Network Content Inspection Rules
Confidence Level:
Low
Medium
High
Default Rule:
| Rule ID | Rule Description | Confidence Level | DDI Default Rule | Network Content Inspection Pattern Release Date | ||
|---|---|---|---|---|---|---|
| DDI RULE 5433 | APT - BPFDOOR - TCP - Variant 2 | High | 2025/07/03 | DDI RULE 5433 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5433 | |
| DDI RULE 5429 | CVE-2023-33538 - TPLink Command Injection Exploit - HTTP (Request) | Medium | 2025/06/30 | DDI RULE 5429 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5429 | |
| DDI RULE 5421 | APT - BPFDOOR - UDP | High | 2025/06/26 | DDI RULE 5421 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5421 | |
| DDI RULE 5420 | APT - BPFDOOR - TCP | High | 2025/06/19 | DDI RULE 5420 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5420 | |
| DDI RULE 5413 | CVE-2025-46337 - ADODB SQL INJECTION - HTTP (Response) | High | 2025/06/10 | DDI RULE 5413 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5413 | |
| DDI RULE 5406 | ECHARGE COMMAND INJECTION EXPLOIT - HTTP (Response) | High | 2025/05/29 | DDI RULE 5406 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5406 | |
| DDI RULE 5394 | CVE-2024-57050 - TPLINK EXPLOIT - HTTP(Response) | High | 2025/05/13 | DDI RULE 5394 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5394 | |
| DDI RULE 5392 | CVE-2024-23468 - SOLARWINDS PATH TRAVERSAL - TCP (Request) | High | 2025/05/07 | DDI RULE 5392 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5392 | |
| DDI RULE 5387 | CVE-2023-44221 - SONICWALL EXPLOIT COMMAND INJECTION EXPLOIT - HTTP(RESPONSE) | High | 2025/05/03 | DDI RULE 5387 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5387 | |
| DDI RULE 5385 | CVE-2021-47667 - ZENDTO RCE - HTTP (Request) | High | 2025/04/30 | DDI RULE 5385 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5385 | |
| DDI RULE 5382 | CVE-2025-31324 - SAP NETWEAVER UPLOAD EXPLOIT REQUEST - HTTP(REQUEST) | High | 2025/04/26 | DDI RULE 5382 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5382 | |
| DDI RULE 5377 | ROUTER CLEARTEXT PASSWORD DISCLOSURE EXPLOIT - HTTP (Request) | High | 2025/04/22 | DDI RULE 5377 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5377 | |
| DDI RULE 5375 | CVE-2024-10188 - LITELLM DOS - HTTP (Request) | High | 2025/04/16 | DDI RULE 5375 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5375 | |
| DDI RULE 5369 | IVANTI TRAVERSAL EXPLOIT - HTTP(Response) | High | 2025/04/15 | DDI RULE 5369 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5369 | |
| DDI RULE 5363 | CVE-2024-50330 - IVANTI SQL INJECTION - HTTP (Response) | High | 2025/04/02 | DDI RULE 5363 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5363 | |
| DDI RULE 5359 | CVE-2018-8639 - Win32k Privilege Escalation Exploit - HTTP (Response) | High | 2025/03/26 | DDI RULE 5359 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5359 | |
| DDI RULE 5353 | CVE-2024-45195 - APACHE OFBIZ RCE EXPLOIT - HTTP(Request) | High | 2025/03/17 | DDI RULE 5353 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5353 | |
| DDI RULE 5349 | SVCCTL Start Service - SMB2 (Request) | High | 2025/03/13 | DDI RULE 5349 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5349 | |
| DDI RULE 5340 | LBLINK COMMAND INJECTION EXPLOIT - HTTP (Request) | High | 2025/03/05 | DDI RULE 5340 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5340 | |
| DDI RULE 5323 | CVE-2024-49112 - INTEGER OVERFLOW EXPLOIT - LDAP (Response) | High | 2025/02/20 | DDI RULE 5323 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5323 | |
| DDI RULE 5305 | CVE-2024-42327 - Zabbix SQL Injection - HTTP (Response) | High | 2025/02/18 | DDI RULE 5305 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5305 | |
| DDI RULE 5318 | CVE-2025-0282 - IVANTI RCE EXPLOIT - HTTP(Request) | High | 2025/02/17 | DDI RULE 5318 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5318 | |
| DDI RULE 5320 | CVE-2025-0107 - Palo Alto Networks Expedition Insecure Deserialization Exploit - HTTP (Response) | High | 2025/02/17 | DDI RULE 5320 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5320 | |
| DDI RULE 5316 | CVE-2024-37404 - IVANTI RCE EXPLOIT - HTTP (Response) | High | 2025/02/12 | DDI RULE 5316 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5316 | |
| DDI RULE 5314 | ADCS Suspicious use of Certificate - Kerberos (Request) | High | 2025/02/11 | DDI RULE 5314 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5314 | |
| DDI RULE 5310 | CVE-2024-52047 - DIRECTORY TRAVERSAL EXPLOIT - HTTP (Request) | High | 2025/02/06 | DDI RULE 5310 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5310 | |
| DDI RULE 5312 | CVE-2024-40711 - Veeam Backup & Replication Remote Command Execution Exploit - HTTP (Response) | High | 2025/02/06 | DDI RULE 5312 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5312 | |
| DDI RULE 5303 | CVE-2024-51378 - CYBERPANEL RCE EXPLOIT - HTTP (Request) | High | 2025/02/05 | DDI RULE 5303 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5303 | |
| DDI RULE 5311 | CVE-2022-22947 - SPRINGCLOUD RCE EXPLOIT - HTTP (Request) | High | 2025/02/05 | DDI RULE 5311 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5311 | |
| DDI RULE 5292 | CVE-2024-47575 - FORTIMANAGER RCE EXPLOIT - HTTP (Response) | High | 2025/02/04 | DDI RULE 5292 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5292 | |
| DDI RULE 5304 | CVE-2024-12828 - WEBMIN RCE EXPLOIT - HTTP (Response) | High | 2025/01/30 | DDI RULE 5304 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5304 | |
| DDI RULE 5306 | CVE-2024-53691 - QNAP RCE - HTTP (Request) | High | 2025/01/30 | DDI RULE 5306 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5306 | |
| DDI RULE 5307 | CVE-2024-50388 - QNAP BACKUP EXPLOIT - HTTP(Request) | High | 2025/01/30 | DDI RULE 5307 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5307 | |
| DDI RULE 5302 | CVE-2024-8963 - IVANTI AUTH BYPASS EXPLOIT - HTTP (Response) | High | 2025/01/24 | DDI RULE 5302 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5302 | |
| DDI RULE 5300 | CVE-2024-29847 - IVANTI RCE EXPLOIT - TCP (Request) | High | 2025/01/22 | DDI RULE 5300 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5300 | |
| DDI RULE 5301 | CVE-2024-50603 - AVIATRIX COMMAND INJECTION - HTTP (Request) | High | 2025/01/21 | DDI RULE 5301 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5301 | |
| DDI RULE 5246 | Entropy Encoded Cookie Sensor - HTTP (Request) | Low | 2025/01/20 | DDI RULE 5246 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5246 | |
| DDI RULE 5247 | Base64 Encoded Cookie Sensor - HTTP (Request) | Low | 2025/01/20 | DDI RULE 5247 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5247 | |
| DDI RULE 5299 | HTTP Websocket Connection to External Server (Request) | Low | 2025/01/16 | DDI RULE 5299 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5299 | |
| DDI RULE 1268 | Reverse HTTPS Meterpreter detected - Variant 2 | High | 2025/01/15 | DDI RULE 1268 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-1268 | |
| DDI RULE 5298 | CVE-2024-5011 - WHATSUP GOLD EXPLOIT - HTTP (Request) | High | 2025/01/15 | DDI RULE 5298 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5298 | |
| DDI RULE 2744 | OMRON FINS UDP Read Controller Attempt NSE - UDP (Request) | Low | 2025/01/13 | DDI RULE 2744 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-2744 | |
| DDI RULE 5294 | CVE-2024-38856 - OFBIZ AUTHBYPASS EXPLOIT - HTTP (Response) | High | 2025/01/08 | DDI RULE 5294 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5294 | |
| DDI RULE 5289 | CVE-2024-49122 - MSMQ RCE EXPLOIT - TCP (Response) | High | 2025/01/07 | DDI RULE 5289 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5289 | |
| DDI RULE 5290 | CVE-2024-9464 - PaloAlto Command Injection Exploit - HTTP (Request) | High | 2025/01/06 | DDI RULE 5290 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5290 | |
| DDI RULE 5297 | CVE-2024-49113 - WINDOWS LDAP DOS EXPLOIT - CLDAP(RESPONSE) | High | 2025/01/06 | DDI RULE 5297 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5297 | |
| DDI RULE 5295 | CVE-2024-50623 - CLEO DIRECTORY TRAVERSAL - HTTP (Request) | High | 2025/01/02 | DDI RULE 5295 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5295 | |
| DDI RULE 5288 | CVE-2024-46938 - Sitecore Directory Traversal Exploit - HTTP (Response) | High | 2024/12/19 | DDI RULE 5288 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5288 | |
| DDI RULE 5291 | CVE-2024-25153 - Fortra FileCatalyst Workflow Directory Traversal Exploit - HTTP (Response) | High | 2024/12/19 | DDI RULE 5291 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5291 | |
| DDI RULE 5293 | CVE-2024-11320 - Pandora Remote Command Execution Exploit - HTTP (Response) | High | 2024/12/19 | DDI RULE 5293 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5293 | |
| DDI RULE 4594 | COBALTSTRIKE - HTTP(REQUEST) - Variant 3 | High | 2024/12/11 | DDI RULE 4594 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4594 | |
| DDI RULE 4861 | COBEACON - DNS (Response) - Variant 3 | High | 2024/12/11 | DDI RULE 4861 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4861 | |
| DDI RULE 5253 | CVE-2024-29830 - IVANTI SQL INJECTION EXPLOIT - HTTP(REQUEST) | High | 2024/12/11 | DDI RULE 5253 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5253 | |
| DDI RULE 5281 | AD File and Directory Discovery - SMB2 (Request) | Medium | 2024/12/11 | DDI RULE 5281 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5281 | |
| DDI RULE 5284 | CVE-2024-34051 - DOLIBARR AC EXECUTION EXPLOIT - HTTP(REQUEST) | High | 2024/12/11 | DDI RULE 5284 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5284 | |
| DDI RULE 5287 | Active Directory Certificate Services Template Discovery- LDAP (Request) | High | 2024/12/11 | DDI RULE 5287 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5287 | |
| DDI RULE 5283 | CVE-2024-9264 - Grafana SQL Injection Exploit - HTTP (Response) | High | 2024/12/10 | DDI RULE 5283 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5283 | |
| DDI RULE 5286 | Possible Discovery Using NETSHAREENUM API - SMB2 (Request) | High | 2024/12/10 | DDI RULE 5286 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5286 | |
| DDI RULE 4396 | CVE-2020-1967 - Signature Algorithms Cert Denial of Service - HTTPS (Request) | Medium | 2024/12/09 | DDI RULE 4396 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4396 | |
| DDI RULE 5282 | CVE-2024-43451 - WINDOWS NTLM RELAY EXPLOIT - HTTP (Response) | High | 2024/12/09 | DDI RULE 5282 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5282 | |
| DDI RULE 5285 | CVE-2024-1884 - PAPERCUT SSRF EXPLOIT - HTTP(REQUEST) | High | 2024/12/09 | DDI RULE 5285 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5285 | |
| DDI RULE 5279 | CVE-2024-47525 - LIBRENMS XSS EXPLOIT - HTTP(REQUEST) | High | 2024/12/04 | DDI RULE 5279 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5279 | |
| DDI RULE 5280 | CVE-2024-42008 - Roundcube Information Disclosure Exploit - HTTP (Response) | High | 2024/12/03 | DDI RULE 5280 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5280 | |
| DDI RULE 5232 | CVE-2024-45519 - ZIMBRA RCE EXPLOIT - SMTP (REQUEST) | High | 2024/12/02 | DDI RULE 5232 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5232 | |
| DDI RULE 5276 | CVE-2024-5010 - WHATSUP GOLD EXPLOIT - HTTP(REQUEST) | High | 2024/12/02 | DDI RULE 5276 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5276 | |
| DDI RULE 5278 | CVE-2024-0012 - PALO ALTO AUTH BYPASS - HTTP (Request) | High | 2024/11/28 | DDI RULE 5278 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5278 | |
| DDI RULE 5267 | COVENANT Custom Profile - HTTP (Response) - Variant 2 | High | 2024/11/27 | DDI RULE 5267 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5267 | |
| DDI RULE 5274 | Covenant Default Named Pipe - SMB2 (Request) | High | 2024/11/26 | DDI RULE 5274 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5274 | |
| DDI RULE 5269 | SALITY C2 - TCP (REQUEST) | High | 2024/11/21 | DDI RULE 5269 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5269 | |
| DDI RULE 5271 | CVE-2024-43572 - Microsoft Windows Management Console RCE Exploit - HTTP (Response) | High | 2024/11/21 | DDI RULE 5271 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5271 | |
| DDI RULE 5245 | CVE-2024-6457 - WORDPRESS EXPLOIT - HTTP (Request) | High | 2024/11/19 | DDI RULE 5245 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5245 | |
| DDI RULE 5264 | CVE-2024-51567 - CYBERPANEL RCE EXPLOIT - HTTP (Request) | High | 2024/11/19 | DDI RULE 5264 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5264 | |
| DDI RULE 5268 | CVE-2024-7591 - Progress Kemp LoadMaster Command Injection Exploit - HTTP (Request) | High | 2024/11/19 | DDI RULE 5268 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5268 | |
| DDI RULE 5256 | COVENANT Default - HTTP (Response) | High | 2024/11/14 | DDI RULE 5256 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5256 | |
| DDI RULE 5258 | CVE-2024-9465 - PALOALTO EXPEDITION EXPLOIT - HTTP (Response) | High | 2024/11/14 | DDI RULE 5258 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5258 | |
| DDI RULE 5265 | CVE-2024-40711 - VEEAM BACKUP RCE EXPLOIT - TCP (Request) | High | 2024/11/14 | DDI RULE 5265 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5265 | |
| DDI RULE 5263 | CVE-2024-41874 - ADOBE COLDFUSION RCE EXPLOIT - HTTP (Response) | High | 2024/11/13 | DDI RULE 5263 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5263 | |
| DDI RULE 5262 | CoreWarrior Exfiltration - HTTP (Request) | High | 2024/11/12 | DDI RULE 5262 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5262 | |
| DDI RULE 5259 | FAKEWIN - HTTP (Request) | High | 2024/11/11 | DDI RULE 5259 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5259 | |
| DDI RULE 5260 | RCSHELL BACKDOOR - HTTP (Request) | High | 2024/11/11 | DDI RULE 5260 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5260 | |
| DDI RULE 5261 | HORUS PROTECTOR C2 - TCP (Response) | High | 2024/11/11 | DDI RULE 5261 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5261 | |
| DDI RULE 5257 | CVE-2024-28988 - SOLARWINDS RCE EXPLOIT - HTTP (Response) | High | 2024/11/07 | DDI RULE 5257 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5257 | |
| DDI RULE 4219 | GHOSTMINER - HTTP (Request) | High | 2024/11/06 | DDI RULE 4219 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4219 | |
| DDI RULE 4484 | GOLDENSPY - HTTP (REQUEST) | High | 2024/11/06 | DDI RULE 4484 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4484 | |
| DDI RULE 4572 | GLUPTEBA - HTTP (REQUEST) | High | 2024/11/06 | DDI RULE 4572 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4572 | |
| DDI RULE 5081 | CVE-2024-36401 - GEOSERVER EXPLOIT - HTTP (REQUEST) | High | 2024/11/06 | DDI RULE 5081 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5081 | |
| DDI RULE 5139 | PYC Download - HTTP (Response) | Low | 2024/11/05 | DDI RULE 5139 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5139 | |
| DDI RULE 5140 | Python Download - HTTP (Response) | Low | 2024/11/05 | DDI RULE 5140 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5140 | |
| DDI RULE 1770 | GHOLE - HTTP (Request) | High | 2024/11/04 | DDI RULE 1770 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-1770 | |
| DDI RULE 5254 | Possible Domain Controller List Discovery - DCERPC (Request) | High | 2024/11/04 | DDI RULE 5254 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5254 | |
| DDI RULE 5243 | WebDAV Successful File Download - HTTP (Response) | High | 2024/10/29 | DDI RULE 5243 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5243 | |
| DDI RULE 5244 | WebDAV Unsuccessful File Download - HTTP (Response) | High | 2024/10/29 | DDI RULE 5244 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5244 | |
| DDI RULE 5249 | KeyLogEXE Exfiltration - HTTP (Request) | High | 2024/10/28 | DDI RULE 5249 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5249 | |
| DDI RULE 5248 | URIVAR EXFILTRATION - HTTP(REQUEST) | Low | 2024/10/24 | DDI RULE 5248 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5248 | |
| DDI RULE 5250 | C2 SHELLCODE Transfer - HTTP (Response) | Low | 2024/10/24 | DDI RULE 5250 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5250 | |
| DDI RULE 5251 | REMCOS DOWNLOADER - HTTP (Request) | High | 2024/10/24 | DDI RULE 5251 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5251 | |
| DDI RULE 5252 | CONOLEATHLOADER - HTTP (Request) | High | 2024/10/24 | DDI RULE 5252 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5252 | |
| DDI RULE 1886 | Data Exfiltration - DNS (Response) | Low | 2024/10/22 | DDI RULE 1886 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-1886 | |
| DDI RULE 5238 | CVE-2024-32766 - PRIVWIZARD INJECTION EXPLOIT - HTTP (Request) | High | 2024/10/22 | DDI RULE 5238 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5238 | |
| DDI RULE 5240 | CVE-2024-5932 - WordPress RCE Exploit - HTTP (Request) | High | 2024/10/17 | DDI RULE 5240 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5240 | |
| DDI RULE 5231 | CVE-2024-32842 - Ivanti Endpoint Manager SQL Injection Exploit - HTTP (Response) | High | 2024/10/16 | DDI RULE 5231 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5231 | |
| DDI RULE 5242 | CVE-2024-5932 - GIVEWP RCE EXPLOIT - HTTP (Request) | High | 2024/10/16 | DDI RULE 5242 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5242 | |
| DDI RULE 5230 | CVE-2024-32845 - Ivanti Endpoint Manager SQL Injection Exploit - HTTP (Response) | High | 2024/10/15 | DDI RULE 5230 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5230 | |
| DDI RULE 5241 | CVE-2024-37397 - Ivanti EPM Improper Restriction of XML External Entity Exploit - HTTP (Response) | High | 2024/10/15 | DDI RULE 5241 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5241 | |
| DDI RULE 5239 | SYSTEMBC Shellcode Download - HTTP (Response) | High | 2024/10/14 | DDI RULE 5239 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5239 | |
| DDI RULE 5229 | Advanced Port Scanner - HTTP (Request) | High | 2024/10/10 | DDI RULE 5229 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5229 | |
| DDI RULE 5233 | CVE-2024-32846 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | High | 2024/10/10 | DDI RULE 5233 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5233 | |
| DDI RULE 5234 | CVE-2024-32843 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | High | 2024/10/10 | DDI RULE 5234 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5234 | |
| DDI RULE 5235 | CVE-2024-34779 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | High | 2024/10/10 | DDI RULE 5235 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5235 | |
| DDI RULE 5236 | CVE-2024-34785 - IVANTI SQL INJECTION EXPLOIT - HTTP (RESPONSE) | High | 2024/10/10 | DDI RULE 5236 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5236 | |
| DDI RULE 5237 | SYSTEMBC C2 - HTTP (Request) | High | 2024/10/10 | DDI RULE 5237 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5237 | |
| DDI RULE 5227 | VALLEYRAT C2 - TCP (Response) | High | 2024/10/09 | DDI RULE 5227 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5227 | |
| DDI RULE 5228 | Advanced IP Scanner - HTTP (Request) | High | 2024/10/09 | DDI RULE 5228 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5228 | |
| DDI RULE 5225 | ONCESVC C2 - HTTP (Response) | High | 2024/10/08 | DDI RULE 5225 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5225 | |
| DDI RULE 5226 | CVE-2024-6497 - SQUIRLLY EXPLOIT - HTTP (Request) | High | 2024/10/08 | DDI RULE 5226 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5226 | |
| DDI RULE 5221 | CVE-2024-47177 - CUPS PRINTING RCE EXPLOIT - HTTP (REQUEST) | High | 2024/10/03 | DDI RULE 5221 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5221 | |
| DDI RULE 5223 | LUMMAC - HTTP (Request) | High | 2024/10/03 | DDI RULE 5223 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5223 | |
| DDI RULE 5217 | CVE-2024-8190 - Ivanti Cloud Service Appliance Authenticated Command Injection Exploit - HTTP (Response) | High | 2024/10/02 | DDI RULE 5217 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5217 | |
| DDI RULE 5222 | CVE-2024-2876 - WORDPRESS SQL INJECTION EXPLOIT - HTTP (Request) | High | 2024/10/02 | DDI RULE 5222 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5222 | |
| DDI RULE 5218 | CVE-2020-8599 - Trend Micro Apex One and OfficeScan Directory Traversal Exploit - HTTP (Request) | High | 2024/10/01 | DDI RULE 5218 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5218 | |
| DDI RULE 5219 | CVE-2024-38077 - MS RDL RCE EXPLOIT - DCERPC (Request) | High | 2024/10/01 | DDI RULE 5219 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5219 | |
| DDI RULE 5220 | CVE-2024-6670 - WhatsUp SQL Injection Exploit - HTTP (Response) | High | 2024/10/01 | DDI RULE 5220 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5220 | |
| DDI RULE 5216 | Possible Generic Database Query - MySQL (Request) | Medium | 2024/09/26 | DDI RULE 5216 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5216 | |
| DDI RULE 5206 | Remote Access Tool VNC - VNC (Response) | High | 2024/09/23 | DDI RULE 5206 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5206 | |
| DDI RULE 5207 | Remote Access Tool RealVNC - VNC (Response) | High | 2024/09/23 | DDI RULE 5207 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5207 | |
| DDI RULE 5208 | Remote Access Tool TightVNC - VNC (Response) | High | 2024/09/23 | DDI RULE 5208 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5208 | |
| DDI RULE 5209 | Remote Access Tool UltraVNC - VNC (Response) | High | 2024/09/23 | DDI RULE 5209 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5209 | |
| DDI RULE 5214 | CVE-2024-5505 - NETGEAR TRAVERSAL EXPLOIT - HTTP (REQUEST) | High | 2024/09/17 | DDI RULE 5214 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5214 | |
| DDI RULE 5215 | CVE-2024-43461 - MSHTML SPOOFING EXPLOIT - HTTP (RESPONSE) | High | 2024/09/17 | DDI RULE 5215 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5215 | |
| DDI RULE 5082 | CVE-2024-32113 - Apache OFBiz Directory Traversal Exploit - HTTP (Request) | High | 2024/09/16 | DDI RULE 5082 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5082 | |
| DDI RULE 5212 | CVE-2023-51364 - QNAP RCE EXPLOIT - HTTP (RESPONSE) | High | 2024/09/12 | DDI RULE 5212 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5212 | |
| DDI RULE 5213 | WebP Image Sensor - HTTP (Response) | High | 2024/09/12 | DDI RULE 5213 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5213 | |
| DDI RULE 5211 | CVE-2023-38205 - Adobe ColdFusion Policy Bypass Exploit - HTTP (Request) | High | 2024/09/11 | DDI RULE 5211 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5211 | |
| DDI RULE 5210 | Metasploit Web Delivery through PowerShell - HTTP (Response) | Medium | 2024/09/10 | DDI RULE 5210 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5210 | |
| DDI RULE 2793 | APT - WINNTI - HTTP (Response) | High | 2024/09/09 | DDI RULE 2793 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-2793 | |
| DDI RULE 5203 | CVE-2024-5721 - LOGSIGN RCE EXPLOIT - HTTP (RESPONSE) | High | 2024/09/05 | DDI RULE 5203 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5203 | |
| DDI RULE 5204 | CVE-2024-7928 - FASTADMIN TRAVERSAL EXPLOIT - HTTP (RESPONSE) | High | 2024/09/05 | DDI RULE 5204 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5204 | |
| DDI RULE 5205 | CVE-2024-29826 - IVANTI ENDPOINT RCE EXPLOIT - HTTP (REQUEST) | High | 2024/09/05 | DDI RULE 5205 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5205 | |
| DDI RULE 5097 | CVE-2023-27532 - Veeam Backup and Replication Backup Service Authentication Bypass Exploit - TCP (Request) | High | 2024/09/04 | DDI RULE 5097 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5097 | |
| DDI RULE 5200 | CVE-2024-38652 - IVANTI TRAVERSAL EXPLOIT - HTTP (RESPONSE) | High | 2024/09/04 | DDI RULE 5200 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5200 | |
| DDI RULE 5202 | MAGICRAT EXFIL - HTTP(REQUEST) | High | 2024/09/04 | DDI RULE 5202 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5202 | |
| DDI RULE 4345 | EMOTET - HTTP (Request) - Variant 7 | High | 2024/09/03 | DDI RULE 4345 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4345 | |
| DDI RULE 5098 | JUPITERRAT - HTTP (REQUEST) | High | 2024/08/29 | DDI RULE 5098 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5098 | |
| DDI RULE 5099 | FAKEBAT DOWNLOADER - HTTP(REQUEST) | High | 2024/08/29 | DDI RULE 5099 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5099 | |
| DDI RULE 5090 | CVE-2021-26858 - Possible MS Exchange SSRF Exploit - HTTP (Response) | Low | 2024/08/28 | DDI RULE 5090 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5090 | |
| DDI RULE 5096 | ZOMBIEDROP - HTTP (REQUEST) | High | 2024/08/27 | DDI RULE 5096 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5096 | |
| DDI RULE 5075 | CVE-2024-49606 - TINYPROXY RCE EXPLOIT - HTTP (REQUEST) | High | 2024/08/22 | DDI RULE 5075 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5075 | |
| DDI RULE 5095 | CVE-2024-4885 - WHATSUP GOLD TRAVERSAL EXPLOIT - HTTP (REQUEST) | High | 2024/08/22 | DDI RULE 5095 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5095 | |
| DDI RULE 5092 | CVE-2024-7120 - RAISECOM COMMAND INJECTION EXPLOIT - HTTP (RESPONSE) | High | 2024/08/20 | DDI RULE 5092 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5092 | |
| DDI RULE 5093 | Prometei C2 - HTTP (Request) | High | 2024/08/20 | DDI RULE 5093 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5093 | |
| DDI RULE 5094 | Possible STEALBIT Exfiltration - HTTP (Request) | Medium | 2024/08/20 | DDI RULE 5094 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5094 | |
| DDI RULE 5091 | RUTHENS ENCRYPTION - SMB2 (REQUEST) | High | 2024/08/19 | DDI RULE 5091 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5091 | |
| DDI RULE 5087 | DAMEWARE RCE EXPLOIT - HTTP (REQUEST) | High | 2024/08/15 | DDI RULE 5087 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5087 | |
| DDI RULE 5088 | Possible Faker Generated Self-Signed Certificate - HTTPS | Medium | 2024/08/14 | DDI RULE 5088 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5088 | |
| DDI RULE 5089 | COBEACON Default Named Pipe - SMB2 (Request) - Variant 2 | Medium | 2024/08/14 | DDI RULE 5089 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5089 | |
| DDI RULE 5085 | CVE-2024-5008 - WHATSUP GOLD RCE EXPLOIT - HTTP (REQUEST) | High | 2024/08/13 | DDI RULE 5085 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5085 | |
| DDI RULE 5086 | CVE-2019-0708 - Microsoft Windows Remote Desktop Services Remote Code Execution Exploit - TCP (Request) | High | 2024/08/13 | DDI RULE 5086 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5086 | |
| DDI RULE 5079 | CVE-2023-42000 - Arcserve Unified Data Protection Path Traversal Exploit - HTTP (Request) | High | 2024/08/12 | DDI RULE 5079 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5079 | |
| DDI RULE 5084 | CVE-2024-4883 - Progress WhatsUp Gold Traversal Exploit - TCP (Request) | High | 2024/08/12 | DDI RULE 5084 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5084 | |
| DDI RULE 5072 | ADRECON QUERY - LDAP(Request) | Low | 2024/08/09 | DDI RULE 5072 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5072 | |
| DDI RULE 5083 | CVE-2024-38856 - APACHE OFBIZ RCE EXPLOIT - HTTP (Request) | High | 2024/08/09 | DDI RULE 5083 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5083 | |
| DDI RULE 5077 | CVE-2024-2863 - LG LED Directory Traversal Exploit - HTTP (Request) | High | 2024/08/05 | DDI RULE 5077 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5077 | |
| DDI RULE 5078 | CVE-2024-36991 - Splunk Directory Traversal Exploit - HTTP (Response) | High | 2024/08/05 | DDI RULE 5078 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5078 | |
| DDI RULE 5074 | CVE-2024-5015 - WHATSUP SSRF EXPLOIT - HTTP (REQUEST) | High | 2024/08/01 | DDI RULE 5074 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5074 | |
| DDI RULE 5076 | CVE-2024-4879 - ServiceNow Template Injection Exploit - HTTP (Response) | High | 2024/08/01 | DDI RULE 5076 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5076 | |
| DDI RULE 4886 | TRUEBOT - HTTP (REQUEST) - Variant 2 | High | 2024/07/31 | DDI RULE 4886 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4886 | |
| DDI RULE 5073 | CVE-2024-38112 - MSHTML RCE EXPLOIT - SMB2 (REQUEST) | High | 2024/07/31 | DDI RULE 5073 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5073 | |
| DDI RULE 5063 | CVE-2024-5806 - MOVEit Authentication Bypass Exploit - HTTP(Request) | High | 2024/07/29 | DDI RULE 5063 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5063 | |
| DDI RULE 5067 | CVE-2024-4358 - TELERIK AUTHBYPASS EXPLOIT - HTTP (REQUEST) | High | 2024/07/25 | DDI RULE 5067 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5067 | |
| DDI RULE 5068 | CVE-2024-37389 - APACHE NIFI EXPLOIT - HTTP (REQUEST) | High | 2024/07/25 | DDI RULE 5068 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5068 | |
| DDI RULE 5069 | PHP DEV EXPLOIT - HTTP (REQUEST) | High | 2024/07/25 | DDI RULE 5069 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5069 | |
| DDI RULE 5070 | CVE-2024-27348 - APACHE HUGEGRAPH RCE EXPLOIT - HTTP (REQUEST) | High | 2024/07/25 | DDI RULE 5070 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5070 | |
| DDI RULE 5071 | RC4 Encryption in Pre-Authentication - Kerberos (Request) | Medium | 2024/07/25 | DDI RULE 5071 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5071 | |
| DDI RULE 5064 | CVE-2024-38112 - MSHTML RCE EXPLOIT - HTTP (RESPONSE) | High | 2024/07/24 | DDI RULE 5064 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5064 | |
| DDI RULE 5065 | CVE-2024-28995 - DIRECTORY TRAVERSAL EXPLOIT - HTTP (REQUEST) | High | 2024/07/24 | DDI RULE 5065 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5065 | |
| DDI RULE 5066 | CVE-2024-4040 - CRUSHFTP RCE EXPLOIT - HTTP (REQUEST) | High | 2024/07/24 | DDI RULE 5066 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5066 | |
| DDI RULE 4682 | MULTIPLE LATERAL MOVEMENT - SMB2(REQUEST) | Low | 2024/07/23 | DDI RULE 4682 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4682 | |
| DDI RULE 5052 | CVE-2024-0769 - D-Link Directory Traversal Exploit - HTTP (Response) | High | 2024/07/18 | DDI RULE 5052 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5052 | |
| DDI RULE 5059 | POSSIBLE KIMSUKY C2 - HTTP (Request) | Medium | 2024/07/18 | DDI RULE 5059 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5059 | |
| DDI RULE 5061 | CVE-2024-21683 - Atlassian Confluence Server RCE Exploit - HTTP (Request) | High | 2024/07/17 | DDI RULE 5061 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5061 | |
| DDI RULE 5027 | Telegram Bot API Sensor - HTTP (Response) | Medium | 2024/07/16 | DDI RULE 5027 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5027 | |
| DDI RULE 5057 | PRIVATELOADER C2 - HTTP (Request) | High | 2024/07/16 | DDI RULE 5057 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5057 | |
| DDI RULE 5060 | HNAP RCE EXPLOIT - HTTP (Request) | High | 2024/07/16 | DDI RULE 5060 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5060 | |
| DDI RULE 5062 | CVE-2024-23692 - Rejetto HTTP File Server Command Injection Exploit - HTTP (Response) | High | 2024/07/16 | DDI RULE 5062 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5062 | |
| DDI RULE 5053 | HTA File Download Root Directory Sensor- HTTP(RESPONSE) | High | 2024/07/15 | DDI RULE 5053 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5053 | |
| DDI RULE 5054 | HTA File Download Sub Root Directory Sensor - HTTP(RESPONSE) | Medium | 2024/07/15 | DDI RULE 5054 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5054 | |
| DDI RULE 5055 | SH File Download Root Directory Sensor- HTTP(RESPONSE) | High | 2024/07/15 | DDI RULE 5055 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5055 | |
| DDI RULE 5056 | SH File Download Sub Root Directory Sensor - HTTP(RESPONSE) | Medium | 2024/07/15 | DDI RULE 5056 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5056 | |
| DDI RULE 5058 | KOI LOADER C2 - HTTP (Request) | High | 2024/07/15 | DDI RULE 5058 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5058 | |
| DDI RULE 5047 | CVE-2021-20837 - Movable Type XMLRPC Command Injection Exploit - HTTP (Response) | High | 2024/07/11 | DDI RULE 5047 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5047 | |
| DDI RULE 5050 | ISO File Download Sensor - HTTP (Response) | Low | 2024/07/11 | DDI RULE 5050 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5050 | |
| DDI RULE 5049 | APT - DARKPINK Exfiltration - SMTP (Request) | Medium | 2024/07/10 | DDI RULE 5049 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5049 | |
| DDI RULE 5051 | AMADEY C2 - HTTP (Request) | High | 2024/07/09 | DDI RULE 5051 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5051 | |
| DDI RULE 4449 | Remote Service execution through SMB2 SVCCTL detected - Variant 3 | High | 2024/07/05 | DDI RULE 4449 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4449 | |
| DDI RULE 5048 | METASPLOIT (Payload) - Reverse HTTP Encrypted - HTTP (Response) | Medium | 2024/07/03 | DDI RULE 5048 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5048 | |
| DDI RULE 5046 | Exfiltration SSH Private Key - HTTP (Response) | High | 2024/06/24 | DDI RULE 5046 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5046 | |
| DDI RULE 5044 | CVE-2024-24919 - Check Point Information Disclosure Exploit - HTTP (Response) | High | 2024/06/19 | DDI RULE 5044 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5044 | |
| DDI RULE 5045 | CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution - HTTP (Request) | High | 2024/06/19 | DDI RULE 5045 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5045 | |
| DDI RULE 5033 | METASPLOIT (Payload) - Reverse TCP Encrypted - TCP (Response) | Medium | 2024/06/13 | DDI RULE 5033 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5033 | |
| DDI RULE 5043 | Gomir C2 - HTTP (Request) | High | 2024/06/04 | DDI RULE 5043 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5043 | |
| DDI RULE 5042 | CVE-2024-4956 - Nexus Repository 3 Path Traversal Exploit - HTTP (Response) | High | 2024/05/30 | DDI RULE 5042 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5042 | |
| DDI RULE 5035 | JSOUTPROX - HTTP (REQUEST) | High | 2024/05/29 | DDI RULE 5035 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5035 | |
| DDI RULE 5037 | CVE-2024-3272 - D-LINK NAS devices Hardcoded Credential Exploit - HTTP (Request) | High | 2024/05/29 | DDI RULE 5037 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5037 | |
| DDI RULE 5038 | CVE-2024-3273 - D-LINK NAS devices Command Injection Exploit - HTTP (Request) | High | 2024/05/29 | DDI RULE 5038 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5038 | |
| DDI RULE 5039 | SOAP API RCE - HTTP (Request) | High | 2024/05/29 | DDI RULE 5039 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5039 | |
| DDI RULE 5040 | DLINK RCE - HTTP (Request) | High | 2024/05/29 | DDI RULE 5040 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5040 | |
| DDI RULE 5041 | IDB EXFILTRATION - HTTP(REQUEST) | High | 2024/05/29 | DDI RULE 5041 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5041 | |
| DDI RULE 5031 | CVE-2022-30333 - RARLab UnRAR Directory Traversal Exploit - HTTP (Response) | High | 2024/05/27 | DDI RULE 5031 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5031 | |
| DDI RULE 5034 | TINYNUKE DOWNLOADER - HTTP (REQUEST) | High | 2024/05/27 | DDI RULE 5034 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5034 | |
| DDI RULE 5036 | MELTED Hidden VNC - TCP (REQUEST) | High | 2024/05/27 | DDI RULE 5036 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5036 | |
| DDI RULE 5032 | Copy BAT Files - SMB2 (Request) | Low | 2024/05/21 | DDI RULE 5032 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5032 | |
| DDI RULE 5030 | MIMIC C2 - HTTP (Request) | Medium | 2024/05/15 | DDI RULE 5030 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5030 | |
| DDI RULE 4887 | COBALTSTRIKE - HTTP (REQUEST) - Variant 4 | High | 2024/05/09 | DDI RULE 4887 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4887 | |
| DDI RULE 5028 | EVILPROXY - HTTP (Response) | High | 2024/05/07 | DDI RULE 5028 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5028 | |
| DDI RULE 5024 | CVE-2024-31138 - JetBrains TeamCity Cross-Site Scripting Exploit - HTTP (Request) | High | 2024/05/06 | DDI RULE 5024 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5024 | |
| DDI RULE 5025 | CVE-2024-24401 - Nagios XI SQL Injection Exploit - HTTP (Response) | High | 2024/05/06 | DDI RULE 5025 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5025 | |
| DDI RULE 5026 | POSSIBLE GOOTLOADER C2 - HTTP (Response) | Medium | 2024/05/06 | DDI RULE 5026 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5026 | |
| DDI RULE 5023 | BATLOADER C2 - HTTP (Request) | Medium | 2024/04/29 | DDI RULE 5023 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5023 | |
| DDI RULE 5021 | CVE-2023-48788 - FortiClientEMS SQL Injection Exploit - TCP (Request) | High | 2024/04/18 | DDI RULE 5021 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5021 | |
| DDI RULE 5022 | CVE-2024-3400 - Palo Alto Command Injection Exploit - HTTP (Request) | High | 2024/04/17 | DDI RULE 5022 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5022 | |
| DDI RULE 5020 | BUNNYLOADER - HTTP (REQUEST) | High | 2024/04/15 | DDI RULE 5020 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5020 | |
| DDI RULE 5017 | CVE-2024-20767 - Cold Fusion Directory Traversal Exploit - HTTP (Response) | High | 2024/04/08 | DDI RULE 5017 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5017 | |
| DDI RULE 5018 | CVE-2023-32315 - Ignite Realtime Openfire Directory Traversal Exploit - HTTP (Response) | High | 2024/04/08 | DDI RULE 5018 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5018 | |
| DDI RULE 5019 | CVE-2023-42793 - Teamcity Server - HTTP(Response) | High | 2024/04/08 | DDI RULE 5019 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5019 | |
| DDI RULE 5016 | Raccoon Stealer - HTTP (Request) | High | 2024/04/02 | DDI RULE 5016 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5016 | |
| DDI RULE 5015 | COMEBACKER - HTTP (Request) | High | 2024/04/01 | DDI RULE 5015 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5015 | |
| DDI RULE 5014 | APT - LOOKBACK - TCP (Request) | High | 2024/03/25 | DDI RULE 5014 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5014 | |
| DDI RULE 5013 | Default GUID on External IP - SMB2 (Response) | High | 2024/03/14 | DDI RULE 5013 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5013 | |
| DDI RULE 5005 | APT - LOOKBACK - TCP (Response) | High | 2024/03/11 | DDI RULE 5005 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5005 | |
| DDI RULE 5011 | CVE-2024-27198 - JetBrains TeamCity Auth Bypass Exploit - HTTP (Response) | High | 2024/03/11 | DDI RULE 5011 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5011 | |
| DDI RULE 5012 | CVE-2024-27199 - JetBrains TeamCity Directory Traversal Exploit - HTTP (Response) | High | 2024/03/11 | DDI RULE 5012 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5012 | |
| DDI RULE 5010 | NTLM Challenge from External IP Address - SMB2 (Response) | Medium | 2024/03/07 | DDI RULE 5010 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5010 | |
| DDI RULE 4923 | Splashtop Business Access Remote Desktop RMM - DNS (Response) | Low | 2024/03/05 | DDI RULE 4923 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4923 | |
| DDI RULE 4999 | CVE-2023-48365 - Qlik HTTP Smuggling - HTTP (Response) | Medium | 2024/02/27 | DDI RULE 4999 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4999 | |
| DDI RULE 5001 | TeamViewer RMM - UDP (Request) | Medium | 2024/02/26 | DDI RULE 5001 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5001 | |
| DDI RULE 5002 | TeamViewer RMM - DNS (Response) | Medium | 2024/02/26 | DDI RULE 5002 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5002 | |
| DDI RULE 5008 | CVE-2023-41265 - QLIK Request Tunneling Exploit - HTTP (Request) | High | 2024/02/26 | DDI RULE 5008 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5008 | |
| DDI RULE 5009 | CVE-2023-41266 - QLIK Directory Traversal Exploit - HTTP (Request) | High | 2024/02/26 | DDI RULE 5009 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5009 | |
| DDI RULE 5006 | CVE-2024-1708 - ConnectWise ScreenConnect Directory Traversal Exploit - HTTP (Request) | High | 2024/02/23 | DDI RULE 5006 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5006 | |
| DDI RULE 5007 | CVE-2024-1709 - ConnectWise ScreenConnect Authentication Bypass Exploit - HTTP (Response) | High | 2024/02/23 | DDI RULE 5007 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5007 | |
| DDI RULE 5003 | CVE-2024-22024 - Ivanti Connect Secure & Policy Secure Authentication Bypass Exploit - HTTP (Request) | High | 2024/02/22 | DDI RULE 5003 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5003 | |
| DDI RULE 5004 | SuperOps RMM Sensor - DNS (Response) | Low | 2024/02/22 | DDI RULE 5004 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5004 | |
| DDI RULE 4996 | CVE-2024-21893 - Ivanti Connect Secure & Policy Secure Gateways Server-Side Request Forgery Exploit - HTTP (Request) | High | 2024/02/19 | DDI RULE 4996 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4996 | |
| DDI RULE 4998 | DARKME - TCP (Request) | High | 2024/02/15 | DDI RULE 4998 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4998 | |
| DDI RULE 5000 | GhostLocker Exfiltration - HTTP (Request) | High | 2024/02/15 | DDI RULE 5000 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-5000 | |
| DDI RULE 4995 | CVE-2023-46805 - Ivanti Connect Secure & Policy Secure Gateways Authentication Bypass Exploit - HTTP (Response) | High | 2024/02/12 | DDI RULE 4995 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4995 | |
| DDI RULE 4997 | CVE-2024-23897 - Jenkins Authentication Bypass Exploit - HTTP (Request) | High | 2024/02/12 | DDI RULE 4997 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4997 | |
| DDI RULE 4994 | CVE-2024-0204 - Fortra GoAnywhere MFT AuthBypass Exploit - HTTP(Request) | High | 2024/02/01 | DDI RULE 4994 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4994 | |
| DDI RULE 4973 | Possible Encryption Downgrade Attack - Kerberos (Response) | Medium | 2024/01/31 | DDI RULE 4973 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4973 | |
| DDI RULE 4992 | CVE-2023-32252 - Linux Kernel ksmbd NULL Pointer Exploit - SMB2 (Request) | High | 2024/01/31 | DDI RULE 4992 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4992 | |
| DDI RULE 4986 | CVE-2023-46604 - Possible Apache ActiveMQ RCE Exploit - HTTP (Response) | Medium | 2024/01/29 | DDI RULE 4986 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4986 | |
| DDI RULE 4991 | PIKABOT EXFIL - HTTP (Request) | High | 2024/01/29 | DDI RULE 4991 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4991 | |
| DDI RULE 4993 | MAGIC HOUND SOAP - HTTP(Request) | High | 2024/01/29 | DDI RULE 4993 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4993 | |
| DDI RULE 4974 | HAVOC - HTTP (Request) | High | 2024/01/25 | DDI RULE 4974 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4974 | |
| DDI RULE 4990 | CVE-2023-22527 - Atlassian OGNL Injection Exploit - HTTP (Request) | High | 2024/01/25 | DDI RULE 4990 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4990 | |
| DDI RULE 4987 | TPRC - HTTP (Request) | High | 2024/01/24 | DDI RULE 4987 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4987 | |
| DDI RULE 4988 | CVE-2023-46805 - Ivanti Connect Secure and Policy Secure Gateways Authentication Bypass Exploit - HTTP (Request) | High | 2024/01/24 | DDI RULE 4988 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4988 | |
| DDI RULE 4989 | CVE-2024-21887 - Ivanti Connect Secure and Policy Secure Gateways Command Injection Exploit - HTTP (Request) | High | 2024/01/24 | DDI RULE 4989 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4989 | |
| DDI RULE 4859 | ZIP TLD MOVED - HTTP(RESPONSE) | High | 2024/01/23 | DDI RULE 4859 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4859 | |
| DDI RULE 4984 | CVE-2023-44487 - HTTP2 DDOS EXPLOIT - TCP (REQUEST) - Variant 2 | High | 2024/01/22 | DDI RULE 4984 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4984 | |
| DDI RULE 4985 | CVE-2023-46604 - Apache ActiveMQ RCE Exploit - TCP (Request) | High | 2024/01/22 | DDI RULE 4985 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4985 | |
| DDI RULE 4983 | Micosoft Windows SmartScreen Exploit(ZDI-CAN-23100) - HTTP(Response) | High | 2024/01/18 | DDI RULE 4983 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4983 | |
| DDI RULE 4982 | COPY FILES - SMB2(REQUEST) | High | 2024/01/16 | DDI RULE 4982 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4982 | |
| DDI RULE 4975 | CVE-2023-51467- Apache OFBiz Pre-Auth RCE Exploit - HTTP (Response) | High | 2024/01/11 | DDI RULE 4975 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4975 | |
| DDI RULE 4976 | SYSTEM INFORMATION DISCOVERY - LDAP(REQUEST) | Medium | 2024/01/11 | DDI RULE 4976 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4976 | |
| DDI RULE 4977 | TRUSTED DOMAIN DISCOVERY - LDAP(REQUEST) | Medium | 2024/01/11 | DDI RULE 4977 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4977 | |
| DDI RULE 4978 | PASSWORD POLICY DISCOVERY - LDAP(REQUEST) | Medium | 2024/01/11 | DDI RULE 4978 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4978 | |
| DDI RULE 4979 | PERMISSION GROUP DISCOVERY - LDAP(REQUEST) | Medium | 2024/01/11 | DDI RULE 4979 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4979 | |
| DDI RULE 4980 | SYSTEM OWNER DISCOVERY - LDAP(REQUEST) | Medium | 2024/01/11 | DDI RULE 4980 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4980 | |
| DDI RULE 4981 | ACCOUNT DISCOVERY - LDAP(REQUEST) | Medium | 2024/01/11 | DDI RULE 4981 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4981 | |
| DDI RULE 4972 | PIKABOT DLL Dropper - HTTP (Request) | Medium | 2024/01/10 | DDI RULE 4972 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4972 | |
| DDI RULE 4968 | Remcos - TCP | Medium | 2024/01/03 | DDI RULE 4968 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4968 | |
| DDI RULE 4969 | Fonelab - Certificate - HTTPS | Medium | 2024/01/03 | DDI RULE 4969 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4969 | |
| DDI RULE 4970 | CVE-2021-20016 - SonicWall SSLVPN SMA100 SQL Injection Exploit - HTTP (Request) | High | 2024/01/03 | DDI RULE 4970 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4970 | |
| DDI RULE 4971 | APT CONN - UDP(REQUEST) | High | 2024/01/02 | DDI RULE 4971 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4971 | |
| DDI RULE 4928 | CVE-2023-2914 - Rockwell Automation ThinManager ThinServer Type 13 Synchronization Integer Overflow Exploit - TCP (Request) | High | 2023/12/21 | DDI RULE 4928 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4928 | |
| DDI RULE 4967 | CVE-2023-50164 - Apace Struts2 Path Traversal Exploit - HTTP (Request) | High | 2023/12/19 | DDI RULE 4967 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4967 | |
| DDI RULE 4965 | LVRAN - HTTP (Request) | High | 2023/12/18 | DDI RULE 4965 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4965 | |
| DDI RULE 4966 | BIGIP TMSH Path Exploit - HTTP (Response) | Medium | 2023/12/14 | DDI RULE 4966 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4966 | |
| DDI RULE 4949 | CVE-2023-46747 - BIGIP Smug Exploit - HTTP (Request) | High | 2023/12/12 | DDI RULE 4949 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4949 | |
| DDI RULE 4962 | BRUTEFORCE - SMB(RESPONSE) | High | 2023/12/12 | DDI RULE 4962 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4962 | |
| DDI RULE 4964 | CVE-2023-49070 - Apache OFBiz Pre-Auth RCE Exploit - HTTP (Request) | High | 2023/12/12 | DDI RULE 4964 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4964 | |
| DDI RULE 4963 | CVE-2023-44487 - HTTP2 DDOS EXPLOIT - TCP(REQUEST) | High | 2023/12/11 | DDI RULE 4963 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4963 | |
| DDI RULE 4958 | POSSIBLE TUNNELING - DNS (Response) - Variant 2 | Low | 2023/12/05 | DDI RULE 4958 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4958 | |
| DDI RULE 4959 | COBEACON C2 - HTTP(RESPONSE) | Medium | 2023/12/05 | DDI RULE 4959 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4959 | |
| DDI RULE 4961 | TRAMPIKABOT - HTTP(REQUEST) | High | 2023/12/05 | DDI RULE 4961 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4961 | |
| DDI RULE 4930 | RHYSIDA - SMB2 (Request) | High | 2023/11/30 | DDI RULE 4930 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4930 | |
| DDI RULE 4960 | CVE-2023-46604 - Possible Apache ActiveMQ RCE Exploit - HTTP (Request) | Medium | 2023/11/30 | DDI RULE 4960 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4960 | |
| DDI RULE 4956 | CVE-2023-47246 - SYSAID TRAVERSAL EXPLOIT - HTTP (Request) | High | 2023/11/22 | DDI RULE 4956 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4956 | |
| DDI RULE 4957 | CVE-2023-4634 - Wordpress Plugin Media-Library-Assistant RCE Exploit - HTTP (Request) | High | 2023/11/22 | DDI RULE 4957 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4957 | |
| DDI RULE 4879 | Possible CVE-2021-27876 - Veritas RCE Exploit - TCP (Response) | Low | 2023/11/21 | DDI RULE 4879 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4879 | |
| DDI RULE 4894 | CVE-2023-28771 - Zyxel RCE Exploit - UDP (Request) | High | 2023/11/21 | DDI RULE 4894 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4894 | |
| DDI RULE 4952 | APT CONN - TCP(REQUEST) | High | 2023/11/20 | DDI RULE 4952 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4952 | |
| DDI RULE 4954 | CVE-2022-42475 - Fortinet FortiOS SSL-VPN Buffer Overflow Exploit - HTTP (Request) | High | 2023/11/20 | DDI RULE 4954 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4954 | |
| DDI RULE 4955 | PIKABOT - Malicious Certificate - HTTPS | High | 2023/11/20 | DDI RULE 4955 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4955 | |
| DDI RULE 4935 | ANOMALIES - HTTP(REQUEST) | Medium | 2023/11/16 | DDI RULE 4935 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4935 | |
| DDI RULE 4942 | CVE-2023-4966 - NetScaler ADC and Gateway Buffer Overflow Exploit - HTTP (Request) | High | 2023/11/16 | DDI RULE 4942 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4942 | |
| DDI RULE 4944 | CVE-2023-28288 - MS Sharepoint Information Disclosure Exploit - HTTP(Request) | High | 2023/11/16 | DDI RULE 4944 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4944 | |
| DDI RULE 4947 | GOOTLOADER XMLRPC - HTTP (Request) | High | 2023/11/16 | DDI RULE 4947 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4947 | |
| DDI RULE 4953 | CVE-2023-20198 - Cisco IOS XE WebUI Authentication Bypass Exploit - HTTP (Request) | High | 2023/11/16 | DDI RULE 4953 | /vinfo/ph/threat-encyclopedia/network/ddi-rule-4953 |