Search
Keyword: bec_suspicious.ers
Description Name: CPL File Transfer detected . This is Trend Micro detection for packets passing through any network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Suspiciou...
Server 1007379* - TLS1.2 Signature Hash Algorithm Downgrade Attack Used In SLOTH - Server Suspicious Server Application Activity 1008492* - Identified SambaShell C&C Traffic 1005910* - Identified ntpd
Desktop Protocol Vulnerability (CVE-2012-2526) Suspicious Client Application Activity 1005067* - Identified Potentially Harmful Client Traffic 1005283* - Identified Potentially Malicious RAT Traffic - I
(CVE-2019-11944) Remote Login Applications 1004364* - TeamViewer (ATT&CK T1219) Suspicious Client Application Activity 1005299* - Identified Potentially Malicious RAT Traffic - III (ATT&CK T1094) 1005300* -
Vulnerability (CVE-2019-11969) SSL/TLS Server 1010312 - Identified Suspicious TLS Request 1010316 - Identified Suspicious TLS Request - 1 1010258* - Microsoft Windows Transport Layer Security Denial of Service
Description Name: RPC POSSIBLE DCSYNC - DCE (REQUEST) - Variant 2 . This is Trend Micro detection for packets passing through DCE network protocols that manifests Grayware activities which can be a potential intrusion. Below are some indicators of un...
Description Name: Possible Traffic Signaling - TCP (Request) . This is Trend Micro detection for packets passing through TCP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual be...
Description Name: Traffic with Base64 Encode - TCP (Request) . This is Trend Micro detection for packets passing through TCP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual be...
Description Name: Authentication Required - HTTP (Response) . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Login Attempt activities which can be a potential intrusion. Below are some indicators of un...
Description Name: COBEACON - DNS (Response) - Variant 3 . This is Trend Micro detection for packets passing through DNS network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual beha...
Description Name: COBEACON - DNS (Response) - Variant 2 . This is Trend Micro detection for packets passing through DNS network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual beha...
Description Name: Accessed non-existing administrative share - SMB . This is Trend Micro detection for packets passing through SMB network protocols that manifests Login Attempt activities which can be a potential intrusion. Below are some indicators...
Description Name: COBEACON DEFAULT NAMED PIPE - SMB2 (Request) . This is Trend Micro detection for packets passing through SMB2 network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual...
Description Name: POSSIBLE TUNNELING - DNS(RESPONSE) . This is Trend Micro detection for packets passing through DNS network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behavio...
Description Name: PsExec - SMB2 (Request) . This is Trend Micro detection for packets passing through SMB2 network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Suspicious ...
Description Name: SUSPICIOUS WINREG - SMB2(REQUEST) .
Description Name: ATERA - HTTP(REQUEST) .
Description Name: WINEXE DETECTED - SMB2(REQUEST) . This is Trend Micro detection for packets passing through SMB2 network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Sus...
Description Name: CHISEL TUNNELING - HTTP(RESPONSE) . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behavio...
Description Name: Possible Brute force - SSH . This is Trend Micro detection for packets passing through SSH network protocols that manifests Login Attempt activities which can be a potential intrusion. Below are some indicators of unusual behavior:S...