Network Content Inspection Rules
Default Rule:
Enable
Disable
| Rule ID | Rule Description | Confidence Level | DDI Default Rule | Network Content Inspection Pattern Release Date | ||
|---|---|---|---|---|---|---|
| DDI RULE 5515 | Matchboil Downloader- HTTP (Request) | 2025/10/13 | DDI RULE 5515 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5515 | ||
| DDI RULE 5526 | SPOOLSS Enumeration via Endpoint Mapper Sensor - DCE-RPC (Request) | 2025/10/13 | DDI RULE 5526 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5526 | ||
| DDI RULE 5530 | DNS Query for SOA Record Sensor - DNS (Response) | 2025/10/13 | DDI RULE 5530 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5530 | ||
| DDI RULE 5541 | Machine requested TGS for Administrator - Kerberos (Request) | 2025/10/13 | DDI RULE 5541 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5541 | ||
| DDI RULE 5543 | Suspicious SAMR Enumeration via Endpoint Mapper Sensor - DCE-RPC (Request) | 2025/10/13 | DDI RULE 5543 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5543 | ||
| DDI RULE 5511 | CVE-2025-26319 - FlowiseAI Flowise attachments Directory Traversal Exploit - HTTP(Response) | 2025/10/09 | DDI RULE 5511 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5511 | ||
| DDI RULE 5519 | CVE-2025-53417 - DIAview Directory Traversal Exploit - HTTP(Response) | 2025/10/09 | DDI RULE 5519 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5519 | ||
| DDI RULE 5535 | CVE-2025-7913 - TOTOLINK Buffer Overflow Exploit - TCP(Request) | 2025/10/09 | DDI RULE 5535 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5535 | ||
| DDI RULE 5537 | CVE-2025-52367 - PivotX CMS Cross Site Scripting Exploit- HTTP(Request) | 2025/10/09 | DDI RULE 5537 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5537 | ||
| DDI RULE 5539 | CVE-2025-7912 - TOTOLINK Buffer Overflow Exploit - TCP(Request) | 2025/10/09 | DDI RULE 5539 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5539 | ||
| DDI RULE 5522 | CVE-2025-1829 - TOTOLINK Command Injection Exploit - HTTP(Request) | 2025/10/08 | DDI RULE 5522 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5522 | ||
| DDI RULE 5524 | NetExec PetitPotam RCE Attempt - HTTP (Request) | 2025/10/08 | DDI RULE 5524 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5524 | ||
| DDI RULE 5527 | Suspicious Search DNS Node Object Query - LDAP (Request) | 2025/10/08 | DDI RULE 5527 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5527 | ||
| DDI RULE 5529 | AddRequest to DomainDnsZones Sensor - LDAP (Request) | 2025/10/08 | DDI RULE 5529 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5529 | ||
| DDI RULE 5533 | Samsung MagicINFO 9 File RCE Exploit - HTTP(Request) | 2025/10/08 | DDI RULE 5533 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5533 | ||
| DDI RULE 5538 | CVE-2025-59528 - Flowise CustomMCP Remote Code Execution Exploit- HTTP(Request) | 2025/10/08 | DDI RULE 5538 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5538 | ||
| DDI RULE 5536 | CVE-2025-61882 - Oracle Remote Code Execution Exploit - HTTP(Request) | 2025/10/07 | DDI RULE 5536 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5536 | ||
| DDI RULE 5488 | CVE-2025-20352 - Cisco IOS and IOS XE Overflow Exploit - SNMP(Request) | 2025/10/06 | DDI RULE 5488 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5488 | ||
| DDI RULE 5514 | EncryptHubRecon Trojan - HTTP (Request) | 2025/10/06 | DDI RULE 5514 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5514 | ||
| DDI RULE 5525 | Impacket RCE Attempt - HTTP (Request) | 2025/10/06 | DDI RULE 5525 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5525 | ||
| DDI RULE 5513 | RevLynx Backdoor - HTTP (Request) | 2025/10/02 | DDI RULE 5513 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5513 | ||
| DDI RULE 5517 | CVE-2025-26399 - Solarwinds RCE Exploit - HTTP(Request) | 2025/10/02 | DDI RULE 5517 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5517 | ||
| DDI RULE 5520 | CVE-2025-25256 - Fortinet FortiSIEM Command Injection - TCP(Request) | 2025/10/02 | DDI RULE 5520 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5520 | ||
| DDI RULE 5512 | CVE-2025-53772 - Web Deploy RCE Exploit - HTTP (Request) | 2025/10/01 | DDI RULE 5512 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5512 | ||
| DDI RULE 5518 | CVE-2025-32821 - Sonic Wall Directory Traversal Exploit - HTTP (Request) | 2025/10/01 | DDI RULE 5518 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5518 | ||
| DDI RULE 5505 | CVE-2025-7775 - NetScaler ADC and NetScaler Gateway Remote Code Execution - HTTP(Response) | 2025/09/23 | DDI RULE 5505 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5505 | ||
| DDI RULE 5509 | CVE-2025-53475 - Advantech iView NetworkServlet SQL Injection Exploit - HTTP(Response | 2025/09/23 | DDI RULE 5509 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5509 | ||
| DDI RULE 5510 | CVE-2025-40597 - SonicWall SMA100 Heap Buffer Overflow Exploit - HTTP(Request) | 2025/09/23 | DDI RULE 5510 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5510 | ||
| DDI RULE 5496 | CVE-2025-1302 JSONPath-Plus Remote Code Execution Exploit Attempt - HTTP (Request) | 2025/09/22 | DDI RULE 5496 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5496 | ||
| DDI RULE 5506 | MCP Server Prompt Lists - HTTP(Request) | 2025/09/17 | DDI RULE 5506 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5506 | ||
| DDI RULE 5507 | MCP Server Prompt Get - HTTP(Request) | 2025/09/17 | DDI RULE 5507 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5507 | ||
| DDI RULE 5508 | MCP Server Client Notification - HTTP(Request) | 2025/09/17 | DDI RULE 5508 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5508 | ||
| DDI RULE 5504 | CVE-2024-8069 - Citrix Session Recording Remote Code Execution Exploit - HTTP (Request) | 2025/09/16 | DDI RULE 5504 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5504 | ||
| DDI RULE 5482 | MCP Server Tools Discovery - HTTP (Request) | 2025/09/15 | DDI RULE 5482 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5482 | ||
| DDI RULE 5483 | MCP Server Tools Execution - HTTP (Request) | 2025/09/15 | DDI RULE 5483 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5483 | ||
| DDI RULE 5484 | MCP Server Resource Discovery - HTTP (Request) | 2025/09/15 | DDI RULE 5484 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5484 | ||
| DDI RULE 5485 | MCP Server Resource Retrieval - HTTP (Request) | 2025/09/15 | DDI RULE 5485 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5485 | ||
| DDI RULE 5502 | CVE-2025-54309 CrushFTP Authentication Bypass Exploit - HTTP (Response) | 2025/09/11 | DDI RULE 5502 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5502 | ||
| DDI RULE 5503 | CVE-2025-54918 - PRIVILEGE ESCALATION EXPLOIT - DCERPC (Response) | 2025/09/11 | DDI RULE 5503 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5503 | ||
| DDI RULE 5501 | CVE-2024-51092 - LibreNMS Command Injection - HTTP (Request) | 2025/09/10 | DDI RULE 5501 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5501 | ||
| DDI RULE 5499 | Possible CVE-2023-23752 Authentication Bypass Exploit - HTTP (Response) | 2025/09/09 | DDI RULE 5499 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5499 | ||
| DDI RULE 5497 | UDP Controller - UDP (Request) | 2025/09/08 | DDI RULE 5497 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5497 | ||
| DDI RULE 5495 | CVE-2025-54253 Adobe EM Remote Code Execution Exploit - HTTP (Request) | 2025/09/03 | DDI RULE 5495 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5495 | ||
| DDI RULE 5493 | CVE-2025-23320 - NVIDIA Triton SharedMemoryManager Information Disclosure Exploit - HTTP (Request) | 2025/09/01 | DDI RULE 5493 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5493 | ||
| DDI RULE 5494 | CVE-2025-23318 - NVIDIA Triton Inference Server IPC Remote Code Execution Exploit - HTTP (Response) | 2025/09/01 | DDI RULE 5494 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5494 | ||
| DDI RULE 5490 | MCP Sampling Request - HTTP (Request) | 2025/08/28 | DDI RULE 5490 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5490 | ||
| DDI RULE 5491 | MCP Elicitation Request - HTTP (Request) | 2025/08/28 | DDI RULE 5491 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5491 | ||
| DDI RULE 5492 | CVE-2013-3893 MS Internet Explorer RCE Exploit - HTTP (Response) | 2025/08/28 | DDI RULE 5492 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5492 | ||
| DDI RULE 5481 | MCP Initialize Communication - HTTP (Response) | 2025/08/27 | DDI RULE 5481 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5481 | ||
| DDI RULE 5480 | Malicious PKL Extension Sensor - HTTP (Response) | 2025/08/20 | DDI RULE 5480 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5480 | ||
| DDI RULE 5486 | CVE-2025-53778 - PRIVILEGE ESCALATION EXPLOIT - DCERPC (Response) | 2025/08/20 | DDI RULE 5486 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5486 | ||
| DDI RULE 5464 | CVE-2023-7028 Authentication Bypass Exploit - HTTP (Request) | 2025/08/14 | DDI RULE 5464 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5464 | ||
| DDI RULE 5468 | CVE-2025-4427 and CVE-2025-4428 Authentication Bypass Exploit - HTTP (Response) | 2025/08/14 | DDI RULE 5468 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5468 | ||
| DDI RULE 5474 | CVE-2025-7910 - D-Link DIR-513 1.10 curTime leads to Buffer Overflow Exploit - HTTP (Request) | 2025/08/14 | DDI RULE 5474 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5474 | ||
| DDI RULE 5476 | CVE-2024-7399 - MAGICINFO PATH TRAVERSAL - HTTP (Request) | 2025/08/14 | DDI RULE 5476 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5476 | ||
| DDI RULE 5477 | CISCO ISE RCE - HTTP (Request) | 2025/08/14 | DDI RULE 5477 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5477 | ||
| DDI RULE 5478 | CVE-2025-49718 - SQL SERVER INFO DISCLOSURE - TCP (Request) | 2025/08/14 | DDI RULE 5478 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5478 | ||
| DDI RULE 5479 | CVE-2024-1212 Progress Kemp LoadMaster Command Injection Exploit - HTTP (Request) | 2025/08/14 | DDI RULE 5479 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5479 | ||
| DDI RULE 5475 | CVE-2025-7862 - TOTOLINK Improper Authentication Exploit - HTTP (Request) | 2025/08/13 | DDI RULE 5475 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5475 | ||
| DDI RULE 5472 | CVE-2022-46169 - Cacti Command Injection Exploit - HTTP (Request) | 2025/08/12 | DDI RULE 5472 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5472 | ||
| DDI RULE 5465 | RAVEN STEALER DATAEXFIL - HTTP (Request) | 2025/08/11 | DDI RULE 5465 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5465 | ||
| DDI RULE 5469 | CVE-2025-54440 - SAMSUNG MAGICINFO RCE EXPLOIT - HTTP (Request) | 2025/08/11 | DDI RULE 5469 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5469 | ||
| DDI RULE 5470 | CVE-2025-34112 - RIVERBED SQLINJECTION - HTTP (Request) | 2025/08/11 | DDI RULE 5470 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5470 | ||
| DDI RULE 5471 | CVE-2025-4779 - LUNARYAI XSS - HTTP (Request) | 2025/08/11 | DDI RULE 5471 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5471 | ||
| DDI RULE 5463 | Trend Micro ApexOne Command Injection Exploit Attempt - HTTP (Request) | 2025/08/06 | DDI RULE 5463 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5463 | ||
| DDI RULE 5466 | CVE-2023-2533 - PAPERCUT CSRF EXPLOIT - HTTP (Request) | 2025/08/06 | DDI RULE 5466 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5466 | ||
| DDI RULE 5467 | CVE-2025-6811 - MESCIUS ACTIVEREPORTSNET RCE - HTTP (Response) | 2025/08/06 | DDI RULE 5467 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5467 | ||
| DDI RULE 5445 | CVE-2025-25257 - FortiWeb SQL Injection Exploit - HTTP (Response) | 2025/08/04 | DDI RULE 5445 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5445 | ||
| DDI RULE 5451 | CVE-2019-9621 - Zimbra SSRF Exploit - HTTP (Response) | 2025/08/04 | DDI RULE 5451 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5451 | ||
| DDI RULE 5455 | CVE-2024-54085 - AMI AUTHBYPASS EXPLOIT - HTTP (Request) | 2025/07/30 | DDI RULE 5455 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5455 | ||
| DDI RULE 5456 | CVE-2025-6802 - MARVELL QCONVERGECONSOLE RCE EXPLOIT ATTEMPT - HTTP (Request) | 2025/07/30 | DDI RULE 5456 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5456 | ||
| DDI RULE 5457 | CVE-2025-6794 - MARVELL QCONVERGECONSOLE RCE EXPLOIT ATTEMPT - HTTP (Request) | 2025/07/30 | DDI RULE 5457 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5457 | ||
| DDI RULE 5460 | CVE-2023-34048 - VMware vCenter Server Authentication Pointer Use of Out-of-range Pointer Offset Exploit - TCP (Request) | 2025/07/30 | DDI RULE 5460 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5460 | ||
| DDI RULE 5462 | CVE-2025-47981 - NEGOEX RCE Exploit- SMB2 (Request) | 2025/07/30 | DDI RULE 5462 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5462 | ||
| DDI RULE 5423 | SockDetours Magic Number - TCP(Request) | 2025/07/29 | DDI RULE 5423 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5423 | ||
| DDI RULE 5439 | CVE-2025-47812 - Wing FTP Server Command Injection Exploit - HTTP (Response) | 2025/07/29 | DDI RULE 5439 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5439 | ||
| DDI RULE 5444 | CVE-2025-20281 - CISCO ISE ERS RCE - HTTP (Request) | 2025/07/28 | DDI RULE 5444 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5444 | ||
| DDI RULE 5452 | CVE-2025-20281 - Cisco Identity Services Engine RCE Exploit - HTTP(Request) | 2025/07/25 | DDI RULE 5452 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5452 | ||
| DDI RULE 5453 | CVE-2025-20337 - Cisco Identity Services Engine Deserialization RCE Exploit - HTTP(Request) | 2025/07/25 | DDI RULE 5453 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5453 | ||
| DDI RULE 5454 | CVE-2025-20282 - Cisco Identity Services Engine File Upload Exploit - HTTP(Request) | 2025/07/25 | DDI RULE 5454 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5454 | ||
| DDI RULE 5447 | NETBIOS DEVICES DISCOVERY - UDP(RESPONSE) | 2025/07/23 | DDI RULE 5447 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5447 | ||
| DDI RULE 5440 | CVE-2024-28988 - SOLARWINDS RCE - HTTP (Request) | 2025/07/22 | DDI RULE 5440 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5440 | ||
| DDI RULE 5442 | CVE-2025-6543 - CITRIX NETSCALERADC MEMLEAK - HTTP (Request) | 2025/07/22 | DDI RULE 5442 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5442 | ||
| DDI RULE 5446 | CVE-2025-53770 - Sharepoint Deserialization Exploit - HTTP (Request) | 2025/07/22 | DDI RULE 5446 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5446 | ||
| DDI RULE 5449 | CVE-2021-28474 - Sharepoint Server RCE Exploit - HTTP(Request) | 2025/07/22 | DDI RULE 5449 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5449 | ||
| DDI RULE 5438 | ONELOGIN ADMINAPI - HTTP (Request) | 2025/07/17 | DDI RULE 5438 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5438 | ||
| DDI RULE 5441 | CVE-2024-3721 - TBK DVR RCE - HTTP (Request) | 2025/07/17 | DDI RULE 5441 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5441 | ||
| DDI RULE 5443 | CVE-2025-5777 - CITRIX BLEED MEMORY OVERFLOW - HTTP (Request) | 2025/07/17 | DDI RULE 5443 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5443 | ||
| DDI RULE 5422 | WEBSOCKET UPGRADE - HTTP(Response) | 2025/07/16 | DDI RULE 5422 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5422 | ||
| DDI RULE 5437 | Possible DNS Tunneling - DNS (Response) - Variant 3 | 2025/07/16 | DDI RULE 5437 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5437 | ||
| DDI RULE 5436 | CVE-2016-10033 - PHPMailer RCE Exploit - HTTP (Request) | 2025/07/14 | DDI RULE 5436 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5436 | ||
| DDI RULE 5432 | CVE-2023-39780 - ASUS Command Injection Exploit - HTTP (Request) | 2025/07/09 | DDI RULE 5432 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5432 | ||
| DDI RULE 5435 | CVE-2025-33073 - Windows SMB Client Elevation of Privilege Vulnerability Exploit - DNS (Response) | 2025/07/09 | DDI RULE 5435 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5435 | ||
| DDI RULE 5434 | APT - BPFDOOR - HTTP(Request) | 2025/07/08 | DDI RULE 5434 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5434 | ||
| DDI RULE 5425 | CVE-2021-32030 - ASUS Router and Lyra Mini Authentication Bypass Exploit - HTTP (Response) | 2025/07/07 | DDI RULE 5425 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5425 | ||
| DDI RULE 5430 | Possible WebShell Attempt via PHP Obfuscation - HTTP (Request) - Variant 2 | 2025/07/07 | DDI RULE 5430 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5430 | ||
| DDI RULE 5431 | CVE-2025-30397 - JSCRIPT RCE - HTTP (Response) | 2025/07/03 | DDI RULE 5431 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5431 | ||
| DDI RULE 5433 | APT - BPFDOOR - TCP - Variant 2 | 2025/07/03 | DDI RULE 5433 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5433 | ||
| DDI RULE 5428 | CVE-2025-24016 - Wazuh Insecure Deserialization Exploit - HTTP (Request) | 2025/06/30 | DDI RULE 5428 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5428 | ||
| DDI RULE 5429 | CVE-2023-33538 - TPLink Command Injection Exploit - HTTP (Request) | 2025/06/30 | DDI RULE 5429 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5429 | ||
| DDI RULE 5384 | CVE-2025-32433 - Erlang OTP Server RCE Exploit - SSH (Request) | 2025/06/26 | DDI RULE 5384 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5384 | ||
| DDI RULE 5421 | APT - BPFDOOR - UDP | 2025/06/26 | DDI RULE 5421 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5421 | ||
| DDI RULE 5408 | CVE-2024-56145 - Craft CMS RCE Exploit - HTTP (Response) | 2025/06/25 | DDI RULE 5408 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5408 | ||
| DDI RULE 5417 | CVE-2025-33053 - WEBDAV RCE - HTTP (Response) | 2025/06/24 | DDI RULE 5417 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5417 | ||
| DDI RULE 5381 | CVE-2025-30406 - GLADINET CENTRESTACK RCE - HTTP (Request) | 2025/06/23 | DDI RULE 5381 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5381 | ||
| DDI RULE 5420 | APT - BPFDOOR - TCP | 2025/06/19 | DDI RULE 5420 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5420 | ||
| DDI RULE 5414 | CVE-2025-49220 - APEX CENTRAL RCE - HTTP (Response) | 2025/06/18 | DDI RULE 5414 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5414 | ||
| DDI RULE 5409 | CVE-2025-2146 - CANON BUFFER OVERFLOW - HTTP (Request) | 2025/06/17 | DDI RULE 5409 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5409 | ||
| DDI RULE 5415 | CVE-2025-49213 - ENDPOINT ENCRYPTION RCE - TCP (Request) | 2025/06/17 | DDI RULE 5415 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5415 | ||
| DDI RULE 5416 | CVE-2025-49212 - ENDPOINT ENCRYPTION RCE - TCP (Request) | 2025/06/17 | DDI RULE 5416 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5416 | ||
| DDI RULE 5368 | CVE-2022-43939 - PENTAHO AUTHBYPASS RCE EXPLOIT - HTTP(Response) | 2025/06/11 | DDI RULE 5368 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5368 | ||
| DDI RULE 5389 | FORTISANDBOX RCE EXPLOIT - HTTP(Response) | 2025/06/11 | DDI RULE 5389 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5389 | ||
| DDI RULE 5393 | CVE-2020-15999 - FREETYPE RCE EXPLOIT - HTTP(Response) | 2025/06/11 | DDI RULE 5393 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5393 | ||
| DDI RULE 5410 | CVE-2025-24813 - APACHE TOMCAT RCE - HTTP (Request) | 2025/06/10 | DDI RULE 5410 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5410 | ||
| DDI RULE 5411 | CVE-2025-3248 - LANGFLOW RCE - HTTP (Request) | 2025/06/10 | DDI RULE 5411 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5411 | ||
| DDI RULE 5412 | CVE-2025-32756 - FORTINET RCE - HTTP (Request) | 2025/06/10 | DDI RULE 5412 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5412 | ||
| DDI RULE 5413 | CVE-2025-46337 - ADODB SQL INJECTION - HTTP (Response) | 2025/06/10 | DDI RULE 5413 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5413 | ||
| DDI RULE 4590 | VIDAR - HTTP(REQUEST) - Variant 2 | 2025/06/05 | DDI RULE 4590 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4590 | ||
| DDI RULE 5380 | CVE-2024-11131 - SYNOLOGY BUFFER OVERFLOW - HTTP(RESPONSE) | 2025/06/05 | DDI RULE 5380 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5380 | ||
| DDI RULE 5402 | Multiple Occurrences of Negotiate Request Activity Sensor - RDP (Request) | 2025/06/05 | DDI RULE 5402 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5402 | ||
| DDI RULE 5405 | ALLEGRA MULTIPLE DIRECTORY TRAVERSAL EXPLOIT ATTEMPT - HTTP (REQUEST) | 2025/06/05 | DDI RULE 5405 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5405 | ||
| DDI RULE 5404 | CVE-2025-29635 - DLINK COMMAND INJECTION EXPLOIT ATTEMPT- HTTP (REQUEST) | 2025/06/04 | DDI RULE 5404 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5404 | ||
| DDI RULE 5403 | CVE-2025-24054 - MSNTLM EXPLOIT - HTTP(Response) | 2025/05/29 | DDI RULE 5403 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5403 | ||
| DDI RULE 5406 | ECHARGE COMMAND INJECTION EXPLOIT - HTTP (Response) | 2025/05/29 | DDI RULE 5406 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5406 | ||
| DDI RULE 5329 | CVE-2024-8856 - WordPress Time Capsule Plugin Exploit - HTTP (Response) | 2025/05/28 | DDI RULE 5329 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5329 | ||
| DDI RULE 5395 | IVANTI EPMANAGER EXPLOIT - HTTP(Response) | 2025/05/27 | DDI RULE 5395 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5395 | ||
| DDI RULE 5400 | Presence of Angry IP Scanner - DNS (Response) | 2025/05/27 | DDI RULE 5400 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5400 | ||
| DDI RULE 5390 | Possible AS-REP Roasting Attack - Kerberos (Request) | 2025/05/26 | DDI RULE 5390 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5390 | ||
| DDI RULE 5399 | CVE-2019-2729 or CVE-2019-2725 - Oracle Weblogic - HTTP (Request) | 2025/05/22 | DDI RULE 5399 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5399 | ||
| DDI RULE 5360 | APT - BPFDOOR - ICMP (Request) | 2025/05/21 | DDI RULE 5360 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5360 | ||
| DDI RULE 5372 | SQLMAP Sensor - HTTP (Response) | 2025/05/21 | DDI RULE 5372 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5372 | ||
| DDI RULE 5396 | Suspicious Shell Command in Header - HTTP (Request) | 2025/05/19 | DDI RULE 5396 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5396 | ||
| DDI RULE 5370 | CVE-2024-41710 - MITEL6800 RCE EXPLOIT - HTTP(Request) | 2025/05/14 | DDI RULE 5370 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5370 | ||
| DDI RULE 5394 | CVE-2024-57050 - TPLINK EXPLOIT - HTTP(Response) | 2025/05/13 | DDI RULE 5394 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5394 | ||
| DDI RULE 5371 | CVE-2025-31161 - CRUSHFTP AUTH BYPASS - HTTP (Response) | 2025/05/08 | DDI RULE 5371 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5371 | ||
| DDI RULE 5365 | CVE-2024-11040 - VLLM DOS EXPLOIT - HTTP (Response) | 2025/05/07 | DDI RULE 5365 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5365 | ||
| DDI RULE 5391 | CVE-2025-22461 - IVANTI SQLI - HTTP (Response) | 2025/05/07 | DDI RULE 5391 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5391 | ||
| DDI RULE 5392 | CVE-2024-23468 - SOLARWINDS PATH TRAVERSAL - TCP (Request) | 2025/05/07 | DDI RULE 5392 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5392 | ||
| DDI RULE 5388 | Invoke Request Activity via DCOM - DCERPC (Request) | 2025/05/06 | DDI RULE 5388 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5388 | ||
| DDI RULE 5387 | CVE-2023-44221 - SONICWALL EXPLOIT COMMAND INJECTION EXPLOIT - HTTP(RESPONSE) | 2025/05/03 | DDI RULE 5387 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5387 | ||
| DDI RULE 5385 | CVE-2021-47667 - ZENDTO RCE - HTTP (Request) | 2025/04/30 | DDI RULE 5385 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5385 | ||
| DDI RULE 5382 | CVE-2025-31324 - SAP NETWEAVER UPLOAD EXPLOIT REQUEST - HTTP(REQUEST) | 2025/04/26 | DDI RULE 5382 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5382 | ||
| DDI RULE 5377 | ROUTER CLEARTEXT PASSWORD DISCLOSURE EXPLOIT - HTTP (Request) | 2025/04/22 | DDI RULE 5377 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5377 | ||
| DDI RULE 5376 | CVE-2024-11042 - APACHE AI FILE DELETION - HTTP (Request) | 2025/04/21 | DDI RULE 5376 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5376 | ||
| DDI RULE 5373 | CVE-2025-22457 - XFORWARDEDFOR BUFFER OVERFLOW - HTTP (Request) | 2025/04/16 | DDI RULE 5373 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5373 | ||
| DDI RULE 5375 | CVE-2024-10188 - LITELLM DOS - HTTP (Request) | 2025/04/16 | DDI RULE 5375 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5375 | ||
| DDI RULE 5362 | CVE-2025-24893 - XWIKI SOLRSEARCHMACROS RCE - HTTP (Request) | 2025/04/15 | DDI RULE 5362 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5362 | ||
| DDI RULE 5364 | CVE-2024-8859 - MLFLOW DIRECTORY TRAVERSAL - HTTP (Request) | 2025/04/15 | DDI RULE 5364 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5364 | ||
| DDI RULE 5367 | CVE-2025-30355 - DOS Exploit - HTTP(Response) | 2025/04/15 | DDI RULE 5367 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5367 | ||
| DDI RULE 5369 | IVANTI TRAVERSAL EXPLOIT - HTTP(Response) | 2025/04/15 | DDI RULE 5369 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5369 | ||
| DDI RULE 5352 | POSSIBLE CVE-2025-21277 - MSMQ BUFFER EXPLOIT - HTTP(Request) | 2025/04/03 | DDI RULE 5352 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5352 | ||
| DDI RULE 5353 | CVE-2024-45195 - APACHE OFBIZ RCE EXPLOIT - HTTP(Request) | 2025/04/03 | DDI RULE 5353 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5353 | ||
| DDI RULE 5355 | WMI QUERY RCE - DCERPC (Request) | 2025/04/03 | DDI RULE 5355 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5355 | ||
| DDI RULE 5363 | CVE-2024-50330 - IVANTI SQL INJECTION - HTTP (Response) | 2025/04/02 | DDI RULE 5363 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5363 | ||
| DDI RULE 5326 | IVANTI SQL INJECTION RCE EXPLOIT - HTTP (Request) | 2025/03/26 | DDI RULE 5326 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5326 | ||
| DDI RULE 5359 | CVE-2018-8639 - Win32k Privilege Escalation Exploit - HTTP (Response) | 2025/03/26 | DDI RULE 5359 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5359 | ||
| DDI RULE 5351 | Microsoft Windows Zero Day Vulnerability (ZDI-25-148) - HTTP(Response) | 2025/03/25 | DDI RULE 5351 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5351 | ||
| DDI RULE 5357 | CVE-2018-9276 - PRTG Command Injection - HTTP (Request) | 2025/03/25 | DDI RULE 5357 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5357 | ||
| DDI RULE 5324 | CVE-2024-43468 - CM SQL INJECTION RCE - HTTP (Response) | 2025/03/24 | DDI RULE 5324 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5324 | ||
| DDI RULE 5335 | CVE-2025-21377 - NTLM RELAY EXPLOIT - HTTP (Response) | 2025/03/24 | DDI RULE 5335 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5335 | ||
| DDI RULE 5356 | CVE-2025-29927 - NEXTJS MIDDLEWARE EXPLOIT - HTTP(Response) | 2025/03/24 | DDI RULE 5356 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5356 | ||
| DDI RULE 5333 | WMI RCE - DCERPC (Request) | 2025/03/19 | DDI RULE 5333 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5333 | ||
| DDI RULE 5341 | Suspicious Shell Command Sensor - TCP | 2025/03/18 | DDI RULE 5341 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5341 | ||
| DDI RULE 5336 | CVE-2025-21308 - WINDOWS THEMES SPOOFING EXPLOIT - HTTP (Response) | 2025/03/13 | DDI RULE 5336 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5336 | ||
| DDI RULE 5338 | CVE-2025-0108 - PALO ALTO AUTH BYPASS EXPLOIT - HTTP (Response) | 2025/03/13 | DDI RULE 5338 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5338 | ||
| DDI RULE 5342 | ITaskSchedulerService Remote Schedule Tasks (Create) - SMB (Request) | 2025/03/13 | DDI RULE 5342 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5342 | ||
| DDI RULE 5343 | ITaskSchedulerService Remote Schedule Tasks (Run) - SMB (Request) | 2025/03/13 | DDI RULE 5343 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5343 | ||
| DDI RULE 5344 | ITaskSchedulerService Remote Schedule Tasks (Delete) - SMB (Request) | 2025/03/13 | DDI RULE 5344 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5344 | ||
| DDI RULE 5345 | ITaskSchedulerService Remote Schedule Tasks (Create) - SMB2 (Request) | 2025/03/13 | DDI RULE 5345 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5345 | ||
| DDI RULE 5346 | ITaskSchedulerService Remote Schedule Tasks (Run) - SMB2 (Request) | 2025/03/13 | DDI RULE 5346 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5346 | ||
| DDI RULE 5347 | ITaskSchedulerService Remote Schedule Tasks (Delete) - SMB2 (Request) | 2025/03/13 | DDI RULE 5347 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5347 | ||
| DDI RULE 5348 | SVCCTL Create Service - SMB2 (Request) | 2025/03/13 | DDI RULE 5348 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5348 | ||
| DDI RULE 5349 | SVCCTL Start Service - SMB2 (Request) | 2025/03/13 | DDI RULE 5349 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5349 | ||
| DDI RULE 5327 | CVE-2024-43365 - CACTI XSS EXPLOIT - HTTP (Response) | 2025/03/12 | DDI RULE 5327 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5327 | ||
| DDI RULE 5331 | CVE-2024-46909 - WhatsUp Gold WriteDataFile Directory Traversal Exploit - TCP (Request) | 2025/03/11 | DDI RULE 5331 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5331 | ||
| DDI RULE 5337 | CVE-2024-55591 - FORTINET SECURITY BYPASS EXPLOIT - HTTP (Response) | 2025/03/10 | DDI RULE 5337 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5337 | ||
| DDI RULE 5321 | CVE-2025-0105 - Palo Alto Networks Expedition Input Validation Exploit - HTTP (Response) | 2025/03/05 | DDI RULE 5321 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5321 | ||
| DDI RULE 5334 | CVE-2024-13158 - IVANTI DIRECTORY TRAVERSAL EXPLOIT- HTTP (Request) | 2025/03/05 | DDI RULE 5334 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5334 | ||
| DDI RULE 5340 | LBLINK COMMAND INJECTION EXPLOIT - HTTP (Request) | 2025/03/05 | DDI RULE 5340 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5340 | ||
| DDI RULE 5332 | CVE-2024-43639 - Microsoft Windows KDC Integer Overflow Exploit - TCP (Response) | 2025/03/04 | DDI RULE 5332 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5332 | ||
| DDI RULE 5322 | Active Directory Certificate Services Template Discovery - LDAP (Request) - Variant 2 | 2025/03/03 | DDI RULE 5322 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5322 | ||
| DDI RULE 5330 | NMAP NetBios Session Service Scan - TCP (Request) | 2025/03/03 | DDI RULE 5330 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5330 | ||
| DDI RULE 5313 | CVE-2010-2568 - Windows Shell RCE - HTTP (Response) | 2025/02/20 | DDI RULE 5313 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5313 | ||
| DDI RULE 5323 | CVE-2024-49112 - INTEGER OVERFLOW EXPLOIT - LDAP (Response) | 2025/02/20 | DDI RULE 5323 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5323 | ||
| DDI RULE 5317 | CVE-2024-56337 - APACHE TOMCAT RCE - HTTP (Response) | 2025/02/19 | DDI RULE 5317 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5317 | ||
| DDI RULE 5305 | CVE-2024-42327 - Zabbix SQL Injection - HTTP (Response) | 2025/02/18 | DDI RULE 5305 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5305 | ||
| DDI RULE 5318 | CVE-2025-0282 - IVANTI RCE EXPLOIT - HTTP(Request) | 2025/02/17 | DDI RULE 5318 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5318 | ||
| DDI RULE 5320 | CVE-2025-0107 - Palo Alto Networks Expedition Insecure Deserialization Exploit - HTTP (Response) | 2025/02/17 | DDI RULE 5320 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5320 | ||
| DDI RULE 5316 | CVE-2024-37404 - IVANTI RCE EXPLOIT - HTTP (Response) | 2025/02/12 | DDI RULE 5316 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5316 | ||
| DDI RULE 5314 | ADCS Suspicious use of Certificate - Kerberos (Request) | 2025/02/11 | DDI RULE 5314 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5314 | ||
| DDI RULE 5310 | CVE-2024-52047 - DIRECTORY TRAVERSAL EXPLOIT - HTTP (Request) | 2025/02/06 | DDI RULE 5310 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5310 | ||
| DDI RULE 5312 | CVE-2024-40711 - Veeam Backup & Replication Remote Command Execution Exploit - HTTP (Response) | 2025/02/06 | DDI RULE 5312 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5312 | ||
| DDI RULE 5303 | CVE-2024-51378 - CYBERPANEL RCE EXPLOIT - HTTP (Request) | 2025/02/05 | DDI RULE 5303 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5303 | ||
| DDI RULE 5311 | CVE-2022-22947 - SPRINGCLOUD RCE EXPLOIT - HTTP (Request) | 2025/02/05 | DDI RULE 5311 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5311 | ||
| DDI RULE 5292 | CVE-2024-47575 - FORTIMANAGER RCE EXPLOIT - HTTP (Response) | 2025/02/04 | DDI RULE 5292 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5292 | ||
| DDI RULE 5304 | CVE-2024-12828 - WEBMIN RCE EXPLOIT - HTTP (Response) | 2025/01/30 | DDI RULE 5304 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5304 | ||
| DDI RULE 5306 | CVE-2024-53691 - QNAP RCE - HTTP (Request) | 2025/01/30 | DDI RULE 5306 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5306 | ||
| DDI RULE 5307 | CVE-2024-50388 - QNAP BACKUP EXPLOIT - HTTP(Request) | 2025/01/30 | DDI RULE 5307 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5307 | ||
| DDI RULE 5302 | CVE-2024-8963 - IVANTI AUTH BYPASS EXPLOIT - HTTP (Response) | 2025/01/24 | DDI RULE 5302 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5302 | ||
| DDI RULE 5300 | CVE-2024-29847 - IVANTI RCE EXPLOIT - TCP (Request) | 2025/01/22 | DDI RULE 5300 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5300 | ||
| DDI RULE 5301 | CVE-2024-50603 - AVIATRIX COMMAND INJECTION - HTTP (Request) | 2025/01/21 | DDI RULE 5301 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5301 | ||
| DDI RULE 5246 | Entropy Encoded Cookie Sensor - HTTP (Request) | 2025/01/20 | DDI RULE 5246 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5246 | ||
| DDI RULE 5247 | Base64 Encoded Cookie Sensor - HTTP (Request) | 2025/01/20 | DDI RULE 5247 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5247 | ||
| DDI RULE 5299 | HTTP Websocket Connection to External Server (Request) | 2025/01/16 | DDI RULE 5299 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5299 | ||
| DDI RULE 1268 | Reverse HTTPS Meterpreter detected - Variant 2 | 2025/01/15 | DDI RULE 1268 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1268 | ||
| DDI RULE 5298 | CVE-2024-5011 - WHATSUP GOLD EXPLOIT - HTTP (Request) | 2025/01/15 | DDI RULE 5298 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5298 | ||
| DDI RULE 2744 | OMRON FINS UDP Read Controller Attempt NSE - UDP (Request) | 2025/01/13 | DDI RULE 2744 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2744 | ||
| DDI RULE 5294 | CVE-2024-38856 - OFBIZ AUTHBYPASS EXPLOIT - HTTP (Response) | 2025/01/08 | DDI RULE 5294 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5294 | ||
| DDI RULE 5289 | CVE-2024-49122 - MSMQ RCE EXPLOIT - TCP (Response) | 2025/01/07 | DDI RULE 5289 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5289 | ||
| DDI RULE 5290 | CVE-2024-9464 - PaloAlto Command Injection Exploit - HTTP (Request) | 2025/01/06 | DDI RULE 5290 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5290 | ||
| DDI RULE 5297 | CVE-2024-49113 - WINDOWS LDAP DOS EXPLOIT - CLDAP(RESPONSE) | 2025/01/06 | DDI RULE 5297 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5297 | ||
| DDI RULE 5295 | CVE-2024-50623 - CLEO DIRECTORY TRAVERSAL - HTTP (Request) | 2025/01/02 | DDI RULE 5295 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5295 | ||
| DDI RULE 5288 | CVE-2024-46938 - Sitecore Directory Traversal Exploit - HTTP (Response) | 2024/12/19 | DDI RULE 5288 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5288 | ||
| DDI RULE 5291 | CVE-2024-25153 - Fortra FileCatalyst Workflow Directory Traversal Exploit - HTTP (Response) | 2024/12/19 | DDI RULE 5291 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5291 | ||
| DDI RULE 5293 | CVE-2024-11320 - Pandora Remote Command Execution Exploit - HTTP (Response) | 2024/12/19 | DDI RULE 5293 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5293 | ||
| DDI RULE 4594 | COBALTSTRIKE - HTTP(REQUEST) - Variant 3 | 2024/12/11 | DDI RULE 4594 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4594 | ||
| DDI RULE 4861 | COBEACON - DNS (Response) - Variant 3 | 2024/12/11 | DDI RULE 4861 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4861 | ||
| DDI RULE 5253 | CVE-2024-29830 - IVANTI SQL INJECTION EXPLOIT - HTTP(REQUEST) | 2024/12/11 | DDI RULE 5253 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5253 | ||
| DDI RULE 5281 | AD File and Directory Discovery - SMB2 (Request) | 2024/12/11 | DDI RULE 5281 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5281 | ||
| DDI RULE 5284 | CVE-2024-34051 - DOLIBARR AC EXECUTION EXPLOIT - HTTP(REQUEST) | 2024/12/11 | DDI RULE 5284 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5284 | ||
| DDI RULE 5287 | Active Directory Certificate Services Template Discovery- LDAP (Request) | 2024/12/11 | DDI RULE 5287 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5287 | ||
| DDI RULE 5283 | CVE-2024-9264 - Grafana SQL Injection Exploit - HTTP (Response) | 2024/12/10 | DDI RULE 5283 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5283 | ||
| DDI RULE 5286 | Possible Discovery Using NETSHAREENUM API - SMB2 (Request) | 2024/12/10 | DDI RULE 5286 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5286 | ||
| DDI RULE 4396 | CVE-2020-1967 - Signature Algorithms Cert Denial of Service - HTTPS (Request) | 2024/12/09 | DDI RULE 4396 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4396 | ||
| DDI RULE 5282 | CVE-2024-43451 - WINDOWS NTLM RELAY EXPLOIT - HTTP (Response) | 2024/12/09 | DDI RULE 5282 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5282 | ||
| DDI RULE 5285 | CVE-2024-1884 - PAPERCUT SSRF EXPLOIT - HTTP(REQUEST) | 2024/12/09 | DDI RULE 5285 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5285 | ||
| DDI RULE 5279 | CVE-2024-47525 - LIBRENMS XSS EXPLOIT - HTTP(REQUEST) | 2024/12/04 | DDI RULE 5279 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5279 | ||
| DDI RULE 5280 | CVE-2024-42008 - Roundcube Information Disclosure Exploit - HTTP (Response) | 2024/12/03 | DDI RULE 5280 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5280 | ||
| DDI RULE 5232 | CVE-2024-45519 - ZIMBRA RCE EXPLOIT - SMTP (REQUEST) | 2024/12/02 | DDI RULE 5232 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5232 | ||
| DDI RULE 5276 | CVE-2024-5010 - WHATSUP GOLD EXPLOIT - HTTP(REQUEST) | 2024/12/02 | DDI RULE 5276 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5276 | ||
| DDI RULE 5278 | CVE-2024-0012 - PALO ALTO AUTH BYPASS - HTTP (Request) | 2024/11/28 | DDI RULE 5278 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5278 | ||
| DDI RULE 5267 | COVENANT Custom Profile - HTTP (Response) - Variant 2 | 2024/11/27 | DDI RULE 5267 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5267 | ||
| DDI RULE 5274 | Covenant Default Named Pipe - SMB2 (Request) | 2024/11/26 | DDI RULE 5274 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5274 | ||
| DDI RULE 5269 | SALITY C2 - TCP (REQUEST) | 2024/11/21 | DDI RULE 5269 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5269 | ||
| DDI RULE 5271 | CVE-2024-43572 - Microsoft Windows Management Console RCE Exploit - HTTP (Response) | 2024/11/21 | DDI RULE 5271 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5271 | ||
| DDI RULE 5245 | CVE-2024-6457 - WORDPRESS EXPLOIT - HTTP (Request) | 2024/11/19 | DDI RULE 5245 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5245 | ||
| DDI RULE 5264 | CVE-2024-51567 - CYBERPANEL RCE EXPLOIT - HTTP (Request) | 2024/11/19 | DDI RULE 5264 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5264 | ||
| DDI RULE 5268 | CVE-2024-7591 - Progress Kemp LoadMaster Command Injection Exploit - HTTP (Request) | 2024/11/19 | DDI RULE 5268 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5268 | ||
| DDI RULE 5256 | COVENANT Default - HTTP (Response) | 2024/11/14 | DDI RULE 5256 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5256 | ||
| DDI RULE 5258 | CVE-2024-9465 - PALOALTO EXPEDITION EXPLOIT - HTTP (Response) | 2024/11/14 | DDI RULE 5258 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5258 | ||
| DDI RULE 5265 | CVE-2024-40711 - VEEAM BACKUP RCE EXPLOIT - TCP (Request) | 2024/11/14 | DDI RULE 5265 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5265 | ||
| DDI RULE 5263 | CVE-2024-41874 - ADOBE COLDFUSION RCE EXPLOIT - HTTP (Response) | 2024/11/13 | DDI RULE 5263 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5263 | ||
| DDI RULE 5262 | CoreWarrior Exfiltration - HTTP (Request) | 2024/11/12 | DDI RULE 5262 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5262 | ||
| DDI RULE 5259 | FAKEWIN - HTTP (Request) | 2024/11/11 | DDI RULE 5259 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5259 | ||
| DDI RULE 5260 | RCSHELL BACKDOOR - HTTP (Request) | 2024/11/11 | DDI RULE 5260 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5260 | ||
| DDI RULE 5261 | HORUS PROTECTOR C2 - TCP (Response) | 2024/11/11 | DDI RULE 5261 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5261 | ||
| DDI RULE 5257 | CVE-2024-28988 - SOLARWINDS RCE EXPLOIT - HTTP (Response) | 2024/11/07 | DDI RULE 5257 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5257 | ||
| DDI RULE 4219 | GHOSTMINER - HTTP (Request) | 2024/11/06 | DDI RULE 4219 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4219 | ||
| DDI RULE 4484 | GOLDENSPY - HTTP (REQUEST) | 2024/11/06 | DDI RULE 4484 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4484 | ||
| DDI RULE 4572 | GLUPTEBA - HTTP (REQUEST) | 2024/11/06 | DDI RULE 4572 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4572 | ||
| DDI RULE 5081 | CVE-2024-36401 - GEOSERVER EXPLOIT - HTTP (REQUEST) | 2024/11/06 | DDI RULE 5081 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5081 | ||
| DDI RULE 5139 | PYC Download - HTTP (Response) | 2024/11/05 | DDI RULE 5139 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5139 | ||
| DDI RULE 5140 | Python Download - HTTP (Response) | 2024/11/05 | DDI RULE 5140 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5140 | ||
| DDI RULE 1770 | GHOLE - HTTP (Request) | 2024/11/04 | DDI RULE 1770 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1770 | ||
| DDI RULE 5254 | Possible Domain Controller List Discovery - DCERPC (Request) | 2024/11/04 | DDI RULE 5254 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5254 | ||
| DDI RULE 5243 | WebDAV Successful File Download - HTTP (Response) | 2024/10/29 | DDI RULE 5243 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5243 | ||
| DDI RULE 5244 | WebDAV Unsuccessful File Download - HTTP (Response) | 2024/10/29 | DDI RULE 5244 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5244 | ||
| DDI RULE 5249 | KeyLogEXE Exfiltration - HTTP (Request) | 2024/10/28 | DDI RULE 5249 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5249 | ||
| DDI RULE 5248 | URIVAR EXFILTRATION - HTTP(REQUEST) | 2024/10/24 | DDI RULE 5248 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5248 | ||
| DDI RULE 5250 | C2 SHELLCODE Transfer - HTTP (Response) | 2024/10/24 | DDI RULE 5250 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5250 | ||
| DDI RULE 5251 | REMCOS DOWNLOADER - HTTP (Request) | 2024/10/24 | DDI RULE 5251 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5251 | ||
| DDI RULE 5252 | CONOLEATHLOADER - HTTP (Request) | 2024/10/24 | DDI RULE 5252 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5252 | ||
| DDI RULE 1886 | Data Exfiltration - DNS (Response) | 2024/10/22 | DDI RULE 1886 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1886 | ||
| DDI RULE 5238 | CVE-2024-32766 - PRIVWIZARD INJECTION EXPLOIT - HTTP (Request) | 2024/10/22 | DDI RULE 5238 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5238 | ||
| DDI RULE 5240 | CVE-2024-5932 - WordPress RCE Exploit - HTTP (Request) | 2024/10/17 | DDI RULE 5240 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5240 | ||
| DDI RULE 5231 | CVE-2024-32842 - Ivanti Endpoint Manager SQL Injection Exploit - HTTP (Response) | 2024/10/16 | DDI RULE 5231 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5231 | ||
| DDI RULE 5242 | CVE-2024-5932 - GIVEWP RCE EXPLOIT - HTTP (Request) | 2024/10/16 | DDI RULE 5242 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5242 | ||
| DDI RULE 5230 | CVE-2024-32845 - Ivanti Endpoint Manager SQL Injection Exploit - HTTP (Response) | 2024/10/15 | DDI RULE 5230 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5230 | ||
| DDI RULE 5241 | CVE-2024-37397 - Ivanti EPM Improper Restriction of XML External Entity Exploit - HTTP (Response) | 2024/10/15 | DDI RULE 5241 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5241 | ||
| DDI RULE 5239 | SYSTEMBC Shellcode Download - HTTP (Response) | 2024/10/14 | DDI RULE 5239 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5239 | ||
| DDI RULE 5229 | Advanced Port Scanner - HTTP (Request) | 2024/10/10 | DDI RULE 5229 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5229 | ||
| DDI RULE 5233 | CVE-2024-32846 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/10/10 | DDI RULE 5233 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5233 | ||
| DDI RULE 5234 | CVE-2024-32843 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/10/10 | DDI RULE 5234 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5234 | ||
| DDI RULE 5235 | CVE-2024-34779 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/10/10 | DDI RULE 5235 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5235 | ||
| DDI RULE 5236 | CVE-2024-34785 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | 2024/10/10 | DDI RULE 5236 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5236 | ||
| DDI RULE 5237 | SYSTEMBC C2 - HTTP (Request) | 2024/10/10 | DDI RULE 5237 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5237 | ||
| DDI RULE 5227 | VALLEYRAT C2 - TCP (Response) | 2024/10/09 | DDI RULE 5227 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5227 | ||
| DDI RULE 5228 | Advanced IP Scanner - HTTP (Request) | 2024/10/09 | DDI RULE 5228 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5228 | ||
| DDI RULE 5225 | ONCESVC C2 - HTTP (Response) | 2024/10/08 | DDI RULE 5225 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5225 | ||
| DDI RULE 5226 | CVE-2024-6497 - SQUIRLLY EXPLOIT - HTTP (Request) | 2024/10/08 | DDI RULE 5226 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5226 | ||
| DDI RULE 5221 | CVE-2024-47177 - CUPS PRINTING RCE EXPLOIT - HTTP (REQUEST) | 2024/10/03 | DDI RULE 5221 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5221 | ||
| DDI RULE 5223 | LUMMAC - HTTP (Request) | 2024/10/03 | DDI RULE 5223 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5223 | ||
| DDI RULE 5217 | CVE-2024-8190 - Ivanti Cloud Service Appliance Authenticated Command Injection Exploit - HTTP (Response) | 2024/10/02 | DDI RULE 5217 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5217 | ||
| DDI RULE 5222 | CVE-2024-2876 - WORDPRESS SQL INJECTION EXPLOIT - HTTP (Request) | 2024/10/02 | DDI RULE 5222 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5222 | ||
| DDI RULE 5218 | CVE-2020-8599 - Trend Micro Apex One and OfficeScan Directory Traversal Exploit - HTTP (Request) | 2024/10/01 | DDI RULE 5218 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5218 | ||
| DDI RULE 5219 | CVE-2024-38077 - MS RDL RCE EXPLOIT - DCERPC (Request) | 2024/10/01 | DDI RULE 5219 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5219 | ||
| DDI RULE 5220 | CVE-2024-6670 - WhatsUp SQL Injection Exploit - HTTP (Response) | 2024/10/01 | DDI RULE 5220 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5220 | ||
| DDI RULE 5216 | Possible Generic Database Query - MySQL (Request) | 2024/09/26 | DDI RULE 5216 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5216 | ||
| DDI RULE 5206 | Remote Access Tool VNC - VNC (Response) | 2024/09/23 | DDI RULE 5206 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5206 | ||
| DDI RULE 5207 | Remote Access Tool RealVNC - VNC (Response) | 2024/09/23 | DDI RULE 5207 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5207 | ||
| DDI RULE 5208 | Remote Access Tool TightVNC - VNC (Response) | 2024/09/23 | DDI RULE 5208 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5208 | ||
| DDI RULE 5209 | Remote Access Tool UltraVNC - VNC (Response) | 2024/09/23 | DDI RULE 5209 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5209 | ||
| DDI RULE 5214 | CVE-2024-5505 - NETGEAR TRAVERSAL EXPLOIT - HTTP (REQUEST) | 2024/09/17 | DDI RULE 5214 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5214 | ||
| DDI RULE 5215 | CVE-2024-43461 - MSHTML SPOOFING EXPLOIT - HTTP (RESPONSE) | 2024/09/17 | DDI RULE 5215 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5215 | ||
| DDI RULE 5082 | CVE-2024-32113 - Apache OFBiz Directory Traversal Exploit - HTTP (Request) | 2024/09/16 | DDI RULE 5082 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5082 | ||
| DDI RULE 5212 | CVE-2023-51364 - QNAP RCE EXPLOIT - HTTP (RESPONSE) | 2024/09/12 | DDI RULE 5212 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5212 | ||
| DDI RULE 5213 | WebP Image Sensor - HTTP (Response) | 2024/09/12 | DDI RULE 5213 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5213 | ||
| DDI RULE 5211 | CVE-2023-38205 - Adobe ColdFusion Policy Bypass Exploit - HTTP (Request) | 2024/09/11 | DDI RULE 5211 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5211 | ||
| DDI RULE 5210 | Metasploit Web Delivery through PowerShell - HTTP (Response) | 2024/09/10 | DDI RULE 5210 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5210 | ||
| DDI RULE 2793 | APT - WINNTI - HTTP (Response) | 2024/09/09 | DDI RULE 2793 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2793 |