Other Trend Vision One™ – Network Security filters - ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns

18436 - HTTP: Trojan.Win32.Ursnif.HM Checkin
22546 - TLS: PupyRat Malicious SSL Certificate Detected (CLIENT)
22692 - TCP: Gh0st RAT (PCRat) Checkin Request
25492 - HTTP: Trojan-Downloader.Win64.BazarLoader.A Runtime Detection
27389 - HTTP: Trojan.Ursnif Data Exfiltration
29241 - TLS: PupyRat Runtime Detection (SSL/TLS Self-signed Certificate - CONTROL)
31175 - HTTP: Trojan.Win64.BazarTrickbot.A Runtime Detection
31454 - HTTP: Backdoor.Win32.Sarwent.A Runtime Detection
32039 - HTTP: Trickbot Data Exfiltration - Network Module
32337 - HTTP: FormBook Checkin Request
34081 - HTTP: Covenom Data Exfiltration Request
34283 - TCP: Backdoor.Win32.MoonWind.A Runtime Detection
34335 - HTTP: Trojan-Downloader.Win32.Dagozill.B Runtime Detection
34360 - TCP: Backdoor.Linux.Penquin.A Runtime Detection
34683 - TCP: Trojan.MSIL.Asyncrat.A Runtime Detection
34717 - UDP: Backdoor.Linux.Penquin.A Runtime Detection
35149 - TCP: LightNeuron PDF Payload Detection
35810 - TCP: Backdoor.Win32.Remcosrat.A Runtime Detection
36459 - HTTP: Trojan.Win32.Rokrat.B Runtime Detection
36526 - DNS: Trojan.Win32.Trickbot.Dns Runtime Detection (Type 0 Message)
36807 - HTTP: Trojan.JS.Ostap.A Runtime Detection
36828 - HTTP: Trickbot Data Exfiltration - (Card Payment)
36829 - HTTP: Trickbot Data Exfiltration - (Application Credentials Grabber)
36830 - TLS: Trojan.Win32.Trickbot.A Runtime Detection (Certificate)
36999 - UDP: Trojan.Win64.Anchor.A Runtime Detection
37607 - TCP: Backdoor.Win32.Gh0stZero.A Runtime Detection
37706 - TCP: Trojan.MSIL.AgentTesla.rov Runtime Detection
37875 - HTTP: Trojan-Downloader.JS.ValakLoad.A Runtime Detection
37922 - HTTP: Trojan-Downloader.JS.Valatasklod.A Runtime Detection
37934 - HTTP: Backdoor.MSIL.Clipbanransom.A Runtime Detection
37935 - HTTP: Backdoor.MSIL.Clipbanransom.A Runtime Detection
38042 - UDP: Trojan.Linux.Anchor.A Runtime Detection
38464 - HTTP: Trojan-Downloader.Win32.Deyma.AC Runtime Detection
38468 - TLS: Cobalt Strike Beacon (Certificate)
38900 - TLS: Cobalt Strike Team Server (Default Self-signed SSL/TLS Certificate)
38927 - TLS: Trojan.MSIL.Asyncrat.A (SSL/TLS Self-signed Certificate)
39104 - TLS: Backdoor.Win32.BitRAT.A (SSL/TLS Self-signed Certificate)
39796 - TCP: Backdoor.Win64.Moriya.A Runtime Detection
39821 - HTTP: Trojan.Win32.Ursnif.AHSY Runtime Detection
39916 - HTTP: Trojan.Win32.Matanbuchus.A Runtime Detection
40007 - TLS: Backdoor.MSIL.DcRAT.A Runtime Detection (SSL/TLS Self-signed Certificate)
40022 - HTTP: Trojan.MSIL.Sotulokgotu.A Runtime Detection
40252 - TCP: Trojan.MSIL.CobianRAT.B Runtime Detection
40340 - HTTP: Trojan-Downloader.Win64.Bumbleloader.A Runtime Detection
40405 - HTTP: Trojan.Win32.SquirrelWaffle.A Runtime Detection
40590 - TCP: Backdoor.Win32.RemcosRAT.E Runtime Detection
40955 - HTTP: Trojan-Downloader.MSIL.Chrimpace.A Runtime Detection
41066 - TCP: Trojan.Win32.Gh0stCringe.A Runtime Detection
41082 - TCP: Backdoor.Win32.Qakbot.YXCCRZ Runtime Detection
41121 - SMTP: Trojan.MSIL.SnakeKeylogger.ITGE Runtime Detection
41122 - SMTP: Trojan.MSIL.SnakeKeylogger.ITGE Runtime Detection
41269 - HTTP: Trojan.MSIL.SaintStealer.A Runtime Detection
41296 - HTTP: Trojan.MSIL.JesterStealer.A Runtime Detection
41297 - HTTP: Trojan.MSIL.JesterStealer.A Runtime Detection
41411 - UDP: Trojan.Win32.WinDealer.ZYJA Runtime Detection
41486 - TCP: Backdoor.Win32.Gh0stRAT.A Runtime Detection
41539 - HTTP: Backdoor.Win64.Brutel.A Runtime Detection
41570 - HTTP: Ransomware.Win64.SiennaPurple.B Runtime Detection
41773 - HTTP: Backdoor.Win64.Sliver.SMYXCFWAZ Runtime Detection (Session Key Exchange)
41775 - HTTP: Backdoor.Win64.Sliver.SMYXCFWAZ Runtime Detection (Download Command From C2)
41790 - TLS: Backdoor.Win64.Brutel.A Runtime Detection (SSL/TLS Self-signed Certificate)
41961 - HTTP: Trojan.MSIL.LilithBot.A Runtime Detection
42220 - HTTP: Trojan.Win32.LummaStealer.A Runtime Detection
42221 - HTTP: Trojan.Win32.LummaStealer.A Runtime Detection
42365 - HTTP: Trojan.Python.AndroxGh0st.A Runtime Detection
42366 - HTTP: Backdoor.Win64.Brutel.B Runtime Detection
42368 - HTTP: Backdoor.PHP.Reganamelif.A Runtime Detection (Authentication Request)
42370 - HTTP: Backdoor.PHP.Reganamelif.A Runtime Detection (Requesting Image)
42386 - HTTP: Trojan.Win32.BeepStealer.A Runtime Detection
42435 - HTTP: Trojan.MSIL.Stelega.E5915CF8 Runtime Detection
42577 - SMB: Worm.MSIL.BlackSnake.THCOABC Runtime Detection
42856 - HTTP: Trojan.MSIL.XWormRAT.YXDFMZ Runtime Detection
42931 - SMTP: Trojan.MSIL.SapphireStealer.A Runtime Detection
42966 - HTTP: Trojan.MSIL.PhemedroneStealer.A Runtime Detection
43090 - HTTP: Trojan.MSIL.RageStealer.A Runtime Detection (Data Exfiltration)
43187 - HTTP: Trojan.MSIL.WhiteSnake.YXDHSZ Runtime Detection
43318 - HTTP: Backdoor.Win32.BunnyLoader.A Runtime Detection (Checkin Request)
43323 - HTTP: Backdoor.Win32.BunnyLoader.A Runtime Detection (User-Agent Header)
43395 - TLS: Cobalt Strike Team Server (Pwn3rs Leak Self-signed SSL/TLS Certificate)
43446 - HTTP: Trojan.Python.LilithStealer.A Runtime Detection
43546 - TCP: Backdoor.Win32.SugarGh0st.A Runtime Detection
43556 - DNS: Backdoor.MSIL.AgentRacoon.A Runtime Detection
43741 - TCP: Backdoor.MSIL.XWorm.A Runtime Detection (Check-in Request - Non-Encrypted)
43767 - HTTP: Backdoor.PHP.Kullankomut.A Runtime Detection
43768 - HTTP: Trojan.PHP.Idbte4mc87.A Runtime Detection
43771 - HTTP: Backdoor.PHP.Marijuana.A Runtime Detection
43816 - HTTP: Trojan.Win32.LummaC.BSMTB Runtime Detection
43914 - HTTP: Backdoor.Win64.SIGNBT.A Runtime Detection
43918 - TCP: Backdoor.MSIL.XWorm.A Runtime Detection (Ping/Pong Packet - Encrypted)
43919 - HTTP: Backdoor.MSIL.XWorm.A Runtime Detection (DoS POST Packet)
43976 - HTTP: Trojan-Downloader.MSIL.ArkhalisLoader.A Runtime Detection
44063 - HTTP: Trojan.Shell.Kimsuky.GOSU Runtime Detection
44110 - HTTP: Trojan.MSIL.HacksterStealer.A Runtime Detection (Upload Stolen Data to Gofile)
44111 - HTTP: Trojan.MSIL.HacksterStealer.A Runtime Detection (Send Notification to Telegram)
44256 - TCP: Backdoor.Win32.LilithRat.A Runtime Detection
44344 - HTTP: Backdoor.Linux.TerribleTea.A Runtime Detection
44498 - TLS: Cobalt Strike Team Server (Self-signed SSL/TLS Certificate - Major Cobalt Strike commonName)
44528 - TLS: Cobalt Strike Team Server (Cat Leak Self-signed SSL/TLS Certificate)
44547 - HTTP: Trojan.Win32.Rokrat.C Runtime Detection
44566 - HTTP: Trojan-Downloader.MSIL.JellyfishLoader.A Runtime Detection
44603 - HTTP: Trojan.MSIL.SnakeStealer.A Runtime Detection
44767 - HTTP: Trojan.MSIL.LuxyStealer.SZC Runtime Detection
44768 - HTTP: Trojan.MSIL.LuxyStealer.SZC Runtime Detection - (Upload Archived File)
44769 - HTTP: Trojan.MSIL.LuxyStealer.SZC Runtime Detection (Ransomware Notification)
44770 - SMTP: Trojan.Python.Emansrepo.A Runtime Detection
44796 - HTTP: Trojan.Win32.LummaC.MRS Runtime Detection - (Initial C2 Check-in)
44797 - HTTP: Trojan.Win32.LummaC.MRS Runtime Detection - (Sending Encrypted Info)