Search

(ATT&CK T1039) Database MySQL 1005045* - MySQL Database Server Possible Login Brute Force Attempt (ATT&CK T1110) File Sharing Applications 1007608* - Amazon Cloud Drive (ATT&CK T1102) 1007605* - BOX

* indicates a new version of an existing rule Deep Packet Inspection Rules: Database MySQL 1005045* - MySQL Database Server Possible Login Brute Force Attempt Web Application PHP Based 1006432* -

* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services 1010164 - Identified Possible Ransomware File Extension Create Activity Over Network Share 1010192* -

Description Name: Possible Traffic Signaling - TCP (Request) . This is Trend Micro detection for packets passing through TCP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual be...

amount of time a message is queued before it is returned depends on local configura- tion parameters. Most likely there is a network problem that prevented delivery, but it is also possible that the

Description Name: Possible CVE-2019-6340 Drupal8 RESTful Web Services Remote Code Execution - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Mov...

rather than system response/stability --no-huge-pages disable huge pages support --huge-pages-jitenable huge pages support for RandomX JIT code --asm=ASM ASM optimizations, possible values: auto, none,

Description Name: Possible CVE-2020-11978 - APACHE AIRFLOW RCE EXPLOIT - HTTP(REQUEST) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibit...

retrieves C2 domains from this URL which it will try to connect to, to download other possible payloads As of this writing, the said sites are inaccessible. Other Details This Trojan requires the following

Description Name: Possible Brute force - SSH . This is Trend Micro detection for packets passing through SSH network protocols that manifests Login Attempt activities which can be a potential intrusion. Below are some indicators of unusual behavior:S...

Possible_SMPARROTTDSAYXCHEZ is a heuristic detection for a file that has appended obfuscated malicious javascript code. NOTES: Mal_Nemucod-5 is a heuristic detection for NEMUCOD malware.

possible values: auto, none, intel, ryzen, bulldozer --randomx-init=N -thread count to initialize RandomX dataset --randomx-no-numa -disable NUMA support for RandomX --randomx-mode=MODE -RandomX mode: auto,

Description Name: Fonelab - Certificate - HTTPS . This is Trend Micro detection for packets passing through HTTPS network protocol that manifests hacking tool actions that can generally crack or break systems and network security measures. Hacking to...

Description Name: ADRECON QUERY - LDAP(Request) . This is Trend Micro detection for packets passing through LDAP network protocol that manifests hacking tool actions that can generally crack or break systems and network security measures. Hacking too...

Description Name: Advanced IP Scanner - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocol that manifests hacking tool actions that can generally crack or break systems and network security measures. Hack...

Description Name: Advanced Port Scanner - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocol that manifests hacking tool actions that can generally crack or break systems and network security measures. Ha...

Description Name: Possible Domain Controller List Discovery - DCERPC (Request) . This is Trend Micro detection for packets passing through DCERPC network protocols that manifests unusual behavior which can be a potential intrusion. Below are some ind...

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not

CVE-2008-4609,MS09-048 The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are