Search
Keyword: bec_suspicious.ers
Description Name: Remote Read Registry through SMB protocol detected .
Description Name: File renamed - LOCKY - Ransomware - SMB (Request) . This is the Trend Micro detection for malicious SMB2,SMB network packet that manifest any of the following actions:MalwareThis attack is used for Lateral Movement
Description Name: IEC104 STARTDT CON - SCADA (Response) .
Description Name: Abnormal x509v3 Subject Key Identifier extension - HTTPS (Response) .
Description Name: Web Security Testing Tool - HTTP (Request) - Variant 2 .
Description Name: Possible PUT Header Scanner - HTTP (Response) .
Description Name: Possible CVE-2019-0227 Apache Axis Expired Domain to RCE - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host ex...
Description Name: VIRTUMONDE - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Login Attempt actions which can be a potential intrusion. Below are some indicators of unusual behavior:Su...
Description Name: SALITY - SMB . This is Trend Micro detection for packets passing through SMB network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behavior:Suspicious activity ...
Description Name: BUZUS - IRC (Nickname) - Variant 2 . This is Trend Micro detection for packets passing through IRC network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behavio...
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Backdoor arrives on a system as a
Description Name: Remote Service execution through SMB2 SVCCTL detected .
Description Name: SPYEYE - HTTP (Request) - Variant 3 . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behav...
Description Name: SYKIPOT - Server certificate - SSL . This is Trend Micro detection for packets passing through PROTOCOL_20 network protocols that manifests Targeted Attack activities which can be a potential intrusion. Below are some indicators of ...
Description Name: File detected by web sandbox - HTTP . This is Trend Micro detection for packets passing through HTTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior...
Description Name: Archive file containing file with script extension . This is Trend Micro detection for packets passing through any network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of un...
Description Name: DNS response resolves to dead IP address . This is the Trend Micro detection for malicious N/A network packet
Description Name: AGENT - HTTP (Request) - Variant 19 . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behav...
Description Name: Remote Delete Job through SMB Detected .
Description Name: DEMO RULE - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of unusual behavior:Suspi...