Search

Description Name: Possible CVE-2019-12815 ProFTPD Remote Code Execution - FTP (Request) . This is Trend Micro detection for POSSIBLE network protocol that manifests exploit activities and can be used for Point of Entry or Lateral Movement.The host ex...

and/or links. Users should still be wary and avoid replying to such emails because it is possible that the attacker behind these attacks could just be fishing for active email addresses in search of

This URL is a possible downloader.

embedded executable on the Java file. ZDMAfj It then used the value from the parameter to access a possible malicious URL to download and execute possible malicious files on the affected system. Downloaded

It attempts to connect to the a specific URL to download possible malicious file. As a result, routines of the downloaded file are exhibited in the system. This Trojan may be dropped by other

TROJ_FAKEAV.FBP connects to this site to download possible malicious files.

WORM_TRAXG.AC connects this site to download other possible malicious files.

This is the site where PE_SALITY.RL downloads other possible malicious files.

This is the site where PE_SALITY.RL downloads other possible malicious files.

Possible downloader with query string value of =serw.clicksor.com (also blocked).

NOTES: This detection is for weaponized RTF files. It detects possible exploits for the following vulnerabilities: CVE-2017-11882 CVE-2012-0158 CVE-2015-1641 CVE-2015-1770 CVE-2014-1761 CVE-2017-8570

When users visit this URL, a prompt appears to download an Adobe Flash Player file. It appears to scan your computer for possible malware.

It is possible to get content of any arbitrary file from the web server by using ImageMagick's 'label' pseudo protocol. Apply associated Trend Micro DPI Rules. 1007610|

It is possible to delete arbitrary files on a web server by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading. Apply associated Trend Micro DPI Rules. 1007610|

It is possible to move image files to file with any extension in any folder on a web server by using ImageMagick's 'msl' pseudo protocol. Apply associated Trend Micro DPI Rules. 1007610|

message: target possible have bug under is *nix passwd file{the actual contents of the password file) If the password file neither contains "root" nor "bin/bash", it displays the following message instead:

" or "bin/bash", it displays the following message: target possible have bug under is *nix passwd file{the actual contents of the password file) If the password file neither contains "root" nor "bin/bash

* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services 1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share 1010192* -

to be able to extract and execute the embedded executable on the Java file. exec xkey It then used the value from the parameter to access a possible malicious URL to download and execute possible

Micro DPI Rules. 1000609| 1000609 - Apache Possible Directory Index Disclosure Vulnerability