Search
Keyword: bec_suspicious.ers
Description Name: NTLM Challenge from External IP Address - SMB2 (Response) . This is Trend Micro detection for packets passing through SMB2 network protocols that manifests Login Attempt activities which can be a potential intrusion. Below are some ...
Description Name: NDMP EXECUTE COMMAND - TCP(REQUEST) . This is Trend Micro detection for packets passing through TCP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:...
Description Name: APT CONN - UDP(REQUEST) . This is Trend Micro detection for packets passing through UDP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Suspicious a...
Description Name: MELTED Hidden VNC - TCP (REQUEST) . This is Trend Micro detection for packets passing through TCP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Su...
Description Name: MULTIPLE LATERAL MOVEMENT - SMB2(REQUEST) . This is Trend Micro detection for packets passing through SMB2 network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual be...
Description Name: RC4 Encryption in Pre-Authentication - Kerberos (Request) . This is Trend Micro detection for packets passing through KERBEROS network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indi...
Description Name: IDB EXFILTRATION - HTTP(REQUEST) . This is Trend Micro detection for packets passing through HTTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Su...
Description Name: Possible Encryption Downgrade Attack - Kerberos (Response) . This is Trend Micro detection for packets passing through KERBEROS network protocols that manifests unusual behavior which can be a potential intrusion. Below are some ind...
Description Name: HAVOC - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Suspicious a...
Description Name: HTA File Download Root Directory Sensor- HTTP(RESPONSE) . This is Trend Micro detection for packets passing through HTTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators...
Description Name: Remote Access Tool RealVNC - VNC (Response) . This is Trend Micro detection for packets passing through VNC network protocols that manifests Remote Access Tool activities which can be a potential intrusion. Below are some indicators...
Description Name: NDMP FILEWRITE - TCP(REQUEST) . This is Trend Micro detection for packets passing through TCP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Suspic...
Description Name: APT CONN - TCP(REQUEST) . This is Trend Micro detection for packets passing through TCP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:Suspicious a...
Description Name: A normal user attempted to log on to the POSTGRES service . This is Trend Micro detection for packets passing through PROTOCOL network protocols that manifests Database Access activities which can be a potential intrusion. Below are...
Description Name: Possible Overpass-The-Hash Technique - Kerberos (Request) . This is Trend Micro detection for packets passing through KERBEROS network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indi...
Description Name: Possible Faker Generated Self-Signed Certificate - HTTPS . This is Trend Micro detection for packets passing through HTTPS network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicato...
Description Name: SH File Download Sub Root Directory Sensor - HTTP(RESPONSE) . This is Trend Micro detection for packets passing through HTTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indica...
Description Name: CVE-2021-26858 - Possible MS Exchange SSRF Exploit - HTTP (Response) . This is Trend Micro detection for packets passing through HTTP network protocols that manifests Exploit activities which can be a potential intrusion. Below are ...
Description Name: POSSIBLE TUNNELING - DNS (Response) - Variant 2 . This is Trend Micro detection for packets passing through DNS network protocols that manifests Callback activities which can be a potential intrusion. Below are some indicators of un...
Description Name: Remote Access Tool TightVNC - VNC (Response) . This is Trend Micro detection for packets passing through VNC network protocols that manifests Remote Access Tool activities which can be a potential intrusion. Below are some indicator...