/09/26 | DDI RULE 4902 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4902 | ||
DDI RULE 4897 | CVE-2023-34127 - SonicWall Command Injection Exploit - HTTP (Request) | 2023/09/25 | DDI RULE 4897 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4897 | ||
DDI RULE 4893 | CVE-2023-20887 - VREALIZE SHELL INJECT EXPLOIT - HTTP (Request) | 2023/09/25 | DDI RULE 4893 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4893 | ||
DDI RULE 4889 | COBEACON - Malicious Certificate - HTTPS | 2023/09/25 | DDI RULE 4889 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4889 | ||
DDI RULE 4892 | APT - COBEACON ENC - HTTP (Request) | 2023/09/21 | DDI RULE 4892 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4892 | ||
DDI RULE 4895 | NDMP FILEWRITE - TCP(REQUEST) | 2023/09/21 | DDI RULE 4895 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4895 | ||
DDI RULE 4896 | NDMP EXECUTE COMMAND - TCP(REQUEST) | 2023/09/21 | DDI RULE 4896 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4896 | ||
DDI RULE 4890 | Msgbot Exfilt - HTTP (Request) | 2023/09/20 | DDI RULE 4890 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4890 | ||
DDI RULE 4891 | CVE-2023-32071 - XWIKI XSS RCE Exploit- HTTP (Request) | 2023/09/20 | DDI RULE 4891 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4891 | ||
DDI RULE 4881 | CVE-2023-34133 - SonicWall SQL Injection Exploit - HTTP (Request) | 2023/09/18 | DDI RULE 4881 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4881 | ||
DDI RULE 4882 | CVE-2023-38099 - NetGear SQL Injection Exploit - HTTP (Request) | 2023/09/14 | DDI RULE 4882 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4882 | ||
DDI RULE 4885 | CVE-2023-25717 - Ruckus RCE Exploit - HTTP (Request) | 2023/09/14 | DDI RULE 4885 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4885 | ||
DDI RULE 4888 | CVE-2023-38148 - DHCP BUFFER OVERFLOW EXPLOIT - UDP(REQUEST) | 2023/09/13 | DDI RULE 4888 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4888 | ||
DDI RULE 4883 | CVE-2023-24489 - Citrix ShareFile Directory Traversal Exploit - HTTP (Request) | 2023/09/13 | DDI RULE 4883 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4883 | ||
DDI RULE 4884 | CVE-2023-32560 - Ivanti Avalanche WLAvalancheService Stack Buffer Overflow RCE Exploit - TCP (Request) | 2023/09/13 | DDI RULE 4884 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4884 | ||
DDI RULE 4880 | CVE-2023-3519 - CITRIX OVERFLOW EXPLOIT - HTTP (Request) | 2023/09/12 | DDI RULE 4880 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4880 | ||
DDI RULE 4877 | CVE-2023-33246 - Apache RocketMQ RCE Exploit - TCP (Request) | 2023/09/07 | DDI RULE 4877 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4877 | ||
DDI RULE 4878 | CVE-2023-35150 - XWIKI RCE Exploit - HTTP (Request) | 2023/09/07 | DDI RULE 4878 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4878 | ||
DDI RULE 4874 | TOOL BITSADMIN POST - HTTP(REQUEST) | 2023/09/04 | DDI RULE 4874 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4874 | ||
DDI RULE 4876 | CVE-2023-35078 - Ivanti Endpoint - HTTP (Response) | 2023/08/31 | DDI RULE 4876 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4876 | ||
DDI RULE 4875 | CVE-2023-39475 - Ingnition Deserialization Remote Code Execution Exploit - HTTP(Request) | 2023/08/30 | DDI RULE 4875 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4875 | ||
DDI RULE 4794 | CVE-2022-3602 - OpenSSL Buffer Overflow Exploit - TLS (Response) | 2023/08/23 | DDI RULE 4794 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4794 | ||
DDI RULE 4873 | APT - PUBLOAD - HTTP (Request) | 2023/08/15 | DDI RULE 4873 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4873 | ||
DDI RULE 4872 | ICEDID JAVASCRIPT DROPPER - HTTP(Request) | 2023/08/09 | DDI RULE 4872 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4872 | ||
DDI RULE 4870 | COBEACON DEFAULT NAMED PIPE - SMB2 (Request) | 2023/08/08 | DDI RULE 4870 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4870 | ||
DDI RULE 4871 | CVE-2021-27860 - VOLTTYPHOON EXPLOIT - HTTP(Request) | 2023/08/07 | DDI RULE 4871 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4871 | ||
DDI RULE 4804 | CVE-2022-4223 - PGADMIN RCE EXPLOIT - HTTP(REQUEST) | 2023/08/03 | DDI RULE 4804 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4804 | ||
DDI RULE 2466 | Accessed non-existing administrative share - SMB | 2023/07/31 | DDI RULE 2466 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-2466 | ||
DDI RULE 4869 | CVE-2023-29357 - SHAREPOINT PRIVILEGE ESCALATION - HTTP (REQUEST) - Variant 2 | 2023/07/25 | DDI RULE 4869 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4869 | ||
DDI RULE 4868 | CVE-2023-33157 - SHAREPOINT RCE EXPLOIT - HTTP(REQUEST) | 2023/07/17 | DDI RULE 4868 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4868 | ||
DDI RULE 4860 | COBEACON - DNS (Response) - Variant 2 | 2023/07/13 | DDI RULE 4860 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4860 | ||
DDI RULE 4867 | CVE-2023-36934 - MOVEIT SQL INJECTION EXPLOIT - HTTP(REQUEST) | 2023/07/06 | DDI RULE 4867 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4867 | ||
DDI RULE 4863 | CVE-2023-25690 - APACHE HTTP Server Request Smuggling Exploit - HTTP (Request) | 2023/07/04 | DDI RULE 4863 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4863 | ||
DDI RULE 4866 | CVE-2023-29357 - SHAREPOINT PRIVILEGE ESCALATION - HTTP(REQUEST) | 2023/07/04 | DDI RULE 4866 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4866 | ||
DDI RULE 4861 | COBEACON - DNS (Response) - Variant 3 | 2023/06/27 | DDI RULE 4861 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4861 | ||
DDI RULE 4865 | CVE-2023-35708 - MOVEIT SQL INJECTION EXPLOIT - HTTP(REQUEST) | 2023/06/22 | DDI RULE 4865 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4865 | ||
DDI RULE 4864 | CVE-2023-35036 - MOVEIT CERT SQL INJECTION - HTTP(REQUEST) | 2023/06/21 | DDI RULE 4864 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4864 | ||
DDI RULE 4862 | CVE-2023-27997 - Fortinet FortiGate Buffer Overflow Exploit- HTTP (Request) | 2023/06/21 | DDI RULE 4862 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4862 | ||
DDI RULE 4858 | SLIVER - HTTP (Request) | 2023/06/14 | DDI RULE 4858 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4858 | ||
DDI RULE 4856 | CVE-2023-34362 - MOVEIT SQL INJECTION EXPLOIT - HTTP(REQUEST) | 2023/06/08 | DDI RULE 4856 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4856 | ||
DDI RULE 4854 | SILOCK WEBSHELL - HTTP(REQUEST) | 2023/06/05 | DDI RULE 4854 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4854 | ||
DDI RULE 4855 | REDLINE EXFIL - TCP(REQUEST) | 2023/06/05 | DDI RULE 4855 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4855 | ||
DDI RULE 4851 | CVE-2022-27924 - ZIMBRA EXPLOIT - HTTP (Request) | 2023/06/05 | DDI RULE 4851 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4851 | ||
DDI RULE 4853 | ICEDID EXFIL - HTTP(REQUEST) | 2023/06/01 | DDI RULE 4853 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4853 | ||
DDI RULE 4852 | CVE-2023-21554 - WINDOWS MQ SERVICE RCE - TCP(REQUEST) | 2023/05/31 | DDI RULE 4852 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4852 | ||
DDI RULE 4850 | PsExec - SMB2 (Request) | 2023/05/27 | DDI RULE 4850 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4850 | ||
DDI RULE 4849 | CVE-2023-1671 - Sophos Web Appliance Command Injection Exploit - HTTP (Request) | 2023/05/25 | DDI RULE 4849 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4849 | ||
DDI RULE 4847 | CVE-2022-36067 - VM2 REMOTE CODE EXECUTION - HTTP(REQUEST) | 2023/05/22 | DDI RULE 4847 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4847 | ||
DDI RULE 4848 | LOCKBIT EXFIL - HTTP(REQUEST) | 2023/05/22 | DDI RULE 4848 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4848 | ||
DDI RULE 4843 | CVE-2023-32521 - TMMS UNAUTHENTICATED TRAVERSAL EXPLOIT - HTTP (Request) | 2023/05/18 | DDI RULE 4843 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4843 | ||
DDI RULE 4844 | CVE-2023-32522 - TMMS AUTHENTICATED TRAVERSAL EXPLOIT - HTTP (Request) | 2023/05/18 | DDI RULE 4844 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4844 | ||
DDI RULE 4845 | TMMS FILE DISCLOSURE EXPLOIT - HTTP (Request) | 2023/05/18 | DDI RULE 4845 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4845 | ||
DDI RULE 4839 | CVE-2023-1389 - TPLink Firmware Command Injection Exploit - HTTP (Request) | 2023/05/17 | DDI RULE 4839 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4839 | ||
DDI RULE 4819 | Possible Traffic Signaling - TCP (Request) | 2023/05/17 | DDI RULE 4819 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4819 | ||
DDI RULE 4820 | Traffic with Base64 Encode - TCP (Request) | 2023/05/17 | DDI RULE 4820 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4820 | ||
DDI RULE 4846 | CVE-2023-24941 - WINDOWS NETWORK FILE SYSTEM RCE EXPLOIT - TCP(REQUEST) | 2023/05/15 | DDI RULE 4846 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4846 | ||
DDI RULE 4821 | Authentication Required - HTTP (Response) | 2023/05/10 | DDI RULE 4821 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4821 | ||
DDI RULE 4842 | CVE-2023-24950 - MICROSOFT SHAREPOINT RCE EXPLOIT - HTTP(REQUEST) | 2023/05/08 | DDI RULE 4842 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4842 | ||
DDI RULE 4840 | CVE-2023-28231 - BUFFER OVERFLOW - MICROSOFT DHCPv6(REQUEST) | 2023/05/04 | DDI RULE 4840 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4840 | ||
DDI RULE 4841 | CVE-2022-43945 - Network File System RPC RCE EXPLOIT - TCP (Request) | 2023/05/04 | DDI RULE 4841 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4841 | ||
DDI RULE 4830 | CVE-2023-0669 - FORTRA GOANYWHERE MFT RCE REQUEST - HTTP (Exploit) | 2023/05/03 | DDI RULE 4830 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4830 | ||
DDI RULE 4838 | POWERSHELL SERIALIZATION RCE EXPLOIT - HTTP(REQUEST) | 2023/04/27 | DDI RULE 4838 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4838 | ||
DDI RULE 4835 | CVE-2023-27350 - PaperCut MF/NG Authentication Bypass Exploit - HTTP (REQUEST) | 2023/04/26 | DDI RULE 4835 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4835 | ||
DDI RULE 4836 | CVE-2023-27351 - PaperCut MF/NG Authentication Bypass Exploit - HTTP (REQUEST) | 2023/04/26 | DDI RULE 4836 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4836 | ||
DDI RULE 4837 | CVE-2022-31814 - NETGATE RCE EXPLOIT - HTTP (Request) | 2023/04/26 | DDI RULE 4837 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4837 | ||
DDI RULE 4832 | CVE-2022-31706 - VMWARE RCE RESPONSE - HTTP (Exploit) | 2023/04/18 | DDI RULE 4832 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4832 | ||
DDI RULE 4576 | CVE-2021-31166 - HTTP Protocol RCE Exploit - HTTP (REQUEST) | 2023/04/17 | DDI RULE 4576 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4576 | ||
DDI RULE 4828 | ICONICSTEALER - TCP(RESPONSE) | 2023/04/12 | DDI RULE 4828 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4828 | ||
DDI RULE 4831 | CVE-2022-37958 - MS WINDOWS NEGOEX REQUEST - SMB2 (Exploit) | 2023/04/05 | DDI RULE 4831 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4831 | ||
DDI RULE 4825 | CVE-2021-42756 - FORTIWEB BUFFER OVERFLOW - HTTP(REQUEST) | 2023/04/04 | DDI RULE 4825 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4825 | ||
DDI RULE 4826 | FREBNIIS - HTTP (Request) | 2023/03/30 | DDI RULE 4826 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4826 | ||
DDI RULE 4824 | SOCGHOULISH - HTTP (Request) | 2023/03/29 | DDI RULE 4824 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4824 | ||
DDI RULE 4822 | CVE-2022-39952 - Fortinet FortiNAC RCE Exploit - HTTP (Request) | 2023/03/28 | DDI RULE 4822 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4822 | ||
DDI RULE 4823 | POSSIBLE CVE-2023-23415 - REMOTE CODE EXECUTION - ICMP(REQUEST) | 2023/03/27 | DDI RULE 4823 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4823 | ||
DDI RULE 4818 | CVE-2022-36804 - Atlassian Bitbucket Command Injection Exploit - HTTP(REQUEST) | 2023/03/15 | DDI RULE 4818 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4818 | ||
DDI RULE 4532 | CVE-2021-26855 - Exchange Server Side Request Forgery Exploit - HTTP (REQUEST) - Variant 2 | 2023/03/14 | DDI RULE 4532 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4532 | ||
DDI RULE 4817 | WINEXE DETECTED - SMB2(REQUEST) | 2023/03/13 | DDI RULE 4817 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4817 | ||
DDI RULE 4816 | WINEXE DETECTED - SMB(REQUEST) | 2023/03/09 | DDI RULE 4816 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4816 | ||
DDI RULE 4815 | CVE-2022-41082 - MS EXCHANGE POWERSHELL RCE EXPLOIT - HTTP(REQUEST) | 2023/03/07 | DDI RULE 4815 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4815 | ||
DDI RULE 4812 | CVE-2022-1040 - SOPHOS FIREWALL USER PORTAL AND WEBADMIN REMOTE CODE EXECUTION - HTTP(EXPLOIT) | 2023/02/16 | DDI RULE 4812 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4812 | ||
DDI RULE 4811 | CVE-2021-21974 - VMWARE OPENSLP RCE EXPLOIT - TCP(REQUEST) | 2023/02/14 | DDI RULE 4811 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4811 | ||
DDI RULE 4809 | CVE-2022-31698 - VMWARE DDOS EXPLOIT - HTTP(REQUEST) | 2023/02/13 | DDI RULE 4809 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4809 | ||
DDI RULE 4806 | CVE-2022-44877 - CENTOS WEB PANEL COMMAND INJECTION - HTTP(EXPLOIT) | 2023/02/09 | DDI RULE 4806 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4806 | ||
DDI RULE 4807 | CVE-2022-47966 - ZOHO MANAGEENGINE RCE - HTTP(REQUEST) | 2023/02/09 | DDI RULE 4807 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4807 | ||
DDI RULE 4808 | CVE-2022-40624 - NETGATE RCE EXPLOIT - HTTP(REQUEST) | 2023/02/09 | DDI RULE 4808 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4808 | ||
DDI RULE 4805 | CVE-2022-21587 - ORACLE DESKTOP INTEGRATOR DIRECTORY TRAVERSAL EXPLOIT - HTTP(REQUEST) | 2023/02/08 | DDI RULE 4805 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4805 | ||
DDI RULE 4803 | MALLOX - HTTP(REQUEST) | 2023/01/30 | DDI RULE 4803 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4803 | ||
DDI RULE 4802 | CHISEL TUNNELING - HTTP(RESPONSE) | 2023/01/17 | DDI RULE 4802 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4802 | ||
DDI RULE 4754 | BUGHATCH - HTTP(REQUEST) | 2023/01/16 | DDI RULE 4754 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4754 | ||
DDI RULE 4801 | CVE-2022-29499 - MITEL MIVOICE RCE - HTTP(EXPLOIT) | 2023/01/11 | DDI RULE 4801 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4801 | ||
DDI RULE 4800 | MIMIKATZ SHELL - HTTP(RESPONSE) | 2022/12/14 | DDI RULE 4800 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4800 | ||
DDI RULE 4799 | MIMIKATZ SHELL - TCP | 2022/12/14 | DDI RULE 4799 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4799 | ||
DDI RULE 4755 | PROXYHTA - HTTP(REQUEST) | 2022/12/12 | DDI RULE 4755 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4755 | ||
DDI RULE 2832 | Possible CVE-2019-6340 Drupal8 RESTful Web Services Remote Code Execution - HTTP (Request) | 2022/12/08 | DDI RULE 2832 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-2832 | ||
DDI RULE 4792 | CVE-2022-35951 - REDIS INTEGER OVERFLOW - TCP(REQUEST) | 2022/12/07 | DDI RULE 4792 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4792 | ||
DDI RULE 4798 | CVE-2022-30216 - WINDOWS SERVER SERVICES TAMPERING EXPLOIT - SMB2(REQUEST) | 2022/12/01 | DDI RULE 4798 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4798 | ||
DDI RULE 2722 | CVE-2017-0146 - Remote Code Execution - SMB (Request) | 2022/11/29 | DDI RULE 2722 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-2722 | ||
DDI RULE 4796 | MICROSOFT EXCHANGE POWERSHELL EXPLOIT - HTTP(REQUEST) | 2022/11/28 | DDI RULE 4796 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4796 | ||
DDI RULE 4797 | CVE-2022-34721 - Windows Internet Key Exchange - Buffer Overflow RCE ISKAMP EXPLOIT - UDP(REQUEST) | 2022/11/28 | DDI RULE 4797 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4797 | ||
DDI RULE 4786 | CVE-2022-41040 - MS Exchange Server Side Request Forgery Exploit- HTTP(REQUEST) | 2022/11/24 | DDI RULE 4786 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4786 | ||
DDI RULE 4784 | CVE-2021-22205 - GITLAB CE/EE REMOTE CODE EXECUTION EXPLOIT - HTTP(REQUEST) | 2022/11/22 | DDI RULE 4784 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4784 | ||
DDI RULE 4693 | CVE-2022-30190 MICROSOFT WINDOWS SUPPORT DIAGNOSTIC TOOL RCE Exploit - HTTP (Response) | 2022/11/22 | DDI RULE 4693 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4693 | ||
DDI RULE 4795 | CVE-2022-38129 - KEYSIGHT SMS DIRECTORY TRAVERSAL - HTTP(REQUEST) | 2022/11/16 | DDI RULE 4795 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4795 | ||
DDI RULE 4793 | CVE-2022-3602 - OPENSSL BUFFER OVERFLOW EXPLOIT - TCP(REQUEST) | 2022/11/14 | DDI RULE 4793 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4793 | ||
DDI RULE 4790 | CVE-2022-40684 - FORTINET AUTHBYPASS EXPLOIT - HTTP(REQUEST) | 2022/10/24 | DDI RULE 4790 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4790 | ||
DDI RULE 4791 | CVE-2022-40300 - ZOHO MANAGEENGINE SQL CODE INJECTION - HTTP(REQUEST) | 2022/10/24 | DDI RULE 4791 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4791 | ||
DDI RULE 4789 | CVE-2022-3236 - SOPHOS FIREWALL RCE - HTTP(REQUEST) | 2022/10/19 | DDI RULE 4789 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4789 | ||
DDI RULE 4788 | CVE-2022-26013 - DELTA ELECTRONICS DIAENERGIE RCE EXPLOIT - HTTP(REQUEST) | 2022/10/17 | DDI RULE 4788 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4788 | ||
DDI RULE 4787 | RPC POSSIBLE DCSYNC - DCE (REQUEST) - Variant 2 | 2022/10/11 | DDI RULE 4787 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4787 | ||
DDI RULE 4760 | CVE-2022-22536 - SAP INTERNET COMMUNICATION MANAGER HTTP REQUEST SMUGGLING - HTTP(REQUEST) | 2022/10/03 | DDI RULE 4760 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4760 | ||
DDI RULE 4785 | CVE-2022-40144 - Trend Micro Apex One Login Authentication Bypass Exploit - HTTP(REQUEST) | 2022/09/27 | DDI RULE 4785 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4785 | ||
DDI RULE 4751 | CVE-2022-23270 - MICROSOFT POINT-TO-POINT TUNNELING PROTOCOL RCE - TCP(REQUEST) | 2022/09/26 | DDI RULE 4751 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4751 | ||
DDI RULE 4762 | CVE-2022-30136 - MICROSOFT WINDOWS NFS BUFFER OVERFLOW EXPLOIT - TCP(REQUEST) | 2022/09/22 | DDI RULE 4762 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4762 | ||
DDI RULE 4752 | CVE-2022-26809 - MICROSOFT WINDOWS RUNTIME LIBRARY INTEGER OVERFLOW EXPLOIT - SMB(RESPONSE) | 2022/09/21 | DDI RULE 4752 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4752 | ||
DDI RULE 4766 | CVE-2022-1660 - KEYSIGHT SENSOR INSECURE DESERIALIZATION - HTTP(REQUEST) | 2022/09/21 | DDI RULE 4766 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4766 | ||
DDI RULE 4673 | CVE-2022-26871 - TREND MICRO APEX CENTRAL REMOTE CODE EXECUTION - HTTP(REQUEST) | 2022/09/21 | DDI RULE 4673 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4673 | ||
DDI RULE 4783 | CVE-2022-31474 - WordPress Plugin BackupBuddy Directory Traversal - HTTP(REQUEST) | 2022/09/20 | DDI RULE 4783 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4783 | ||
DDI RULE 4782 | CVE-2022-34715 - MICROSOFT WINDOWS NFS BUFFER OVERFLOW EXPLOIT - TCP(REQUEST) | 2022/09/19 | DDI RULE 4782 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4782 | ||
DDI RULE 4764 | CVE-2022-30525 - ZYXEL FIREWALL COMMAND INJECTION - HTTP(REQUEST) | 2022/09/15 | DDI RULE 4764 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4764 | ||
DDI RULE 4756 | CVE-2022-22980 - SPRING DATA MONGODB REMOTE CODE EXECUTION - HTTP(REQUEST) | 2022/09/15 | DDI RULE 4756 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4756 | ||
DDI RULE 4678 | CVE-2022-22965 - SPRING RCE EXPLOIT - HTTP(REQUEST) | 2022/09/14 | DDI RULE 4678 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4678 | ||
DDI RULE 4688 | COROXY - UDP(REQUEST) | 2022/09/14 | DDI RULE 4688 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4688 | ||
DDI RULE 4781 | CVE-2022-2135 - Advantech iView SQL Injection Exploit - HTTP(REQUEST) | 2022/09/14 | DDI RULE 4781 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4781 | ||
DDI RULE 4779 | CVE-2022-35405 - ZOHO MANAGE ENGINE RCE EXPLOIT - HTTP(REQUEST) | 2022/09/13 | DDI RULE 4779 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4779 | ||
DDI RULE 4780 | CVE-2022-2135 - HIKVISION WEB SERVER RCE EXPLOIT - HTTP(REQUEST) | 2022/09/07 | DDI RULE 4780 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4780 | ||
DDI RULE 1007 | WMI Execute Method Request detected | 2022/09/06 | DDI RULE 1007 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-1007 | ||
DDI RULE 4777 | ANYDESK - HTTPS(REQUEST) | 2022/08/31 | DDI RULE 4777 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4777 | ||
DDI RULE 4778 | ATERA - HTTP(REQUEST) | 2022/08/30 | DDI RULE 4778 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4778 | ||
DDI RULE 4775 | CVE-2022-31656 - VMWARE AUTHBYPASS EXPLOIT - HTTP(REQUEST) | 2022/08/23 | DDI RULE 4775 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4775 | ||
DDI RULE 4776 | CVE-2022-31659 - VMWARE AUTHBYPASS EXPLOIT - HTTP(REQUEST) | 2022/08/23 | DDI RULE 4776 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4776 | ||
DDI RULE 4774 | CVE-2022-27925 - ZIMBRA RCE EXPLOIT - HTTP(REQUEST) | 2022/08/22 | DDI RULE 4774 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4774 | ||
DDI RULE 4773 | CVE-2022-21972 - PTPP REMOTE CODE EXECUTION - TCP(EXPLOIT) | 2022/08/18 | DDI RULE 4773 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4773 | ||
DDI RULE 4768 | SUSPICIOUS WINREG - SMB2(REQUEST) | 2022/08/16 | DDI RULE 4768 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4768 | ||
DDI RULE 4772 | WEBDAV DIRECTORY TRAVERSAL EXPLOIT - HTTP(RESPONSE) | 2022/08/12 | DDI RULE 4772 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4772 | ||
DDI RULE 4759 | COMMAND INJECTION EXPLOIT SENSOR - HTTP (REQUEST) - Variant 2 | 2022/08/11 | DDI RULE 4759 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4759 | ||
DDI RULE 4771 | WVKEYLOGGER - HTTP(REQUEST) | 2022/08/02 | DDI RULE 4771 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4771 | ||
DDI RULE 4765 | CVE-2021-43983 - BUFFER OVERFLOW - HTTP(RESPONSE) | 2022/07/28 | DDI RULE 4765 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4765 | ||
DDI RULE 4767 | CVE-2021-46381 - DLINK DIRECTORY TRAVERSAL - HTTP(REQUEST) | 2022/07/28 | DDI RULE 4767 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4767 | ||
DDI RULE 4770 | CVE-2022-23277 - EXCHANGE RCE EXPLOIT - HTTP(REQUEST) | 2022/07/27 | DDI RULE 4770 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4770 | ||
DDI RULE 4769 | CVE-2021-31805 - APACHE STRUTS OGNL RCE EXPLOIT - HTTP(REQUEST) | 2022/07/26 | DDI RULE 4769 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4769 | ||
DDI RULE 4763 | CVE-2021-46422 - COMMAND INJECTION - HTTP(REQUEST) | 2022/07/20 | DDI RULE 4763 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4763 | ||
DDI RULE 4697 | FILE UPLOAD - HTTP(REQUEST) | 2022/07/18 | DDI RULE 4697 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4697 | ||
DDI RULE 4761 | CVE-2022-31626 - PHP BUFFER OVERFLOW - HTTP(REQUEST) | 2022/07/14 | DDI RULE 4761 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4761 | ||
DDI RULE 4758 | REMOTE CODE EXECUTION - HTTP (REQUEST) - Variant 5 | 2022/07/12 | DDI RULE 4758 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4758 | ||
DDI RULE 2573 | MINER - TCP (Request) | 2022/07/06 | DDI RULE 2573 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-2573 | ||
DDI RULE 2586 | NECURS - HTTP (Request) - Variant 4 | 2022/07/06 | DDI RULE 2586 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-2586 | ||
DDI RULE 4757 | CVE-2022-26937 - NFS BUFFER OVERFLOW EXPLOIT - TCP(RESPONSE) | 2022/07/05 | DDI RULE 4757 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4757 | ||
DDI RULE 4641 | CVE-2021-44228 - OGNL EXPLOIT - HTTP(REQUEST) | 2022/06/29 | DDI RULE 4641 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4641 | ||
DDI RULE 4753 | CVE-2022-26809 - RPC INTEGER OVERFLOW - DCE(RESPONSE) | 2022/06/20 | DDI RULE 4753 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4753 | ||
DDI RULE 4750 | CVE-2022-28213 - SAP XXE EXPLOIT - HTTP(REQUEST) | 2022/06/15 | DDI RULE 4750 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4750 | ||
DDI RULE 4698 | ENVELOPE SQL INJECTION - HTTP(REQUEST) | 2022/06/13 | DDI RULE 4698 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4698 | ||
DDI RULE 4699 | ENVELOPE SQL INJECTION - HTTP (REQUEST) - Variant 2 | 2022/06/13 | DDI RULE 4699 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4699 | ||
DDI RULE 4695 | SSRF EXPLOIT - HTTP(REQUEST) | 2022/06/09 | DDI RULE 4695 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4695 | ||
DDI RULE 4696 | BLIND SSRF EXPLOIT - HTTP(REQUEST) | 2022/06/09 | DDI RULE 4696 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4696 | ||
DDI RULE 4694 | OGNL REMOTE CODE EXECUTION EXPLOIT - HTTP(REQUEST) | 2022/06/07 | DDI RULE 4694 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4694 | ||
DDI RULE 4692 | CVE-2019-18935 - TELERIK UI RCE - HTTP(REQUEST) | 2022/06/01 | DDI RULE 4692 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4692 | ||
DDI RULE 4689 | POSSIBLE SQL INJECT RCE EXPLOIT - HTTP (SEN) - Variant 2 | 2022/05/27 | DDI RULE 4689 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4689 | ||
DDI RULE 4691 | CVE-2022-21907 - RCE EXPLOIT - HTTP (REQUEST) - Variant 2 | 2022/05/24 | DDI RULE 4691 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4691 | ||
DDI RULE 2341 | COBALTSTRIKE - HTTP (Request) | 2022/05/19 | DDI RULE 2341 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-2341 | ||
DDI RULE 4690 | CVE-2021-4039 - ZYXEL NWA COMMAND INJECTION - HTTP(REQUEST) | 2022/05/18 | DDI RULE 4690 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4690 | ||
DDI RULE 4687 | METASPLOIT COBALTSTRIKE STAGER - HTTP(RESPONSE) | 2022/05/12 | DDI RULE 4687 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4687 | ||
DDI RULE 1639 | UPATRE HTTP GET Request - Class 1 | 2022/05/12 | DDI RULE 1639 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-1639 | ||
DDI RULE 4685 | CVE-2021-22204 - REMOTE CODE EXECUTION - HTTP(EXPLOIT) | 2022/05/10 | DDI RULE 4685 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4685 | ||
DDI RULE 4609 | PAYLOADBIN - HTTP (REQUEST) - Variant 1 | 2022/05/05 | DDI RULE 4609 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4609 | ||
DDI RULE 4686 | RATSNIF - HTTP(REQUEST) | 2022/05/02 | DDI RULE 4686 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4686 | ||
DDI RULE 4653 | JAVA CLASS GET REQUEST SENSOR - HTTP(REQUEST) | 2022/04/28 | DDI RULE 4653 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4653 | ||
DDI RULE 4652 | CVE-2021-40539 - RESTAPI EXPLOIT - HTTP(REQUEST) | 2022/04/27 | DDI RULE 4652 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4652 | ||
DDI RULE 4683 | CVE-2022-24491 - NFS BUFFER OVERFLOW EXPLOIT - UDP(REQUEST) | 2022/04/26 | DDI RULE 4683 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4683 | ||
DDI RULE 4684 | CVE-2022-22954 - WORKSPACE ONE RCE - HTTP(REQUEST) | 2022/04/25 | DDI RULE 4684 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4684 | ||
DDI RULE 4599 | KASEYA AUTHBYPASS EXPLOIT - HTTP(REQUEST) | 2022/04/21 | DDI RULE 4599 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4599 | ||
DDI RULE 4570 | COBALTSTRIKE - DNS (Response) - Variant 2 | 2022/04/19 | DDI RULE 4570 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4570 | ||
DDI RULE 4462 | Metasploit (Payload) - RC4 Encrypted Reverse TCP - TCP (Request) | 2022/04/12 | DDI RULE 4462 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4462 | ||
DDI RULE 4662 | Metasploit(Payload) - Reverse DLL Inject - TCP (Response) - Variant 2 | 2022/04/11 | DDI RULE 4662 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4662 | ||
DDI RULE 4680 | POSSIBLE TUNNELING - DNS(RESPONSE) | 2022/04/07 | DDI RULE 4680 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4680 | ||
DDI RULE 4681 | CVE-2018-8174 - REMOTE CODE EXECUTION - HTTP(RESPONSE) | 2022/04/04 | DDI RULE 4681 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4681 | ||
DDI RULE 4679 | POSSIBLE JAVA CLASSLOADER RCE EXPLOIT - HTTP(REQUEST) | 2022/04/01 | DDI RULE 4679 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4679 | ||
DDI RULE 4676 | TELLYOUTHEPASS - HTTP(REQUEST) | 2022/03/29 | DDI RULE 4676 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4676 | ||
DDI RULE 4675 | CVE-2022-0435 - TIPC BUFFEROVERFLOW EXPLOIT - UDP(REQUEST) | 2022/03/24 | DDI RULE 4675 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4675 | ||
DDI RULE 4668 | CVE-2020-17144 - REMOTE CODE EXECUTION EXPLOIT - HTTP(REQUEST) | 2022/03/23 | DDI RULE 4668 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4668 | ||
DDI RULE 4674 | TOOL PDQDEPLOY - SMB2(REQUEST) | 2022/03/21 | DDI RULE 4674 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4674 | ||
DDI RULE 4672 | COBALT STRIKE DEFAULT NAMED PIPE - SMB2(REQUEST) | 2022/03/17 | DDI RULE 4672 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4672 | ||
DDI RULE 4671 | CVE-2022-24112 - APACHE APISIX RCE - HTTP(REQUEST) | 2022/03/14 | DDI RULE 4671 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4671 | ||
DDI RULE 4669 | PURPLE FOX ROOTKIT DOWNLOAD - HTTP(REQUEST) | 2022/03/07 | DDI RULE 4669 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4669 | ||
DDI RULE 4670 | CVE-2021-44077 - REMOTE CODE EXECUTION EXPLOIT - HTTP(REQUEST) | 2022/03/07 | DDI RULE 4670 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4670 | ||
DDI RULE 4667 | PURPLEFOX ROOTKIT - TCP(REQUEST) | 2022/03/02 | DDI RULE 4667 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4667 | ||
DDI RULE 4665 | PURPLEFOX ROOTKIT DOWNLOAD - HTTP(RESPONSE) | 2022/02/28 | DDI RULE 4665 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4665 | ||
DDI RULE 4666 | CVE-2022-24086 - INPUT VALIDATION EXPLOIT - HTTP(REQUEST) | 2022/02/28 | DDI RULE 4666 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4666 | ||
DDI RULE 4663 | CVE-2021-25296 - NAGIOSXI CMD INJECTION EXPLOIT - HTTP(REQUEST) | 2022/02/24 | DDI RULE 4663 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4663 | ||
DDI RULE 4664 | CVE-2021-40870 - DIRECTORY TRAVERSAL - HTTP(REQUEST) | 2022/02/24 | DDI RULE 4664 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4664 | ||
DDI RULE 4661 | Possible CVE-2020-11978 - APACHE AIRFLOW RCE EXPLOIT - HTTP(REQUEST) | 2022/02/21 | DDI RULE 4661 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4661 | ||
DDI RULE 4659 | CVE-2021-44142 - BUFFER OVERFLOW EXPLOIT - SMB2(REQUEST) | 2022/02/15 | DDI RULE 4659 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4659 | ||
DDI RULE 4660 | CVE-2020-14864 - DIRECTORY TRAVERSAL EXPLOIT - HTTP(REQUEST) | 2022/02/14 | DDI RULE 4660 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4660 | ||
DDI RULE 4656 | CONTENTTYPE MESSAGEBODY MISMATCH - HTTP(RESPONSE) | 2022/02/07 | DDI RULE 4656 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4656 | ||
DDI RULE 4658 | CVE-2022-21907 - HTTP STACK RCE EXPLOIT - HTTP(REQUEST) | 2022/01/26 | DDI RULE 4658 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4658 | ||
DDI RULE 4657 | CVE-2021-32648 - LARAVEL PASSWORD RESET EXPLOIT - HTTP(REQUEST) | 2022/01/20 | DDI RULE 4657 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4657 | ||
DDI RULE 4655 | MAGNIBER - HTTP(REQUEST) | 2022/01/19 | DDI RULE 4655 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4655 | ||
DDI RULE 4654 | CVE-2021-35211 - SOLARWINDS SERV-U REMOTE MEMORY ESCAPE EXPLOIT - SSH(REQUEST) | 2022/01/18 | DDI RULE 4654 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4654 | ||
DDI RULE 4651 | CVE-2021-44790 - APACHE BUFFER OVERFLOW EXPLOIT - HTTP(REQUEST) | 2022/01/13 | DDI RULE 4651 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4651 | ||
DDI RULE 4650 | NWORM - TCP(REQUEST) | 2022/01/05 | DDI RULE 4650 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4650 | ||
DDI RULE 4649 | CVE-2021-44832 - LOG4J EXPLOIT - HTTP(REQUEST) | 2021/12/30 | DDI RULE 4649 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4649 | ||
DDI RULE 4645 | CVE-2021-42287 - KDC VULNERABILITY - LDAP(REQUEST) | 2021/12/29 | DDI RULE 4645 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4645 | ||
DDI RULE 4647 | SUNCRYPT - HTTP(REQUEST) | 2021/12/27 | DDI RULE 4647 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4647 | ||
DDI RULE 4648 | CVE-2021-45105 - OGNL EXPLOIT - HTTP(REQUEST) | 2021/12/27 | DDI RULE 4648 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4648 | ||
DDI RULE 4646 | CONNECTWISE - DNS(RESPONSE) | 2021/12/22 | DDI RULE 4646 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4646 | ||
DDI RULE 4642 | POSSIBLE HTTP HEADER OGNL EXPRESSION EXPLOIT - HTTP(REQUEST) | 2021/12/21 | DDI RULE 4642 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4642 | ||
DDI RULE 4644 | POSSIBLE HTTP URI OGNL EXPRESSION EXPLOIT - HTTP (REQUEST) - Variant 3 | 2021/12/18 | DDI RULE 4644 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4644 | ||
DDI RULE 4643 | POSSIBLE HTTP BODY OGNL EXPRESSION EXPLOIT - HTTP (REQUEST) - Variant 2 | 2021/12/13 | DDI RULE 4643 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4643 | ||
DDI RULE 950 | TCP/UDP Connection - Taiwan critical APT incident threat intelligence | 2021/12/12 | DDI RULE 950 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-950 | ||
DDI RULE 951 | DNS response - IP - Taiwan critical APT incident threat intelligence | 2021/12/12 | DDI RULE 951 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-951 | ||
DDI RULE 952 | DNS request/response - Domain - Taiwan critical APT incident threat intelligence | 2021/12/12 | DDI RULE 952 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-952 | ||
DDI RULE 4639 | CVE-2019-5544 - VMWARE OPENSLP RCE EXPLOIT - UDP(REQUEST) | 2021/12/02 | DDI RULE 4639 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4639 | ||
DDI RULE 4640 | CVE-2021-42321 - EXCHANGE RCE EXPLOIT - HTTP(REQUEST) | 2021/11/26 | DDI RULE 4640 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4640 | ||
DDI RULE 4638 | BAZARLOADER - DNS(RESPONSE) | 2021/11/17 | DDI RULE 4638 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4638 | ||
DDI RULE 4637 | BAZARLOADER - HTTP(RESPONSE) | 2021/11/15 | DDI RULE 4637 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4637 | ||
DDI RULE 4636 | QAKBOT - SMTP(REQUEST) | 2021/11/10 | DDI RULE 4636 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4636 | ||
DDI RULE 4635 | QAKBOT - HTTP (RESPONSE) - Variant 2 | 2021/11/02 | DDI RULE 4635 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4635 | ||
DDI RULE 4634 | Encryption Channel - HTTP(Request) | 2021/10/27 | DDI RULE 4634 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4634 | ||
DDI RULE 4257 | ANTSWORD - HTTP (Request) - Variant 2 | 2021/10/18 | DDI RULE 4257 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4257 | ||
DDI RULE 2889 | ANTSWORD - HTTP (Request) | 2021/10/18 | DDI RULE 2889 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-2889 | ||
DDI RULE 40 | Unregistered service | 2021/10/18 | DDI RULE 40 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-40 | ||
DDI RULE 4633 | CVE-2021-41773 - APACHE TRAVERSAL RCE EXPLOIT - HTTP(REQUEST) | 2021/10/13 | DDI RULE 4633 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4633 | ||
DDI RULE 4632 | ZLOADER - DNS(RESPONSE) | 2021/10/12 | DDI RULE 4632 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4632 | ||
DDI RULE 4631 | DULLDOWN - HTTP(REQUEST) | 2021/10/11 | DDI RULE 4631 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4631 | ||
DDI RULE 1063 | APT - DARKCOMET - TCP | 2021/10/07 | DDI RULE 1063 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-1063 | ||
DDI RULE 4604 | PETITPOTAM EFS NTLM RELAY ATTACK - SMB2(RESPONSE) | 2021/10/06 | DDI RULE 4604 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4604 | ||
DDI RULE 4485 | CVE-2020-14882 - Oracle WebLogic Remote Code Execution Exploit - HTTP (Request) | 2021/10/04 | DDI RULE 4485 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4485 | ||
DDI RULE 4630 | CVE-2021-22005 VCENTER DIRECTORY TRAVERSAL EXPLOIT - HTTP (REQUEST) | 2021/09/29 | DDI RULE 4630 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4630 | ||
DDI RULE 4629 | TRANSFER BASE64ENCODE PE FILE - HTTP(RESPONSE) | 2021/09/27 | DDI RULE 4629 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4629 | ||
DDI RULE 4528 | Possible Wget Commandline Injection | 2021/09/21 | DDI RULE 4528 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4528 | ||
DDI RULE 4627 | BLACKMATTER - HTTP(REQUEST) | 2021/09/20 | DDI RULE 4627 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4627 | ||
DDI RULE 4628 | POWEMUDDY - HTTP(REQUEST) | 2021/09/16 | DDI RULE 4628 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4628 | ||
DDI RULE 4625 | Possible HTTP SMUGGLING - HTTP(REQUEST) | 2021/09/16 | DDI RULE 4625 | /vinfo/nz/threat-encyclopedia/network/ddi-rule-4625 |