Default Rule:
Enable
Disable
| Rule ID | Rule Description | Confidence Level | DDI Default Rule | Network Content Inspection Pattern Release Date | ||
|---|---|---|---|---|---|---|
| DDI RULE 2655 | Possible CVE-2017-9506 Atlassian OAth Proxy Exploit - HTTP (Request) | 2018/06/12 | DDI RULE 2655 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2655 | ||
| DDI RULE 2656 | CVE-2018-1418 - QRADAR Command Injection - HTTP (Request) | 2018/06/12 | DDI RULE 2656 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2656 | ||
| DDI RULE 2651 | JBOSSAS COMMAND EXECUTION EXPLOIT - HTTP (Request) | 2018/06/07 | DDI RULE 2651 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2651 | ||
| DDI RULE 2602 | RIG - Exploit Kit - HTTP (Request) - Variant 5 | 2018/06/06 | DDI RULE 2602 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2602 | ||
| DDI RULE 2653 | PHOTOMINER - HTTP (Response) | 2018/06/05 | DDI RULE 2653 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2653 | ||
| DDI RULE 2654 | Powershell - SMB | 2018/06/05 | DDI RULE 2654 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2654 | ||
| DDI RULE 2418 | Suspicious file rename - SMB (Request) | 2018/06/05 | DDI RULE 2418 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2418 | ||
| DDI RULE 2445 | Suspicious file rename - SMB2 (Request) | 2018/06/05 | DDI RULE 2445 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2445 | ||
| DDI RULE 2652 | VPNFILTER - HTTP (Request) | 2018/06/04 | DDI RULE 2652 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2652 | ||
| DDI RULE 2584 | POSGERAT Data Exfiltration - DNS (Response) | 2018/05/31 | DDI RULE 2584 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2584 | ||
| DDI RULE 2624 | POWERDNS - DNS (Response) | 2018/05/30 | DDI RULE 2624 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2624 | ||
| DDI RULE 2649 | GRANDSOFT - Exploit Kit - HTTP(Request) | 2018/05/30 | DDI RULE 2649 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2649 | ||
| DDI RULE 2650 | ANDROM - HTTP (Response) | 2018/05/30 | DDI RULE 2650 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2650 | ||
| DDI RULE 2648 | CVE-2018-1000136 Electron Node Integration Exploit- HTTP (Request) | 2018/05/28 | DDI RULE 2648 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2648 | ||
| DDI RULE 2507 | IEC104 TESTFR ACT - SCADA (Request) | 2018/05/28 | DDI RULE 2507 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2507 | ||
| DDI RULE 2508 | IEC104 STOPDT ACT - SCADA (Request) | 2018/05/28 | DDI RULE 2508 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2508 | ||
| DDI RULE 2509 | IEC104 STARTDT ACT - SCADA (Request) | 2018/05/28 | DDI RULE 2509 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2509 | ||
| DDI RULE 2510 | IEC104 TESTFR CON - SCADA (Response) | 2018/05/28 | DDI RULE 2510 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2510 | ||
| DDI RULE 2511 | IEC104 STOPDT CON - SCADA (Response) | 2018/05/28 | DDI RULE 2511 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2511 | ||
| DDI RULE 2512 | IEC104 STARTDT CON - SCADA (Response) | 2018/05/28 | DDI RULE 2512 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2512 | ||
| DDI RULE 2626 | CVE-2018-7600 - Remote Code Execution - HTTP (Request) | 2018/05/21 | DDI RULE 2626 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2626 | ||
| DDI RULE 2641 | CVE-2018-1308 Apache Solr Data Import Handler XML Exploit - HTTP (Request) | 2018/05/21 | DDI RULE 2641 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2641 | ||
| DDI RULE 2645 | CVE-2017-16598 Netgain SNMPWALK IP Directory Traversal Exploit HTTP - (Request) | 2018/05/21 | DDI RULE 2645 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2645 | ||
| DDI RULE 2646 | CVE-2018-1111 Remote Code Injection Exploit - DHCP (Response) | 2018/05/21 | DDI RULE 2646 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2646 | ||
| DDI RULE 2644 | Suspicious Access to a bit Domain - DNS (Response) | 2018/05/17 | DDI RULE 2644 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2644 | ||
| DDI RULE 2642 | NEGASTEAL - HTTP (Request) | 2018/05/16 | DDI RULE 2642 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2642 | ||
| DDI RULE 2643 | NECURS - SMB | 2018/05/16 | DDI RULE 2643 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2643 | ||
| DDI RULE 2638 | CVE-2018-7602 - Remote Code Execution - HTTP (Request) | 2018/05/15 | DDI RULE 2638 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2638 | ||
| DDI RULE 2639 | CVE-2018-10562 - GPON Remote Code Execution - HTTP (Request) | 2018/05/15 | DDI RULE 2639 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2639 | ||
| DDI RULE 2640 | CVE-2018-5443 Advantech Webaccess SQL Injection - HTTP (Request) | 2018/05/15 | DDI RULE 2640 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2640 | ||
| DDI RULE 2637 | CVE-2018-0171 Buffer Overflow - TCP (Request) | 2018/05/09 | DDI RULE 2637 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2637 | ||
| DDI RULE 2625 | UDPOS - DNS (Request) | 2018/05/09 | DDI RULE 2625 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2625 | ||
| DDI RULE 2574 | CVE-2017-16943 EXIM Remote Code Execution exploit - SMTP (Request) | 2018/05/08 | DDI RULE 2574 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2574 | ||
| DDI RULE 2635 | Abnormal x509v3 Subject Key Identifier extension - HTTPS (Response) | 2018/05/07 | DDI RULE 2635 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2635 | ||
| DDI RULE 2636 | Executable File inside Certificate ? HTTPS (Response) | 2018/05/07 | DDI RULE 2636 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2636 | ||
| DDI RULE 2526 | NECURS - HTTP (Request) - Variant 2 | 2018/05/07 | DDI RULE 2526 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2526 | ||
| DDI RULE 2631 | CVE-2018-9843 Rest API Remote Code Execution - HTTP (Request) | 2018/05/03 | DDI RULE 2631 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2631 | ||
| DDI RULE 2632 | GRAVITYRAT - HTTP (Request) | 2018/05/03 | DDI RULE 2632 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2632 | ||
| DDI RULE 2633 | JAKU - HTTP (Request) | 2018/05/03 | DDI RULE 2633 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2633 | ||
| DDI RULE 2634 | KWAMPIRS - HTTP (Request) | 2018/05/03 | DDI RULE 2634 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2634 | ||
| DDI RULE 2630 | HNAP1 Remote Code Execution Exploit - HTTP (Request) | 2018/05/02 | DDI RULE 2630 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2630 | ||
| DDI RULE 2604 | CVE-2018-6389 WordPress Load-Scripts Exploit - HTTP (Request) | 2018/05/02 | DDI RULE 2604 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2604 | ||
| DDI RULE 2609 | HANCITOR - HTTP (Request) - Variant 3 | 2018/05/02 | DDI RULE 2609 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2609 | ||
| DDI RULE 2629 | Possible CVE-2018-2628 WEBLOGIC T3 RCE Exploit - TCP (Request) | 2018/04/30 | DDI RULE 2629 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2629 | ||
| DDI RULE 2627 | Possible EMPIRE - HTTP (Request) | 2018/04/24 | DDI RULE 2627 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2627 | ||
| DDI RULE 2628 | HNAP1 Buffer Overflow Exploit - HTTP (Request) | 2018/04/24 | DDI RULE 2628 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2628 | ||
| DDI RULE 2600 | CVE-2017-10271 - Oracle Weblogic Exploit - HTTP (Request) | 2018/04/23 | DDI RULE 2600 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2600 | ||
| DDI RULE 2623 | Remote Code Execution - HTTP (Request) - Variant 2 | 2018/04/16 | DDI RULE 2623 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2623 | ||
| DDI RULE 2621 | Remote Code Execution - HTTP (Request) | 2018/04/10 | DDI RULE 2621 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2621 | ||
| DDI RULE 2622 | CVE-2013-4810 JBoss AS Marshalled Object Remote Code Execution Exploit - HTTP (Request) | 2018/04/10 | DDI RULE 2622 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2622 | ||
| DDI RULE 2605 | UDPOS - HTTP (Request) | 2018/04/10 | DDI RULE 2605 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2605 | ||
| DDI RULE 2619 | CVE-2013-2618 Network Weathermap Remote Code Execution Exploit - HTTP (Request) | 2018/04/04 | DDI RULE 2619 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2619 | ||
| DDI RULE 2620 | Suspicious Executable File Download - HTTP (Response) | 2018/04/04 | DDI RULE 2620 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2620 | ||
| DDI RULE 2618 | CVE-2018-0833 Denial of Sercice - SMB2 (Response) | 2018/04/03 | DDI RULE 2618 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2618 | ||
| DDI RULE 2616 | Suspicious CWS Flash - HTTP (Response) | 2018/03/28 | DDI RULE 2616 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2616 | ||
| DDI RULE 2617 | GANDCRAB - Ransomware - HTTP (Response) | 2018/03/28 | DDI RULE 2617 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2617 | ||
| DDI RULE 2562 | Signed Malware Certificate - SSL | 2018/03/28 | DDI RULE 2562 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2562 | ||
| DDI RULE 2615 | CVE-2017-12629 ApacheSolr XML RCE Exploit - HTTP (Request) | 2018/03/20 | DDI RULE 2615 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2615 | ||
| DDI RULE 2610 | Possible MEMCACHED Amplified DDOS Attempt - UDP (Request) | 2018/03/19 | DDI RULE 2610 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2610 | ||
| DDI RULE 2611 | CANNIBALRAT - HTTP (Request) | 2018/03/19 | DDI RULE 2611 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2611 | ||
| DDI RULE 2612 | NETWIRED - TCP (Request) | 2018/03/19 | DDI RULE 2612 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2612 | ||
| DDI RULE 2613 | POWERSHELL Download - HTTP (Request) - Variant 2 | 2018/03/19 | DDI RULE 2613 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2613 | ||
| DDI RULE 2608 | EMOTET - HTTP (Response) - Variant 2 | 2018/03/12 | DDI RULE 2608 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2608 | ||
| DDI RULE 2607 | NUKESPED - TCP (Response) | 2018/03/01 | DDI RULE 2607 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2607 | ||
| DDI RULE 2593 | CVE-2017-4933 VMWDynResolution Buffer Overflow Exploit - VNC (Request) | 2018/03/01 | DDI RULE 2593 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2593 | ||
| DDI RULE 2606 | HTA Download - HTTP (Request) | 2018/02/26 | DDI RULE 2606 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2606 | ||
| DDI RULE 2603 | CVE-2017-12636 Apache CouchDB Remote Code Execution Exploit - HTTP (Request) | 2018/02/21 | DDI RULE 2603 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2603 | ||
| DDI RULE 2601 | CVE-2017-12635 Apache CouchDB Escalation Privelage - HTTP (Request) | 2018/02/21 | DDI RULE 2601 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2601 | ||
| DDI RULE 2598 | PsExec PETYA - Ransomware - SMB2 | 2018/02/13 | DDI RULE 2598 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2598 | ||
| DDI RULE 2599 | CreateService BADRABBIT - Ransomware - SMB2 | 2018/02/13 | DDI RULE 2599 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2599 | ||
| DDI RULE 2527 | CreateService BADRABBIT - Ransomware - SMB | 2018/02/13 | DDI RULE 2527 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2527 | ||
| DDI RULE 2441 | PsExec PETYA - Ransomware - SMB | 2018/02/13 | DDI RULE 2441 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2441 | ||
| DDI RULE 2592 | PROTUX - HTTP (Request) - Variant 2 | 2018/02/12 | DDI RULE 2592 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2592 | ||
| DDI RULE 2595 | CROSSRAT - TCP (Request) | 2018/02/12 | DDI RULE 2595 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2595 | ||
| DDI RULE 2596 | SMOMINRU - HTTP (Request) | 2018/02/12 | DDI RULE 2596 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2596 | ||
| DDI RULE 2597 | GANDCRAB - Ransomware - HTTP (Request) | 2018/02/12 | DDI RULE 2597 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2597 | ||
| DDI RULE 1854 | SWITREX LOGIN Request | 2018/02/06 | DDI RULE 1854 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1854 | ||
| DDI RULE 2591 | KRBANKER - HTTP (Response) | 2018/01/30 | DDI RULE 2591 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2591 | ||
| DDI RULE 26 | C&C callback attempt | 2018/01/30 | DDI RULE 26 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-26 | ||
| DDI RULE 260 | FAKEAV - HTTP (Request) - Variant 13 | 2018/01/30 | DDI RULE 260 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-260 | ||
| DDI RULE 262 | FAKEAV - HTTP (Request) - Variant 23 | 2018/01/30 | DDI RULE 262 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-262 | ||
| DDI RULE 1771 | RANSOM TCP Request - Class 2 | 2018/01/25 | DDI RULE 1771 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1771 | ||
| DDI RULE 2071 | CERBER - Ransomware - UDP | 2018/01/25 | DDI RULE 2071 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2071 | ||
| DDI RULE 2074 | SURPRISE - Ransomware - HTTP (Request) | 2018/01/25 | DDI RULE 2074 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2074 | ||
| DDI RULE 2077 | CRYPNISCA - Ransomware - UDP | 2018/01/25 | DDI RULE 2077 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2077 | ||
| DDI RULE 2148 | JSRAA - Ransomware - HTTP (Request) | 2018/01/25 | DDI RULE 2148 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2148 | ||
| DDI RULE 1096 | RANSOM - HTTP (Request) - Variant 2 | 2018/01/25 | DDI RULE 1096 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1096 | ||
| DDI RULE 1097 | RANSOM - HTTP (Request) - Variant 3 | 2018/01/25 | DDI RULE 1097 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1097 | ||
| DDI RULE 1164 | RANSOM - HTTP (Request) - Variant 4 | 2018/01/25 | DDI RULE 1164 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1164 | ||
| DDI RULE 1172 | RANSOM - HTTP (Request) - Variant 5 | 2018/01/25 | DDI RULE 1172 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1172 | ||
| DDI RULE 1213 | RANSOM - HTTP (Request) - Variant 6 | 2018/01/25 | DDI RULE 1213 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1213 | ||
| DDI RULE 1295 | RANSOM - HTTP (Request) - Variant 9 | 2018/01/25 | DDI RULE 1295 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1295 | ||
| DDI RULE 1302 | RANSOM - HTTP (Request) - Variant 7 | 2018/01/25 | DDI RULE 1302 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1302 | ||
| DDI RULE 1500 | RANSOM TCP Request - Class 1 | 2018/01/25 | DDI RULE 1500 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1500 | ||
| DDI RULE 1614 | RANSOM - HTTP (Request) - Variant 13 | 2018/01/25 | DDI RULE 1614 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1614 | ||
| DDI RULE 2570 | UBOATRAT - HTTP (Request) | 2018/01/25 | DDI RULE 2570 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2570 | ||
| DDI RULE 2571 | MAILSPLOIT - SMTP (Request) | 2018/01/25 | DDI RULE 2571 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2571 | ||
| DDI RULE 2577 | DIGMINE - HTTP (Request) | 2018/01/25 | DDI RULE 2577 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2577 | ||
| DDI RULE 2578 | CVE-2017-17215 - Remote Code Execution - HTTP (Request) | 2018/01/25 | DDI RULE 2578 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2578 | ||
| DDI RULE 2579 | MALPHISH - HTTP (Request) - Variant 2 | 2018/01/25 | DDI RULE 2579 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2579 | ||
| DDI RULE 258 | FAKEAV - HTTP (Request) - Variant 8 | 2018/01/25 | DDI RULE 258 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-258 | ||
| DDI RULE 2580 | AGENT - HTTP (Request) - Variant 5 | 2018/01/25 | DDI RULE 2580 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2580 | ||
| DDI RULE 2581 | BITMAN - Ransomware - HTTP (Request) | 2018/01/25 | DDI RULE 2581 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2581 | ||
| DDI RULE 2560 | SAD - Ransomware - HTTP (Request) | 2018/01/25 | DDI RULE 2560 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2560 | ||
| DDI RULE 2561 | DYNAMER - HTTP (Request) - Variant 2 | 2018/01/25 | DDI RULE 2561 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2561 | ||
| DDI RULE 2550 | DLINK Command Injection Exploit - HTTP (Request) | 2018/01/25 | DDI RULE 2550 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2550 | ||
| DDI RULE 2554 | ICEDID - HTTP (Request) | 2018/01/25 | DDI RULE 2554 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2554 | ||
| DDI RULE 2555 | TOXOCARA - HTTP (Request) | 2018/01/25 | DDI RULE 2555 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2555 | ||
| DDI RULE 2556 | TIGGRE - TCP (Request) | 2018/01/25 | DDI RULE 2556 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2556 | ||
| DDI RULE 2557 | VOLGMER - HTTP (Request) | 2018/01/25 | DDI RULE 2557 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2557 | ||
| DDI RULE 2558 | CVE-2017-11779 - DNSAPI NSEC3 Buffer Overflow Exploit - DNS (Response) | 2018/01/25 | DDI RULE 2558 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2558 | ||
| DDI RULE 2344 | SPORA - Ransomware - HTTP (Request) | 2018/01/25 | DDI RULE 2344 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2344 | ||
| DDI RULE 2153 | SATANA - Ransomware - HTTP (Request) | 2018/01/25 | DDI RULE 2153 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2153 | ||
| DDI RULE 2227 | SKEEYAH - Ransomware - HTTP (Request) | 2018/01/25 | DDI RULE 2227 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2227 | ||
| DDI RULE 2271 | WILDFIRE - Ransomware - HTTP (Request) | 2018/01/25 | DDI RULE 2271 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2271 | ||
| DDI RULE 2292 | SPICYCRYPT - Ransomware - HTTP (Request) | 2018/01/25 | DDI RULE 2292 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2292 | ||
| DDI RULE 2590 | CVE-2017-6736 - Remote Code Execution Exploit - SNMP (Request) | 2018/01/24 | DDI RULE 2590 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2590 | ||
| DDI RULE 2490 | CVE-2017-9805 - ApacheStruts XStream RCE Exploit - HTTP (Request) | 2018/01/23 | DDI RULE 2490 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2490 | ||
| DDI RULE 2348 | CVE-2017-5638 - APACHE STRUTS EXPLOIT - HTTP (Request) | 2018/01/22 | DDI RULE 2348 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2348 | ||
| DDI RULE 2352 | CVE-2017-5638 - APACHE STRUTS EXPLOIT - HTTP (Request) - Variant 2 | 2018/01/22 | DDI RULE 2352 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2352 | ||
| DDI RULE 2588 | CVE-2017-9822 DotNetNuke Remote Code Execution Exploit - HTTP (Request) | 2018/01/22 | DDI RULE 2588 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2588 | ||
| DDI RULE 2589 | LOKI - HTTP (Response) | 2018/01/18 | DDI RULE 2589 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2589 | ||
| DDI RULE 1475 | FAKEAV - HTTP (Request) - Variant 37 | 2018/01/16 | DDI RULE 1475 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1475 | ||
| DDI RULE 1476 | FAKEAV - HTTP (Request) - Variant 38 | 2018/01/16 | DDI RULE 1476 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1476 | ||
| DDI RULE 1397 | FAKEAV - HTTP (Request) - Variant 25 | 2018/01/16 | DDI RULE 1397 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1397 | ||
| DDI RULE 1250 | FAKEAV - HTTP (Request) - Variant 35 | 2018/01/16 | DDI RULE 1250 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1250 | ||
| DDI RULE 2586 | NECURS - HTTP (Request) - Variant 4 | 2018/01/16 | DDI RULE 2586 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2586 | ||
| DDI RULE 2587 | SAGECRYPT - HTTP (Request) | 2018/01/16 | DDI RULE 2587 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2587 | ||
| DDI RULE 2565 | Data Exfiltration - ICMP (Request) | 2018/01/16 | DDI RULE 2565 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2565 | ||
| DDI RULE 2585 | Ratankba Downloader - HTTP (Response) | 2018/01/15 | DDI RULE 2585 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2585 | ||
| DDI RULE 2583 | Powershell script requested from root directory - HTTP (Request) | 2018/01/15 | DDI RULE 2583 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2583 | ||
| DDI RULE 1885 | Possible Data Exfiltration - DNS (Response) | 2018/01/11 | DDI RULE 1885 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1885 | ||
| DDI RULE 1886 | Data Exfiltration - DNS (Response) | 2018/01/11 | DDI RULE 1886 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1886 | ||
| DDI RULE 2582 | CVE-2017-3248 - UnicastRef Insecure Deserialization | 2018/01/11 | DDI RULE 2582 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2582 | ||
| DDI RULE 2345 | RATANKBA - HTTP (Request) | 2018/01/11 | DDI RULE 2345 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2345 | ||
| DDI RULE 2294 | SUNDOWN - Exploit Kit - HTTP(Request) | 2018/01/09 | DDI RULE 2294 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2294 | ||
| DDI RULE 2575 | Command Injection via UPnP SOAP Interface - HTTP (Request) | 2018/01/09 | DDI RULE 2575 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2575 | ||
| DDI RULE 2576 | Electroneum(ETN) Webminer Malvertisment - HTTP(Request) | 2018/01/04 | DDI RULE 2576 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2576 | ||
| DDI RULE 2117 | DEMOCRY - Ransomware - HTTP (Request) | 2018/01/03 | DDI RULE 2117 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2117 | ||
| DDI RULE 2076 | CRYPZUQUIT - Ransomware - HTTP (Request) | 2018/01/03 | DDI RULE 2076 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2076 | ||
| DDI RULE 2020 | RANSOM LECTOOL HTTP Request | 2018/01/03 | DDI RULE 2020 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2020 | ||
| DDI RULE 2028 | LOCKY - Ransomware - HTTP (Request) | 2018/01/03 | DDI RULE 2028 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2028 | ||
| DDI RULE 2031 | RANSOM HYDRA - HTTP (Request) | 2018/01/03 | DDI RULE 2031 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2031 | ||
| DDI RULE 1344 | RANSOM - HTTP (Request) - Variant 10 | 2018/01/03 | DDI RULE 1344 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1344 | ||
| DDI RULE 1479 | RANSOM - HTTP (Request) - Variant 11 | 2018/01/03 | DDI RULE 1479 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1479 | ||
| DDI RULE 1518 | RANSOM - HTTP (Request) - Variant 12 | 2018/01/03 | DDI RULE 1518 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1518 | ||
| DDI RULE 2305 | EXMAS - Ransomware - HTTP (Request) | 2018/01/03 | DDI RULE 2305 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2305 | ||
| DDI RULE 2278 | KARMA - Ransomware - HTTP (Request) | 2018/01/03 | DDI RULE 2278 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2278 | ||
| DDI RULE 2284 | HIDDENTEARHAPPY - Ransomware - HTTP (Request) | 2018/01/03 | DDI RULE 2284 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2284 | ||
| DDI RULE 2251 | LOCKY - Ransomware - HTTP (Request) - Variant 4 | 2018/01/03 | DDI RULE 2251 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2251 | ||
| DDI RULE 2259 | NUCLEAR - Ransomware - HTTP (Request) | 2018/01/03 | DDI RULE 2259 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2259 | ||
| DDI RULE 2226 | KAWAIILOCKER - Ransomware - HTTP (Request) | 2018/01/03 | DDI RULE 2226 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2226 | ||
| DDI RULE 2166 | PIZACRYP - Ransomware - HTTP (Request) | 2018/01/03 | DDI RULE 2166 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2166 | ||
| DDI RULE 2373 | MATRIX - Ransomware - HTTP (Request) | 2018/01/03 | DDI RULE 2373 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2373 | ||
| DDI RULE 2375 | MATRIX - Ransomware - HTTP (Response) | 2018/01/03 | DDI RULE 2375 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2375 | ||
| DDI RULE 2563 | Data Exfiltration - HTTP (Request) | 2017/12/28 | DDI RULE 2563 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2563 | ||
| DDI RULE 2075 | CRYPRADAM - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2075 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2075 | ||
| DDI RULE 2061 | CRYPWALL - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2061 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2061 | ||
| DDI RULE 2119 | CRIPTODC - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2119 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2119 | ||
| DDI RULE 2120 | BUCBI - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2120 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2120 | ||
| DDI RULE 2093 | CRYPVAULT - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2093 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2093 | ||
| DDI RULE 2094 | CRYPCORE - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2094 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2094 | ||
| DDI RULE 2096 | CRYPAPLHA - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2096 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2096 | ||
| DDI RULE 1860 | CRYPTESLA - Ransomware - HTTP (Request) - Variant 3 | 2017/12/21 | DDI RULE 1860 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1860 | ||
| DDI RULE 2337 | CRYPSHIELD - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2337 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2337 | ||
| DDI RULE 2338 | CERBER - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2338 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2338 | ||
| DDI RULE 2403 | CRYPMOLE - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2403 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2403 | ||
| DDI RULE 2167 | ALFA - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2167 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2167 | ||
| DDI RULE 2228 | CRYPBEE - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2228 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2228 | ||
| DDI RULE 2229 | BARTZ - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2229 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2229 | ||
| DDI RULE 2225 | CRYPY - Ransomware - HTTP (Request) | 2017/12/21 | DDI RULE 2225 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2225 | ||
| DDI RULE 2217 | CRYPHYDRA - Ransomware - HTTP (Request) - Variant 2 | 2017/12/21 | DDI RULE 2217 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2217 | ||
| DDI RULE 1289 | MINER - HTTP (Request) | 2017/12/20 | DDI RULE 1289 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1289 | ||
| DDI RULE 2572 | HTA PowerShell Empire - HTTP (Request) - Variant 2 | 2017/12/20 | DDI RULE 2572 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2572 | ||
| DDI RULE 2573 | MINER - TCP (Request) | 2017/12/20 | DDI RULE 2573 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2573 | ||
| DDI RULE 2409 | File renamed - LOCKY - Ransomware - SMB (Request) | 2017/12/19 | DDI RULE 2409 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2409 | ||
| DDI RULE 241 | Incorrect Content-Type value in header - HTTP (Response) - Variant 2 | 2017/12/19 | DDI RULE 241 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-241 | ||
| DDI RULE 2410 | File renamed - CRYSIS - Ransomware - SMB (Request) | 2017/12/19 | DDI RULE 2410 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2410 | ||
| DDI RULE 2411 | File renamed - WCRY - Ransomware - SMB (Request) | 2017/12/19 | DDI RULE 2411 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2411 | ||
| DDI RULE 2365 | File renamed - SOREBRECT - Ransomware - SMB (Request) | 2017/12/19 | DDI RULE 2365 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2365 | ||
| DDI RULE 2261 | GAFGYT - HTTP (Request) | 2017/12/18 | DDI RULE 2261 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2261 | ||
| DDI RULE 153 | Possible DOWNAD - Encrypted connection - TCP | 2017/12/13 | DDI RULE 153 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-153 | ||
| DDI RULE 2568 | COBALTSTRIKE - DNS (Response) | 2017/12/13 | DDI RULE 2568 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2568 | ||
| DDI RULE 2569 | TOXOCARA - DNS (Response) | 2017/12/13 | DDI RULE 2569 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2569 | ||
| DDI RULE 2564 | Data Exfiltration - TCP (Request) | 2017/12/07 | DDI RULE 2564 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2564 | ||
| DDI RULE 2566 | Data Exfiltration - DNS (Request) | 2017/12/07 | DDI RULE 2566 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2566 | ||
| DDI RULE 2567 | Data Exfiltration - UDP (Request) | 2017/12/07 | DDI RULE 2567 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2567 | ||
| DDI RULE 2423 | FATALISTICZ - HTTP | 2017/12/06 | DDI RULE 2423 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2423 | ||
| DDI RULE 2559 | CVE-2017-12149 - JBOSSAS COMMAND EXECUTION EXPLOIT - HTTP (Request) | 2017/12/04 | DDI RULE 2559 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2559 | ||
| DDI RULE 2516 | Coinhive JavaScript Miner - HTTPS (Request) | 2017/12/04 | DDI RULE 2516 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2516 | ||
| DDI RULE 2552 | Possible Brute force - Telnet (Response) | 2017/11/23 | DDI RULE 2552 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2552 | ||
| DDI RULE 38 | Multiple unsuccessful logon attempts | 2017/11/23 | DDI RULE 38 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-38 | ||
| DDI RULE 386 | UTOTI - HTTP (Request) | 2017/11/23 | DDI RULE 386 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-386 | ||
| DDI RULE 39 | Host DNS query to a non-trusted DNS server | 2017/11/23 | DDI RULE 39 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-39 | ||
| DDI RULE 1034 | KOOBFACE - HTTP (Request) | 2017/11/22 | DDI RULE 1034 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1034 | ||
| DDI RULE 2551 | TRUEBOT - HTTP (Request) | 2017/11/20 | DDI RULE 2551 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2551 | ||
| DDI RULE 1539 | Windows Remote Management Service Detected - HTTP (Request) | 2017/11/15 | DDI RULE 1539 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1539 | ||
| DDI RULE 2537 | Powershell Remote Command Execution Via WinRM - HTTP(Request) | 2017/11/15 | DDI RULE 2537 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2537 | ||
| DDI RULE 2548 | LINKSYS Remote Code Execution - HTTP (Request) | 2017/11/14 | DDI RULE 2548 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2548 | ||
| DDI RULE 2549 | Possible LINKSYS Remote Code Execution - HTTP (Request) | 2017/11/14 | DDI RULE 2549 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2549 | ||
| DDI RULE 2539 | AVTECH Authentication ByPass Exploit- HTTP (Request) | 2017/11/09 | DDI RULE 2539 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2539 | ||
| DDI RULE 2543 | VACRON Remote Code Execution Exploit- HTTP (Request) | 2017/11/09 | DDI RULE 2543 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2543 | ||
| DDI RULE 2544 | JAWS Remote Code Execution Exploit - HTTP (Request) | 2017/11/09 | DDI RULE 2544 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2544 | ||
| DDI RULE 2546 | DLINK Directory Traversal Exploit - HTTP (Request) | 2017/11/09 | DDI RULE 2546 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2546 | ||
| DDI RULE 2547 | NETGEAR DGN1000/DGN2200 Remote Code Execution - HTTP (Request) | 2017/11/09 | DDI RULE 2547 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2547 | ||
| DDI RULE 2540 | REAPER - HTTP (Request) | 2017/11/07 | DDI RULE 2540 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2540 | ||
| DDI RULE 2541 | REAPER - HTTP (Request) - Variant 2 | 2017/11/07 | DDI RULE 2541 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2541 | ||
| DDI RULE 2542 | MINER - HTTP (Response) | 2017/11/07 | DDI RULE 2542 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2542 | ||
| DDI RULE 2538 | APT - WIPBOT - HTTP (Request) | 2017/11/07 | DDI RULE 2538 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2538 | ||
| DDI RULE 1760 | Possible UPATRE - HTTP (Request) | 2017/11/02 | DDI RULE 1760 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1760 | ||
| DDI RULE 2063 | CHOPPER - HTTP (Request) | 2017/11/02 | DDI RULE 2063 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2063 | ||
| DDI RULE 2529 | APT - TURLA - HTTP (Request) | 2017/10/30 | DDI RULE 2529 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2529 | ||
| DDI RULE 253 | RUSTOCK - HTTP (Request) - Variant 2 | 2017/10/30 | DDI RULE 253 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-253 | ||
| DDI RULE 2533 | EDA2ANUBIS - HTTP (Request) | 2017/10/30 | DDI RULE 2533 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2533 | ||
| DDI RULE 2534 | INSOMNIA - HTTP | 2017/10/30 | DDI RULE 2534 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2534 | ||
| DDI RULE 2535 | WEBACOO - HTTP | 2017/10/30 | DDI RULE 2535 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2535 | ||
| DDI RULE 2536 | Netgear ReadyNAS RCE Exploit - HTTP (Request) | 2017/10/30 | DDI RULE 2536 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2536 | ||
| DDI RULE 2128 | HANCITOR - HTTP (Request) | 2017/10/27 | DDI RULE 2128 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2128 | ||
| DDI RULE 2528 | MS17-010 - Remote Code Execution - SMB (Request) - Variant 2 | 2017/10/26 | DDI RULE 2528 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2528 | ||
| DDI RULE 2461 | APT - DAPTER - HTTP (Request) | 2017/10/25 | DDI RULE 2461 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2461 | ||
| DDI RULE 2354 | EXPLOYT - HTTP (Request) - Variant 5 | 2017/10/24 | DDI RULE 2354 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2354 | ||
| DDI RULE 2207 | Possible DLOADER - HTTP (Request) - Variant 6 | 2017/10/24 | DDI RULE 2207 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2207 | ||
| DDI RULE 2525 | SAGE - Ransomware - HTTP (Request) | 2017/10/24 | DDI RULE 2525 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2525 | ||
| DDI RULE 1183 | ZBOT - DNS (Request) | 2017/10/19 | DDI RULE 1183 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1183 | ||
| DDI RULE 2521 | Possible HANCITOR - HTTP (Request) - Variant 2 | 2017/10/19 | DDI RULE 2521 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2521 | ||
| DDI RULE 2522 | DEDEX - HTTP (Request) | 2017/10/19 | DDI RULE 2522 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2522 | ||
| DDI RULE 2523 | DASERF - HTTP (Request) - Variant 2 | 2017/10/19 | DDI RULE 2523 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2523 | ||
| DDI RULE 2524 | GOFARER - HTTP (Request) | 2017/10/19 | DDI RULE 2524 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2524 | ||
| DDI RULE 2494 | APT - ANEL - HTTP (Request) | 2017/10/18 | DDI RULE 2494 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2494 | ||
| DDI RULE 2335 | PRAPDUKAT - TCP | 2017/10/18 | DDI RULE 2335 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2335 | ||
| DDI RULE 1543 | Possible CRILOCK DNS Response | 2017/10/17 | DDI RULE 1543 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1543 | ||
| DDI RULE 2103 | ENIGMA - Ransomware - HTTP (Request) | 2017/10/17 | DDI RULE 2103 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2103 | ||
| DDI RULE 2106 | AUTOLOCKY - Ransomware - HTTP (Request) | 2017/10/17 | DDI RULE 2106 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2106 | ||
| DDI RULE 2112 | MADLOCKER - Ransomware - HTTP (Request) | 2017/10/17 | DDI RULE 2112 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2112 | ||
| DDI RULE 2032 | CRYPTESLA - Ransomware - HTTP (Request) - Variant 4 | 2017/10/17 | DDI RULE 2032 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2032 | ||
| DDI RULE 2034 | RANSOM CRYPTESLA - HTTP (Request) - Variant 5 | 2017/10/17 | DDI RULE 2034 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2034 | ||
| DDI RULE 2376 | HIDDENTEARZORRO - Ransomware - TCP | 2017/10/17 | DDI RULE 2376 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2376 | ||
| DDI RULE 2161 | CYPHERKEY - HTTP (Request) | 2017/10/17 | DDI RULE 2161 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2161 | ||
| DDI RULE 2162 | GOOPIC - HTTP (Request) | 2017/10/17 | DDI RULE 2162 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2162 | ||
| DDI RULE 2163 | CRYPSHOCKER - HTTP (Request) | 2017/10/17 | DDI RULE 2163 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2163 | ||
| DDI RULE 2165 | CRYPMIC - Ransomware - TCP | 2017/10/17 | DDI RULE 2165 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2165 | ||
| DDI RULE 2267 | JACKPOT - Ransomware - HTTP (Request) | 2017/10/17 | DDI RULE 2267 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2267 | ||
| DDI RULE 2296 | CHIP - Ransomware - HTTP (Response) | 2017/10/17 | DDI RULE 2296 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2296 | ||
| DDI RULE 2520 | MAGNITUDE - Exploit Kit - HTTP (Request) - Variant 4 | 2017/10/16 | DDI RULE 2520 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2520 | ||
| DDI RULE 98 | Unidentified protocol using standard service port | 2017/10/16 | DDI RULE 98 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-98 | ||
| DDI RULE 1263 | VIRUT - HTTP (Request) | 2017/10/12 | DDI RULE 1263 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1263 | ||
| DDI RULE 2519 | DLINK DIR8xx leak credentials exploit - HTTP (Request) | 2017/10/12 | DDI RULE 2519 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2519 | ||
| DDI RULE 2025 | NEMUCOD - HTTP (Request) - Variant 6 | 2017/10/11 | DDI RULE 2025 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2025 | ||
| DDI RULE 2062 | NEMUCOD - HTTP (Request) - Variant 7 | 2017/10/11 | DDI RULE 2062 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2062 | ||
| DDI RULE 2051 | NEMUCOD - HTTP (Request) - Variant 5 | 2017/10/11 | DDI RULE 2051 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2051 | ||
| DDI RULE 2083 | CRYPAURA - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2083 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2083 | ||
| DDI RULE 2123 | ZCRYPT - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2123 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2123 | ||
| DDI RULE 2118 | CRYDAP - Ransomware - HTTP (Request) - Variant 2 | 2017/10/11 | DDI RULE 2118 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2118 | ||
| DDI RULE 2097 | EMPER - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2097 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2097 | ||
| DDI RULE 2126 | SNSLOCK - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2126 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2126 | ||
| DDI RULE 2138 | BADBLOCK - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2138 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2138 | ||
| DDI RULE 2140 | CRYPSHED - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2140 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2140 | ||
| DDI RULE 1821 | NEMUCOD HTTP Request | 2017/10/11 | DDI RULE 1821 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1821 | ||
| DDI RULE 1874 | NEMUCOD - HTTP (Request) - Variant 2 | 2017/10/11 | DDI RULE 1874 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1874 | ||
| DDI RULE 2518 | CVE-2017-14496 - DNSMASQ Integer Underflow Exploit - DNS (Request) | 2017/10/11 | DDI RULE 2518 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2518 | ||
| DDI RULE 2489 | APT - KOADIC - HTTP (Request) | 2017/10/11 | DDI RULE 2489 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2489 | ||
| DDI RULE 2291 | NEMUCOD - HTTP (Request) - Variant 8 | 2017/10/11 | DDI RULE 2291 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2291 | ||
| DDI RULE 2233 | MILICRY - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2233 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2233 | ||
| DDI RULE 2235 | FANTOMCRYPT - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2235 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2235 | ||
| DDI RULE 2236 | SERPICO - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2236 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2236 | ||
| DDI RULE 2164 | BART - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2164 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2164 | ||
| DDI RULE 2206 | CRYPSALAM - Ransomware - HTTP (Request) - Variant 2 | 2017/10/11 | DDI RULE 2206 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2206 | ||
| DDI RULE 2196 | BUTERAT - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2196 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2196 | ||
| DDI RULE 2218 | POGOTEAR - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2218 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2218 | ||
| DDI RULE 2215 | JAGER - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2215 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2215 | ||
| DDI RULE 2216 | TELANATEAR - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2216 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2216 | ||
| DDI RULE 2316 | BRAINCRYPT - Ransomware - HTTP(Request) | 2017/10/11 | DDI RULE 2316 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2316 | ||
| DDI RULE 2317 | POPCORNTYM - Ransomware - HTTP(Request) | 2017/10/11 | DDI RULE 2317 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2317 | ||
| DDI RULE 2318 | CRYPBLOCK - Ransomware - HTTP(Request) | 2017/10/11 | DDI RULE 2318 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2318 | ||
| DDI RULE 2319 | EDA2RUNSOME - Ransomware - HTTP(Request) | 2017/10/11 | DDI RULE 2319 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2319 | ||
| DDI RULE 2322 | JOKEMARS - Ransomware - HTTP (Request) | 2017/10/11 | DDI RULE 2322 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2322 | ||
| DDI RULE 2506 | SSV-93588 - DiscuszX File Operation Exploit - HTTP (Request) | 2017/10/10 | DDI RULE 2506 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2506 | ||
| DDI RULE 2517 | CVE-2017-14493 - DNSMASQ Buffer Overflow Exploit - DHCP (Request) | 2017/10/10 | DDI RULE 2517 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2517 | ||
| DDI RULE 2504 | CVE-2017-9798 - APACHE OPTIONSBLEED Vulnerability - HTTP (Response) | 2017/10/09 | DDI RULE 2504 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2504 | ||
| DDI RULE 1877 | ANGLER - Exploit Kit - HTTP(Request) - Variant 3 | 2017/10/03 | DDI RULE 1877 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1877 | ||
| DDI RULE 2122 | CRILOCK - Ransomware - HTTP (Request) | 2017/10/03 | DDI RULE 2122 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2122 | ||
| DDI RULE 2086 | WALTRIX - Ransomware - TCP | 2017/10/03 | DDI RULE 2086 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2086 | ||
| DDI RULE 2124 | XORBAT - Ransomware - HTTP (Request) | 2017/10/03 | DDI RULE 2124 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2124 | ||
| DDI RULE 2081 | CRYPTEAR - Ransomware - HTTP (Request) | 2017/10/03 | DDI RULE 2081 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2081 | ||
| DDI RULE 2082 | COVERTON - Ransomware - HTTP (Request) | 2017/10/03 | DDI RULE 2082 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2082 | ||
| DDI RULE 2046 | VAWTRAK - HTTP (Request) - Variant 7 | 2017/10/03 | DDI RULE 2046 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2046 | ||
| DDI RULE 2057 | CRYDAP - Ransomware - HTTP (Request) | 2017/10/03 | DDI RULE 2057 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2057 | ||
| DDI RULE 2058 | CVE-2016-0128 - Windows Downgrade Vulnerability - DCE-RPC | 2017/10/03 | DDI RULE 2058 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2058 | ||
| DDI RULE 2059 | CVE-2016-0128 - Unencrypted Authentication Level - SAMR (Request) | 2017/10/03 | DDI RULE 2059 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2059 | ||
| DDI RULE 2513 | TERROR - Exploit Kit - HTTP(Request) | 2017/10/03 | DDI RULE 2513 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2513 | ||
| DDI RULE 2514 | TERROR - Exploit Kit - HTTP(Response) | 2017/10/03 | DDI RULE 2514 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2514 | ||
| DDI RULE 940 | APT - WATERBEAR - TCP (Request) | 2017/10/03 | DDI RULE 940 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-940 | ||
| DDI RULE 2505 | Linux Reverse Shell - TCP (Response) | 2017/10/02 | DDI RULE 2505 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2505 | ||
| DDI RULE 2452 | Wget Commandline Injection | 2017/10/02 | DDI RULE 2452 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2452 | ||
| DDI RULE 2503 | SCRIPT DOWNLOADER - HTTP (Request) | 2017/09/28 | DDI RULE 2503 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2503 | ||
| DDI RULE 2499 | CVE-2016-10174 - NETGEAR Remote Code Execution - HTTP (Request) | 2017/09/27 | DDI RULE 2499 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2499 | ||
| DDI RULE 25 | Host DNS IAXFR/IXFR request from a non-trusted source | 2017/09/27 | DDI RULE 25 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-25 | ||
| DDI RULE 2500 | Executable Image Download - HTTP (Response) | 2017/09/26 | DDI RULE 2500 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2500 | ||
| DDI RULE 2501 | APT - RETADUP - HTTP (Request) | 2017/09/26 | DDI RULE 2501 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2501 | ||
| DDI RULE 2502 | CVE-2017-5689 - Intel AMT Digest Authentication Bypass exploit - HTTP (Request) | 2017/09/26 | DDI RULE 2502 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2502 | ||
| DDI RULE 2497 | CCHACK - DNS (Response) | 2017/09/26 | DDI RULE 2497 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2497 | ||
| DDI RULE 2498 | CVE-2017-12615 - APACHE TOMCAT Remote Code Execution via JSP Upload - HTTP (Request) | 2017/09/26 | DDI RULE 2498 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2498 | ||
| DDI RULE 2495 | APOLLO - Ransomware - HTTP (Request) | 2017/09/21 | DDI RULE 2495 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2495 | ||
| DDI RULE 2496 | APT - LAGEMER - HTTP (Request) | 2017/09/21 | DDI RULE 2496 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2496 | ||
| DDI RULE 2493 | CVE-2017-8759 - SOAP WSDL Command Injection Exploit- HTTP (Request) | 2017/09/19 | DDI RULE 2493 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2493 | ||
| DDI RULE 2481 | DOWNLOADER - HTTP (Response) | 2017/09/19 | DDI RULE 2481 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2481 | ||
| DDI RULE 2492 | KARAGANY - HTTP (Request) | 2017/09/18 | DDI RULE 2492 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2492 | ||
| DDI RULE 1434 | Remote PHP-CGI Command Execution - HTTP (Request) | 2017/09/14 | DDI RULE 1434 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1434 | ||
| DDI RULE 2197 | Possible DLOADER - HTTP (Request) - Variant 4 | 2017/09/14 | DDI RULE 2197 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2197 | ||
| DDI RULE 2486 | DOWNLOADER - HTTP (Request) - Variant 2 | 2017/09/11 | DDI RULE 2486 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2486 | ||
| DDI RULE 2479 | INFOSTEAL - HTTP (Request) - Variant 3 | 2017/09/11 | DDI RULE 2479 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2479 | ||
| DDI RULE 2460 | RIG - Exploit Kit - HTTP(Request) - Variant 4 | 2017/09/11 | DDI RULE 2460 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2460 | ||
| DDI RULE 2491 | CVE-2017-12611 - APACHE STRUTS EXPLOIT - HTTP (Request) | 2017/09/08 | DDI RULE 2491 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2491 | ||
| DDI RULE 918 | APT - ESILE - HTTP (Request) | 2017/09/07 | DDI RULE 918 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-918 | ||
| DDI RULE 2487 | ELKNOT - TCP | 2017/09/06 | DDI RULE 2487 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2487 | ||
| DDI RULE 2488 | STRIKED - Ransomware - HTTP (Request) | 2017/09/06 | DDI RULE 2488 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2488 | ||
| DDI RULE 2414 | CVE-2017-5689 - Authentication bypass - HTTP(Request) | 2017/09/06 | DDI RULE 2414 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2414 | ||
| DDI RULE 2329 | Metasploit(Payload) - Reverse RUBY TCP Response | 2017/09/06 | DDI RULE 2329 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2329 | ||
| DDI RULE 2353 | S2-046 - APACHE STRUTS EXPLOIT - HTTP (Request) | 2017/09/06 | DDI RULE 2353 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2353 | ||
| DDI RULE 2356 | Bleeding Life - Exploit Kit - HTTP (Request) | 2017/09/06 | DDI RULE 2356 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2356 | ||
| DDI RULE 2392 | IP Camera Remote Code Execution - HTTP (Request) | 2017/09/06 | DDI RULE 2392 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2392 | ||
| DDI RULE 2254 | Metasploit(Payload) - Reverse Lua TCP | 2017/09/06 | DDI RULE 2254 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2254 | ||
| DDI RULE 2255 | Metasploit(Payload) - Reverse BASH TCP | 2017/09/06 | DDI RULE 2255 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2255 | ||
| DDI RULE 2484 | KHRAT - TCP | 2017/09/05 | DDI RULE 2484 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2484 | ||
| DDI RULE 2485 | CCTV-DVR Remote Code Execution - HTTP (Request) | 2017/09/05 | DDI RULE 2485 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2485 | ||
| DDI RULE 2116 | LOCKY - Ransomware - HTTP (Request) - Variant 2 | 2017/09/04 | DDI RULE 2116 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2116 | ||
| DDI RULE 2472 | CARBANAK - DNS (Response) | 2017/09/04 | DDI RULE 2472 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2472 | ||
| DDI RULE 2435 | MS17-010 - Remote Code Execution - SMB (Request) | 2017/09/04 | DDI RULE 2435 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2435 | ||
| DDI RULE 2380 | CVE-2017-0147 - Information Disclosure Exploit - SMB (Request) | 2017/09/04 | DDI RULE 2380 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2380 | ||
| DDI RULE 2382 | CVE-2017-0145 - Remote Code Execution - SMB (Request) | 2017/09/04 | DDI RULE 2382 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2382 | ||
| DDI RULE 2383 | CVE-2017-0144 - Remote Code Execution - SMB (Request) | 2017/09/04 | DDI RULE 2383 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2383 | ||
| DDI RULE 570 | WIMMIE - HTTP (Request) - Variant 2 | 2017/09/04 | DDI RULE 570 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-570 | ||
| DDI RULE 571 | WIMMIE - HTTP (Request) | 2017/09/04 | DDI RULE 571 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-571 | ||
| DDI RULE 639 | MORTOS DNS (Response) | 2017/09/04 | DDI RULE 639 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-639 | ||
| DDI RULE 64 | Possible NOP sled | 2017/09/04 | DDI RULE 64 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-64 | ||
| DDI RULE 2030 | FLASH EXPLOIT - HTTP (Request) | 2017/08/31 | DDI RULE 2030 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2030 | ||
| DDI RULE 1226 | IRCBOT - HTTP (Request) - Variant 2 | 2017/08/31 | DDI RULE 1226 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1226 | ||
| DDI RULE 1236 | IRCBOT - HTTP (Request) | 2017/08/31 | DDI RULE 1236 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1236 | ||
| DDI RULE 1100 | QAKBOT - HTTP (Request) - Variant 7 | 2017/08/31 | DDI RULE 1100 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1100 | ||
| DDI RULE 2482 | DLOADER - HTTP (Request) - Variant 10 | 2017/08/31 | DDI RULE 2482 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2482 | ||
| DDI RULE 422 | QAKBOT - HTTP (Request) | 2017/08/31 | DDI RULE 422 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-422 | ||
| DDI RULE 423 | FAKEAV - HTTP (Request) - Variant 16 | 2017/08/31 | DDI RULE 423 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-423 | ||
| DDI RULE 424 | QAKBOT - FTP (Request) | 2017/08/31 | DDI RULE 424 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-424 | ||
| DDI RULE 425 | QAKBOT - HTTP (Request) - Variant 4 | 2017/08/31 | DDI RULE 425 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-425 | ||
| DDI RULE 460 | NETBOT - TCP | 2017/08/30 | DDI RULE 460 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-460 | ||
| DDI RULE 407 | GUMBLAR - HTTP (Request) | 2017/08/30 | DDI RULE 407 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-407 | ||
| DDI RULE 41 | Malware-related subject and packed executable file - Email | 2017/08/30 | DDI RULE 41 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-41 | ||
| DDI RULE 436 | CHIR - UDP | 2017/08/30 | DDI RULE 436 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-436 | ||
| DDI RULE 437 | REMOSH - TCP | 2017/08/30 | DDI RULE 437 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-437 | ||
| DDI RULE 44 | File with multiple extensions ending with executable extension | 2017/08/30 | DDI RULE 44 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-44 | ||
| DDI RULE 441 | DLL injection - SMB | 2017/08/30 | DDI RULE 441 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-441 | ||
| DDI RULE 2480 | DEFRAY - Ransomware - HTTP (Request) | 2017/08/30 | DDI RULE 2480 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2480 | ||
| DDI RULE 2477 | KOPILUWAK - HTTP (Request) | 2017/08/28 | DDI RULE 2477 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2477 | ||
| DDI RULE 2478 | DOWNLOADER - HTTP (Request) | 2017/08/28 | DDI RULE 2478 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2478 | ||
| DDI RULE 2474 | APT - PLEAD - TCP (Request) | 2017/08/24 | DDI RULE 2474 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2474 | ||
| DDI RULE 2475 | CVE-2017-8620 - Remote Code Execution - SMB (Request) | 2017/08/24 | DDI RULE 2475 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2475 | ||
| DDI RULE 2476 | CVE-2017-8620 - Remote Code Execution - SMB2 (Request) | 2017/08/24 | DDI RULE 2476 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2476 | ||
| DDI RULE 1174 | MALEX - HTTP (Request) | 2017/08/23 | DDI RULE 1174 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1174 | ||
| DDI RULE 1465 | MALEX - HTTP (Request) - Variant 2 | 2017/08/23 | DDI RULE 1465 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1465 | ||
| DDI RULE 917 | MALEX - HTTP (Request) | 2017/08/23 | DDI RULE 917 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-917 | ||
| DDI RULE 1544 | Possible CAPHAW DNS Response | 2017/08/22 | DDI RULE 1544 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1544 | ||
| DDI RULE 1542 | Possible CONFICKER DNS Response | 2017/08/22 | DDI RULE 1542 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1542 | ||
| DDI RULE 1629 | DISCPY - HTTP (Request) | 2017/08/22 | DDI RULE 1629 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1629 | ||
| DDI RULE 1526 | APT - ZAPCHAST - HTTP (Request) - Variant 4 | 2017/08/15 | DDI RULE 1526 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1526 | ||
| DDI RULE 1489 | APT - ZAPCHAST - HTTP (Request) | 2017/08/15 | DDI RULE 1489 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1489 | ||
| DDI RULE 1413 | APT - ZEGOST - HTTP (Request) - Variant 6 | 2017/08/15 | DDI RULE 1413 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1413 | ||
| DDI RULE 1154 | APT - ZEGOST - HTTP (Request) - Variant 3 | 2017/08/15 | DDI RULE 1154 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1154 | ||
| DDI RULE 1145 | APT - ZEGOST - HTTP (Request) - Variant 4 | 2017/08/15 | DDI RULE 1145 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1145 | ||
| DDI RULE 932 | APT - ZAPCHAST - HTTP (Request) - Variant 3 | 2017/08/15 | DDI RULE 932 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-932 | ||
| DDI RULE 2471 | SMBLORIS Exploit - SMB (Request) | 2017/08/15 | DDI RULE 2471 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2471 | ||
| DDI RULE 548 | APT - ZEGOST - HTTP (Request) | 2017/08/15 | DDI RULE 548 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-548 | ||
| DDI RULE 55 | File name with multiple consecutive spaces and executable extension | 2017/08/15 | DDI RULE 55 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-55 | ||
| DDI RULE 649 | ZEUS - HTTP (Request) | 2017/08/14 | DDI RULE 649 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-649 | ||
| DDI RULE 468 | AUTORUN - HTTP (Request) - Variant 16 | 2017/08/10 | DDI RULE 468 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-468 | ||
| DDI RULE 2473 | HADESLOCK - Ransomware - HTTP (Request) | 2017/08/10 | DDI RULE 2473 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2473 | ||
| DDI RULE 2465 | INFOSTEAL - HTTP (Request) - Variant 2 | 2017/08/09 | DDI RULE 2465 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2465 | ||
| DDI RULE 2468 | TACKBIT - TCP (Request) | 2017/08/08 | DDI RULE 2468 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2468 | ||
| DDI RULE 2464 | GOODOR - HTTP (Request) | 2017/08/03 | DDI RULE 2464 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2464 | ||
| DDI RULE 2306 | KVNDM - HTTP (Request) | 2017/08/02 | DDI RULE 2306 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2306 | ||
| DDI RULE 2466 | Accessed non-existing administrative share - SMB | 2017/08/01 | DDI RULE 2466 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2466 | ||
| DDI RULE 2467 | RETEFE - HTTP (Response) | 2017/08/01 | DDI RULE 2467 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2467 | ||
| DDI RULE 2455 | APT - MICROPSIA - HTTP (Request) | 2017/08/01 | DDI RULE 2455 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2455 | ||
| DDI RULE 612 | Scheduled tasks via SMB protocol detected | 2017/08/01 | DDI RULE 612 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-612 | ||
| DDI RULE 2313 | CVE-2017-3823 - WebEx Browser Extension Exploit - HTTP (Response) | 2017/07/31 | DDI RULE 2313 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2313 | ||
| DDI RULE 2442 | Possible PsExec PETYA - Ransomware - SMB | 2017/07/27 | DDI RULE 2442 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2442 | ||
| DDI RULE 2440 | CVE-2015-5374 - SIEMENS SIPROTECT DENIAL OF SERVICE - UDP (Request) | 2017/07/27 | DDI RULE 2440 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2440 | ||
| DDI RULE 1301 | DELF - HTTP (Request) | 2017/07/26 | DDI RULE 1301 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1301 | ||
| DDI RULE 2458 | COMMAND INJECTION IN URI - HTTP | 2017/07/26 | DDI RULE 2458 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2458 | ||
| DDI RULE 2462 | KOVTER - HTTP (Request) - Variant 2 | 2017/07/26 | DDI RULE 2462 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2462 | ||
| DDI RULE 1319 | ONESCAN - HTTP (Request) - Variant 2 | 2017/07/25 | DDI RULE 1319 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1319 | ||
| DDI RULE 1335 | FAREIT - HTTP (Request) - Variant 2 | 2017/07/25 | DDI RULE 1335 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1335 | ||
| DDI RULE 1341 | BICOLOLO - HTTP (Request) - Variant 2 | 2017/07/25 | DDI RULE 1341 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1341 | ||
| DDI RULE 1261 | TDSS - HTTP (Request) - Variant 3 | 2017/07/25 | DDI RULE 1261 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1261 | ||
| DDI RULE 1170 | ANDROMEDA - HTTP (Request) | 2017/07/25 | DDI RULE 1170 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1170 | ||
| DDI RULE 1229 | ALINA HTTP request - Variant 1 | 2017/07/25 | DDI RULE 1229 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1229 | ||
| DDI RULE 123 | Possible KAVO - HTTP (Request) | 2017/07/25 | DDI RULE 123 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-123 | ||
| DDI RULE 1210 | CYBOT - HTTP (Request) - Variant 3 | 2017/07/25 | DDI RULE 1210 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1210 | ||
| DDI RULE 1143 | APT - FAKEMS - HTTP (Request) - Variant 2 | 2017/07/25 | DDI RULE 1143 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1143 | ||
| DDI RULE 1117 | APT - IXESHE - HTTP (Request) - Variant 2 | 2017/07/25 | DDI RULE 1117 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1117 | ||
| DDI RULE 1134 | CLICKPOTATO - HTTP (Request) | 2017/07/25 | DDI RULE 1134 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1134 | ||
| DDI RULE 1115 | KRYPTIK - HTTP (Request) - Variant 2 | 2017/07/25 | DDI RULE 1115 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1115 | ||
| DDI RULE 1082 | EXPLOYT - HTTP (Request) - Variant 2 | 2017/07/25 | DDI RULE 1082 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1082 | ||
| DDI RULE 1083 | WANDA - HTTP (Request) | 2017/07/25 | DDI RULE 1083 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1083 | ||
| DDI RULE 1085 | RED OCTOBER ATTACK - HTTP (Request) | 2017/07/25 | DDI RULE 1085 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1085 | ||
| DDI RULE 1005 | TROJAN - HTTP (Request) - Variant 14 | 2017/07/25 | DDI RULE 1005 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1005 | ||
| DDI RULE 1438 | DEXTR - HTTP (Request) - Variant 2 | 2017/07/25 | DDI RULE 1438 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1438 | ||
| DDI RULE 1412 | TICKER - HTTP (Request) | 2017/07/25 | DDI RULE 1412 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1412 | ||
| DDI RULE 1379 | INJECTO - HTTP (Request) - Variant 2 | 2017/07/25 | DDI RULE 1379 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1379 | ||
| DDI RULE 1392 | SCAR - HTTP (Request) - Variant 4 | 2017/07/25 | DDI RULE 1392 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1392 | ||
| DDI RULE 1363 | ANDROMEDA - HTTP (Request) - Variant 2 | 2017/07/25 | DDI RULE 1363 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1363 | ||
| DDI RULE 1381 | KELIHOS - HTTP (Request) - Variant 3 | 2017/07/25 | DDI RULE 1381 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1381 | ||
| DDI RULE 1455 | GATAK - HTTP (Request) | 2017/07/25 | DDI RULE 1455 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1455 | ||
| DDI RULE 1557 | BANLOAD - HTTP (Request) - Variant 6 | 2017/07/25 | DDI RULE 1557 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1557 | ||
| DDI RULE 1659 | MAENER - HTTP (Request) | 2017/07/25 | DDI RULE 1659 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1659 | ||
| DDI RULE 1741 | BANKPINT - HTTP (Request) | 2017/07/25 | DDI RULE 1741 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1741 | ||
| DDI RULE 212 | NYXEM - HTTP (Request) | 2017/07/25 | DDI RULE 212 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-212 | ||
| DDI RULE 2147 | ANDROMEDA - HTTP (Request) - Variant 7 | 2017/07/25 | DDI RULE 2147 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2147 | ||
| DDI RULE 1829 | ANDROMEDA - HTTP (Request) - Variant 5 | 2017/07/25 | DDI RULE 1829 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1829 | ||
| DDI RULE 183 | MONKIFF - HTTP (Response) - Variant 1 | 2017/07/25 | DDI RULE 183 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-183 | ||
| DDI RULE 1830 | ANDROMEDA - HTTP (Request) - Variant 4 | 2017/07/25 | DDI RULE 1830 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1830 | ||
| DDI RULE 2453 | APT - EMSRY - HTTP (Request) | 2017/07/25 | DDI RULE 2453 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2453 | ||
| DDI RULE 2159 | ANDROMEDA - HTTP (Request) - Variant 8 | 2017/07/25 | DDI RULE 2159 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2159 | ||
| DDI RULE 651 | BREDOLAB - HTTP (Request) - Variant 6 | 2017/07/25 | DDI RULE 651 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-651 | ||
| DDI RULE 1128 | BANLOAD - HTTP (Request) | 2017/07/24 | DDI RULE 1128 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1128 | ||
| DDI RULE 1220 | SIMDA - HTTP (Request) - Variant 2 | 2017/07/24 | DDI RULE 1220 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1220 | ||
| DDI RULE 1300 | FARFLI - HTTP (Request) | 2017/07/24 | DDI RULE 1300 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1300 | ||
| DDI RULE 547 | CRIDEX - HTTP (Request) | 2017/07/24 | DDI RULE 547 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-547 | ||
| DDI RULE 2456 | TELEBOT - HTTP (Request) | 2017/07/24 | DDI RULE 2456 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2456 | ||
| DDI RULE 2439 | CVE-2017-3881 - Remote Code Execution - TELNET (Request) | 2017/07/20 | DDI RULE 2439 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2439 | ||
| DDI RULE 1242 | XTREME - HTTP (Request) | 2017/07/17 | DDI RULE 1242 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1242 | ||
| DDI RULE 2454 | APT - SFDER - HTTP (Request) | 2017/07/17 | DDI RULE 2454 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2454 | ||
| DDI RULE 1142 | PROXY - HTTP (Request) | 2017/07/13 | DDI RULE 1142 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1142 | ||
| DDI RULE 1621 | ANDROMEDA - HTTP (Request) - Variant 2 | 2017/07/13 | DDI RULE 1621 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1621 | ||
| DDI RULE 1276 | VAWTRAK - HTTP (Request) | 2017/07/12 | DDI RULE 1276 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1276 | ||
| DDI RULE 2448 | REGEORG - HTTP (Response) | 2017/07/12 | DDI RULE 2448 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2448 | ||
| DDI RULE 2451 | SHELLBIND - TCP (Request) | 2017/07/12 | DDI RULE 2451 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2451 | ||
| DDI RULE 2377 | Remote Code Execution Vulnerability - RDP | 2017/07/12 | DDI RULE 2377 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2377 | ||
| DDI RULE 2378 | EXAMINE Buffer Overflow - IMAP4 (Request) | 2017/07/12 | DDI RULE 2378 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2378 | ||
| DDI RULE 2379 | CRAM-MD5 Authentication Buffer Overflow - IMAP4 (Request) | 2017/07/12 | DDI RULE 2379 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2379 | ||
| DDI RULE 238 | EMOTI - HTTP (Request) | 2017/07/12 | DDI RULE 238 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-238 | ||
| DDI RULE 1736 | Remote Clear Event through SMB2 Protocol Detected | 2017/07/11 | DDI RULE 1736 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1736 | ||
| DDI RULE 1730 | Remote Delete Job through SMB2 ATSVC Detected | 2017/07/11 | DDI RULE 1730 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1730 | ||
| DDI RULE 1731 | Remote Add Job through SMB2 Protocol Detected | 2017/07/11 | DDI RULE 1731 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1731 | ||
| DDI RULE 1753 | Remote Service exectution through SMB2 ATSVC detected | 2017/07/11 | DDI RULE 1753 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1753 | ||
| DDI RULE 1754 | Remote Registry modification through SMB2 protocol detected | 2017/07/11 | DDI RULE 1754 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1754 | ||
| DDI RULE 2449 | CVE-2017-9791 - APACHE STRUTS EXPLOIT - HTTP (Request) | 2017/07/11 | DDI RULE 2449 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2449 | ||
| DDI RULE 2438 | HIDDENCOBRA - TCP (Response) | 2017/07/11 | DDI RULE 2438 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2438 | ||
| DDI RULE 2436 | CVE-2017-8543 - Remote Code Execution - SMB (Request) | 2017/07/10 | DDI RULE 2436 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2436 | ||
| DDI RULE 2437 | CVE-2017-8543 - Remote Code Execution - SMB2 (Request) | 2017/07/10 | DDI RULE 2437 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2437 | ||
| DDI RULE 2446 | RETADUP - TCP | 2017/07/10 | DDI RULE 2446 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2446 | ||
| DDI RULE 2450 | UPATRE - HTTP (Request) | 2017/07/10 | DDI RULE 2450 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2450 | ||
| DDI RULE 2447 | NUCLEX - TCP (Request) | 2017/07/06 | DDI RULE 2447 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2447 | ||
| DDI RULE 2280 | DUNIHI - TCP | 2017/07/06 | DDI RULE 2280 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2280 | ||
| DDI RULE 2290 | Possible Brute force - FTP | 2017/07/04 | DDI RULE 2290 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2290 | ||
| DDI RULE 2289 | Unsuccessful logon - FTP | 2017/07/04 | DDI RULE 2289 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2289 | ||
| DDI RULE 2443 | SPORA - Ransomware - HTTP (Response) | 2017/07/03 | DDI RULE 2443 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2443 | ||
| DDI RULE 2444 | INDUSTROYER - HTTP (Request) | 2017/07/03 | DDI RULE 2444 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2444 | ||
| DDI RULE 2434 | EREBUS - Ransomware - HTTP (Request) | 2017/07/03 | DDI RULE 2434 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2434 | ||
| DDI RULE 909 | APT - IXESHE - HTTP (Request) | 2017/07/03 | DDI RULE 909 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-909 | ||
| DDI RULE 91 | Executable file - TFTP | 2017/07/03 | DDI RULE 91 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-91 | ||
| DDI RULE 2018 | DUNIHI HTTP Response | 2017/06/29 | DDI RULE 2018 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2018 | ||
| DDI RULE 2014 | CVE-2016-0034 SILVERLIGHT RUNTIME RCE EXPLOIT | 2017/06/29 | DDI RULE 2014 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2014 | ||
| DDI RULE 355 | HUPIGON - HTTP (Request) - Variant 2 | 2017/06/29 | DDI RULE 355 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-355 | ||
| DDI RULE 359 | STRAT - HTTP (Request) - Variant 2 | 2017/06/29 | DDI RULE 359 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-359 | ||
| DDI RULE 2429 | EQUATED - Exploit Attempt - SMB (Response) | 2017/06/28 | DDI RULE 2429 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2429 | ||
| DDI RULE 2384 | Possible EQUATED - Remote Code Execution - SMB (Request) | 2017/06/28 | DDI RULE 2384 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2384 | ||
| DDI RULE 2390 | EQUATED - SMB (Response) | 2017/06/28 | DDI RULE 2390 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2390 | ||
| DDI RULE 1499 | DLOADER - HTTP (Request) | 2017/06/27 | DDI RULE 1499 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1499 | ||
| DDI RULE 2431 | LIGHTNING - Ransomware - HTTP (Request) | 2017/06/26 | DDI RULE 2431 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2431 | ||
| DDI RULE 1580 | GRAFTOR - HTTP (Request) | 2017/06/21 | DDI RULE 1580 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1580 | ||
| DDI RULE 1268 | Reverse HTTPS Meterpreter detected - Variant 2 | 2017/06/21 | DDI RULE 1268 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1268 | ||
| DDI RULE 1316 | DUNIHI - HTTP (Request) | 2017/06/15 | DDI RULE 1316 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1316 | ||
| DDI RULE 2433 | FIREBALL - HTTP (Request) | 2017/06/15 | DDI RULE 2433 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2433 | ||
| DDI RULE 2388 | Unsuccessful logon - RDP | 2017/06/15 | DDI RULE 2388 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2388 | ||
| DDI RULE 2184 | Successful logon - RDP | 2017/06/15 | DDI RULE 2184 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2184 | ||
| DDI RULE 2211 | Unsuccessful logon using default Administrator account - RDP | 2017/06/15 | DDI RULE 2211 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2211 | ||
| DDI RULE 2212 | Possible Brute force - RDP | 2017/06/15 | DDI RULE 2212 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2212 | ||
| DDI RULE 2213 | Possible Brute force using privileged user - RDP | 2017/06/15 | DDI RULE 2213 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2213 | ||
| DDI RULE 85 | Executable requested from root directory of web server | 2017/06/15 | DDI RULE 85 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-85 | ||
| DDI RULE 88 | File with malware-related file name - HTTP (Request) | 2017/06/15 | DDI RULE 88 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-88 | ||
| DDI RULE 89 | File with spyware-related file name - HTTP (Request) | 2017/06/15 | DDI RULE 89 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-89 | ||
| DDI RULE 9 | Archive file containing executable file with suspicious extension - Variant 1 | 2017/06/15 | DDI RULE 9 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-9 | ||
| DDI RULE 609 | Successful logon using default Administrator account - RDP | 2017/06/15 | DDI RULE 609 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-609 | ||
| DDI RULE 61 | JPEG exploit | 2017/06/15 | DDI RULE 61 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-61 | ||
| DDI RULE 1195 | Remote Add Job through SMB Protocol Detected | 2017/06/14 | DDI RULE 1195 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1195 | ||
| DDI RULE 1196 | Remote Delete Job through SMB Detected | 2017/06/14 | DDI RULE 1196 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1196 | ||
| DDI RULE 1653 | PWDUMP through SMB Protocol Detected | 2017/06/14 | DDI RULE 1653 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1653 | ||
| DDI RULE 554 | Successful log on to MSSQL service | 2017/06/14 | DDI RULE 554 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-554 | ||
| DDI RULE 555 | Unsuccessful log on to MSSQL service | 2017/06/14 | DDI RULE 555 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-555 | ||
| DDI RULE 693 | Remote Service execution through SMB ATSVC detected | 2017/06/14 | DDI RULE 693 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-693 | ||
| DDI RULE 2417 | CVE-2017-7494 - Remote Code Execution - SMB (Request) - Variant 2 | 2017/06/14 | DDI RULE 2417 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2417 | ||
| DDI RULE 2408 | Remote Enumerate Job through SMB protocol detected | 2017/06/14 | DDI RULE 2408 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-2408 | ||
| DDI RULE 319 | VIRTUMONDE - HTTP (Request) | 2017/06/14 | DDI RULE 319 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-319 | ||
| DDI RULE 32 | Suspicious executable file extension - Variant 3 | 2017/06/14 | DDI RULE 32 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-32 | ||
| DDI RULE 1541 | EMOTET - HTTP (Request) | 2017/06/13 | DDI RULE 1541 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1541 | ||
| DDI RULE 1618 | CVE-2014-6271 - Shellshock HTTP Request | 2017/06/13 | DDI RULE 1618 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1618 | ||
| DDI RULE 1471 | JACKPOS - HTTP (Request) | 2017/06/13 | DDI RULE 1471 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1471 | ||
| DDI RULE 1284 | VBNA - HTTP (Request) | 2017/06/13 | DDI RULE 1284 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1284 | ||
| DDI RULE 1872 | BANKER - HTTP (Request) - Variant 27 | 2017/06/13 | DDI RULE 1872 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-1872 | ||
| DDI RULE 372 | APT - GHOSTRAT - TCP | 2017/06/13 | DDI RULE 372 | /vinfo/cn/threat-encyclopedia/network/ddi-rule-372 |
通过以下社交网站联系我们