| DDI RULE 2692 | LINKSYS Unauthenticated Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/07/09 | DDI RULE 2692 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2692 |
| DDI RULE 1886 | Data Exfiltration - DNS (Response) | LOW | | 2018/07/03 | DDI RULE 1886 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1886 |
| DDI RULE 2349 | Possible MIRAI - TCP (Request) | HIGH | | 2018/07/03 | DDI RULE 2349 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2349 |
| DDI RULE 2689 | CVE-2016-4438 - Remote Code Execution - HTTP (Request) - Variant 2 | HIGH | | 2018/07/03 | DDI RULE 2689 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2689 |
| DDI RULE 2690 | JSPSPY Webshell - HTTP (Request) | HIGH | | 2018/07/02 | DDI RULE 2690 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2690 |
| DDI RULE 2687 | CVE-2018-7602 - Remote Code Execution - HTTP (Request) - Variant 2 | HIGH | | 2018/06/28 | DDI RULE 2687 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2687 |
| DDI RULE 2685 | Possible Host Discovery - ICMP (Response) | HIGH | | 2018/06/28 | DDI RULE 2685 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2685 |
| DDI RULE 2507 | Unauthorized TESTFR IEC-104 Request | HIGH | | 2018/06/28 | DDI RULE 2507 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2507 |
| DDI RULE 2508 | Unauthorized STARTDT IEC-104 Request | HIGH | | 2018/06/28 | DDI RULE 2508 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2508 |
| DDI RULE 2509 | Unauthorized STOPDT IEC-104 Request | HIGH | | 2018/06/28 | DDI RULE 2509 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2509 |
| DDI RULE 2510 | Non-IEC-104 Communication Request | HIGH | | 2018/06/28 | DDI RULE 2510 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2510 |
| DDI RULE 2686 | Command Execution - SMB (Request) | HIGH | | 2018/06/26 | DDI RULE 2686 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2686 |
| DDI RULE 2680 | Acunetix Web Vulnerability Scanner - HTTP (Request) | HIGH | | 2018/06/26 | DDI RULE 2680 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2680 |
| DDI RULE 2681 | DirBuster - HTTP (Request) | MEDIUM | | 2018/06/26 | DDI RULE 2681 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2681 |
| DDI RULE 2682 | NMAP - HTTP (Request | MEDIUM | | 2018/06/26 | DDI RULE 2682 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2682 |
| DDI RULE 2683 | W3AF - HTTP (Request) | MEDIUM | | 2018/06/26 | DDI RULE 2683 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2683 |
| DDI RULE 2684 | GoLismero - HTTP (Request) | MEDIUM | | 2018/06/26 | DDI RULE 2684 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2684 |
| DDI RULE 2651 | JBOSSAS COMMAND EXECUTION EXPLOIT - HTTP (Request) | MEDIUM | | 2018/06/26 | DDI RULE 2651 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2651 |
| DDI RULE 2674 | Web Vulnerability Scanner - HTTP (Request) | HIGH | | 2018/06/25 | DDI RULE 2674 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2674 |
| DDI RULE 2675 | Web Vulnerability Scanner - HTTP (Request) - Variant 2 | HIGH | | 2018/06/25 | DDI RULE 2675 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2675 |
| DDI RULE 2676 | PHP Webshell - HTTP (Request) - Variant 2 | HIGH | | 2018/06/25 | DDI RULE 2676 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2676 |
| DDI RULE 2678 | CVE-2014-3120 - ElasticSearch Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/06/25 | DDI RULE 2678 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2678 |
| DDI RULE 2679 | CVE-2016-3714 - ImageMagick Command Execution Exploit - HTTP (Request) | MEDIUM | | 2018/06/25 | DDI RULE 2679 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2679 |
| DDI RULE 2668 | REGEORG - HTTP (Request) | HIGH | | 2018/06/25 | DDI RULE 2668 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2668 |
| DDI RULE 2668 | REGEORG - HTTP (Request) | HIGH | | 2018/06/25 | DDI RULE 2668 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2668 |
| DDI RULE 2669 | APT - DARKHOTEL - HTTP (Request) | HIGH | | 2018/06/21 | DDI RULE 2669 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2669 |
| DDI RULE 2669 | APT - DARKHOTEL - HTTP (Request) | HIGH | | 2018/06/21 | DDI RULE 2669 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2669 |
| DDI RULE 2670 | Comprehensive Tool - TDS (Request) | HIGH | | 2018/06/21 | DDI RULE 2670 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2670 |
| DDI RULE 2670 | Comprehensive Tool - TDS (Request) | HIGH | | 2018/06/21 | DDI RULE 2670 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2670 |
| DDI RULE 2671 | Vulnerability Scanner - HTTP (Request) - Variant 3 | HIGH | | 2018/06/21 | DDI RULE 2671 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2671 |
| DDI RULE 2671 | Vulnerability Scanner - HTTP (Request) - Variant 3 | HIGH | | 2018/06/21 | DDI RULE 2671 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2671 |
| DDI RULE 2672 | CKNIFE - HTTP (Request) | HIGH | | 2018/06/21 | DDI RULE 2672 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2672 |
| DDI RULE 2673 | Earthworm Port Forwarding - TCP (Request) | HIGH | | 2018/06/21 | DDI RULE 2673 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2673 |
| DDI RULE 2673 | Earthworm Port Forwarding - TCP (Request) | HIGH | | 2018/06/21 | DDI RULE 2673 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2673 |
| DDI RULE 2664 | CreateService - SMB (Request) | HIGH | | 2018/06/21 | DDI RULE 2664 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2664 |
| DDI RULE 2664 | CreateService - SMB (Request) | HIGH | | 2018/06/21 | DDI RULE 2664 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2664 |
| DDI RULE 2665 | SOFACY - HTTP (Request) | MEDIUM | | 2018/06/20 | DDI RULE 2665 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2665 |
| DDI RULE 2666 | CVE-2017-7529 NGINX Integer Overflow Exploit Attempt HTTP (Request) | MEDIUM | | 2018/06/20 | DDI RULE 2666 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2666 |
| DDI RULE 2667 | CVE-2018-9995 Authentication Bypass Exploit - HTTP (Request) | HIGH | | 2018/06/20 | DDI RULE 2667 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2667 |
| DDI RULE 2386 | C99 PHP SHELL - HTTP | HIGH | | 2018/06/19 | DDI RULE 2386 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2386 |
| DDI RULE 2387 | DK PHP SHELL - HTTP | HIGH | | 2018/06/19 | DDI RULE 2387 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2387 |
| DDI RULE 2663 | APT - EXFRAM - TCP (Request) | HIGH | | 2018/06/19 | DDI RULE 2663 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2663 |
| DDI RULE 2417 | CVE-2017-7494 - Remote Code Execution - SMB (Request) - Variant 2 | MEDIUM | | 2018/06/19 | DDI RULE 2417 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2417 |
| DDI RULE 2660 | ASP WebShell - HTTP (Request) | HIGH | | 2018/06/18 | DDI RULE 2660 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2660 |
| DDI RULE 2661 | HYTOP2006 ASP WebShell - HTTP (Request) | MEDIUM | | 2018/06/18 | DDI RULE 2661 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2661 |
| DDI RULE 2662 | PHPSPY WebShell - HTTP (Request) | MEDIUM | | 2018/06/18 | DDI RULE 2662 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2662 |
| DDI RULE 2658 | Ghost WebShell - HTTP (Request) | MEDIUM | | 2018/06/18 | DDI RULE 2658 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2658 |
| DDI RULE 2659 | PHP WebShell - HTTP (Request) - Variant 2 | MEDIUM | | 2018/06/18 | DDI RULE 2659 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2659 |
| DDI RULE 2655 | Possible CVE-2017-9506 Atlassian OAth Proxy Exploit - HTTP (Request) | MEDIUM | | 2018/06/12 | DDI RULE 2655 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2655 |
| DDI RULE 2656 | CVE-2018-1418 - QRADAR Command Injection - HTTP (Request) | HIGH | | 2018/06/12 | DDI RULE 2656 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2656 |
| DDI RULE 2602 | RIG - Exploit Kit - HTTP (Request) - Variant 5 | HIGH | | 2018/06/06 | DDI RULE 2602 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2602 |
| DDI RULE 2653 | PHOTOMINER - HTTP (Response) | HIGH | | 2018/06/05 | DDI RULE 2653 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2653 |
| DDI RULE 2654 | Powershell - SMB | MEDIUM | | 2018/06/05 | DDI RULE 2654 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2654 |
| DDI RULE 2418 | Suspicious file rename - SMB (Request) | HIGH | | 2018/06/05 | DDI RULE 2418 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2418 |
| DDI RULE 2445 | Suspicious file rename - SMB2 (Request) | HIGH | | 2018/06/05 | DDI RULE 2445 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2445 |
| DDI RULE 2652 | VPNFILTER - HTTP (Request) | HIGH | | 2018/06/04 | DDI RULE 2652 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2652 |
| DDI RULE 2584 | POSGERAT Data Exfiltration - DNS (Response) | LOW | | 2018/05/31 | DDI RULE 2584 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2584 |
| DDI RULE 2624 | POWERDNS - DNS (Response) | HIGH | | 2018/05/30 | DDI RULE 2624 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2624 |
| DDI RULE 2649 | GRANDSOFT - Exploit Kit - HTTP(Request) | HIGH | | 2018/05/30 | DDI RULE 2649 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2649 |
| DDI RULE 2650 | ANDROM - HTTP (Response) | MEDIUM | | 2018/05/30 | DDI RULE 2650 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2650 |
| DDI RULE 2648 | CVE-2018-1000136 Electron Node Integration Exploit- HTTP (Request) | HIGH | | 2018/05/28 | DDI RULE 2648 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2648 |
| DDI RULE 2641 | CVE-2018-1308 Apache Solr Data Import Handler XML Exploit - HTTP (Request) | HIGH | | 2018/05/21 | DDI RULE 2641 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2641 |
| DDI RULE 2645 | CVE-2017-16598 Netgain SNMPWALK IP Directory Traversal Exploit HTTP - (Request) | HIGH | | 2018/05/21 | DDI RULE 2645 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2645 |
| DDI RULE 2646 | CVE-2018-1111 Remote Code Injection Exploit - DHCP (Response) | HIGH | | 2018/05/21 | DDI RULE 2646 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2646 |
| DDI RULE 2626 | CVE-2018-7600 - Remote Code Execution - HTTP (Request) | HIGH | | 2018/05/21 | DDI RULE 2626 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2626 |
| DDI RULE 2644 | Suspicious Access to a bit Domain - DNS (Response) | MEDIUM | | 2018/05/17 | DDI RULE 2644 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2644 |
| DDI RULE 2642 | NEGASTEAL - HTTP (Request) | HIGH | | 2018/05/16 | DDI RULE 2642 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2642 |
| DDI RULE 2643 | NECURS - SMB | HIGH | | 2018/05/16 | DDI RULE 2643 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2643 |
| DDI RULE 2638 | CVE-2018-7602 - Remote Code Execution - HTTP (Request) | HIGH | | 2018/05/15 | DDI RULE 2638 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2638 |
| DDI RULE 2639 | CVE-2018-10562 - GPON Remote Code Execution - HTTP (Request) | HIGH | | 2018/05/15 | DDI RULE 2639 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2639 |
| DDI RULE 2640 | CVE-2018-5443 Advantech Webaccess SQL Injection - HTTP (Request) | HIGH | | 2018/05/15 | DDI RULE 2640 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2640 |
| DDI RULE 2637 | CVE-2018-0171 Buffer Overflow - TCP (Request) | MEDIUM | | 2018/05/09 | DDI RULE 2637 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2637 |
| DDI RULE 2625 | UDPOS - DNS (Request) | HIGH | | 2018/05/09 | DDI RULE 2625 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2625 |
| DDI RULE 2574 | CVE-2017-16943 EXIM Remote Code Execution exploit - SMTP (Request) | MEDIUM | | 2018/05/08 | DDI RULE 2574 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2574 |
| DDI RULE 2635 | Abnormal x509v3 Subject Key Identifier extension - HTTPS (Response) | LOW | | 2018/05/07 | DDI RULE 2635 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2635 |
| DDI RULE 2636 | Executable File inside Certificate ? HTTPS (Response) | HIGH | | 2018/05/07 | DDI RULE 2636 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2636 |
| DDI RULE 2526 | NECURS - HTTP (Request) - Variant 2 | HIGH | | 2018/05/07 | DDI RULE 2526 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2526 |
| DDI RULE 2631 | CVE-2018-9843 Rest API Remote Code Execution - HTTP (Request) | HIGH | | 2018/05/03 | DDI RULE 2631 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2631 |
| DDI RULE 2632 | GRAVITYRAT - HTTP (Request) | HIGH | | 2018/05/03 | DDI RULE 2632 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2632 |
| DDI RULE 2633 | JAKU - HTTP (Request) | HIGH | | 2018/05/03 | DDI RULE 2633 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2633 |
| DDI RULE 2634 | KWAMPIRS - HTTP (Request) | HIGH | | 2018/05/03 | DDI RULE 2634 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2634 |
| DDI RULE 2630 | HNAP1 Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/05/02 | DDI RULE 2630 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2630 |
| DDI RULE 2604 | CVE-2018-6389 WordPress Load-Scripts Exploit - HTTP (Request) | HIGH | | 2018/05/02 | DDI RULE 2604 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2604 |
| DDI RULE 2609 | HANCITOR - HTTP (Request) - Variant 3 | HIGH | | 2018/05/02 | DDI RULE 2609 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2609 |
| DDI RULE 2629 | Possible CVE-2018-2628 WEBLOGIC T3 RCE Exploit - TCP (Request) | MEDIUM | | 2018/04/30 | DDI RULE 2629 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2629 |
| DDI RULE 2627 | Possible EMPIRE - HTTP (Request) | HIGH | | 2018/04/24 | DDI RULE 2627 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2627 |
| DDI RULE 2628 | HNAP1 Buffer Overflow Exploit - HTTP (Request) | MEDIUM | | 2018/04/24 | DDI RULE 2628 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2628 |
| DDI RULE 2600 | CVE-2017-10271 - Oracle Weblogic Exploit - HTTP (Request) | HIGH | | 2018/04/23 | DDI RULE 2600 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2600 |
| DDI RULE 2623 | Remote Code Execution - HTTP (Request) - Variant 2 | HIGH | | 2018/04/16 | DDI RULE 2623 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2623 |
| DDI RULE 2621 | Remote Code Execution - HTTP (Request) | HIGH | | 2018/04/10 | DDI RULE 2621 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2621 |
| DDI RULE 2622 | CVE-2013-4810 JBoss AS Marshalled Object Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/04/10 | DDI RULE 2622 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2622 |
| DDI RULE 2605 | UDPOS - HTTP (Request) | HIGH | | 2018/04/10 | DDI RULE 2605 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2605 |
| DDI RULE 2620 | Suspicious Executable File Download - HTTP (Response) | HIGH | | 2018/04/04 | DDI RULE 2620 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2620 |
| DDI RULE 2619 | CVE-2013-2618 Network Weathermap Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/04/04 | DDI RULE 2619 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2619 |
| DDI RULE 2618 | CVE-2018-0833 Denial of Sercice - SMB2 (Response) | HIGH | | 2018/04/03 | DDI RULE 2618 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2618 |
| DDI RULE 2616 | Suspicious CWS Flash - HTTP (Response) | MEDIUM | | 2018/03/28 | DDI RULE 2616 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2616 |
| DDI RULE 2617 | GANDCRAB - Ransomware - HTTP (Response) | HIGH | | 2018/03/28 | DDI RULE 2617 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2617 |
| DDI RULE 2562 | Signed Malware Certificate - SSL | MEDIUM | | 2018/03/28 | DDI RULE 2562 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2562 |
| DDI RULE 2615 | CVE-2017-12629 ApacheSolr XML RCE Exploit - HTTP (Request) | HIGH | | 2018/03/20 | DDI RULE 2615 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2615 |
| DDI RULE 2610 | Possible MEMCACHED Amplified DDOS Attempt - UDP (Request) | HIGH | | 2018/03/19 | DDI RULE 2610 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2610 |
| DDI RULE 2611 | CANNIBALRAT - HTTP (Request) | HIGH | | 2018/03/19 | DDI RULE 2611 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2611 |
| DDI RULE 2612 | NETWIRED - TCP (Request) | HIGH | | 2018/03/19 | DDI RULE 2612 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2612 |
| DDI RULE 2613 | POWERSHELL Download - HTTP (Request) - Variant 2 | HIGH | | 2018/03/19 | DDI RULE 2613 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2613 |
| DDI RULE 2608 | EMOTET - HTTP (Response) - Variant 2 | HIGH | | 2018/03/12 | DDI RULE 2608 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2608 |
| DDI RULE 2607 | NUKESPED - TCP (Response) | HIGH | | 2018/03/01 | DDI RULE 2607 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2607 |
| DDI RULE 2593 | CVE-2017-4933 VMWDynResolution Buffer Overflow Exploit - VNC (Request) | HIGH | | 2018/03/01 | DDI RULE 2593 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2593 |
| DDI RULE 2606 | HTA Download - HTTP (Request) | LOW | | 2018/02/26 | DDI RULE 2606 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2606 |
| DDI RULE 2603 | CVE-2017-12636 Apache CouchDB Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/02/21 | DDI RULE 2603 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2603 |
| DDI RULE 2601 | CVE-2017-12635 Apache CouchDB Escalation Privelage - HTTP (Request) | HIGH | | 2018/02/21 | DDI RULE 2601 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2601 |
| DDI RULE 2598 | PsExec PETYA - Ransomware - SMB2 | HIGH | | 2018/02/13 | DDI RULE 2598 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2598 |
| DDI RULE 2599 | CreateService BADRABBIT - Ransomware - SMB2 | HIGH | | 2018/02/13 | DDI RULE 2599 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2599 |
| DDI RULE 2527 | CreateService BADRABBIT - Ransomware - SMB | HIGH | | 2018/02/13 | DDI RULE 2527 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2527 |
| DDI RULE 2441 | PsExec PETYA - Ransomware - SMB | HIGH | | 2018/02/13 | DDI RULE 2441 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2441 |
| DDI RULE 2592 | PROTUX - HTTP (Request) - Variant 2 | HIGH | | 2018/02/12 | DDI RULE 2592 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2592 |
| DDI RULE 2595 | CROSSRAT - TCP (Request) | HIGH | | 2018/02/12 | DDI RULE 2595 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2595 |
| DDI RULE 2596 | SMOMINRU - HTTP (Request) | HIGH | | 2018/02/12 | DDI RULE 2596 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2596 |
| DDI RULE 2597 | GANDCRAB - Ransomware - HTTP (Request) | HIGH | | 2018/02/12 | DDI RULE 2597 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2597 |
| DDI RULE 1854 | SWITREX LOGIN Request | HIGH | | 2018/02/06 | DDI RULE 1854 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1854 |
| DDI RULE 2591 | KRBANKER - HTTP (Response) | HIGH | | 2018/01/30 | DDI RULE 2591 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2591 |
| DDI RULE 26 | C&C callback attempt | HIGH | | 2018/01/30 | DDI RULE 26 | /vinfo/us/threat-encyclopedia/network/ddi-rule-26 |
| DDI RULE 260 | FAKEAV - HTTP (Request) - Variant 13 | HIGH | | 2018/01/30 | DDI RULE 260 | /vinfo/us/threat-encyclopedia/network/ddi-rule-260 |
| DDI RULE 262 | FAKEAV - HTTP (Request) - Variant 23 | HIGH | | 2018/01/30 | DDI RULE 262 | /vinfo/us/threat-encyclopedia/network/ddi-rule-262 |
| DDI RULE 1771 | RANSOM TCP Request - Class 2 | HIGH | | 2018/01/25 | DDI RULE 1771 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1771 |
| DDI RULE 2071 | CERBER - Ransomware - UDP | HIGH | | 2018/01/25 | DDI RULE 2071 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2071 |
| DDI RULE 2074 | SURPRISE - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2074 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2074 |
| DDI RULE 2077 | CRYPNISCA - Ransomware - UDP | HIGH | | 2018/01/25 | DDI RULE 2077 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2077 |
| DDI RULE 2148 | JSRAA - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2148 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2148 |
| DDI RULE 2153 | SATANA - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2153 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2153 |
| DDI RULE 2344 | SPORA - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2344 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2344 |
| DDI RULE 2227 | SKEEYAH - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2227 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2227 |
| DDI RULE 2271 | WILDFIRE - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2271 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2271 |
| DDI RULE 2292 | SPICYCRYPT - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2292 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2292 |
| DDI RULE 1096 | RANSOM - HTTP (Request) - Variant 2 | HIGH | | 2018/01/25 | DDI RULE 1096 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1096 |
| DDI RULE 1097 | RANSOM - HTTP (Request) - Variant 3 | HIGH | | 2018/01/25 | DDI RULE 1097 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1097 |
| DDI RULE 1164 | RANSOM - HTTP (Request) - Variant 4 | HIGH | | 2018/01/25 | DDI RULE 1164 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1164 |
| DDI RULE 1172 | RANSOM - HTTP (Request) - Variant 5 | HIGH | | 2018/01/25 | DDI RULE 1172 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1172 |
| DDI RULE 1213 | RANSOM - HTTP (Request) - Variant 6 | HIGH | | 2018/01/25 | DDI RULE 1213 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1213 |
| DDI RULE 1295 | RANSOM - HTTP (Request) - Variant 9 | HIGH | | 2018/01/25 | DDI RULE 1295 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1295 |
| DDI RULE 1302 | RANSOM - HTTP (Request) - Variant 7 | HIGH | | 2018/01/25 | DDI RULE 1302 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1302 |
| DDI RULE 1500 | RANSOM TCP Request - Class 1 | HIGH | | 2018/01/25 | DDI RULE 1500 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1500 |
| DDI RULE 1614 | RANSOM - HTTP (Request) - Variant 13 | HIGH | | 2018/01/25 | DDI RULE 1614 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1614 |
| DDI RULE 2577 | DIGMINE - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2577 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2577 |
| DDI RULE 2578 | CVE-2017-17215 - Remote Code Execution - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2578 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2578 |
| DDI RULE 2579 | MALPHISH - HTTP (Request) - Variant 2 | HIGH | | 2018/01/25 | DDI RULE 2579 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2579 |
| DDI RULE 258 | FAKEAV - HTTP (Request) - Variant 8 | HIGH | | 2018/01/25 | DDI RULE 258 | /vinfo/us/threat-encyclopedia/network/ddi-rule-258 |
| DDI RULE 2580 | AGENT - HTTP (Request) - Variant 5 | HIGH | | 2018/01/25 | DDI RULE 2580 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2580 |
| DDI RULE 2581 | BITMAN - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2581 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2581 |
| DDI RULE 2560 | SAD - Ransomware - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2560 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2560 |
| DDI RULE 2561 | DYNAMER - HTTP (Request) - Variant 2 | HIGH | | 2018/01/25 | DDI RULE 2561 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2561 |
| DDI RULE 2570 | UBOATRAT - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2570 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2570 |
| DDI RULE 2571 | MAILSPLOIT - SMTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2571 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2571 |
| DDI RULE 2550 | DLINK Command Injection Exploit - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2550 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2550 |
| DDI RULE 2554 | ICEDID - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2554 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2554 |
| DDI RULE 2555 | TOXOCARA - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2555 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2555 |
| DDI RULE 2556 | TIGGRE - TCP (Request) | HIGH | | 2018/01/25 | DDI RULE 2556 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2556 |
| DDI RULE 2557 | VOLGMER - HTTP (Request) | HIGH | | 2018/01/25 | DDI RULE 2557 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2557 |
| DDI RULE 2558 | CVE-2017-11779 - DNSAPI NSEC3 Buffer Overflow Exploit - DNS (Response) | HIGH | | 2018/01/25 | DDI RULE 2558 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2558 |
| DDI RULE 2590 | CVE-2017-6736 - Remote Code Execution Exploit - SNMP (Request) | MEDIUM | | 2018/01/24 | DDI RULE 2590 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2590 |
| DDI RULE 2490 | CVE-2017-9805 - ApacheStruts XStream RCE Exploit - HTTP (Request) | HIGH | | 2018/01/23 | DDI RULE 2490 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2490 |
| DDI RULE 2348 | CVE-2017-5638 - APACHE STRUTS EXPLOIT - HTTP (Request) | MEDIUM | | 2018/01/22 | DDI RULE 2348 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2348 |
| DDI RULE 2352 | CVE-2017-5638 - APACHE STRUTS EXPLOIT - HTTP (Request) - Variant 2 | HIGH | | 2018/01/22 | DDI RULE 2352 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2352 |
| DDI RULE 2588 | CVE-2017-9822 DotNetNuke Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2018/01/22 | DDI RULE 2588 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2588 |
| DDI RULE 2589 | LOKI - HTTP (Response) | HIGH | | 2018/01/18 | DDI RULE 2589 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2589 |
| DDI RULE 1475 | FAKEAV - HTTP (Request) - Variant 37 | HIGH | | 2018/01/16 | DDI RULE 1475 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1475 |
| DDI RULE 1476 | FAKEAV - HTTP (Request) - Variant 38 | HIGH | | 2018/01/16 | DDI RULE 1476 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1476 |
| DDI RULE 1397 | FAKEAV - HTTP (Request) - Variant 25 | HIGH | | 2018/01/16 | DDI RULE 1397 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1397 |
| DDI RULE 1250 | FAKEAV - HTTP (Request) - Variant 35 | HIGH | | 2018/01/16 | DDI RULE 1250 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1250 |
| DDI RULE 2586 | NECURS - HTTP (Request) - Variant 4 | MEDIUM | | 2018/01/16 | DDI RULE 2586 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2586 |
| DDI RULE 2587 | SAGECRYPT - HTTP (Request) | MEDIUM | | 2018/01/16 | DDI RULE 2587 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2587 |
| DDI RULE 2565 | Data Exfiltration - ICMP (Request) | MEDIUM | | 2018/01/16 | DDI RULE 2565 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2565 |
| DDI RULE 2585 | Ratankba Downloader - HTTP (Response) | HIGH | | 2018/01/15 | DDI RULE 2585 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2585 |
| DDI RULE 2583 | Powershell script requested from root directory - HTTP (Request) | HIGH | | 2018/01/15 | DDI RULE 2583 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2583 |
| DDI RULE 2345 | RATANKBA - HTTP (Request) | HIGH | | 2018/01/11 | DDI RULE 2345 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2345 |
| DDI RULE 1885 | Possible Data Exfiltration - DNS (Response) | LOW | | 2018/01/11 | DDI RULE 1885 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1885 |
| DDI RULE 2582 | CVE-2017-3248 - UnicastRef Insecure Deserialization | HIGH | | 2018/01/11 | DDI RULE 2582 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2582 |
| DDI RULE 2294 | SUNDOWN - Exploit Kit - HTTP(Request) | HIGH | | 2018/01/09 | DDI RULE 2294 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2294 |
| DDI RULE 2575 | Command Injection via UPnP SOAP Interface - HTTP (Request) | LOW | | 2018/01/09 | DDI RULE 2575 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2575 |
| DDI RULE 2576 | Electroneum(ETN) Webminer Malvertisment - HTTP(Request) | HIGH | | 2018/01/04 | DDI RULE 2576 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2576 |
| DDI RULE 2305 | EXMAS - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2305 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2305 |
| DDI RULE 2278 | KARMA - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2278 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2278 |
| DDI RULE 2284 | HIDDENTEARHAPPY - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2284 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2284 |
| DDI RULE 2251 | LOCKY - Ransomware - HTTP (Request) - Variant 4 | HIGH | | 2018/01/03 | DDI RULE 2251 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2251 |
| DDI RULE 2259 | NUCLEAR - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2259 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2259 |
| DDI RULE 2226 | KAWAIILOCKER - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2226 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2226 |
| DDI RULE 2166 | PIZACRYP - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2166 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2166 |
| DDI RULE 2373 | MATRIX - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2373 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2373 |
| DDI RULE 2375 | MATRIX - Ransomware - HTTP (Response) | HIGH | | 2018/01/03 | DDI RULE 2375 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2375 |
| DDI RULE 2076 | CRYPZUQUIT - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2076 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2076 |
| DDI RULE 2117 | DEMOCRY - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2117 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2117 |
| DDI RULE 2020 | RANSOM LECTOOL HTTP Request | HIGH | | 2018/01/03 | DDI RULE 2020 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2020 |
| DDI RULE 2028 | LOCKY - Ransomware - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2028 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2028 |
| DDI RULE 2031 | RANSOM HYDRA - HTTP (Request) | HIGH | | 2018/01/03 | DDI RULE 2031 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2031 |
| DDI RULE 1344 | RANSOM - HTTP (Request) - Variant 10 | HIGH | | 2018/01/03 | DDI RULE 1344 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1344 |
| DDI RULE 1479 | RANSOM - HTTP (Request) - Variant 11 | HIGH | | 2018/01/03 | DDI RULE 1479 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1479 |
| DDI RULE 1518 | RANSOM - HTTP (Request) - Variant 12 | HIGH | | 2018/01/03 | DDI RULE 1518 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1518 |
| DDI RULE 2563 | Data Exfiltration - HTTP (Request) | HIGH | | 2017/12/28 | DDI RULE 2563 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2563 |
| DDI RULE 2075 | CRYPRADAM - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2075 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2075 |
| DDI RULE 2061 | CRYPWALL - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2061 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2061 |
| DDI RULE 2119 | CRIPTODC - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2119 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2119 |
| DDI RULE 2120 | BUCBI - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2120 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2120 |
| DDI RULE 2096 | CRYPAPLHA - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2096 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2096 |
| DDI RULE 2093 | CRYPVAULT - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2093 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2093 |
| DDI RULE 2094 | CRYPCORE - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2094 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2094 |
| DDI RULE 1860 | CRYPTESLA - Ransomware - HTTP (Request) - Variant 3 | HIGH | | 2017/12/21 | DDI RULE 1860 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1860 |
| DDI RULE 2337 | CRYPSHIELD - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2337 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2337 |
| DDI RULE 2338 | CERBER - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2338 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2338 |
| DDI RULE 2167 | ALFA - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2167 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2167 |
| DDI RULE 2225 | CRYPY - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2225 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2225 |
| DDI RULE 2228 | CRYPBEE - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2228 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2228 |
| DDI RULE 2229 | BARTZ - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2229 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2229 |
| DDI RULE 2217 | CRYPHYDRA - Ransomware - HTTP (Request) - Variant 2 | HIGH | | 2017/12/21 | DDI RULE 2217 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2217 |
| DDI RULE 2403 | CRYPMOLE - Ransomware - HTTP (Request) | HIGH | | 2017/12/21 | DDI RULE 2403 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2403 |
| DDI RULE 1289 | MINER - HTTP (Request) | HIGH | | 2017/12/20 | DDI RULE 1289 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1289 |
| DDI RULE 2572 | HTA PowerShell Empire - HTTP (Request) - Variant 2 | HIGH | | 2017/12/20 | DDI RULE 2572 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2572 |
| DDI RULE 2573 | MINER - TCP (Request) | MEDIUM | | 2017/12/20 | DDI RULE 2573 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2573 |
| DDI RULE 2365 | File renamed - SOREBRECT - Ransomware - SMB (Request) | HIGH | | 2017/12/19 | DDI RULE 2365 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2365 |
| DDI RULE 2409 | File renamed - LOCKY - Ransomware - SMB (Request) | HIGH | | 2017/12/19 | DDI RULE 2409 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2409 |
| DDI RULE 241 | Incorrect Content-Type value in header - HTTP (Response) - Variant 2 | MEDIUM | | 2017/12/19 | DDI RULE 241 | /vinfo/us/threat-encyclopedia/network/ddi-rule-241 |
| DDI RULE 2410 | File renamed - CRYSIS - Ransomware - SMB (Request) | HIGH | | 2017/12/19 | DDI RULE 2410 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2410 |
| DDI RULE 2411 | File renamed - WCRY - Ransomware - SMB (Request) | HIGH | | 2017/12/19 | DDI RULE 2411 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2411 |
| DDI RULE 2261 | GAFGYT - HTTP (Request) | HIGH | | 2017/12/18 | DDI RULE 2261 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2261 |
| DDI RULE 153 | Possible DOWNAD - Encrypted connection - TCP | LOW | | 2017/12/13 | DDI RULE 153 | /vinfo/us/threat-encyclopedia/network/ddi-rule-153 |
| DDI RULE 2568 | COBALTSTRIKE - DNS (Response) | HIGH | | 2017/12/13 | DDI RULE 2568 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2568 |
| DDI RULE 2569 | TOXOCARA - DNS (Response) | HIGH | | 2017/12/13 | DDI RULE 2569 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2569 |
| DDI RULE 2564 | Data Exfiltration - TCP (Request) | HIGH | | 2017/12/07 | DDI RULE 2564 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2564 |
| DDI RULE 2566 | Data Exfiltration - DNS (Request) | HIGH | | 2017/12/07 | DDI RULE 2566 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2566 |
| DDI RULE 2567 | Data Exfiltration - UDP (Request) | HIGH | | 2017/12/07 | DDI RULE 2567 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2567 |
| DDI RULE 2423 | FATALISTICZ - HTTP | HIGH | | 2017/12/06 | DDI RULE 2423 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2423 |
| DDI RULE 2516 | Coinhive JavaScript Miner - HTTPS (Request) | LOW | | 2017/12/04 | DDI RULE 2516 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2516 |
| DDI RULE 2559 | CVE-2017-12149 - JBOSSAS COMMAND EXECUTION EXPLOIT - HTTP (Request) | MEDIUM | | 2017/12/04 | DDI RULE 2559 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2559 |
| DDI RULE 2552 | Possible Brute force - Telnet (Response) | MEDIUM | | 2017/11/23 | DDI RULE 2552 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2552 |
| DDI RULE 38 | Multiple unsuccessful logon attempts | LOW | | 2017/11/23 | DDI RULE 38 | /vinfo/us/threat-encyclopedia/network/ddi-rule-38 |
| DDI RULE 386 | UTOTI - HTTP (Request) | HIGH | | 2017/11/23 | DDI RULE 386 | /vinfo/us/threat-encyclopedia/network/ddi-rule-386 |
| DDI RULE 39 | Host DNS query to a non-trusted DNS server | MEDIUM | | 2017/11/23 | DDI RULE 39 | /vinfo/us/threat-encyclopedia/network/ddi-rule-39 |
| DDI RULE 1034 | KOOBFACE - HTTP (Request) | HIGH | | 2017/11/22 | DDI RULE 1034 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1034 |
| DDI RULE 2551 | TRUEBOT - HTTP (Request) | HIGH | | 2017/11/20 | DDI RULE 2551 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2551 |
| DDI RULE 1539 | Windows Remote Management Service Detected - HTTP (Request) | MEDIUM | | 2017/11/15 | DDI RULE 1539 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1539 |
| DDI RULE 2537 | Powershell Remote Command Execution Via WinRM - HTTP(Request) | HIGH | | 2017/11/15 | DDI RULE 2537 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2537 |
| DDI RULE 2548 | LINKSYS Remote Code Execution - HTTP (Request) | HIGH | | 2017/11/14 | DDI RULE 2548 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2548 |
| DDI RULE 2549 | Possible LINKSYS Remote Code Execution - HTTP (Request) | HIGH | | 2017/11/14 | DDI RULE 2549 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2549 |
| DDI RULE 2539 | AVTECH Authentication ByPass Exploit- HTTP (Request) | HIGH | | 2017/11/09 | DDI RULE 2539 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2539 |
| DDI RULE 2543 | VACRON Remote Code Execution Exploit- HTTP (Request) | HIGH | | 2017/11/09 | DDI RULE 2543 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2543 |
| DDI RULE 2544 | JAWS Remote Code Execution Exploit - HTTP (Request) | HIGH | | 2017/11/09 | DDI RULE 2544 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2544 |
| DDI RULE 2546 | DLINK Directory Traversal Exploit - HTTP (Request) | HIGH | | 2017/11/09 | DDI RULE 2546 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2546 |
| DDI RULE 2547 | NETGEAR DGN1000/DGN2200 Remote Code Execution - HTTP (Request) | HIGH | | 2017/11/09 | DDI RULE 2547 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2547 |
| DDI RULE 2540 | REAPER - HTTP (Request) | HIGH | | 2017/11/07 | DDI RULE 2540 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2540 |
| DDI RULE 2541 | REAPER - HTTP (Request) - Variant 2 | HIGH | | 2017/11/07 | DDI RULE 2541 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2541 |
| DDI RULE 2542 | MINER - HTTP (Response) | HIGH | | 2017/11/07 | DDI RULE 2542 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2542 |
| DDI RULE 2538 | APT - WIPBOT - HTTP (Request) | HIGH | | 2017/11/07 | DDI RULE 2538 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2538 |
| DDI RULE 1760 | Possible UPATRE - HTTP (Request) | MEDIUM | | 2017/11/02 | DDI RULE 1760 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1760 |
| DDI RULE 2063 | CHOPPER - HTTP (Request) | HIGH | | 2017/11/02 | DDI RULE 2063 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2063 |
| DDI RULE 2529 | APT - TURLA - HTTP (Request) | HIGH | | 2017/10/30 | DDI RULE 2529 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2529 |
| DDI RULE 253 | RUSTOCK - HTTP (Request) - Variant 2 | HIGH | | 2017/10/30 | DDI RULE 253 | /vinfo/us/threat-encyclopedia/network/ddi-rule-253 |
| DDI RULE 2533 | EDA2ANUBIS - HTTP (Request) | HIGH | | 2017/10/30 | DDI RULE 2533 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2533 |
| DDI RULE 2534 | INSOMNIA - HTTP | HIGH | | 2017/10/30 | DDI RULE 2534 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2534 |
| DDI RULE 2535 | WEBACOO - HTTP | HIGH | | 2017/10/30 | DDI RULE 2535 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2535 |
| DDI RULE 2536 | Netgear ReadyNAS RCE Exploit - HTTP (Request) | HIGH | | 2017/10/30 | DDI RULE 2536 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2536 |
| DDI RULE 2128 | HANCITOR - HTTP (Request) | HIGH | | 2017/10/27 | DDI RULE 2128 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2128 |
| DDI RULE 2528 | MS17-010 - Remote Code Execution - SMB (Request) - Variant 2 | HIGH | | 2017/10/26 | DDI RULE 2528 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2528 |
| DDI RULE 2461 | APT - DAPTER - HTTP (Request) | HIGH | | 2017/10/25 | DDI RULE 2461 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2461 |
| DDI RULE 2207 | Possible DLOADER - HTTP (Request) - Variant 6 | MEDIUM | | 2017/10/24 | DDI RULE 2207 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2207 |
| DDI RULE 2354 | EXPLOYT - HTTP (Request) - Variant 5 | HIGH | | 2017/10/24 | DDI RULE 2354 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2354 |
| DDI RULE 2525 | SAGE - Ransomware - HTTP (Request) | HIGH | | 2017/10/24 | DDI RULE 2525 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2525 |
| DDI RULE 1183 | ZBOT - DNS (Request) | MEDIUM | | 2017/10/19 | DDI RULE 1183 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1183 |
| DDI RULE 2521 | Possible HANCITOR - HTTP (Request) - Variant 2 | LOW | | 2017/10/19 | DDI RULE 2521 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2521 |
| DDI RULE 2522 | DEDEX - HTTP (Request) | HIGH | | 2017/10/19 | DDI RULE 2522 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2522 |
| DDI RULE 2523 | DASERF - HTTP (Request) - Variant 2 | HIGH | | 2017/10/19 | DDI RULE 2523 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2523 |
| DDI RULE 2524 | GOFARER - HTTP (Request) | HIGH | | 2017/10/19 | DDI RULE 2524 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2524 |
| DDI RULE 2335 | PRAPDUKAT - TCP | HIGH | | 2017/10/18 | DDI RULE 2335 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2335 |
| DDI RULE 2494 | APT - ANEL - HTTP (Request) | HIGH | | 2017/10/18 | DDI RULE 2494 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2494 |
| DDI RULE 2376 | HIDDENTEARZORRO - Ransomware - TCP | HIGH | | 2017/10/17 | DDI RULE 2376 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2376 |
| DDI RULE 2165 | CRYPMIC - Ransomware - TCP | HIGH | | 2017/10/17 | DDI RULE 2165 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2165 |
| DDI RULE 2267 | JACKPOT - Ransomware - HTTP (Request) | HIGH | | 2017/10/17 | DDI RULE 2267 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2267 |
| DDI RULE 2296 | CHIP - Ransomware - HTTP (Response) | HIGH | | 2017/10/17 | DDI RULE 2296 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2296 |
| DDI RULE 2161 | CYPHERKEY - HTTP (Request) | HIGH | | 2017/10/17 | DDI RULE 2161 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2161 |
| DDI RULE 2162 | GOOPIC - HTTP (Request) | HIGH | | 2017/10/17 | DDI RULE 2162 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2162 |
| DDI RULE 2163 | CRYPSHOCKER - HTTP (Request) | HIGH | | 2017/10/17 | DDI RULE 2163 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2163 |
| DDI RULE 2103 | ENIGMA - Ransomware - HTTP (Request) | HIGH | | 2017/10/17 | DDI RULE 2103 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2103 |
| DDI RULE 2106 | AUTOLOCKY - Ransomware - HTTP (Request) | HIGH | | 2017/10/17 | DDI RULE 2106 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2106 |
| DDI RULE 2112 | MADLOCKER - Ransomware - HTTP (Request) | HIGH | | 2017/10/17 | DDI RULE 2112 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2112 |
| DDI RULE 2032 | CRYPTESLA - Ransomware - HTTP (Request) - Variant 4 | HIGH | | 2017/10/17 | DDI RULE 2032 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2032 |
| DDI RULE 2034 | RANSOM CRYPTESLA - HTTP (Request) - Variant 5 | HIGH | | 2017/10/17 | DDI RULE 2034 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2034 |
| DDI RULE 1543 | Possible CRILOCK DNS Response | HIGH | | 2017/10/17 | DDI RULE 1543 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1543 |
| DDI RULE 2520 | MAGNITUDE - Exploit Kit - HTTP (Request) - Variant 4 | HIGH | | 2017/10/16 | DDI RULE 2520 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2520 |
| DDI RULE 98 | Unidentified protocol using standard service port | HIGH | | 2017/10/16 | DDI RULE 98 | /vinfo/us/threat-encyclopedia/network/ddi-rule-98 |
| DDI RULE 1263 | VIRUT - HTTP (Request) | HIGH | | 2017/10/12 | DDI RULE 1263 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1263 |
| DDI RULE 2519 | DLINK DIR8xx leak credentials exploit - HTTP (Request) | HIGH | | 2017/10/12 | DDI RULE 2519 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2519 |
| DDI RULE 2025 | NEMUCOD - HTTP (Request) - Variant 6 | HIGH | | 2017/10/11 | DDI RULE 2025 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2025 |
| DDI RULE 2062 | NEMUCOD - HTTP (Request) - Variant 7 | HIGH | | 2017/10/11 | DDI RULE 2062 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2062 |
| DDI RULE 2051 | NEMUCOD - HTTP (Request) - Variant 5 | HIGH | | 2017/10/11 | DDI RULE 2051 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2051 |
| DDI RULE 2083 | CRYPAURA - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2083 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2083 |
| DDI RULE 2118 | CRYDAP - Ransomware - HTTP (Request) - Variant 2 | HIGH | | 2017/10/11 | DDI RULE 2118 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2118 |
| DDI RULE 2097 | EMPER - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2097 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2097 |
| DDI RULE 2164 | BART - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2164 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2164 |
| DDI RULE 2123 | ZCRYPT - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2123 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2123 |
| DDI RULE 2126 | SNSLOCK - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2126 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2126 |
| DDI RULE 2138 | BADBLOCK - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2138 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2138 |
| DDI RULE 2140 | CRYPSHED - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2140 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2140 |
| DDI RULE 1821 | NEMUCOD HTTP Request | HIGH | | 2017/10/11 | DDI RULE 1821 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1821 |
| DDI RULE 1874 | NEMUCOD - HTTP (Request) - Variant 2 | HIGH | | 2017/10/11 | DDI RULE 1874 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1874 |
| DDI RULE 2291 | NEMUCOD - HTTP (Request) - Variant 8 | HIGH | | 2017/10/11 | DDI RULE 2291 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2291 |
| DDI RULE 2316 | BRAINCRYPT - Ransomware - HTTP(Request) | HIGH | | 2017/10/11 | DDI RULE 2316 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2316 |
| DDI RULE 2317 | POPCORNTYM - Ransomware - HTTP(Request) | HIGH | | 2017/10/11 | DDI RULE 2317 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2317 |
| DDI RULE 2318 | CRYPBLOCK - Ransomware - HTTP(Request) | HIGH | | 2017/10/11 | DDI RULE 2318 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2318 |
| DDI RULE 2319 | EDA2RUNSOME - Ransomware - HTTP(Request) | HIGH | | 2017/10/11 | DDI RULE 2319 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2319 |
| DDI RULE 2322 | JOKEMARS - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2322 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2322 |
| DDI RULE 2196 | BUTERAT - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2196 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2196 |
| DDI RULE 2218 | POGOTEAR - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2218 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2218 |
| DDI RULE 2215 | JAGER - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2215 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2215 |
| DDI RULE 2216 | TELANATEAR - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2216 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2216 |
| DDI RULE 2206 | CRYPSALAM - Ransomware - HTTP (Request) - Variant 2 | HIGH | | 2017/10/11 | DDI RULE 2206 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2206 |
| DDI RULE 2233 | MILICRY - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2233 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2233 |
| DDI RULE 2235 | FANTOMCRYPT - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2235 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2235 |
| DDI RULE 2236 | SERPICO - Ransomware - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2236 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2236 |
| DDI RULE 2518 | CVE-2017-14496 - DNSMASQ Integer Underflow Exploit - DNS (Request) | HIGH | | 2017/10/11 | DDI RULE 2518 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2518 |
| DDI RULE 2489 | APT - KOADIC - HTTP (Request) | HIGH | | 2017/10/11 | DDI RULE 2489 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2489 |
| DDI RULE 2517 | CVE-2017-14493 - DNSMASQ Buffer Overflow Exploit - DHCP (Request) | HIGH | | 2017/10/10 | DDI RULE 2517 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2517 |
| DDI RULE 2506 | SSV-93588 - DiscuszX File Operation Exploit - HTTP (Request) | HIGH | | 2017/10/10 | DDI RULE 2506 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2506 |
| DDI RULE 2504 | CVE-2017-9798 - APACHE OPTIONSBLEED Vulnerability - HTTP (Response) | HIGH | | 2017/10/09 | DDI RULE 2504 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2504 |
| DDI RULE 1877 | ANGLER - Exploit Kit - HTTP(Request) - Variant 3 | HIGH | | 2017/10/03 | DDI RULE 1877 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1877 |
| DDI RULE 2124 | XORBAT - Ransomware - HTTP (Request) | HIGH | | 2017/10/03 | DDI RULE 2124 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2124 |
| DDI RULE 2086 | WALTRIX - Ransomware - TCP | HIGH | | 2017/10/03 | DDI RULE 2086 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2086 |
| DDI RULE 2122 | CRILOCK - Ransomware - HTTP (Request) | HIGH | | 2017/10/03 | DDI RULE 2122 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2122 |
| DDI RULE 2081 | CRYPTEAR - Ransomware - HTTP (Request) | HIGH | | 2017/10/03 | DDI RULE 2081 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2081 |
| DDI RULE 2082 | COVERTON - Ransomware - HTTP (Request) | HIGH | | 2017/10/03 | DDI RULE 2082 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2082 |
| DDI RULE 2046 | VAWTRAK - HTTP (Request) - Variant 7 | HIGH | | 2017/10/03 | DDI RULE 2046 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2046 |
| DDI RULE 2057 | CRYDAP - Ransomware - HTTP (Request) | HIGH | | 2017/10/03 | DDI RULE 2057 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2057 |
| DDI RULE 2058 | CVE-2016-0128 - Windows Downgrade Vulnerability - DCE-RPC | HIGH | | 2017/10/03 | DDI RULE 2058 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2058 |
| DDI RULE 2059 | CVE-2016-0128 - Unencrypted Authentication Level - SAMR (Request) | LOW | | 2017/10/03 | DDI RULE 2059 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2059 |
| DDI RULE 2513 | TERROR - Exploit Kit - HTTP(Request) | HIGH | | 2017/10/03 | DDI RULE 2513 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2513 |
| DDI RULE 2514 | TERROR - Exploit Kit - HTTP(Response) | HIGH | | 2017/10/03 | DDI RULE 2514 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2514 |
| DDI RULE 940 | APT - WATERBEAR - TCP (Request) | HIGH | | 2017/10/03 | DDI RULE 940 | /vinfo/us/threat-encyclopedia/network/ddi-rule-940 |
| DDI RULE 2505 | Linux Reverse Shell - TCP (Response) | HIGH | | 2017/10/02 | DDI RULE 2505 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2505 |
| DDI RULE 2452 | Wget Commandline Injection | MEDIUM | | 2017/10/02 | DDI RULE 2452 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2452 |
| DDI RULE 2503 | SCRIPT DOWNLOADER - HTTP (Request) | HIGH | | 2017/09/28 | DDI RULE 2503 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2503 |
| DDI RULE 2499 | CVE-2016-10174 - NETGEAR Remote Code Execution - HTTP (Request) | HIGH | | 2017/09/27 | DDI RULE 2499 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2499 |
| DDI RULE 25 | Host DNS IAXFR/IXFR request from a non-trusted source | LOW | | 2017/09/27 | DDI RULE 25 | /vinfo/us/threat-encyclopedia/network/ddi-rule-25 |
| DDI RULE 2500 | Executable Image Download - HTTP (Response) | MEDIUM | | 2017/09/26 | DDI RULE 2500 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2500 |
| DDI RULE 2501 | APT - RETADUP - HTTP (Request) | HIGH | | 2017/09/26 | DDI RULE 2501 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2501 |
| DDI RULE 2502 | CVE-2017-5689 - Intel AMT Digest Authentication Bypass exploit - HTTP (Request) | HIGH | | 2017/09/26 | DDI RULE 2502 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2502 |
| DDI RULE 2497 | CCHACK - DNS (Response) | HIGH | | 2017/09/26 | DDI RULE 2497 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2497 |
| DDI RULE 2498 | CVE-2017-12615 - APACHE TOMCAT Remote Code Execution via JSP Upload - HTTP (Request) | HIGH | | 2017/09/26 | DDI RULE 2498 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2498 |
| DDI RULE 2495 | APOLLO - Ransomware - HTTP (Request) | HIGH | | 2017/09/21 | DDI RULE 2495 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2495 |
| DDI RULE 2496 | APT - LAGEMER - HTTP (Request) | HIGH | | 2017/09/21 | DDI RULE 2496 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2496 |
| DDI RULE 2481 | DOWNLOADER - HTTP (Response) | HIGH | | 2017/09/19 | DDI RULE 2481 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2481 |
| DDI RULE 2493 | CVE-2017-8759 - SOAP WSDL Command Injection Exploit- HTTP (Request) | HIGH | | 2017/09/19 | DDI RULE 2493 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2493 |
| DDI RULE 2492 | KARAGANY - HTTP (Request) | HIGH | | 2017/09/18 | DDI RULE 2492 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2492 |
| DDI RULE 2197 | Possible DLOADER - HTTP (Request) - Variant 4 | MEDIUM | | 2017/09/14 | DDI RULE 2197 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2197 |
| DDI RULE 1434 | Remote PHP-CGI Command Execution - HTTP (Request) | HIGH | | 2017/09/14 | DDI RULE 1434 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1434 |
| DDI RULE 2486 | DOWNLOADER - HTTP (Request) - Variant 2 | HIGH | | 2017/09/11 | DDI RULE 2486 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2486 |
| DDI RULE 2479 | INFOSTEAL - HTTP (Request) - Variant 3 | HIGH | | 2017/09/11 | DDI RULE 2479 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2479 |
| DDI RULE 2460 | RIG - Exploit Kit - HTTP(Request) - Variant 4 | HIGH | | 2017/09/11 | DDI RULE 2460 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2460 |
| DDI RULE 2491 | CVE-2017-12611 - APACHE STRUTS EXPLOIT - HTTP (Request) | HIGH | | 2017/09/08 | DDI RULE 2491 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2491 |
| DDI RULE 918 | APT - ESILE - HTTP (Request) | HIGH | | 2017/09/07 | DDI RULE 918 | /vinfo/us/threat-encyclopedia/network/ddi-rule-918 |
| DDI RULE 2254 | Metasploit(Payload) - Reverse Lua TCP | HIGH | | 2017/09/06 | DDI RULE 2254 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2254 |
| DDI RULE 2255 | Metasploit(Payload) - Reverse BASH TCP | HIGH | | 2017/09/06 | DDI RULE 2255 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2255 |
| DDI RULE 2329 | Metasploit(Payload) - Reverse RUBY TCP Response | HIGH | | 2017/09/06 | DDI RULE 2329 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2329 |
| DDI RULE 2356 | Bleeding Life - Exploit Kit - HTTP (Request) | MEDIUM | | 2017/09/06 | DDI RULE 2356 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2356 |
| DDI RULE 2353 | S2-046 - APACHE STRUTS EXPLOIT - HTTP (Request) | HIGH | | 2017/09/06 | DDI RULE 2353 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2353 |
| DDI RULE 2487 | ELKNOT - TCP | HIGH | | 2017/09/06 | DDI RULE 2487 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2487 |
| DDI RULE 2488 | STRIKED - Ransomware - HTTP (Request) | HIGH | | 2017/09/06 | DDI RULE 2488 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2488 |
| DDI RULE 2414 | CVE-2017-5689 - Authentication bypass - HTTP(Request) | HIGH | | 2017/09/06 | DDI RULE 2414 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2414 |
| DDI RULE 2392 | IP Camera Remote Code Execution - HTTP (Request) | HIGH | | 2017/09/06 | DDI RULE 2392 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2392 |
| DDI RULE 2484 | KHRAT - TCP | HIGH | | 2017/09/05 | DDI RULE 2484 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2484 |
| DDI RULE 2485 | CCTV-DVR Remote Code Execution - HTTP (Request) | HIGH | | 2017/09/05 | DDI RULE 2485 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2485 |
| DDI RULE 2380 | CVE-2017-0147 - Information Disclosure Exploit - SMB (Request) | MEDIUM | | 2017/09/04 | DDI RULE 2380 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2380 |
| DDI RULE 2382 | CVE-2017-0145 - Remote Code Execution - SMB (Request) | MEDIUM | | 2017/09/04 | DDI RULE 2382 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2382 |
| DDI RULE 2383 | CVE-2017-0144 - Remote Code Execution - SMB (Request) | HIGH | | 2017/09/04 | DDI RULE 2383 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2383 |
| DDI RULE 2116 | LOCKY - Ransomware - HTTP (Request) - Variant 2 | HIGH | | 2017/09/04 | DDI RULE 2116 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2116 |
| DDI RULE 2472 | CARBANAK - DNS (Response) | HIGH | | 2017/09/04 | DDI RULE 2472 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2472 |
| DDI RULE 2435 | MS17-010 - Remote Code Execution - SMB (Request) | MEDIUM | | 2017/09/04 | DDI RULE 2435 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2435 |
| DDI RULE 570 | WIMMIE - HTTP (Request) - Variant 2 | HIGH | | 2017/09/04 | DDI RULE 570 | /vinfo/us/threat-encyclopedia/network/ddi-rule-570 |
| DDI RULE 571 | WIMMIE - HTTP (Request) | HIGH | | 2017/09/04 | DDI RULE 571 | /vinfo/us/threat-encyclopedia/network/ddi-rule-571 |
| DDI RULE 639 | MORTOS DNS (Response) | HIGH | | 2017/09/04 | DDI RULE 639 | /vinfo/us/threat-encyclopedia/network/ddi-rule-639 |
| DDI RULE 64 | Possible NOP sled | MEDIUM | | 2017/09/04 | DDI RULE 64 | /vinfo/us/threat-encyclopedia/network/ddi-rule-64 |
| DDI RULE 2030 | FLASH EXPLOIT - HTTP (Request) | HIGH | | 2017/08/31 | DDI RULE 2030 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2030 |
| DDI RULE 1226 | IRCBOT - HTTP (Request) - Variant 2 | HIGH | | 2017/08/31 | DDI RULE 1226 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1226 |
| DDI RULE 1236 | IRCBOT - HTTP (Request) | HIGH | | 2017/08/31 | DDI RULE 1236 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1236 |
| DDI RULE 1100 | QAKBOT - HTTP (Request) - Variant 7 | HIGH | | 2017/08/31 | DDI RULE 1100 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1100 |
| DDI RULE 424 | QAKBOT - FTP (Request) | HIGH | | 2017/08/31 | DDI RULE 424 | /vinfo/us/threat-encyclopedia/network/ddi-rule-424 |
| DDI RULE 425 | QAKBOT - HTTP (Request) - Variant 4 | HIGH | | 2017/08/31 | DDI RULE 425 | /vinfo/us/threat-encyclopedia/network/ddi-rule-425 |
| DDI RULE 422 | QAKBOT - HTTP (Request) | HIGH | | 2017/08/31 | DDI RULE 422 | /vinfo/us/threat-encyclopedia/network/ddi-rule-422 |
| DDI RULE 2482 | DLOADER - HTTP (Request) - Variant 10 | HIGH | | 2017/08/31 | DDI RULE 2482 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2482 |
| DDI RULE 2480 | DEFRAY - Ransomware - HTTP (Request) | HIGH | | 2017/08/30 | DDI RULE 2480 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2480 |
| DDI RULE 436 | CHIR - UDP | MEDIUM | | 2017/08/30 | DDI RULE 436 | /vinfo/us/threat-encyclopedia/network/ddi-rule-436 |
| DDI RULE 437 | REMOSH - TCP | HIGH | | 2017/08/30 | DDI RULE 437 | /vinfo/us/threat-encyclopedia/network/ddi-rule-437 |
| DDI RULE 44 | File with multiple extensions ending with executable extension | LOW | | 2017/08/30 | DDI RULE 44 | /vinfo/us/threat-encyclopedia/network/ddi-rule-44 |
| DDI RULE 441 | DLL injection - SMB | MEDIUM | | 2017/08/30 | DDI RULE 441 | /vinfo/us/threat-encyclopedia/network/ddi-rule-441 |
| DDI RULE 407 | GUMBLAR - HTTP (Request) | MEDIUM | | 2017/08/30 | DDI RULE 407 | /vinfo/us/threat-encyclopedia/network/ddi-rule-407 |
| DDI RULE 41 | Malware-related subject and packed executable file - Email | HIGH | | 2017/08/30 | DDI RULE 41 | /vinfo/us/threat-encyclopedia/network/ddi-rule-41 |
| DDI RULE 460 | NETBOT - TCP | MEDIUM | | 2017/08/30 | DDI RULE 460 | /vinfo/us/threat-encyclopedia/network/ddi-rule-460 |
| DDI RULE 2477 | KOPILUWAK - HTTP (Request) | HIGH | | 2017/08/28 | DDI RULE 2477 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2477 |
| DDI RULE 2478 | DOWNLOADER - HTTP (Request) | HIGH | | 2017/08/28 | DDI RULE 2478 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2478 |
| DDI RULE 2474 | APT - PLEAD - TCP (Request) | HIGH | | 2017/08/24 | DDI RULE 2474 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2474 |
| DDI RULE 2475 | CVE-2017-8620 - Remote Code Execution - SMB (Request) | HIGH | | 2017/08/24 | DDI RULE 2475 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2475 |
| DDI RULE 2476 | CVE-2017-8620 - Remote Code Execution - SMB2 (Request) | HIGH | | 2017/08/24 | DDI RULE 2476 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2476 |
| DDI RULE 1174 | MALEX - HTTP (Request) | HIGH | | 2017/08/23 | DDI RULE 1174 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1174 |
| DDI RULE 1465 | MALEX - HTTP (Request) - Variant 2 | HIGH | | 2017/08/23 | DDI RULE 1465 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1465 |
| DDI RULE 917 | MALEX - HTTP (Request) | HIGH | | 2017/08/23 | DDI RULE 917 | /vinfo/us/threat-encyclopedia/network/ddi-rule-917 |
| DDI RULE 1544 | Possible CAPHAW DNS Response | HIGH | | 2017/08/22 | DDI RULE 1544 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1544 |
| DDI RULE 1542 | Possible CONFICKER DNS Response | HIGH | | 2017/08/22 | DDI RULE 1542 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1542 |
| DDI RULE 1629 | DISCPY - HTTP (Request) | MEDIUM | | 2017/08/22 | DDI RULE 1629 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1629 |
| DDI RULE 1526 | APT - ZAPCHAST - HTTP (Request) - Variant 4 | HIGH | | 2017/08/15 | DDI RULE 1526 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1526 |
| DDI RULE 1489 | APT - ZAPCHAST - HTTP (Request) | HIGH | | 2017/08/15 | DDI RULE 1489 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1489 |
| DDI RULE 1413 | APT - ZEGOST - HTTP (Request) - Variant 6 | HIGH | | 2017/08/15 | DDI RULE 1413 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1413 |
| DDI RULE 1154 | APT - ZEGOST - HTTP (Request) - Variant 3 | HIGH | | 2017/08/15 | DDI RULE 1154 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1154 |
| DDI RULE 1145 | APT - ZEGOST - HTTP (Request) - Variant 4 | HIGH | | 2017/08/15 | DDI RULE 1145 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1145 |
| DDI RULE 932 | APT - ZAPCHAST - HTTP (Request) - Variant 3 | HIGH | | 2017/08/15 | DDI RULE 932 | /vinfo/us/threat-encyclopedia/network/ddi-rule-932 |
| DDI RULE 2471 | SMBLORIS Exploit - SMB (Request) | HIGH | | 2017/08/15 | DDI RULE 2471 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2471 |
| DDI RULE 548 | APT - ZEGOST - HTTP (Request) | HIGH | | 2017/08/15 | DDI RULE 548 | /vinfo/us/threat-encyclopedia/network/ddi-rule-548 |
| DDI RULE 55 | File name with multiple consecutive spaces and executable extension | HIGH | | 2017/08/15 | DDI RULE 55 | /vinfo/us/threat-encyclopedia/network/ddi-rule-55 |
| DDI RULE 649 | ZEUS - HTTP (Request) | HIGH | | 2017/08/14 | DDI RULE 649 | /vinfo/us/threat-encyclopedia/network/ddi-rule-649 |
| DDI RULE 468 | AUTORUN - HTTP (Request) - Variant 16 | MEDIUM | | 2017/08/10 | DDI RULE 468 | /vinfo/us/threat-encyclopedia/network/ddi-rule-468 |
| DDI RULE 2473 | HADESLOCK - Ransomware - HTTP (Request) | HIGH | | 2017/08/10 | DDI RULE 2473 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2473 |
| DDI RULE 2465 | INFOSTEAL - HTTP (Request) - Variant 2 | HIGH | | 2017/08/09 | DDI RULE 2465 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2465 |
| DDI RULE 2468 | TACKBIT - TCP (Request) | HIGH | | 2017/08/08 | DDI RULE 2468 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2468 |
| DDI RULE 2464 | GOODOR - HTTP (Request) | HIGH | | 2017/08/03 | DDI RULE 2464 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2464 |
| DDI RULE 2306 | KVNDM - HTTP (Request) | HIGH | | 2017/08/02 | DDI RULE 2306 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2306 |
| DDI RULE 2455 | APT - MICROPSIA - HTTP (Request) | HIGH | | 2017/08/01 | DDI RULE 2455 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2455 |
| DDI RULE 2466 | Accessed non-existing administrative share - SMB | LOW | | 2017/08/01 | DDI RULE 2466 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2466 |
| DDI RULE 2467 | RETEFE - HTTP (Response) | HIGH | | 2017/08/01 | DDI RULE 2467 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2467 |
| DDI RULE 612 | Scheduled tasks via SMB protocol detected | HIGH | | 2017/08/01 | DDI RULE 612 | /vinfo/us/threat-encyclopedia/network/ddi-rule-612 |
| DDI RULE 2313 | CVE-2017-3823 - WebEx Browser Extension Exploit - HTTP (Response) | HIGH | | 2017/07/31 | DDI RULE 2313 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2313 |
| DDI RULE 2442 | Possible PsExec PETYA - Ransomware - SMB | MEDIUM | | 2017/07/27 | DDI RULE 2442 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2442 |
| DDI RULE 2440 | CVE-2015-5374 - SIEMENS SIPROTECT DENIAL OF SERVICE - UDP (Request) | MEDIUM | | 2017/07/27 | DDI RULE 2440 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2440 |
| DDI RULE 1301 | DELF - HTTP (Request) | HIGH | | 2017/07/26 | DDI RULE 1301 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1301 |
| DDI RULE 2458 | COMMAND INJECTION IN URI - HTTP | HIGH | | 2017/07/26 | DDI RULE 2458 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2458 |
| DDI RULE 2462 | KOVTER - HTTP (Request) - Variant 2 | HIGH | | 2017/07/26 | DDI RULE 2462 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2462 |
| DDI RULE 1319 | ONESCAN - HTTP (Request) - Variant 2 | HIGH | | 2017/07/25 | DDI RULE 1319 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1319 |
| DDI RULE 1335 | FAREIT - HTTP (Request) - Variant 2 | HIGH | | 2017/07/25 | DDI RULE 1335 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1335 |
| DDI RULE 1341 | BICOLOLO - HTTP (Request) - Variant 2 | HIGH | | 2017/07/25 | DDI RULE 1341 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1341 |
| DDI RULE 1261 | TDSS - HTTP (Request) - Variant 3 | HIGH | | 2017/07/25 | DDI RULE 1261 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1261 |
| DDI RULE 1170 | ANDROMEDA - HTTP (Request) | HIGH | | 2017/07/25 | DDI RULE 1170 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1170 |
| DDI RULE 1229 | ALINA HTTP request - Variant 1 | HIGH | | 2017/07/25 | DDI RULE 1229 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1229 |
| DDI RULE 123 | Possible KAVO - HTTP (Request) | LOW | | 2017/07/25 | DDI RULE 123 | /vinfo/us/threat-encyclopedia/network/ddi-rule-123 |
| DDI RULE 1210 | CYBOT - HTTP (Request) - Variant 3 | HIGH | | 2017/07/25 | DDI RULE 1210 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1210 |
| DDI RULE 1143 | APT - FAKEMS - HTTP (Request) - Variant 2 | HIGH | | 2017/07/25 | DDI RULE 1143 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1143 |
| DDI RULE 1117 | APT - IXESHE - HTTP (Request) - Variant 2 | HIGH | | 2017/07/25 | DDI RULE 1117 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1117 |
| DDI RULE 1134 | CLICKPOTATO - HTTP (Request) | HIGH | | 2017/07/25 | DDI RULE 1134 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1134 |
| DDI RULE 1115 | KRYPTIK - HTTP (Request) - Variant 2 | HIGH | | 2017/07/25 | DDI RULE 1115 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1115 |
| DDI RULE 1082 | EXPLOYT - HTTP (Request) - Variant 2 | HIGH | | 2017/07/25 | DDI RULE 1082 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1082 |
| DDI RULE 1083 | WANDA - HTTP (Request) | HIGH | | 2017/07/25 | DDI RULE 1083 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1083 |
| DDI RULE 1085 | RED OCTOBER ATTACK - HTTP (Request) | HIGH | | 2017/07/25 | DDI RULE 1085 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1085 |
| DDI RULE 1005 | TROJAN - HTTP (Request) - Variant 14 | HIGH | | 2017/07/25 | DDI RULE 1005 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1005 |
| DDI RULE 1438 | DEXTR - HTTP (Request) - Variant 2 | HIGH | | 2017/07/25 | DDI RULE 1438 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1438 |
| DDI RULE 1412 | TICKER - HTTP (Request) | HIGH | | 2017/07/25 | DDI RULE 1412 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1412 |
| DDI RULE 1379 | INJECTO - HTTP (Request) - Variant 2 | HIGH | | 2017/07/25 | DDI RULE 1379 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1379 |
| DDI RULE 1392 | SCAR - HTTP (Request) - Variant 4 | HIGH | | 2017/07/25 | DDI RULE 1392 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1392 |
| DDI RULE 1363 | ANDROMEDA - HTTP (Request) - Variant 2 | HIGH | | 2017/07/25 | DDI RULE 1363 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1363 |
| DDI RULE 1381 | KELIHOS - HTTP (Request) - Variant 3 | HIGH | | 2017/07/25 | DDI RULE 1381 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1381 |
| DDI RULE 1455 | GATAK - HTTP (Request) | HIGH | | 2017/07/25 | DDI RULE 1455 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1455 |
| DDI RULE 1557 | BANLOAD - HTTP (Request) - Variant 6 | HIGH | | 2017/07/25 | DDI RULE 1557 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1557 |
| DDI RULE 1659 | MAENER - HTTP (Request) | HIGH | | 2017/07/25 | DDI RULE 1659 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1659 |
| DDI RULE 1741 | BANKPINT - HTTP (Request) | HIGH | | 2017/07/25 | DDI RULE 1741 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1741 |
| DDI RULE 2159 | ANDROMEDA - HTTP (Request) - Variant 8 | HIGH | | 2017/07/25 | DDI RULE 2159 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2159 |
| DDI RULE 212 | NYXEM - HTTP (Request) | HIGH | | 2017/07/25 | DDI RULE 212 | /vinfo/us/threat-encyclopedia/network/ddi-rule-212 |
| DDI RULE 2147 | ANDROMEDA - HTTP (Request) - Variant 7 | HIGH | | 2017/07/25 | DDI RULE 2147 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2147 |
| DDI RULE 1829 | ANDROMEDA - HTTP (Request) - Variant 5 | HIGH | | 2017/07/25 | DDI RULE 1829 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1829 |
| DDI RULE 183 | MONKIFF - HTTP (Response) - Variant 1 | HIGH | | 2017/07/25 | DDI RULE 183 | /vinfo/us/threat-encyclopedia/network/ddi-rule-183 |
| DDI RULE 1830 | ANDROMEDA - HTTP (Request) - Variant 4 | HIGH | | 2017/07/25 | DDI RULE 1830 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1830 |
| DDI RULE 2453 | APT - EMSRY - HTTP (Request) | HIGH | | 2017/07/25 | DDI RULE 2453 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2453 |
| DDI RULE 651 | BREDOLAB - HTTP (Request) - Variant 6 | HIGH | | 2017/07/25 | DDI RULE 651 | /vinfo/us/threat-encyclopedia/network/ddi-rule-651 |
| DDI RULE 1128 | BANLOAD - HTTP (Request) | HIGH | | 2017/07/24 | DDI RULE 1128 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1128 |
| DDI RULE 1220 | SIMDA - HTTP (Request) - Variant 2 | HIGH | | 2017/07/24 | DDI RULE 1220 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1220 |
| DDI RULE 1300 | FARFLI - HTTP (Request) | HIGH | | 2017/07/24 | DDI RULE 1300 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1300 |
| DDI RULE 547 | CRIDEX - HTTP (Request) | HIGH | | 2017/07/24 | DDI RULE 547 | /vinfo/us/threat-encyclopedia/network/ddi-rule-547 |
| DDI RULE 2456 | TELEBOT - HTTP (Request) | HIGH | | 2017/07/24 | DDI RULE 2456 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2456 |
| DDI RULE 2439 | CVE-2017-3881 - Remote Code Execution - TELNET (Request) | HIGH | | 2017/07/20 | DDI RULE 2439 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2439 |
| DDI RULE 1242 | XTREME - HTTP (Request) | HIGH | | 2017/07/17 | DDI RULE 1242 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1242 |
| DDI RULE 2454 | APT - SFDER - HTTP (Request) | HIGH | | 2017/07/17 | DDI RULE 2454 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2454 |
| DDI RULE 1142 | PROXY - HTTP (Request) | HIGH | | 2017/07/13 | DDI RULE 1142 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1142 |
| DDI RULE 1621 | ANDROMEDA - HTTP (Request) - Variant 2 | HIGH | | 2017/07/13 | DDI RULE 1621 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1621 |
| DDI RULE 1276 | VAWTRAK - HTTP (Request) | HIGH | | 2017/07/12 | DDI RULE 1276 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1276 |
| DDI RULE 2377 | Remote Code Execution Vulnerability - RDP | HIGH | | 2017/07/12 | DDI RULE 2377 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2377 |
| DDI RULE 2378 | EXAMINE Buffer Overflow - IMAP4 (Request) | HIGH | | 2017/07/12 | DDI RULE 2378 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2378 |
| DDI RULE 2379 | CRAM-MD5 Authentication Buffer Overflow - IMAP4 (Request) | HIGH | | 2017/07/12 | DDI RULE 2379 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2379 |
| DDI RULE 238 | EMOTI - HTTP (Request) | HIGH | | 2017/07/12 | DDI RULE 238 | /vinfo/us/threat-encyclopedia/network/ddi-rule-238 |
| DDI RULE 2448 | REGEORG - HTTP (Response) | HIGH | | 2017/07/12 | DDI RULE 2448 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2448 |
| DDI RULE 2451 | SHELLBIND - TCP (Request) | HIGH | | 2017/07/12 | DDI RULE 2451 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2451 |
| DDI RULE 1753 | Remote Service exectution through SMB2 ATSVC detected | LOW | | 2017/07/11 | DDI RULE 1753 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1753 |
| DDI RULE 1754 | Remote Registry modification through SMB2 protocol detected | LOW | | 2017/07/11 | DDI RULE 1754 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1754 |
| DDI RULE 1736 | Remote Clear Event through SMB2 Protocol Detected | MEDIUM | | 2017/07/11 | DDI RULE 1736 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1736 |
| DDI RULE 1730 | Remote Delete Job through SMB2 ATSVC Detected | LOW | | 2017/07/11 | DDI RULE 1730 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1730 |
| DDI RULE 1731 | Remote Add Job through SMB2 Protocol Detected | LOW | | 2017/07/11 | DDI RULE 1731 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1731 |
| DDI RULE 2449 | CVE-2017-9791 - APACHE STRUTS EXPLOIT - HTTP (Request) | HIGH | | 2017/07/11 | DDI RULE 2449 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2449 |
| DDI RULE 2438 | HIDDENCOBRA - TCP (Response) | HIGH | | 2017/07/11 | DDI RULE 2438 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2438 |
| DDI RULE 2436 | CVE-2017-8543 - Remote Code Execution - SMB (Request) | HIGH | | 2017/07/10 | DDI RULE 2436 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2436 |
| DDI RULE 2437 | CVE-2017-8543 - Remote Code Execution - SMB2 (Request) | HIGH | | 2017/07/10 | DDI RULE 2437 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2437 |
| DDI RULE 2450 | UPATRE - HTTP (Request) | HIGH | | 2017/07/10 | DDI RULE 2450 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2450 |
| DDI RULE 2446 | RETADUP - TCP | HIGH | | 2017/07/10 | DDI RULE 2446 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2446 |
| DDI RULE 2280 | DUNIHI - TCP | HIGH | | 2017/07/06 | DDI RULE 2280 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2280 |
| DDI RULE 2447 | NUCLEX - TCP (Request) | HIGH | | 2017/07/06 | DDI RULE 2447 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2447 |
| DDI RULE 2290 | Possible Brute force - FTP | LOW | | 2017/07/04 | DDI RULE 2290 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2290 |
| DDI RULE 2289 | Unsuccessful logon - FTP | LOW | | 2017/07/04 | DDI RULE 2289 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2289 |
| DDI RULE 2434 | EREBUS - Ransomware - HTTP (Request) | HIGH | | 2017/07/03 | DDI RULE 2434 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2434 |
| DDI RULE 2443 | SPORA - Ransomware - HTTP (Response) | HIGH | | 2017/07/03 | DDI RULE 2443 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2443 |
| DDI RULE 2444 | INDUSTROYER - HTTP (Request) | HIGH | | 2017/07/03 | DDI RULE 2444 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2444 |
| DDI RULE 909 | APT - IXESHE - HTTP (Request) | HIGH | | 2017/07/03 | DDI RULE 909 | /vinfo/us/threat-encyclopedia/network/ddi-rule-909 |
| DDI RULE 91 | Executable file - TFTP | MEDIUM | | 2017/07/03 | DDI RULE 91 | /vinfo/us/threat-encyclopedia/network/ddi-rule-91 |
| DDI RULE 2014 | CVE-2016-0034 SILVERLIGHT RUNTIME RCE EXPLOIT | HIGH | | 2017/06/29 | DDI RULE 2014 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2014 |
