Cisco Talos Update for FireSIGHT Management Center

Date: 2019-03-28

This SRU number: 2019-03-27-001
Previous SRU number: 2019-03-25-001

Applies to:

This SEU number: 1993
Previous SEU: 1992

Applies to:

This is the complete list of rules modified in SRU 2019-03-27-001 and SEU 1993.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

Updated Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
110123PROTOCOL-VOIPPA168 chipset based IP phone default password attemptoffoffoffoff
110457MALWARE-BACKDOOR[x]-ztoo 1.0 runtime detection - start keyloggeroffoffoffoff
110464PROTOCOL-TELNETkerberos login environment variable authentication bypass attemptoffoffoffoff
11090SERVER-WEBAPPAllaire Pro Web Shell attemptoffoffoffoff
111250BROWSER-PLUGINSSony Rootkit Uninstaller ActiveX clsid accessoffoffoffoff
112046PROTOCOL-RPCMIT Kerberos kadmind RPC Library unix authentication buffer overflow attemptoffoffoffdrop
112075PROTOCOL-RPCMIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attemptoffoffoffdrop
112159MALWARE-BACKDOORoptix pro v1.32 runtime detection - keyloggingoffoffoffoff
112243MALWARE-BACKDOORhotmail hacker log edition 5.0 runtime detection - init connectionoffoffoffoff
112424PROTOCOL-RPCMIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attemptoffoffoffdrop
112770BROWSER-PLUGINSMicrosoft Windows obfuscated RDS.Dataspace ActiveX exploit attemptoffoffoffdrop
112771BROWSER-PLUGINSobfuscated BaoFeng Storm MPS.dll ActiveX exploit attemptoffoffoffoff
112772BROWSER-PLUGINSobfuscated PPStream PowerPlayer ActiveX exploit attemptoffoffoffoff
112773BROWSER-PLUGINSobfuscated Xunlei Thunder PPLAYER.DLL ActiveX exploit attemptoffoffoffoff
112774BROWSER-PLUGINSobfuscated GlobalLink ConnectAndEnterRoom ActiveX exploit attemptoffoffoffoff
112775BROWSER-PLUGINSRealNetworks RealPlayer obfuscated Ierpplug.dll ActiveX exploit attemptoffoffoffdrop
113223PROTOCOL-RPCMIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attemptoffoffoffdrop
113507MALWARE-CNCevilotus 1.3.2 variant outbound connectionoffoffoffoff
113551SERVER-ORACLEOracle XDB.XDB_PITRIG_PKG sql injection attemptoffoffoffdrop
113625MALWARE-CNCMBR rootkit HTTP POST activity detectedoffoffoffoff
113791INDICATOR-OBFUSCATIONoversized cast statement - possible sql injection obfuscationoffoffoffoff
113987INDICATOR-OBFUSCATIONoversized convert statement - possible sql injection obfuscationoffoffoffoff
113988INDICATOR-OBFUSCATIONlarge number of calls to ascii function - possible sql injection obfuscationoffoffoffoff
113989INDICATOR-OBFUSCATIONlarge number of calls to char function - possible sql injection obfuscationoffoffoffoff
114008INDICATOR-OBFUSCATIONlarge number of calls to concat function - possible sql injection obfuscationoffoffoffoff
114039FILE-OTHERGNOME Project libxslt RC4 key string buffer overflow attemptoffoffoffdrop
114040SERVER-OTHERGNOME Project libxslt RC4 key string buffer overflow attemptoffoffoffdrop
114041SERVER-OTHERGNOME Project libxslt RC4 key string buffer overflow attempt - 2offoffoffdrop
11434SERVER-WEBAPP.bash_history accessoffoffoffoff
115169POLICY-SOCIALXBOX Live Kerberos authentication requestoffoffoffoff
115424SERVER-WEBAPPphpBB mod shoutbox sql injection attemptoffoffoffoff
115425SERVER-WEBAPPphpBB mod tag board sql injection attemptoffoffoffoff
115431BROWSER-FIREFOXMozilla Firefox 3 xsl parsing heap overflow attemptoffoffoffdrop
115514SERVER-OTHERMultiple Vendors NTP Daemon Autokey stack buffer overflow attemptoffoffoffdrop
115584SQLchar and sysobjects - possible sql injection recon attemptoffoffdropdrop
115701OS-WINDOWSMicrosoft Windows 2000 domain authentication bypass attemptoffoffoffoff
115850OS-WINDOWSRemote Desktop orderType remote code execution attemptoffoffoffdrop
115861BROWSER-PLUGINSMicrosoft Windows Remote Desktop Client ActiveX clsid accessoffoffoffdrop
115863BROWSER-PLUGINSMicrosoft Windows Remote Desktop Client ActiveX function call accessoffoffoffdrop
116207SERVER-WEBAPPMIT Kerberos V% KAdminD klog_vsyslog server overflow attemptoffoffoffdrop
116268MALWARE-CNCWin.Trojan.tdss.1.gen install-time detection - yournewsblog.netoffdropdropoff
116269MALWARE-CNCWin.Trojan.tdss.1.gen install-time detection - findzproportal1.comoffdropdropoff
116339BROWSER-IEMicrosoft Internet Explorer object clone deletion memory corruption attempt - obfuscatedoffoffoffdrop
116524PROTOCOL-FTPProFTPD username sql injection attemptoffoffoffdrop
116573BROWSER-PLUGINSobfuscated ActiveX object instantiation via unescapeoffoffoffoff
116574BROWSER-PLUGINSobfuscated ActiveX object instantiation via fromCharCodeoffoffoffdrop
116743FILE-OTHERCain & Abel Remote Desktop Protocol file handling buffer overflow attemptoffoffoffoff
117044SQLWinCC DB default password security bypass attemptoffdropdropoff
117111INDICATOR-OBFUSCATIONknown JavaScript obfuscation routineoffoffoffdrop
117153BROWSER-FIREFOXMozilla Firefox plugin parameter array dangling pointer exploit attempt - 1offoffoffdrop
117154BROWSER-FIREFOXMozilla Firefox plugin parameter array dangling pointer exploit attempt - 2offoffoffdrop
117243SERVER-OTHERMIT Kerberos V5 krb5_recvauth double free attemptoffoffoffdrop
117265BROWSER-FIREFOXMozilla Firefox plugin access control bypass attemptoffoffoffdrop
117273SERVER-OTHERMIT Kerberos V5 KDC krb5_unparse_name overflow attemptoffoffoffdrop
117274SERVER-OTHERMIT Kerberos V5 KDC krb5_unparse_name overflow attemptoffoffoffdrop
117291INDICATOR-OBFUSCATIONbase64-encoded uri data object foundoffoffoffdrop
117386SERVER-WEBAPPLighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attemptoffoffoffdrop
117444BROWSER-FIREFOXMozilla Firefox 3 xsl parsing heap overflow attemptoffoffoffdrop
117571BROWSER-PLUGINSobfuscated instantiation of ActiveX object - likely maliciousoffoffoffdrop
118070FILE-OFFICEMicrosoft Office pptimpconv.dll dll-load exploit attemptoffoffoffoff
118071FILE-OFFICEMicrosoft Office pptimpconv.dll dll-load exploit attemptoffoffoffoff
118132INDICATOR-OBFUSCATIONmalware-associated JavaScript obfuscation functionoffoffoffoff
11817SERVER-IISMS Site Server default login attemptoffoffoffoff
118204OS-WINDOWSMicrosoft Windows Address Book wab32res.dll dll-load exploit attemptoffoffoffdrop
118205OS-WINDOWSMicrosoft Windows Address Book msoeres32.dll dll-load exploit attemptoffoffoffdrop
118208OS-WINDOWSMicrosoft Windows wininet peerdist.dll dll-load exploit attemptoffoffoffoff
118209OS-WINDOWSMicrosoft Windows wininet peerdist.dll dll-load exploit attemptoffoffoffoff
118210OS-WINDOWSMicrosoft Movie Maker hhctrl.ocx dll-load attemptoffoffoffoff
118211OS-WINDOWSMicrosoft Movie Maker hhctrl.ocx dll-load attemptoffoffoffoff
118222OS-WINDOWSMicrosoft Windows Media Encoder wmerrorenu.dll dll-load exploit attemptoffoffoffoff
118223OS-WINDOWSMicrosoft Windows Media Encoder winietenu.dll dll-load exploit attemptoffoffoffoff
118224OS-WINDOWSMicrosoft Windows Media Encoder asferrorenu.dll dll-load exploit attemptoffoffoffoff
118225OS-WINDOWSMicrosoft Windows Media Encoder wmerrorenu.dll dll-load exploit attemptoffoffoffoff
118226OS-WINDOWSMicrosoft Windows Media Encoder winietenu.dll dll-load exploit attemptoffoffoffoff
118227OS-WINDOWSMicrosoft Windows Media Encoder asferrorenu.dll dll-load exploit attemptoffoffoffoff
118239INDICATOR-OBFUSCATIONknown malicious JavaScript decryption routineoffoffoffdrop
118241BROWSER-PLUGINSMicrosoft Windows WMI administrator tools object viewer ActiveX clsid accessoffoffoffdrop
118242BROWSER-PLUGINSMicrosoft Windows WMI Administrator Tools Object Viewer ActiveX function call accessoffoffoffdrop
118245BROWSER-PLUGINSOracle Java browser plugin docbase overflow attemptoffoffoffdrop
118277OS-WINDOWSMicrosoft Windows Vista Backup Tool fveapi.dll dll-load exploit attemptoffoffoffdrop
118329BROWSER-PLUGINSMicrosoft Windows WMI Administrator Tools Object Viewer ActiveX function call accessoffoffoffdrop
118408OS-WINDOWSMicrosoft Windows WMI tracing api integer truncation attemptoffoffoffoff
118413OS-WINDOWSMicrosoft Windows WMI tracing api integer truncation attemptoffoffoffoff
118414OS-WINDOWSMicrosoft Windows Kerberos auth downgrade to DES MITM attemptoffoffoffoff
118426FILE-OTHERAdobe Acrobat Reader plugin sqlite.dll dll-load exploit attemptoffoffoffoff
118431FILE-PDFAdobe Acrobat Reader plugin sqlite.dll dll-load exploit attemptoffoffoffoff
118432FILE-PDFAdobe Acrobat Reader d3dref9.dll dll-load exploit attemptoffoffoffoff
118433FILE-OTHERAdobe Acrobat Reader d3dref9.dll dll-load exploit attemptoffoffoffoff
118434FILE-OTHERAdobe Acrobat Reader plugin ace.dll dll-load exploit attemptoffoffoffoff
118435FILE-OTHERAdobe Acrobat Reader plugin agm.dll dll-load exploit attemptoffoffoffoff
118436FILE-OTHERAdobe Acrobat Reader plugin bibutils.dll dll-load exploit attemptoffoffoffoff
118437FILE-OTHERAdobe Acrobat Reader plugin cooltype.dll dll-load exploit attemptoffoffoffoff
118438FILE-OTHERAdobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attemptoffoffoffoff
118439FILE-PDFAdobe Acrobat Reader plugin ace.dll dll-load exploit attemptoffoffoffoff
118440FILE-PDFAdobe Acrobat Reader plugin agm.dll dll-load exploit attemptoffoffoffoff
118441FILE-PDFAdobe Acrobat Reader plugin bibutils.dll dll-load exploit attemptoffoffoffoff
118442FILE-PDFAdobe Acrobat Reader plugin cooltype.dll dll-load exploit attemptoffoffoffoff
118443FILE-PDFAdobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attemptoffoffoffoff
118445FILE-FLASHAdobe Acrobat Flash Player nvapi.dll dll-load exploit attemptoffoffoffoff
118446FILE-FLASHAdobe Acrobat Flash Player nvapi.dll dll-load exploit attemptoffoffoffoff
118488FILE-OTHERAdobe Photoshop wintab32.dll dll-load exploit attemptoffoffoffoff
118493INDICATOR-OBFUSCATIONgeneric PHP code obfuscation attemptoffoffoffoff
118494OS-WINDOWSMicrosoft product .dll dll-load exploit attemptoffoffoffdrop
118495OS-WINDOWSMicrosoft product .dll dll-load exploit attemptoffoffoffdrop
118496OS-WINDOWSMicrosoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attemptoffoffoffdrop
118499OS-WINDOWSMicrosoft Groove mso.dll dll-load exploit attemptoffoffoffdrop
118500OS-WINDOWSMicrosoft Groove mso.dll dll-load exploit attemptoffoffoffdrop
118529FILE-OTHERAdobe Premiere Pro ibfs32.dll dll-load exploit attemptoffoffoffoff
118530FILE-OTHERAdobe Premier Pro ibfs32.dll dll-load exploit attemptoffoffoffoff
118531SERVER-OTHERMultiple Vendors iacenc.dll dll-load exploit attemptoffoffoffdrop
118556SERVER-WEBAPPSymantec IM manager IMAdminReportTrendFormRun.asp sql injection attemptoffoffoffdrop
118619OS-WINDOWSMicrosoft Visual Studio MFC applications mfc40.dll dll-load exploit attemptoffoffoffoff
118620OS-WINDOWSMicrosoft Visual Studio MFC applications mfc42.dll dll-load exploit attemptoffoffoffoff
118621OS-WINDOWSMicrosoft Visual Studio MFC applications mfc80.dll dll-load exploit attemptoffoffoffoff
118622OS-WINDOWSMicrosoft Visual Studio MFC applications mfc90.dll dll-load exploit attemptoffoffoffoff
118623OS-WINDOWSMicrosoft Visual Studio MFC applications mfc100.dll dll-load exploit attemptoffoffoffoff
118625OS-WINDOWSMicrosoft Foundation Class applications mfc40.dll dll-load exploit attemptoffoffoffoff
118626OS-WINDOWSMicrosoft Foundation Class applications mfc42.dll dll-load exploit attemptoffoffoffoff
118627OS-WINDOWSMicrosoft Foundation Class applications mfc80.dll dll-load exploit attemptoffoffoffoff
118628OS-WINDOWSMicrosoft Foundation Class applications mfc90.dll dll-load exploit attemptoffoffoffoff
118629OS-WINDOWSMicrosoft Foundation Class applications mfc100.dll dll-load exploit attemptoffoffoffoff
118717MALWARE-CNCWin.Trojan.Banker.QO variant outbound connectionoffoffoffoff
118782MALWARE-CNCURI Request for known malicious URI - Chinese Rootkit.Win32.Fisp.aoffoffoffoff
118818FILE-IDENTIFY.chm attachment file type blocked by Outlook detectedoffoffoffoff
118822FILE-IDENTIFY.cpl attachment file type blocked by Outlook detectedoffoffoffoff
118831FILE-IDENTIFY.hta attachment file type blocked by Outlook detectedoffoffoffoff
118901SERVER-OTHERMIT Kerberos KDC Ticket validation double free memory corruption attemptoffoffoffdrop
118932SERVER-WEBAPPJboss default configuration unauthorized application add attemptoffoffoffoff
119036MALWARE-CNCWin.Trojan.IRCBrute.I variant outbound connectionoffoffoffoff
119037MALWARE-CNCWin.Trojan.IRCBrute.I variant outbound connectionoffoffoffoff
119079BROWSER-IEMicrosoft Internet Explorer getElementById object corruptionoffoffoffdrop
119106MALWARE-OTHERKeylogger Ardamax keylogger runtime detection - httpoffoffoffoff
119122POLICY-SPAMappledownload.com known spam email attemptoffoffoffoff
119171BROWSER-IEMicrosoft Internet Explorer 8 ieshims.dll dll-load exploit attemptoffoffoffdrop
119172BROWSER-IEMicrosoft Internet Explorer 8 ieshims.dll dll-load exploit attemptoffoffoffdrop
119314OS-WINDOWSGroove GroovePerfmon.dll dll-load exploit attemptoffoffoffdrop
119315OS-WINDOWSMicrosoft Groove GroovePerfmon.dll dll-load exploit attemptoffoffoffdrop
119324MALWARE-OTHERKeylogger WL-Keylogger inbound connectionoffoffoffoff
119325MALWARE-OTHERKeylogger WL-Keylogger outbound connectionoffoffoffoff
119392MALWARE-OTHERKeylogger Monitor.win32.perfloggeroffoffoffoff
119393MALWARE-OTHERKeylogger Monitor.win32.perfloggeroffoffoffoff
119437INDICATOR-OBFUSCATIONselect concat statement - possible sql injectionoffoffdropdrop
119438SQLurl ending in comment characters - possible sql injection attemptoffdropdropdrop
119439SQL1 = 1 - possible sql injection attemptoffdropdropdrop
119440SQL1 = 0 - possible sql injection attemptoffdropdropdrop
119465OS-WINDOWSVisio mfc71 dll-load attemptoffoffoffoff
119466FILE-OFFICEMicrosoft Office Visio mfc71 dll-load exploit attemptoffoffoffoff
119551MALWARE-OTHERself-signed SSL certificate with default Internet Widgits Pty Ltd organization nameoffoffoffoff
119567PUA-ADWAREW32.Ackantta.C.mm mass-mailer outbound connectionoffoffoffoff
119568MALWARE-CNCTrojan-Spy.Win32.PerfectKeylogger variant outbound connectionoffoffoffoff
119617FILE-OTHERAdobe Audition assist.dll dll-load exploit attemptoffoffoffoff
119619FILE-OTHERAdobe Audition assist.dll dll-load exploit attemptoffoffoffoff
119620FILE-OTHERMultiple products dwmapi.dll dll-load exploit attemptoffoffoffdrop
119665OS-WINDOWSMicrosoft Windows Remote Desktop web access cross site scripting attempt - GET requestoffoffoffoff
119671BROWSER-IEMicrosoft Internet Explorer XSLT memory corruption attemptoffoffoffdrop
119673OS-WINDOWSMicrosoft Data Access Components bidlab.dll dll-load exploit attemptoffoffoffoff
119674OS-WINDOWSMicrosoft Data Access Components bidlab.dll dll-load exploit attemptoffoffoffoff
119706MALWARE-CNCWin.Trojan.Agent.cer variant outbound connectionoffdropdropoff
119741MALWARE-OTHERPWS.Win32.Scofted keylogger runtime detectionoffoffoffoff
119867INDICATOR-OBFUSCATIONrandomized javascript encodings detectedoffoffoffdrop
119884INDICATOR-OBFUSCATIONString.fromCharCode with multiple encoding types detectedoffoffoffdrop
119887INDICATOR-OBFUSCATIONpotential javascript unescape obfuscation attempt detectedoffoffoffdrop
119888INDICATOR-OBFUSCATIONpotential javascript unescape obfuscation attempt detectedoffoffoffdrop
119889INDICATOR-OBFUSCATIONbase64-encoded data object foundoffoffoffdrop
119899MALWARE-OTHERTong Keylogger outbound connectiooutbound connectionoffoffoffoff
119900MALWARE-OTHERTong Keylogger outbound connectionoffoffoffoff
119901MALWARE-OTHERTong Keylogger outbound connectionoffoffoffoff
119925BROWSER-PLUGINSNovell iPrint ActiveX client browser plugin call-back-url buffer overflow attemptoffoffoffdrop
119927MALWARE-BACKDOORBRX Rat 0.02 inbound connectionoffoffoffoff
119933INDICATOR-SCANDirBuster brute forcing tool detectedoffoffoffoff
120047SQL1 = 1 - possible sql injection attemptoffoffoffoff
120098MALWARE-CNCWin.Trojan.KeyLogger.wav variant outbound connectionoffoffoffoff
120118OS-WINDOWSMicrosoft Windows shell extensions deskpan.dll dll-load exploit attemptoffoffoffoff
120119OS-WINDOWSMicrosoft Windows shell extensions deskpan.dll dll-load exploit attemptoffoffoffoff
120137INDICATOR-OBFUSCATIONPossible generic javascript heap spray attemptoffoffoffdrop
120158SERVER-WEBAPPOracle GlassFish Server default credentials login attemptoffoffoffdrop
120175BROWSER-PLUGINSMicrosoft Windows Remote Desktop Client ActiveX clsid accessoffoffoffdrop
120253OS-WINDOWSMicrosoft products oleacc.dll dll-load exploit attemptoffoffoffoff
120254OS-WINDOWSMicrosoft products oleacc.dll dll-load exploit attemptoffoffoffoff
120276INDICATOR-OBFUSCATIONstandard ASCII encoded with UTF-8 possible evasion detectedoffoffoffdrop
120593BROWSER-WEBKITApple Safari Webkit libxslt arbitrary file creation attemptoffoffoffdrop
120618SERVER-OTHERSage SalesLogix database credential disclosure attemptoffoffoffoff
120700FILE-OFFICEMicrosoft Office PowerPoint pp7x32.dll dll-load exploit attemptoffoffoffdrop
120701FILE-OFFICEMicrosoft Office PowerPoint pp4x322.dll dll-load exploit attemptoffoffoffdrop
120702FILE-OFFICEMicrosoft Office PowerPoint pp7x32.dll dll-load exploit attemptoffoffoffdrop
120703FILE-OFFICEMicrosoft Office PowerPoint pp4x322.dll dll-load exploit attemptoffoffoffdrop
120995POLICY-OTHERHP SiteScope integrationViewer default credentials policy-bypass attemptoffoffoffoff
120996POLICY-OTHERHP SiteScope integrationViewer default credentials policy-bypass attemptoffoffoffoff
121037INDICATOR-OBFUSCATIONrandomized javascript encodings detectedoffoffoffdrop
121038INDICATOR-OBFUSCATIONString.fromCharCode with multiple encoding types detectedoffoffoffdrop
121039INDICATOR-OBFUSCATIONpotential javascript unescape obfuscation attempt detectedoffoffoffdrop
121040INDICATOR-OBFUSCATIONpotential javascript unescape obfuscation attempt detectedoffoffoffoff
121108EXPLOIT-KITunknown exploit kit obfuscated landing pageoffoffdropoff
121117INDICATOR-COMPROMISEWSO web shelloffoffoffoff
121118INDICATOR-COMPROMISEWSO web shell security information displayoffoffoffoff
121119INDICATOR-COMPROMISEWSO web shell interactive file system information displayoffoffoffoff
121120INDICATOR-COMPROMISEWSO web shell interactive console displayoffoffoffoff
121121INDICATOR-COMPROMISEWSO web shell interactive SQL displayoffoffoffoff
121129INDICATOR-COMPROMISEMulcishell web shelloffoffoffoff
121130INDICATOR-COMPROMISEMulcishell web shell enumeration pageoffoffoffoff
121131INDICATOR-COMPROMISEMulcishell web shell domain lookup pageoffoffoffoff
121132INDICATOR-COMPROMISEMulcishell web shell sql interaction pageoffoffoffoff
121133INDICATOR-COMPROMISEMulcishell web shell encoder pageoffoffoffoff
121134INDICATOR-COMPROMISEMulcishell web shell security information pageoffoffoffoff
121135INDICATOR-COMPROMISEMulcishell web shell password cracking pageoffoffoffoff
121136INDICATOR-COMPROMISEMulcishell web shell security bypass pageoffoffoffoff
121137INDICATOR-COMPROMISEMulcishell web shell tools pageoffoffoffoff
121138INDICATOR-COMPROMISEMulcishell web shell database parsing pageoffoffoffoff
121139INDICATOR-COMPROMISEMulcishell web shell spread shell pageoffoffoffoff
121140INDICATOR-COMPROMISEMulcishell web shell kill shell pageoffoffoffoff
121289OS-WINDOWSMicrosoft Color Control Panel STI.dll dll-load exploit attemptoffoffoffdrop
121290OS-WINDOWSMicrosoft Color Control Panel STI.dll dll-load exploit attemptoffoffoffdrop
1213MALWARE-BACKDOORMISC Linux rootkit attemptoffoffoffoff
121310OS-WINDOWSMicrosoft product fputlsat.dll dll-load exploit attemptoffoffoffdrop
121318MALWARE-CNCWin.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encodedoffdropdropoff
121322FILE-OTHERMultiple products version.dll dll-load exploit attemptoffoffoffoff
121323FILE-FLASHAdobe Acrobat Flash Player atl.dll dll-load exploit attemptoffoffoffoff
121324FILE-FLASHAdobe Acrobat Flash Player uxtheme.dll dll-load exploit attemptoffoffoffoff
121377SERVER-WEBAPPCisco Unified Communications Manager sql injection attemptoffoffoffoff
1214MALWARE-BACKDOORMISC Linux rootkit attempt lrkr0xoffoffoffoff
121442MALWARE-CNCURI request for known malicious URI - base64 encodedoffoffoffoff
121489FILE-OTHERMicrosoft Windows chm file malware related exploitoffoffoffoff
1215MALWARE-BACKDOORMISC Linux rootkit attemptoffoffoffoff
121550MALWARE-BACKDOORToolsPack PHP Backdoor accessoffdropdropoff
121567OS-WINDOWSMicrosoft Expression Design wintab32.dll dll-load exploit attemptoffoffdropdrop
121577INDICATOR-OBFUSCATIONJavaScript obfuscation - charcodeoffoffoffoff
121578INDICATOR-OBFUSCATIONJavaScript obfuscation - evaloffoffoffoff
121579INDICATOR-OBFUSCATIONJavaScript obfuscation - fromCharCodeoffoffoffoff
121580INDICATOR-OBFUSCATIONJavaScript obfuscation - fromCharCodeoffoffoffoff
121582FILE-PDFPDF obfuscation attemptoffoffoffoff
1216MALWARE-BACKDOORMISC Linux rootkit satori attemptoffoffoffoff
121778SQLparameter ending in comment characters - possible sql injection attempt - POSToffoffalertdrop
121779SQLparameter ending in encoded comment characters - possible sql injection attempt - POSToffoffoffoff
121782INDICATOR-OBFUSCATIONscript tag in POST parameters - likely cross-site scriptingoffoffoffoff
121783INDICATOR-OBFUSCATIONencoded script tag in POST parameters - likely cross-site scriptingoffoffoffoff
121784INDICATOR-OBFUSCATIONencoded script tag in POST parameters - likely cross-site scriptingoffoffoffoff
121785INDICATOR-OBFUSCATIONjavascript escape function in POST parameters - likely javascript injectionoffoffoffoff
121786INDICATOR-OBFUSCATIONencoded javascript escape function in POST parameters - likely javascript injectionoffoffoffoff
121787INDICATOR-OBFUSCATIONencoded javascript escape function in POST parameters - likely javascript injectionoffoffoffoff
121938PROTOCOL-TELNETRuggedCom default backdoor login attemptoffoffdropoff
121947MALWARE-CNCWin.Trojan.VicSpy.A variant outbound connectionoffoffoffoff
122033MALWARE-CNCApple OSX Flashback malware variant outbound connectionoffdropdropoff
122034MALWARE-CNCApple OSX Flashback malware variant outbound connectionoffdropdropoff
122053MALWARE-CNCWin.Trojan.Insomnia variant inbound connection - post infectionoffoffoffoff
122061MALWARE-OTHERAlureon - Malicious IFRAME load attemptoffalertdropoff
122071INDICATOR-OBFUSCATIONMicrosoft Office Word JavaScript obfuscation - evaloffoffoffoff
122072INDICATOR-OBFUSCATIONMicrosoft Office Word JavaScript obfuscation - fromCharCodeoffoffoffoff
122073INDICATOR-OBFUSCATIONMicrosoft Office Word JavaScript obfuscation - unescapeoffoffoffoff
122074INDICATOR-OBFUSCATIONMicrosoft Office Word JavaScript obfuscation - charCodeoffoffoffoff
123018INDICATOR-OBFUSCATIONeval of base64-encoded dataoffoffdropdrop
123160INDICATOR-OBFUSCATIONJavascript obfuscation - fromCharCodeoffoffoffoff
123161INDICATOR-OBFUSCATIONJavascript obfuscation - evaloffoffoffoff
123164SERVER-OTHERMicrosoft Lync Online ncrypt.dll dll-load exploit attemptoffoffoffdrop
123165SERVER-OTHERMicrosoft Lync Online wlanapi.dll dll-load exploit attemptoffoffoffdrop
123316FILE-OFFICEMicrosoft Office Word imeshare.dll dll-load exploit attemptoffoffoffoff
123611FILE-PDFJavaScript contained in an xml template embedded in a pdf attemptoffoffdropdrop
123612FILE-PDFJavaScript contained in an xml template embedded in a pdf attemptoffoffdropdrop
123620MALWARE-OTHERMalvertising network attempted redirectoffdropdropoff
123636INDICATOR-OBFUSCATIONJavaScript built-in function parseInt appears obfuscated - likely packer or encoderoffoffoffoff
123757FILE-IDENTIFYMicrosoft Windows CHM file magic detectedoffoffoffdrop
123780MALWARE-CNCWin.Trojan.Begfanit.A outbound connectionoffoffoffoff
123784DELETEDSERVER-WEBAPP Symantec Web Gateway blocked.php id parameter sql injection attemptoffoffoffoff
123829INDICATOR-COMPROMISELoaderz Web Shelloffoffoffoff
123830INDICATOR-COMPROMISEAlsa3ek Web Shelloffoffoffoff
123831INDICATOR-OBFUSCATIONnon-alphanumeric javascript detectedoffoffoffoff
123832INDICATOR-OBFUSCATIONnon-alphanumeric javascript detectedoffoffoffoff
123934SERVER-WEBAPPSymantec Web Gateway blocked.php blind sql injection attemptoffoffoffdrop
123947SQLIBM System Storage DS storage manager profiler sql injection attemptoffoffdropoff
123985BROWSER-PLUGINSApple Quicktime plugin SetLanguage buffer overflow attemptoffoffdropdrop
123986BROWSER-PLUGINSApple Quicktime plugin SetLanguage buffer overflow attemptoffoffdropdrop
124008POLICY-OTHERuse of psexec remote administration tooloffoffoffoff
124083FILE-OTHERESTsoft ALZip MIM file buffer overflow attemptoffoffoffdrop
124094APP-DETECTTeamviewer control server pingoffoffoffoff
124095APP-DETECTTeamviewer installer download attemptoffoffoffoff
124096APP-DETECTTeamviewer remote connection attemptoffoffoffoff
124097APP-DETECTTeamviewer remote connection attemptoffoffoffoff
124098APP-DETECTTeamviewer remote connection attemptoffoffoffoff
124167INDICATOR-OBFUSCATIONdocument write of unescaped value with remote scriptoffoffoffoff
124243MALWARE-CNCURI request for known malicious URI - base64 encodedoffoffoffoff
124306SERVER-APACHEHP Operations Dashboard Apache Tomcat default admin account access attemptoffoffoffoff
124426MALWARE-OTHERJava.Trojan.Jacksbot class downloadoffoffoffoff
124435SERVER-WEBAPPNovell ZENworks Asset Management default admin credentials function call attemptoffoffoffdrop
124436SERVER-WEBAPPNovell ZENworks Asset Management default admin credentials function call attemptoffoffoffdrop
124517SERVER-WEBAPPF5 Networks FirePass my.activation.php3 state parameter sql injection attemptoffoffoffoff
124629SERVER-WEBAPPOracle Fusion Middleware WebCenter selectedLocale parameter sql injection attemptoffoffoffoff
124704SERVER-WEBAPPCA Total Defense management.asmx sql injection attemptoffoffoffdrop
124705SERVER-WEBAPPCA Total Defense management.asmx sql injection attemptoffoffoffdrop
124740SERVER-WEBAPPOracle Business Transaction Management flashtunnelservice arbitrary file deletion attemptoffoffoffoff
124801SERVER-WEBAPPIBM Tivoli Provisioning Manager Express asset.getmimetype sql injection attemptoffoffoffdrop
124814PROTOCOL-SNMPSamsung printer default community stringoffoffoffoff
125010MALWARE-CNCWin.Trojan.Perflog variant outbound connectionoffoffdropoff
125106MALWARE-BACKDOORUnrealIRCd backdoor command execution attemptoffoffoffoff
125391EXPLOIT-KITSweet Orange exploit kit obfuscated payload downloadoffoffdropdrop
125475FILE-PDFJavaScript contained in an xml template embedded in a pdf attemptoffoffdropdrop
125503MALWARE-CNCNecurs Rootkit sba.cgioffdropdropoff
125504MALWARE-CNCNecurs Rootkit op.cgioffdropdropoff
125562FILE-JAVAOracle Java obfuscated jar file download attemptoffoffoffdrop
125567OS-WINDOWSMicrosoft Windows Remote Desktop web access cross site scripting attempt - POST requestoffoffoffoff
125577MALWARE-CNCWin.Rootkit.Necurs possible URI with encrypted POSToffdropdropoff
125578MALWARE-OTHERFake postal receipt HTTP Response phishing attackoffdropdropoff
125579MALWARE-OTHERFake bookinginfo HTTP Response phishing attackoffdropdropoff
125580MALWARE-OTHERFake bookingdetails HTTP Response phishing attackoffdropdropoff
125592INDICATOR-OBFUSCATIONobfuscated document command - used in IFRAMEr tool injectionoffdropdropdrop
12578SERVER-OTHERkerberos principal name overflow UDPoffoffoffoff
125783INDICATOR-OBFUSCATIONlarge number of calls to char function - possible sql injection obfuscationoffoffoffoff
12579SERVER-OTHERkerberos principal name overflow TCPoffoffoffoff
125907SERVER-WEBAPPPHPmyadmin brute force login attempt - User-Agent User-Agentoffoffoffoff
125983INDICATOR-OBFUSCATIONDNS tunneling attemptoffoffoffoff
126040EXPLOIT-KITCrimeboss exploit kit - Portable Executable download attemptoffdropdropoff
126070FILE-EXECUTABLEIchitaro JSMISC32.dll dll-load exploit attemptoffdropdropoff
126071FILE-EXECUTABLEIchitaro JSMISC32.dll dll-load exploit attemptoffdropdropoff
126092INDICATOR-OBFUSCATIONfromCharCode seen in exploit kit landing pagesoffdropdropdrop
126101INDICATOR-OBFUSCATIONString.fromCharCode concatenationoffdropdropdrop
126261MALWARE-OTHERFake postal receipt HTTP Response phishing attackoffdropdropoff
126349EXPLOIT-KITRedkit exploit kit obfuscated portable executableoffdropdropdrop
126352INDICATOR-OBFUSCATIONobfuscated portable executable - seen in exploit kitsoffdropdropdrop
126451INDICATOR-OBFUSCATIONg01pack Javascript substr function wrapper attemptoffoffoffoff
126565INDICATOR-OBFUSCATIONbase64-encoded nop sled detectedoffoffoffoff
126566INDICATOR-OBFUSCATIONbase64-encoded nop sled detectedoffoffoffdrop
126567INDICATOR-OBFUSCATIONbase64-encoded nop sled detectedoffoffoffoff
126568INDICATOR-OBFUSCATIONeval of base64-encoded dataoffoffoffdrop
126592BROWSER-WEBKITApple Safari Webkit libxslt arbitrary file creation attemptoffoffoffdrop
126595INDICATOR-OBFUSCATIONjavascript hex character extraction routine detectedoffoffoffdrop
126596INDICATOR-OBFUSCATIONjavascript fromCharCode xor decryption routine detectedoffoffoffdrop
126660MALWARE-OTHERFake delivery information phishing attackoffdropdropoff
126689OS-MOBILEAndroid Denofow phone information exfiltrationoffoffoffoff
126693OS-MOBILEAndroid Antammi device information exfiltrationoffoffoffoff
126705OS-MOBILEAndroid Ewalls device information exfiltrationoffoffoffoff
126774MALWARE-CNCWin.Worm.Luder variant outbound connectionoffdropdropoff
126803MALWARE-OTHERDNS data exfiltration attemptoffdropdropoff
127073INDICATOR-OBFUSCATIONobfuscated getElementsByTagName string - seen in exploit kitsoffdropdropdrop
127074INDICATOR-OBFUSCATIONobfuscated getElementsByTagName string - seen in exploit kitsoffdropdropdrop
127237SERVER-OTHERIPMI default username - rootoffoffoffoff
127238SERVER-OTHERIPMI default username - adminoffoffoffoff
127239SERVER-OTHERIPMI default username - USERIDoffoffoffoff
127240SERVER-OTHERmultiple vendors IPMI RAKP username brute force attemptoffoffoffoff
127258INDICATOR-OBFUSCATIONeval large block of fromCharCodeoffoffoffoff
127259INDICATOR-OBFUSCATIONeval large block of fromCharCodeoffoffoffoff
127272INDICATOR-OBFUSCATIONJavascript obfuscation - fromCharCodeoffdropdropdrop
127286SERVER-WEBAPPDuWare DuClassmate default.asp iCity sql injection attemptoffoffoffoff
127287SQL1 = 1 - possible sql injection attemptoffdropdropdrop
127288SQL1 = 1 - possible sql injection attemptoffdropdropdrop
127538MALWARE-OTHERself-signed SSL certificate with default MyCompany Ltd organization nameoffoffoffoff
127593INDICATOR-OBFUSCATIONJavascript obfuscation - splitoffoffoffoff
127756SERVER-WEBAPPRedHat Piranha Virtual Server Package default passwd and arbitrary command execution attemptoffoffoffoff
127774MALWARE-CNCRDN Banker Data Exfiltrationoffdropdropoff
127919MALWARE-CNCWin.Trojan.Zeus encrypted POST Data exfiltrationoffdropdropoff
127956MALWARE-OTHEROSX.Trojan.Renepo rootkit download attemptoffoffdropoff
127957MALWARE-OTHEROSX.Trojan.Renepo rootkit download attemptoffoffdropoff
127958MALWARE-OTHEROSX.Trojan.Renepo rootkit download attemptoffoffdropoff
127959MALWARE-OTHEROSX.Trojan.Renepo rootkit upload attemptoffoffdropoff
127960MALWARE-OTHEROSX.Trojan.Renepo rootkit upload attemptoffoffdropoff
127961MALWARE-OTHEROSX.Trojan.Renepo rootkit upload attemptoffoffdropoff
127966MALWARE-CNCWin.Backdoor.Chopper web shell connectionoffdropdropoff
127967MALWARE-CNCWin.Backdoor.Chopper web shell connectionoffoffoffoff
127968MALWARE-CNCWin.Backdoor.Chopper web shell connectionoffdropdropoff
128023INDICATOR-OBFUSCATIONJavascript obfuscation - document - seen in IFRAMEr Tool attackoffdropdropdrop
128149SERVER-OTHERQuest Software Big Brother attempted arbitrary file deletionoffoffoffoff
128255MALWARE-CNCWin.Trojan.Kuluoz Potential phishing URLoffdropdropoff
128278SERVER-WEBAPPIBM Tivoli Provisioning Manager express user.updateUserValue sql injection attemptoffoffoffdrop
128323MALWARE-CNCWin.Backdoor.Chopper web shell connectionoffdropdropoff
128344INDICATOR-OBFUSCATIONlarge number of calls to chr function - possible sql injection obfuscationoffoffoffoff
128345INDICATOR-OBFUSCATIONJavascript obfuscation - split - seen in IFRAMEr Tool attackoffdropdropdrop
128346INDICATOR-OBFUSCATIONJavascript obfuscation - seen in IFRAMEr Tool attackoffdropdropdrop
128349BROWSER-PLUGINSMicrosoft Windows WMI administrator tools object viewer ActiveX clsid accessoffoffoffdrop
128350BROWSER-PLUGINSMicrosoft Windows WMI administrator tools object viewer ActiveX clsid accessoffoffoffdrop
128351BROWSER-PLUGINSMicrosoft Windows WMI administrator tools object viewer ActiveX clsid accessoffoffoffdrop
128399MALWARE-CNCLinux.Backdoor.Tsunami outbound connectionoffdropdropoff
128420INDICATOR-OBFUSCATIONJavascript obfuscation - createElement - seen in IFRAMEr Tool attackoffdropdropdrop
128421INDICATOR-OBFUSCATIONJavascript obfuscation - fromCharCode - seen in IFRAMEr Tool attackoffdropdropdrop
128422INDICATOR-OBFUSCATIONJavascript obfuscation - seen in IFRAMEr Tool attackoffdropdropdrop
128609EXPLOIT-KITSakura exploit kit obfuscated exploit payload downloadoffdropdropoff
128811INDICATOR-OBFUSCATIONJavascript obfuscation - seen in IFRAMEr Tool attackoffdropdropdrop
128812INDICATOR-OBFUSCATIONJavascript obfuscation - seen in IFRAMEr Tool attackoffdropdropdrop
128831FILE-OTHERCorel PaintShop Pro d2d1.dll dll-load exploit attemptoffoffoffoff
128833FILE-OTHERCorel PaintShop Pro ipl.dll dll-load exploit attemptoffoffoffoff
128834FILE-OTHERCorel PaintShop Pro uipl.dll dll-load exploit attemptoffoffoffoff
128835FILE-OTHERCorel PaintShop Pro uvipl.dll dll-load exploit attemptoffoffoffoff
128836FILE-OTHERCorel PaintShop Pro wintab32.dll dll-load exploit attemptoffoffoffoff
128837FILE-OTHERCorel PaintShop Pro d2d1.dll dll-load exploit attemptoffoffoffoff
128839FILE-OTHERCorel PaintShop Pro ipl.dll dll-load exploit attemptoffoffoffoff
128840FILE-OTHERCorel PaintShop Pro uipl.dll dll-load exploit attemptoffoffoffoff
128841FILE-OTHERCorel PaintShop Pro uvipl.dll dll-load exploit attemptoffoffoffoff
128842FILE-OTHERCorel PaintShop Pro wintab32.dll dll-load exploit attemptoffoffoffoff
128908SERVER-OTHERNagios core config manager tfpassword sql injection attemptoffoffoffoff
128941INDICATOR-OBFUSCATIONJavascript obfuscation - seen in IFRAMEr Tool attackoffdropdropdrop
128976MALWARE-CNCWin.Trojan.Agent.DF - Data Exfiltrationoffdropdropoff
128978FILE-OTHERCHM LZX compression reset interval anti-virus evasion attemptoffoffoffoff
128979FILE-OTHERCHM LZX compression reset interval anti-virus evasion attemptoffoffoffoff
128991MALWARE-CNCWin.Trojan.Qakbot FTP data exfiltrationoffoffoffoff
129031MALWARE-CNCWin.Trojan.Banload variant inbound connectionoffdropdropoff
129055MALWARE-BACKDOORWin.Trojan.Descrantol variant data exfiltration attemptoffoffdropoff
129190INDICATOR-OBFUSCATIONJavascript obfuscation - seen in Nuclear exploit kitoffdropdropdrop
129213INDICATOR-OBFUSCATIONpotential math library debuggingoffdropdropdrop
129261MALWARE-CNCWin.Trojan.Dropper variant outbound connectionoffdropdropoff
129379MALWARE-CNCWin.Trojan.Dropper outbound encrypted traffic - potential exfiltrationoffoffoffoff
129382APP-DETECTVPN Over DNS application download attemptoffoffoffoff
129383APP-DETECTVPN Over DNS application download attemptoffoffoffoff
129394BROWSER-WEBKITApple WebKit QuickTime plugin content-type http header buffer overflow attemptoffoffoffdrop
129396POLICY-SPAMPotential phishing attack - .zip receipt filename download with .exe name within .zip the sameoffoffoffoff
129397POLICY-SPAMPotential phishing attack - .zip shipping filename download with .exe name within .zip the sameoffoffoffoff
129398POLICY-SPAMPotential phishing attack - .zip voicemail filename download with .exe name within .zip the sameoffoffoffoff
129399POLICY-SPAMPotential phishing attack - .zip statement filename download with .exe name within .zip the sameoffoffoffoff
129509INDICATOR-OBFUSCATIONMultiple character encodings detectedoffoffoffdrop
129510INDICATOR-OBFUSCATIONMultiple character encodings detectedoffdropdropdrop
129519INDICATOR-OBFUSCATIONJavascript obfuscation using split reverse joinoffoffoffdrop
129580BROWSER-FIREFOXMozilla Firefox SVG data processing obfuscated memory corruption attemptoffoffoffdrop
129608SERVER-WEBAPPMcAfee ePO showRegisteredTypeDetails.do sql injection attemptoffoffdropdrop
129609SERVER-WEBAPPMcAfee ePO DisplayMSAPropsDetail.do sql injection attemptoffoffdropdrop
129615MALWARE-CNCWin.Trojan.Keylogger outbound connectionoffdropdropdrop
129616MALWARE-CNCWin.Trojan.Keylogger inbound connectionoffdropdropdrop
129620FILE-IMAGEAdobe Photoshop malformed PNG detected tRNS overflow attemptoffoffoffoff
129745INDICATOR-OBFUSCATIONAlternating character encodings - JS variableoffoffoffoff
129756SERVER-WEBAPPIBM Tivoli Provisioning Manager express user.updateUserValue sql injection attemptoffoffoffdrop
129789MALWARE-CNCWin.Trojan.Careto plugin downloadoffdropdropoff
129790MALWARE-CNCWin.Trojan.Careto plugin downloadoffdropdropoff
129791MALWARE-CNCWin.Trojan.Careto plugin downloadoffdropdropoff
129807INDICATOR-OBFUSCATIONAlternating character encodings - JS arrayoffoffoffoff
129813INDICATOR-OBFUSCATIONrandomized HTML number encodings detected in clsid access attemptoffoffoffdrop
129869MALWARE-CNCWin.Trojan.Napolar phishing attackoffdropdropoff
129886MALWARE-CNCWin.Trojan.Crypi.A outbound keylogger trafficoffoffdropoff
129918MALWARE-OTHERWin.Keylogger.Vacky system information disclosureoffoffdropoff
130003EXPLOIT-KITHello/LightsOut exploit kit payload download attemptoffdropdropdrop
130040SQL1 = 1 - possible sql injection attemptoffdropdropdrop
130041SQL1 = 1 - possible sql injection attemptoffdropdropdrop
130281POLICY-OTHERuse of psexec remote administration tool SMBv2offoffoffoff
130392INDICATOR-SHELLCODEMetasploit payload cmd_windows_reverse_powershelloffoffoffoff
130567MALWARE-OTHERWin.Trojan.Agent E-FAX phishing attemptoffdropdropoff
130568MALWARE-OTHERWin.Trojan.Agent E-FAX phishing attemptoffdropdropoff
130569MALWARE-OTHERWin.Trojan.Agent Funeral ceremony phishing attemptoffdropdropoff
130982MALWARE-CNCWin.Trojan.Karnos variant outbound connectionoffdropdropoff
131070MALWARE-CNCWin.Rootkit.Necurs outbound connectionoffdropdropoff
131289SERVER-WEBAPP/etc/passwd file access attemptoffdropdropdrop
131301BROWSER-IEMicrosoft Internet Explorer XSLT memory corruption attemptoffoffoffdrop
131303MALWARE-CNCWin.Trojan.Hadeki variant outbound connectionoffdropdropoff
131411OS-WINDOWSMicrosoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attemptoffoffoffoff
131412OS-WINDOWSMicrosoft Windows Media Encoder winietDAN.dll dll-load exploit attemptoffoffoffoff
131413OS-WINDOWSMicrosoft Windows Media Encoder asferrorDAN.dll dll-load exploit attemptoffoffoffoff
131414OS-WINDOWSMicrosoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attemptoffoffoffoff
131415OS-WINDOWSMicrosoft Windows Media Encoder winietDAN.dll dll-load exploit attemptoffoffoffoff
131416OS-WINDOWSMicrosoft Windows Media Encoder asferrorDAN.dll dll-load exploit attemptoffoffoffoff
13152SQLsa brute force failed login attemptoffoffoffoff
131556MALWARE-CNCWin.Trojan.CosmicDuke HTTP data exfiltration attemptoffdropdropoff
131564MALWARE-CNCWin.Trojan.CosmicDuke FTP data exfiltrationoffdropdropoff
131806MALWARE-CNCWin.Trojan.Nighthunter data exfiltration attemptoffdropdropoff
131807MALWARE-CNCWin.Trojan.Nighthunter data exfiltration attemptoffdropdropoff
131846POLICY-OTHERHP Universal CMDB default credentials authentication attemptoffoffoffdrop
131857EXPLOIT-KITScanbox exploit kit enumeration code detectedoffdropdropoff
131858EXPLOIT-KITScanbox exploit kit enumeration code detectedoffdropdropoff
131859EXPLOIT-KITScanbox exploit kit exfiltration attemptoffdropdropoff
131874OS-WINDOWSMicrosoft Windows Active Directory kerberos encryption type downgrade attemptoffdropdropdrop
132001MALWARE-CNCWin.Backdoor.Upatre SSL Cert inboundoffdropdropoff
132008MALWARE-OTHERFake Delta Ticket HTTP Response phishing attackoffdropdropoff
132068POLICY-OTHERSolarWinds Log and Event Manager default credentials authentication attemptoffoffoffoff
132102BROWSER-PLUGINSOracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid accessoffoffoffdrop
132103BROWSER-PLUGINSOracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid accessoffoffoffdrop
132104BROWSER-PLUGINSOracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call accessoffoffoffdrop
132105BROWSER-PLUGINSOracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call accessoffoffoffdrop
132312MALWARE-CNCFrameworkPOS data exfiltration through DNS - beacon messageoffoffdropoff
132501FILE-OTHERMicrosoft XML invalid priority in xsl templateoffdropdropoff
132502FILE-OTHERMicrosoft XML invalid priority in xsl templateoffdropdropoff
132526POLICY-OTHERVisual Mining NetCharts default credentials authentication attemptoffoffoffoff
13273SQLsa brute force failed login unicode attemptoffoffoffoff
132740POLICY-OTHERArris VAP2500 default credentials authentication attemptoffoffoffoff
132741POLICY-OTHERArris VAP2500 default credentials authentication attemptoffoffoffoff
132771MALWARE-OTHERAdobe Invoice email scam phishing attemptoffoffoffoff
132772MALWARE-OTHERAdobe License Key email scam phishing attemptoffoffoffoff
132890SERVER-OTHERntpd configure buffer overflow attemptoffoffoffoff
132948INDICATOR-COMPROMISEDownload of executable screensaver fileoffoffoffoff
132949MALWARE-OTHERDownload of executable screensaver fileoffoffoffoff
132950MALWARE-CNCWin.Trojan.Bladabindi variant outbound connectionoffoffdropoff
133220MALWARE-CNCWin.Trojan.HawkEye keylogger exfiltration attemptoffdropdropoff
133221MALWARE-CNCWin.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshotoffoffoffoff
133222MALWARE-CNCWin.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshotoffdropdropoff
133223MALWARE-CNCWin.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshotoffdropdropoff
133547MALWARE-CNCWin.Trojan.Turla outbound connectionoffdropdropoff
133566BROWSER-FIREFOXMozilla Firefox 3 xsl parsing heap overflow attemptoffoffoffdrop
133656MALWARE-CNCWin.Trojan.Carbanak data exfiltration attemptoffoffdropdrop
133857MALWARE-CNCWin.Trojan.PwnPOS data exfiltration attemptoffdropdropoff
133886MALWARE-CNCWIn.Trojan.HawkEye keylogger variant outbound connectionoffdropdropoff
133983EXPLOIT-KITNuclear exploit kit obfuscated file downloadoffdropdropdrop
134037MALWARE-CNCWin.Trojan.Dridex4 initial outbound connectionoffdropdropoff
134345POLICY-OTHERRed Hat OpenStack default password login attemptoffoffoffoff
134446MALWARE-CNCWin.Trojan.Odlanor information exfiltration attemptoffdropdropoff
134463APP-DETECTTeamViewer remote administration tool outbound connection attemptoffoffoffoff
134890FILE-OTHERCorel PaintShop Pro u32ZLib.dll dll-load exploit attemptoffoffoffdrop
134891FILE-OTHERCorel PaintShop Pro u32Zlib.dll dll-load exploit attemptoffoffoffdrop
134892FILE-OTHERCorel PaintShop Pro quserex.dll dll-load exploit attemptoffoffoffdrop
134893FILE-OTHERCorel PaintShop Pro quserex.dll dll-load exploit attemptoffoffoffdrop
134894FILE-OTHERCorel PaintShop Pro FxManagedCommands dll-load exploit attemptoffoffoffdrop
134895FILE-OTHERCorel PaintShop Pro FxManagedCommands dll-load exploit attemptoffoffoffdrop
134896FILE-OTHERCorel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attemptoffoffoffdrop
134897FILE-OTHERCorel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attemptoffoffoffdrop
134898FILE-OTHERCorel PaintShop Pro wacommt.dll dll-load exploit attemptoffoffoffdrop
134899FILE-OTHERCorel PaintShop Pro wacommt.dll dll-load exploit attemptoffoffoffdrop
134900FILE-OTHERCorel PaintShop Pro igfxcmrt32.dll dll-load exploit attemptoffoffoffdrop
134901FILE-OTHERCorel PaintShop Pro igfxcmrt32.dll dll-load exploit attemptoffoffoffdrop
134902FILE-OTHERCorel PaintShop Pro ipl.dll dll-load exploit attemptoffoffoffdrop
134903FILE-OTHERCorel PaintShop Pro MSPStyleLib.dll dll-load exploit attemptoffoffoffdrop
134904FILE-OTHERCorel PaintShop Pro MSPStyleLib.dll dll-load exploit attemptoffoffoffdrop
134905FILE-OTHERCorel PaintShop Pro uFioUtil.dll dll-load exploit attemptoffoffoffdrop
134906FILE-OTHERCorel PaintShop Pro uFioUtil.dll dll-load exploit attemptoffoffoffdrop
134907FILE-OTHERCorel PaintShop Pro uhDSPlay.dll dll-load exploit attemptoffoffoffdrop
134908FILE-OTHERCorel PaintShop Pro uhDSPlay.dll dll-load exploit attemptoffoffoffdrop
134909FILE-OTHERCorel PaintShop Pro uipl.dll dll-load exploit attemptoffoffoffdrop
134910FILE-OTHERCorel PaintShop Pro uvipl.dll dll-load exploit attemptoffoffoffdrop
134911FILE-OTHERCorel PaintShop Pro VC1DecDll.dll dll-load exploit attemptoffoffoffdrop
134912FILE-OTHERCorel PaintShop Pro VC1DecDll.dll dll-load exploit attemptoffoffoffdrop
134913FILE-OTHERCorel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attemptoffoffoffdrop
134914FILE-OTHERCorel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attemptoffoffoffdrop
134915NETBIOSSMB Corel PaintShop Pro quserex.dll dll-load exploit attemptoffoffoffdrop
134916NETBIOSSMB Corel PaintShop Pro u32zlib.dll dll-load exploit attemptoffoffoffdrop
134944POLICY-OTHERArcserve Unified Data Protection Management credential disclosure attemptoffoffoffdrop
134957MALWARE-CNCWin.Trojan.Sysmain outbound connectionoffdropdropoff
135029MALWARE-CNCWin.Keylogger.Lotronc variant outbound connectionoffdropdropoff
135110EXPLOIT-KITAngler exploit kit obfuscated Flash actionscript classname detecteddropdropdropoff
135118OS-WINDOWSMicrosoft Windows Kerberos privilege escalation attemptoffoffalertoff
135143FILE-OFFICEMicrosoft Office Excel Viewer msostyle.dll dll-load exploit attemptoffoffoffoff
135168FILE-OFFICEMicrosoft Office rapi.dll dll-load exploit attemptoffoffoffoff
13519SERVER-MYSQLMaxDB WebSQL wppassword buffer overflow default portoffoffoffoff
135215BROWSER-IEMicrosoft Internet Explorer protected mode atlthunk.dll dll-load exploit attemptoffoffoffoff
135317MALWARE-CNCWin.Trojan.Directate outbound connectionoffdropdropoff
135471MALWARE-CNCWin.Trojan.Baisogu outbound connectionoffdropdropoff
13552OS-WINDOWSMicrosoft Windows OLE32 MSHTA masquerade attemptoffoffoffdrop
135737INDICATOR-OBFUSCATIONJavascript stealth executable download attemptoffoffdropdrop
135738INDICATOR-OBFUSCATIONJavascript stealth executable download attemptoffoffdropdrop
135769MALWARE-BACKDOORWin.Backdoor.Cobrike inbound connection offdropdropoff
135770MALWARE-BACKDOORWin.Backdoor.Cobrike outbound connection offdropdropoff
136036INDICATOR-OBFUSCATIONAdobe Flash file with SecureSwfLoader packer detectedoffoffoffdrop
136054MALWARE-CNCIos.Backdoor.SYNful inbound connectionoffdropdropoff
136070INDICATOR-OBFUSCATIONJavascript obfuscation using split reverse join attemptoffoffoffdrop
136100SERVER-WEBAPPManageEngine OpManager default credentials authentication attemptoffoffdropdrop
136198MALWARE-CNCWin.Trojan.Yakes variant certificateoffdropdropoff
136201EXPLOIT-KITScanbox exploit kit exfiltration attemptoffdropdropoff
136250SERVER-OTHERntpd keyfile buffer overflow attemptoffoffoffoff
136251SERVER-OTHERntpq atoascii memory corruption attemptoffoffoffoff
136253SERVER-OTHERntpd saveconfig directory traversal attemptoffoffoffoff
136282POLICY-OTHERCisco router Security Device Manager default banneroffdropdropdrop
136304MALWARE-CNCWin.Trojan.WinPlock variant outbound connectionoffdropdropoff
136338MALWARE-OTHERApple iTunes Connect HTTP response phishing attemptoffdropdropoff
136375SERVER-OTHERIBM Tivoli Management Framework Endpoint default HTTP password authentication attemptoffoffoffoff
136407OS-WINDOWSRDP client dll-load exploit attemptoffoffoffoff
136408OS-WINDOWSRDP client dll-load exploit attemptoffoffoffoff
136409OS-WINDOWSRDP client dll-load exploit attemptoffoffoffoff
136410OS-WINDOWSRDP client dll-load exploit attemptoffoffoffoff
136585BROWSER-WEBKITApple Safari user assisted applescript code execution attemptoffoffoffoff
136596OS-WINDOWSMicrosoft Windows Kerberos privilege escalation attemptoffoffalertoff
136601MALWARE-CNCWin.Trojan.QVKeylogger outbound variant connectionoffdropdropoff
136602MALWARE-CNCWin.Trojan.QVKeylogger outbound variant connectionoffdropdropoff
136603MALWARE-CNCWin.Trojan.QVKeylogger outbound variant connectionoffdropdropoff
136666MALWARE-CNCWin.Trojan.Tentobr outbound connectionoffdropdropoff
13679INDICATOR-OBFUSCATIONMultiple Products IFRAME src javascript code executionoffoffoffdrop
136804OS-WINDOWSMicrosoft Windows wininet peerdistsvc.dll dll-load exploit attemptoffoffoffoff
136824EXPLOIT-KITKnown exploit kit obfuscation routine detectedoffoffdropdrop
13689BROWSER-IEMicrosoft Internet Explorer tRNS overflow attemptoffoffoffdrop
136931FILE-OFFICEMicrosoft Office wuaext.dll dll-load exploit attemptoffdropdropdrop
136994FILE-OFFICEMicrosoft Office mqrt.dll dll-load exploit attemptoffdropdropdrop
136996FILE-OFFICEMicrosoft Office spframe.dll dll-load exploit attemptoffdropdropdrop
136999FILE-OFFICEMicrosoft Office elsext.dll dll-load exploit attemptoffdropdropdrop
137000FILE-OFFICEMicrosoft Office nwdblib.dll dll-load exploit attemptoffdropdropdrop
137130FILE-IDENTIFYObfuscated .wsf download attemptoffdropdropdrop
137132FILE-IDENTIFYObfuscated .wsf download attemptoffdropdropdrop
137243INDICATOR-COMPROMISEdownload of a Office document with embedded PowerShelloffoffalertdrop
137244INDICATOR-COMPROMISEdownload of a Office document with embedded PowerShelloffoffalertdrop
137245MALWARE-CNCWin.Backdoor.Chopper web shell connectionoffoffoffoff
137257BROWSER-IEMicrosoft Internet Explorer mapi32x.dll dll-load exploit attemptoffdropdropdrop
137262FILE-OFFICEMicrosoft Office mfplat.dll dll-load exploit attemptoffdropdropdrop
137264FILE-OFFICEMicrosoft Office api-ms-win-core-winrt-l1-1-0.dll dll-load exploit attemptoffdropdropdrop
137275OS-WINDOWSMicrosoft Windows feclient.dll dll-load exploit attemptoffdropdropdrop
137298APP-DETECTHola VPN installation attemptoffoffoffoff
137299APP-DETECTHola VPN installation attemptoffoffoffoff
137300APP-DETECTHola VPN startup attemptoffoffoffoff
137301APP-DETECTHola VPN startup attemptoffoffoffoff
137302APP-DETECTHola VPN X-Hola-Version header nonstandard port attemptoffoffoffoff
137303APP-DETECTHola VPN X-Hola-Version header attemptoffoffoffoff
137304APP-DETECTHola VPN non-http port pingoffoffoffoff
137305APP-DETECTHola VPN tunnel keep aliveoffoffoffoff
137306APP-DETECTHola VPN startup attemptoffoffoffoff
137318FILE-OFFICEMicrosoft Office Word rpawinet.dll dll-load exploit attemptoffoffoffoff
137416MALWARE-BACKDOORAdzok RAT downloadoffoffoffoff
137421MALWARE-BACKDOORAdzok RAT downloadoffoffoffoff
137525SERVER-OTHERNTP arbitrary pidfile and driftfile overwrite attemptoffdropdropdrop
137526SERVER-OTHERNTP arbitrary pidfile and driftfile overwrite attemptoffdropdropdrop
137555FILE-OFFICEMicrosoft Office msdaora.dll dll-load exploit attemptoffdropdropdrop
137556FILE-OFFICEMicrosoft Office phoneinfo.dll dll-load exploit attemptoffdropdropdrop
137588FILE-OFFICEMicrosoft Office Word BCSRuntime.dll dll-load exploit attemptoffdropdropdrop
137589FILE-OFFICEMicrosoft Office Word OLMAPI32.dll dll-load exploit attemptoffdropdropdrop
137728INDICATOR-OBFUSCATIONSWF with large DefineBinaryData tagoffoffoffdrop
137729INDICATOR-OBFUSCATIONAdobe Flash file with SecureSwfLoader packer detectedoffoffoffdrop
137891INDICATOR-OBFUSCATIONDNS tunneling attemptoffoffoffoff
137892INDICATOR-OBFUSCATIONDNS tunneling attemptoffoffoffoff
137948INDICATOR-OBFUSCATIONknown malicious JavaScript decryption routineoffoffoffdrop
138104INDICATOR-OBFUSCATIONJavascript obfuscation double unescapeoffoffoffdrop
138105INDICATOR-OBFUSCATIONJavascript obfuscation double unescapeoffoffoffdrop
138172FILE-OTHERAdobe Acrobat updaternotifications.dll dll-load exploit attemptoffoffoffoff
13820FILE-IDENTIFYMicrosoft Windows CHM file magic detectedoffoffoffdrop
138259MALWARE-CNCPowerShell Empire variant outbound connectionoffdropdropoff
138260MALWARE-CNCPowerShell Empire variant outbound connectionoffdropdropoff
138261MALWARE-CNCPowerShell Empire variant outbound connectionoffdropdropoff
138385MALWARE-CNCWin.Trojan.FTPKeyLogger outbound connectionoffdropdropoff
138386MALWARE-CNCWin.Trojan.FTPKeyLogger outbound connectionoffdropdropoff
138387MALWARE-CNCWin.Trojan.FTPKeyLogger outbound connectionoffoffoffoff
138388MALWARE-CNCWin.Trojan.FTPKeyLogger geolocation checkoffdropdropoff
138417FILE-FLASHAdobe Flash Player ClbCatQ.dll dll-load exploit attemptoffoffdropdrop
138418FILE-FLASHAdobe Flash Player HNetCfg.dll dll-load exploit attemptoffoffdropdrop
138419FILE-FLASHAdobe Flash Player RASMan.dll dll-load exploit attemptoffoffdropdrop
138420FILE-FLASHAdobe Flash Player setupapi.dll dll-load exploit attemptoffoffdropdrop
138469OS-WINDOWSMicrosoft Windows api-ms-win-appmodel-runtime dll-load exploit attemptoffdropdropdrop
138470OS-WINDOWSMicrosoft Windows api-ms-win-appmodel-runtime dll-load exploit attemptoffdropdropdrop
138510MALWARE-CNCWin.Trojan.iSpySoft variant exfiltration attemptoffdropdropoff
138557MALWARE-CNCWin.Trojan.GateKeylogger outbound connectionoffdropdropoff
138558MALWARE-CNCWin.Trojan.GateKeylogger outbound connectionoffdropdropoff
138559MALWARE-CNCWin.Trojan.GateKeylogger outbound connection - keystorkesoffdropdropoff
138560MALWARE-CNCWin.Trojan.GateKeylogger outbound connection - screenshotoffdropdropoff
138561MALWARE-CNCWin.Trojan.GateKeylogger plugins download attemptoffdropdropoff
138562MALWARE-CNCWin.Trojan.GateKeylogger initial exfiltration attemptoffdropdropoff
138563MALWARE-CNCWin.Trojan.GateKeylogger fake 404 responseoffdropdropoff
138564MALWARE-CNCWin.Trojan.GateKeylogger keylog exfiltration attemptoffdropdropoff
138565MALWARE-CNCWin.Trojan.Sweeper variant dropper initial download attemptoffdropdropoff
138566MALWARE-CNCWin.Trojan.Sweeper variant dropper download attemptoffdropdropoff
138724MALWARE-CNCWin.Trojan.Renegin outbound GET attemptoffdropdropoff
138873FILE-FLASHAdobe Flash Player MSIMG32.dll dll-load exploit attemptoffdropdropdrop
138876EXPLOIT-KITObfuscated exploit download attemptoffoffdropdrop
138890MALWARE-CNCWin.Trojan.Kirts exfiltration attemptoffdropdropoff
138898FILE-OTHERAdobe Illustrator CS4 aires.dll dll-load exploit attemptoffoffoffoff
138950MALWARE-CNCWin.Trojan.PassStealer passwords exfiltration attemptoffdropdropoff
139130EXPLOIT-KITObfuscated exploit download attemptoffoffdropdrop
139293FILE-FLASHAdobe Flash Player apphelp.dll dll-load exploit attemptoffoffalertdrop
139294FILE-FLASHAdobe Flash Player dbghelp.dll dll-load exploit attemptoffoffalertdrop
139341MALWARE-CNCWin.Trojan.FastPOS credit card data exfiltrationoffdropdropoff
139343MALWARE-CNCWin.Trojan.FastPOS keylog exfiltrationoffdropdropoff
139409MALWARE-CNCWin.Trojan.iSpy variant initial outbound connectionoffdropdropoff
139410MALWARE-CNCWin.Trojan.iSpy variant exfiltration outbound connectionoffdropdropoff
139532FILE-PDFAdobe Acrobat Reader XSL multi-dimensional array memory corruption attemptoffdropdropdrop
139533FILE-PDFAdobe Acrobat Reader XSL multi-dimensional array memory corruption attemptoffdropdropdrop
139642SERVER-WEBAPPWebNMS framework server credential disclosure attemptoffoffoffoff
139734MALWARE-OTHERWin.Trojan.Xtrat outbound connection detectedoffdropdropoff
139755MALWARE-OTHERWin.Trojan.Retefe variant malicious certificate installation pageoffdropdropoff
139756MALWARE-OTHERWin.Trojan.Retefe variant malicious certificate installation pageoffdropdropoff
139911MALWARE-CNCWin.Trojan.HawkEye keylogger exfiltration attemptoffdropdropoff
139930SERVER-WEBAPPSiemens IP-Camera credential disclosure attemptoffdropdropdrop
140079FILE-OFFICEMicrosoft Office Visio visdlgu.dll dll-load exploit attemptoffdropdropdrop
140238MALWARE-CNCWin.Keylogger.AgentTesla variant outbound connectionoffdropdropoff
140321SERVER-APACHEApache Tomcat credential disclosure attemptoffoffoffoff
140359SERVER-APACHEApache Struts xslt.location local file inclusion attemptoffdropdropdrop
140436FILE-PDFAdobe Acrobat Reader XSLT substring memory corruption attemptoffdropdropdrop
140437FILE-PDFAdobe Acrobat Reader XSLT substring memory corruption attemptoffdropdropdrop
140450MALWARE-CNCDoc.Downloader.Agent file download attemptoffdropdropoff
140493SERVER-WEBAPPEktron ServerControlWS.asmx XSL transform code injection attemptoffoffdropdrop
140505FILE-PDFAdobe Reader XSLT Transform use after free attemptoffdropdropdrop
140506FILE-PDFAdobe Reader XSLT Transform use after free attemptoffdropdropdrop
140507FILE-PDFAdobe Reader XSLT Transform use after free attemptoffdropdropdrop
140508FILE-PDFAdobe Reader XSLT Transform use after free attemptoffdropdropdrop
140509FILE-PDFAdobe Reader XSLT Transform use after free attemptoffdropdropdrop
140510FILE-PDFAdobe Reader XSLT Transform use after free attemptoffdropdropdrop
140511FILE-PDFAdobe Reader XSLT Transform use after free attemptoffdropdropdrop
140512FILE-PDFAdobe Reader XSLT Transform use after free attemptoffdropdropdrop
140513FILE-PDFAdobe Reader XSLT Transform use after free attemptoffdropdropdrop
140514FILE-PDFAdobe Reader XSLT Transform use after free attemptoffdropdropdrop
140755FILE-FLASHAdobe Flash EnableDebugger2 obfuscation attemptoffoffdropdrop
140832MALWARE-CNCWin.Backdoor.Houdini variant keylogger inbound init command attemptoffdropdropoff
140904SERVER-WEBAPPOracle Weblogic default credentials login attemptoffdropdropdrop
140905SERVER-WEBAPPOracle Weblogic default credentials login attemptoffdropdropdrop
140911MALWARE-CNCWin.Rootkit.Sednit variant outbound connectionoffdropdropoff
141084EXPLOIT-KITSundown Exploit kit landing page obfuscation detectedoffoffdropdrop
141092EXPLOIT-KITRig Exploit Kit landing page obfuscation detectedoffdropdropdrop
141163FILE-PDFAdobe Acrobat Reader XSL stylesheet heap overflow attemptoffoffdropdrop
141164FILE-PDFAdobe Acrobat Reader XSL stylesheet heap overflow attemptoffoffdropdrop
141193FILE-PDFAdobe Acrobat XFA engine stack buffer overflow attemptoffdropdropdrop
141194FILE-PDFAdobe Acrobat XFA engine stack buffer overflow attemptoffdropdropdrop
141204FILE-PDFAdobe Reader XSL type confusion attemptoffoffoffoff
141205FILE-PDFAdobe Reader XSL type confusion attemptoffoffoffoff
141308FILE-OTHERDell Precision Optimizer dll-load exploit attemptoffoffoffoff
141309FILE-OTHERDell Precision Optimizer dll-load exploit attemptoffoffoffoff
141424MALWARE-CNCWin.Trojan.Cerber outbound connectionoffdropdropoff
141435MALWARE-CNCWin.Trojan.Oilrig variant outbound connectionoffdropdropoff
141443MALWARE-CNCWin.Ransomware.X-Mas variant keylogger outbound connectionoffdropdropoff
141444MALWARE-CNCWin.Ransomware.X-Mas variant keylogger outbound connectionoffdropdropoff
141446SERVER-WEBAPPCisco Meraki default admin credentials attemptoffdropdropoff
141456MALWARE-CNCUser-Agent known malicious user-agent string - Elite Keyloggeroffdropdropoff
141457MALWARE-CNCUser-Agent known malicious user-agent string - Elite Keyloggeroffoffoffoff
141458MALWARE-CNCOsx.Keylogger.Elite variant outbound connectionoffdropdropoff
141459MALWARE-CNCOsx.Keylogger.Elite variant outbound connectionoffdropdropoff
141460MALWARE-CNCOsx.Keylogger.Elite variant outbound connectionoffdropdropoff
141461MALWARE-CNCOsx.Keylogger.Elite variant outbound connectionoffdropdropoff
141564FILE-OFFICEMicrosoft Office imjp12k.dll dll-load exploit attemptoffoffoffoff
141712MALWARE-CNCWin.Trojan.Houdini backdoor file download requestoffdropdropoff
141714INDICATOR-OBFUSCATIONrfc822 HTTP transfer encoding attempt attemptoffoffoffdrop
141817SERVER-WEBAPPgeneric SQL select statement possible sql injectionoffoffdropdrop
141823SERVER-OTHERNagios Core privilege escalation attemptoffoffoffdrop
141824SERVER-OTHERNagios Core privilege escalation attemptoffoffoffdrop
141917SERVER-WEBAPPCarel PlantVisorPRO default login attemptoffdropdropdrop
141920SERVER-WEBAPPMcAfee Virus Scan Linux authentication token brute force attemptoffoffoffoff
141925FILE-OTHERNotepad++ scilexer.dll dll-load exploit attemptoffoffoffoff
142066SERVER-WEBAPPWordpress plugin arbitrary file deletion attemptoffoffoffoff
142068POLICY-OTHERAviosys IP Power 9258 W2 default login attemptoffoffoffoff
142133SERVER-APACHEApache mod_session_crypto padding oracle brute force attemptoffoffoffoff
142163FILE-OTHERMicrosoft Office OneNote 2007 dll-load exploit attemptoffoffoffoff
142164FILE-OTHERMicrosoft Office OneNote 2007 dll-load exploit attemptoffoffoffoff
142185OS-WINDOWSMicrosoft Windows WMI DCOM arbitrary .NET serialization code execution attemptoffdropdropdrop
142186OS-WINDOWSMicrosoft Windows WMI DCOM arbitrary .NET serialization code execution attemptoffdropdropdrop
142197FILE-OFFICEMicrosoft Office mqrt.dll dll-load exploit attemptoffoffoffdrop
142198FILE-OFFICEMicrosoft Office mqrt.dll dll-load exploit attemptoffdropdropdrop
142280FILE-OTHERAdobe Acrobat RARfsClientNP.dll dll-load exploit attemptoffoffoffoff
142292INDICATOR-COMPROMISEmalicious javascript obfuscation detectedoffoffoffdrop
142300SERVER-WEBAPPSensorIP2 default credentials enumeration attemptoffoffoffoff
142304FILE-OTHERfwpuclnt dll-load exploit attemptoffoffoffoff
142305FILE-OTHERfwpuclnt dll-load exploit attemptoffoffoffoff
142331MALWARE-CNCWin.Trojan.Doublepulsar variant process injection commandoffdropdropalert
14236BROWSER-PLUGINSMicrosoft Internet Explorer WMI ASDI Extension ActiveX object accessoffoffoffoff
142395MALWARE-CNCWin.Trojan.Oddjob outbound connectionoffdropdropoff
142451SERVER-WEBAPPMCA Sistemas ScadaBR index.php brute force login attemptoffoffoffoff
142834MALWARE-CNCWin.Backdoor.Chopper web shell connectionoffdropdropoff
142835MALWARE-CNCWin.Backdoor.Chopper web shell connectionoffdropdropoff
142836MALWARE-CNCWin.Backdoor.Chopper web shell connectionoffdropdropoff
142837MALWARE-CNCWin.Backdoor.Chopper web shell connectionoffdropdropoff
142863FILE-OFFICEMicrosoft Office mqrt.dll dll-load exploit attemptoffdropdropdrop
142864FILE-OFFICEMicrosoft Office mqrt.dll dll-load exploit attemptoffdropdropdrop
142887SERVER-OTHERntpq flagstr buffer overflow attemptoffdropdropdrop
142890FILE-OTHERAfterMidnight post exploitation tool aftermidnight.dll dll-load exploit attemptoffdropdropdrop
142925MALWARE-CNCJs.Keylogger.Scanbox outbound connectionoffdropdropoff
142926MALWARE-CNCJs.Keylogger.Scanbox outbound connectionoffdropdropoff
143113SERVER-WEBAPPSchneider Electric IGSS dashboard deletion attemptoffoffoffoff
143179FILE-OFFICEPowerpoint mouseover powershell malware download attemptoffdropdropdrop
143180FILE-OFFICEPowerpoint mouseover powershell malware download attemptoffdropdropdrop
143256INDICATOR-OBFUSCATIONRig EK fromCharCode offset 33 obfuscated getElementsByTagName calloffdropdropdrop
143370NETBIOSDCERPC possible wmi remote process launchoffoffoffoff
143672BROWSER-FIREFOXMozilla products obfuscated cross site scripting attemptoffoffoffoff
143673BROWSER-FIREFOXMozilla products obfuscated cross site scripting attemptoffoffoffoff
143802FILE-OFFICEMicrosoft Office mqrt.dll dll-load exploit attemptoffdropdropdrop
143803FILE-OFFICEMicrosoft Office mqrt.dll dll-load exploit attemptoffdropdropdrop
143804FILE-OFFICEMicrosoft Office mqrt.dll dll-load exploit attemptoffoffoffdrop
143805FILE-OFFICEMicrosoft Office mqrt.dll dll-load exploit attemptoffoffoffdrop
144172INDICATOR-OBFUSCATIONsuspicious dynamic http link creation attemptoffoffoffoff
144474MALWARE-OTHERGHBkdr TLS Change Cipher spoof runtime detectionoffoffdropoff
144475MALWARE-OTHERGHBkdr TLS Handshake spoof runtime detectionoffoffdropoff
144559MALWARE-CNCWord.Trojan.Emotet obfuscated powershelloffdropdropoff
144560MALWARE-CNCWord.Trojan.Emotet obfuscated powershelloffdropdropoff
144561MALWARE-CNCPowerShell Empire variant outbound connectionoffdropdropoff
144562MALWARE-CNCPowerShell Empire variant outbound connectionoffdropdropoff
144563MALWARE-CNCPowerShell Empire variant outbound connectionoffoffdropoff
144564MALWARE-CNCPowerShell Empire variant outbound connectionoffdropdropdrop
144599FILE-OFFICEMicrosoft Office oci.dll dll-load exploit attemptoffoffoffdrop
144600FILE-OFFICEMicrosoft Office iasdatastore2.dll dll-load exploit attemptoffoffoffdrop
144601FILE-OFFICEMicrosoft Office ociw32.dll dll-load exploit attemptoffoffoffdrop
144615INDICATOR-OBFUSCATIONsuspicious javascript deobfuscation calls attemptoffoffoffoff
144646MALWARE-OTHERWin.Ransomware.BadRabbit propagation via SVCCTL remote service attemptoffdropdropdrop
144651NETBIOSSMB NTLMSSP authentication brute force attemptoffoffoffoff
144697MALWARE-CNCSquirrelMail directory traversal attemptoffoffoffoff
144702POLICY-OTHERInedo BuildMaster web server login with default credentials attemptoffoffoffoff
145005FILE-OTHERJackson databind deserialization remote code execution attemptoffoffdropdrop
145006FILE-OTHERJackson databind deserialization remote code execution attemptoffoffdropdrop
145012FILE-OTHERJackson databind deserialization remote code execution attemptoffoffdropdrop
145068SERVER-OTHEROracle Identity Manager default login attemptoffoffoffoff
145136INDICATOR-COMPROMISEMetasploit PowerShell CLI Download and Run attemptoffdropdropdrop
145137INDICATOR-COMPROMISEMetasploit run hidden powershell attemptoffdropdropdrop
145173BROWSER-FIREFOXMozilla download directory file deletion attemptoffoffoffoff
145174BROWSER-FIREFOXMozilla download directory file deletion attemptoffoffoffoff
145352MALWARE-CNCPowerShell Empire HTTP listener responseoffdropdropoff
145370FILE-OFFICEMicrosoft Office Word docx subDocument file include attemptoffdropdropdrop
145371FILE-OFFICEMicrosoft Office Word docx subDocument file include attemptoffdropdropdrop
145418OS-OTHERApple macOS IOHIDeous exploit download attemptoffoffdropdrop
145419OS-OTHERApple macOS IOHIDeous exploit download attemptoffoffdropdrop
145454SERVER-WEBAPPPostfixAdmin protected alias deletion attemptoffoffoffoff
145469MALWARE-CNCSambaCry ransomware download attemptoffdropdropoff
145470MALWARE-CNCSambaCry ransomware download attemptoffdropdropoff
145483MALWARE-CNCPdf.Phishing.Agent variant outbound connection detectedoffdropdropoff
145518POLICY-OTHERRemote Desktop weak 40-bit RC4 encryption use attemptoffoffoffdrop
145904MALWARE-BACKDOORCobaltStrike inbound beacon downloadoffdropdropdrop
145905MALWARE-BACKDOORCobaltStrike inbound beacon downloadoffdropdropdrop
145915INDICATOR-COMPROMISEPHP obfuscated eval command execution attemptoffoffoffdrop
145927FILE-OTHERSophos Tester Tool dll-load exploit attemptoffoffdropdrop
145928FILE-OTHERSophos Tester Tool dll-load exploit attemptoffoffdropdrop
145967MALWARE-CNCWin.Trojan.UDPOS outbound data exfiltrationoffdropdropdrop
145968MALWARE-CNCWin.Trojan.UDPOS outbound data exfiltrationoffdropdropdrop
145980MALWARE-CNCMultiOS.Trojan.OSCelestial variant inbound connectionoffdropdropdrop
146026SERVER-WEBAPPEventManager page.php sql injection attempt SQL injection attemptoffoffdropdrop
146027SERVER-WEBAPPEventManager page.php sql injection attempt SQL injection attemptoffoffdropdrop
146065MALWARE-CNCWin.Ransomware.Sigma outbound connectionoffdropdropdrop
146067MALWARE-CNCWin.Trojan.yty plugin downloader initial outbound connectionoffdropdropdrop
146070MALWARE-CNCWin.Trojan.yty file exfiltration outbound requestoffdropdropdrop
146368MALWARE-BACKDOORJSP Web shell upload attemptoffoffdropdrop
146369MALWARE-BACKDOORJSP Web shell access attemptoffoffdropdrop
146482MALWARE-CNCInstallation Keylogger Osx.Trojan.Mokes data exfiltrationoffdropdropdrop
146879SERVER-OTHERBMC Server Automation RSCD Agent remote code execution attemptoffoffoffoff
147070POLICY-OTHERArris VAP2500 default credentials authentication attemptoffoffoffoff
147115SERVER-MAILZerofont phishing attemptoffoffoffoff
147116SERVER-MAILZerofont phishing attemptoffoffoffoff
147137SERVER-WEBAPPHP VAN SDN Controller default token authentication attemptoffoffdropdrop
147138SERVER-WEBAPPHP VAN SDN Controller default credentials authentication attemptoffoffdropdrop
147371FILE-PDFAdobe Acrobat Reader XSLT engine use after free attemptoffoffdropdrop
147372FILE-PDFAdobe Acrobat Reader XSLT engine use after free attemptoffoffdropdrop
147377MALWARE-CNCUnix.Trojan.Vpnfilter plugin variant connection attemptoffdropdropdrop
147400INDICATOR-COMPROMISEMicrosoft powershell.exe outbound shell attemptoffoffoffdrop
147422FILE-OTHERSAP GUI ABAP code arbitrary dll-load attemptoffoffoffoff
147461BROWSER-PLUGINSCTSWebProxy ActiveX privilege escalation attemptoffoffdropdrop
147462BROWSER-PLUGINSCTSWebProxy ActiveX privilege escalation attemptoffoffdropdrop
147585SERVER-OTHERntpq decode array buffer overflow attemptoffoffoffoff
147846MALWARE-OTHERWin.Downloader.DDECmdExec variant downloadoffdropdropdrop
147847MALWARE-OTHERWin.Downloader.DDECmdExec variant downloadoffdropdropdrop
147866MALWARE-OTHERHtml.Dropper.Xbash variant obfuscated powershell invocationoffdropdropdrop
147867MALWARE-OTHERHtml.Dropper.Xbash variant obfuscated powershell invocationoffdropdropdrop
148144FILE-OTHERMcAfee True Key dll-load exploit attemptoffoffoffoff
148145FILE-OTHERMcAfee True Key dll-load exploit attemptoffoffoffoff
148231SERVER-WEBAPPApache Syncope XSL transform code injection attemptoffoffdropdrop
148237OS-WINDOWSMicrosoft Data Sharing dssvc.dll arbitrary file deletion attemptoffdropdropdrop
148238OS-WINDOWSMicrosoft Data Sharing dssvc.dll arbitrary file deletion attemptoffdropdropdrop
148288MALWARE-CNCWin.Trojan.FormBook variant outbound request detectedoffdropdropdrop
148508MALWARE-CNCWin.Trojan.ZeusPanda outbound connection attemptoffoffdropdrop
148531BROWSER-IEMicrosoft Internet Explorer 11 VBScript execution policy bypass attemptoffdropdropdrop
148532BROWSER-IEMicrosoft Internet Explorer 11 VBScript execution policy bypass attemptoffdropdropdrop
148573SERVER-WEBAPPWordPress arbitrary file deletion attemptoffoffdropdrop
148623FILE-OTHERAdobe Acrobat Pro integer overflow vulnerability attemptoffdropdropdrop
148624FILE-OTHERAdobe Acrobat Pro integer overflow vulnerability attemptoffdropdropdrop
148740SERVER-WEBAPPTridium Niagara default administrator account login attemptoffoffdropdrop
148894POLICY-SPAMPotential phishing attack - Web Open Font Format evasion attemptoffoffoffoff
148895POLICY-SPAMPotential phishing attack - Web Open Font Format evasion attemptoffoffoffoff
149051SERVER-OTHEREwon router default credential login attemptoffoffoffoff
149052SERVER-OTHERMoxa router default credential login attemptoffoffoffoff
149053SERVER-OTHERMoxa router default credential login attemptoffoffoffoff
149054SERVER-OTHERMoxa router default credential login attemptoffoffoffoff
149055SERVER-OTHERMoxa router default credential login attemptoffoffoffoff
149056SERVER-OTHERMoxa router default credential login attemptoffoffoffoff
149057SERVER-OTHERMoxa router default credential login attemptoffoffoffoff
149058SERVER-OTHERSierra Wireless router default credential login attemptoffoffoffoff
149059SERVER-OTHERSierra Wireless router default credential login attemptoffoffoffoff
149060SERVER-OTHERSierra Wireless router default credential login attemptoffoffoffoff
149061SERVER-OTHERSierra Wireless router default credential login attemptoffoffoffoff
149062SERVER-OTHERSierra Wireless router default credential login attemptoffoffoffoff
149063SERVER-OTHERSierra Wireless router default credential login attemptoffoffoffoff
149064SERVER-OTHERWestermo router default credential login attemptoffoffoffoff
14916BROWSER-IEMicrosoft Internet Explorer javascript onload document.write obfuscation overflow attemptoffoffoffdrop
14917BROWSER-IEMicrosoft Internet Explorer javascript onload prompt obfuscation overflow attemptoffoffoffdrop
149289FILE-OTHERWinRAR ACE remote code execution attemptoffdropdropdrop
149290FILE-OTHERWinRAR ACE remote code execution attemptoffdropdropdrop
149291FILE-OTHERWinRAR ACE remote code execution attemptoffdropdropdrop
149292FILE-OTHERWinRAR ACE remote code execution attemptoffdropdropdrop
14984SQLsa brute force failed login unicode attemptoffoffoffoff
16040MALWARE-BACKDOORfade 1.0 runtime detection - enable keyloggeroffoffoffoff
16041MALWARE-BACKDOORfade 1.0 runtime detection - enable keyloggeroffoffoffoff
16143MALWARE-BACKDOORdark connection inside v1.2 runtime detectionoffoffoffoff
16159MALWARE-BACKDOORdelirium of disorder runtime detection - enable keyloggeroffoffoffoff
16160MALWARE-BACKDOORdelirium of disorder runtime detection - stop keyloggeroffoffoffoff
17099MALWARE-BACKDOORremote hack 1.5 runtime detection - start keyloggerdropdropdropoff
17772MALWARE-BACKDOORmessiah 4.0 runtime detection - enable keylogger - flowbit setoffoffoffoff
17773MALWARE-BACKDOORmessiah 4.0 runtime detection - enable keyloggeroffoffoffoff
17806MALWARE-BACKDOORfatal wound 1.0 runtime detection - initial connectionoffoffoffoff
17807MALWARE-BACKDOORfatal wound 1.0 runtime detection - execute fileoffoffoffoff
17808MALWARE-BACKDOORfatal wound 1.0 runtime detection - uploadoffoffoffoff
18059SERVER-ORACLESYS.KUPW-WORKER sql injection attemptoffoffoffdrop
1809SERVER-WEBAPPwhois_raw.cgi arbitrary command execution attemptoffoffoffoff
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
110088MALWARE-OTHERKeylogger beyond Keylogger runtime detection - log sent by smtpoffoffoffoff
110089MALWARE-OTHERKeylogger beyond Keylogger runtime detection - log sent by ftpoffoffoffoff
110096MALWARE-OTHERKeylogger win32.remotekeylog.b runtime detection - keylogoffoffoffoff
110097MALWARE-OTHERKeylogger win32.remotekeylog.b runtime detectionoffoffoffoff
110098MALWARE-OTHERKeylogger win32.remotekeylog.b runtime detection - get system infooffoffoffoff
110099MALWARE-OTHERKeylogger win32.remotekeylog.b runtime detectionoffoffoffoff
110100MALWARE-OTHERKeylogger win32.remotekeylog.b runtime detection - open websiteoffoffoffoff
110165MALWARE-OTHERKeylogger mybr Keylogger runtime detectionoffoffoffoff
110167MALWARE-OTHERKeylogger radar spy 1.0 runtime detection - send html logoffoffoffoff
110181MALWARE-OTHERKeylogger systemsleuth runtime detectionoffoffoffoff
110183MALWARE-OTHERKeylogger activity Keylogger runtime detectionoffoffoffoff
110436MALWARE-OTHERKeylogger keyspy runtime detectionoffoffoffoff
110440MALWARE-OTHERKeylogger pc black box runtime detectionoffoffoffoff
11100INDICATOR-SCANL3retriever HTTP Probeoffoffoffoff
11101INDICATOR-SCANWebtrends HTTP probeoffoffoffoff
11122SERVER-WEBAPP/etc/passwd file access attemptoffoffoffoff
11129SERVER-WEBAPP.htaccess accessoffoffoffoff
111307MALWARE-OTHERKeylogger computer monitor Keylogger runtime detectionoffoffoffoff
111309MALWARE-OTHERKeylogger sskc v2.0 runtime detectionoffoffoffoff
111311MALWARE-OTHERKeylogger pcsentinelsoftware Keylogger runtime detection - upload inforoffoffoffoff
11133INDICATOR-SCANcybercop os probeoffoffoffoff
112048MALWARE-OTHERKeylogger computer Keylogger runtime detectionoffoffoffoff
112049MALWARE-OTHERKeylogger apophis spy 1.0 runtime detectionoffoffoffoff
112080OS-SOLARISOracle Solaris printd arbitrary file deletion vulnerabilityoffoffoffoff
112128MALWARE-OTHERKeylogger remotekeylog.b runtime detection - init connectionoffoffoffoff
112129MALWARE-OTHERKeylogger remotekeylog.b runtime detection - get sys infooffoffoffoff
112130MALWARE-OTHERKeylogger remotekeylog.b runtime detection - get sys infooffoffoffoff
112131MALWARE-OTHERKeylogger remotekeylog.b runtime detection - keyloggingoffoffoffoff
112132MALWARE-OTHERKeylogger remotekeylog.b runtime detection - keyloggingoffoffoffoff
112133MALWARE-OTHERKeylogger remotekeylog.b runtime detection - open urloffoffoffoff
112134MALWARE-OTHERKeylogger remotekeylog.b runtime detection - open urloffoffoffoff
112135MALWARE-OTHERKeylogger remotekeylog.b runtime detection - funoffoffoffoff
112136MALWARE-OTHERKeylogger remotekeylog.b runtime detection - funoffoffoffoff
112137MALWARE-OTHERKeylogger Keylogger king home 2.3 runtime detectionoffoffoffoff
112141MALWARE-OTHERKeylogger logit v1.0 runtime detectionoffoffoffoff
112185PROTOCOL-RPCportmap 2112 tcp requestoffoffoffdrop
112186PROTOCOL-RPCportmap 2112 udp requestoffoffoffdrop
112187PROTOCOL-RPCportmap 2112 tcp rename_principal attemptoffoffoffdrop
112188PROTOCOL-RPCportmap 2112 udp rename_principal attemptoffoffoffdrop
112226MALWARE-OTHERKeylogger overspy runtime detectionoffoffoffoff
112372MALWARE-OTHERKeylogger mg-shadow 2.0 runtime detectionoffoffoffoff
112379MALWARE-OTHERKeylogger PaqKeylogger 5.1 runtime detection - ftpoffoffoffoff
112480MALWARE-OTHERKeylogger inside website logger 2.4 runtime detectionoffdropdropoff
112625MALWARE-OTHERKeylogger windows family safety 2.0 runtime detectionoffoffoffoff
112698MALWARE-OTHERKeylogger net vizo 5.2 runtime detectionoffoffoffoff
112708PROTOCOL-RPCMIT Kerberos kadmind auth buffer overflow attemptoffoffoffdrop
112758MALWARE-OTHERKeylogger/RAT digi watcher 2.32 runtime detectionoffoffoffoff
112759MALWARE-OTHERKeylogger/RAT digi watcher 2.32 runtime detectionoffoffoffoff
112760MALWARE-OTHERKeylogger powered Keylogger 2.2 runtime detectionoffoffoffoff
112761MALWARE-OTHERKeylogger powered Keylogger 2.2 runtime detectionoffoffoffoff
112792MALWARE-OTHERKeylogger spy lantern Keylogger pro 6.0 runtime detectionoffoffoffoff
112793MALWARE-OTHERKeylogger spy lantern Keylogger pro 6.0 runtime detectionoffoffoffoff
113236MALWARE-OTHERKeylogger active Keylogger 3.9.2 runtime detectionoffoffoffoff
113237MALWARE-OTHERKeylogger active Keylogger 3.9.2 runtime detectionoffoffoffoff
113243MALWARE-OTHERKeylogger computer monitor 1.1 by lastcomfort runtime detectionoffoffoffoff
113244MALWARE-OTHERKeylogger computer monitor 1.1 by lastcomfort runtime detectionoffoffoffoff
113278MALWARE-OTHERKeylogger advanced spy 4.0 runtime detectionoffoffoffoff
113279MALWARE-OTHERKeylogger advanced spy 4.0 runtime detectionoffoffoffoff
113280MALWARE-OTHERKeylogger email spy monitor 6.9 runtime detectionoffoffoffoff
113281MALWARE-OTHERKeylogger email spy monitor 6.9 runtime detectionoffoffoffoff
113346PUA-ADWARESnoopware remote desktop inspector outbound connection - init connectionoffoffoffoff
113347PUA-ADWARESnoopware remote desktop inspector runtime detection - init connectionoffoffoffoff
113479MALWARE-OTHERKeylogger findnot guarddog 4.0 runtime detectionoffoffoffoff
113480MALWARE-OTHERKeylogger findnot guarddog 4.0 runtime detectionoffoffoffoff
113494MALWARE-OTHERKeylogger smart pc Keylogger runtime detectionoffoffoffoff
113567MALWARE-OTHERKeylogger msn spy monitor runtime detectionoffoffoffoff
113568MALWARE-OTHERKeylogger sys keylog 1.3 advanced runtime detectionoffoffoffoff
113642MALWARE-OTHERKeylogger easy Keylogger runtime detectionoffoffoffoff
113651MALWARE-OTHERKeylogger family cyber alert runtime detection - smtp traffic for recorded activitiesoffoffoffoff
113652PUA-ADWAREKeylogger all in one Keylogger runtime detectionoffoffoffoff
113767MALWARE-OTHERKeylogger cyber sitter runtime detectionoffoffoffoff
113768MALWARE-OTHERKeylogger cyber sitter runtime detectionoffoffoffoff
113778MALWARE-OTHERKeylogger kgb employee monitor runtime detectionoffoffoffoff
113812MALWARE-OTHERKeylogger refog Keylogger runtime detectionoffoffoffoff
113990SQLunion select - possible sql injection attempt - GET parameteroffoffdropdrop
114065MALWARE-OTHERKeylogger emptybase j runtime detectionoffoffoffoff
114074MALWARE-OTHERKeylogger spybosspro 4.2 runtime detectionoffoffoffoff
114075MALWARE-OTHERKeylogger ultimate Keylogger pro runtime detectionoffoffoffoff
115874SQLunion select - possible sql injection attempt - POST parameteroffoffdropdrop
116125MALWARE-OTHERKeylogger spyyahoo v2.2 runtime detectionoffoffoffoff
116129MALWARE-OTHERKeylogger kamyab Keylogger v.3 runtime detectionoffoffoffoff
116130MALWARE-OTHERKeylogger lord spy pro 1.4 runtime detectionoffoffoffoff
116137MALWARE-OTHERKeylogger cheat monitor runtime detectionoffoffoffoff
116350SERVER-OTHERntp mode 7 denial of service attemptoffoffoffoff
116455MALWARE-OTHERKeylogger egyspy keylogger 1.13 runtime detectionoffoffoffoff
117353OS-SOLARISOracle Solaris printd Daemon Arbitrary File Deletion attemptoffoffoffdrop
118533SERVER-OTHERMIT Kerberos KDC authentication denial of service attemptoffoffoffdrop
118534SERVER-OTHERMIT Kerberos KDC authentication denial of service attemptoffoffoffdrop
11859SERVER-WEBAPPOracle JavaServer default password login attemptoffoffoffoff
11860SERVER-WEBAPPLinksys router default password login attemptoffoffoffoff
11861SERVER-WEBAPPLinksys router default username and password login attemptoffoffoffoff
118985POLICY-OTHERCA ARCserve Axis2 default credential login attemptoffoffoffdrop
119311PUA-ADWAREKeylogger aspy v2.12 runtime detectionoffoffoffoff
119318MALWARE-OTHERDos.Tool.LOIC UDP default U dun goofed attackoffoffoffoff
119319MALWARE-OTHERDos.Tool.LOIC TCP default U dun goofed attackoffoffoffoff
119779INDICATOR-SCANsqlmap SQL injection scan attemptoffoffoffoff
120212SERVER-OTHERSSL CBC encryption mode weakness brute force attemptoffoffoffoff
120691POLICY-OTHERCisco Network Registrar default credentials authentication attemptoffoffoffoff
120692POLICY-OTHERCisco network registrar default credentials authentication attemptoffoffoffdrop
121088OS-WINDOWSMicrosoft Windows remote desktop denial of service attemptoffoffoffoff
121089OS-WINDOWSMicrosoft Windows remote desktop oversized cookie attemptoffoffoffoff
12145SERVER-WEBAPPTextPortal admin.php default password admin attemptoffoffoffoff
12146SERVER-WEBAPPTextPortal admin.php default password 12345 attemptoffoffoffoff
121637POLICY-SPAMlocal user attempted to fill out paypal phishing formoffoffoffoff
12176OS-WINDOWSMicrosoft Windows SMB startup folder accessoffoffoffoff
12177OS-WINDOWSMicrosoft Windows SMB startup folder unicode accessoffoffoffoff
121780INDICATOR-OBFUSCATIONencoded waitfor delay function in POST - possible sql injection attemptoffoffoffoff
121781INDICATOR-OBFUSCATIONencoded union select function in POST - possible sql injection attemptoffoffoffoff
12230SERVER-WEBAPPNetGear router default password login attempt admin/passwordoffoffoffoff
12273PROTOCOL-IMAPlogin brute force attemptoffoffoffoff
12274PROTOCOL-POPlogin brute force attemptoffoffoffoff
12275SERVER-MAILAUTH LOGON brute force attemptoffoffoffoff
123085INDICATOR-OBFUSCATIONObfuscated javascript string - joinoffoffoffoff
123086INDICATOR-OBFUSCATIONObfuscated javascript string - pushoffoffoffoff
123087INDICATOR-OBFUSCATIONObfuscated javascript string - xvaloffoffoffoff
123088INDICATOR-OBFUSCATIONObfuscated javascript string - qweqweoffoffoffoff
123089INDICATOR-OBFUSCATIONObfuscated javascript strings - obfuscation patternoffoffoffoff
1233MALWARE-OTHERTrin00 Attacker to Master default startup passwordoffoffoffoff
12334PROTOCOL-FTPYak! FTP server default account login attemptoffoffoffoff
1234MALWARE-OTHERTrin00 Attacker to Master default passwordoffoffoffoff
123481INDICATOR-OBFUSCATIONhex escaped characters in setTimeout calloffoffoffoff
123482INDICATOR-OBFUSCATIONhex escaped characters in addEventListener calloffoffoffoff
1235MALWARE-OTHERTrin00 Attacker to Master default mdie passwordoffoffoffoff
1237MALWARE-OTHERTrin00 Master to Daemon default password attemptoffoffoffoff
12406PROTOCOL-TELNETAPC SmartSlot default admin account attemptoffoffoffoff
124168INDICATOR-OBFUSCATIONhidden iframe - potential include of malicious contentoffoffoffoff
124360OS-WINDOWSMicrosoft Windows SMB Kerberos NULL session denial of service attemptoffoffoffoff
124372SERVER-OTHERKerberos KDC null pointer dereference denial of service attemptoffoffoffoff
125060INDICATOR-OBFUSCATIONActiveX multiple adjacent object tagsoffoffoffoff
126440INDICATOR-OBFUSCATIONObfuscated javascript/html generated by myobfuscate.com detectedoffoffoffoff
126441INDICATOR-OBFUSCATIONObfuscated javascript/html generated by myobfuscate.com detectedoffdropdropdrop
126619INDICATOR-OBFUSCATIONmultiple comment tags used in embedded RTF object - potentially maliciousoffoffoffoff
126620INDICATOR-OBFUSCATIONmultiple comment tags used in embedded RTF object - potentially maliciousoffoffoffoff
126645SERVER-OTHERSSL TLS deflate compression weakness brute force attemptoffoffoffoff
126759SERVER-OTHERMIT Kerberos libkdb_ldap principal name handling denial of service attemptoffoffoffoff
126769SERVER-OTHERMIT Kerberos kpasswd process_chpw_request denial of service attemptoffoffoffoff
127119INDICATOR-OBFUSCATIONmultiple plugin version detection attemptoffoffoffoff
127193SERVER-OTHERKerberos KDC null pointer dereference denial of service attemptoffoffoffoff
127194SERVER-OTHERKerberos KDC null pointer dereference denial of service attemptoffoffoffoff
127195SERVER-OTHERKerberos KDC null pointer dereference denial of service attemptoffoffoffoff
129354APP-DETECTFoca file scanning attemptoffoffoffoff
129393SERVER-OTHERntp monlist denial of service attemptoffoffoffoff
129680BROWSER-PLUGINSMicrosoft XML Core Services same origin policy bypass attemptoffoffoffoff
129681BROWSER-PLUGINSMicrosoft XML Core Services same origin policy bypass attemptoffoffoffoff
130327INDICATOR-OBFUSCATIONmultiple binary tags in close proximity - potentially maliciousoffoffoffdrop
130328INDICATOR-OBFUSCATIONmultiple binary tags in close proximity - potentially maliciousoffoffoffdrop
131764SERVER-OTHERMIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attemptoffoffoffoff
131765SERVER-OTHERMIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attemptoffoffoffoff
131830POLICY-OTHERQLogic Switch 5600/5800 default ftp login attemptoffdropdropdrop
131831POLICY-OTHERQLogic Switch 5600/5800 default ftp login attemptoffoffoffoff
132204SERVER-OTHERSSLv3 POODLE CBC padding brute force attemptoffoffoffoff
132205SERVER-OTHERSSLv3 POODLE CBC padding brute force attemptoffoffoffoff
132355INDICATOR-OBFUSCATIONJavascript variable obfuscationoffoffoffdrop
132602POLICY-OTHERManageEngine Eventlog Analyzer credential disclosure attemptoffoffoffoff
132755SERVER-OTHERTLSv1.0 POODLE CBC padding brute force attemptoffoffoffoff
132756SERVER-OTHERTLSv1.1 POODLE CBC padding brute force attemptoffoffoffoff
132757SERVER-OTHERTLSv1.2 POODLE CBC padding brute force attemptoffoffoffoff
132758SERVER-OTHERTLSv1.0 POODLE CBC padding brute force attemptoffoffoffoff
132759SERVER-OTHERTLSv1.1 POODLE CBC padding brute force attemptoffoffoffoff
132760SERVER-OTHERTLSv1.2 POODLE CBC padding brute force attemptoffoffoffoff
134112SERVER-OTHERNTP mode 6 REQ_NONCE denial of service attemptoffoffoffoff
134114SERVER-OTHERNTP mode 6 UNSETTRAP denial of service attemptoffoffoffoff
134295SQLLblog possible sql injection attempt - GET parameteroffoffdropoff
134709SERVER-OTHERMIT Kerberos MIT Kerberos 5 krb5_read_message denial of service attemptoffoffoffoff
135109EXPLOIT-KITAngler exploit kit obfuscated Flash actionscript classname detecteddropdropdropoff
135111SERVER-OTHEROpenSSL anomalous x509 certificate with default org name and certificate chain detectedoffoffoffoff
13542SQLSA brute force login attemptoffoffoffoff
13543SQLSA brute force login attempt TDS v7/8offoffoffoff
135527POLICY-OTHERMicrosoft cabinet file default sha1 signature detectedoffoffoffoff
135528POLICY-OTHERMicrosoft cabinet file default sha1 signature detectedoffoffoffoff
135831SERVER-OTHERmultiple vendors NTP daemon integer overflow attemptoffoffoffoff
135886POLICY-OTHERKaskad SCADA default username and password attemptoffoffoffoff
136252SERVER-OTHERntpd remote configuration denial of service attemptoffoffoffoff
136632SERVER-OTHERNTP decodenetnum assertion failure denial of service attemptoffoffoffdrop
136633SERVER-OTHERNTP decodenetnum assertion failure denial of service attemptoffoffoffdrop
136814SERVER-OTHERMIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attemptoffoffoffoff
137312FILE-PDFAdobe Acrobat Reader external entity data exfiltration attemptoffoffdropdrop
137313FILE-PDFAdobe Acrobat Reader external entity data exfiltration attemptoffoffdropdrop
137378SERVER-WEBAPPABB default password login attemptoffoffoffoff
137379SERVER-WEBAPPBinTec Elmeg default password login attemptoffoffoffoff
137380SERVER-WEBAPPBinTec Elmeg default password login attemptoffoffoffoff
137381SERVER-WEBAPPDigi default password login attemptoffoffoffoff
137382SERVER-WEBAPPDigi default password login attemptoffoffoffoff
137383SERVER-WEBAPPDigi default password login attemptoffoffoffoff
137384SERVER-WEBAPPEmerson default password login attemptoffoffoffoff
137385SERVER-WEBAPPHirschmann default password login attemptoffoffoffoff
137386SERVER-WEBAPPHirschmann default password login attemptoffoffoffoff
137387SERVER-WEBAPPMoxa default password login attemptoffoffoffoff
137388SERVER-WEBAPPNOVUS AUTOMATION default password login attemptoffoffoffoff
137389SERVER-WEBAPPRockwell Automation default password login attemptoffoffoffoff
137390SERVER-WEBAPPRockwell Automation default password login attemptoffoffoffoff
137391SERVER-WEBAPPSamsung default password login attemptoffoffoffoff
137392SERVER-WEBAPPSchneider default password login attemptoffoffoffoff
137393SERVER-WEBAPPSchneider default password login attemptoffoffoffoff
137394SERVER-WEBAPPWago default password login attemptoffoffoffoff
137395SERVER-WEBAPPWestermo default password login attemptoffoffoffoff
137396SERVER-WEBAPPeWON default password login attemptoffoffoffoff
137655OS-WINDOWSMicrosoft .NET Framework XSLT parser stack exhaustion attemptoffoffdropdrop
137656OS-WINDOWSMicrosoft .NET Framework XSLT parser stack exhaustion attemptoffoffdropdrop
137841SERVER-OTHERntpd reference clock impersonation attemptoffoffoffoff
137842SERVER-OTHERntpd reference clock impersonation attemptoffoffoffoff
137843SERVER-OTHERNTP crypto-NAK possible DoS attemptoffoffoffoff
138249SERVER-WEBAPPSamsung Data Manager default password login attemptoffoffoffoff
138332INDICATOR-OBFUSCATIONHTTP header dual colon evasion attemptoffoffoffdrop
138337INDICATOR-OBFUSCATIONHTTP header illegal character prior to encoding type evasion attemptoffoffoffdrop
138340INDICATOR-OBFUSCATIONHTTP multiple encodings per line attemptoffoffoffdrop
138341INDICATOR-OBFUSCATIONMultiple Encodings header evasion attemptoffoffoffdrop
138368INDICATOR-OBFUSCATIONHTTP illegal chars after encoding type evasion attemptoffoffoffdrop
138369INDICATOR-OBFUSCATIONHTTP header whitespace evasion attemptoffoffoffdrop
138394INDICATOR-OBFUSCATIONGzip invalid extra field evasion attemptoffoffoffdrop
138541INDICATOR-OBFUSCATIONnewline only separator evasionoffoffdropdrop
138595INDICATOR-OBFUSCATIONInvalid HTTP version evasion attemptoffoffoffdrop
138596INDICATOR-OBFUSCATIONHTTP header null byte evasion attemptoffoffoffdrop
138597INDICATOR-OBFUSCATIONHTTP header null byte evasion attemptoffoffoffdrop
138598INDICATOR-OBFUSCATIONinvalid HTTP header evasion attemptoffoffoffdrop
138599INDICATOR-OBFUSCATIONInvalid HTTP 100 response followed by 200 evasion attemptoffoffoffdrop
138600INDICATOR-OBFUSCATIONInvalid HTTP response code evasion attemptoffoffoffdrop
138601INDICATOR-OBFUSCATIONInvalid HTTP header format evasion attemptoffoffoffdrop
138602INDICATOR-OBFUSCATIONmixed case HTTP header evasion attemptoffoffoffdrop
138614INDICATOR-OBFUSCATIONcarriage return only separator evasionoffoffoffdrop
138615INDICATOR-OBFUSCATIONnewline only separator evasionoffoffoffdrop
138616INDICATOR-OBFUSCATIONcarriage return only separator evasionoffoffoffdrop
138617INDICATOR-OBFUSCATIONcarriage return only separator evasionoffoffoffdrop
138618INDICATOR-OBFUSCATIONnewline only separator evasionoffoffoffdrop
138637INDICATOR-OBFUSCATIONInvalid HTTP response code evasion attemptoffoffoffdrop
138641INDICATOR-OBFUSCATIONInvalid header line evasion attemptoffoffoffoff
138642INDICATOR-OBFUSCATIONInvalid HTTP 301 response evasion attemptoffoffoffdrop
138666INDICATOR-OBFUSCATIONHTTP header invalid entry evasion attemptoffoffoffoff
138667INDICATOR-OBFUSCATIONMixed case encoding type evasion attemptoffoffoffdrop
138677INDICATOR-OBFUSCATIONUTF-8 evasion attemptoffoffoffdrop
138678INDICATOR-OBFUSCATIONUTF-8 evasion attemptoffoffoffdrop
138679INDICATOR-OBFUSCATIONnon HTTP 1.1 version with 1.1 headers evasion attemptoffoffoffdrop
138734INDICATOR-OBFUSCATIONHTTP header value without key evasion attemptoffoffoffdrop
138922INDICATOR-OBFUSCATIONBrotli encoding evasion attemptoffoffoffoff
139320INDICATOR-OBFUSCATIONHTTP header invalid entry evasion attemptoffoffoffdrop
139321INDICATOR-OBFUSCATIONGzip encoded with reserved bit set evasion attemptoffoffoffdrop
139323INDICATOR-OBFUSCATIONGzip encoded with invalid CRC16 evasion attemptoffoffoffdrop
140094INDICATOR-SCANMicrosoft Internet Explorer AnchorElement information disclosure attemptoffoffoffoff
140095INDICATOR-SCANMicrosoft Internet Explorer AnchorElement information disclosure attemptoffoffoffoff
140220SERVER-OTHERCisco IOS Group-Prime memory disclosure exfiltration attemptoffdropdropdrop
140250INDICATOR-OBFUSCATIONChunked encoding used without HTTP 1.1 evasion attempt.offoffoffdrop
140316SERVER-APACHEApache Tomcat default credential login attemptoffoffoffoff
140317SERVER-APACHEApache Tomcat default credential login attemptoffoffoffoff
140318SERVER-APACHEApache Tomcat default credential login attemptoffoffoffoff
140319SERVER-APACHEApache Tomcat default credential login attemptoffoffoffoff
140320SERVER-APACHEApache Tomcat default credential login attemptoffoffoffoff
140322SERVER-OTHERCA weblogic default credential login attemptoffoffoffdrop
140324SERVER-OTHERAdobe ColdFusion default credential login attemptoffoffoffoff
140325SERVER-OTHERAdobe ColdFusion default credential login attemptoffoffoffoff
140331SERVER-WEBAPPJBoss default credential login attemptoffoffoffoff
140811SERVER-OTHERNTP origin timestamp denial of service attemptoffoffoffoff
140855SERVER-OTHERntpd mrulist control message command null pointer dereference attemptoffoffdropdrop
140856SERVER-OTHERntpd mrulist control message command null pointer dereference attemptoffoffdropdrop
140857SERVER-OTHERntpd mrulist control message command null pointer dereference attemptoffoffdropdrop
140858SERVER-OTHERntpd mrulist control message command null pointer dereference attemptoffoffdropdrop
140859SERVER-OTHERntpd mrulist control message command null pointer dereference attemptoffoffdropdrop
140860SERVER-OTHERntpd mrulist control message command null pointer dereference attemptoffoffdropdrop
140861SERVER-OTHERntpd mrulist control message command null pointer dereference attemptoffoffdropdrop
140862SERVER-OTHERntpd mrulist control message command null pointer dereference attemptoffoffdropdrop
140863SERVER-OTHERntpd mrulist control message command null pointer dereference attemptoffoffdropdrop
140864SERVER-OTHERntpd mrulist control message command null pointer dereference attemptoffoffdropdrop
140897SERVER-OTHERntpd mrulist control message command null pointer dereference attemptoffoffdropdrop
14126SERVER-OTHERVeritas Backup Exec root connection attempt using default password hashoffoffoffdrop
141367SERVER-OTHERNTPD zero origin timestamp denial of service attemptoffdropdropdrop
141440MALWARE-OTHERDos.Tool.LOIC TCP default U dun goofed attackoffoffoffoff
141793INDICATOR-SCANCisco Smart Install Protocol scan TFTP responsedropdropdropdrop
142017INDICATOR-OBFUSCATIONGzip encoded HTTP response with no Content-Length or chunked Transfer-Encoding headeroffoffoffdrop
142227SERVER-OTHERNTP Config Unpeer denial of service attemptoffoffoffoff
142235SERVER-OTHERNTP malformed config request denial of service attemptoffoffdropdrop
142289INDICATOR-SCANPHP info leak attemptoffoffoffoff
142340OS-WINDOWSMicrosoft Windows SMB anonymous session IPC share access attemptoffoffdropdrop
142785INDICATOR-SCANDNS version.bind string information disclosure attemptoffoffdropdrop
143073SQLSysAid potential default credential login attemptoffoffoffoff
143127POLICY-OTHERBeck IPC network configuration enumeration attemptoffoffoffoff
143287SERVER-WEBAPP/etc/inetd.conf file access attemptoffoffoffoff
143288SERVER-WEBAPP/etc/motd file access attemptoffoffoffoff
143289SERVER-WEBAPP/etc/shadow file access attemptoffoffoffoff
143989INDICATOR-OBFUSCATIONnewlines embedded in rtf headeroffoffoffdrop
143990INDICATOR-OBFUSCATIONRTF obfuscation stringoffoffoffdrop
144235INDICATOR-OBFUSCATIONFOPO obfuscated PHP file upload attemptoffdropdropdrop
144388SERVER-WEBAPPMultiple routers getcfg.php credential disclosure attemptoffdropdropdrop
144623POLICY-OTHEREMC Autostart default domain login attemptoffoffoffoff
144692INDICATOR-OBFUSCATIONCoinHive cryptocurrency mining attemptoffoffoffdrop
144693INDICATOR-OBFUSCATIONCoinHive cryptocurrency mining attemptoffoffoffdrop
144756SERVER-OTHERNTP crypto-NAK denial of service attemptoffoffoffoff
145693SERVER-OTHERNTP crypto-NAK denial of service attemptoffoffoffdrop
146387SERVER-OTHERMultiple Vendors NTP zero-origin timestamp denial of service attemptoffoffoffoff
146675FILE-PDFAdobe Acrobat Reader go-to action NTLM credential disclosure attemptoffdropdropdrop
146676FILE-PDFAdobe Acrobat Reader go-to action NTLM credential disclosure attemptoffdropdropdrop
146677FILE-PDFAdobe Acrobat Reader go-to action NTLM credential disclosure attemptoffdropdropdrop
146678FILE-PDFAdobe Acrobat Reader go-to action NTLM credential disclosure attemptoffdropdropdrop
146682SERVER-MAILMultiple products email with crafted MIME parts direct exfiltration attemptoffoffdropdrop
146683SERVER-MAILMultiple products email with crafted MIME parts direct exfiltration attemptoffoffdropdrop
146684SERVER-MAILMultiple products email with crafted MIME parts direct exfiltration attemptoffoffdropdrop
146685SERVER-MAILMultiple products email with crafted MIME parts direct exfiltration attemptoffoffdropdrop
147052SERVER-OTHERAdvantech WebAccess arbitrary file deletion attemptoffoffoffdrop
148109SERVER-OTHERAktakom oscilloscope denial of service attemptoffoffoffoff
349362SERVER-WEBAPPTRUFFLEHUNTER TALOS-2019-0787 attack attemptoffdropdropdrop
15742MALWARE-OTHERKeylogger activitylogger runtime detectionoffoffoffoff
15759MALWARE-OTHERKeylogger fearlesskeyspy runtime detectionoffoffoffoff
15777MALWARE-OTHERKeylogger gurl watcher runtime detectionoffoffoffoff
15778MALWARE-OTHERKeylogger runtime detection - hwpe windows activity logsoffoffoffoff
15779MALWARE-OTHERKeylogger runtime detection - hwpe shell file logsoffoffoffoff
15780MALWARE-OTHERKeylogger runtime detection - hwpe word filtered echelon logoffoffoffoff
15781MALWARE-OTHERKeylogger runtime detection - hwae windows activity logsoffoffoffoff
15782MALWARE-OTHERKeylogger runtime detection - hwae word filtered echelon logoffoffoffoff
15783MALWARE-OTHERKeylogger runtime detection - hwae keystrokes logoffoffoffoff
15784MALWARE-OTHERKeylogger runtime detection - hwae urls browsed logoffoffoffoff
15790MALWARE-OTHERKeylogger pc actmon pro runtime detection - smtpoffoffoffoff
15880MALWARE-OTHERKeylogger spyagent runtime detect - smtp deliverydropdropdropoff
15881MALWARE-OTHERKeylogger spyagent runtime detect - ftp deliveryalertalertalertoff
15882MALWARE-OTHERKeylogger spyagent runtime detect - alert notificationdropdropdropoff
1613INDICATOR-SCANmyscanoffoffoffoff
1616INDICATOR-SCANident version requestoffoffoffoff
1619INDICATOR-SCANcybercop os probeoffoffoffoff
16190MALWARE-OTHERKeylogger eblaster 5.0 runtime detectionoffoffoffoff
16207MALWARE-OTHERKeylogger winsession runtime detection - smtpoffoffoffoff
16208MALWARE-OTHERKeylogger winsession runtime detection - ftpoffoffoffoff
1622INDICATOR-SCANipEye SYN scanoffoffoffoff
16220MALWARE-OTHERKeylogger boss everyware runtime detectionoffoffoffoff
16221MALWARE-OTHERKeylogger computerspy runtime detectionoffoffoffoff
1626INDICATOR-SCANcybercop os PA12 attemptoffoffoffoff
1627INDICATOR-SCANcybercop os SFU12 probeoffoffoffoff
1630INDICATOR-SCANsynscan portscanoffoffoffoff
1634INDICATOR-SCANAmanda client-version requestoffoffoffoff
16340MALWARE-OTHERKeylogger handy keylogger runtime detectionoffoffoffoff
1635INDICATOR-SCANXTACACS logoutoffoffoffoff
1636INDICATOR-SCANcybercop udp bomboffoffoffoff
1637INDICATOR-SCANWebtrends Scanner UDP Probeoffoffoffoff
16383MALWARE-OTHERKeylogger stealthwatcher 2000 runtime detection - tcp connection setupoffoffoffoff
16384MALWARE-OTHERKeylogger stealthwatcher 2000 runtime detection - agent discover broadcastoffoffoffoff
16385MALWARE-OTHERKeylogger stealthwatcher 2000 runtime detection - agent status monitoringoffoffoffoff
16386MALWARE-OTHERKeylogger stealthwatcher 2000 runtime detection - agent up notificationoffoffoffoff
17154MALWARE-OTHERKeylogger active keylogger home runtime detectionoffoffoffoff
17156MALWARE-OTHERKeylogger win-spy runtime detection - email deliveryoffoffoffoff
17157MALWARE-OTHERKeylogger win-spy runtime detection - remote conn client-to-serveroffoffoffoff
17158MALWARE-OTHERKeylogger win-spy runtime detection - remote conn server-to-clientoffoffoffoff
17159MALWARE-OTHERKeylogger win-spy runtime detection - upload file client-to-serveroffoffoffoff
17160MALWARE-OTHERKeylogger win-spy runtime detection - upload file server-to-clientoffoffoffoff
17161MALWARE-OTHERKeylogger win-spy runtime detection - download file client-to-serveroffoffoffoff
17162MALWARE-OTHERKeylogger win-spy runtime detection - download file server-to-clientoffoffoffoff
17163MALWARE-OTHERKeylogger win-spy runtime detection - execute file client-to-serveroffoffoffoff
17164MALWARE-OTHERKeylogger win-spy runtime detection - execute file server-to-clientoffoffoffoff
17165MALWARE-OTHERKeylogger ab system spy runtime detection - information exchange - flowbit set 1offoffoffoff
17166MALWARE-OTHERKeylogger ab system spy runtime detection - information exchange - flowbit set 2offoffoffoff
17167MALWARE-OTHERKeylogger ab system spy runtime detection - information exchange - flowbit set 3offoffoffoff
17168MALWARE-OTHERKeylogger ab system spy runtime detection - information exchange - flowbit set 4offoffoffoff
17169MALWARE-OTHERKeylogger ab system spy runtime detection - information exchangeoffoffoffoff
17175MALWARE-OTHERKeylogger ab system spy runtime detection - log retrieveoffoffoffoff
17176MALWARE-OTHERKeylogger ab system spy runtime detection - log retrieveoffoffoffoff
17177MALWARE-OTHERKeylogger ab system spy runtime detection - info send through emailoffoffoffoff
17178MALWARE-OTHERKeylogger desktop detective 2000 runtime detection - init connectionoffoffoffoff
17179MALWARE-OTHERKeylogger desktop detective 2000 runtime detection - init connectionoffoffoffoff
17180MALWARE-OTHERKeylogger desktop detective 2000 runtime detection - init connectionoffoffoffoff
17184MALWARE-OTHERKeylogger 007 spy software runtime detection - smtpoffoffoffoff
17185MALWARE-OTHERKeylogger 007 spy software runtime detection - ftpoffoffoffoff
17186MALWARE-OTHERKeylogger kgb Keylogger runtime detectionoffoffoffoff
17504MALWARE-OTHERKeylogger actualspy runtime detection - ftp-dataoffoffoffoff
17505MALWARE-OTHERKeylogger actualspy runtime detection - smtpoffoffoffoff
17512MALWARE-OTHERKeylogger watchdog runtime detection - init connection - flowbit setoffoffoffoff
17513MALWARE-OTHERKeylogger watchdog runtime detection - init connectionoffoffoffoff
17514MALWARE-OTHERKeylogger watchdog runtime detection - send out info to server periodicallyoffoffoffoff
17515MALWARE-OTHERKeylogger watchdog runtime detection - remote monitoringoffoffoffoff
17539MALWARE-OTHERKeylogger eye spy pro 1.0 runtime detectionoffoffoffoff
17541MALWARE-OTHERKeylogger starlogger runtime detectionoffoffoffoff
17544MALWARE-OTHERKeylogger PerfectKeylogger runtime detection - flowbit set 1offoffoffoff
17545MALWARE-OTHERKeylogger PerfectKeylogger runtime detection - flowbit set 2offoffoffoff
17546MALWARE-OTHERKeylogger PerfectKeylogger runtime detectionoffoffoffoff
17547MALWARE-OTHERKeylogger activity monitor 3.8 runtime detection - agent status monitoringoffoffoffoff
17548MALWARE-OTHERKeylogger activity monitor 3.8 runtime detection - agent up notificationoffoffoffoff
17549MALWARE-OTHERKeylogger activity monitor 3.8 runtime detectionoffoffoffoff
17551MALWARE-OTHERKeylogger ardamax keylogger runtime detection - smtpoffoffoffoff
17552MALWARE-OTHERKeylogger ardamax keylogger runtime detection - ftpoffoffoffoff
17574MALWARE-OTHERKeylogger proagent 2.0 runtime detectionoffoffoffoff
17591MALWARE-OTHERKeylogger keylogger pro runtime detection - flowbit setoffoffoffoff
17592MALWARE-OTHERKeylogger keylogger pro runtime detectionoffoffoffoff
17596MALWARE-OTHERKeylogger spy lantern keylogger runtime detection - flowbit setoffoffoffoff
17597MALWARE-OTHERKeylogger spy lantern keylogger runtime detectionoffoffoffoff
17837MALWARE-OTHERKeylogger spyoutside runtime detection - email deliveryoffoffoffoff
17845MALWARE-OTHERKeylogger clogger 1.0 runtime detectionoffoffoffoff
17846MALWARE-OTHERKeylogger clogger 1.0 runtime detectionoffoffoffoff
17847MALWARE-OTHERKeylogger clogger 1.0 runtime detection - send log through emailoffoffoffoff
17857MALWARE-OTHERKeylogger EliteKeylogger runtime detectionoffoffoffoff
18355MALWARE-OTHERKeylogger spybuddy 3.72 runtime detectionoffoffoffoff
18356MALWARE-OTHERKeylogger spybuddy 3.72 runtime detection - send log out through emaildropdropdropoff
18357MALWARE-OTHERKeylogger spybuddy 3.72 runtime detection - send alert out through emaildropdropdropoff
18465MALWARE-OTHERKeylogger netobserve runtime detection - email notificationoffoffoffoff
18466MALWARE-OTHERKeylogger netobserve runtime detection - email notificationoffoffoffoff
18467MALWARE-OTHERKeylogger netobserve runtime detection - remote login responseoffoffoffoff
18544MALWARE-OTHERKeylogger nicespy runtime detection - smtpoffoffoffoff
19647MALWARE-OTHERKeylogger system surveillance pro runtime detectionoffoffoffoff
19648MALWARE-OTHERKeylogger emailspypro runtime detectionoffoffoffoff
19649MALWARE-OTHERKeylogger ghost Keylogger runtime detection - flowbit setoffoffoffoff
19650MALWARE-OTHERKeylogger ghost Keylogger runtime detectionoffoffoffoff
19827MALWARE-OTHERKeylogger paq keylog runtime detection - smtpoffoffoffoff
19828MALWARE-OTHERKeylogger paq keylog runtime detection - ftpoffoffoffoff
19830MALWARE-OTHERKeylogger supreme spy runtime detectionoffoffoffoff
Low Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
115362INDICATOR-OBFUSCATIONobfuscated javascript excessive fromCharCode - potential attackoffoffoffdrop
115363INDICATOR-OBFUSCATIONPotential obfuscated javascript eval unescape attack attemptoffoffoffoff
115414PROTOCOL-SCADAOMRON-FINS program area protect clear brute force attemptoffoffoffoff
115697INDICATOR-OBFUSCATIONrename of javascript unescape function detectedoffoffoffdrop
116354FILE-PDFAdobe Acrobat Reader start-of-file alternate header obfuscationoffoffoffoff
11638INDICATOR-SCANSSH Version map attemptoffoffoffoff
116390FILE-PDFAdobe Acrobat Reader alternate file magic obfuscationoffoffoffoff
116742FILE-IDENTIFYremote desktop configuration file download requestoffoffoffoff
117400INDICATOR-OBFUSCATIONrename of javascript unescape function detectedoffoffoffdrop
118179INDICATOR-SCANProxyfire.net anonymous proxy scanoffoffoffoff
119074INDICATOR-OBFUSCATIONjavascript uuencoded noop sled attemptoffoffoffdrop
119075INDICATOR-OBFUSCATIONjavascript uuencoded eval statementoffoffoffoff
119081INDICATOR-OBFUSCATIONknown suspicious decryption routineoffoffdropdrop
11917INDICATOR-SCANUPnP service discover attemptoffoffoffdrop
119559INDICATOR-SCANSSH brute force login attemptoffoffoffdrop
119868INDICATOR-OBFUSCATIONhidden 1x1 div tag - potential malware obfuscationoffoffoffoff
120274NETBIOSDCERPC NCACN-IP-TCP NetShareEnumAll requestoffoffoffoff
12041INDICATOR-SCANxtacacs failed login responseoffoffoffoff
12043INDICATOR-SCANisakmp login failedoffoffoffoff
121232SERVER-OTHERRemote Desktop Protocol brute force attemptoffoffoffoff
121282FILE-IDENTIFYXSL file download requestoffoffoffoff
121283FILE-IDENTIFYXSL file attachment detectedoffoffoffoff
121284FILE-IDENTIFYXSL file attachment detectedoffoffoffoff
121285FILE-IDENTIFYXSLT file download requestoffoffoffoff
121286FILE-IDENTIFYXSLT file attachment detectedoffoffoffoff
121287FILE-IDENTIFYXSLT file attachment detectedoffoffoffoff
121478FILE-IDENTIFYCHM file attachment detectedoffoffoffalert
121479FILE-IDENTIFYCHM file attachment detectedoffoffoffalert
121519INDICATOR-OBFUSCATIONDadongs obfuscated javascriptoffoffoffoff
122969FILE-IDENTIFYremote desktop configuration file attachment detectedoffoffoffoff
122970FILE-IDENTIFYremote desktop configuration file attachment detectedoffoffoffoff
123113INDICATOR-OBFUSCATIONeval gzinflate base64_decode call - likely maliciousoffoffoffoff
123114INDICATOR-OBFUSCATIONGIF header with PHP tags - likely maliciousoffoffoffoff
123226INDICATOR-OBFUSCATIONJavaScript error suppression routineoffoffoffoff
123601INDICATOR-SCANSkipfish scan default agent stringoffoffoffoff
123602INDICATOR-SCANSkipfish scan Firefox agent stringoffoffoffoff
123603INDICATOR-SCANSkipfish scan MSIE agent stringoffoffoffoff
123604INDICATOR-SCANSkipfish scan iPhone agent stringoffoffoffoff
123621INDICATOR-OBFUSCATIONknown packer routine with secondary obfuscationoffoffoffoff
124368MALWARE-CNCLizamoon sql injection campaign phone-homeoffoffoffoff
124369MALWARE-CNCLizamoon sql injection campaign ur.php response detectedoffoffoffoff
125451INDICATOR-OBFUSCATIONGIF header followed by PDF headerdropdropdropoff
125452INDICATOR-OBFUSCATIONPNG header followed by PDF headerdropdropdropoff
125453INDICATOR-OBFUSCATIONJPEG header followed by PDF headerdropdropdropoff
125454INDICATOR-OBFUSCATIONDOC header followed by PDF headerdropdropdropoff
125455INDICATOR-OBFUSCATIONGIF header followed by PDF headeroffdropdropoff
125456INDICATOR-OBFUSCATIONPNG header followed by PDF headeroffdropdropoff
125457INDICATOR-OBFUSCATIONJPEG header followed by PDF headeroffdropdropoff
125458INDICATOR-OBFUSCATIONDOC header followed by PDF headeroffdropdropoff
126286APP-DETECTAbsolute Software Computrace outbound connection - search.dnssearch.orgoffoffdropoff
126287APP-DETECTAbsolute Software Computrace outbound connection - search.namequery.comoffoffdropoff
126615INDICATOR-OBFUSCATIONJavascript substr rename attemptoffoffoffoff
126616INDICATOR-OBFUSCATIONJavascript indexOf rename attemptoffoffoffoff
126639BROWSER-IEMicrosoft Internet Explorer XML digital signature transformation of digest valueoffoffoffoff
126640BROWSER-IEMicrosoft Internet Explorer XML digital signature transformation of digest valueoffoffoffoff
127592INDICATOR-OBFUSCATIONJavascript obfuscation - split - seen in IFRAMEr Tool attackoffdropdropdrop
127729INDICATOR-COMPROMISErequest for potential web shell - /Silic.jspoffoffoffoff
127730INDICATOR-COMPROMISErequest for potential web shell - /css3.jspoffoffoffoff
127731INDICATOR-COMPROMISErequest for potential web shell - /inback.jspoffoffoffoff
127732INDICATOR-COMPROMISErequest for potential web shell - /jspspy.jspoffoffoffoff
127735INDICATOR-OBFUSCATIONJavascript obfuscation - document - seen in IFRAMEr Tool usageoffdropdropdrop
127736INDICATOR-OBFUSCATIONJavascript obfuscation - split - seen in IFRAMEr Tool attackoffdropdropdrop
127920INDICATOR-OBFUSCATIONJavascript obfuscation - split - seen in IFRAMEr Tool attackoffdropdropdrop
128002INDICATOR-SCANUPnP WANPPPConnectionoffoffoffoff
128003INDICATOR-SCANUPnP WANIPConnectionoffoffoffoff
128024INDICATOR-OBFUSCATIONJavascript obfuscation - seen in IFRAMEr Tool attackoffdropdropdrop
128025INDICATOR-OBFUSCATIONJavascript obfuscation - split - seen in IFRAMEr Tool attackoffdropdropdrop
128301INDICATOR-SCANUser-Agent known malicious user-agent Masscanoffoffoffoff
128552INDICATOR-SCANinbound probing for IPTUX messenger port offoffoffoff
128629INDICATOR-OBFUSCATIONobfuscated script encoding detectedoffoffoffdrop
128630INDICATOR-OBFUSCATIONobfuscated script encoding detectedoffoffoffdrop
128931BROWSER-IEMicrosoft Internet Explorer CHM file load attemptoffoffoffoff
128932BROWSER-IEMicrosoft Internet Explorer CHM file load attemptoffoffoffoff
129462INDICATOR-SCANUser-Agent known malicious user-agent The Moleoffdropdropdrop
131711INDICATOR-COMPROMISEKeylog string over FTP detectedoffoffdropdrop
132804EXPLOIT-KITknown malicious javascript packer detectedoffdropdropdrop
132845APP-DETECTAbsolute Software Computrace outbound connection - 209.53.113.223offoffdropoff
132846APP-DETECTAbsolute Software Computrace outbound connection - absolute.comoffoffdropoff
132847APP-DETECTAbsolute Software Computrace outbound connection - bh.namequery.comoffoffdropoff
132848APP-DETECTAbsolute Software Computrace outbound connection - namequery.nettrace.co.zaoffoffdropoff
132849APP-DETECTAbsolute Software Computrace outbound connection - search.us.namequery.comoffoffdropoff
132850APP-DETECTAbsolute Software Computrace outbound connection - search2.namequery.comoffoffdropoff
132851APP-DETECTAbsolute Software Computrace outbound connection - search64.namequery.comoffoffdropoff
132945FILE-IDENTIFY.scr executable screensaver file attachment detectedoffoffoffoff
132946FILE-IDENTIFY.scr executable screensaver file attachment detectedoffoffoffoff
132947FILE-IDENTIFY.scr executable screensaver file download requestoffoffoffoff
133939MALWARE-OTHERExecutable control panel file attachment detectedoffoffdropoff
133940MALWARE-OTHERExecutable control panel file attachment detectedoffoffdropoff
133941MALWARE-OTHERExecutable control panel file download requestoffoffalertoff
133942MALWARE-OTHERExecutable control panel file download requestoffoffalertoff
133943MALWARE-OTHERExecutable control panel file download requestoffdropdropoff
134118INDICATOR-OBFUSCATIONknown malicious javascript packer detectedoffoffoffoff
134226INDICATOR-OBFUSCATIONMultiple AV products evasion attemptoffoffoffoff
134227INDICATOR-OBFUSCATIONMultiple AV products evasion attemptoffoffoffoff
13551FILE-IDENTIFYHTA file download requestoffoffoffoff
136536SERVER-OTHERNTP crypto-NAK packet flood attemptoffoffoffdrop
136815SERVER-OTHERMIT Kerberos 5 SPNEGO incoming token detectedoffoffoffoff
136816SERVER-OTHERMIT Kerberos 5 IAKERB outbound token detectedoffoffoffoff
137903INDICATOR-OBFUSCATIONfromCharcode known obfuscation attemptoffoffoffdrop
137904INDICATOR-OBFUSCATIONfromCharcode known obfuscation attemptoffoffoffdrop
137905INDICATOR-OBFUSCATIONjavascript charset concatentation attemptoffoffoffdrop
137906INDICATOR-OBFUSCATIONjavascript known obfuscation method attemptoffoffoffdrop
137907INDICATOR-OBFUSCATIONjavascript unicode escape variable name attemptoffoffoffdrop
137908INDICATOR-OBFUSCATIONjavascript with hex variable namesoffoffoffdrop
137909INDICATOR-OBFUSCATIONknown javascript packer detectedoffoffoffdrop
137949INDICATOR-OBFUSCATIONdownload of heavily compressed PDF attemptoffoffoffdrop
137950INDICATOR-OBFUSCATIONemail of heavily compressed PDF attemptoffoffoffdrop
137971INDICATOR-OBFUSCATIONobfuscated script encoding detectedoffoffoffdrop
137972INDICATOR-OBFUSCATIONobfuscated script encoding detectedoffoffoffdrop
13819FILE-IDENTIFYCHM file download requestoffoffoffalert
138250INDICATOR-OBFUSCATIONHTML entity encoded ActiveX object instantiation detectedoffoffoffdrop
138251INDICATOR-OBFUSCATIONHTML entity encoded script language declaration detectedoffoffoffdrop
139488INDICATOR-OBFUSCATIONobfuscated javascript excessive fromCharCode - potential attackoffoffoffdrop
139489INDICATOR-OBFUSCATIONobfuscated javascript fromCharCode with mixed number bases - potential attackoffoffoffdrop
139490INDICATOR-OBFUSCATIONobfuscated javascript fromCharCode with mixed number bases - potential attackoffoffoffdrop
139870INDICATOR-COMPROMISEOracle E-Business Suite arbitrary node deletionoffoffoffdrop
14060APP-DETECTremote desktop protocol attempted administrator connection requestoffoffoffoff
142111INDICATOR-OBFUSCATIONBase64 encoded String.fromCharCodeoffoffdropdrop
142870FILE-PDFAdobe Reader PDF document XSLT engine information disclosure exploitation attemptoffoffoffoff
142871FILE-PDFAdobe Reader PDF document XSLT engine information disclosure exploitation attemptoffoffoffoff
142872FILE-PDFAdobe Reader PDF document XSLT engine information disclosure exploitation attemptoffoffoffoff
142873FILE-PDFAdobe Reader PDF document XSLT engine information disclosure exploitation attemptoffoffoffoff
142874FILE-PDFAdobe Reader PDF document XSLT engine information disclosure exploitation attemptoffoffoffoff
142875FILE-PDFAdobe Reader PDF document XSLT engine information disclosure exploitation attemptoffoffoffoff
142876FILE-PDFAdobe Reader PDF document XSLT engine information disclosure exploitation attemptoffoffoffoff
142877FILE-PDFAdobe Reader PDF document XSLT engine information disclosure exploitation attemptoffoffoffoff
142946INDICATOR-OBFUSCATIONHex escaped valueOf function name obfuscation attemptoffoffoffdrop
142947INDICATOR-OBFUSCATIONDridex String.prototype function definition obfuscation attemptoffdropdropdrop
142948INDICATOR-OBFUSCATIONHex escaped split function name obfuscation attemptoffoffoffdrop
142949INDICATOR-OBFUSCATIONURL encoded document class name obfuscation attemptoffoffoffdrop
142950INDICATOR-OBFUSCATIONURL encoded vbscript tag obfuscation attemptoffoffoffdrop
143002PROTOCOL-OTHERNETBIOS SMB IPC share access attemptoffoffoffoff
143003PROTOCOL-OTHERNETBIOS SMB IPC share access attemptoffoffoffoff
143128POLICY-OTHERBeck IPC network configuration overwrite attemptoffoffoffoff
143216INDICATOR-OBFUSCATIONHTTP payload not fully gzip compressed attemptoffoffdropdrop
143707INDICATOR-OBFUSCATIONobfuscated vbscript detectedoffoffoffdrop
143708INDICATOR-OBFUSCATIONobfuscated vbscript detectedoffoffoffdrop
143836INDICATOR-OBFUSCATIONAdobe Flash file packed with SecureSwf obfuscatoroffoffoffdrop
143837INDICATOR-OBFUSCATIONobfuscated javascript regexoffoffoffdrop
146381INDICATOR-COMPROMISEPotential data exfiltration through Google form submissionoffoffoffoff
148861INDICATOR-OBFUSCATIONPotential Z-WASP malicious URL obfuscation attemptoffoffoffoff
148862INDICATOR-OBFUSCATIONPotential Z-WASP malicious URL obfuscation attemptoffoffoffoff
148863INDICATOR-OBFUSCATIONPotential Z-WASP malicious URL obfuscation attemptoffoffoffoff
148864INDICATOR-OBFUSCATIONPotential Z-WASP malicious URL obfuscation attemptoffoffoffoff
16365MALWARE-OTHERSony rootkit runtime detectionoffoffoffoff
16489PUA-ADWAREHijacker analyze IE outbound connection - default page hijackeroffoffoffoff
17141PUA-ADWAREAdware pay-per-click runtime detection - updateoffoffoffoff
17564PUA-ADWAREHijacker startnow outbound connectionoffoffoffoff
18081INDICATOR-SCANUPnP service discover attemptoffoffoffoff