Search
Keyword: bec_suspicious.ers
Description Name: Possible Host Discovery - ICMP (Response) .
Description Name: Possible IE Exploit - HTTP (Response) - Variant 2 .
Description Name: OMRON FINS TCP Read Controller Attempt NSE - TCP (Request) .
Description Name: TUNNA Webshell - HTTP (Request) - Variant 2 .
Description Name: Possible IE Exploit - HTTP (Response) - Variant 3 .
Description Name: Unauthorized Write Request - DNP3 (Request) .
Description Name: DEMO RULE - KERBEROS (Request) . This is Trend Micro detection for packets passing through KERBEROS network protocols that manifests Login Attempt activities which can be a potential intrusion. Below are some indicators of unusual b...
Description Name: FAKEAV - HTTP (Response) - Variant 2 . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual beha...
Description Name: SAGECRYPT - HTTP (Request) . Related Malware: Mal_SageCrypt
Description Name: PHPSPY WebShell - HTTP (Request) .
Description Name: Possible XML External Entity Attack - HTTP (Response) .
Description Name: JNAP Information Disclosure Attempt - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Data Exfiltration.The host exhibiting this type of network behavior...
Description Name: Executable file dropped in administrative share - SMB . This is Trend Micro detection for packets passing through SMB2 and SMB network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indi...
Description Name: Possible CVE-2019-1040 MS NTLM Tampering Exploit - SMB (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting ...
Description Name: SALITY - HTTP (Request) - Variant 6 . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behav...
Description Name: QAKBOT - HTTP (Request) - Variant 2 . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behav...
Description Name: File name with multiple consecutive spaces and executable extension . This is Trend Micro detection for packets passing through various network protocols that manifests unusual behavior which can be a potential intrusion. Below are ...
Description Name: Possible buffer overflow . This is Trend Micro detection for packets passing through SMB network protocols that manifests Exploit activities which can be a potential intrusion. Below are some indicators of unusual behavior:Suspiciou...
Description Name: Data-stealing malware . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behavior:Suspicious...
Description Name: WMIEXECUTE - DCERPC (Request) .