Network Content Inspection Rules
Default Rule:
| Rule ID | Rule Description | Confidence Level | DDI Default Rule | Network Content Inspection Pattern Release Date | ||
|---|---|---|---|---|---|---|
| DDI RULE 5446 | CVE-2025-53770 - Sharepoint Deserialization Exploit - HTTP (Request) | 2025/07/22 | DDI RULE 5446 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5446 | ||
| DDI RULE 5438 | ONELOGIN ADMINAPI - HTTP (Request) | 2025/07/17 | DDI RULE 5438 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5438 | ||
| DDI RULE 5441 | CVE-2024-3721 - TBK DVR RCE - HTTP (Request) | 2025/07/17 | DDI RULE 5441 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5441 | ||
| DDI RULE 5443 | CVE-2025-5777 - CITRIX BLEED MEMORY OVERFLOW - HTTP (Request) | 2025/07/17 | DDI RULE 5443 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5443 | ||
| DDI RULE 5422 | WEBSOCKET UPGRADE - HTTP(Response) | 2025/07/16 | DDI RULE 5422 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5422 | ||
| DDI RULE 5437 | Possible DNS Tunneling - DNS (Response) - Variant 3 | 2025/07/16 | DDI RULE 5437 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5437 | ||
| DDI RULE 5436 | CVE-2016-10033 - PHPMailer RCE Exploit - HTTP (Request) | 2025/07/14 | DDI RULE 5436 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5436 | ||
| DDI RULE 5432 | CVE-2023-39780 - ASUS Command Injection Exploit - HTTP (Request) | 2025/07/09 | DDI RULE 5432 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5432 | ||
| DDI RULE 5435 | CVE-2025-33073 - Windows SMB Client Elevation of Privilege Vulnerability Exploit - DNS (Response) | 2025/07/09 | DDI RULE 5435 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5435 | ||
| DDI RULE 5434 | APT - BPFDOOR - HTTP(Request) | 2025/07/08 | DDI RULE 5434 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5434 | ||
| DDI RULE 5425 | CVE-2021-32030 - ASUS Router and Lyra Mini Authentication Bypass Exploit - HTTP (Response) | 2025/07/07 | DDI RULE 5425 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5425 | ||
| DDI RULE 5430 | Possible WebShell Attempt via PHP Obfuscation - HTTP (Request) - Variant 2 | 2025/07/07 | DDI RULE 5430 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5430 | ||
| DDI RULE 5431 | CVE-2025-30397 - JSCRIPT RCE - HTTP (Response) | 2025/07/03 | DDI RULE 5431 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5431 | ||
| DDI RULE 5433 | APT - BPFDOOR - TCP - Variant 2 | 2025/07/03 | DDI RULE 5433 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5433 | ||
| DDI RULE 5428 | CVE-2025-24016 - Wazuh Insecure Deserialization Exploit - HTTP (Request) | 2025/06/30 | DDI RULE 5428 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5428 | ||
| DDI RULE 5429 | CVE-2023-33538 - TPLink Command Injection Exploit - HTTP (Request) | 2025/06/30 | DDI RULE 5429 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5429 | ||
| DDI RULE 5384 | CVE-2025-32433 - Erlang OTP Server RCE Exploit - SSH (Request) | 2025/06/26 | DDI RULE 5384 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5384 | ||
| DDI RULE 5421 | APT - BPFDOOR - UDP | 2025/06/26 | DDI RULE 5421 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5421 | ||
| DDI RULE 5408 | CVE-2024-56145 - Craft CMS RCE Exploit - HTTP (Response) | 2025/06/25 | DDI RULE 5408 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5408 | ||
| DDI RULE 5417 | CVE-2025-33053 - WEBDAV RCE - HTTP (Response) | 2025/06/24 | DDI RULE 5417 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5417 | ||
| DDI RULE 5381 | CVE-2025-30406 - GLADINET CENTRESTACK RCE - HTTP (Request) | 2025/06/23 | DDI RULE 5381 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5381 | ||
| DDI RULE 5420 | APT - BPFDOOR - TCP | 2025/06/19 | DDI RULE 5420 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5420 | ||
| DDI RULE 5414 | CVE-2025-49220 - APEX CENTRAL RCE - HTTP (Response) | 2025/06/18 | DDI RULE 5414 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5414 | ||
| DDI RULE 5409 | CVE-2025-2146 - CANON BUFFER OVERFLOW - HTTP (Request) | 2025/06/17 | DDI RULE 5409 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5409 | ||
| DDI RULE 5415 | CVE-2025-49213 - ENDPOINT ENCRYPTION RCE - TCP (Request) | 2025/06/17 | DDI RULE 5415 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5415 | ||
| DDI RULE 5416 | CVE-2025-49212 - ENDPOINT ENCRYPTION RCE - TCP (Request) | 2025/06/17 | DDI RULE 5416 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5416 | ||
| DDI RULE 5368 | CVE-2022-43939 - PENTAHO AUTHBYPASS RCE EXPLOIT - HTTP(Response) | 2025/06/11 | DDI RULE 5368 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5368 | ||
| DDI RULE 5389 | FORTISANDBOX RCE EXPLOIT - HTTP(Response) | 2025/06/11 | DDI RULE 5389 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5389 | ||
| DDI RULE 5393 | CVE-2020-15999 - FREETYPE RCE EXPLOIT - HTTP(Response) | 2025/06/11 | DDI RULE 5393 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5393 | ||
| DDI RULE 5410 | CVE-2025-24813 - APACHE TOMCAT RCE - HTTP (Request) | 2025/06/10 | DDI RULE 5410 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5410 | ||
| DDI RULE 5411 | CVE-2025-3248 - LANGFLOW RCE - HTTP (Request) | 2025/06/10 | DDI RULE 5411 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5411 | ||
| DDI RULE 5412 | CVE-2025-32756 - FORTINET RCE - HTTP (Request) | 2025/06/10 | DDI RULE 5412 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5412 | ||
| DDI RULE 5413 | CVE-2025-46337 - ADODB SQL INJECTION - HTTP (Response) | 2025/06/10 | DDI RULE 5413 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5413 | ||
| DDI RULE 4590 | VIDAR - HTTP(REQUEST) - Variant 2 | 2025/06/05 | DDI RULE 4590 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-4590 | ||
| DDI RULE 5380 | CVE-2024-11131 - SYNOLOGY BUFFER OVERFLOW - HTTP(RESPONSE) | 2025/06/05 | DDI RULE 5380 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5380 | ||
| DDI RULE 5402 | Multiple Occurrences of Negotiate Request Activity Sensor - RDP (Request) | 2025/06/05 | DDI RULE 5402 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5402 | ||
| DDI RULE 5405 | ALLEGRA MULTIPLE DIRECTORY TRAVERSAL EXPLOIT ATTEMPT - HTTP (REQUEST) | 2025/06/05 | DDI RULE 5405 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5405 | ||
| DDI RULE 5404 | CVE-2025-29635 - DLINK COMMAND INJECTION EXPLOIT ATTEMPT- HTTP (REQUEST) | 2025/06/04 | DDI RULE 5404 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5404 | ||
| DDI RULE 5403 | CVE-2025-24054 - MSNTLM EXPLOIT - HTTP(Response) | 2025/05/29 | DDI RULE 5403 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5403 | ||
| DDI RULE 5406 | ECHARGE COMMAND INJECTION EXPLOIT - HTTP (Response) | 2025/05/29 | DDI RULE 5406 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5406 | ||
| DDI RULE 5329 | CVE-2024-8856 - WordPress Time Capsule Plugin Exploit - HTTP (Response) | 2025/05/28 | DDI RULE 5329 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5329 | ||
| DDI RULE 5395 | IVANTI EPMANAGER EXPLOIT - HTTP(Response) | 2025/05/27 | DDI RULE 5395 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5395 | ||
| DDI RULE 5400 | Presence of Angry IP Scanner - DNS (Response) | 2025/05/27 | DDI RULE 5400 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5400 | ||
| DDI RULE 5390 | Possible AS-REP Roasting Attack - Kerberos (Request) | 2025/05/26 | DDI RULE 5390 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5390 | ||
| DDI RULE 5399 | CVE-2019-2729 or CVE-2019-2725 - Oracle Weblogic - HTTP (Request) | 2025/05/22 | DDI RULE 5399 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5399 | ||
| DDI RULE 5360 | APT - BPFDOOR - ICMP (Request) | 2025/05/21 | DDI RULE 5360 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5360 | ||
| DDI RULE 5372 | SQLMAP Sensor - HTTP (Response) | 2025/05/21 | DDI RULE 5372 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5372 | ||
| DDI RULE 5396 | Suspicious Shell Command in Header - HTTP (Request) | 2025/05/19 | DDI RULE 5396 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5396 | ||
| DDI RULE 5370 | CVE-2024-41710 - MITEL6800 RCE EXPLOIT - HTTP(Request) | 2025/05/14 | DDI RULE 5370 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5370 | ||
| DDI RULE 5394 | CVE-2024-57050 - TPLINK EXPLOIT - HTTP(Response) | 2025/05/13 | DDI RULE 5394 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5394 | ||
| DDI RULE 5371 | CVE-2025-31161 - CRUSHFTP AUTH BYPASS - HTTP (Response) | 2025/05/08 | DDI RULE 5371 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5371 | ||
| DDI RULE 5365 | CVE-2024-11040 - VLLM DOS EXPLOIT - HTTP (Response) | 2025/05/07 | DDI RULE 5365 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5365 | ||
| DDI RULE 5391 | CVE-2025-22461 - IVANTI SQLI - HTTP (Response) | 2025/05/07 | DDI RULE 5391 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5391 | ||
| DDI RULE 5392 | CVE-2024-23468 - SOLARWINDS PATH TRAVERSAL - TCP (Request) | 2025/05/07 | DDI RULE 5392 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5392 | ||
| DDI RULE 5388 | Invoke Request Activity via DCOM - DCERPC (Request) | 2025/05/06 | DDI RULE 5388 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5388 | ||
| DDI RULE 5387 | CVE-2023-44221 - SONICWALL EXPLOIT COMMAND INJECTION EXPLOIT - HTTP(RESPONSE) | 2025/05/03 | DDI RULE 5387 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5387 | ||
| DDI RULE 5385 | CVE-2021-47667 - ZENDTO RCE - HTTP (Request) | 2025/04/30 | DDI RULE 5385 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5385 | ||
| DDI RULE 5382 | CVE-2025-31324 - SAP NETWEAVER UPLOAD EXPLOIT REQUEST - HTTP(REQUEST) | 2025/04/26 | DDI RULE 5382 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5382 | ||
| DDI RULE 5377 | ROUTER CLEARTEXT PASSWORD DISCLOSURE EXPLOIT - HTTP (Request) | 2025/04/22 | DDI RULE 5377 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5377 | ||
| DDI RULE 5376 | CVE-2024-11042 - APACHE AI FILE DELETION - HTTP (Request) | 2025/04/21 | DDI RULE 5376 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5376 | ||
| DDI RULE 5373 | CVE-2025-22457 - XFORWARDEDFOR BUFFER OVERFLOW - HTTP (Request) | 2025/04/16 | DDI RULE 5373 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5373 | ||
| DDI RULE 5375 | CVE-2024-10188 - LITELLM DOS - HTTP (Request) | 2025/04/16 | DDI RULE 5375 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5375 | ||
| DDI RULE 5362 | CVE-2025-24893 - XWIKI SOLRSEARCHMACROS RCE - HTTP (Request) | 2025/04/15 | DDI RULE 5362 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5362 | ||
| DDI RULE 5364 | CVE-2024-8859 - MLFLOW DIRECTORY TRAVERSAL - HTTP (Request) | 2025/04/15 | DDI RULE 5364 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5364 | ||
| DDI RULE 5367 | CVE-2025-30355 - DOS Exploit - HTTP(Response) | 2025/04/15 | DDI RULE 5367 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5367 | ||
| DDI RULE 5369 | IVANTI TRAVERSAL EXPLOIT - HTTP(Response) | 2025/04/15 | DDI RULE 5369 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5369 | ||
| DDI RULE 5352 | POSSIBLE CVE-2025-21277 - MSMQ BUFFER EXPLOIT - HTTP(Request) | 2025/04/03 | DDI RULE 5352 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5352 | ||
| DDI RULE 5353 | CVE-2024-45195 - APACHE OFBIZ RCE EXPLOIT - HTTP(Request) | 2025/04/03 | DDI RULE 5353 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5353 | ||
| DDI RULE 5355 | WMI QUERY RCE - DCERPC (Request) | 2025/04/03 | DDI RULE 5355 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5355 | ||
| DDI RULE 5363 | CVE-2024-50330 - IVANTI SQL INJECTION - HTTP (Response) | 2025/04/02 | DDI RULE 5363 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5363 | ||
| DDI RULE 5326 | IVANTI SQL INJECTION RCE EXPLOIT - HTTP (Request) | 2025/03/26 | DDI RULE 5326 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5326 | ||
| DDI RULE 5359 | CVE-2018-8639 - Win32k Privilege Escalation Exploit - HTTP (Response) | 2025/03/26 | DDI RULE 5359 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5359 | ||
| DDI RULE 5351 | Microsoft Windows Zero Day Vulnerability (ZDI-25-148) - HTTP(Response) | 2025/03/25 | DDI RULE 5351 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5351 | ||
| DDI RULE 5357 | CVE-2018-9276 - PRTG Command Injection - HTTP (Request) | 2025/03/25 | DDI RULE 5357 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5357 | ||
| DDI RULE 5324 | CVE-2024-43468 - CM SQL INJECTION RCE - HTTP (Response) | 2025/03/24 | DDI RULE 5324 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5324 | ||
| DDI RULE 5335 | CVE-2025-21377 - NTLM RELAY EXPLOIT - HTTP (Response) | 2025/03/24 | DDI RULE 5335 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5335 | ||
| DDI RULE 5356 | CVE-2025-29927 - NEXTJS MIDDLEWARE EXPLOIT - HTTP(Response) | 2025/03/24 | DDI RULE 5356 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5356 | ||
| DDI RULE 5333 | WMI RCE - DCERPC (Request) | 2025/03/19 | DDI RULE 5333 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5333 | ||
| DDI RULE 5341 | Suspicious Shell Command Sensor - TCP | 2025/03/18 | DDI RULE 5341 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5341 | ||
| DDI RULE 5336 | CVE-2025-21308 - WINDOWS THEMES SPOOFING EXPLOIT - HTTP (Response) | 2025/03/13 | DDI RULE 5336 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5336 | ||
| DDI RULE 5338 | CVE-2025-0108 - PALO ALTO AUTH BYPASS EXPLOIT - HTTP (Response) | 2025/03/13 | DDI RULE 5338 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5338 | ||
| DDI RULE 5342 | ITaskSchedulerService Remote Schedule Tasks (Create) - SMB (Request) | 2025/03/13 | DDI RULE 5342 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5342 | ||
| DDI RULE 5343 | ITaskSchedulerService Remote Schedule Tasks (Run) - SMB (Request) | 2025/03/13 | DDI RULE 5343 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5343 | ||
| DDI RULE 5344 | ITaskSchedulerService Remote Schedule Tasks (Delete) - SMB (Request) | 2025/03/13 | DDI RULE 5344 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5344 | ||
| DDI RULE 5345 | ITaskSchedulerService Remote Schedule Tasks (Create) - SMB2 (Request) | 2025/03/13 | DDI RULE 5345 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5345 | ||
| DDI RULE 5346 | ITaskSchedulerService Remote Schedule Tasks (Run) - SMB2 (Request) | 2025/03/13 | DDI RULE 5346 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5346 | ||
| DDI RULE 5347 | ITaskSchedulerService Remote Schedule Tasks (Delete) - SMB2 (Request) | 2025/03/13 | DDI RULE 5347 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5347 | ||
| DDI RULE 5348 | SVCCTL Create Service - SMB2 (Request) | 2025/03/13 | DDI RULE 5348 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5348 | ||
| DDI RULE 5349 | SVCCTL Start Service - SMB2 (Request) | 2025/03/13 | DDI RULE 5349 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5349 | ||
| DDI RULE 5327 | CVE-2024-43365 - CACTI XSS EXPLOIT - HTTP (Response) | 2025/03/12 | DDI RULE 5327 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5327 | ||
| DDI RULE 5331 | CVE-2024-46909 - WhatsUp Gold WriteDataFile Directory Traversal Exploit - TCP (Request) | 2025/03/11 | DDI RULE 5331 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5331 | ||
| DDI RULE 5337 | CVE-2024-55591 - FORTINET SECURITY BYPASS EXPLOIT - HTTP (Response) | 2025/03/10 | DDI RULE 5337 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5337 | ||
| DDI RULE 5321 | CVE-2025-0105 - Palo Alto Networks Expedition Input Validation Exploit - HTTP (Response) | 2025/03/05 | DDI RULE 5321 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5321 | ||
| DDI RULE 5334 | CVE-2024-13158 - IVANTI DIRECTORY TRAVERSAL EXPLOIT- HTTP (Request) | 2025/03/05 | DDI RULE 5334 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5334 | ||
| DDI RULE 5340 | LBLINK COMMAND INJECTION EXPLOIT - HTTP (Request) | 2025/03/05 | DDI RULE 5340 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5340 | ||
| DDI RULE 5332 | CVE-2024-43639 - Microsoft Windows KDC Integer Overflow Exploit - TCP (Response) | 2025/03/04 | DDI RULE 5332 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5332 | ||
| DDI RULE 5322 | Active Directory Certificate Services Template Discovery - LDAP (Request) - Variant 2 | 2025/03/03 | DDI RULE 5322 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5322 | ||
| DDI RULE 5330 | NMAP NetBios Session Service Scan - TCP (Request) | 2025/03/03 | DDI RULE 5330 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5330 | ||
| DDI RULE 5313 | CVE-2010-2568 - Windows Shell RCE - HTTP (Response) | 2025/02/20 | DDI RULE 5313 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5313 | ||
| DDI RULE 5323 | CVE-2024-49112 - INTEGER OVERFLOW EXPLOIT - LDAP (Response) | 2025/02/20 | DDI RULE 5323 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5323 | ||
| DDI RULE 5317 | CVE-2024-56337 - APACHE TOMCAT RCE - HTTP (Response) | 2025/02/19 | DDI RULE 5317 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5317 | ||
| DDI RULE 5305 | CVE-2024-42327 - Zabbix SQL Injection - HTTP (Response) | 2025/02/18 | DDI RULE 5305 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5305 | ||
| DDI RULE 5318 | CVE-2025-0282 - IVANTI RCE EXPLOIT - HTTP(Request) | 2025/02/17 | DDI RULE 5318 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5318 | ||
| DDI RULE 5320 | CVE-2025-0107 - Palo Alto Networks Expedition Insecure Deserialization Exploit - HTTP (Response) | 2025/02/17 | DDI RULE 5320 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5320 | ||
| DDI RULE 5316 | CVE-2024-37404 - IVANTI RCE EXPLOIT - HTTP (Response) | 2025/02/12 | DDI RULE 5316 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5316 | ||
| DDI RULE 5314 | ADCS Suspicious use of Certificate - Kerberos (Request) | 2025/02/11 | DDI RULE 5314 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5314 | ||
| DDI RULE 5310 | CVE-2024-52047 - DIRECTORY TRAVERSAL EXPLOIT - HTTP (Request) | 2025/02/06 | DDI RULE 5310 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5310 | ||
| DDI RULE 5312 | CVE-2024-40711 - Veeam Backup & Replication Remote Command Execution Exploit - HTTP (Response) | 2025/02/06 | DDI RULE 5312 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5312 | ||
| DDI RULE 5303 | CVE-2024-51378 - CYBERPANEL RCE EXPLOIT - HTTP (Request) | 2025/02/05 | DDI RULE 5303 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5303 | ||
| DDI RULE 5311 | CVE-2022-22947 - SPRINGCLOUD RCE EXPLOIT - HTTP (Request) | 2025/02/05 | DDI RULE 5311 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5311 | ||
| DDI RULE 5292 | CVE-2024-47575 - FORTIMANAGER RCE EXPLOIT - HTTP (Response) | 2025/02/04 | DDI RULE 5292 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5292 | ||
| DDI RULE 5304 | CVE-2024-12828 - WEBMIN RCE EXPLOIT - HTTP (Response) | 2025/01/30 | DDI RULE 5304 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5304 | ||
| DDI RULE 5306 | CVE-2024-53691 - QNAP RCE - HTTP (Request) | 2025/01/30 | DDI RULE 5306 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5306 | ||
| DDI RULE 5307 | CVE-2024-50388 - QNAP BACKUP EXPLOIT - HTTP(Request) | 2025/01/30 | DDI RULE 5307 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5307 | ||
| DDI RULE 5302 | CVE-2024-8963 - IVANTI AUTH BYPASS EXPLOIT - HTTP (Response) | 2025/01/24 | DDI RULE 5302 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5302 | ||
| DDI RULE 5300 | CVE-2024-29847 - IVANTI RCE EXPLOIT - TCP (Request) | 2025/01/22 | DDI RULE 5300 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5300 | ||
| DDI RULE 5301 | CVE-2024-50603 - AVIATRIX COMMAND INJECTION - HTTP (Request) | 2025/01/21 | DDI RULE 5301 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5301 | ||
| DDI RULE 5246 | Entropy Encoded Cookie Sensor - HTTP (Request) | 2025/01/20 | DDI RULE 5246 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5246 | ||
| DDI RULE 5247 | Base64 Encoded Cookie Sensor - HTTP (Request) | 2025/01/20 | DDI RULE 5247 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5247 | ||
| DDI RULE 5299 | HTTP Websocket Connection to External Server (Request) | 2025/01/16 | DDI RULE 5299 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5299 | ||
| DDI RULE 1268 | Reverse HTTPS Meterpreter detected - Variant 2 | 2025/01/15 | DDI RULE 1268 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-1268 | ||
| DDI RULE 5298 | CVE-2024-5011 - WHATSUP GOLD EXPLOIT - HTTP (Request) | 2025/01/15 | DDI RULE 5298 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5298 | ||
| DDI RULE 2744 | OMRON FINS UDP Read Controller Attempt NSE - UDP (Request) | 2025/01/13 | DDI RULE 2744 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-2744 | ||
| DDI RULE 5294 | CVE-2024-38856 - OFBIZ AUTHBYPASS EXPLOIT - HTTP (Response) | 2025/01/08 | DDI RULE 5294 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5294 | ||
| DDI RULE 5289 | CVE-2024-49122 - MSMQ RCE EXPLOIT - TCP (Response) | 2025/01/07 | DDI RULE 5289 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5289 | ||
| DDI RULE 5290 | CVE-2024-9464 - PaloAlto Command Injection Exploit - HTTP (Request) | 2025/01/06 | DDI RULE 5290 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5290 | ||
| DDI RULE 5297 | CVE-2024-49113 - WINDOWS LDAP DOS EXPLOIT - CLDAP(RESPONSE) | 2025/01/06 | DDI RULE 5297 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5297 | ||
| DDI RULE 5295 | CVE-2024-50623 - CLEO DIRECTORY TRAVERSAL - HTTP (Request) | 2025/01/02 | DDI RULE 5295 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5295 | ||
| DDI RULE 5288 | CVE-2024-46938 - Sitecore Directory Traversal Exploit - HTTP (Response) | 2024/12/19 | DDI RULE 5288 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5288 | ||
| DDI RULE 5291 | CVE-2024-25153 - Fortra FileCatalyst Workflow Directory Traversal Exploit - HTTP (Response) | 2024/12/19 | DDI RULE 5291 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5291 | ||
| DDI RULE 5293 | CVE-2024-11320 - Pandora Remote Command Execution Exploit - HTTP (Response) | 2024/12/19 | DDI RULE 5293 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5293 | ||
| DDI RULE 4594 | COBALTSTRIKE - HTTP(REQUEST) - Variant 3 | 2024/12/11 | DDI RULE 4594 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-4594 | ||
| DDI RULE 4861 | COBEACON - DNS (Response) - Variant 3 | 2024/12/11 | DDI RULE 4861 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-4861 | ||
| DDI RULE 5253 | CVE-2024-29830 - IVANTI SQL INJECTION EXPLOIT - HTTP(REQUEST) | 2024/12/11 | DDI RULE 5253 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5253 | ||
| DDI RULE 5281 | AD File and Directory Discovery - SMB2 (Request) | 2024/12/11 | DDI RULE 5281 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5281 | ||
| DDI RULE 5284 | CVE-2024-34051 - DOLIBARR AC EXECUTION EXPLOIT - HTTP(REQUEST) | 2024/12/11 | DDI RULE 5284 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5284 | ||
| DDI RULE 5287 | Active Directory Certificate Services Template Discovery- LDAP (Request) | 2024/12/11 | DDI RULE 5287 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5287 | ||
| DDI RULE 5283 | CVE-2024-9264 - Grafana SQL Injection Exploit - HTTP (Response) | 2024/12/10 | DDI RULE 5283 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5283 | ||
| DDI RULE 5286 | Possible Discovery Using NETSHAREENUM API - SMB2 (Request) | 2024/12/10 | DDI RULE 5286 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5286 | ||
| DDI RULE 4396 | CVE-2020-1967 - Signature Algorithms Cert Denial of Service - HTTPS (Request) | 2024/12/09 | DDI RULE 4396 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-4396 | ||
| DDI RULE 5282 | CVE-2024-43451 - WINDOWS NTLM RELAY EXPLOIT - HTTP (Response) | 2024/12/09 | DDI RULE 5282 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5282 | ||
| DDI RULE 5285 | CVE-2024-1884 - PAPERCUT SSRF EXPLOIT - HTTP(REQUEST) | 2024/12/09 | DDI RULE 5285 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5285 | ||
| DDI RULE 5279 | CVE-2024-47525 - LIBRENMS XSS EXPLOIT - HTTP(REQUEST) | 2024/12/04 | DDI RULE 5279 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5279 | ||
| DDI RULE 5280 | CVE-2024-42008 - Roundcube Information Disclosure Exploit - HTTP (Response) | 2024/12/03 | DDI RULE 5280 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5280 | ||
| DDI RULE 5232 | CVE-2024-45519 - ZIMBRA RCE EXPLOIT - SMTP (REQUEST) | 2024/12/02 | DDI RULE 5232 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5232 | ||
| DDI RULE 5276 | CVE-2024-5010 - WHATSUP GOLD EXPLOIT - HTTP(REQUEST) | 2024/12/02 | DDI RULE 5276 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5276 | ||
| DDI RULE 5278 | CVE-2024-0012 - PALO ALTO AUTH BYPASS - HTTP (Request) | 2024/11/28 | DDI RULE 5278 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5278 | ||
| DDI RULE 5267 | COVENANT Custom Profile - HTTP (Response) - Variant 2 | 2024/11/27 | DDI RULE 5267 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5267 | ||
| DDI RULE 5274 | Covenant Default Named Pipe - SMB2 (Request) | 2024/11/26 | DDI RULE 5274 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5274 | ||
| DDI RULE 5269 | SALITY C2 - TCP (REQUEST) | 2024/11/21 | DDI RULE 5269 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5269 | ||
| DDI RULE 5271 | CVE-2024-43572 - Microsoft Windows Management Console RCE Exploit - HTTP (Response) | 2024/11/21 | DDI RULE 5271 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5271 | ||
| DDI RULE 5245 | CVE-2024-6457 - WORDPRESS EXPLOIT - HTTP (Request) | 2024/11/19 | DDI RULE 5245 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5245 | ||
| DDI RULE 5264 | CVE-2024-51567 - CYBERPANEL RCE EXPLOIT - HTTP (Request) | 2024/11/19 | DDI RULE 5264 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5264 | ||
| DDI RULE 5268 | CVE-2024-7591 - Progress Kemp LoadMaster Command Injection Exploit - HTTP (Request) | 2024/11/19 | DDI RULE 5268 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5268 | ||
| DDI RULE 5256 | COVENANT Default - HTTP (Response) | 2024/11/14 | DDI RULE 5256 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5256 | ||
| DDI RULE 5258 | CVE-2024-9465 - PALOALTO EXPEDITION EXPLOIT - HTTP (Response) | 2024/11/14 | DDI RULE 5258 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5258 | ||
| DDI RULE 5265 | CVE-2024-40711 - VEEAM BACKUP RCE EXPLOIT - TCP (Request) | 2024/11/14 | DDI RULE 5265 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5265 | ||
| DDI RULE 5263 | CVE-2024-41874 - ADOBE COLDFUSION RCE EXPLOIT - HTTP (Response) | 2024/11/13 | DDI RULE 5263 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5263 | ||
| DDI RULE 5262 | CoreWarrior Exfiltration - HTTP (Request) | 2024/11/12 | DDI RULE 5262 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5262 | ||
| DDI RULE 5259 | FAKEWIN - HTTP (Request) | 2024/11/11 | DDI RULE 5259 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5259 | ||
| DDI RULE 5260 | RCSHELL BACKDOOR - HTTP (Request) | 2024/11/11 | DDI RULE 5260 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5260 | ||
| DDI RULE 5261 | HORUS PROTECTOR C2 - TCP (Response) | 2024/11/11 | DDI RULE 5261 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5261 | ||
| DDI RULE 5257 | CVE-2024-28988 - SOLARWINDS RCE EXPLOIT - HTTP (Response) | 2024/11/07 | DDI RULE 5257 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5257 | ||
| DDI RULE 4219 | GHOSTMINER - HTTP (Request) | 2024/11/06 | DDI RULE 4219 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-4219 | ||
| DDI RULE 4484 | GOLDENSPY - HTTP (REQUEST) | 2024/11/06 | DDI RULE 4484 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-4484 | ||
| DDI RULE 4572 | GLUPTEBA - HTTP (REQUEST) | 2024/11/06 | DDI RULE 4572 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-4572 | ||
| DDI RULE 5081 | CVE-2024-36401 - GEOSERVER EXPLOIT - HTTP (REQUEST) | 2024/11/06 | DDI RULE 5081 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5081 | ||
| DDI RULE 5139 | PYC Download - HTTP (Response) | 2024/11/05 | DDI RULE 5139 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5139 | ||
| DDI RULE 5140 | Python Download - HTTP (Response) | 2024/11/05 | DDI RULE 5140 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5140 | ||
| DDI RULE 1770 | GHOLE - HTTP (Request) | 2024/11/04 | DDI RULE 1770 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-1770 | ||
| DDI RULE 5254 | Possible Domain Controller List Discovery - DCERPC (Request) | 2024/11/04 | DDI RULE 5254 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5254 | ||
| DDI RULE 5243 | WebDAV Successful File Download - HTTP (Response) | 2024/10/29 | DDI RULE 5243 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5243 | ||
| DDI RULE 5244 | WebDAV Unsuccessful File Download - HTTP (Response) | 2024/10/29 | DDI RULE 5244 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5244 | ||
| DDI RULE 5249 | KeyLogEXE Exfiltration - HTTP (Request) | 2024/10/28 | DDI RULE 5249 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5249 | ||
| DDI RULE 5248 | URIVAR EXFILTRATION - HTTP(REQUEST) | 2024/10/24 | DDI RULE 5248 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5248 | ||
| DDI RULE 5250 | C2 SHELLCODE Transfer - HTTP (Response) | 2024/10/24 | DDI RULE 5250 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5250 | ||
| DDI RULE 5251 | REMCOS DOWNLOADER - HTTP (Request) | 2024/10/24 | DDI RULE 5251 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5251 | ||
| DDI RULE 5252 | CONOLEATHLOADER - HTTP (Request) | 2024/10/24 | DDI RULE 5252 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5252 | ||
| DDI RULE 1886 | Data Exfiltration - DNS (Response) | 2024/10/22 | DDI RULE 1886 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-1886 | ||
| DDI RULE 5238 | CVE-2024-32766 - PRIVWIZARD INJECTION EXPLOIT - HTTP (Request) | 2024/10/22 | DDI RULE 5238 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5238 | ||
| DDI RULE 5240 | CVE-2024-5932 - WordPress RCE Exploit - HTTP (Request) | 2024/10/17 | DDI RULE 5240 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5240 | ||
| DDI RULE 5231 | CVE-2024-32842 - Ivanti Endpoint Manager SQL Injection Exploit - HTTP (Response) | 2024/10/16 | DDI RULE 5231 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5231 | ||
| DDI RULE 5242 | CVE-2024-5932 - GIVEWP RCE EXPLOIT - HTTP (Request) | 2024/10/16 | DDI RULE 5242 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5242 | ||
| DDI RULE 5230 | CVE-2024-32845 - Ivanti Endpoint Manager SQL Injection Exploit - HTTP (Response) | 2024/10/15 | DDI RULE 5230 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5230 | ||
| DDI RULE 5241 | CVE-2024-37397 - Ivanti EPM Improper Restriction of XML External Entity Exploit - HTTP (Response) | 2024/10/15 | DDI RULE 5241 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5241 | ||
| DDI RULE 5239 | SYSTEMBC Shellcode Download - HTTP (Response) | 2024/10/14 | DDI RULE 5239 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5239 | ||
| DDI RULE 5229 | Advanced Port Scanner - HTTP (Request) | 2024/10/10 | DDI RULE 5229 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5229 | ||
| DDI RULE 5233 | CVE-2024-32846 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/10/10 | DDI RULE 5233 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5233 | ||
| DDI RULE 5234 | CVE-2024-32843 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/10/10 | DDI RULE 5234 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5234 | ||
| DDI RULE 5235 | CVE-2024-34779 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/10/10 | DDI RULE 5235 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5235 | ||
| DDI RULE 5236 | CVE-2024-34785 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/10/10 | DDI RULE 5236 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5236 | ||
| DDI RULE 5237 | SYSTEMBC C2 - HTTP (Request) | 2024/10/10 | DDI RULE 5237 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5237 | ||
| DDI RULE 5227 | VALLEYRAT C2 - TCP (Response) | 2024/10/09 | DDI RULE 5227 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5227 | ||
| DDI RULE 5228 | Advanced IP Scanner - HTTP (Request) | 2024/10/09 | DDI RULE 5228 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5228 | ||
| DDI RULE 5225 | ONCESVC C2 - HTTP (Response) | 2024/10/08 | DDI RULE 5225 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5225 | ||
| DDI RULE 5226 | CVE-2024-6497 - SQUIRLLY EXPLOIT - HTTP (Request) | 2024/10/08 | DDI RULE 5226 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5226 | ||
| DDI RULE 5221 | CVE-2024-47177 - CUPS PRINTING RCE EXPLOIT - HTTP (REQUEST) | 2024/10/03 | DDI RULE 5221 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5221 | ||
| DDI RULE 5223 | LUMMAC - HTTP (Request) | 2024/10/03 | DDI RULE 5223 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5223 | ||
| DDI RULE 5217 | CVE-2024-8190 - Ivanti Cloud Service Appliance Authenticated Command Injection Exploit - HTTP (Response) | 2024/10/02 | DDI RULE 5217 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5217 | ||
| DDI RULE 5222 | CVE-2024-2876 - WORDPRESS SQL INJECTION EXPLOIT - HTTP (Request) | 2024/10/02 | DDI RULE 5222 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5222 | ||
| DDI RULE 5218 | CVE-2020-8599 - Trend Micro Apex One and OfficeScan Directory Traversal Exploit - HTTP (Request) | 2024/10/01 | DDI RULE 5218 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5218 | ||
| DDI RULE 5219 | CVE-2024-38077 - MS RDL RCE EXPLOIT - DCERPC (Request) | 2024/10/01 | DDI RULE 5219 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5219 | ||
| DDI RULE 5220 | CVE-2024-6670 - WhatsUp SQL Injection Exploit - HTTP (Response) | 2024/10/01 | DDI RULE 5220 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5220 | ||
| DDI RULE 5216 | Possible Generic Database Query - MySQL (Request) | 2024/09/26 | DDI RULE 5216 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5216 | ||
| DDI RULE 5206 | Remote Access Tool VNC - VNC (Response) | 2024/09/23 | DDI RULE 5206 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5206 | ||
| DDI RULE 5207 | Remote Access Tool RealVNC - VNC (Response) | 2024/09/23 | DDI RULE 5207 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5207 | ||
| DDI RULE 5208 | Remote Access Tool TightVNC - VNC (Response) | 2024/09/23 | DDI RULE 5208 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5208 | ||
| DDI RULE 5209 | Remote Access Tool UltraVNC - VNC (Response) | 2024/09/23 | DDI RULE 5209 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5209 | ||
| DDI RULE 5214 | CVE-2024-5505 - NETGEAR TRAVERSAL EXPLOIT - HTTP (REQUEST) | 2024/09/17 | DDI RULE 5214 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5214 | ||
| DDI RULE 5215 | CVE-2024-43461 - MSHTML SPOOFING EXPLOIT - HTTP (RESPONSE) | 2024/09/17 | DDI RULE 5215 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5215 | ||
| DDI RULE 5082 | CVE-2024-32113 - Apache OFBiz Directory Traversal Exploit - HTTP (Request) | 2024/09/16 | DDI RULE 5082 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5082 | ||
| DDI RULE 5212 | CVE-2023-51364 - QNAP RCE EXPLOIT - HTTP (RESPONSE) | 2024/09/12 | DDI RULE 5212 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5212 | ||
| DDI RULE 5213 | WebP Image Sensor - HTTP (Response) | 2024/09/12 | DDI RULE 5213 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5213 | ||
| DDI RULE 5211 | CVE-2023-38205 - Adobe ColdFusion Policy Bypass Exploit - HTTP (Request) | 2024/09/11 | DDI RULE 5211 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5211 | ||
| DDI RULE 5210 | Metasploit Web Delivery through PowerShell - HTTP (Response) | 2024/09/10 | DDI RULE 5210 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5210 | ||
| DDI RULE 2793 | APT - WINNTI - HTTP (Response) | 2024/09/09 | DDI RULE 2793 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-2793 | ||
| DDI RULE 5203 | CVE-2024-5721 - LOGSIGN RCE EXPLOIT - HTTP (RESPONSE) | 2024/09/05 | DDI RULE 5203 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5203 | ||
| DDI RULE 5204 | CVE-2024-7928 - FASTADMIN TRAVERSAL EXPLOIT - HTTP (RESPONSE) | 2024/09/05 | DDI RULE 5204 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5204 | ||
| DDI RULE 5205 | CVE-2024-29826 - IVANTI ENDPOINT RCE EXPLOIT - HTTP (REQUEST) | 2024/09/05 | DDI RULE 5205 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5205 | ||
| DDI RULE 5097 | CVE-2023-27532 - Veeam Backup and Replication Backup Service Authentication Bypass Exploit - TCP (Request) | 2024/09/04 | DDI RULE 5097 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5097 | ||
| DDI RULE 5200 | CVE-2024-38652 - IVANTI TRAVERSAL EXPLOIT - HTTP (RESPONSE) | 2024/09/04 | DDI RULE 5200 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5200 | ||
| DDI RULE 5202 | MAGICRAT EXFIL - HTTP(REQUEST) | 2024/09/04 | DDI RULE 5202 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5202 | ||
| DDI RULE 4345 | EMOTET - HTTP (Request) - Variant 7 | 2024/09/03 | DDI RULE 4345 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-4345 | ||
| DDI RULE 5098 | JUPITERRAT - HTTP (REQUEST) | 2024/08/29 | DDI RULE 5098 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5098 | ||
| DDI RULE 5099 | FAKEBAT DOWNLOADER - HTTP(REQUEST) | 2024/08/29 | DDI RULE 5099 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5099 | ||
| DDI RULE 5090 | CVE-2021-26858 - Possible MS Exchange SSRF Exploit - HTTP (Response) | 2024/08/28 | DDI RULE 5090 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5090 | ||
| DDI RULE 5096 | ZOMBIEDROP - HTTP (REQUEST) | 2024/08/27 | DDI RULE 5096 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5096 | ||
| DDI RULE 5075 | CVE-2024-49606 - TINYPROXY RCE EXPLOIT - HTTP (REQUEST) | 2024/08/22 | DDI RULE 5075 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5075 | ||
| DDI RULE 5095 | CVE-2024-4885 - WHATSUP GOLD TRAVERSAL EXPLOIT - HTTP (REQUEST) | 2024/08/22 | DDI RULE 5095 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5095 | ||
| DDI RULE 5092 | CVE-2024-7120 - RAISECOM COMMAND INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/08/20 | DDI RULE 5092 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5092 | ||
| DDI RULE 5093 | Prometei C2 - HTTP (Request) | 2024/08/20 | DDI RULE 5093 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5093 | ||
| DDI RULE 5094 | Possible STEALBIT Exfiltration - HTTP (Request) | 2024/08/20 | DDI RULE 5094 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5094 | ||
| DDI RULE 5091 | RUTHENS ENCRYPTION - SMB2 (REQUEST) | 2024/08/19 | DDI RULE 5091 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5091 | ||
| DDI RULE 5087 | DAMEWARE RCE EXPLOIT - HTTP (REQUEST) | 2024/08/15 | DDI RULE 5087 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5087 | ||
| DDI RULE 5088 | Possible Faker Generated Self-Signed Certificate - HTTPS | 2024/08/14 | DDI RULE 5088 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5088 | ||
| DDI RULE 5089 | COBEACON Default Named Pipe - SMB2 (Request) - Variant 2 | 2024/08/14 | DDI RULE 5089 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5089 | ||
| DDI RULE 5085 | CVE-2024-5008 - WHATSUP GOLD RCE EXPLOIT - HTTP (REQUEST) | 2024/08/13 | DDI RULE 5085 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5085 | ||
| DDI RULE 5086 | CVE-2019-0708 - Microsoft Windows Remote Desktop Services Remote Code Execution Exploit - TCP (Request) | 2024/08/13 | DDI RULE 5086 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5086 | ||
| DDI RULE 5079 | CVE-2023-42000 - Arcserve Unified Data Protection Path Traversal Exploit - HTTP (Request) | 2024/08/12 | DDI RULE 5079 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5079 | ||
| DDI RULE 5084 | CVE-2024-4883 - Progress WhatsUp Gold Traversal Exploit - TCP (Request) | 2024/08/12 | DDI RULE 5084 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5084 | ||
| DDI RULE 5072 | ADRECON QUERY - LDAP(Request) | 2024/08/09 | DDI RULE 5072 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5072 | ||
| DDI RULE 5083 | CVE-2024-38856 - APACHE OFBIZ RCE EXPLOIT - HTTP (Request) | 2024/08/09 | DDI RULE 5083 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5083 | ||
| DDI RULE 5077 | CVE-2024-2863 - LG LED Directory Traversal Exploit - HTTP (Request) | 2024/08/05 | DDI RULE 5077 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5077 | ||
| DDI RULE 5078 | CVE-2024-36991 - Splunk Directory Traversal Exploit - HTTP (Response) | 2024/08/05 | DDI RULE 5078 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5078 | ||
| DDI RULE 5074 | CVE-2024-5015 - WHATSUP SSRF EXPLOIT - HTTP (REQUEST) | 2024/08/01 | DDI RULE 5074 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5074 | ||
| DDI RULE 5076 | CVE-2024-4879 - ServiceNow Template Injection Exploit - HTTP (Response) | 2024/08/01 | DDI RULE 5076 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5076 | ||
| DDI RULE 4886 | TRUEBOT - HTTP (REQUEST) - Variant 2 | 2024/07/31 | DDI RULE 4886 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-4886 | ||
| DDI RULE 5073 | CVE-2024-38112 - MSHTML RCE EXPLOIT - SMB2 (REQUEST) | 2024/07/31 | DDI RULE 5073 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5073 | ||
| DDI RULE 5063 | CVE-2024-5806 - MOVEit Authentication Bypass Exploit - HTTP(Request) | 2024/07/29 | DDI RULE 5063 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5063 | ||
| DDI RULE 5067 | CVE-2024-4358 - TELERIK AUTHBYPASS EXPLOIT - HTTP (REQUEST) | 2024/07/25 | DDI RULE 5067 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5067 | ||
| DDI RULE 5068 | CVE-2024-37389 - APACHE NIFI EXPLOIT - HTTP (REQUEST) | 2024/07/25 | DDI RULE 5068 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5068 | ||
| DDI RULE 5069 | PHP DEV EXPLOIT - HTTP (REQUEST) | 2024/07/25 | DDI RULE 5069 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5069 | ||
| DDI RULE 5070 | CVE-2024-27348 - APACHE HUGEGRAPH RCE EXPLOIT - HTTP (REQUEST) | 2024/07/25 | DDI RULE 5070 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5070 | ||
| DDI RULE 5071 | RC4 Encryption in Pre-Authentication - Kerberos (Request) | 2024/07/25 | DDI RULE 5071 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5071 | ||
| DDI RULE 5064 | CVE-2024-38112 - MSHTML RCE EXPLOIT - HTTP (RESPONSE) | 2024/07/24 | DDI RULE 5064 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5064 | ||
| DDI RULE 5065 | CVE-2024-28995 - DIRECTORY TRAVERSAL EXPLOIT - HTTP (REQUEST) | 2024/07/24 | DDI RULE 5065 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5065 | ||
| DDI RULE 5066 | CVE-2024-4040 - CRUSHFTP RCE EXPLOIT - HTTP (REQUEST) | 2024/07/24 | DDI RULE 5066 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5066 | ||
| DDI RULE 4682 | MULTIPLE LATERAL MOVEMENT - SMB2(REQUEST) | 2024/07/23 | DDI RULE 4682 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-4682 | ||
| DDI RULE 5052 | CVE-2024-0769 - D-Link Directory Traversal Exploit - HTTP (Response) | 2024/07/18 | DDI RULE 5052 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5052 | ||
| DDI RULE 5059 | POSSIBLE KIMSUKY C2 - HTTP (Request) | 2024/07/18 | DDI RULE 5059 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5059 | ||
| DDI RULE 5061 | CVE-2024-21683 - Atlassian Confluence Server RCE Exploit - HTTP (Request) | 2024/07/17 | DDI RULE 5061 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5061 | ||
| DDI RULE 5027 | Telegram Bot API Sensor - HTTP (Response) | 2024/07/16 | DDI RULE 5027 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5027 | ||
| DDI RULE 5057 | PRIVATELOADER C2 - HTTP (Request) | 2024/07/16 | DDI RULE 5057 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5057 | ||
| DDI RULE 5060 | HNAP RCE EXPLOIT - HTTP (Request) | 2024/07/16 | DDI RULE 5060 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5060 | ||
| DDI RULE 5062 | CVE-2024-23692 - Rejetto HTTP File Server Command Injection Exploit - HTTP (Response) | 2024/07/16 | DDI RULE 5062 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5062 | ||
| DDI RULE 5053 | HTA File Download Root Directory Sensor- HTTP(RESPONSE) | 2024/07/15 | DDI RULE 5053 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5053 | ||
| DDI RULE 5054 | HTA File Download Sub Root Directory Sensor - HTTP(RESPONSE) | 2024/07/15 | DDI RULE 5054 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5054 | ||
| DDI RULE 5055 | SH File Download Root Directory Sensor- HTTP(RESPONSE) | 2024/07/15 | DDI RULE 5055 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5055 | ||
| DDI RULE 5056 | SH File Download Sub Root Directory Sensor - HTTP(RESPONSE) | 2024/07/15 | DDI RULE 5056 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5056 | ||
| DDI RULE 5058 | KOI LOADER C2 - HTTP (Request) | 2024/07/15 | DDI RULE 5058 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5058 | ||
| DDI RULE 5047 | CVE-2021-20837 - Movable Type XMLRPC Command Injection Exploit - HTTP (Response) | 2024/07/11 | DDI RULE 5047 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5047 | ||
| DDI RULE 5050 | ISO File Download Sensor - HTTP (Response) | 2024/07/11 | DDI RULE 5050 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5050 | ||
| DDI RULE 5049 | APT - DARKPINK Exfiltration - SMTP (Request) | 2024/07/10 | DDI RULE 5049 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5049 | ||
| DDI RULE 5051 | AMADEY C2 - HTTP (Request) | 2024/07/09 | DDI RULE 5051 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5051 | ||
| DDI RULE 4449 | Remote Service execution through SMB2 SVCCTL detected - Variant 3 | 2024/07/05 | DDI RULE 4449 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-4449 | ||
| DDI RULE 5048 | METASPLOIT (Payload) - Reverse HTTP Encrypted - HTTP (Response) | 2024/07/03 | DDI RULE 5048 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5048 | ||
| DDI RULE 5046 | Exfiltration SSH Private Key - HTTP (Response) | 2024/06/24 | DDI RULE 5046 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5046 | ||
| DDI RULE 5044 | CVE-2024-24919 - Check Point Information Disclosure Exploit - HTTP (Response) | 2024/06/19 | DDI RULE 5044 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5044 | ||
| DDI RULE 5045 | CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution - HTTP (Request) | 2024/06/19 | DDI RULE 5045 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5045 | ||
| DDI RULE 5033 | METASPLOIT (Payload) - Reverse TCP Encrypted - TCP (Response) | 2024/06/13 | DDI RULE 5033 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5033 | ||
| DDI RULE 5043 | Gomir C2 - HTTP (Request) | 2024/06/04 | DDI RULE 5043 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5043 | ||
| DDI RULE 5042 | CVE-2024-4956 - Nexus Repository 3 Path Traversal Exploit - HTTP (Response) | 2024/05/30 | DDI RULE 5042 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5042 | ||
| DDI RULE 5035 | JSOUTPROX - HTTP (REQUEST) | 2024/05/29 | DDI RULE 5035 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5035 | ||
| DDI RULE 5037 | CVE-2024-3272 - D-LINK NAS devices Hardcoded Credential Exploit - HTTP (Request) | 2024/05/29 | DDI RULE 5037 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5037 | ||
| DDI RULE 5038 | CVE-2024-3273 - D-LINK NAS devices Command Injection Exploit - HTTP (Request) | 2024/05/29 | DDI RULE 5038 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5038 | ||
| DDI RULE 5039 | SOAP API RCE - HTTP (Request) | 2024/05/29 | DDI RULE 5039 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5039 | ||
| DDI RULE 5040 | DLINK RCE - HTTP (Request) | 2024/05/29 | DDI RULE 5040 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5040 | ||
| DDI RULE 5041 | IDB EXFILTRATION - HTTP(REQUEST) | 2024/05/29 | DDI RULE 5041 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5041 | ||
| DDI RULE 5031 | CVE-2022-30333 - RARLab UnRAR Directory Traversal Exploit - HTTP (Response) | 2024/05/27 | DDI RULE 5031 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5031 | ||
| DDI RULE 5034 | TINYNUKE DOWNLOADER - HTTP (REQUEST) | 2024/05/27 | DDI RULE 5034 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5034 | ||
| DDI RULE 5036 | MELTED Hidden VNC - TCP (REQUEST) | 2024/05/27 | DDI RULE 5036 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5036 | ||
| DDI RULE 5032 | Copy BAT Files - SMB2 (Request) | 2024/05/21 | DDI RULE 5032 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5032 | ||
| DDI RULE 5030 | MIMIC C2 - HTTP (Request) | 2024/05/15 | DDI RULE 5030 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5030 | ||
| DDI RULE 4887 | COBALTSTRIKE - HTTP (REQUEST) - Variant 4 | 2024/05/09 | DDI RULE 4887 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-4887 | ||
| DDI RULE 5028 | EVILPROXY - HTTP (Response) | 2024/05/07 | DDI RULE 5028 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5028 | ||
| DDI RULE 5024 | CVE-2024-31138 - JetBrains TeamCity Cross-Site Scripting Exploit - HTTP (Request) | 2024/05/06 | DDI RULE 5024 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5024 | ||
| DDI RULE 5025 | CVE-2024-24401 - Nagios XI SQL Injection Exploit - HTTP (Response) | 2024/05/06 | DDI RULE 5025 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5025 | ||
| DDI RULE 5026 | POSSIBLE GOOTLOADER C2 - HTTP (Response) | 2024/05/06 | DDI RULE 5026 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5026 | ||
| DDI RULE 5023 | BATLOADER C2 - HTTP (Request) | 2024/04/29 | DDI RULE 5023 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5023 | ||
| DDI RULE 5021 | CVE-2023-48788 - FortiClientEMS SQL Injection Exploit - TCP (Request) | 2024/04/18 | DDI RULE 5021 | /vinfo/ae/threat-encyclopedia/network/ddi-rule-5021 |