Search
Keyword: bec_suspicious.ers
Description Name: Suspicious file rename - SMB2 (Request) .
Description Name: Suspicious PowerQuery - HTTP (Response) .
(ATT&CK: T1013) 1009618 - PowerShell & CommandLine (ATT&CK: T1086 & T1059) 1006805* - TMTR-0009: Suspicious Files Detected In System Folder 1006804* - TMTR-0010: Suspicious Files Detected In
Description Name: Copy BAT Files - SMB2 (Request) . This is Trend Micro detection for packets passing through SMB2 network protocols that manifests Suspicious File Download activities which can be a potential intrusion. Below are some indicators of u...
Description Name: Powershell Remote Command Execution Via WinRM - HTTP (Request) .
Description Name: Covert Iodine tunnel - DNS (Request) .
Description Name: Host DNS IAXFR/IXFR request from a non-trusted source . This is Trend Micro detection for packets passing through any network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of...
Description Name: REGEORG - HTTP (Request) .
Description Name: Data Exfiltration - DNS (Response) - Variant 2 .
Description Name: Executable file download - HTTP (Response) .
Description Name: Suspicious file in SMB network share identified by file reputation database . This is Trend Micro detection for packets passing through SMB2 and SMB network protocols that manifests unusual behavior which can be a potential intrusio...
Description Name: Suspicious file rename - SMB (Request) .
Description Name: Suspicious Access to a bit Domain - DNS (Response) .
Description Name: Suspicious User-Agent string in header - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicat...
Description Name: Possible Pseudorandom Subdomain Attack - DNS (Response) .
Description Name: CobaltStrike - HTTPS (Request) .
Description Name: Suspicious network activity matching object in Suspicious Objects list - Variant 1 . This is Trend Micro detection for packets passing through any network protocols that manifests unusual behavior which can be a potential intrusion....
Description Name: Possible Self-Signed SSL certificate detected .
Description Name: Suspicious file in E-mail identified by file reputation database . This is Trend Micro detection for packets passing through SMTP, POP3 and IMAP4 network protocols that manifests unusual behavior which can be a potential intrusion. ...
Description Name: Possible DGA - DNS (Response) .