Search

Description Name: MS17-010 - Remote Code Execution - SMB (Request) . This is Trend Micro detection for SMB network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting this type of netw...

Description Name: CVE-2016-6662 - MySQL Remote Code Execution Exploit - Variant 2 . This is Trend Micro detection for MYSQL network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting ...

Description Name: CVE-2017-16943 EXIM Remote Code Execution exploit - SMTP (Request) . This is Trend Micro detection for SMTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibitin...

Description Name: HNAP1 Remote Code Execution Exploit - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting this type of...

Description Name: CVE-2017-3248 - UnicastRef Insecure Deserialization . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting this type of ...

This backdoor deletes the initially executed copy of itself This report is generated via an automated analysis system. Backdoor:Win32/Simda (Microsoft); Generic BackDoor!d2h (McAfee); Backdoor.Trojan

report is generated via an automated analysis system. TrojanDropper:Win32/VB.DR (Microsoft); Generic Dropper.dc.gen.a (McAfee); Trojan.Win32.VB.bjb, Trojan.Win32.VB.bjb (Kaspersky); Trojan.Agent.VB.AN

" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion VendorId = "{random values}" This report is generated via an automated analysis system. PWS:Win32/Kegotip.C (Microsoft); Generic BackDoor.u (McAfee);

via an automated analysis system. PWS:Win32/Fareit.gen!A (Microsoft); Generic BackDoor.u (McAfee); Trojan.Zbot (Symantec); Trojan-PSW.Win32.Tepfer.nlgz (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt);

rules. 1000552| 1000552 - Generic Cross Site Scripting(XSS) Prevention

Description Name: Possible CVE-2016-6662 - MySQL Remote Code Execution Exploit - Variant 2 . This is Trend Micro detection for MYSQL network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host ex...

Description Name: EQUATED - SMB (Response) . This is Trend Micro detection for SMB network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting this type of network behavior is likely c...

Description Name: CVE-2019-12922 - PHPMYADMIN CSRF - HTTP (Request) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry.The host exhibiting this type of network behavior is li...

Description Name: Possible SSL CVE-2014-0224 CCS Injection - Class 1 . This is Trend Micro detection for TCP, SSL and HTTPS network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting ...

Description Name: Possible CVE-2019-1224 Server Information Disclosure Exploit - RDP (Response) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The hos...

Description Name: BIGIP TMSH Path Exploit - HTTP (Response) . This is Trend Micro detection for HTTP network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host exhibiting this type of network be...

worm listens on the following port(s): TCP 18631 It connects to any of the following IRC server(s): {BLOCKED}.{BLOCKED}.174.3 It joins any of the following Internet Relay Chat (IRC) channels: #l4mer#

following ports: 7081 It connects to any of the following IRC server(s): d.{BLOCKED}book.com It may also connect to Internet Relay Chat (IRC) servers and receive commands from a remote user. Denial of Service

Internet Relay Chat (IRC) server where it receives the following commands from a remote malicious user: Download and execute arbitrary files Join other IRC channel Uninstall itself As of this writing, the

analysis system. Trojan:Win32/Alureon.EC (Microsoft); Generic Malware.mn (McAfee); Hacktool.Rootkit (Symantec); Rootkit.Win32.TDSS.ajgo (Kaspersky); FraudTool.Win32.FakeRean.i (v) (Sunbelt);