Search

Description Name: Multiple Unsolicited Response - DNP3 (Response) Beta .

Description Name: Possible RIG Exploit Kit - HTTP (Request) .

Description Name: Suspicious LNK file . This is the Trend Micro detection for malicious N/A network packet

Description Name: POSSIBLE MALICIOUS CHROME EXTENSION - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Point of Entry. This also indicates a malware infection. Below are some indi...

Description Name: TREVOR - HTTP (Response) .

Description Name: TREVOR - HTTP (Response) - Variant 2 .

Description Name: APT - KSDOOR - HTTP (REQUEST) .

Description Name: KSDOOR - HTTP (REQUEST) - Variant 2 .

Description Name: ICMP SWEEP - ICMP (Request) .

Description Name: Possible NOP sled . This is Trend Micro detection for packets passing through SMB network protocols that manifests Exploit activities which can be a potential intrusion. Below are some indicators of unusual behavior:Suspicious activ...

Description Name: Incorrect Content-Type value in header - HTTP (Response) - Variant 1 . This is Trend Micro detection for packets passing through HTTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are so...

* indicates a new version of an existing rule Deep Packet Inspection Rules: Port Mapper FTP Client 1009558 - Remote File Copy Over FTP Suspicious Client Ransomware Activity 1007581* - Ransomware

Microsoft 1009623 - Microsoft Windows Message Queuing Buffer Overflow Vulnerability (CVE-2005-0059) Suspicious Client Application Activity 1008946* - Heuristic Detection Of Suspicious Digital Certificate Web

Services - Client 1004566* - Identified Suspicious Microsoft DLL File Over Network Share 1004304* - Identified Suspicious Microsoft Windows Shortcut File Over Network Share 1004563* - Microsoft Windows

Too Many SSL Alert Messages In SSLv3 Over RDP (ATT&CK T1032) SSL Client 1006561* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Response (ATT&CK T1032) Suspicious Client Application Activity

* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services 1008679* - Identified BADRABBIT Ransomware Propagation Over SMB 1008327* - Identified Server Suspicious SMB

Execution Vulnerability Over RMI Remote Desktop Protocol Server 1009448 - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt Suspicious Client Application Activity 1009432 - Tildeb

Vulnerability (CVE-2011-0979) 1010209 - Microsoft Office Excel Remote Code Execution Vulnerability (CVE-2011-0980) Web Application Common 1010196 - Identified Suspicious .NET Serialized Object 1010183* -

(CVE-2019-17558) Suspicious Client Ransomware Activity 1007581* - Ransomware Lectool Web Application Common 1010196* - Identified Suspicious .NET Serialized Object 1010210 - Sonatype Nexus Repository Manager

Advanced Outbound Telephony Calendar Cross Site Scripting Vulnerability (CVE-2020-2852) Suspicious Client Application Activity 1010327 - Identified Potential Malicious Client Traffic Suspicious Server