| DDI RULE 1631 | Remote Schedule Tasks through SMB protocol detected - Create Command | LOW | | 2019/03/20 | DDI RULE 1631 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1631 |
| DDI RULE 1632 | Remote Schedule Tasks through SMB protocol detected - Run Command | LOW | | 2019/03/20 | DDI RULE 1632 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1632 |
| DDI RULE 1633 | Remote Schedule Tasks through SMB protocol detected - Delete Command | LOW | | 2019/03/20 | DDI RULE 1633 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1633 |
| DDI RULE 2828 | Zyxel - Remote Code Execution - HTTP (Request) | HIGH | | 2019/03/20 | DDI RULE 2828 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2828 |
| DDI RULE 2829 | Zyxel - Command Injection - HTTP (Request) | HIGH | | 2019/03/20 | DDI RULE 2829 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2829 |
| DDI RULE 2830 | Billion-5200W-T - Command Injection - HTTP (Request) | HIGH | | 2019/03/20 | DDI RULE 2830 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2830 |
| DDI RULE 2831 | Billion 5200W-T - Remote Code Execution - HTTP (Request) - Variant 2 | HIGH | | 2019/03/20 | DDI RULE 2831 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2831 |
| DDI RULE 2839 | ZTE F460 F660 - Remote Code Execution - HTTP (Request) | HIGH | | 2019/03/20 | DDI RULE 2839 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2839 |
| DDI RULE 2840 | CVE-2015-6023 - CVE-2015-6024 - NETCOMMWIRELESS - Remote Code Execution - HTTP (Request) | HIGH | | 2019/03/20 | DDI RULE 2840 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2840 |
| DDI RULE 2841 | 3COM - Remote Code Execution - HTTP (Request) | HIGH | | 2019/03/20 | DDI RULE 2841 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2841 |
| DDI RULE 2852 | DOC File downloaded in root directory - HTTP (Response) | HIGH | | 2019/03/20 | DDI RULE 2852 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2852 |
| DDI RULE 2849 | CVE-2019-9194-HTTP RCE - ELFINDER (Request) | HIGH | | 2019/03/19 | DDI RULE 2849 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2849 |
| DDI RULE 2850 | CHWRITER - HTTP (Request) | HIGH | | 2019/03/19 | DDI RULE 2850 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2850 |
| DDI RULE 2851 | MAKO WEB SERVER - Command Injection - HTTP (Request) | HIGH | | 2019/03/19 | DDI RULE 2851 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2851 |
| DDI RULE 1763 | STRPADT - HTTP (Request) | HIGH | | 2019/03/19 | DDI RULE 1763 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1763 |
| DDI RULE 2415 | Remote Delete Registry through SMB protocol detected | LOW | | 2019/03/18 | DDI RULE 2415 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2415 |
| DDI RULE 2400 | Remote Enumerate Registry through SMB protocol detected | LOW | | 2019/03/18 | DDI RULE 2400 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2400 |
| DDI RULE 2401 | Remote Read Registry through SMB protocol detected | LOW | | 2019/03/18 | DDI RULE 2401 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2401 |
| DDI RULE 2710 | FLAWEDAMMYY - TCP (Request) | HIGH | | 2019/03/18 | DDI RULE 2710 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2710 |
| DDI RULE 2848 | INFOSTEAL - HTTP (Request) - Variant 4 | HIGH | | 2019/03/13 | DDI RULE 2848 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2848 |
| DDI RULE 2068 | DRIDEX - SSL (Request) | HIGH | | 2019/03/13 | DDI RULE 2068 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2068 |
| DDI RULE 2780 | TRICKBOT - HTTP (Request) | HIGH | | 2019/03/12 | DDI RULE 2780 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2780 |
| DDI RULE 2834 | CVE-2019-8942 WordPress Image Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2019/03/12 | DDI RULE 2834 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2834 |
| DDI RULE 2844 | RIG - Exploit Kit - HTTP (Request) - Variant 2 | HIGH | | 2019/03/11 | DDI RULE 2844 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2844 |
| DDI RULE 2847 | INFOSTEAL - FTP (Request) | HIGH | | 2019/03/11 | DDI RULE 2847 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2847 |
| DDI RULE 1535 | ZACOM - HTTP (Request) | HIGH | | 2019/03/11 | DDI RULE 1535 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1535 |
| DDI RULE 1196 | Remote Delete Job through SMB Detected | MEDIUM | | 2019/03/11 | DDI RULE 1196 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1196 |
| DDI RULE 2408 | Remote Enumerate Job through SMB protocol detected | LOW | | 2019/03/11 | DDI RULE 2408 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2408 |
| DDI RULE 2348 | CVE-2017-5638 - APACHE STRUTS EXPLOIT - HTTP (Request) | HIGH | | 2019/03/11 | DDI RULE 2348 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2348 |
| DDI RULE 2845 | Possible PDF in Chrome Information Disclosure - HTTP (Request) | MEDIUM | | 2019/03/07 | DDI RULE 2845 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2845 |
| DDI RULE 2826 | JBOSS Webshell - HTTP (Request) | HIGH | | 2019/03/06 | DDI RULE 2826 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2826 |
| DDI RULE 2819 | FASTGATE - Command Injection - HTTP (Request) | HIGH | | 2019/03/06 | DDI RULE 2819 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2819 |
| DDI RULE 2814 | JOOMLA - HTTP (Request) | HIGH | | 2019/03/05 | DDI RULE 2814 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2814 |
| DDI RULE 2836 | CVE-2017-0171 - Denial of Service - DNS (Response) | MEDIUM | | 2019/03/05 | DDI RULE 2836 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2836 |
| DDI RULE 2837 | CVE-2012-0874 JBOSS JMXInvoker/EJBinvoker Remote Code Execution Exploit - HTTP (Request) | MEDIUM | | 2019/03/05 | DDI RULE 2837 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2837 |
| DDI RULE 2842 | CVE-2014-9118 ZHONE RCE EXPLOIT - HTTP (Request) | HIGH | | 2019/03/05 | DDI RULE 2842 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2842 |
| DDI RULE 2843 | ZHONE XSS Exploit - HTTP (Request) | HIGH | | 2019/03/05 | DDI RULE 2843 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2843 |
| DDI RULE 2791 | EMPIRE - HTTP (Request) - Variant 2 | MEDIUM | | 2019/03/05 | DDI RULE 2791 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2791 |
| DDI RULE 2838 | SPEAKUP - HTTP (Request) | HIGH | | 2019/03/04 | DDI RULE 2838 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2838 |
| DDI RULE 2835 | CVE-2016-3088 ACTIVEMQ - HTTP (Request) | HIGH | | 2019/03/04 | DDI RULE 2835 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2835 |
| DDI RULE 2811 | CVE-2018-15887 Asus device Remote code Execution Exploit- HTTP (Request) | HIGH | | 2019/03/04 | DDI RULE 2811 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2811 |
| DDI RULE 2820 | Hootoo HT5 Remote code Execution - HTTP (Request) | HIGH | | 2019/03/04 | DDI RULE 2820 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2820 |
| DDI RULE 2816 | PHP DIESCAN - HTTP (Request) | HIGH | | 2019/03/04 | DDI RULE 2816 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2816 |
| DDI RULE 2833 | CVE-2019-6340 Drupal 8 RESTful Web Services Remote Code Execution - HTTP (Request) | HIGH | | 2019/03/04 | DDI RULE 2833 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2833 |
| DDI RULE 2825 | CVE-2010-1871 JBOSS Remote Code Execution - HTTP (Request) | HIGH | | 2019/03/04 | DDI RULE 2825 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2825 |
| DDI RULE 2806 | CVE-2016-1555 - Netgear Devices - Unauthenticated Remote Code Execution - HTTP (Request) | HIGH | | 2019/03/04 | DDI RULE 2806 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2806 |
| DDI RULE 2823 | CKNIFE - HTTP (Request) - Variant 2 | HIGH | | 2019/02/21 | DDI RULE 2823 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2823 |
| DDI RULE 2824 | CVE-2015-2280 AirLink OS Command Injection - HTTP (Request) | HIGH | | 2019/02/21 | DDI RULE 2824 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2824 |
| DDI RULE 2822 | RATBLAMIK - TCP (Request) | HIGH | | 2019/02/20 | DDI RULE 2822 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2822 |
| DDI RULE 2821 | NEUTRINO - HTTP (Response) | MEDIUM | | 2019/02/19 | DDI RULE 2821 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2821 |
| DDI RULE 2385 | SOAP RCE EXPLOIT - HTTP (Request) | HIGH | | 2019/02/14 | DDI RULE 2385 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2385 |
| DDI RULE 2224 | Covert Iodine tunnel - DNS (Request) | LOW | | 2019/02/12 | DDI RULE 2224 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2224 |
| DDI RULE 2795 | Unauthorized Write Request - DNP3 (Request) | LOW | | 2019/02/11 | DDI RULE 2795 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2795 |
| DDI RULE 2796 | Unauthorized Broadcast Request - DNP3 (Request) | LOW | | 2019/02/11 | DDI RULE 2796 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2796 |
| DDI RULE 2797 | Possible Denial of Service - DNP3 (Request) | LOW | | 2019/02/11 | DDI RULE 2797 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2797 |
| DDI RULE 2798 | Unauthorized Read Request - DNP3 (Request) | LOW | | 2019/02/11 | DDI RULE 2798 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2798 |
| DDI RULE 2799 | Possible Scan of Points List - DNP3 (Response) Beta | LOW | | 2019/02/11 | DDI RULE 2799 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2799 |
| DDI RULE 2800 | Possible Scan of Outstation - DNP3 (Response) Beta | LOW | | 2019/02/11 | DDI RULE 2800 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2800 |
| DDI RULE 2801 | Multiple Unsolicited Response - DNP3 (Response) Beta | LOW | | 2019/02/11 | DDI RULE 2801 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2801 |
| DDI RULE 2807 | TEAMFOSTEALER - HTTP (Request) | HIGH | | 2019/02/07 | DDI RULE 2807 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2807 |
| DDI RULE 2810 | CVE-2019-6703 WordPress Total Donations Unauthentication Exploit - HTTP (Request) | MEDIUM | | 2019/02/07 | DDI RULE 2810 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2810 |
| DDI RULE 2812 | CVE-2018-8581 MS Exchange Server NTLM Authentication Bypass HTTP - (Request) | MEDIUM | | 2019/02/07 | DDI RULE 2812 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2812 |
| DDI RULE 2813 | CVE-2018-8581 MS Exchange Server NTLM Authentication Bypass HTTP - (Response) | HIGH | | 2019/02/07 | DDI RULE 2813 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2813 |
| DDI RULE 2209 | NEUTRINO - Exploit Kit - HTTP (Request) - Variant 5 | MEDIUM | | 2019/02/06 | DDI RULE 2209 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2209 |
| DDI RULE 1562 | DARKHOLE - HTTP (Request) - Variant 2 | HIGH | | 2019/02/06 | DDI RULE 1562 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1562 |
| DDI RULE 2817 | KEYPATH Command Injection - HTTP (Request) | HIGH | | 2019/02/05 | DDI RULE 2817 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2817 |
| DDI RULE 2818 | SERVHELPER - HTTP (Request) | HIGH | | 2019/02/05 | DDI RULE 2818 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2818 |
| DDI RULE 2815 | SIEREN - TCP(Request) | HIGH | | 2019/01/31 | DDI RULE 2815 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2815 |
| DDI RULE 2306 | KVNDM - HTTP (Request) | HIGH | | 2019/01/30 | DDI RULE 2306 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2306 |
| DDI RULE 2808 | FALLOUT - Exploit Kit - HTTP (Response) - Variant 3 | MEDIUM | | 2019/01/29 | DDI RULE 2808 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2808 |
| DDI RULE 2802 | Oracle Weblogic Exploit - HTTP (Request) | HIGH | | 2019/01/23 | DDI RULE 2802 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2802 |
| DDI RULE 2803 | Link-Net LW-N605R Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2019/01/23 | DDI RULE 2803 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2803 |
| DDI RULE 2804 | Possible Router Exploit Kit - HTTP (Response) | HIGH | | 2019/01/23 | DDI RULE 2804 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2804 |
| DDI RULE 2805 | CVE-2019-0547 Client Remote Code Execution Exploit - DHCP (Response) | MEDIUM | | 2019/01/23 | DDI RULE 2805 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2805 |
| DDI RULE 1871 | DRIDEX - HTTP (Request) - Variant 3 | HIGH | | 2019/01/23 | DDI RULE 1871 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1871 |
| DDI RULE 2143 | SQLINJECT - HTTP (Request) | LOW | | 2019/01/22 | DDI RULE 2143 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2143 |
| DDI RULE 2793 | APT - WINNTI - HTTP (Response) | HIGH | | 2019/01/21 | DDI RULE 2793 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2793 |
| DDI RULE 2794 | RIG - Exploit Kit - HTTP (Request) - Variant 7 | HIGH | | 2019/01/17 | DDI RULE 2794 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2794 |
| DDI RULE 2520 | MAGNITUDE - Exploit Kit - HTTP (Request) - Variant 4 | HIGH | | 2019/01/17 | DDI RULE 2520 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2520 |
| DDI RULE 1549 | APT - WINNTI - HTTP (Request) | HIGH | | 2019/01/14 | DDI RULE 1549 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1549 |
| DDI RULE 2792 | APT - KONNI - HTTP (Request) | HIGH | | 2019/01/09 | DDI RULE 2792 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2792 |
| DDI RULE 2144 | NEUTRINO - Exploit Kit - HTTP (Request) - Variant 3 | MEDIUM | | 2019/01/03 | DDI RULE 2144 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2144 |
| DDI RULE 2132 | NEUTRINO - Exploit Kit - HTTP (Request) - Variant 2 | MEDIUM | | 2019/01/03 | DDI RULE 2132 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2132 |
| DDI RULE 2789 | CVE-2018-8653 MSIE Remote Code Execution - HTTP (Response) | MEDIUM | | 2018/12/27 | DDI RULE 2789 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2789 |
| DDI RULE 2790 | APT - WILDPOSITRON - HTTP (Request) | HIGH | | 2018/12/26 | DDI RULE 2790 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2790 |
| DDI RULE 1229 | ALINA HTTP request - Variant 1 | HIGH | | 2018/12/26 | DDI RULE 1229 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1229 |
| DDI RULE 2786 | ThinkPHP 5x Remote Code Execution - HTTP (Request) | HIGH | | 2018/12/24 | DDI RULE 2786 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2786 |
| DDI RULE 2787 | CRISISHT - HTTP (Request) | MEDIUM | | 2018/12/20 | DDI RULE 2787 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2787 |
| DDI RULE 2788 | CVE-2018-8476 Windows Deployment Services Remote Code Execution Exploit - TFTP (Request) | MEDIUM | | 2018/12/20 | DDI RULE 2788 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2788 |
| DDI RULE 2784 | Ncrack/Hydra Brute Force Tool - RDP(Request) | HIGH | | 2018/12/19 | DDI RULE 2784 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2784 |
| DDI RULE 2785 | L0RDIX - HTTP (Request) | MEDIUM | | 2018/12/18 | DDI RULE 2785 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2785 |
| DDI RULE 2397 | STONEDRILL - HTTP (Request) - Variant 2 | HIGH | | 2018/12/18 | DDI RULE 2397 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2397 |
| DDI RULE 2779 | DNSpoinage DNS - (Response) | HIGH | | 2018/12/12 | DDI RULE 2779 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2779 |
| DDI RULE 2782 | TILDEB - TCP (Request) | MEDIUM | | 2018/12/11 | DDI RULE 2782 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2782 |
| DDI RULE 2081 | CRYPTEAR - Ransomware - HTTP (Request) | HIGH | | 2018/12/11 | DDI RULE 2081 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2081 |
| DDI RULE 1214 | BAYROB - HTTP (Request) | MEDIUM | | 2018/11/28 | DDI RULE 1214 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1214 |
| DDI RULE 2731 | KAIXIN - Exploit Kit - HTTP (Response) - Variant 5 | HIGH | | 2018/11/22 | DDI RULE 2731 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2731 |
| DDI RULE 2775 | DOCKER API - HTTP (Request) | HIGH | | 2018/11/21 | DDI RULE 2775 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2775 |
| DDI RULE 2776 | Possible XML External Entity Attack - HTTP (Response) | MEDIUM | | 2018/11/21 | DDI RULE 2776 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2776 |
| DDI RULE 2777 | Apache Struts File Upload - HTTP (Request) | HIGH | | 2018/11/21 | DDI RULE 2777 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2777 |
| DDI RULE 2778 | ZTE ZXV10 Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/11/21 | DDI RULE 2778 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2778 |
| DDI RULE 2621 | Remote Code Execution - HTTP (Request) | HIGH | | 2018/11/21 | DDI RULE 2621 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2621 |
| DDI RULE 2639 | CVE-2018-10562 - GPON Remote Code Execution - HTTP (Request) | HIGH | | 2018/11/21 | DDI RULE 2639 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2639 |
| DDI RULE 2771 | APT - POISONIVY - HTTP (Request) | HIGH | | 2018/11/20 | DDI RULE 2771 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2771 |
| DDI RULE 2772 | APT - GHOST - TCP (Request) | HIGH | | 2018/11/20 | DDI RULE 2772 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2772 |
| DDI RULE 2774 | APT - POWLOADR - HTTP (Request) | HIGH | | 2018/11/20 | DDI RULE 2774 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2774 |
| DDI RULE 2713 | AVTECH Command Injection Exploit - HTTP (Request) | HIGH | | 2018/11/20 | DDI RULE 2713 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2713 |
| DDI RULE 2474 | APT - PLEAD - TCP (Request) | HIGH | | 2018/11/20 | DDI RULE 2474 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2474 |
| DDI RULE 2494 | APT - ANEL - HTTP (Request) | HIGH | | 2018/11/20 | DDI RULE 2494 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2494 |
| DDI RULE 2716 | BINBASH Download - HTTP (Response) | HIGH | | 2018/11/12 | DDI RULE 2716 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2716 |
| DDI RULE 2765 | GZ Inflate in PHP File - HTTP (Response) | LOW | | 2018/11/12 | DDI RULE 2765 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2765 |
| DDI RULE 2766 | Possible WINBOX Remote Code Execution - TCP | MEDIUM | | 2018/11/12 | DDI RULE 2766 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2766 |
| DDI RULE 2767 | Window Shell Remote Code Execution - HTTP (Response) | HIGH | | 2018/11/12 | DDI RULE 2767 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2767 |
| DDI RULE 2768 | DLINK Router Dns Changer Exploit - HTTP (Request) | HIGH | | 2018/11/12 | DDI RULE 2768 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2768 |
| DDI RULE 277 | AUTORUN - HTTP (Response) - Variant 2 | HIGH | | 2018/11/12 | DDI RULE 277 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-277 |
| DDI RULE 2770 | Possible CVE-2018-8533 SQL XML Information Disclosure - HTTP (Request) | MEDIUM | | 2018/11/12 | DDI RULE 2770 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2770 |
| DDI RULE 2764 | Possible CVE-2018-8413 Windows Theme API RCE Download - HTTP (Response) | MEDIUM | | 2018/11/08 | DDI RULE 2764 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2764 |
| DDI RULE 2763 | Possible CVE-2018-15454 - Cisco ASA and FTD Software DOS - UDP (Response) | LOW | | 2018/11/07 | DDI RULE 2763 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2763 |
| DDI RULE 2762 | CVE-2018-9206 - JQuery Arbitrary File Upload Exploit Attempt - HTTP (Request) | HIGH | | 2018/11/06 | DDI RULE 2762 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2762 |
| DDI RULE 2756 | Possible ADWIND - Malicious Certificate - HTTPS (Response) | LOW | | 2018/11/06 | DDI RULE 2756 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2756 |
| DDI RULE 2007 | URSNIF - HTTP (Request) - Variant 3 | HIGH | | 2018/11/06 | DDI RULE 2007 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2007 |
| DDI RULE 2547 | NETGEAR DGN1000/DGN2200 Remote Code Execution - HTTP (Request) | HIGH | | 2018/10/31 | DDI RULE 2547 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2547 |
| DDI RULE 2759 | UNDERMINER - Exploit Kit - HTTP (Request) - Variant 2 | HIGH | | 2018/10/30 | DDI RULE 2759 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2759 |
| DDI RULE 2760 | DRIDEX - Malicious certificate - SSL - Variant 2 | HIGH | | 2018/10/30 | DDI RULE 2760 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2760 |
| DDI RULE 2761 | URSNIF - HTTP (Request) - Variant 6 | HIGH | | 2018/10/30 | DDI RULE 2761 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2761 |
| DDI RULE 2632 | GRAVITYRAT - HTTP (Request) | HIGH | | 2018/10/29 | DDI RULE 2632 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2632 |
| DDI RULE 1170 | ANDROMEDA - HTTP (Request) | HIGH | | 2018/10/25 | DDI RULE 1170 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1170 |
| DDI RULE 2757 | ELF File requested from root directory - HTTP (Response) | HIGH | | 2018/10/22 | DDI RULE 2757 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2757 |
| DDI RULE 2758 | GZ File requested from root directory - HTTP (Request) | HIGH | | 2018/10/22 | DDI RULE 2758 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2758 |
| DDI RULE 2724 | CVE-2018-8373 VBScript Use-After-Free Exploit - HTTP (Response) | MEDIUM | | 2018/10/08 | DDI RULE 2724 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2724 |
| DDI RULE 2726 | CVE-2018-11776 - APACHE STRUTS RCE EXPLOIT - HTTP (Request) | HIGH | | 2018/10/04 | DDI RULE 2726 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2726 |
| DDI RULE 2754 | EnGenius EnShare Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/10/03 | DDI RULE 2754 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2754 |
| DDI RULE 2755 | CVE-2017-6884 Zyxel OS Command Injection Exploit - HTTP (Request) | MEDIUM | | 2018/10/03 | DDI RULE 2755 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2755 |
| DDI RULE 2692 | LINKSYS Unauthenticated Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/10/03 | DDI RULE 2692 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2692 |
| DDI RULE 2600 | CVE-2017-10271 - Oracle Weblogic Exploit - HTTP (Request) | HIGH | | 2018/10/03 | DDI RULE 2600 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2600 |
| DDI RULE 2544 | JAWS Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/10/03 | DDI RULE 2544 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2544 |
| DDI RULE 2723 | MAGNITUDE - Exploit Kit - HTTP (Response) | HIGH | | 2018/10/02 | DDI RULE 2723 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2723 |
| DDI RULE 2753 | FALLOUT - Exploit Kit - HTTP (Request) | MEDIUM | | 2018/10/01 | DDI RULE 2753 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2753 |
| DDI RULE 2623 | Remote Code Execution - HTTP (Request) - Variant 2 | HIGH | | 2018/10/01 | DDI RULE 2623 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2623 |
| DDI RULE 2736 | ANTAK Webshell - HTTP (Request) | MEDIUM | | 2018/09/27 | DDI RULE 2736 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2736 |
| DDI RULE 2749 | Possible IE Exploit - HTTP (Response) - Variant 4 | LOW | | 2018/09/27 | DDI RULE 2749 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2749 |
| DDI RULE 2750 | CVE-2018-8007 Apache CouchDB Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/09/27 | DDI RULE 2750 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2750 |
| DDI RULE 2751 | Remote Command Shell - TCP | HIGH | | 2018/09/27 | DDI RULE 2751 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2751 |
| DDI RULE 2752 | Remote PowerShell - TCP | HIGH | | 2018/09/27 | DDI RULE 2752 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2752 |
| DDI RULE 2728 | NUUO Command Injection - HTTP (Request) | HIGH | | 2018/09/17 | DDI RULE 2728 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2728 |
| DDI RULE 2746 | BLUEBANANA - TCP (Request) | HIGH | | 2018/09/13 | DDI RULE 2746 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2746 |
| DDI RULE 2747 | IE Exploit - HTTP (Response) | HIGH | | 2018/09/13 | DDI RULE 2747 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2747 |
| DDI RULE 2748 | Possible IE Exploit - HTTP (Response) - Variant 3 | LOW | | 2018/09/13 | DDI RULE 2748 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2748 |
| DDI RULE 2745 | CVE-2018-9866 SonicWall XML RPC Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/09/12 | DDI RULE 2745 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2745 |
| DDI RULE 2732 | CVE-2009-3103 - Remote Code Execution - SMB2 | HIGH | | 2018/09/04 | DDI RULE 2732 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2732 |
| DDI RULE 2167 | ALFA - Ransomware - HTTP (Request) | HIGH | | 2018/09/04 | DDI RULE 2167 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2167 |
| DDI RULE 2714 | KAIXIN - Exploit Kit - HTTP (Request) - Variant 2 | HIGH | | 2018/09/03 | DDI RULE 2714 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2714 |
| DDI RULE 2730 | OMRON FINS TCP Read Controller Attempt NSE - TCP (Request) | LOW | | 2018/08/30 | DDI RULE 2730 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2730 |
| DDI RULE 475 | PALEVO - UDP - Variant 2 | MEDIUM | | 2018/08/30 | DDI RULE 475 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-475 |
| DDI RULE 2729 | Possible IE Exploit - HTTP (Response) - Variant 2 | LOW | | 2018/08/29 | DDI RULE 2729 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2729 |
| DDI RULE 2005 | Possible EDELLROOT certificate detected | HIGH | | 2018/08/29 | DDI RULE 2005 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2005 |
| DDI RULE 2011 | UPATRE - HTTP (Request) - Variant 3 | HIGH | | 2018/08/29 | DDI RULE 2011 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2011 |
| DDI RULE 1128 | BANLOAD - HTTP (Request) | HIGH | | 2018/08/29 | DDI RULE 1128 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1128 |
| DDI RULE 1155 | BITCOIN - HTTP (Request) | HIGH | | 2018/08/29 | DDI RULE 1155 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1155 |
| DDI RULE 1663 | CRAZYK - HTTP (Request) | HIGH | | 2018/08/29 | DDI RULE 1663 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1663 |
| DDI RULE 2413 | TRICKBOT - HTTP (Request) | HIGH | | 2018/08/29 | DDI RULE 2413 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2413 |
| DDI RULE 2416 | DETOXCRYPTO - Ransomware - HTTP (Request) | HIGH | | 2018/08/29 | DDI RULE 2416 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2416 |
| DDI RULE 2725 | Reverse Meterpreter - HTTP (Response) | HIGH | | 2018/08/22 | DDI RULE 2725 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2725 |
| DDI RULE 2711 | UNDERMINER - Exploit Kit - HTTP (Response) | HIGH | | 2018/08/22 | DDI RULE 2711 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2711 |
| DDI RULE 2698 | APT - WATERHOLE - HTTP (Request) - Variant 2 | HIGH | | 2018/08/22 | DDI RULE 2698 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2698 |
| DDI RULE 2672 | CKNIFE - HTTP (Request) | HIGH | | 2018/08/22 | DDI RULE 2672 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2672 |
| DDI RULE 2676 | PHP Webshell - HTTP (Request) - Variant 2 | HIGH | | 2018/08/20 | DDI RULE 2676 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2676 |
| DDI RULE 2690 | JSPSPY Webshell - HTTP (Request) | HIGH | | 2018/08/20 | DDI RULE 2690 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2690 |
| DDI RULE 2719 | WebScript Injection - HTTP (Request) | MEDIUM | | 2018/08/13 | DDI RULE 2719 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2719 |
| DDI RULE 2720 | CVE-2018-2894 Weblogic Arbitrary File Upload Exploit - HTTP (Request) | MEDIUM | | 2018/08/13 | DDI RULE 2720 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2720 |
| DDI RULE 1552 | APT - HAVEX - HTTP (Request) | HIGH | | 2018/08/13 | DDI RULE 1552 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1552 |
| DDI RULE 1577 | APT - PLUGX - HTTP (Request) - Variant 6 | HIGH | | 2018/08/13 | DDI RULE 1577 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1577 |
| DDI RULE 1583 | APT - HCOREPWSTL - HTTP (Request) | HIGH | | 2018/08/13 | DDI RULE 1583 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1583 |
| DDI RULE 1347 | APT - Possible SIMBOT - HTTP (Request) - Variant 3 | MEDIUM | | 2018/08/13 | DDI RULE 1347 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1347 |
| DDI RULE 1415 | APT - Possible POISONIVY - TCP (Request) | MEDIUM | | 2018/08/13 | DDI RULE 1415 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1415 |
| DDI RULE 272 | AUTORUN - HTTP (Request) - Variant 6 | HIGH | | 2018/08/09 | DDI RULE 272 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-272 |
| DDI RULE 2717 | KAIXIN - Exploit Kit - HTTP (Request) - Variant 3 | HIGH | | 2018/08/09 | DDI RULE 2717 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2717 |
| DDI RULE 2718 | S7 Enumerate Redpoint NSE Request CPU Function Read SZL - TCP (Request) | LOW | | 2018/08/09 | DDI RULE 2718 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2718 |
| DDI RULE 2715 | MINER CONFIG - HTTP (Response) | HIGH | | 2018/08/07 | DDI RULE 2715 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2715 |
| DDI RULE 2384 | Possible EQUATED - Remote Code Execution - SMB (Request) | LOW | | 2018/08/07 | DDI RULE 2384 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2384 |
| DDI RULE 2390 | EQUATED - SMB (Response) | HIGH | | 2018/08/07 | DDI RULE 2390 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2390 |
| DDI RULE 2429 | EQUATED - Exploit Attempt - SMB (Response) | HIGH | | 2018/08/07 | DDI RULE 2429 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2429 |
| DDI RULE 1087 | APT - FASWIK - TCP (Request) | HIGH | | 2018/08/06 | DDI RULE 1087 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1087 |
| DDI RULE 1069 | APT - Possible GHOSTRAT - TCP | MEDIUM | | 2018/08/06 | DDI RULE 1069 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1069 |
| DDI RULE 1257 | APT - CRIDEX - HTTP (Request) - Variant 3 | HIGH | | 2018/08/06 | DDI RULE 1257 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1257 |
| DDI RULE 1300 | APT - FARFLI - HTTP (Request) | HIGH | | 2018/08/06 | DDI RULE 1300 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1300 |
| DDI RULE 1303 | APT - Possible BLYPT - HTTP (Request) | MEDIUM | | 2018/08/06 | DDI RULE 1303 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1303 |
| DDI RULE 2709 | CVE-2018-8278 MS Edge Spoofing Exploit - HTTP (Response) | HIGH | | 2018/07/30 | DDI RULE 2709 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2709 |
| DDI RULE 2704 | Web Security Testing Tool - HTTP (Request) - Variant 2 | HIGH | | 2018/07/26 | DDI RULE 2704 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2704 |
| DDI RULE 2705 | Android Debug Bridge Remote Code Execution - TCP (Request) | HIGH | | 2018/07/26 | DDI RULE 2705 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2705 |
| DDI RULE 2706 | OSTAP - HTTP (Request) | HIGH | | 2018/07/26 | DDI RULE 2706 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2706 |
| DDI RULE 2707 | DLINK Command Injection Exploit - HTTP (Request) - Variant 2 | HIGH | | 2018/07/26 | DDI RULE 2707 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2707 |
| DDI RULE 2708 | SENDOOREOF - UDP (Request) | HIGH | | 2018/07/26 | DDI RULE 2708 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2708 |
| DDI RULE 2629 | Possible WEBLOGIC T3 RCE Exploit - TCP (Request) | MEDIUM | | 2018/07/26 | DDI RULE 2629 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2629 |
| DDI RULE 2626 | CVE-2018-7600 - Drupal Remote Code Execution - HTTP (Request) | HIGH | | 2018/07/25 | DDI RULE 2626 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2626 |
| DDI RULE 2702 | Host Discovery - UDP (Request) | LOW | | 2018/07/24 | DDI RULE 2702 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2702 |
| DDI RULE 1242 | APT - XTREME - HTTP (Request) | HIGH | | 2018/07/24 | DDI RULE 1242 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1242 |
| DDI RULE 1245 | APT - TROJAN TCP Request | HIGH | | 2018/07/24 | DDI RULE 1245 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1245 |
| DDI RULE 1174 | APT - MALEX - HTTP (Request) | HIGH | | 2018/07/24 | DDI RULE 1174 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1174 |
| DDI RULE 1021 | APT - Possible POISONIVY - TCP (Response) - Variant 2 | MEDIUM | | 2018/07/24 | DDI RULE 1021 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1021 |
| DDI RULE 2701 | Possible EMOTET - HTTP (Response) - Variant 3 | HIGH | | 2018/07/18 | DDI RULE 2701 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2701 |
| DDI RULE 2666 | CVE-2017-7529 NGINX Integer Overflow Exploit Attempt HTTP (Request) | MEDIUM | | 2018/07/18 | DDI RULE 2666 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2666 |
| DDI RULE 2699 | CVE-2016-10134 - Zabbix SQL Injection - HTTP (Request) | MEDIUM | | 2018/07/17 | DDI RULE 2699 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2699 |
| DDI RULE 2584 | POSGERAT Data Exfiltration - DNS (Response) | LOW | | 2018/07/17 | DDI RULE 2584 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2584 |
| DDI RULE 2700 | Possible WEBSHELL - HTTP (Request) | HIGH | | 2018/07/17 | DDI RULE 2700 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2700 |
| DDI RULE 1885 | Possible Data Exfiltration - DNS (Response) | LOW | | 2018/07/17 | DDI RULE 1885 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1885 |
| DDI RULE 1618 | CVE-2014-6271 - Shellshock HTTP Request | HIGH | | 2018/07/16 | DDI RULE 1618 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1618 |
| DDI RULE 1078 | Possible TOR node certificate detected | MEDIUM | | 2018/07/11 | DDI RULE 1078 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1078 |
| DDI RULE 2694 | CVE-2018-12613 PHPMyAdmin Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/07/11 | DDI RULE 2694 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2694 |
| DDI RULE 2695 | CVE-2018-3606 TMCM SQL Injection Exploit - HTTP (Request) | HIGH | | 2018/07/11 | DDI RULE 2695 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2695 |
| DDI RULE 2696 | CVE-2018-0296 CISCO ASA Path Traversal Exploit - HTTP (Request) | HIGH | | 2018/07/11 | DDI RULE 2696 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2696 |
| DDI RULE 2697 | NUKESPED - TCP (Response) - Variant 2 | MEDIUM | | 2018/07/11 | DDI RULE 2697 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2697 |
| DDI RULE 2693 | CVE-2015-5254 - ActiveMQ Deserialization Vulnerability | HIGH | | 2018/07/10 | DDI RULE 2693 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2693 |
| DDI RULE 2689 | CVE-2016-4438 - Remote Code Execution - HTTP (Request) - Variant 2 | HIGH | | 2018/07/03 | DDI RULE 2689 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2689 |
| DDI RULE 1886 | Data Exfiltration - DNS (Response) | LOW | | 2018/07/03 | DDI RULE 1886 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1886 |
| DDI RULE 2349 | Possible MIRAI - TCP (Request) | HIGH | | 2018/07/03 | DDI RULE 2349 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2349 |
| DDI RULE 2507 | Unauthorized TESTFR IEC-104 Request | HIGH | | 2018/06/28 | DDI RULE 2507 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2507 |
| DDI RULE 2508 | Unauthorized STARTDT IEC-104 Request | HIGH | | 2018/06/28 | DDI RULE 2508 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2508 |
| DDI RULE 2509 | Unauthorized STOPDT IEC-104 Request | HIGH | | 2018/06/28 | DDI RULE 2509 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2509 |
| DDI RULE 2510 | Non-IEC-104 Communication Request | HIGH | | 2018/06/28 | DDI RULE 2510 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2510 |
| DDI RULE 2529 | APT - TURLA - HTTP (Request) | HIGH | | 2018/06/28 | DDI RULE 2529 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2529 |
| DDI RULE 253 | RUSTOCK - HTTP (Request) - Variant 2 | HIGH | | 2018/06/28 | DDI RULE 253 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-253 |
| DDI RULE 2687 | CVE-2018-7602 - Remote Code Execution - HTTP (Request) - Variant 2 | HIGH | | 2018/06/28 | DDI RULE 2687 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2687 |
| DDI RULE 2685 | Possible Host Discovery - ICMP (Response) | HIGH | | 2018/06/28 | DDI RULE 2685 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2685 |
| DDI RULE 2686 | Command Execution - SMB (Request) | HIGH | | 2018/06/26 | DDI RULE 2686 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2686 |
| DDI RULE 2680 | Acunetix Web Vulnerability Scanner - HTTP (Request) | HIGH | | 2018/06/26 | DDI RULE 2680 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2680 |
| DDI RULE 2681 | DirBuster - HTTP (Request) | MEDIUM | | 2018/06/26 | DDI RULE 2681 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2681 |
| DDI RULE 2682 | NMAP - HTTP (Request | MEDIUM | | 2018/06/26 | DDI RULE 2682 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2682 |
| DDI RULE 2683 | W3AF - HTTP (Request) | MEDIUM | | 2018/06/26 | DDI RULE 2683 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2683 |
| DDI RULE 2684 | GoLismero - HTTP (Request) | MEDIUM | | 2018/06/26 | DDI RULE 2684 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2684 |
| DDI RULE 2651 | JBOSSAS COMMAND EXECUTION EXPLOIT - HTTP (Request) | MEDIUM | | 2018/06/26 | DDI RULE 2651 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2651 |
| DDI RULE 2678 | CVE-2014-3120 - ElasticSearch Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/06/25 | DDI RULE 2678 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2678 |
| DDI RULE 2679 | CVE-2016-3714 - ImageMagick Command Execution Exploit - HTTP (Request) | MEDIUM | | 2018/06/25 | DDI RULE 2679 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2679 |
| DDI RULE 2674 | Web Vulnerability Scanner - HTTP (Request) | HIGH | | 2018/06/25 | DDI RULE 2674 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2674 |
| DDI RULE 2675 | Web Vulnerability Scanner - HTTP (Request) - Variant 2 | HIGH | | 2018/06/25 | DDI RULE 2675 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2675 |
| DDI RULE 2668 | REGEORG - HTTP (Request) | HIGH | | 2018/06/25 | DDI RULE 2668 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2668 |
| DDI RULE 2668 | REGEORG - HTTP (Request) | HIGH | | 2018/06/25 | DDI RULE 2668 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2668 |
| DDI RULE 2669 | APT - DARKHOTEL - HTTP (Request) | HIGH | | 2018/06/21 | DDI RULE 2669 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2669 |
| DDI RULE 2669 | APT - DARKHOTEL - HTTP (Request) | HIGH | | 2018/06/21 | DDI RULE 2669 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2669 |
| DDI RULE 2670 | Comprehensive Tool - TDS (Request) | HIGH | | 2018/06/21 | DDI RULE 2670 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2670 |
| DDI RULE 2670 | Comprehensive Tool - TDS (Request) | HIGH | | 2018/06/21 | DDI RULE 2670 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2670 |
| DDI RULE 2671 | Vulnerability Scanner - HTTP (Request) - Variant 3 | HIGH | | 2018/06/21 | DDI RULE 2671 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2671 |
| DDI RULE 2671 | Vulnerability Scanner - HTTP (Request) - Variant 3 | HIGH | | 2018/06/21 | DDI RULE 2671 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2671 |
| DDI RULE 2673 | Earthworm Port Forwarding - TCP (Request) | HIGH | | 2018/06/21 | DDI RULE 2673 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2673 |
| DDI RULE 2673 | Earthworm Port Forwarding - TCP (Request) | HIGH | | 2018/06/21 | DDI RULE 2673 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2673 |
| DDI RULE 2664 | CreateService - SMB (Request) | HIGH | | 2018/06/21 | DDI RULE 2664 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2664 |
| DDI RULE 2664 | CreateService - SMB (Request) | HIGH | | 2018/06/21 | DDI RULE 2664 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2664 |
| DDI RULE 2665 | SOFACY - HTTP (Request) | MEDIUM | | 2018/06/20 | DDI RULE 2665 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2665 |
| DDI RULE 2667 | CVE-2018-9995 Authentication Bypass Exploit - HTTP (Request) | HIGH | | 2018/06/20 | DDI RULE 2667 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2667 |
| DDI RULE 2663 | APT - EXFRAM - TCP (Request) | HIGH | | 2018/06/19 | DDI RULE 2663 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2663 |
| DDI RULE 2386 | C99 PHP SHELL - HTTP | HIGH | | 2018/06/19 | DDI RULE 2386 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2386 |
| DDI RULE 2387 | DK PHP SHELL - HTTP | HIGH | | 2018/06/19 | DDI RULE 2387 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2387 |
| DDI RULE 2417 | CVE-2017-7494 - Remote Code Execution - SMB (Request) - Variant 2 | MEDIUM | | 2018/06/19 | DDI RULE 2417 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2417 |
| DDI RULE 2658 | Ghost WebShell - HTTP (Request) | MEDIUM | | 2018/06/18 | DDI RULE 2658 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2658 |
| DDI RULE 2659 | PHP WebShell - HTTP (Request) - Variant 2 | MEDIUM | | 2018/06/18 | DDI RULE 2659 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2659 |
| DDI RULE 2660 | ASP WebShell - HTTP (Request) | HIGH | | 2018/06/18 | DDI RULE 2660 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2660 |
| DDI RULE 2661 | HYTOP2006 ASP WebShell - HTTP (Request) | MEDIUM | | 2018/06/18 | DDI RULE 2661 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2661 |
| DDI RULE 2662 | PHPSPY WebShell - HTTP (Request) | MEDIUM | | 2018/06/18 | DDI RULE 2662 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2662 |
| DDI RULE 266 | GOZI - HTTP (Request) | HIGH | | 2018/06/12 | DDI RULE 266 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-266 |
| DDI RULE 2655 | Possible CVE-2017-9506 Atlassian OAth Proxy Exploit - HTTP (Request) | MEDIUM | | 2018/06/12 | DDI RULE 2655 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2655 |
| DDI RULE 2656 | CVE-2018-1418 - QRADAR Command Injection - HTTP (Request) | HIGH | | 2018/06/12 | DDI RULE 2656 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2656 |
| DDI RULE 2602 | RIG - Exploit Kit - HTTP (Request) - Variant 5 | HIGH | | 2018/06/06 | DDI RULE 2602 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2602 |
| DDI RULE 2653 | PHOTOMINER - HTTP (Response) | HIGH | | 2018/06/05 | DDI RULE 2653 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2653 |
| DDI RULE 2654 | Powershell - SMB | MEDIUM | | 2018/06/05 | DDI RULE 2654 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2654 |
| DDI RULE 2418 | Suspicious file rename - SMB (Request) | HIGH | | 2018/06/05 | DDI RULE 2418 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2418 |
| DDI RULE 2445 | Suspicious file rename - SMB2 (Request) | HIGH | | 2018/06/05 | DDI RULE 2445 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2445 |
| DDI RULE 2652 | VPNFILTER - HTTP (Request) | HIGH | | 2018/06/04 | DDI RULE 2652 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2652 |
| DDI RULE 2649 | GRANDSOFT - Exploit Kit - HTTP(Request) | HIGH | | 2018/05/30 | DDI RULE 2649 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2649 |
| DDI RULE 2650 | ANDROM - HTTP (Response) | MEDIUM | | 2018/05/30 | DDI RULE 2650 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2650 |
| DDI RULE 2624 | POWERDNS - DNS (Response) | HIGH | | 2018/05/30 | DDI RULE 2624 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2624 |
| DDI RULE 2648 | CVE-2018-1000136 Electron Node Integration Exploit- HTTP (Request) | HIGH | | 2018/05/28 | DDI RULE 2648 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2648 |
| DDI RULE 2647 | ANDROM - HTTP (Request) | HIGH | | 2018/05/22 | DDI RULE 2647 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2647 |
| DDI RULE 2645 | CVE-2017-16598 Netgain SNMPWALK IP Directory Traversal Exploit HTTP - (Request) | HIGH | | 2018/05/21 | DDI RULE 2645 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2645 |
| DDI RULE 2646 | CVE-2018-1111 Remote Code Injection Exploit - DHCP (Response) | HIGH | | 2018/05/21 | DDI RULE 2646 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2646 |
| DDI RULE 2641 | CVE-2018-1308 Apache Solr Data Import Handler XML Exploit - HTTP (Request) | HIGH | | 2018/05/21 | DDI RULE 2641 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2641 |
| DDI RULE 2644 | Suspicious Access to a bit Domain - DNS (Response) | MEDIUM | | 2018/05/17 | DDI RULE 2644 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2644 |
| DDI RULE 2072 | CVE-2016-3081 - Remote Code Execution - HTTP (Request) - Variant 2 | LOW | | 2018/05/17 | DDI RULE 2072 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2072 |
| DDI RULE 2642 | NEGASTEAL - HTTP (Request) | HIGH | | 2018/05/16 | DDI RULE 2642 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2642 |
| DDI RULE 2643 | NECURS - SMB | HIGH | | 2018/05/16 | DDI RULE 2643 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2643 |
| DDI RULE 2638 | CVE-2018-7602 - Remote Code Execution - HTTP (Request) | HIGH | | 2018/05/15 | DDI RULE 2638 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2638 |
| DDI RULE 2640 | CVE-2018-5443 Advantech Webaccess SQL Injection - HTTP (Request) | HIGH | | 2018/05/15 | DDI RULE 2640 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2640 |
| DDI RULE 2637 | CVE-2018-0171 Buffer Overflow - TCP (Request) | MEDIUM | | 2018/05/09 | DDI RULE 2637 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2637 |
| DDI RULE 2625 | UDPOS - DNS (Request) | HIGH | | 2018/05/09 | DDI RULE 2625 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2625 |
| DDI RULE 2574 | CVE-2017-16943 EXIM Remote Code Execution exploit - SMTP (Request) | MEDIUM | | 2018/05/08 | DDI RULE 2574 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2574 |
| DDI RULE 2635 | Abnormal x509v3 Subject Key Identifier extension - HTTPS (Response) | LOW | | 2018/05/07 | DDI RULE 2635 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2635 |
| DDI RULE 2636 | Executable File inside Certificate - HTTPS (Response) | HIGH | | 2018/05/07 | DDI RULE 2636 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2636 |
| DDI RULE 2526 | NECURS - HTTP (Request) - Variant 2 | HIGH | | 2018/05/07 | DDI RULE 2526 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2526 |
| DDI RULE 2633 | JAKU - HTTP (Request) | HIGH | | 2018/05/03 | DDI RULE 2633 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2633 |
| DDI RULE 2634 | KWAMPIRS - HTTP (Request) | HIGH | | 2018/05/03 | DDI RULE 2634 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2634 |
| DDI RULE 2631 | CVE-2018-9843 Rest API Remote Code Execution - HTTP (Request) | HIGH | | 2018/05/03 | DDI RULE 2631 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2631 |
| DDI RULE 2630 | HNAP1 Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/05/02 | DDI RULE 2630 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2630 |
| DDI RULE 2604 | CVE-2018-6389 WordPress Load-Scripts Exploit - HTTP (Request) | HIGH | | 2018/05/02 | DDI RULE 2604 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2604 |
| DDI RULE 2627 | Possible EMPIRE - HTTP (Request) | HIGH | | 2018/04/24 | DDI RULE 2627 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2627 |
| DDI RULE 2628 | HNAP1 Buffer Overflow Exploit - HTTP (Request) | MEDIUM | | 2018/04/24 | DDI RULE 2628 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2628 |
| DDI RULE 2572 | HTA PowerShell Empire - HTTP (Request) - Variant 2 | HIGH | | 2018/04/24 | DDI RULE 2572 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2572 |
| DDI RULE 2037 | Possible HTA PowerShell Empire (Request) | HIGH | | 2018/04/24 | DDI RULE 2037 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2037 |
| DDI RULE 2049 | LETSENCRYPT SSL CERTIFICATE detected | HIGH | | 2018/04/16 | DDI RULE 2049 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2049 |
| DDI RULE 2622 | CVE-2013-4810 JBoss AS Marshalled Object Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/04/10 | DDI RULE 2622 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2622 |
| DDI RULE 2618 | CVE-2018-0833 Denial of Sercice - SMB2 (Response) | HIGH | | 2018/04/10 | DDI RULE 2618 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2618 |
| DDI RULE 2619 | CVE-2013-2618 Network Weathermap Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/04/10 | DDI RULE 2619 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2619 |
| DDI RULE 262 | FAKEAV - HTTP (Request) - Variant 23 | HIGH | | 2018/04/10 | DDI RULE 262 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-262 |
| DDI RULE 2605 | UDPOS - HTTP (Request) | HIGH | | 2018/04/10 | DDI RULE 2605 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2605 |
| DDI RULE 1179 | ZBOT - HTTP (Request) - Variant 4 | HIGH | | 2018/04/05 | DDI RULE 1179 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1179 |
| DDI RULE 118 | Public C&C IP address - IRC (Request) | MEDIUM | | 2018/04/05 | DDI RULE 118 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-118 |
| DDI RULE 2458 | COMMAND INJECTION IN URI - HTTP | HIGH | | 2018/04/05 | DDI RULE 2458 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2458 |
| DDI RULE 2620 | Suspicious Executable File Download - HTTP (Response) | HIGH | | 2018/04/04 | DDI RULE 2620 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2620 |
| DDI RULE 2616 | Suspicious CWS Flash - HTTP (Response) | MEDIUM | | 2018/03/28 | DDI RULE 2616 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2616 |
| DDI RULE 2617 | GANDCRAB - Ransomware - HTTP (Response) | HIGH | | 2018/03/28 | DDI RULE 2617 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2617 |
| DDI RULE 2562 | Signed Malware Certificate - SSL | MEDIUM | | 2018/03/28 | DDI RULE 2562 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2562 |
| DDI RULE 634 | APT - DARKCOMET - HTTP (Request) | HIGH | | 2018/03/26 | DDI RULE 634 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-634 |
| DDI RULE 673 | RAMNIT - TCP | HIGH | | 2018/03/26 | DDI RULE 673 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-673 |
| DDI RULE 1127 | AUTORUN - HTTP (Request) | HIGH | | 2018/03/26 | DDI RULE 1127 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1127 |
| DDI RULE 1563 | APT - DARKCOMET - TCP - Variant 3 | HIGH | | 2018/03/26 | DDI RULE 1563 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1563 |
| DDI RULE 1454 | NJW0RM TCP Request | HIGH | | 2018/03/26 | DDI RULE 1454 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1454 |
| DDI RULE 2141 | ATMOS - HTTP (Response) | HIGH | | 2018/03/26 | DDI RULE 2141 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2141 |
| DDI RULE 1809 | CRYPTESLA - Ransomware - HTTP (Response) | HIGH | | 2018/03/26 | DDI RULE 1809 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1809 |
| DDI RULE 2157 | LOKI - HTTP (Request) | HIGH | | 2018/03/26 | DDI RULE 2157 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2157 |
| DDI RULE 2279 | QUANTLOADER - HTTP (Request) | HIGH | | 2018/03/26 | DDI RULE 2279 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2279 |
| DDI RULE 2232 | RULTAZO - HTTP (Request) | HIGH | | 2018/03/26 | DDI RULE 2232 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2232 |
| DDI RULE 2314 | MALICIOUS - HTTP (Response) | HIGH | | 2018/03/26 | DDI RULE 2314 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2314 |
| DDI RULE 2504 | CVE-2017-9798 - APACHE OPTIONSBLEED Vulnerability - HTTP (Response) | HIGH | | 2018/03/21 | DDI RULE 2504 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2504 |
| DDI RULE 2615 | CVE-2017-12629 Apache Solr XML RCE Exploit - HTTP (Request) | HIGH | | 2018/03/20 | DDI RULE 2615 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2615 |
| DDI RULE 319 | VIRTUMONDE - HTTP (Request) | MEDIUM | | 2018/03/20 | DDI RULE 319 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-319 |
| DDI RULE 32 | Suspicious executable file extension - Variant 3 | MEDIUM | | 2018/03/20 | DDI RULE 32 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-32 |
| DDI RULE 2610 | Possible MEMCACHED Amplified DDOS Attempt - UDP (Request) | HIGH | | 2018/03/19 | DDI RULE 2610 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2610 |
| DDI RULE 2611 | CANNIBALRAT - HTTP (Request) | HIGH | | 2018/03/19 | DDI RULE 2611 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2611 |
| DDI RULE 2612 | NETWIRED - TCP (Request) | HIGH | | 2018/03/19 | DDI RULE 2612 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2612 |
| DDI RULE 2613 | POWERSHELL Download - HTTP (Request) - Variant 2 | HIGH | | 2018/03/19 | DDI RULE 2613 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2613 |
| DDI RULE 1434 | Remote PHP-CGI Command Execution - HTTP (Request) | HIGH | | 2018/03/15 | DDI RULE 1434 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1434 |
| DDI RULE 1571 | ZOLLARD Command Execution - HTTP (Request) | HIGH | | 2018/03/15 | DDI RULE 1571 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1571 |
| DDI RULE 2608 | EMOTET - HTTP (Response) - Variant 2 | HIGH | | 2018/03/12 | DDI RULE 2608 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2608 |
| DDI RULE 2609 | HANCITOR - HTTP (Request) - Variant 3 | HIGH | | 2018/03/12 | DDI RULE 2609 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2609 |
| DDI RULE 1450 | ZBOT - HTTP (Request) - Variant 6 | HIGH | | 2018/03/08 | DDI RULE 1450 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1450 |
| DDI RULE 2528 | MS17-010 - Remote Code Execution - SMB (Request) - Variant 2 | HIGH | | 2018/03/07 | DDI RULE 2528 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2528 |
| DDI RULE 2435 | MS17-010 - Remote Code Execution - SMB (Request) | MEDIUM | | 2018/03/07 | DDI RULE 2435 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2435 |
| DDI RULE 2380 | CVE-2017-0147 - Information Disclosure Exploit - SMB (Request) | MEDIUM | | 2018/03/07 | DDI RULE 2380 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2380 |
| DDI RULE 2382 | CVE-2017-0145 - Remote Code Execution - SMB (Request) | MEDIUM | | 2018/03/07 | DDI RULE 2382 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2382 |
| DDI RULE 2383 | CVE-2017-0144 - Remote Code Execution - SMB (Request) | HIGH | | 2018/03/07 | DDI RULE 2383 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2383 |
| DDI RULE 1896 | ANDROID METERPRETER REVERSE TCP Response | HIGH | | 2018/03/01 | DDI RULE 1896 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1896 |
| DDI RULE 1897 | ANDROID SHELL REVERSE TCP Response | HIGH | | 2018/03/01 | DDI RULE 1897 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1897 |
| DDI RULE 2000 | REVERSE TCP DLLINJECT METASPLOIT PAYLOAD | HIGH | | 2018/03/01 | DDI RULE 2000 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2000 |
| DDI RULE 2001 | LSASS Dump File Upload | LOW | | 2018/03/01 | DDI RULE 2001 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2001 |
| DDI RULE 2436 | CVE-2017-8543 - Remote Code Execution - SMB (Request) | HIGH | | 2018/03/01 | DDI RULE 2436 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2436 |
| DDI RULE 2490 | CVE-2017-9805 - ApacheStruts XStream RCE Exploit - HTTP (Request) | HIGH | | 2018/03/01 | DDI RULE 2490 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2490 |
| DDI RULE 2491 | CVE-2017-12611 - APACHE STRUTS EXPLOIT - HTTP (Request) | HIGH | | 2018/03/01 | DDI RULE 2491 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2491 |
| DDI RULE 2543 | VACRON Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/03/01 | DDI RULE 2543 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2543 |
| DDI RULE 2539 | AVTECH Authentication ByPass Exploit - HTTP (Request) | HIGH | | 2018/03/01 | DDI RULE 2539 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2539 |
| DDI RULE 2505 | Linux Reverse Shell - TCP (Response) | HIGH | | 2018/03/01 | DDI RULE 2505 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2505 |
| DDI RULE 2502 | CVE-2017-5689 - Intel AMT Digest Authentication Bypass exploit - HTTP (Request) | HIGH | | 2018/03/01 | DDI RULE 2502 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2502 |
| DDI RULE 2493 | CVE-2017-8759 - SOAP WSDL Command Injection Exploit - HTTP (Request) | HIGH | | 2018/03/01 | DDI RULE 2493 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2493 |
| DDI RULE 2550 | DLINK Command Injection Exploit - HTTP (Request) | HIGH | | 2018/03/01 | DDI RULE 2550 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2550 |
| DDI RULE 2601 | CVE-2017-12635 Apache CouchDB Escalation Privelage - HTTP (Request) | HIGH | | 2018/03/01 | DDI RULE 2601 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2601 |
| DDI RULE 2607 | NUKESPED - TCP (Response) | HIGH | | 2018/03/01 | DDI RULE 2607 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2607 |
| DDI RULE 2593 | CVE-2017-4933 VMWDynResolution Buffer Overflow Exploit - VNC (Request) | HIGH | | 2018/03/01 | DDI RULE 2593 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2593 |
| DDI RULE 2409 | File renamed - LOCKY - Ransomware - SMB (Request) | HIGH | | 2018/02/28 | DDI RULE 2409 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2409 |
| DDI RULE 241 | Incorrect Content-Type value in header - HTTP (Response) - Variant 2 | MEDIUM | | 2018/02/28 | DDI RULE 241 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-241 |
| DDI RULE 2410 | File renamed - CRYSIS - Ransomware - SMB (Request) | HIGH | | 2018/02/28 | DDI RULE 2410 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2410 |
| DDI RULE 2365 | File renamed - SOREBRECT - Ransomware - SMB (Request) | HIGH | | 2018/02/28 | DDI RULE 2365 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2365 |
| DDI RULE 2606 | HTA Download - HTTP (Request) | LOW | | 2018/02/26 | DDI RULE 2606 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2606 |
| DDI RULE 1667 | CVE-2014-6332 - OLE Array Remote Code Execution HTTP Exploit | HIGH | | 2018/02/22 | DDI RULE 1667 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1667 |
| DDI RULE 2603 | CVE-2017-12636 Apache CouchDB Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/02/21 | DDI RULE 2603 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2603 |
| DDI RULE 1578 | RIG Exploit - HTTP (Request) | HIGH | | 2018/02/19 | DDI RULE 1578 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1578 |
| DDI RULE 1540 | RIG Exploit - HTTP (Request) - Variant 2 | HIGH | | 2018/02/19 | DDI RULE 1540 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1540 |
| DDI RULE 1860 | CRYPTESLA - Ransomware - HTTP (Request) - Variant 3 | HIGH | | 2018/02/19 | DDI RULE 1860 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1860 |
| DDI RULE 1790 | CRYPTESLA HTTP REQUEST | HIGH | | 2018/02/19 | DDI RULE 1790 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1790 |
| DDI RULE 1799 | CRYPTESLA - HTTP (Request) - Variant 2 | HIGH | | 2018/02/19 | DDI RULE 1799 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1799 |
| DDI RULE 2131 | RIG - Exploit Kit - HTTP(Request) - Variant 3 | HIGH | | 2018/02/19 | DDI RULE 2131 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2131 |
| DDI RULE 2032 | CRYPTESLA - Ransomware - HTTP (Request) - Variant 4 | HIGH | | 2018/02/19 | DDI RULE 2032 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2032 |
| DDI RULE 2441 | PsExec PETYA - Ransomware - SMB | HIGH | | 2018/02/13 | DDI RULE 2441 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2441 |
| DDI RULE 2442 | Possible PsExec PETYA - Ransomware - SMB | MEDIUM | | 2018/02/13 | DDI RULE 2442 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2442 |
| DDI RULE 2527 | CreateService BADRABBIT - Ransomware - SMB | HIGH | | 2018/02/13 | DDI RULE 2527 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2527 |
| DDI RULE 2598 | PsExec PETYA - Ransomware - SMB2 | HIGH | | 2018/02/13 | DDI RULE 2598 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2598 |
| DDI RULE 2599 | CreateService BADRABBIT - Ransomware - SMB2 | HIGH | | 2018/02/13 | DDI RULE 2599 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2599 |
| DDI RULE 2594 | CVE-2017-3506 - Oracle Weblogic Exploit - HTTP (Request) | HIGH | | 2018/02/13 | DDI RULE 2594 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2594 |
| DDI RULE 2595 | CROSSRAT - TCP (Request) | HIGH | | 2018/02/12 | DDI RULE 2595 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2595 |
| DDI RULE 2596 | SMOMINRU - HTTP (Request) | HIGH | | 2018/02/12 | DDI RULE 2596 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2596 |
| DDI RULE 2597 | GANDCRAB - Ransomware - HTTP (Request) | HIGH | | 2018/02/12 | DDI RULE 2597 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2597 |
| DDI RULE 2592 | PROTUX - HTTP (Request) - Variant 2 | HIGH | | 2018/02/12 | DDI RULE 2592 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2592 |
| DDI RULE 2357 | CVE-2017-7269 - WebDAV Buffer Overflow - HTTP (Request) | HIGH | | 2018/02/07 | DDI RULE 2357 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2357 |
| DDI RULE 1854 | SWITREX LOGIN Request | HIGH | | 2018/02/06 | DDI RULE 1854 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1854 |
| DDI RULE 2591 | KRBANKER - HTTP (Response) | HIGH | | 2018/01/30 | DDI RULE 2591 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2591 |
| DDI RULE 2560 | SAD - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2560 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2560 |
| DDI RULE 2561 | DYNAMER - HTTP (Request) - Variant 2 | HIGH | | 2018/01/25 | DDI RULE 2561 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2561 |
| DDI RULE 2570 | UBOATRAT - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2570 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2570 |
| DDI RULE 2571 | MAILSPLOIT - SMTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2571 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2571 |
| DDI RULE 2577 | DIGMINE - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2577 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2577 |
| DDI RULE 2578 | CVE-2017-17215 - Remote Code Execution - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2578 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2578 |
| DDI RULE 2579 | MALPHISH - HTTP (Request) - Variant 2 | HIGH | | 2018/01/25 | DDI RULE 2579 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2579 |
| DDI RULE 258 | FAKEAV - HTTP (Request) - Variant 8 | HIGH | | 2018/01/25 | DDI RULE 258 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-258 |
| DDI RULE 2580 | AGENT - HTTP (Request) - Variant 5 | HIGH | | 2018/01/25 | DDI RULE 2580 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2580 |
| DDI RULE 2581 | BITMAN - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2581 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2581 |
| DDI RULE 1771 | RANSOM TCP Request - Class 2 | HIGH | | 2018/01/25 | DDI RULE 1771 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1771 |
| DDI RULE 2074 | SURPRISE - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2074 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2074 |
| DDI RULE 2077 | CRYPNISCA - Ransomware - UDP | HIGH | | 2018/01/25 | DDI RULE 2077 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2077 |
| DDI RULE 2148 | JSRAA - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2148 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2148 |
| DDI RULE 2071 | CERBER - Ransomware - UDP | HIGH | | 2018/01/25 | DDI RULE 2071 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2071 |
| DDI RULE 2271 | WILDFIRE - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2271 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2271 |
| DDI RULE 2292 | SPICYCRYPT - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2292 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2292 |
| DDI RULE 2153 | SATANA - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2153 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2153 |
| DDI RULE 2227 | SKEEYAH - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2227 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2227 |
| DDI RULE 1614 | RANSOM - HTTP (Request) - Variant 13 | HIGH | | 2018/01/25 | DDI RULE 1614 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1614 |
| DDI RULE 1500 | RANSOM TCP Request - Class 1 | HIGH | | 2018/01/25 | DDI RULE 1500 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1500 |
| DDI RULE 1096 | RANSOM - HTTP (Request) - Variant 2 | HIGH | | 2018/01/25 | DDI RULE 1096 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1096 |
| DDI RULE 1097 | RANSOM - HTTP (Request) - Variant 3 | HIGH | | 2018/01/25 | DDI RULE 1097 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1097 |
| DDI RULE 1172 | RANSOM - HTTP (Request) - Variant 5 | HIGH | | 2018/01/25 | DDI RULE 1172 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1172 |
| DDI RULE 1164 | RANSOM - HTTP (Request) - Variant 4 | HIGH | | 2018/01/25 | DDI RULE 1164 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1164 |
| DDI RULE 1213 | RANSOM - HTTP (Request) - Variant 6 | HIGH | | 2018/01/25 | DDI RULE 1213 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1213 |
| DDI RULE 1302 | RANSOM - HTTP (Request) - Variant 7 | HIGH | | 2018/01/25 | DDI RULE 1302 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1302 |
| DDI RULE 1295 | RANSOM - HTTP (Request) - Variant 9 | HIGH | | 2018/01/25 | DDI RULE 1295 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1295 |
| DDI RULE 2344 | SPORA - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2344 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2344 |
| DDI RULE 2554 | ICEDID - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2554 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2554 |
| DDI RULE 2555 | TOXOCARA - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2555 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2555 |
| DDI RULE 2556 | TIGGRE - TCP (Request) | HIGH | | 2018/01/25 | DDI RULE 2556 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2556 |
| DDI RULE 2557 | VOLGMER - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2557 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2557 |
| DDI RULE 2558 | CVE-2017-11779 - DNSAPI NSEC3 Buffer Overflow Exploit - DNS (Response) | HIGH | | 2018/01/25 | DDI RULE 2558 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2558 |
| DDI RULE 2590 | CVE-2017-6736 - Remote Code Execution Exploit - SNMP (Request) | MEDIUM | | 2018/01/24 | DDI RULE 2590 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2590 |
| DDI RULE 2588 | CVE-2017-9822 DotNetNuke Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/01/22 | DDI RULE 2588 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2588 |
| DDI RULE 2352 | CVE-2017-5638 - APACHE STRUTS EXPLOIT - HTTP (Request) - Variant 2 | HIGH | | 2018/01/22 | DDI RULE 2352 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2352 |
| DDI RULE 2589 | LOKI - HTTP (Response) | HIGH | | 2018/01/18 | DDI RULE 2589 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2589 |
| DDI RULE 2586 | NECURS - HTTP (Request) - Variant 4 | MEDIUM | | 2018/01/16 | DDI RULE 2586 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2586 |
| DDI RULE 2587 | SAGECRYPT - HTTP (Request) | MEDIUM | | 2018/01/16 | DDI RULE 2587 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2587 |
| DDI RULE 2565 | Data Exfiltration - ICMP (Request) | MEDIUM | | 2018/01/16 | DDI RULE 2565 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2565 |
| DDI RULE 1250 | FAKEAV - HTTP (Request) - Variant 35 | HIGH | | 2018/01/16 | DDI RULE 1250 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1250 |
| DDI RULE 1475 | FAKEAV - HTTP (Request) - Variant 37 | HIGH | | 2018/01/16 | DDI RULE 1475 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1475 |
| DDI RULE 1476 | FAKEAV - HTTP (Request) - Variant 38 | HIGH | | 2018/01/16 | DDI RULE 1476 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1476 |
| DDI RULE 1397 | FAKEAV - HTTP (Request) - Variant 25 | HIGH | | 2018/01/16 | DDI RULE 1397 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1397 |
| DDI RULE 2585 | Ratankba Downloader - HTTP (Response) | HIGH | | 2018/01/15 | DDI RULE 2585 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2585 |
| DDI RULE 2583 | Powershell script requested from root directory - HTTP (Request) | HIGH | | 2018/01/15 | DDI RULE 2583 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2583 |
| DDI RULE 2582 | CVE-2017-3248 - UnicastRef Insecure Deserialization | HIGH | | 2018/01/11 | DDI RULE 2582 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2582 |
| DDI RULE 2345 | RATANKBA - HTTP (Request) | HIGH | | 2018/01/11 | DDI RULE 2345 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2345 |
| DDI RULE 2294 | SUNDOWN - Exploit Kit - HTTP(Request) | HIGH | | 2018/01/09 | DDI RULE 2294 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2294 |
| DDI RULE 2575 | Command Injection via UPnP SOAP Interface - HTTP (Request) | HIGH | | 2018/01/09 | DDI RULE 2575 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2575 |
| DDI RULE 2576 | Electroneum(ETN) Webminer Malvertisment - HTTP (Request) | HIGH | | 2018/01/04 | DDI RULE 2576 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2576 |
| DDI RULE 2278 | KARMA - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2278 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2278 |
| DDI RULE 2284 | HIDDENTEARHAPPY - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2284 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2284 |
| DDI RULE 2251 | LOCKY - Ransomware - HTTP (Request) - Variant 4 | HIGH | | 2018/01/03 | DDI RULE 2251 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2251 |
| DDI RULE 2259 | NUCLEAR - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2259 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2259 |
| DDI RULE 2226 | KAWAIILOCKER - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2226 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2226 |
| DDI RULE 2166 | PIZACRYP - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2166 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2166 |
| DDI RULE 2305 | EXMAS - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2305 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2305 |
| DDI RULE 2076 | CRYPZUQUIT - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2076 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2076 |
| DDI RULE 2117 | DEMOCRY - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2117 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2117 |
| DDI RULE 2028 | LOCKY - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2028 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2028 |
| DDI RULE 2031 | RANSOM HYDRA - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2031 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2031 |
| DDI RULE 2020 | RANSOM LECTOOL HTTP Request | HIGH | | 2018/01/03 | DDI RULE 2020 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2020 |
| DDI RULE 1344 | RANSOM - HTTP (Request) - Variant 10 | HIGH | | 2018/01/03 | DDI RULE 1344 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1344 |
| DDI RULE 1479 | RANSOM - HTTP (Request) - Variant 11 | HIGH | | 2018/01/03 | DDI RULE 1479 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1479 |
| DDI RULE 1518 | RANSOM - HTTP (Request) - Variant 12 | HIGH | | 2018/01/03 | DDI RULE 1518 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1518 |
| DDI RULE 2373 | MATRIX - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2373 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2373 |
| DDI RULE 2375 | MATRIX - Ransomware - HTTP (Response) | HIGH | | 2018/01/03 | DDI RULE 2375 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2375 |
| DDI RULE 2563 | Data Exfiltration - HTTP (Request) | HIGH | | 2017/12/28 | DDI RULE 2563 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2563 |
| DDI RULE 2075 | CRYPRADAM - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2075 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2075 |
| DDI RULE 2061 | CRYPWALL - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2061 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2061 |
| DDI RULE 2119 | CRIPTODC - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2119 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2119 |
| DDI RULE 2120 | BUCBI - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2120 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2120 |
| DDI RULE 2093 | CRYPVAULT - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2093 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2093 |
| DDI RULE 2094 | CRYPCORE - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2094 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2094 |
| DDI RULE 2096 | CRYPAPLHA - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2096 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2096 |
| DDI RULE 2228 | CRYPBEE - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2228 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2228 |
| DDI RULE 2229 | BARTZ - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2229 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2229 |
| DDI RULE 2217 | CRYPHYDRA - Ransomware - HTTP (Request) - Variant 2 | HIGH | | 2017/12/21 | DDI RULE 2217 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2217 |
| DDI RULE 2225 | CRYPY - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2225 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2225 |
| DDI RULE 2337 | CRYPSHIELD - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2337 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2337 |
| DDI RULE 2338 | CERBER - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2338 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2338 |
| DDI RULE 2403 | CRYPMOLE - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2403 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2403 |
| DDI RULE 1289 | MINER - HTTP (Request) | HIGH | | 2017/12/20 | DDI RULE 1289 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1289 |
| DDI RULE 2573 | MINER - TCP (Request) | MEDIUM | | 2017/12/20 | DDI RULE 2573 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2573 |
| DDI RULE 2411 | File renamed - WCRY - Ransomware - SMB (Request) | HIGH | | 2017/12/19 | DDI RULE 2411 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2411 |
| DDI RULE 2261 | GAFGYT - HTTP (Request) | HIGH | | 2017/12/18 | DDI RULE 2261 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2261 |
| DDI RULE 153 | Possible DOWNAD - Encrypted connection - TCP | LOW | | 2017/12/13 | DDI RULE 153 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-153 |
| DDI RULE 2568 | COBALTSTRIKE - DNS (Response) | HIGH | | 2017/12/13 | DDI RULE 2568 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2568 |
| DDI RULE 2569 | TOXOCARA - DNS (Response) | HIGH | | 2017/12/13 | DDI RULE 2569 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2569 |
| DDI RULE 2566 | Data Exfiltration - DNS (Request) | HIGH | | 2017/12/07 | DDI RULE 2566 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2566 |
| DDI RULE 2567 | Data Exfiltration - UDP (Request) | HIGH | | 2017/12/07 | DDI RULE 2567 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2567 |
| DDI RULE 2564 | Data Exfiltration - TCP (Request) | HIGH | | 2017/12/07 | DDI RULE 2564 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2564 |
| DDI RULE 2423 | FATALISTICZ - HTTP | HIGH | | 2017/12/06 | DDI RULE 2423 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2423 |
| DDI RULE 2559 | CVE-2017-12149 - JBOSSAS COMMAND EXECUTION EXPLOIT - HTTP (Request) | MEDIUM | | 2017/12/04 | DDI RULE 2559 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2559 |
| DDI RULE 2516 | Coinhive JavaScript Miner - HTTPS (Request) | LOW | | 2017/12/04 | DDI RULE 2516 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2516 |
| DDI RULE 2552 | Possible Brute force - Telnet (Response) | MEDIUM | | 2017/11/23 | DDI RULE 2552 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2552 |
| DDI RULE 38 | Multiple unsuccessful logon attempts | LOW | | 2017/11/23 | DDI RULE 38 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-38 |
| DDI RULE 386 | UTOTI - HTTP (Request) | HIGH | | 2017/11/23 | DDI RULE 386 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-386 |
| DDI RULE 39 | Host DNS query to a non-trusted DNS server | MEDIUM | | 2017/11/23 | DDI RULE 39 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-39 |
| DDI RULE 1034 | KOOBFACE - HTTP (Request) | HIGH | | 2017/11/22 | DDI RULE 1034 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1034 |
| DDI RULE 2551 | TRUEBOT - HTTP (Request) | HIGH | | 2017/11/20 | DDI RULE 2551 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2551 |
| DDI RULE 1539 | Windows Remote Management Service Detected - HTTP (Request) | MEDIUM | | 2017/11/15 | DDI RULE 1539 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1539 |
| DDI RULE 2537 | Powershell Remote Command Execution Via WinRM - HTTP(Request) | HIGH | | 2017/11/15 | DDI RULE 2537 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2537 |
| DDI RULE 2548 | LINKSYS Remote Code Execution - HTTP (Request) | HIGH | | 2017/11/14 | DDI RULE 2548 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2548 |
| DDI RULE 2549 | Possible LINKSYS Remote Code Execution - HTTP (Request) | HIGH | | 2017/11/14 | DDI RULE 2549 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2549 |
| DDI RULE 2546 | DLINK Directory Traversal Exploit - HTTP (Request) | HIGH | | 2017/11/09 | DDI RULE 2546 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2546 |
| DDI RULE 2538 | APT - WIPBOT - HTTP (Request) | HIGH | | 2017/11/07 | DDI RULE 2538 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2538 |
| DDI RULE 2540 | REAPER - HTTP (Request) | HIGH | | 2017/11/07 | DDI RULE 2540 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2540 |
| DDI RULE 2541 | REAPER - HTTP (Request) - Variant 2 | HIGH | | 2017/11/07 | DDI RULE 2541 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2541 |
| DDI RULE 2542 | MINER - HTTP (Response) | HIGH | | 2017/11/07 | DDI RULE 2542 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2542 |
| DDI RULE 2063 | CHOPPER - HTTP (Request) | HIGH | | 2017/11/02 | DDI RULE 2063 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2063 |
| DDI RULE 1760 | Possible UPATRE - HTTP (Request) | MEDIUM | | 2017/11/02 | DDI RULE 1760 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-1760 |
| DDI RULE 2533 | EDA2ANUBIS - HTTP (Request) | HIGH | | 2017/10/30 | DDI RULE 2533 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2533 |
| DDI RULE 2534 | INSOMNIA - HTTP | HIGH | | 2017/10/30 | DDI RULE 2534 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2534 |
| DDI RULE 2535 | WEBACOO - HTTP | HIGH | | 2017/10/30 | DDI RULE 2535 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2535 |
| DDI RULE 2536 | Netgear ReadyNAS RCE Exploit - HTTP (Request) | HIGH | | 2017/10/30 | DDI RULE 2536 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2536 |
| DDI RULE 2128 | HANCITOR - HTTP (Request) | HIGH | | 2017/10/27 | DDI RULE 2128 | /vinfo/ie/threat-encyclopedia/network/ddi-rule-2128 |
