Network Content Inspection Rules
Default Rule:
Enable
Disable
| Rule ID | Rule Description | Confidence Level | DDI Default Rule | Network Content Inspection Pattern Release Date | ||
|---|---|---|---|---|---|---|
| DDI RULE 4961 | TRAMPIKABOT - HTTP(REQUEST) | 2023/12/05 | DDI RULE 4961 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4961 | ||
| DDI RULE 4960 | CVE-2023-46604 - Possible Apache ActiveMQ RCE Exploit - HTTP (Request) | 2023/11/30 | DDI RULE 4960 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4960 | ||
| DDI RULE 4957 | CVE-2023-4634 - Wordpress Plugin Media-Library-Assistant RCE Exploit - HTTP (Request) | 2023/11/22 | DDI RULE 4957 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4957 | ||
| DDI RULE 4956 | CVE-2023-47246 - SYSAID TRAVERSAL EXPLOIT - HTTP (Request) | 2023/11/22 | DDI RULE 4956 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4956 | ||
| DDI RULE 4955 | PIKABOT - Malicious Certificate - HTTPS | 2023/11/20 | DDI RULE 4955 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4955 | ||
| DDI RULE 4953 | CVE-2023-20198 - Cisco IOS XE WebUI Authentication Bypass Exploit - HTTP (Request) | 2023/11/16 | DDI RULE 4953 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4953 | ||
| DDI RULE 4950 | CVE-2023-20273 - Cisco IOS XE WebUI RCE Exploit - HTTP (Request) | 2023/11/13 | DDI RULE 4950 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4950 | ||
| DDI RULE 4940 | APT URL - HTTP(REQUEST) | 2023/11/09 | DDI RULE 4940 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4940 | ||
| DDI RULE 4934 | CVE-2023-22515 - Atlassian Confluence Data Center Broken Access Control Exploit - HTTP (Request) | 2023/10/26 | DDI RULE 4934 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4934 | ||
| DDI RULE 4933 | CVE-2023-42117 - Exim RCE EXPLOIT - SMTP(Request) | 2023/10/26 | DDI RULE 4933 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4933 | ||
| DDI RULE 4926 | CVE-2023-39361 - Cacti Group Cacti graph_view.php SQL Injection Exploit - HTTP (Request) | 2023/10/23 | DDI RULE 4926 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4926 | ||
| DDI RULE 4925 | LUMMAC2SOCK - HTTP (Request) | 2023/10/19 | DDI RULE 4925 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4925 | ||
| DDI RULE 4915 | CVE-2023-42121 - CONTROLWEBPANEL RCE EXPLOIT - HTTP(REQUEST) | 2023/10/11 | DDI RULE 4915 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4915 | ||
| DDI RULE 4908 | BUMBLE LOADER FALCON - DNS (Request) | 2023/10/05 | DDI RULE 4908 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4908 | ||
| DDI RULE 4907 | CVE-2023-39750 - D-Link DAP-2660 Buffer Overflow Exploit - HTTP (Request) | 2023/10/04 | DDI RULE 4907 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4907 | ||
| DDI RULE 4902 | QAKBOT - HTTP (REQUEST) - Variant 9 | 2023/09/26 | DDI RULE 4902 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4902 | ||
| DDI RULE 4897 | CVE-2023-34127 - SonicWall Command Injection Exploit - HTTP (Request) | 2023/09/25 | DDI RULE 4897 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4897 | ||
| DDI RULE 4896 | NDMP EXECUTE COMMAND - TCP(REQUEST) | 2023/09/21 | DDI RULE 4896 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4896 | ||
| DDI RULE 4885 | CVE-2023-25717 - Ruckus RCE Exploit - HTTP (Request) | 2023/09/14 | DDI RULE 4885 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4885 | ||
| DDI RULE 4888 | CVE-2023-38148 - DHCP BUFFER OVERFLOW EXPLOIT - UDP(REQUEST) | 2023/09/13 | DDI RULE 4888 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4888 | ||
| DDI RULE 4878 | CVE-2023-35150 - XWIKI RCE Exploit - HTTP (Request) | 2023/09/07 | DDI RULE 4878 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4878 | ||
| DDI RULE 4876 | CVE-2023-35078 - Ivanti Endpoint - HTTP (Response) | 2023/08/31 | DDI RULE 4876 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4876 | ||
| DDI RULE 4875 | CVE-2023-39475 - Ingnition Deserialization Remote Code Execution Exploit - HTTP(Request) | 2023/08/30 | DDI RULE 4875 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4875 | ||
| DDI RULE 4794 | CVE-2022-3602 - OpenSSL Buffer Overflow Exploit - TLS (Response) | 2023/08/23 | DDI RULE 4794 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4794 | ||
| DDI RULE 4873 | APT - PUBLOAD - HTTP (Request) | 2023/08/15 | DDI RULE 4873 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4873 | ||
| DDI RULE 4872 | ICEDID JAVASCRIPT DROPPER - HTTP(Request) | 2023/08/09 | DDI RULE 4872 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4872 | ||
| DDI RULE 4870 | COBEACON DEFAULT NAMED PIPE - SMB2 (Request) | 2023/08/08 | DDI RULE 4870 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4870 | ||
| DDI RULE 4871 | CVE-2021-27860 - VOLTTYPHOON EXPLOIT - HTTP(Request) | 2023/08/07 | DDI RULE 4871 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4871 | ||
| DDI RULE 4804 | CVE-2022-4223 - PGADMIN RCE EXPLOIT - HTTP(REQUEST) | 2023/08/03 | DDI RULE 4804 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4804 | ||
| DDI RULE 2466 | Accessed non-existing administrative share - SMB | 2023/07/31 | DDI RULE 2466 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2466 | ||
| DDI RULE 4869 | CVE-2023-29357 - SHAREPOINT PRIVILEGE ESCALATION - HTTP (REQUEST) - Variant 2 | 2023/07/25 | DDI RULE 4869 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4869 | ||
| DDI RULE 4868 | CVE-2023-33157 - SHAREPOINT RCE EXPLOIT - HTTP(REQUEST) | 2023/07/17 | DDI RULE 4868 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4868 | ||
| DDI RULE 4860 | COBEACON - DNS (Response) - Variant 2 | 2023/07/13 | DDI RULE 4860 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4860 | ||
| DDI RULE 4867 | CVE-2023-36934 - MOVEIT SQL INJECTION EXPLOIT - HTTP(REQUEST) | 2023/07/06 | DDI RULE 4867 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4867 | ||
| DDI RULE 4866 | CVE-2023-29357 - SHAREPOINT PRIVILEGE ESCALATION - HTTP(REQUEST) | 2023/07/04 | DDI RULE 4866 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4866 | ||
| DDI RULE 4863 | CVE-2023-25690 - APACHE HTTP Server Request Smuggling Exploit - HTTP (Request) | 2023/07/04 | DDI RULE 4863 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4863 | ||
| DDI RULE 4861 | COBEACON - DNS (Response) - Variant 3 | 2023/06/27 | DDI RULE 4861 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4861 | ||
| DDI RULE 4865 | CVE-2023-35708 - MOVEIT SQL INJECTION EXPLOIT - HTTP(REQUEST) | 2023/06/22 | DDI RULE 4865 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4865 | ||
| DDI RULE 4864 | CVE-2023-35036 - MOVEIT CERT SQL INJECTION - HTTP(REQUEST) | 2023/06/21 | DDI RULE 4864 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4864 | ||
| DDI RULE 4862 | CVE-2023-27997 - Fortinet FortiGate Buffer Overflow Exploit- HTTP (Request) | 2023/06/21 | DDI RULE 4862 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4862 | ||
| DDI RULE 4858 | SLIVER - HTTP (Request) | 2023/06/14 | DDI RULE 4858 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4858 | ||
| DDI RULE 4856 | CVE-2023-34362 - MOVEIT SQL INJECTION EXPLOIT - HTTP(REQUEST) | 2023/06/08 | DDI RULE 4856 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4856 | ||
| DDI RULE 4854 | SILOCK WEBSHELL - HTTP(REQUEST) | 2023/06/05 | DDI RULE 4854 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4854 | ||
| DDI RULE 4851 | CVE-2022-27924 - ZIMBRA EXPLOIT - HTTP (Request) | 2023/06/05 | DDI RULE 4851 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4851 | ||
| DDI RULE 4855 | REDLINE EXFIL - TCP(REQUEST) | 2023/06/05 | DDI RULE 4855 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4855 | ||
| DDI RULE 4853 | ICEDID EXFIL - HTTP(REQUEST) | 2023/06/01 | DDI RULE 4853 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4853 | ||
| DDI RULE 4852 | CVE-2023-21554 - WINDOWS MQ SERVICE RCE - TCP(REQUEST) | 2023/05/31 | DDI RULE 4852 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4852 | ||
| DDI RULE 4850 | PsExec - SMB2 (Request) | 2023/05/27 | DDI RULE 4850 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4850 | ||
| DDI RULE 4849 | CVE-2023-1671 - Sophos Web Appliance Command Injection Exploit - HTTP (Request) | 2023/05/25 | DDI RULE 4849 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4849 | ||
| DDI RULE 4847 | CVE-2022-36067 - VM2 REMOTE CODE EXECUTION - HTTP(REQUEST) | 2023/05/22 | DDI RULE 4847 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4847 | ||
| DDI RULE 4848 | LOCKBIT EXFIL - HTTP(REQUEST) | 2023/05/22 | DDI RULE 4848 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4848 | ||
| DDI RULE 4845 | TMMS FILE DISCLOSURE EXPLOIT - HTTP (Request) | 2023/05/18 | DDI RULE 4845 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4845 | ||
| DDI RULE 4843 | CVE-2023-32521 - TMMS UNAUTHENTICATED TRAVERSAL EXPLOIT - HTTP (Request) | 2023/05/18 | DDI RULE 4843 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4843 | ||
| DDI RULE 4844 | CVE-2023-32522 - TMMS AUTHENTICATED TRAVERSAL EXPLOIT - HTTP (Request) | 2023/05/18 | DDI RULE 4844 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4844 | ||
| DDI RULE 4819 | Possible Traffic Signaling - TCP (Request) | 2023/05/17 | DDI RULE 4819 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4819 | ||
| DDI RULE 4820 | Traffic with Base64 Encode - TCP (Request) | 2023/05/17 | DDI RULE 4820 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4820 | ||
| DDI RULE 4839 | CVE-2023-1389 - TPLink Firmware Command Injection Exploit - HTTP (Request) | 2023/05/17 | DDI RULE 4839 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4839 | ||
| DDI RULE 4846 | CVE-2023-24941 - WINDOWS NETWORK FILE SYSTEM RCE EXPLOIT - TCP(REQUEST) | 2023/05/15 | DDI RULE 4846 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4846 | ||
| DDI RULE 4821 | Authentication Required - HTTP (Response) | 2023/05/10 | DDI RULE 4821 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4821 | ||
| DDI RULE 4842 | CVE-2023-24950 - MICROSOFT SHAREPOINT RCE EXPLOIT - HTTP(REQUEST) | 2023/05/08 | DDI RULE 4842 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4842 | ||
| DDI RULE 4840 | CVE-2023-28231 - BUFFER OVERFLOW - MICROSOFT DHCPv6(REQUEST) | 2023/05/04 | DDI RULE 4840 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4840 | ||
| DDI RULE 4841 | CVE-2022-43945 - Network File System RPC RCE EXPLOIT - TCP (Request) | 2023/05/04 | DDI RULE 4841 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4841 | ||
| DDI RULE 4830 | CVE-2023-0669 - FORTRA GOANYWHERE MFT RCE REQUEST - HTTP (Exploit) | 2023/05/03 | DDI RULE 4830 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4830 | ||
| DDI RULE 4838 | POWERSHELL SERIALIZATION RCE EXPLOIT - HTTP(REQUEST) | 2023/04/27 | DDI RULE 4838 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4838 | ||
| DDI RULE 4837 | CVE-2022-31814 - NETGATE RCE EXPLOIT - HTTP (Request) | 2023/04/26 | DDI RULE 4837 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4837 | ||
| DDI RULE 4835 | CVE-2023-27350 - PaperCut MF/NG Authentication Bypass Exploit - HTTP (REQUEST) | 2023/04/26 | DDI RULE 4835 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4835 | ||
| DDI RULE 4836 | CVE-2023-27351 - PaperCut MF/NG Authentication Bypass Exploit - HTTP (REQUEST) | 2023/04/26 | DDI RULE 4836 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4836 | ||
| DDI RULE 4832 | CVE-2022-31706 - VMWARE RCE RESPONSE - HTTP (Exploit) | 2023/04/18 | DDI RULE 4832 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4832 | ||
| DDI RULE 4576 | CVE-2021-31166 - HTTP Protocol RCE Exploit - HTTP (REQUEST) | 2023/04/17 | DDI RULE 4576 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4576 | ||
| DDI RULE 4828 | ICONICSTEALER - TCP(RESPONSE) | 2023/04/12 | DDI RULE 4828 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4828 | ||
| DDI RULE 4831 | CVE-2022-37958 - MS WINDOWS NEGOEX REQUEST - SMB2 (Exploit) | 2023/04/05 | DDI RULE 4831 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4831 | ||
| DDI RULE 4825 | CVE-2021-42756 - FORTIWEB BUFFER OVERFLOW - HTTP(REQUEST) | 2023/04/04 | DDI RULE 4825 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4825 | ||
| DDI RULE 4826 | FREBNIIS - HTTP (Request) | 2023/03/30 | DDI RULE 4826 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4826 | ||
| DDI RULE 4824 | SOCGHOULISH - HTTP (Request) | 2023/03/29 | DDI RULE 4824 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4824 | ||
| DDI RULE 4822 | CVE-2022-39952 - Fortinet FortiNAC RCE Exploit - HTTP (Request) | 2023/03/28 | DDI RULE 4822 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4822 | ||
| DDI RULE 4823 | POSSIBLE CVE-2023-23415 - REMOTE CODE EXECUTION - ICMP(REQUEST) | 2023/03/27 | DDI RULE 4823 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4823 | ||
| DDI RULE 4818 | CVE-2022-36804 - Atlassian Bitbucket Command Injection Exploit - HTTP(REQUEST) | 2023/03/15 | DDI RULE 4818 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4818 | ||
| DDI RULE 4532 | CVE-2021-26855 - Exchange Server Side Request Forgery Exploit - HTTP (REQUEST) - Variant 2 | 2023/03/14 | DDI RULE 4532 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4532 | ||
| DDI RULE 4817 | WINEXE DETECTED - SMB2(REQUEST) | 2023/03/13 | DDI RULE 4817 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4817 | ||
| DDI RULE 4816 | WINEXE DETECTED - SMB(REQUEST) | 2023/03/09 | DDI RULE 4816 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4816 | ||
| DDI RULE 4815 | CVE-2022-41082 - MS EXCHANGE POWERSHELL RCE EXPLOIT - HTTP(REQUEST) | 2023/03/07 | DDI RULE 4815 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4815 | ||
| DDI RULE 4812 | CVE-2022-1040 - SOPHOS FIREWALL USER PORTAL AND WEBADMIN REMOTE CODE EXECUTION - HTTP(EXPLOIT) | 2023/02/16 | DDI RULE 4812 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4812 | ||
| DDI RULE 4811 | CVE-2021-21974 - VMWARE OPENSLP RCE EXPLOIT - TCP(REQUEST) | 2023/02/14 | DDI RULE 4811 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4811 | ||
| DDI RULE 4809 | CVE-2022-31698 - VMWARE DDOS EXPLOIT - HTTP(REQUEST) | 2023/02/13 | DDI RULE 4809 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4809 | ||
| DDI RULE 4808 | CVE-2022-40624 - NETGATE RCE EXPLOIT - HTTP(REQUEST) | 2023/02/09 | DDI RULE 4808 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4808 | ||
| DDI RULE 4806 | CVE-2022-44877 - CENTOS WEB PANEL COMMAND INJECTION - HTTP(EXPLOIT) | 2023/02/09 | DDI RULE 4806 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4806 | ||
| DDI RULE 4807 | CVE-2022-47966 - ZOHO MANAGEENGINE RCE - HTTP(REQUEST) | 2023/02/09 | DDI RULE 4807 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4807 | ||
| DDI RULE 4805 | CVE-2022-21587 - ORACLE DESKTOP INTEGRATOR DIRECTORY TRAVERSAL EXPLOIT - HTTP(REQUEST) | 2023/02/08 | DDI RULE 4805 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4805 | ||
| DDI RULE 4803 | MALLOX - HTTP(REQUEST) | 2023/01/30 | DDI RULE 4803 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4803 | ||
| DDI RULE 4802 | CHISEL TUNNELING - HTTP(RESPONSE) | 2023/01/17 | DDI RULE 4802 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4802 | ||
| DDI RULE 4754 | BUGHATCH - HTTP(REQUEST) | 2023/01/16 | DDI RULE 4754 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4754 | ||
| DDI RULE 4801 | CVE-2022-29499 - MITEL MIVOICE RCE - HTTP(EXPLOIT) | 2023/01/11 | DDI RULE 4801 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4801 | ||
| DDI RULE 4800 | MIMIKATZ SHELL - HTTP(RESPONSE) | 2022/12/14 | DDI RULE 4800 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4800 | ||
| DDI RULE 4799 | MIMIKATZ SHELL - TCP | 2022/12/14 | DDI RULE 4799 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4799 | ||
| DDI RULE 4755 | PROXYHTA - HTTP(REQUEST) | 2022/12/12 | DDI RULE 4755 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4755 | ||
| DDI RULE 2832 | Possible CVE-2019-6340 Drupal8 RESTful Web Services Remote Code Execution - HTTP (Request) | 2022/12/08 | DDI RULE 2832 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2832 | ||
| DDI RULE 4792 | CVE-2022-35951 - REDIS INTEGER OVERFLOW - TCP(REQUEST) | 2022/12/07 | DDI RULE 4792 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4792 | ||
| DDI RULE 4798 | CVE-2022-30216 - WINDOWS SERVER SERVICES TAMPERING EXPLOIT - SMB2(REQUEST) | 2022/12/01 | DDI RULE 4798 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4798 | ||
| DDI RULE 4797 | CVE-2022-34721 - Windows Internet Key Exchange - Buffer Overflow RCE ISKAMP EXPLOIT - UDP(REQUEST) | 2022/11/28 | DDI RULE 4797 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4797 | ||
| DDI RULE 4796 | MICROSOFT EXCHANGE POWERSHELL EXPLOIT - HTTP(REQUEST) | 2022/11/28 | DDI RULE 4796 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4796 | ||
| DDI RULE 4786 | CVE-2022-41040 - MS Exchange Server Side Request Forgery Exploit- HTTP(REQUEST) | 2022/11/24 | DDI RULE 4786 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4786 | ||
| DDI RULE 4693 | CVE-2022-30190 MICROSOFT WINDOWS SUPPORT DIAGNOSTIC TOOL RCE Exploit - HTTP (Response) | 2022/11/22 | DDI RULE 4693 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4693 | ||
| DDI RULE 4784 | CVE-2021-22205 - GITLAB CE/EE REMOTE CODE EXECUTION EXPLOIT - HTTP(REQUEST) | 2022/11/22 | DDI RULE 4784 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4784 | ||
| DDI RULE 4795 | CVE-2022-38129 - KEYSIGHT SMS DIRECTORY TRAVERSAL - HTTP(REQUEST) | 2022/11/16 | DDI RULE 4795 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4795 | ||
| DDI RULE 4793 | CVE-2022-3602 - OPENSSL BUFFER OVERFLOW EXPLOIT - TCP(REQUEST) | 2022/11/14 | DDI RULE 4793 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4793 | ||
| DDI RULE 4791 | CVE-2022-40300 - ZOHO MANAGEENGINE SQL CODE INJECTION - HTTP(REQUEST) | 2022/10/24 | DDI RULE 4791 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4791 | ||
| DDI RULE 4790 | CVE-2022-40684 - FORTINET AUTHBYPASS EXPLOIT - HTTP(REQUEST) | 2022/10/24 | DDI RULE 4790 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4790 | ||
| DDI RULE 4789 | CVE-2022-3236 - SOPHOS FIREWALL RCE - HTTP(REQUEST) | 2022/10/19 | DDI RULE 4789 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4789 | ||
| DDI RULE 4788 | CVE-2022-26013 - DELTA ELECTRONICS DIAENERGIE RCE EXPLOIT - HTTP(REQUEST) | 2022/10/17 | DDI RULE 4788 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4788 | ||
| DDI RULE 4787 | RPC POSSIBLE DCSYNC - DCE (REQUEST) - Variant 2 | 2022/10/11 | DDI RULE 4787 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4787 | ||
| DDI RULE 4760 | CVE-2022-22536 - SAP INTERNET COMMUNICATION MANAGER HTTP REQUEST SMUGGLING - HTTP(REQUEST) | 2022/10/03 | DDI RULE 4760 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4760 | ||
| DDI RULE 4785 | CVE-2022-40144 - Trend Micro Apex One Login Authentication Bypass Exploit - HTTP(REQUEST) | 2022/09/27 | DDI RULE 4785 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4785 | ||
| DDI RULE 4751 | CVE-2022-23270 - MICROSOFT POINT-TO-POINT TUNNELING PROTOCOL RCE - TCP(REQUEST) | 2022/09/26 | DDI RULE 4751 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4751 | ||
| DDI RULE 4762 | CVE-2022-30136 - MICROSOFT WINDOWS NFS BUFFER OVERFLOW EXPLOIT - TCP(REQUEST) | 2022/09/22 | DDI RULE 4762 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4762 | ||
| DDI RULE 4766 | CVE-2022-1660 - KEYSIGHT SENSOR INSECURE DESERIALIZATION - HTTP(REQUEST) | 2022/09/21 | DDI RULE 4766 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4766 | ||
| DDI RULE 4752 | CVE-2022-26809 - MICROSOFT WINDOWS RUNTIME LIBRARY INTEGER OVERFLOW EXPLOIT - SMB(RESPONSE) | 2022/09/21 | DDI RULE 4752 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4752 | ||
| DDI RULE 4673 | CVE-2022-26871 - TREND MICRO APEX CENTRAL REMOTE CODE EXECUTION - HTTP(REQUEST) | 2022/09/21 | DDI RULE 4673 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4673 | ||
| DDI RULE 4783 | CVE-2022-31474 - WordPress Plugin BackupBuddy Directory Traversal - HTTP(REQUEST) | 2022/09/20 | DDI RULE 4783 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4783 | ||
| DDI RULE 4782 | CVE-2022-34715 - MICROSOFT WINDOWS NFS BUFFER OVERFLOW EXPLOIT - TCP(REQUEST) | 2022/09/19 | DDI RULE 4782 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4782 | ||
| DDI RULE 4764 | CVE-2022-30525 - ZYXEL FIREWALL COMMAND INJECTION - HTTP(REQUEST) | 2022/09/15 | DDI RULE 4764 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4764 | ||
| DDI RULE 4756 | CVE-2022-22980 - SPRING DATA MONGODB REMOTE CODE EXECUTION - HTTP(REQUEST) | 2022/09/15 | DDI RULE 4756 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4756 | ||
| DDI RULE 4781 | CVE-2022-2135 - Advantech iView SQL Injection Exploit - HTTP(REQUEST) | 2022/09/14 | DDI RULE 4781 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4781 | ||
| DDI RULE 4688 | COROXY - UDP(REQUEST) | 2022/09/14 | DDI RULE 4688 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4688 | ||
| DDI RULE 4678 | CVE-2022-22965 - SPRING RCE EXPLOIT - HTTP(REQUEST) | 2022/09/14 | DDI RULE 4678 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4678 | ||
| DDI RULE 4779 | CVE-2022-35405 - ZOHO MANAGE ENGINE RCE EXPLOIT - HTTP(REQUEST) | 2022/09/13 | DDI RULE 4779 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4779 | ||
| DDI RULE 4780 | CVE-2022-2135 - HIKVISION WEB SERVER RCE EXPLOIT - HTTP(REQUEST) | 2022/09/07 | DDI RULE 4780 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4780 | ||
| DDI RULE 1007 | WMI Execute Method Request detected | 2022/09/06 | DDI RULE 1007 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1007 | ||
| DDI RULE 4777 | ANYDESK - HTTPS(REQUEST) | 2022/08/31 | DDI RULE 4777 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4777 | ||
| DDI RULE 4778 | ATERA - HTTP(REQUEST) | 2022/08/30 | DDI RULE 4778 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4778 | ||
| DDI RULE 4776 | CVE-2022-31659 - VMWARE AUTHBYPASS EXPLOIT - HTTP(REQUEST) | 2022/08/23 | DDI RULE 4776 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4776 | ||
| DDI RULE 4775 | CVE-2022-31656 - VMWARE AUTHBYPASS EXPLOIT - HTTP(REQUEST) | 2022/08/23 | DDI RULE 4775 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4775 | ||
| DDI RULE 4774 | CVE-2022-27925 - ZIMBRA RCE EXPLOIT - HTTP(REQUEST) | 2022/08/22 | DDI RULE 4774 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4774 | ||
| DDI RULE 4773 | CVE-2022-21972 - PTPP REMOTE CODE EXECUTION - TCP(EXPLOIT) | 2022/08/18 | DDI RULE 4773 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4773 | ||
| DDI RULE 4768 | SUSPICIOUS WINREG - SMB2(REQUEST) | 2022/08/16 | DDI RULE 4768 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4768 | ||
| DDI RULE 4772 | WEBDAV DIRECTORY TRAVERSAL EXPLOIT - HTTP(RESPONSE) | 2022/08/12 | DDI RULE 4772 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4772 | ||
| DDI RULE 4759 | COMMAND INJECTION EXPLOIT SENSOR - HTTP (REQUEST) - Variant 2 | 2022/08/11 | DDI RULE 4759 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4759 | ||
| DDI RULE 4771 | WVKEYLOGGER - HTTP(REQUEST) | 2022/08/02 | DDI RULE 4771 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4771 | ||
| DDI RULE 4765 | CVE-2021-43983 - BUFFER OVERFLOW - HTTP(RESPONSE) | 2022/07/28 | DDI RULE 4765 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4765 | ||
| DDI RULE 4767 | CVE-2021-46381 - DLINK DIRECTORY TRAVERSAL - HTTP(REQUEST) | 2022/07/28 | DDI RULE 4767 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4767 | ||
| DDI RULE 4770 | CVE-2022-23277 - EXCHANGE RCE EXPLOIT - HTTP(REQUEST) | 2022/07/27 | DDI RULE 4770 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4770 | ||
| DDI RULE 4769 | CVE-2021-31805 - APACHE STRUTS OGNL RCE EXPLOIT - HTTP(REQUEST) | 2022/07/26 | DDI RULE 4769 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4769 | ||
| DDI RULE 4763 | CVE-2021-46422 - COMMAND INJECTION - HTTP(REQUEST) | 2022/07/20 | DDI RULE 4763 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4763 | ||
| DDI RULE 4697 | FILE UPLOAD - HTTP(REQUEST) | 2022/07/18 | DDI RULE 4697 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4697 | ||
| DDI RULE 4761 | CVE-2022-31626 - PHP BUFFER OVERFLOW - HTTP(REQUEST) | 2022/07/14 | DDI RULE 4761 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4761 | ||
| DDI RULE 4758 | REMOTE CODE EXECUTION - HTTP (REQUEST) - Variant 5 | 2022/07/12 | DDI RULE 4758 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4758 | ||
| DDI RULE 2586 | NECURS - HTTP (Request) - Variant 4 | 2022/07/06 | DDI RULE 2586 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2586 | ||
| DDI RULE 2573 | MINER - TCP (Request) | 2022/07/06 | DDI RULE 2573 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2573 | ||
| DDI RULE 4757 | CVE-2022-26937 - NFS BUFFER OVERFLOW EXPLOIT - TCP(RESPONSE) | 2022/07/05 | DDI RULE 4757 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4757 | ||
| DDI RULE 4641 | CVE-2021-44228 - OGNL EXPLOIT - HTTP(REQUEST) | 2022/06/29 | DDI RULE 4641 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4641 | ||
| DDI RULE 4753 | CVE-2022-26809 - RPC INTEGER OVERFLOW - DCE(RESPONSE) | 2022/06/20 | DDI RULE 4753 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4753 | ||
| DDI RULE 4750 | CVE-2022-28213 - SAP XXE EXPLOIT - HTTP(REQUEST) | 2022/06/15 | DDI RULE 4750 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4750 | ||
| DDI RULE 4699 | ENVELOPE SQL INJECTION - HTTP (REQUEST) - Variant 2 | 2022/06/13 | DDI RULE 4699 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4699 | ||
| DDI RULE 4698 | ENVELOPE SQL INJECTION - HTTP(REQUEST) | 2022/06/13 | DDI RULE 4698 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4698 | ||
| DDI RULE 4695 | SSRF EXPLOIT - HTTP(REQUEST) | 2022/06/09 | DDI RULE 4695 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4695 | ||
| DDI RULE 4696 | BLIND SSRF EXPLOIT - HTTP(REQUEST) | 2022/06/09 | DDI RULE 4696 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4696 | ||
| DDI RULE 4694 | OGNL REMOTE CODE EXECUTION EXPLOIT - HTTP(REQUEST) | 2022/06/07 | DDI RULE 4694 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4694 | ||
| DDI RULE 4692 | CVE-2019-18935 - TELERIK UI RCE - HTTP(REQUEST) | 2022/06/01 | DDI RULE 4692 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4692 | ||
| DDI RULE 4689 | POSSIBLE SQL INJECT RCE EXPLOIT - HTTP (SEN) - Variant 2 | 2022/05/27 | DDI RULE 4689 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4689 | ||
| DDI RULE 4691 | CVE-2022-21907 - RCE EXPLOIT - HTTP (REQUEST) - Variant 2 | 2022/05/24 | DDI RULE 4691 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4691 | ||
| DDI RULE 2341 | COBALTSTRIKE - HTTP (Request) | 2022/05/19 | DDI RULE 2341 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2341 | ||
| DDI RULE 4690 | CVE-2021-4039 - ZYXEL NWA COMMAND INJECTION - HTTP(REQUEST) | 2022/05/18 | DDI RULE 4690 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4690 | ||
| DDI RULE 4687 | METASPLOIT COBALTSTRIKE STAGER - HTTP(RESPONSE) | 2022/05/12 | DDI RULE 4687 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4687 | ||
| DDI RULE 1639 | UPATRE HTTP GET Request - Class 1 | 2022/05/12 | DDI RULE 1639 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1639 | ||
| DDI RULE 4682 | MULTIPLE LATERAL MOVEMENT - SMB2(REQUEST) | 2022/05/11 | DDI RULE 4682 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4682 | ||
| DDI RULE 4685 | CVE-2021-22204 - REMOTE CODE EXECUTION - HTTP(EXPLOIT) | 2022/05/10 | DDI RULE 4685 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4685 | ||
| DDI RULE 4609 | PAYLOADBIN - HTTP (REQUEST) - Variant 1 | 2022/05/05 | DDI RULE 4609 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4609 | ||
| DDI RULE 4686 | RATSNIF - HTTP(REQUEST) | 2022/05/02 | DDI RULE 4686 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4686 | ||
| DDI RULE 4653 | JAVA CLASS GET REQUEST SENSOR - HTTP(REQUEST) | 2022/04/28 | DDI RULE 4653 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4653 | ||
| DDI RULE 4652 | CVE-2021-40539 - RESTAPI EXPLOIT - HTTP(REQUEST) | 2022/04/27 | DDI RULE 4652 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4652 | ||
| DDI RULE 4683 | CVE-2022-24491 - NFS BUFFER OVERFLOW EXPLOIT - UDP(REQUEST) | 2022/04/26 | DDI RULE 4683 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4683 | ||
| DDI RULE 4684 | CVE-2022-22954 - WORKSPACE ONE RCE - HTTP(REQUEST) | 2022/04/25 | DDI RULE 4684 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4684 | ||
| DDI RULE 4599 | KASEYA AUTHBYPASS EXPLOIT - HTTP(REQUEST) | 2022/04/21 | DDI RULE 4599 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4599 | ||
| DDI RULE 4570 | COBALTSTRIKE - DNS (Response) - Variant 2 | 2022/04/19 | DDI RULE 4570 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4570 | ||
| DDI RULE 4462 | Metasploit (Payload) - RC4 Encrypted Reverse TCP - TCP (Request) | 2022/04/12 | DDI RULE 4462 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4462 | ||
| DDI RULE 4662 | Metasploit(Payload) - Reverse DLL Inject - TCP (Response) - Variant 2 | 2022/04/11 | DDI RULE 4662 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4662 | ||
| DDI RULE 4680 | POSSIBLE TUNNELING - DNS(RESPONSE) | 2022/04/07 | DDI RULE 4680 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4680 | ||
| DDI RULE 4681 | CVE-2018-8174 - REMOTE CODE EXECUTION - HTTP(RESPONSE) | 2022/04/04 | DDI RULE 4681 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4681 | ||
| DDI RULE 4679 | POSSIBLE JAVA CLASSLOADER RCE EXPLOIT - HTTP(REQUEST) | 2022/04/01 | DDI RULE 4679 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4679 | ||
| DDI RULE 4676 | TELLYOUTHEPASS - HTTP(REQUEST) | 2022/03/29 | DDI RULE 4676 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4676 | ||
| DDI RULE 4675 | CVE-2022-0435 - TIPC BUFFEROVERFLOW EXPLOIT - UDP(REQUEST) | 2022/03/24 | DDI RULE 4675 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4675 | ||
| DDI RULE 4668 | CVE-2020-17144 - REMOTE CODE EXECUTION EXPLOIT - HTTP(REQUEST) | 2022/03/23 | DDI RULE 4668 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4668 | ||
| DDI RULE 4674 | TOOL PDQDEPLOY - SMB2(REQUEST) | 2022/03/21 | DDI RULE 4674 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4674 | ||
| DDI RULE 4672 | COBALT STRIKE DEFAULT NAMED PIPE - SMB2(REQUEST) | 2022/03/17 | DDI RULE 4672 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4672 | ||
| DDI RULE 4671 | CVE-2022-24112 - APACHE APISIX RCE - HTTP(REQUEST) | 2022/03/14 | DDI RULE 4671 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4671 | ||
| DDI RULE 4670 | CVE-2021-44077 - REMOTE CODE EXECUTION EXPLOIT - HTTP(REQUEST) | 2022/03/07 | DDI RULE 4670 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4670 | ||
| DDI RULE 4669 | PURPLE FOX ROOTKIT DOWNLOAD - HTTP(REQUEST) | 2022/03/07 | DDI RULE 4669 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4669 | ||
| DDI RULE 4667 | PURPLEFOX ROOTKIT - TCP(REQUEST) | 2022/03/02 | DDI RULE 4667 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4667 | ||
| DDI RULE 4666 | CVE-2022-24086 - INPUT VALIDATION EXPLOIT - HTTP(REQUEST) | 2022/02/28 | DDI RULE 4666 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4666 | ||
| DDI RULE 4665 | PURPLEFOX ROOTKIT DOWNLOAD - HTTP(RESPONSE) | 2022/02/28 | DDI RULE 4665 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4665 | ||
| DDI RULE 4664 | CVE-2021-40870 - DIRECTORY TRAVERSAL - HTTP(REQUEST) | 2022/02/24 | DDI RULE 4664 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4664 | ||
| DDI RULE 4663 | CVE-2021-25296 - NAGIOSXI CMD INJECTION EXPLOIT - HTTP(REQUEST) | 2022/02/24 | DDI RULE 4663 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4663 | ||
| DDI RULE 4661 | Possible CVE-2020-11978 - APACHE AIRFLOW RCE EXPLOIT - HTTP(REQUEST) | 2022/02/21 | DDI RULE 4661 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4661 | ||
| DDI RULE 4659 | CVE-2021-44142 - BUFFER OVERFLOW EXPLOIT - SMB2(REQUEST) | 2022/02/15 | DDI RULE 4659 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4659 | ||
| DDI RULE 4660 | CVE-2020-14864 - DIRECTORY TRAVERSAL EXPLOIT - HTTP(REQUEST) | 2022/02/14 | DDI RULE 4660 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4660 | ||
| DDI RULE 4656 | CONTENTTYPE MESSAGEBODY MISMATCH - HTTP(RESPONSE) | 2022/02/07 | DDI RULE 4656 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4656 | ||
| DDI RULE 4658 | CVE-2022-21907 - HTTP STACK RCE EXPLOIT - HTTP(REQUEST) | 2022/01/26 | DDI RULE 4658 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4658 | ||
| DDI RULE 4657 | CVE-2021-32648 - LARAVEL PASSWORD RESET EXPLOIT - HTTP(REQUEST) | 2022/01/20 | DDI RULE 4657 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4657 | ||
| DDI RULE 4655 | MAGNIBER - HTTP(REQUEST) | 2022/01/19 | DDI RULE 4655 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4655 | ||
| DDI RULE 4654 | CVE-2021-35211 - SOLARWINDS SERV-U REMOTE MEMORY ESCAPE EXPLOIT - SSH(REQUEST) | 2022/01/18 | DDI RULE 4654 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4654 | ||
| DDI RULE 4651 | CVE-2021-44790 - APACHE BUFFER OVERFLOW EXPLOIT - HTTP(REQUEST) | 2022/01/13 | DDI RULE 4651 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4651 | ||
| DDI RULE 4650 | NWORM - TCP(REQUEST) | 2022/01/05 | DDI RULE 4650 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4650 | ||
| DDI RULE 4649 | CVE-2021-44832 - LOG4J EXPLOIT - HTTP(REQUEST) | 2021/12/30 | DDI RULE 4649 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4649 | ||
| DDI RULE 4645 | CVE-2021-42287 - KDC VULNERABILITY - LDAP(REQUEST) | 2021/12/29 | DDI RULE 4645 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4645 | ||
| DDI RULE 4647 | SUNCRYPT - HTTP(REQUEST) | 2021/12/27 | DDI RULE 4647 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4647 | ||
| DDI RULE 4648 | CVE-2021-45105 - OGNL EXPLOIT - HTTP(REQUEST) | 2021/12/27 | DDI RULE 4648 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4648 | ||
| DDI RULE 4646 | CONNECTWISE - DNS(RESPONSE) | 2021/12/22 | DDI RULE 4646 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4646 | ||
| DDI RULE 4642 | POSSIBLE HTTP HEADER OGNL EXPRESSION EXPLOIT - HTTP(REQUEST) | 2021/12/21 | DDI RULE 4642 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4642 | ||
| DDI RULE 4644 | POSSIBLE HTTP URI OGNL EXPRESSION EXPLOIT - HTTP (REQUEST) - Variant 3 | 2021/12/18 | DDI RULE 4644 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4644 | ||
| DDI RULE 4643 | POSSIBLE HTTP BODY OGNL EXPRESSION EXPLOIT - HTTP (REQUEST) - Variant 2 | 2021/12/13 | DDI RULE 4643 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4643 | ||
| DDI RULE 4639 | CVE-2019-5544 - VMWARE OPENSLP RCE EXPLOIT - UDP(REQUEST) | 2021/12/02 | DDI RULE 4639 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4639 | ||
| DDI RULE 4640 | CVE-2021-42321 - EXCHANGE RCE EXPLOIT - HTTP(REQUEST) | 2021/11/26 | DDI RULE 4640 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4640 | ||
| DDI RULE 4638 | BAZARLOADER - DNS(RESPONSE) | 2021/11/17 | DDI RULE 4638 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4638 | ||
| DDI RULE 4637 | BAZARLOADER - HTTP(RESPONSE) | 2021/11/15 | DDI RULE 4637 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4637 | ||
| DDI RULE 4636 | QAKBOT - SMTP(REQUEST) | 2021/11/10 | DDI RULE 4636 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4636 | ||
| DDI RULE 4635 | QAKBOT - HTTP (RESPONSE) - Variant 2 | 2021/11/02 | DDI RULE 4635 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4635 | ||
| DDI RULE 4634 | Encryption Channel - HTTP(Request) | 2021/10/27 | DDI RULE 4634 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4634 | ||
| DDI RULE 2889 | ANTSWORD - HTTP (Request) | 2021/10/18 | DDI RULE 2889 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2889 | ||
| DDI RULE 4257 | ANTSWORD - HTTP (Request) - Variant 2 | 2021/10/18 | DDI RULE 4257 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4257 | ||
| DDI RULE 40 | Unregistered service | 2021/10/18 | DDI RULE 40 | /vinfo/us/threat-encyclopedia/network/ddi-rule-40 | ||
| DDI RULE 4633 | CVE-2021-41773 - APACHE TRAVERSAL RCE EXPLOIT - HTTP(REQUEST) | 2021/10/13 | DDI RULE 4633 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4633 | ||
| DDI RULE 4632 | ZLOADER - DNS(RESPONSE) | 2021/10/12 | DDI RULE 4632 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4632 | ||
| DDI RULE 4631 | DULLDOWN - HTTP(REQUEST) | 2021/10/11 | DDI RULE 4631 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4631 | ||
| DDI RULE 1063 | APT - DARKCOMET - TCP | 2021/10/07 | DDI RULE 1063 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1063 | ||
| DDI RULE 4604 | PETITPOTAM EFS NTLM RELAY ATTACK - SMB2(RESPONSE) | 2021/10/06 | DDI RULE 4604 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4604 | ||
| DDI RULE 4485 | CVE-2020-14882 - Oracle WebLogic Remote Code Execution Exploit - HTTP (Request) | 2021/10/04 | DDI RULE 4485 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4485 | ||
| DDI RULE 4630 | CVE-2021-22005 VCENTER DIRECTORY TRAVERSAL EXPLOIT - HTTP (REQUEST) | 2021/09/29 | DDI RULE 4630 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4630 | ||
| DDI RULE 4629 | TRANSFER BASE64ENCODE PE FILE - HTTP(RESPONSE) | 2021/09/27 | DDI RULE 4629 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4629 | ||
| DDI RULE 4528 | Possible Wget Commandline Injection | 2021/09/21 | DDI RULE 4528 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4528 | ||
| DDI RULE 4627 | BLACKMATTER - HTTP(REQUEST) | 2021/09/20 | DDI RULE 4627 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4627 | ||
| DDI RULE 4628 | POWEMUDDY - HTTP(REQUEST) | 2021/09/16 | DDI RULE 4628 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4628 | ||
| DDI RULE 4625 | Possible HTTP SMUGGLING - HTTP(REQUEST) | 2021/09/16 | DDI RULE 4625 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4625 | ||
| DDI RULE 4626 | DONOFF - DNS(RESPONSE) | 2021/09/14 | DDI RULE 4626 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4626 | ||
| DDI RULE 4152 | COBALTSTRIKE - HTTP (Response) | 2021/09/14 | DDI RULE 4152 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4152 | ||
| DDI RULE 4624 | CVE-2021-31207 - EXCHANGE EXPLOIT - HTTP(RESPONSE) | 2021/09/08 | DDI RULE 4624 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4624 | ||
| DDI RULE 4623 | CVE-2021-26084 - CONFLUENCE OGNL RCE EXPLOIT - HTTP(REQUEST) | 2021/09/07 | DDI RULE 4623 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4623 | ||
| DDI RULE 4621 | CVE-2021-37161 - PTS SWISSLOG BUFFER OVERFLOW EXPLOIT - UDP (Request) | 2021/09/06 | DDI RULE 4621 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4621 | ||
| DDI RULE 4622 | CVE-2021-37164 - PTS SWISSLOG BUFFER OVERFLOW EXPLOIT - UDP (Request) | 2021/09/06 | DDI RULE 4622 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4622 | ||
| DDI RULE 1200 | Possible SYN Flood Detected | 2021/09/06 | DDI RULE 1200 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1200 | ||
| DDI RULE 2184 | Possible Successful Logon Connection - RDP (Request) | 2021/09/06 | DDI RULE 2184 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2184 | ||
| DDI RULE 4558 | REDLINE - HTTP (REQUEST) | 2021/09/02 | DDI RULE 4558 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4558 | ||
| DDI RULE 4620 | CVE-2021-22123 - FORTINET RCE - HTTP(EXPLOIT) | 2021/08/31 | DDI RULE 4620 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4620 | ||
| DDI RULE 4342 | CVE-2020-7247 - OPENSMTPD RCE EXPLOIT - SMTP (REQUEST) | 2021/08/26 | DDI RULE 4342 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4342 | ||
| DDI RULE 4618 | ICEID - HTTP(REQUEST) | 2021/08/25 | DDI RULE 4618 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4618 | ||
| DDI RULE 4619 | NEGASTEAL - FTP(REQUEST) | 2021/08/23 | DDI RULE 4619 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4619 | ||
| DDI RULE 4617 | SIP POSSIBLE BRUTEFORCE - UDP(RESPONSE) | 2021/08/23 | DDI RULE 4617 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4617 | ||
| DDI RULE 4616 | POSSIBLE ZEPPELIN - HTTP(REQUEST) | 2021/08/19 | DDI RULE 4616 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4616 | ||
| DDI RULE 4615 | ZEPPELIN - HTTP(REQUEST) | 2021/08/18 | DDI RULE 4615 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4615 | ||
| DDI RULE 4612 | MGCP POSSIBLE EXFIL - UDP(REQUEST) | 2021/08/18 | DDI RULE 4612 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4612 | ||
| DDI RULE 4614 | SNMP POSSIBLE BRUTEFORCE - UDP(REQUEST) | 2021/08/17 | DDI RULE 4614 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4614 | ||
| DDI RULE 4613 | CVE-2021-31195 - EXCHANGE XSS - HTTP(EXPLOIT) | 2021/08/16 | DDI RULE 4613 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4613 | ||
| DDI RULE 4593 | CVE-2021-34473 - EXCHANGE SSRF EXPLOIT - HTTP(REQUEST) | 2021/08/12 | DDI RULE 4593 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4593 | ||
| DDI RULE 4611 | CVE-2021-26432 - NFS BUFFEROVERLOW EXPLOIT - UDP(REQUEST) | 2021/08/11 | DDI RULE 4611 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4611 | ||
| DDI RULE 4589 | Possible CVE-2021-34527 - Windows Print Spooler RCE - DCE (Request) | 2021/08/10 | DDI RULE 4589 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4589 | ||
| DDI RULE 4602 | NBT-NS Query Response | 2021/08/05 | DDI RULE 4602 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4602 | ||
| DDI RULE 4605 | PAYLOADBIN - HTTP(REQUEST) | 2021/08/03 | DDI RULE 4605 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4605 | ||
| DDI RULE 4601 | LLMNR Query Response | 2021/07/29 | DDI RULE 4601 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4601 | ||
| DDI RULE 4603 | ApexOne File Upload Exploit- HTTP(REQUEST) | 2021/07/27 | DDI RULE 4603 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4603 | ||
| DDI RULE 4594 | COBALTSTRIKE - HTTP(REQUEST) - Variant 3 | 2021/07/27 | DDI RULE 4594 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4594 | ||
| DDI RULE 4597 | HACKADEMY - HTTP(RESPONSE) | 2021/07/21 | DDI RULE 4597 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4597 | ||
| DDI RULE 4598 | CVE-2021-3129 - LARAVEL RCE EXPLOIT - HTTP(REQUEST) | 2021/07/21 | DDI RULE 4598 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4598 | ||
| DDI RULE 4596 | LOADSELL - HTTP(REQUEST) | 2021/07/20 | DDI RULE 4596 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4596 | ||
| DDI RULE 4595 | NJRAT - TCP (REQUEST) - Variant 2 | 2021/07/19 | DDI RULE 4595 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4595 | ||
| DDI RULE 4531 | RPC SECRETSDUMP DCSYNC - DCE (REQUEST) | 2021/07/19 | DDI RULE 4531 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4531 | ||
| DDI RULE 4581 | STOP - HTTP (REQUEST) | 2021/07/15 | DDI RULE 4581 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4581 | ||
| DDI RULE 4592 | REDLINE - HTTP(RESPONSE) | 2021/07/14 | DDI RULE 4592 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4592 | ||
| DDI RULE 4591 | REVIL - HTTP(REQUEST) | 2021/07/12 | DDI RULE 4591 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4591 | ||
| DDI RULE 4588 | Possible CVE-2021-34527 - Windows Print Spooler RCE - SMB (Request) | 2021/07/12 | DDI RULE 4588 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4588 | ||
| DDI RULE 1109 | TDSS - HTTP (Request) | 2021/07/01 | DDI RULE 1109 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1109 | ||
| DDI RULE 4483 | Remote Access Tool - VNC (Request) | 2021/06/23 | DDI RULE 4483 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4483 | ||
| DDI RULE 4587 | REVENGERAT - TCP(REQUEST) | 2021/06/21 | DDI RULE 4587 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4587 | ||
| DDI RULE 2007 | URSNIF - HTTP (Request) - Variant 3 | 2021/06/17 | DDI RULE 2007 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2007 | ||
| DDI RULE 4586 | Remote Tools Certificate - SSL | 2021/06/15 | DDI RULE 4586 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4586 | ||
| DDI RULE 4583 | CVE-2021-21985 - VMWARE VSAN PLUGIN RCE EXPLOIT - HTTP (REQUEST) | 2021/06/07 | DDI RULE 4583 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4583 | ||
| DDI RULE 4584 | Malicious Certificate SHA1 Hash - SSL | 2021/06/03 | DDI RULE 4584 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4584 | ||
| DDI RULE 4585 | CVE-2017-12617 - APACHE TOMCAT PUT METHOD RCE - HTTP (REQUEST) | 2021/06/03 | DDI RULE 4585 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4585 | ||
| DDI RULE 4582 | LEMON DUCK - HTTP (REQUEST) | 2021/06/03 | DDI RULE 4582 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4582 | ||
| DDI RULE 4571 | Possible Suspicious Named Pipe - SMB2 (REQUEST) | 2021/05/28 | DDI RULE 4571 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4571 | ||
| DDI RULE 4580 | PROMETEI - HTTP (REQUEST) | 2021/05/27 | DDI RULE 4580 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4580 | ||
| DDI RULE 4579 | DENES - DNS (RESPONSE) | 2021/05/26 | DDI RULE 4579 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4579 | ||
| DDI RULE 4572 | GLUPTEBA - HTTP (REQUEST) | 2021/05/25 | DDI RULE 4572 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4572 | ||
| DDI RULE 4577 | MAGNIBER EK for Internet Explorer - HTTP (RESPONSE) | 2021/05/24 | DDI RULE 4577 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4577 | ||
| DDI RULE 4578 | CVE-2021-28482 - MS EXCHANGE DESERIALIZATION RCE EXPLOIT - HTTP (REQUEST) | 2021/05/20 | DDI RULE 4578 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4578 | ||
| DDI RULE 4575 | DENES - HTTP (REQUEST) | 2021/05/20 | DDI RULE 4575 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4575 | ||
| DDI RULE 1541 | EMOTET - HTTP (Request) | 2021/05/18 | DDI RULE 1541 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1541 | ||
| DDI RULE 2348 | CVE-2017-5638 - APACHE STRUTS EXPLOIT - HTTP (Request) | 2021/05/12 | DDI RULE 2348 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2348 | ||
| DDI RULE 1618 | CVE-2014-6271 - Shellshock HTTP Request | 2021/05/12 | DDI RULE 1618 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1618 | ||
| DDI RULE 1642 | CVE-2014-6278 - SHELLSHOCK HTTP Exploit | 2021/05/12 | DDI RULE 1642 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1642 | ||
| DDI RULE 4573 | CVE-2021-31181 - SHAREPOINT RCE EXPLOIT - HTTP (REQUEST) | 2021/05/12 | DDI RULE 4573 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4573 | ||
| DDI RULE 4569 | CVE-2021-27065 - MS EXCHANGE FILE WRITE RCE EXPLOIT - HTTP (REQUEST) | 2021/05/11 | DDI RULE 4569 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4569 | ||
| DDI RULE 2034 | RANSOM CRYPTESLA - HTTP (Request) - Variant 5 | 2021/05/11 | DDI RULE 2034 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2034 | ||
| DDI RULE 2117 | DEMOCRY - Ransomware - HTTP (Request) | 2021/05/11 | DDI RULE 2117 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2117 | ||
| DDI RULE 4565 | CVE-2021-24085 - EXCHANGE CSRF EXPLOIT - HTTP (REQUEST) | 2021/05/06 | DDI RULE 4565 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4565 | ||
| DDI RULE 4567 | BOXTER - HTTP (RESPONSE) | 2021/05/06 | DDI RULE 4567 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4567 | ||
| DDI RULE 4568 | BOXTER - HTTP (REQUEST) | 2021/05/06 | DDI RULE 4568 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4568 | ||
| DDI RULE 2786 | ThinkPHP 5x Remote Code Execution - HTTP (Request) | 2021/05/04 | DDI RULE 2786 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2786 | ||
| DDI RULE 4566 | CVE-2020-17047 - Network File System RPC DOS EXPLOIT - TCP (REQUEST) | 2021/05/03 | DDI RULE 4566 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4566 | ||
| DDI RULE 4564 | CVE-2020-8243 - PULSE RCE EXPLOIT - HTTP (REQUEST) | 2021/04/29 | DDI RULE 4564 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4564 | ||
| DDI RULE 4562 | CVE-2019-9670 - ZIMBRA SUITE XXE EXPLOIT - HTTP (REQUEST) | 2021/04/28 | DDI RULE 4562 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4562 | ||
| DDI RULE 4560 | CVE-2021-20023 - SONICWALL DIRECTORY TRAVERSAL EXPLOIT - HTTP (REQUEST) | 2021/04/28 | DDI RULE 4560 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4560 | ||
| DDI RULE 4561 | CVE-2020-4006 - VMWARE CONFIGURATOR COMMAND INJECTION - HTTP (REQUEST) | 2021/04/26 | DDI RULE 4561 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4561 | ||
| DDI RULE 4559 | CVE-2019-11510 - PULSE INFORMATION DISCLOSURE - HTTP (REQUEST) | 2021/04/26 | DDI RULE 4559 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4559 | ||
| DDI RULE 4563 | CVE-2020-8260 - PULSE RCE EXPLOIT - HTTP (REQUEST) | 2021/04/26 | DDI RULE 4563 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4563 | ||
| DDI RULE 4557 | PANDASTEALER - HTTP (REQUEST) | 2021/04/21 | DDI RULE 4557 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4557 | ||
| DDI RULE 4551 | CVE-2021-21975 - VREALIZE API SSRF EXPLOIT - HTTP (REQUEST) | 2021/04/21 | DDI RULE 4551 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4551 | ||
| DDI RULE 4555 | CVE-2018-13374 - FORTIOS INFORMATION DISCLOSURE - HTTP (REQUEST) | 2021/04/19 | DDI RULE 4555 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4555 | ||
| DDI RULE 4556 | Possible CVE-2018-13374 - FORTIOS INFORMATION DISCLOSURE - HTTP (REQUEST) | 2021/04/19 | DDI RULE 4556 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4556 | ||
| DDI RULE 4550 | POSSIBLE PASSWORD SPRAY - LDAP (RESPONSE) | 2021/04/19 | DDI RULE 4550 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4550 | ||
| DDI RULE 4553 | CVE-2018-13379 - FORTIOS DIRECTORY TRAVERSAL - HTTP (REQUEST) | 2021/04/15 | DDI RULE 4553 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4553 | ||
| DDI RULE 4554 | RCLONE - HTTP (REQUEST) | 2021/04/15 | DDI RULE 4554 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4554 | ||
| DDI RULE 1561 | APT - PLUGX Malformed request - DNS | 2021/04/15 | DDI RULE 1561 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1561 | ||
| DDI RULE 4552 | CVE-2021-21983 - VREALIZE API FILE RCE EXPLOIT - HTTP (REQUEST) | 2021/04/13 | DDI RULE 4552 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4552 | ||
| DDI RULE 4548 | GET2 LOADER - HTTP (Request) | 2021/04/07 | DDI RULE 4548 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4548 | ||
| DDI RULE 4549 | CHOPPER - HTTP (Response) | 2021/04/07 | DDI RULE 4549 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4549 | ||
| DDI RULE 4547 | SDBOT - TCP (REQUEST) | 2021/04/05 | DDI RULE 4547 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4547 | ||
| DDI RULE 4543 | CVE-2021-25274 - Solarwinds Orion Remote Code Execution Exploit - TCP (REQUEST) | 2021/03/25 | DDI RULE 4543 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4543 | ||
| DDI RULE 4544 | CVE-2021-27561 - YEALINK RCE EXPLOIT - HTTP (REQUEST) | 2021/03/25 | DDI RULE 4544 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4544 | ||
| DDI RULE 4545 | CVE-2021-22502 - MICROFOCUS RCE EXPLOIT - HTTP (REQUEST) | 2021/03/25 | DDI RULE 4545 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4545 | ||
| DDI RULE 4546 | QUASAR - TCP (RESPONSE) | 2021/03/25 | DDI RULE 4546 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4546 | ||
| DDI RULE 4539 | CVE-2020-17530 - APACHE STRUTS OGNL RCE EXPLOIT - HTTP (REQUEST) | 2021/03/24 | DDI RULE 4539 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4539 | ||
| DDI RULE 4540 | CVE-2021-22991 - F5 BIG-IP TSM BUFFER OVERFLOW EXPLOIT - HTTP(REQUEST) | 2021/03/24 | DDI RULE 4540 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4540 | ||
| DDI RULE 4541 | CVE-2021-22992 - F5 BIG-IP ASM BUFFER OVERFLOW EXPLOIT - HTTP(RESPONSE) | 2021/03/24 | DDI RULE 4541 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4541 | ||
| DDI RULE 4542 | CVE-2021-22986 - F5 BIG-IP iCONTROL RCE EXPLOIT - HTTP(REQUEST) | 2021/03/24 | DDI RULE 4542 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4542 | ||
| DDI RULE 4456 | File Upload through SMB or SMB2 | 2021/03/24 | DDI RULE 4456 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4456 | ||
| DDI RULE 4457 | File Download through SMB or SMB2 | 2021/03/24 | DDI RULE 4457 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4457 | ||
| DDI RULE 4538 | CVE-2020-17518 - APACHE FLINK DIRECTORY TRAVERSAL EXPLOIT - HTTP (REQUEST) | 2021/03/23 | DDI RULE 4538 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4538 | ||
| DDI RULE 4516 | MESTRE - IRC (REQUEST) | 2021/03/23 | DDI RULE 4516 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4516 | ||
| DDI RULE 2598 | PsExec PETYA - Ransomware - SMB2 | 2021/03/23 | DDI RULE 2598 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2598 | ||
| DDI RULE 2021 | NUCLEAR - Exploit kit - HTTP (Request) - Variant 3 | 2021/03/22 | DDI RULE 2021 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2021 | ||
| DDI RULE 4504 | LOKIBOT - HTTP (REQUEST) | 2021/03/18 | DDI RULE 4504 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4504 | ||
| DDI RULE 4536 | APT - MANGZAMEL - TCP (Request) | 2021/03/17 | DDI RULE 4536 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4536 | ||
| DDI RULE 4239 | CVE-2019-16759 - VBulletin Remote Command Execution - HTTP (Request) | 2021/03/17 | DDI RULE 4239 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4239 | ||
| DDI RULE 4537 | CVE-2020-5847 - UNRAID RCE EXPLOIT - HTTP (REQUEST) | 2021/03/16 | DDI RULE 4537 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4537 | ||
| DDI RULE 4525 | CVE-2021-21972 - VSPHERE RCE EXPLOIT - HTTP (REQUEST) | 2021/03/16 | DDI RULE 4525 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4525 | ||
| DDI RULE 4529 | APT - REMOTE EXECUTION ZABBIX - TCP (REQUEST) | 2021/03/16 | DDI RULE 4529 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4529 | ||
| DDI RULE 4530 | DCERPC WMIEXECPY - (REQUEST) | 2021/03/16 | DDI RULE 4530 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4530 | ||
| DDI RULE 4533 | CVE-2021-26877 - RCE EXPLOIT - DNS (REQUEST) | 2021/03/15 | DDI RULE 4533 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4533 | ||
| DDI RULE 4534 | CVE-2021-26897 - OVER TCP RCE EXPLOIT - DNS (REQUEST) | 2021/03/15 | DDI RULE 4534 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4534 | ||
| DDI RULE 4535 | CVE-2021-27076 - Sharepoint Remote Code Execution Exploit - HTTP (REQUEST) | 2021/03/15 | DDI RULE 4535 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4535 | ||
| DDI RULE 2057 | CRYDAP - Ransomware - HTTP (Request) | 2021/03/11 | DDI RULE 2057 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2057 | ||
| DDI RULE 4526 | DEWMODE - HTTP (REQUEST) | 2021/03/10 | DDI RULE 4526 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4526 | ||
| DDI RULE 2452 | Wget Commandline Injection | 2021/03/10 | DDI RULE 2452 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2452 | ||
| DDI RULE 4527 | CVE-2021-26855 - Exchange Server Side Request Forgery Exploit SB - HTTP (REQUEST) | 2021/03/09 | DDI RULE 4527 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4527 | ||
| DDI RULE 4523 | Fobushell - HTTP (Request) | 2021/03/03 | DDI RULE 4523 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4523 | ||
| DDI RULE 4524 | Possible Renamed PSEXEC Service - SMB2 (Request) | 2021/03/03 | DDI RULE 4524 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4524 | ||
| DDI RULE 4522 | CVE-2021-24072 - SHAREPOINT RCE EXPLOIT - HTTP (REQUEST) | 2021/02/15 | DDI RULE 4522 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4522 | ||
| DDI RULE 4520 | CVE-2021-24078 - Remote Comand Execution Exploit - DNS (RESPONSE) | 2021/02/11 | DDI RULE 4520 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4520 | ||
| DDI RULE 4521 | CVE-2021-1707 - Sharepoint Remote Code Execution Exploit - HTTP (REQUEST) | 2021/02/11 | DDI RULE 4521 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4521 | ||
| DDI RULE 2472 | CARBANAK - DNS (Response) | 2021/02/11 | DDI RULE 2472 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2472 | ||
| DDI RULE 1542 | Possible CONFICKER DNS Response | 2021/02/11 | DDI RULE 1542 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1542 | ||
| DDI RULE 1543 | Possible CRILOCK DNS Response | 2021/02/11 | DDI RULE 1543 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1543 | ||
| DDI RULE 1544 | Possible CAPHAW DNS Response | 2021/02/11 | DDI RULE 1544 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1544 | ||
| DDI RULE 4518 | Possible NAT Slipstreaming - TCP (Request) | 2021/02/10 | DDI RULE 4518 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4518 | ||
| DDI RULE 4519 | COBALTSTRIKE - HTTPS (REQUEST) | 2021/02/09 | DDI RULE 4519 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4519 | ||
| DDI RULE 2544 | JAWS Remote Code Execution Exploit - HTTP (Request) | 2021/02/09 | DDI RULE 2544 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2544 | ||
| DDI RULE 4517 | TORRENTLOCKER - HTTPS (REQUEST) | 2021/02/02 | DDI RULE 4517 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4517 | ||
| DDI RULE 4512 | TRICKBOT - HTTPS (REQUEST) | 2021/02/02 | DDI RULE 4512 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4512 | ||
| DDI RULE 4513 | EMPIRE - HTTPS (REQUEST) | 2021/02/01 | DDI RULE 4513 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4513 | ||
| DDI RULE 4514 | METASPLOIT - HTTPS (REQUEST) - Malicious SSL Connection | 2021/02/01 | DDI RULE 4514 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4514 | ||
| DDI RULE 4515 | QAKBOT - HTTP (RESPONSE) | 2021/02/01 | DDI RULE 4515 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4515 | ||
| DDI RULE 4506 | CVE-2021-2109 - Oracle WebLogic Remote Code Execution Exploit - HTTP (Request) | 2021/01/28 | DDI RULE 4506 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4506 | ||
| DDI RULE 4507 | GOOTKIT - HTTPS (REQUEST) | 2021/01/28 | DDI RULE 4507 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4507 | ||
| DDI RULE 4508 | GOZI - HTTPS (REQUEST) | 2021/01/28 | DDI RULE 4508 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4508 | ||
| DDI RULE 4509 | CVE-2019-11229 - Gitea Remote Code Execution Exploit - HTTP (Request) | 2021/01/28 | DDI RULE 4509 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4509 | ||
| DDI RULE 4510 | RANSOM TROLDESH - HTTPS (REQUEST) | 2021/01/28 | DDI RULE 4510 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4510 | ||
| DDI RULE 4511 | QUAKBOT - HTTPS (REQUEST) | 2021/01/28 | DDI RULE 4511 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4511 | ||
| DDI RULE 4502 | DRIDEX - HTTPS (REQUEST) | 2021/01/27 | DDI RULE 4502 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4502 | ||
| DDI RULE 4505 | RANSOM CRYPTOLOCK - HTTPS (REQUEST) | 2021/01/27 | DDI RULE 4505 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4505 | ||
| DDI RULE 4503 | SILENTNIGHT- ZLOADER - HTTP(RESPONSE) | 2021/01/26 | DDI RULE 4503 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4503 | ||
| DDI RULE 4498 | Sanfor EDR Remote Code Execution Exploit - HTTP (Request) | 2021/01/25 | DDI RULE 4498 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4498 | ||
| DDI RULE 4467 | APT - WATERTIGER - HTTP (Response) | 2021/01/25 | DDI RULE 4467 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4467 | ||
| DDI RULE 4501 | Too many FTP Error Code 421 - FTP (Response) | 2021/01/20 | DDI RULE 4501 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4501 | ||
| DDI RULE 4490 | XML External Entity File Disclosure - HTTP (Request) | 2021/01/13 | DDI RULE 4490 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4490 | ||
| DDI RULE 1816 | GATAK - HTTP (Request) - Variant 2 | 2021/01/11 | DDI RULE 1816 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1816 | ||
| DDI RULE 4499 | Top-App LB SQL Injection Exploit - HTTP (Request) | 2020/12/29 | DDI RULE 4499 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4499 | ||
| DDI RULE 4500 | GRP-u8 SQL Injection - HTTP (Request) | 2020/12/28 | DDI RULE 4500 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4500 | ||
| DDI RULE 4497 | SQL Injection Exploit - HTTP (Request) - Variant 2 | 2020/12/28 | DDI RULE 4497 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4497 | ||
| DDI RULE 4494 | CVE-2020-17051 - NFS Exploit - UDP (REQUEST) | 2020/12/23 | DDI RULE 4494 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4494 | ||
| DDI RULE 4495 | Potential Social Security Info on TXT/CSV attachment - HTTP (Request) | 2020/12/23 | DDI RULE 4495 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4495 | ||
| DDI RULE 4496 | Potential Credit Card Info on TXT/CSV attachment - HTTP (Request) | 2020/12/23 | DDI RULE 4496 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4496 | ||
| DDI RULE 4453 | CVE-2020-1472 - Zerologon Privilege Escalation - DCERPC (Request) | 2020/12/23 | DDI RULE 4453 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4453 | ||
| DDI RULE 4493 | CVE-2020-17121 - SHAREPOINT RCE EXPLOIT - HTTP (Request) | 2020/12/21 | DDI RULE 4493 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4493 | ||
| DDI RULE 4492 | SUPERNOVA WEBSHELL - HTTP (RESPONSE) | 2020/12/17 | DDI RULE 4492 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4492 | ||
| DDI RULE 4491 | SUNBURST - DNS (RESPONSE) | 2020/12/15 | DDI RULE 4491 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4491 | ||
| DDI RULE 4486 | CVE-2020-11974 - Apache DolphinScheduler Remote Code Execution Exploit - HTTP (Request) | 2020/12/15 | DDI RULE 4486 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4486 | ||
| DDI RULE 4487 | CVE-2020-5791 - Nagios XI Command Injection - HTTP (Request) | 2020/12/15 | DDI RULE 4487 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4487 | ||
| DDI RULE 4488 | CVE-2020-5398 - Spring Framework Reflected File Download Exploit - HTTP (Request) | 2020/12/15 | DDI RULE 4488 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4488 | ||
| DDI RULE 4482 | Browser Exploitation Framework Tool - HTTP (Request) | 2020/12/14 | DDI RULE 4482 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4482 | ||
| DDI RULE 4484 | GOLDENSPY - HTTP (REQUEST) | 2020/12/14 | DDI RULE 4484 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4484 | ||
| DDI RULE 4489 | CVE-2019-8394 - ZOHO FILEUPLOAD EXPLOIT - HTTP (REQUEST) | 2020/12/14 | DDI RULE 4489 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4489 | ||
| DDI RULE 4447 | Potential Credit Card Info on ICMP Echo - ICMP (Request) | 2020/12/14 | DDI RULE 4447 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4447 | ||
| DDI RULE 1471 | JACKPOS - HTTP (Request) | 2020/12/14 | DDI RULE 1471 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1471 | ||
| DDI RULE 4481 | SQL Injection Exploit - HTTP (Request) | 2020/12/03 | DDI RULE 4481 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4481 | ||
| DDI RULE 2492 | KARAGANY - HTTP (Request) | 2020/12/02 | DDI RULE 2492 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2492 | ||
| DDI RULE 4478 | CVE-2020-2551 - Oracle Weblogic Remote Code Execution Exploit - TCP (Request) | 2020/11/26 | DDI RULE 4478 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4478 | ||
| DDI RULE 4479 | NTLM v1 Authentication - SMB (Request) | 2020/11/24 | DDI RULE 4479 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4479 | ||
| DDI RULE 4480 | XXL-JOB Remote Code Execution Exploit - HTTP (REQUEST) | 2020/11/24 | DDI RULE 4480 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4480 | ||
| DDI RULE 1706 | LDAP SASL Connection Detected | 2020/11/19 | DDI RULE 1706 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1706 | ||
| DDI RULE 4477 | Remote System Discovery - LDAP (REQUEST) - Variant 2 | 2020/11/11 | DDI RULE 4477 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4477 | ||
| DDI RULE 2713 | AVTECH Command Injection - Multiple Exploits - HTTP (Request) | 2020/11/10 | DDI RULE 2713 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2713 | ||
| DDI RULE 4476 | WOL- Wake on lan - UDP (REQUEST) | 2020/11/06 | DDI RULE 4476 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4476 | ||
| DDI RULE 2018 | DUNIHI HTTP Response | 2020/11/05 | DDI RULE 2018 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2018 | ||
| DDI RULE 4474 | File renamed - RYUK - Ransomware - SMB (Request) | 2020/11/03 | DDI RULE 4474 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4474 | ||
| DDI RULE 4475 | File renamed - RYUK - Ransomware - SMB2 (Request) | 2020/11/03 | DDI RULE 4475 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4475 | ||
| DDI RULE 4473 | MSXSL Code Execution - HTTP (Response) | 2020/11/02 | DDI RULE 4473 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4473 | ||
| DDI RULE 4471 | CVE-2016-4977 - Spring Security OAuth Remote Code Execution Exploit - HTTP (Request) | 2020/10/29 | DDI RULE 4471 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4471 | ||
| DDI RULE 4472 | POSSIBLE NGROK - HTTPS (REQUEST) | 2020/10/27 | DDI RULE 4472 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4472 | ||
| DDI RULE 4470 | CVE-2020-16952 - Microsoft SharePoint Remote Code Execution - HTTP (Request) | 2020/10/26 | DDI RULE 4470 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4470 | ||
| DDI RULE 1068 | APT - GHOSTRAT - TCP | 2020/10/26 | DDI RULE 1068 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1068 | ||
| DDI RULE 2333 | CVE-2017-0016 - Tree Connect Denial of Service Exploit - SMB2 (Response) | 2020/10/19 | DDI RULE 2333 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2333 | ||
| DDI RULE 2247 | DEMO RULE - SMB (Request) | 2020/10/19 | DDI RULE 2247 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2247 | ||
| DDI RULE 4469 | APT - COBALTSRIKE - HTTP (RESPONSE) | 2020/10/19 | DDI RULE 4469 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4469 | ||
| DDI RULE 4222 | PST File Upload | 2020/10/19 | DDI RULE 4222 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4222 | ||
| DDI RULE 4468 | CVE-2020-16898 - EXPLOIT - ICMPv6 (REQUEST) | 2020/10/15 | DDI RULE 4468 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4468 | ||
| DDI RULE 4466 | PsExec Clones - SMB2 (Request) | 2020/10/14 | DDI RULE 4466 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4466 | ||
| DDI RULE 4300 | WMI Command Execution - DCERPC (Request) | 2020/10/08 | DDI RULE 4300 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4300 | ||
| DDI RULE 4463 | QAKBOT - Malicious Certificate - SSL - Variant 3 | 2020/10/08 | DDI RULE 4463 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4463 | ||
| DDI RULE 4465 | Remote System Discovery - LSARPC (REQUEST) | 2020/10/08 | DDI RULE 4465 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4465 | ||
| DDI RULE 4455 | CVE-2020-1472 - Zerologon Privilege Escalation - SMB2 (Request) | 2020/10/08 | DDI RULE 4455 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4455 | ||
| DDI RULE 4459 | CVE-2020-1472 - Zerologon Privilege Escalation - SMB (Request) | 2020/10/08 | DDI RULE 4459 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4459 | ||
| DDI RULE 1022 | WMI Remote Registry - DCERPC (Request) | 2020/10/08 | DDI RULE 1022 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1022 | ||
| DDI RULE 4464 | Remote System Discovery - LDAP (REQUEST) | 2020/10/07 | DDI RULE 4464 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4464 | ||
| DDI RULE 2849 | CVE-2019-9194-HTTP RCE - ELFINDER (Request) | 2020/10/07 | DDI RULE 2849 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2849 | ||
| DDI RULE 4460 | CVE-2017-17485 - Jackson Databind Remote Code Execution Exploit - HTTP (Request) | 2020/10/05 | DDI RULE 4460 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4460 | ||
| DDI RULE 4461 | CVE-2017-7504 - JBossMQ JMS Invocation Layer Exploit - HTTP (Request) | 2020/10/05 | DDI RULE 4461 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4461 | ||
| DDI RULE 2388 | Unsuccessful logon - RDP | 2020/10/05 | DDI RULE 2388 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2388 | ||
| DDI RULE 2212 | Possible Brute force - RDP | 2020/10/05 | DDI RULE 2212 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2212 | ||
| DDI RULE 4143 | Malicious SSL Client Connection | 2020/09/29 | DDI RULE 4143 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4143 | ||
| DDI RULE 4144 | Malicious SSL Server Connection | 2020/09/29 | DDI RULE 4144 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4144 | ||
| DDI RULE 4145 | Malicious SSL Connection | 2020/09/29 | DDI RULE 4145 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4145 | ||
| DDI RULE 4146 | Suspicious SSL Connection | 2020/09/29 | DDI RULE 4146 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4146 | ||
| DDI RULE 4147 | Suspicious SSL Client Connection | 2020/09/29 | DDI RULE 4147 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4147 | ||
| DDI RULE 4148 | Suspicious SSL Server Connection | 2020/09/29 | DDI RULE 4148 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4148 | ||
| DDI RULE 4142 | SSL Connection | 2020/09/29 | DDI RULE 4142 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4142 | ||
| DDI RULE 2210 | Metasploit (Payload) - Reverse TCP Patchup Meterpreter | 2020/09/28 | DDI RULE 2210 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2210 | ||
| DDI RULE 2751 | Remote Command Shell - TCP | 2020/09/24 | DDI RULE 2751 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2751 | ||
| DDI RULE 2752 | Remote PowerShell - TCP | 2020/09/24 | DDI RULE 2752 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2752 | ||
| DDI RULE 4443 | Logon successful - SSH | 2020/09/21 | DDI RULE 4443 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4443 | ||
| DDI RULE 4444 | Unsuccessful logon - SSH | 2020/09/21 | DDI RULE 4444 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4444 | ||
| DDI RULE 4445 | Possible Brute force - SSH | 2020/09/21 | DDI RULE 4445 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4445 | ||
| DDI RULE 2664 | CreateService - SMB (Request) | 2020/09/21 | DDI RULE 2664 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2664 | ||
| DDI RULE 4450 | SERVER PROTECT RCE EXPLOIT - HTTP (REQUEST) | 2020/09/17 | DDI RULE 4450 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4450 | ||
| DDI RULE 4451 | APT - MUDDYWATER - HTTP (Request) | 2020/09/17 | DDI RULE 4451 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4451 | ||
| DDI RULE 4452 | CVE-2020-0911 - EXPLOIT - ICMPv6 (REQUEST) | 2020/09/16 | DDI RULE 4452 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4452 | ||
| DDI RULE 4429 | Remote Service execution through SMB2 SVCCTL detected - Variant 2 | 2020/09/15 | DDI RULE 4429 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4429 | ||
| DDI RULE 4449 | Remote Service execution through SMB2 SVCCTL detected - Variant 3 | 2020/09/14 | DDI RULE 4449 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4449 | ||
| DDI RULE 4448 | WORDPRESS PLUGIN FILEMANAGER EXPLOIT - HTTP (REQUEST) | 2020/09/08 | DDI RULE 4448 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4448 | ||
| DDI RULE 4442 | APT - DROVORUB - WEBSOCKET (RESPONSE) | 2020/09/07 | DDI RULE 4442 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4442 | ||
| DDI RULE 4446 | Apache Struts Potential Remote Code Execution Exploit - HTTP (Request) | 2020/09/01 | DDI RULE 4446 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4446 | ||
| DDI RULE 4437 | CVE-2014-9295 - Buffer Overflow - NTP (Request) | 2020/08/24 | DDI RULE 4437 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4437 | ||
| DDI RULE 4438 | CVE-2015-7855 - Denial of Service via decodenetnum - NTP (Request) | 2020/08/24 | DDI RULE 4438 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4438 | ||
| DDI RULE 4439 | CVE-2016-7434 - Denial of Service via mrulist - NTP (Request) | 2020/08/24 | DDI RULE 4439 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4439 | ||
| DDI RULE 4440 | CVE-2016-9312 - Possible Denial of Service via large packets - NTP (Request) | 2020/08/24 | DDI RULE 4440 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4440 | ||
| DDI RULE 4436 | SQL Injection Remote Code Execution Sensor - HTTP (Request) | 2020/08/24 | DDI RULE 4436 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4436 | ||
| DDI RULE 4441 | QAKBOT - Malicious Certificate - SSL - Variant 2 | 2020/08/20 | DDI RULE 4441 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4441 | ||
| DDI RULE 4434 | CVE-2020-9484 - Apache Tomcat Deserialization Remote Code Execution - HTTP (Request) | 2020/08/10 | DDI RULE 4434 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4434 | ||
| DDI RULE 1600 | Report Server ID MODBUS Request | 2020/08/06 | DDI RULE 1600 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1600 | ||
| DDI RULE 1598 | Non-Modbus Communication Request | 2020/08/06 | DDI RULE 1598 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1598 | ||
| DDI RULE 1599 | Illegal Packet Size - Possible DOS Attack MODBUS Request | 2020/08/06 | DDI RULE 1599 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1599 | ||
| DDI RULE 1122 | Office Document File Internal Transfer | 2020/08/05 | DDI RULE 1122 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1122 | ||
| DDI RULE 1123 | Office Document File Upload | 2020/08/05 | DDI RULE 1123 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1123 | ||
| DDI RULE 1126 | Executable file via FTP - class 1 | 2020/08/05 | DDI RULE 1126 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1126 | ||
| DDI RULE 1119 | HTTP Request - Hostname is an IP address | 2020/08/05 | DDI RULE 1119 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1119 | ||
| DDI RULE 2289 | Unsuccessful logon - FTP | 2020/08/05 | DDI RULE 2289 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2289 | ||
| DDI RULE 2290 | Possible Brute force - FTP | 2020/08/05 | DDI RULE 2290 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2290 | ||
| DDI RULE 4430 | Unencrypted REMCOS - TCP (Request) | 2020/07/30 | DDI RULE 4430 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4430 | ||
| DDI RULE 4432 | NGIOWEB - HTTP (REQUEST) | 2020/07/30 | DDI RULE 4432 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4432 | ||
| DDI RULE 4433 | APT - SUNFOU - HTTP (REQUEST) | 2020/07/30 | DDI RULE 4433 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4433 | ||
| DDI RULE 2793 | APT - WINNTI - HTTP (Response) | 2020/07/30 | DDI RULE 2793 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2793 | ||
| DDI RULE 2874 | ZEROSHELL RCE EXPLOIT - HTTP (Request) | 2020/07/30 | DDI RULE 2874 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2874 | ||
| DDI RULE 1764 | Possible Superfish SSL certificate detected | 2020/07/29 | DDI RULE 1764 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1764 | ||
| DDI RULE 2890 | INFOSTEAL - HTTP (Request) - Variant 5 | 2020/07/28 | DDI RULE 2890 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2890 | ||
| DDI RULE 1052 | IP Malicious - Class 1 | 2020/07/27 | DDI RULE 1052 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1052 | ||
| DDI RULE 4427 | APT - WELLMAIL - Malicious Certificate - SSL (Response) | 2020/07/23 | DDI RULE 4427 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4427 | ||
| DDI RULE 4428 | APT - WELLMESS - Malicious Certificate - SSL (Response) | 2020/07/23 | DDI RULE 4428 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4428 | ||
| DDI RULE 4425 | CVE-2020-1350 - DNS OVER TCP EXPLOIT - DNS (Response) | 2020/07/22 | DDI RULE 4425 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4425 | ||
| DDI RULE 4426 | CVE-2020-1350 - DNS OVER TCP EXPLOIT - TCP (Request) | 2020/07/22 | DDI RULE 4426 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4426 | ||
| DDI RULE 2000 | Metasploit(Payload) - Reverse DLL Inject - TCP (Response) | 2020/07/22 | DDI RULE 2000 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2000 | ||
| DDI RULE 2211 | Unsuccessful logon using default Administrator account - RDP | 2020/07/20 | DDI RULE 2211 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2211 | ||
| DDI RULE 2213 | Possible Brute force using privileged user - RDP | 2020/07/20 | DDI RULE 2213 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2213 | ||
| DDI RULE 2391 | Busybox Checking - TELNET (Request) | 2020/07/13 | DDI RULE 2391 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2391 | ||
| DDI RULE 4322 | possible Directory Traversal Exploit Attempted - URI Path - HTTP (Request) - Variant 2 | 2020/07/09 | DDI RULE 4322 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4322 | ||
| DDI RULE 4424 | CVE-2020-5902 - DIRECTORY TRAVERSAL EXPLOIT - HTTP (REQUEST) | 2020/07/09 | DDI RULE 4424 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4424 | ||
| DDI RULE 4321 | POWERTRICK - HTTP (REQUEST) | 2020/07/06 | DDI RULE 4321 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4321 | ||
| DDI RULE 4207 | CVE-2019-11354 - DOTPROJECT SQL Injection - HTTP (Request) | 2020/07/01 | DDI RULE 4207 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4207 | ||
| DDI RULE 4230 | APT - DATPER - HTTP (Request) | 2020/06/23 | DDI RULE 4230 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4230 | ||
| DDI RULE 4305 | APT - KSDOOR - HTTP (REQUEST) | 2020/06/23 | DDI RULE 4305 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4305 | ||
| DDI RULE 4309 | APT - LODEINFO - HTTP (Request) | 2020/06/23 | DDI RULE 4309 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4309 | ||
| DDI RULE 4311 | APT - BOTLODR - HTTP (REQUEST) | 2020/06/23 | DDI RULE 4311 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4311 | ||
| DDI RULE 4313 | MALXMR - HTTP (REQUEST) | 2020/06/23 | DDI RULE 4313 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4313 | ||
| DDI RULE 2663 | APT - EXFRAM - TCP (Request) | 2020/06/23 | DDI RULE 2663 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2663 | ||
| DDI RULE 2019 | APT - DALGAN - HTTP (Request) | 2020/06/23 | DDI RULE 2019 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2019 | ||
| DDI RULE 1549 | APT - WINNTI - HTTP (Request) | 2020/06/23 | DDI RULE 1549 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1549 | ||
| DDI RULE 1046 | APT - Connection attempt to an APT-related CNC server detected | 2020/06/23 | DDI RULE 1046 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1046 | ||
| DDI RULE 1704 | APT - TALERET - HTTP (Request) - Variant 2 | 2020/06/23 | DDI RULE 1704 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1704 | ||
| DDI RULE 1774 | APT - Possible EMDIVI - HTTP (Request) - Variant 5 | 2020/06/23 | DDI RULE 1774 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1774 | ||
| DDI RULE 1139 | DORKBOT IRC Request - Class 1 | 2020/06/22 | DDI RULE 1139 | /vinfo/us/threat-encyclopedia/network/ddi-rule-1139 | ||
| DDI RULE 2443 | SPORA - Ransomware - HTTP (Response) | 2020/06/17 | DDI RULE 2443 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2443 | ||
| DDI RULE 2608 | EMOTET - HTTP (Response) - Variant 2 | 2020/06/17 | DDI RULE 2608 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2608 | ||
| DDI RULE 2653 | PHOTOMINER - HTTP (Response) | 2020/06/17 | DDI RULE 2653 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2653 | ||
| DDI RULE 2609 | HANCITOR - HTTP (Request) - Variant 3 | 2020/06/17 | DDI RULE 2609 | /vinfo/us/threat-encyclopedia/network/ddi-rule-2609 |