Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Suricata_Rules_Descriptionaa
SURICATA Applayer Mismatch protocol both directions
SURICATA Applayer Wrong direction first Data
SURICATA Applayer Detect protocol only one direction
SURICATA Applayer Protocol detection skipped
SURICATA Applayer No TLS after STARTTLS
SURICATA Applayer Unexpected protocol
ET CNC Shadowserver Reported CnC Server Port 80 Group 1
ET CNC Shadowserver Reported CnC Server Port 81 Group 1
ET CNC Shadowserver Reported CnC Server Port 443 Group 1
ET CNC Shadowserver Reported CnC Server Port 1337 Group 1
ET CNC Shadowserver Reported CnC Server Port 1863 Group 1
ET CNC Shadowserver Reported CnC Server Port 1888 Group 1
ET CNC Shadowserver Reported CnC Server Port 2319 Group 1
ET CNC Shadowserver Reported CnC Server Port 3030 Group 1
ET CNC Shadowserver Reported CnC Server Port 3159 Group 1
ET CNC Shadowserver Reported CnC Server Port 3705 Group 1
ET CNC Shadowserver Reported CnC Server Port 4042 Group 1
ET CNC Shadowserver Reported CnC Server Port 4244 Group 1
ET CNC Shadowserver Reported CnC Server Port 5505 Group 1
ET CNC Shadowserver Reported CnC Server Port 6556 Group 1
ET CNC Shadowserver Reported CnC Server Port 6667 Group 1
ET CNC Shadowserver Reported CnC Server Port 6668 Group 1
ET CNC Shadowserver Reported CnC Server Port 6768 Group 1
ET CNC Shadowserver Reported CnC Server Port 7000 Group 1
ET CNC Shadowserver Reported CnC Server Port 8000 Group 1
ET CNC Shadowserver Reported CnC Server Port 8585 Group 1
ET CNC Shadowserver Reported CnC Server Port 9000 Group 1
ET CNC Shadowserver Reported CnC Server Port 10324 Group 1
ET CNC Shadowserver Reported CnC Server Port 11830 Group 1
ET CNC Shadowserver Reported CnC Server Port 13001 Group 1
ET CNC Shadowserver Reported CnC Server Port 33333 Group 1
ET CNC Shadowserver Reported CnC Server Port 51987 Group 1
ET CNC Shadowserver Reported CnC Server IP group 1
ET CNC Shadowserver Reported CnC Server IP group 2
ET CNC Shadowserver Reported CnC Server IP group 3
ET CNC Shadowserver Reported CnC Server IP group 4
ET CNC Shadowserver Reported CnC Server IP group 5
ET CNC Shadowserver Reported CnC Server IP group 6
ET CNC Shadowserver Reported CnC Server IP group 7
ET CNC Shadowserver Reported CnC Server IP group 8
ET CNC Shadowserver Reported CnC Server IP group 9
ET CNC Shadowserver Reported CnC Server IP group 10
ET CNC Shadowserver Reported CnC Server IP group 11
ET CNC Shadowserver Reported CnC Server IP group 12
ET CNC Shadowserver Reported CnC Server IP group 13
ET CNC Shadowserver Reported CnC Server IP group 14
ET CNC Shadowserver Reported CnC Server IP group 15
ET CNC Shadowserver Reported CnC Server IP group 16
ET CNC Shadowserver Reported CnC Server IP group 17
ET CNC Shadowserver Reported CnC Server IP group 18
ET CNC Shadowserver Reported CnC Server IP group 19
ET CNC Shadowserver Reported CnC Server IP group 20
ET CNC Shadowserver Reported CnC Server IP group 21
ET CNC Shadowserver Reported CnC Server IP group 22
ET CNC Shadowserver Reported CnC Server IP group 23
ET CNC Shadowserver Reported CnC Server IP group 24
ET CNC Shadowserver Reported CnC Server IP group 25
ET CNC Shadowserver Reported CnC Server IP group 26
ET CNC Shadowserver Reported CnC Server IP group 27
ET CNC Shadowserver Reported CnC Server IP group 28
ET CNC Shadowserver Reported CnC Server IP group 29
ET CNC Shadowserver Reported CnC Server IP group 30
ET CNC Shadowserver Reported CnC Server IP group 31
ET CNC Shadowserver Reported CnC Server IP group 32
ET CNC Shadowserver Reported CnC Server IP group 33
ET CNC Shadowserver Reported CnC Server IP group 34
ET CNC Shadowserver Reported CnC Server IP group 35
ET CNC Shadowserver Reported CnC Server IP group 36
ET CNC Shadowserver Reported CnC Server group 37
ET CNC Zeus Tracker Reported CnC Server group 1
ET CNC Zeus Tracker Reported CnC Server group 2
ET CNC Zeus Tracker Reported CnC Server group 3
ET CNC Zeus Tracker Reported CnC Server group 4
ET CNC Zeus Tracker Reported CnC Server group 5
ET CNC Zeus Tracker Reported CnC Server group 6
ET CNC Zeus Tracker Reported CnC Server group 7
ET CNC Zeus Tracker Reported CnC Server group 8
ET CNC Zeus Tracker Reported CnC Server group 9
ET CNC Zeus Tracker Reported CnC Server group 10
ET CNC Zeus Tracker Reported CnC Server group 11
ET CNC Zeus Tracker Reported CnC Server group 12
ET CNC Zeus Tracker Reported CnC Server group 13
ET CNC Zeus Tracker Reported CnC Server group 14
ET CNC Zeus Tracker Reported CnC Server group 15
ET CNC Zeus Tracker Reported CnC Server group 16
ET CNC Zeus Tracker Reported CnC Server group 17
ET CNC Zeus Tracker Reported CnC Server group 18
ET CNC Zeus Tracker Reported CnC Server group 19
ET CNC Zeus Tracker Reported CnC Server group 20
ET CNC Zeus Tracker Reported CnC Server group 21
ET CNC Zeus Tracker Reported CnC Server group 22
ET CNC Zeus Tracker Reported CnC Server group 23
ET CNC Feodo Tracker Reported CnC Server group 1
ET CNC Feodo Tracker Reported CnC Server group 2
ET CNC Feodo Tracker Reported CnC Server group 3
ET CNC Feodo Tracker Reported CnC Server group 4
ET CNC Feodo Tracker Reported CnC Server group 5
ET CNC Feodo Tracker Reported CnC Server group 6
ET CNC Feodo Tracker Reported CnC Server group 7
ET CNC Feodo Tracker Reported CnC Server group 8
ET CNC Feodo Tracker Reported CnC Server group 9
ET CNC Feodo Tracker Reported CnC Server group 10
ET CNC Feodo Tracker Reported CnC Server group 11
ET CNC Feodo Tracker Reported CnC Server group 12
ET CNC Feodo Tracker Reported CnC Server group 13
ET CNC Feodo Tracker Reported CnC Server group 14
ET CNC Feodo Tracker Reported CnC Server group 15
ET CNC Feodo Tracker Reported CnC Server group 16
ET CNC Feodo Tracker Reported CnC Server group 17
ET CNC Feodo Tracker Reported CnC Server group 18
ET CNC Feodo Tracker Reported CnC Server group 19
ET CNC Feodo Tracker Reported CnC Server group 20
ET CNC Feodo Tracker Reported CnC Server group 21
ET CNC Feodo Tracker Reported CnC Server group 22
ET CNC Feodo Tracker Reported CnC Server group 23
ET CNC Feodo Tracker Reported CnC Server group 24
ET CNC Feodo Tracker Reported CnC Server group 25
ET CNC Ransomware Tracker Reported CnC Server group 1
ET CNC Ransomware Tracker Reported CnC Server group 2
ET CNC Ransomware Tracker Reported CnC Server group 3
ET CNC Ransomware Tracker Reported CnC Server group 4
ET CNC Ransomware Tracker Reported CnC Server group 5
ET CNC Ransomware Tracker Reported CnC Server group 6
ET CNC Ransomware Tracker Reported CnC Server group 7
ET CNC Ransomware Tracker Reported CnC Server group 8
ET CNC Ransomware Tracker Reported CnC Server group 9
ET CNC Ransomware Tracker Reported CnC Server group 10
ET CNC Ransomware Tracker Reported CnC Server group 11
ET CNC Ransomware Tracker Reported CnC Server group 12
ET CNC Ransomware Tracker Reported CnC Server group 13
ET CNC Ransomware Tracker Reported CnC Server group 14
ET CNC Ransomware Tracker Reported CnC Server group 15
ET CNC Ransomware Tracker Reported CnC Server group 16
ET CNC Ransomware Tracker Reported CnC Server group 17
ET CNC Ransomware Tracker Reported CnC Server group 18
ET CNC Ransomware Tracker Reported CnC Server group 19
ET CNC Ransomware Tracker Reported CnC Server group 20
ET CNC Ransomware Tracker Reported CnC Server group 21
ET CNC Ransomware Tracker Reported CnC Server group 22
ET CNC Ransomware Tracker Reported CnC Server group 23
ET CNC Ransomware Tracker Reported CnC Server group 24
ET CNC Ransomware Tracker Reported CnC Server group 25
ET CNC Ransomware Tracker Reported CnC Server group 26
ET CNC Ransomware Tracker Reported CnC Server group 27
ET CNC Ransomware Tracker Reported CnC Server group 28
ET CNC Ransomware Tracker Reported CnC Server group 29
ET CNC Ransomware Tracker Reported CnC Server group 30
ET CNC Ransomware Tracker Reported CnC Server group 31
ET CNC Ransomware Tracker Reported CnC Server group 32
ET CNC Ransomware Tracker Reported CnC Server group 33
ET CNC Ransomware Tracker Reported CnC Server group 34
ET CNC Ransomware Tracker Reported CnC Server group 35
ET CNC Ransomware Tracker Reported CnC Server group 36
ET CNC Ransomware Tracker Reported CnC Server group 37
ET CNC Ransomware Tracker Reported CnC Server group 38
ET CNC Ransomware Tracker Reported CnC Server group 39
ET CNC Ransomware Tracker Reported CnC Server group 40
ET CNC Ransomware Tracker Reported CnC Server group 41
ET CNC Ransomware Tracker Reported CnC Server group 42
ET CNC Ransomware Tracker Reported CnC Server group 43
ET CNC Ransomware Tracker Reported CnC Server group 44
ET CNC Ransomware Tracker Reported CnC Server group 45
ET CNC Ransomware Tracker Reported CnC Server group 46
ET CNC Ransomware Tracker Reported CnC Server group 47
ET CNC Ransomware Tracker Reported CnC Server group 48
ET CNC Ransomware Tracker Reported CnC Server group 49
ET CNC Ransomware Tracker Reported CnC Server group 50
ET CNC Ransomware Tracker Reported CnC Server group 51
ET CNC Ransomware Tracker Reported CnC Server group 52
ET CNC Ransomware Tracker Reported CnC Server group 53
ET CNC Ransomware Tracker Reported CnC Server group 54
ET CNC Ransomware Tracker Reported CnC Server group 55
ET CNC Ransomware Tracker Reported CnC Server group 56
ET CNC Ransomware Tracker Reported CnC Server group 57
ET CNC Ransomware Tracker Reported CnC Server group 58
ET CNC Ransomware Tracker Reported CnC Server group 59
ET CNC Ransomware Tracker Reported CnC Server group 60
ET CNC Ransomware Tracker Reported CnC Server group 61
ET CNC Ransomware Tracker Reported CnC Server group 62
ET CNC Ransomware Tracker Reported CnC Server group 63
ET CNC Ransomware Tracker Reported CnC Server group 64
ET CNC Ransomware Tracker Reported CnC Server group 65
ET CNC Ransomware Tracker Reported CnC Server group 66
ET CNC Ransomware Tracker Reported CnC Server group 67
ET CNC Ransomware Tracker Reported CnC Server group 68
ET CNC Ransomware Tracker Reported CnC Server group 69
ET CNC Ransomware Tracker Reported CnC Server group 70
ET CNC Ransomware Tracker Reported CnC Server group 71
ET CNC Ransomware Tracker Reported CnC Server group 72
ET CNC Ransomware Tracker Reported CnC Server group 73
ET CNC Ransomware Tracker Reported CnC Server group 74
ET CNC Ransomware Tracker Reported CnC Server group 75
ET CNC Ransomware Tracker Reported CnC Server group 76
ET CNC Ransomware Tracker Reported CnC Server group 77
ET CNC Ransomware Tracker Reported CnC Server group 78
ET CNC Ransomware Tracker Reported CnC Server group 79
ET CNC Ransomware Tracker Reported CnC Server group 80
ET CNC Ransomware Tracker Reported CnC Server group 81
ET CNC Ransomware Tracker Reported CnC Server group 82
ET CNC Ransomware Tracker Reported CnC Server group 83
ET CNC Ransomware Tracker Reported CnC Server group 84
ET CNC Ransomware Tracker Reported CnC Server group 85
ET CNC Ransomware Tracker Reported CnC Server group 86
ET CNC Ransomware Tracker Reported CnC Server group 87
ET CNC Ransomware Tracker Reported CnC Server group 88
ET CNC Ransomware Tracker Reported CnC Server group 89
ET CNC Ransomware Tracker Reported CnC Server group 90
ET CNC Ransomware Tracker Reported CnC Server group 91
ET CNC Ransomware Tracker Reported CnC Server group 92
ET CNC Ransomware Tracker Reported CnC Server group 93
ET CNC Ransomware Tracker Reported CnC Server group 94
ET CNC Ransomware Tracker Reported CnC Server group 95
ET CNC Ransomware Tracker Reported CnC Server group 96
ET CNC Ransomware Tracker Reported CnC Server group 97
ET CNC Ransomware Tracker Reported CnC Server group 98
ET CNC Ransomware Tracker Reported CnC Server group 99
ET CNC Ransomware Tracker Reported CnC Server group 100
ET CNC Ransomware Tracker Reported CnC Server group 101
ET CNC Ransomware Tracker Reported CnC Server group 102
ET CNC Ransomware Tracker Reported CnC Server group 103
ET CNC Ransomware Tracker Reported CnC Server group 104
ET CNC Ransomware Tracker Reported CnC Server group 105
ET CNC Ransomware Tracker Reported CnC Server group 106
ET CNC Ransomware Tracker Reported CnC Server group 107
ET CNC Ransomware Tracker Reported CnC Server group 108
ET CNC Ransomware Tracker Reported CnC Server group 109
ET CNC Ransomware Tracker Reported CnC Server group 110
ET CNC Ransomware Tracker Reported CnC Server group 111
ET CNC Ransomware Tracker Reported CnC Server group 112
ET CNC Ransomware Tracker Reported CnC Server group 113
ET CNC Ransomware Tracker Reported CnC Server group 114
ET CNC Ransomware Tracker Reported CnC Server group 115
ET CNC Ransomware Tracker Reported CnC Server group 116
ET CNC Ransomware Tracker Reported CnC Server group 117
ET CNC Ransomware Tracker Reported CnC Server group 118
ET CNC Ransomware Tracker Reported CnC Server group 119
ET CNC Ransomware Tracker Reported CnC Server group 120
ET CNC Ransomware Tracker Reported CnC Server group 121
ET CNC Ransomware Tracker Reported CnC Server group 122
ET CNC Ransomware Tracker Reported CnC Server group 123
ET CNC Ransomware Tracker Reported CnC Server group 124
ET CNC Ransomware Tracker Reported CnC Server group 125
ET CNC Ransomware Tracker Reported CnC Server group 126
ET CNC Ransomware Tracker Reported CnC Server group 127
ET CNC Ransomware Tracker Reported CnC Server group 128
ET CNC Ransomware Tracker Reported CnC Server group 129
ET CNC Ransomware Tracker Reported CnC Server group 130
ET CNC Ransomware Tracker Reported CnC Server group 131
ET CNC Ransomware Tracker Reported CnC Server group 132
ET CNC Ransomware Tracker Reported CnC Server group 133
ET CNC Ransomware Tracker Reported CnC Server group 134
ET CNC Ransomware Tracker Reported CnC Server group 135
ET CNC Ransomware Tracker Reported CnC Server group 136
ET CNC Ransomware Tracker Reported CnC Server group 137
ET CNC Ransomware Tracker Reported CnC Server group 138
ET CNC Ransomware Tracker Reported CnC Server group 139
ET CNC Ransomware Tracker Reported CnC Server group 140
ET CNC Ransomware Tracker Reported CnC Server group 141
ET CNC Ransomware Tracker Reported CnC Server group 142
ET CNC Ransomware Tracker Reported CnC Server group 143
ET CNC Ransomware Tracker Reported CnC Server group 144
ET CNC Ransomware Tracker Reported CnC Server group 145
ET CNC Ransomware Tracker Reported CnC Server group 146
ET CNC Ransomware Tracker Reported CnC Server group 147
ET CNC Ransomware Tracker Reported CnC Server group 148
ET CNC Ransomware Tracker Reported CnC Server group 149
ET CNC Ransomware Tracker Reported CnC Server group 150
ET CNC Ransomware Tracker Reported CnC Server group 151
ET CNC Ransomware Tracker Reported CnC Server group 152
ET CNC Ransomware Tracker Reported CnC Server group 153
ET CNC Ransomware Tracker Reported CnC Server group 154
ET CNC Ransomware Tracker Reported CnC Server group 155
ET CNC Ransomware Tracker Reported CnC Server group 156
ET CNC Ransomware Tracker Reported CnC Server group 157
ET CNC Ransomware Tracker Reported CnC Server group 158
ET CNC Ransomware Tracker Reported CnC Server group 159
ET CNC Ransomware Tracker Reported CnC Server group 160
ET CNC Ransomware Tracker Reported CnC Server group 161
ET CNC Ransomware Tracker Reported CnC Server group 162
ET CNC Ransomware Tracker Reported CnC Server group 163
ET CNC Ransomware Tracker Reported CnC Server group 164
ET CNC Ransomware Tracker Reported CnC Server group 165
ET CNC Ransomware Tracker Reported CnC Server group 166
ET CNC Ransomware Tracker Reported CnC Server group 167
ET CNC Ransomware Tracker Reported CnC Server group 168
ET CNC Ransomware Tracker Reported CnC Server group 169
ET CNC Ransomware Tracker Reported CnC Server group 170
ET CNC Ransomware Tracker Reported CnC Server group 171
ET CNC Ransomware Tracker Reported CnC Server group 172
ET CINS Active Threat Intelligence Poor Reputation IP group 1
ET CINS Active Threat Intelligence Poor Reputation IP group 2
ET CINS Active Threat Intelligence Poor Reputation IP group 3
ET CINS Active Threat Intelligence Poor Reputation IP group 4
ET CINS Active Threat Intelligence Poor Reputation IP group 5
ET CINS Active Threat Intelligence Poor Reputation IP group 6
ET CINS Active Threat Intelligence Poor Reputation IP group 7
ET CINS Active Threat Intelligence Poor Reputation IP group 8
ET CINS Active Threat Intelligence Poor Reputation IP group 9
ET CINS Active Threat Intelligence Poor Reputation IP group 10
ET CINS Active Threat Intelligence Poor Reputation IP group 11
ET CINS Active Threat Intelligence Poor Reputation IP group 12
ET CINS Active Threat Intelligence Poor Reputation IP group 13
ET CINS Active Threat Intelligence Poor Reputation IP group 14
ET CINS Active Threat Intelligence Poor Reputation IP group 15
ET CINS Active Threat Intelligence Poor Reputation IP group 16
ET CINS Active Threat Intelligence Poor Reputation IP group 17
ET CINS Active Threat Intelligence Poor Reputation IP group 18
ET CINS Active Threat Intelligence Poor Reputation IP group 19
ET CINS Active Threat Intelligence Poor Reputation IP group 20
ET CINS Active Threat Intelligence Poor Reputation IP group 21
ET CINS Active Threat Intelligence Poor Reputation IP group 22
ET CINS Active Threat Intelligence Poor Reputation IP group 23
ET CINS Active Threat Intelligence Poor Reputation IP group 24
ET CINS Active Threat Intelligence Poor Reputation IP group 25
ET CINS Active Threat Intelligence Poor Reputation IP group 26
ET CINS Active Threat Intelligence Poor Reputation IP group 27
ET CINS Active Threat Intelligence Poor Reputation IP group 28
ET CINS Active Threat Intelligence Poor Reputation IP group 29
ET CINS Active Threat Intelligence Poor Reputation IP group 30
ET CINS Active Threat Intelligence Poor Reputation IP group 31
ET CINS Active Threat Intelligence Poor Reputation IP group 32
ET CINS Active Threat Intelligence Poor Reputation IP group 33
ET CINS Active Threat Intelligence Poor Reputation IP group 34
ET CINS Active Threat Intelligence Poor Reputation IP group 35
ET CINS Active Threat Intelligence Poor Reputation IP group 36
ET CINS Active Threat Intelligence Poor Reputation IP group 37
ET CINS Active Threat Intelligence Poor Reputation IP group 38
ET CINS Active Threat Intelligence Poor Reputation IP group 39
ET CINS Active Threat Intelligence Poor Reputation IP group 40
ET CINS Active Threat Intelligence Poor Reputation IP group 41
ET CINS Active Threat Intelligence Poor Reputation IP group 42
ET CINS Active Threat Intelligence Poor Reputation IP group 43
ET CINS Active Threat Intelligence Poor Reputation IP group 44
ET CINS Active Threat Intelligence Poor Reputation IP group 45
ET CINS Active Threat Intelligence Poor Reputation IP group 46
ET CINS Active Threat Intelligence Poor Reputation IP group 47
ET CINS Active Threat Intelligence Poor Reputation IP group 48
ET CINS Active Threat Intelligence Poor Reputation IP group 49
ET CINS Active Threat Intelligence Poor Reputation IP group 50
ET CINS Active Threat Intelligence Poor Reputation IP group 51
ET CINS Active Threat Intelligence Poor Reputation IP group 52
ET CINS Active Threat Intelligence Poor Reputation IP group 53
ET CINS Active Threat Intelligence Poor Reputation IP group 54
ET CINS Active Threat Intelligence Poor Reputation IP group 55
ET CINS Active Threat Intelligence Poor Reputation IP group 56
ET CINS Active Threat Intelligence Poor Reputation IP group 57
ET CINS Active Threat Intelligence Poor Reputation IP group 58
ET CINS Active Threat Intelligence Poor Reputation IP group 59
ET CINS Active Threat Intelligence Poor Reputation IP group 60
ET CINS Active Threat Intelligence Poor Reputation IP group 61
ET CINS Active Threat Intelligence Poor Reputation IP group 62
ET CINS Active Threat Intelligence Poor Reputation IP group 63
ET CINS Active Threat Intelligence Poor Reputation IP group 64
ET CINS Active Threat Intelligence Poor Reputation IP group 65
ET CINS Active Threat Intelligence Poor Reputation IP group 66
ET CINS Active Threat Intelligence Poor Reputation IP group 67
ET CINS Active Threat Intelligence Poor Reputation IP group 68
ET CINS Active Threat Intelligence Poor Reputation IP group 69
ET CINS Active Threat Intelligence Poor Reputation IP group 70
ET CINS Active Threat Intelligence Poor Reputation IP group 71
ET CINS Active Threat Intelligence Poor Reputation IP group 72
ET CINS Active Threat Intelligence Poor Reputation IP group 73
ET CINS Active Threat Intelligence Poor Reputation IP group 74
ET CINS Active Threat Intelligence Poor Reputation IP group 75
ET CINS Active Threat Intelligence Poor Reputation IP group 76
ET CINS Active Threat Intelligence Poor Reputation IP group 77
ET CINS Active Threat Intelligence Poor Reputation IP group 78
ET CINS Active Threat Intelligence Poor Reputation IP group 79
ET CINS Active Threat Intelligence Poor Reputation IP group 80
ET CINS Active Threat Intelligence Poor Reputation IP group 81
ET CINS Active Threat Intelligence Poor Reputation IP group 82
ET CINS Active Threat Intelligence Poor Reputation IP group 83
ET CINS Active Threat Intelligence Poor Reputation IP group 84
ET CINS Active Threat Intelligence Poor Reputation IP group 85
ET CINS Active Threat Intelligence Poor Reputation IP group 86
ET CINS Active Threat Intelligence Poor Reputation IP group 87
ET CINS Active Threat Intelligence Poor Reputation IP group 88
ET CINS Active Threat Intelligence Poor Reputation IP group 89
ET CINS Active Threat Intelligence Poor Reputation IP group 90
ET CINS Active Threat Intelligence Poor Reputation IP group 91
ET CINS Active Threat Intelligence Poor Reputation IP group 92
ET CINS Active Threat Intelligence Poor Reputation IP group 93
ET CINS Active Threat Intelligence Poor Reputation IP group 94
ET CINS Active Threat Intelligence Poor Reputation IP group 95
ET CINS Active Threat Intelligence Poor Reputation IP group 96
ET CINS Active Threat Intelligence Poor Reputation IP group 97
ET CINS Active Threat Intelligence Poor Reputation IP group 98
ET CINS Active Threat Intelligence Poor Reputation IP group 99
ET CINS Active Threat Intelligence Poor Reputation IP group 100
ET COMPROMISED Known Compromised or Hostile Host Traffic group 1
ET COMPROMISED Known Compromised or Hostile Host Traffic group 2
ET COMPROMISED Known Compromised or Hostile Host Traffic group 3
ET COMPROMISED Known Compromised or Hostile Host Traffic group 4
ET COMPROMISED Known Compromised or Hostile Host Traffic group 5
ET COMPROMISED Known Compromised or Hostile Host Traffic group 6
ET COMPROMISED Known Compromised or Hostile Host Traffic group 7
ET COMPROMISED Known Compromised or Hostile Host Traffic group 8
ET COMPROMISED Known Compromised or Hostile Host Traffic group 9
ET COMPROMISED Known Compromised or Hostile Host Traffic group 10
ET COMPROMISED Known Compromised or Hostile Host Traffic group 11
ET COMPROMISED Known Compromised or Hostile Host Traffic group 12
ET COMPROMISED Known Compromised or Hostile Host Traffic group 13
ET COMPROMISED Known Compromised or Hostile Host Traffic group 14
ET COMPROMISED Known Compromised or Hostile Host Traffic group 15
ET COMPROMISED Known Compromised or Hostile Host Traffic group 16
ET COMPROMISED Known Compromised or Hostile Host Traffic group 17
ET COMPROMISED Known Compromised or Hostile Host Traffic group 18
ET COMPROMISED Known Compromised or Hostile Host Traffic group 19
ET COMPROMISED Known Compromised or Hostile Host Traffic group 20
SURICATA IPv4 packet too small
SURICATA IPv4 header size too small
SURICATA IPv4 total length smaller than header size
SURICATA IPv4 truncated packet
SURICATA IPv4 invalid option
SURICATA IPv4 invalid option length
SURICATA IPv4 malformed option
SURICATA IPv4 padding required
SURICATA IPv4 with ICMPv6 header
SURICATA IPv4 option end of list required
SURICATA IPv4 duplicated IP option
SURICATA IPv4 unknown IP option
SURICATA IPv4 wrong IP version
SURICATA IPv6 packet too small
SURICATA IPv6 truncated packet
SURICATA IPv6 truncated extension header
SURICATA IPv6 duplicated Fragment extension header
SURICATA IPv6 useless Fragment extension header
SURICATA IPv6 duplicated Routing extension header
SURICATA IPv6 duplicated Hop-By-Hop Options extension header
SURICATA IPv6 duplicated Destination Options extension header
SURICATA IPv6 duplicated Authentication Header extension header
SURICATA IPv6 duplicate ESP extension header
SURICATA IPv6 invalid option lenght in header
SURICATA IPv6 wrong IP version
SURICATA IPv6 AH reserved field not 0
SURICATA IPv6 HOPOPTS unknown option
SURICATA IPv6 HOPOPTS only padding
SURICATA IPv6 DSTOPTS unknown option
SURICATA IPv6 DSTOPTS only padding
SURICATA RH Type 0
SURICATA zero length padN option
SURICATA reserved field in Frag Header not zero
SURICATA data after none
SURICATA unknown next header / protocol
SURICATA IPv6 with ICMPv4 header
SURICATA ICMPv4 packet too small
SURICATA ICMPv4 unknown type
SURICATA ICMPv4 unknown code
SURICATA ICMPv4 truncated packet
SURICATA ICMPv4 unknown version
SURICATA ICMPv6 packet too small
SURICATA ICMPv6 unknown type
SURICATA ICMPv6 unknown code
SURICATA ICMPv6 truncated packet
SURICATA ICMPv6 unknown version
SURICATA ICMPv6 MLD hop limit not 1
SURICATA ICMPv6 unassigned type
SURICATA ICMPv6 private experimentation type
SURICATA TCP packet too small
SURICATA TCP header length too small
SURICATA TCP invalid option length
SURICATA TCP option invalid length
SURICATA TCP duplicated option
SURICATA UDP packet too small
SURICATA UDP header length too small
SURICATA UDP invalid header length
SURICATA SLL packet too small
SURICATA Ethernet packet too small
SURICATA PPP packet too small
SURICATA PPP VJU packet too small
SURICATA PPP IPv4 packet too small
SURICATA PPP IPv6 too small
SURICATA PPP wrong type
SURICATA PPP unsupported protocol
SURICATA PPPOE packet too small
SURICATA PPPOE wrong code
SURICATA PPPOE malformed tags
SURICATA GRE packet too small
SURICATA GRE wrong version
SURICATA GRE v0 recursion control
SURICATA GRE v0 flags
SURICATA GRE v0 header too big
SURICATA GRE v1 checksum present
SURICATA GRE v1 routing present
SURICATA GRE v1 strict source route
SURICATA GRE v1 recursion control
SURICATA GRE v1 flags
SURICATA GRE v1 no key present
SURICATA GRE v1 wrong protocol
SURICATA GRE v1 malformed Source Route Entry header
SURICATA GRE v1 header too big
SURICATA VLAN header too small
SURICATA VLAN unknown type
SURICATA VLAN too many layers
SURICATA IEEE802.1AH header too small
SURICATA IP raw invalid IP version
SURICATA FRAG IPv4 Packet size too large
SURICATA FRAG IPv4 Fragmentation overlap
SURICATA FRAG IPv6 Packet size too large
SURICATA FRAG IPv6 Fragmentation overlap
SURICATA IPv4 invalid checksum
SURICATA TCPv4 invalid checksum
SURICATA UDPv4 invalid checksum
SURICATA ICMPv4 invalid checksum
SURICATA TCPv6 invalid checksum
SURICATA UDPv6 invalid checksum
SURICATA ICMPv6 invalid checksum
SURICATA IPv4-in-IPv6 packet too short
SURICATA IPv4-in-IPv6 invalid protocol
SURICATA IPv6-in-IPv6 packet too short
SURICATA IPv6-in-IPv6 invalid protocol
SURICATA MPLS header too small
SURICATA MPLS packet too small
SURICATA MPLS bad router alert label
SURICATA MPLS bad implicit null label
SURICATA MPLS reserved label
SURICATA MPLS unknown payload type
SURICATA NULL pkt too small
SURICATA NULL unsupported type
SURICATA ERSPAN pkt too small
SURICATA ERSPAN unsupported version
SURICATA ERSPAN too many vlan layers
SURICATA DCE packet too small
SURICATA DNP3 Request flood detected
SURICATA DNP3 Length too small
SURICATA DNP3 Bad link CRC
SURICATA DNP3 Bad transport CRC
SURICATA DNP3 Unknown object
SURICATA DNS Unsolicited response
SURICATA DNS malformed request data
SURICATA DNS malformed response data
SURICATA DNS Not a request
SURICATA DNS Not a response
SURICATA DNS Z flag set
SURICATA DNS request flood detected
SURICATA DNS flow memcap reached
ET DROP Spamhaus DROP Listed Traffic Inbound group 1
ET DROP Spamhaus DROP Listed Traffic Inbound group 2
ET DROP Spamhaus DROP Listed Traffic Inbound group 3
ET DROP Spamhaus DROP Listed Traffic Inbound group 4
ET DROP Spamhaus DROP Listed Traffic Inbound group 5
ET DROP Spamhaus DROP Listed Traffic Inbound group 6
ET DROP Spamhaus DROP Listed Traffic Inbound group 7
ET DROP Spamhaus DROP Listed Traffic Inbound group 8
ET DROP Spamhaus DROP Listed Traffic Inbound group 9
ET DROP Spamhaus DROP Listed Traffic Inbound group 10
ET DROP Spamhaus DROP Listed Traffic Inbound group 11
ET DROP Spamhaus DROP Listed Traffic Inbound group 12
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
ET DROP Spamhaus DROP Listed Traffic Inbound group 14
ET DROP Spamhaus DROP Listed Traffic Inbound group 15
ET DROP Spamhaus DROP Listed Traffic Inbound group 16
ET DROP Spamhaus DROP Listed Traffic Inbound group 17
ET DROP Spamhaus DROP Listed Traffic Inbound group 18
ET DROP Spamhaus DROP Listed Traffic Inbound group 19
ET DROP Spamhaus DROP Listed Traffic Inbound group 20
ET DROP Spamhaus DROP Listed Traffic Inbound group 21
ET DROP Spamhaus DROP Listed Traffic Inbound group 22
ET DROP Spamhaus DROP Listed Traffic Inbound group 23
ET DROP Spamhaus DROP Listed Traffic Inbound group 24
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET DROP Spamhaus DROP Listed Traffic Inbound group 26
ET DROP Spamhaus DROP Listed Traffic Inbound group 27
ET DROP Spamhaus DROP Listed Traffic Inbound group 28
ET DROP Spamhaus DROP Listed Traffic Inbound group 29
ET DROP Spamhaus DROP Listed Traffic Inbound group 30
ET DROP Spamhaus DROP Listed Traffic Inbound group 31
ET DROP Dshield Block Listed Source group 1
ET ACTIVEX EasyMail Object IMAP4 Component Buffer Overflow Function call Attempt
ET ACTIVEX SaschArt SasCam Webcam Server ActiveX Control Head Method Buffer Overflow Attempt
ET ACTIVEX SoftCab Sound Converter ActiveX SaveFormat File overwrite Attempt
ET ACTIVEX Visagesoft eXPert PDF Viewer ActiveX Control Arbitrary File Overwrite
ET ACTIVEX Viscom Movie Player Pro SDK ActiveX DrawText method Buffer Overflow Function Call
ET ACTIVEX AVTECH Software ActiveX SendCommand Method Buffer Overflow Attempt
ET ACTIVEX AVTECH Software ActiveX Login Method Buffer Oveflow Attempt
ET ACTIVEX AVTECH Software ActiveX _DownloadPBOpen Method Buffer Overflow Attempt
ET ACTIVEX AVTECH Software ActiveX _DownloadPBClose Method Buffer Overflow Attempt
ET ACTIVEX AVTECH Software ActiveX Snapshot Method Buffer Overflow Attempt
ET ACTIVEX AVTECH Software ActiveX _DownloadPBControl Method Buffer Overflow Attempt
ET ACTIVEX AVTECH Software ActiveX Buffer Overflow Function Call
ET ACTIVEX Adobe browser document ActiveX DoS Function call Attempt
ET ACTIVEX Adobe browser document ActiveX DoS Attempt
ET ACTIVEX Ask.com Toolbar askBar.dll ActiveX ShortFormat Buffer Overflow Attempt
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Multiple Altiris Products AeXNSConsoleUtilities.dll ActiveX Control BrowseAndSaveFile Method Buffer Overflow Attempt Function Call
ET ACTIVEX Altirix eXpress NS SC ActiveX Arbitrary Code Execution Function Call
ET ACTIVEX AOLShare ActiveX AppString method denial of service Function Call
ET ACTIVEX AtHocGov IWSAlerts ActiveX Control Buffer Overflow Function Call Attempt
ET ACTIVEX Possible Attachmate Reflection X ActiveX Control 'ControlID' Buffer Overflow Function Call Attempt
ET ACTIVEX BaoFeng Storm mps.dll ActiveX OnBeforeVideoDownload Buffer Overflow Function Call
ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control EnableStartApplication/EnableStartBeforePrint/EnableKeepExistingFiles/EnablePassParameters Function Call Attempt
ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control SetApplicationPath/SetStartApplicationParamCode/SetCustomStartAppParameter Function Call Attempt
ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control SaveBlackIceDEVMODE Function Call Attempt
ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control ClearUserSettings Function Call Attempt
ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control ControlJob Function Call Attempt
ET ACTIVEX Consona Products SdcUser.TgConCtl ActiveX Control BOF Function Call
ET ACTIVEX Possible EMC Captiva PixTools Distributed Imaging ActiveX Control Vulnerable SetLogLevel/SetLogFileName Method Arbitrary File Creation/Overwrite Attempt
ET ACTIVEX EMC Captiva PixTools ActiveX Arbitrary File Creation/Overwrite function call Attempt
ET ACTIVEX EMC Captiva PixTools ActiveX Arbitrary File Creation/Overwrite function call Attempt
ET ACTIVEX Foxit Reader ActiveX OpenFile method Remote Code Execution Function Call
ET ACTIVEX Gom Player V 2.1.16 ActiveX Command Execution Function call attempt
ET ACTIVEX Haihaisoft Universal Player ActiveX Control URL Property Buffer Overflow Function Call Attempt
ET ACTIVEX Hyleos ChemView ActiveX Buffer Overflow Function Call
ET ACTIVEX IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt
ET ACTIVEX Microsoft Multimedia Controls - ActiveX control's spline function call Object
ET ACTIVEX Microsoft Multimedia Controls - ActiveX control's KeyFrame function call Object
ET ACTIVEX Microsoft Microsoft.DbgClr.DTE.8.0 object call CSLID
ET ACTIVEX Microsoft VsaIDE.DTE object call CSLID
ET ACTIVEX Microsoft Business Object Factory object call CSLID
ET ACTIVEX Microsoft Outlook Data Object object call CSLID
ET ACTIVEX Microsoft Outlook.Application object call CSLID
ET ACTIVEX Possible Microsoft Internet Explorer ADODB.Redcordset Double Free Memory Exploit - MS07-009
ET ACTIVEX ACTIVEX Possible Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution
ET ACTIVEX Possible Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution
ET ACTIVEX Possible Microsoft IE Shell.Application ActiveX Arbitrary Command Execution
ET ACTIVEX ACTIVEX Possible Microsoft IE Shell.Application ActiveX Arbitrary Command Execution
ET ACTIVEX Internet Explorer Plugin.ocx Heap Overflow
ET ACTIVEX Internet Information Service adsiis.dll activex remote DOS
ET ACTIVEX Image22 ActiveX DrawIcon Method Buffer Overflow Attempt
ET ACTIVEX ImageShack Toolbar ImageShackToolbar.dll ActiveX Control Insecure Method Vulnerability
ET ACTIVEX ACTIVEX IncrediMail IMMenuShellExt ActiveX Control Buffer Overflow Vulnerability
ET ACTIVEX IncrediMail 2.0 Authenticate Method Remote Buffer Overflow Attempt
ET ACTIVEX Installshiled 2009 premier ActiveX File Overwrite Function Call
ET ACTIVEX Installshiled 2009 premier ActiveX File Overwrite clsid Access
ET ACTIVEX InstanGet v2.08 Activex Control DOS clsid access attempt
ET ACTIVEX JamDTA ActiveX Control SaveToFile Arbitrary File Overwrite
ET ACTIVEX IncrediMail 2.0 Authenticate Method Remote Buffer Overflow Function Call Attempt
ET ACTIVEX Sun Java Runtime Environment ActiveX Control Multiple Remote Buffer Overflow
ET ACTIVEX JuniperSetup Control Buffer Overflow
ET ACTIVEX Possible EMC Captiva QuickScan Pro KeyWorks KeyHelp Module keyhelp.ocx ActiveX Control Remote Buffer Overflow Attempt
ET ACTIVEX LEADTOOLS Multimedia Toolkit 15 Arbitrary Files Overwrite
ET ACTIVEX Liquid XML Studio 2010 OpenFile Method Remote Heap Overflow Attempt
ET ACTIVEX Logitech VideoCall ActiveX Start method buffer overflow Attempt
ET ACTIVEX Orca Browser 1.1 ActiveX Command Execution Function call attempt
ET ACTIVEX ProgramChecker 1.5 ActiveX Command Execution Function call attempt
ET ACTIVEX Rising Online Virus Scanner ActiveX Scan Method stack Overflow Function Call
ET ACTIVEX SAP GUI vsflexGrid ActiveX Buffer Overflow Function call Attempt
ET ACTIVEX ACTIVEX Possible Symantec Altiris Deployment Solution and Notification Server ActiveX Control RunCmd Arbitrary Code Execution Function Call Attempt
ET ACTIVEX Possible Symantec Antivirus 10.0 Client Proxy ActiveX Control Buffer Overflow Function Call Attempt
ET ACTIVEX Windows Defender ActiveX DeleteValue method Remote Code Execution Function Call
ET ACTIVEX Windows Defender ActiveX WriteValue method Remote Code Execution Function Call
ET ACTIVEX Possible Windows Live Messenger ActiveX Control RichUploadControlContextData Buffer Overflow Function Call Attempt
ET ACTIVEX Possible activePDF WebGrabber ActiveX Control Buffer Overflow Function Call Attempt
ET ACTIVEX AOL 9.5 ActiveX control Import method Heap Overflow Attempt
ET ACTIVEX Microsoft Whale Intelligent App Gateway ActiveX Buffer Overflow Function call-1
ET ACTIVEX Microsoft Whale Intelligent App Gateway ActiveX Buffer Overflow Function call-2
ET ACTIVEX Possible McAfee Remediation Client Enginecom.Dll ActiveX Code Execution Function Call Attempt
ET ACTIVEX NCTAVIFile V 1.6.2 ActiveX File Creation Function call attempt
ET ACTIVEX Possible Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Stack Overflow Attempt
ET ACTIVEX Apple QuickTime _Marshaled_pUnk Backdoor Param Arbitrary Code Execution Attempt
ET ACTIVEX Sony ImageStation
ET ACTIVEX Possible Java Deployment Toolkit CSLID Command Execution Attempt
ET ACTIVEX Possible NOS Microsystems Adobe Reader/Acrobat getPlus Get_atlcomHelper ActiveX Control Multiple Stack Overflows Remote Code Execution Attempt
ET ACTIVEX Possible NOS Microsystems Adobe Reader/Acrobat getPlus Get_atlcom Helper ActiveX Control Multiple Stack Overflows Remote Code Execution Attempt
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download
ET ACTIVEX Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download
ET ACTIVEX Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access
ET ACTIVEX Possible AOL SuperBuddy ActiveX Control Remote Code Execution Attempt
ET ACTIVEX Possible AOL IWinAmp ActiveX ConvertFile Buffer Overflow Attempt
ET ACTIVEX Possible AOL 9.5 BindToFile Heap Overflow Attempt
ET ACTIVEX AOL 9.5 Phobos.Playlist Import ActiveX Buffer Overflow Attempt
ET ACTIVEX Possible Acer LunchApp Arbitrary Code Exucution Attempt
ET ACTIVEX Adobe Shockwave Player ActiveX Control Buffer Overflow clsid access
ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 2
ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 3
ET ACTIVEX Possible Symantec Altiris Deployment Solution AeXNSPkgDLLib.dll ActiveX Control DownloadAndInstall Method Arbitrary Code Execution Attempt
ET ACTIVEX AOLShare ActiveX AppString method denial of service Attempt
ET ACTIVEX Possible Attachmate Reflection X ActiveX Control 'ControlID' Buffer Overflow Attempt
ET ACTIVEX Autodesk Design Review DWF Viewer ActiveX Control SaveAs Insecure Method
ET ACTIVEX Autodesk IDrop Indicator ActiveX Control Memory Corruption
ET ACTIVEX Avax Vector avPreview.ocx ActiveX Control Buffer Overflow
ET ACTIVEX Awingsoft Web3D Player Remote Buffer Overflow
ET ACTIVEX BaoFeng Storm ActiveX Control OnBeforeVideoDownload Method Buffer Overflow
ET ACTIVEX BaoFeng Storm ActiveX Control SetAttributeValue Method Buffer Overflow
ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control EnableStartApplication/EnableStartBeforePrint/EnableKeepExistingFiles/EnablePassParameters Buffer Overflow Attempt
ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control SetApplicationPath/SetStartApplicationParamCode/SetCustomStartAppParameter Buffer Overflow Attempt
ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control SaveBlackIceDEVMODE Buffer Overflow Attempt
ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control ClearUserSettings Buffer Overflow Attempt
ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control ControlJob Buffer Overflow Attempt
ET ACTIVEX Charm Real Converter pro 6.6 Activex Control DOS clsid access attempt
ET ACTIVEX ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite
ET ACTIVEX Chilkat IMAP ActiveX File Execution and IE DoS
ET ACTIVEX Chilkat Crypt ActiveX Component WriteFile Insecure Method
ET ACTIVEX Chilkat Socket ACTIVEX Remote Arbitrary File Creation
ET ACTIVEX Chilkat Socket Activex Remote Arbitrary File Overwrite 1
ET ACTIVEX Chinagames ActiveX Control CreateChinagames Method Buffer Overflow
ET ACTIVEX Ciansoft PDFBuilderX Control ActiveX Arbitrary File Overwrite
ET ACTIVEX Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit
ET ACTIVEX ComponentOne VSFlexGrid ActiveX Control Archive Method Buffer Overflow Attempt
ET ACTIVEX Consona Products SdcUser.TgConCtl ActiveX Control Buffer Overflow Attempt
ET ACTIVEX Data Dynamics ActiveBar ActiveX Control
ET ACTIVEX D-Link MPEG4 SHM
ET ACTIVEX Possible EDraw Flowchart ActiveX Control OpenDocument Method Remote Code Execution Attempt
ET ACTIVEX Possible EMC Captiva PixTools Distributed Imaging ActiveX Control Vulnerable WriteToLog Method Arbitrary File Creation/Overwrite Attempt
ET ACTIVEX EasyMail Objects emmailstore.dll ActiveX Control Remote Buffer Overflow
ET ACTIVEX Quiksoft EasyMail imap connect
ET ACTIVEX EasyMail Quicksoft ActiveX Control Remote code excution clsid access attempt
ET ACTIVEX EasyMail ActiveX AddAttachment method Remote code excution clsid access attempt
ET ACTIVEX EasyMail Quicksoft ActiveX CreateStore method Remote code excution clsid access
ET ACTIVEX Easy Grid ActiveX Multiple Arbitrary File Overwrite
ET ACTIVEX Easy Grid ActiveX Multiple Arbitrary File Overwrite
ET ACTIVEX eBay Enhanced Picture Services Control Clsid Access
ET ACTIVEX eBay Enhanced Picture Services Control Clsid Access
ET ACTIVEX EvansFTP EvansFTP.ocx Remote Buffer Overflow
ET ACTIVEX FathFTP ActiveX DeleteFile Arbitrary File Deletion
ET ACTIVEX FathFTP ActiveX Control GetFromURL Method Buffer Overflow Attempt
ET ACTIVEX FlexCell Grid ActiveX Multiple Arbitrary File Overwrite
ET ACTIVEX Foxit Reader ActiveX control OpenFile method Heap Overflow Attempt
ET ACTIVEX Gateway Weblaunch2.ocx ActiveX Control Insecure Method Exploit
ET ACTIVEX GdPicture Pro ActiveX control SaveAsPDF Insecure Method
ET ACTIVEX GeoVision LiveAudio ActiveX Control Remote Code Execution
ET ACTIVEX GeoVision LiveX_v8200 ActiveX Control Arbitrary File Overwrite
ET ACTIVEX GeoVision LiveX_v7000 ActiveX Control Arbitrary File Overwrite
ET ACTIVEX GeoVision LiveX_v8120 ActiveX Control Arbitrary File Overwrite
ET ACTIVEX Gom Player V 2.1.16 Activex Command Execution clsid access attempt
ET ACTIVEX Possible Gracenote CDDBControl ActiveX Control ViewProfile Method Heap Buffer Overflow Attempt
ET ACTIVEX Possible HP LoadRunner XUpload.ocx ActiveX Control MakeHttpRequest Arbitrary File Download Attempt
ET ACTIVEX HP Openview NNM ActiveX DisplayName method Memory corruption Attempt
ET ACTIVEX HP Openview NNM ActiveX AddGroup method Memory corruption Attempt
ET ACTIVEX HP Openview NNM ActiveX InstallComponent method Memory corruption Attempt
ET ACTIVEX HP Openview NNM ActiveX Subscribe method Memory corruption Attempt
ET ACTIVEX HP Mercury Quality Center ActiveX ProgColor Buffer Overflow Attempt -1
ET ACTIVEX HP Mercury Quality Center ActiveX ProgColor Buffer Overflow Attempt -2
ET ACTIVEX HP Operations Manager SourceView ActiveX LoadFile/SaveFile Method Buffer Overflow Attempt
ET ACTIVEX HP Virtual Rooms Control Clsid Access
ET ACTIVEX Haihaisoft Universal Player ActiveX Control URL Property Buffer Overflow Attempt
ET ACTIVEX Hummingbird Deployment Wizard 2008 ActiveX Insecure Methods
ET ACTIVEX Hyleos ChemView ActiveX Control SaveasMolFile Method Buffer Overflow Attempt
ET ACTIVEX Hyleos ChemView ActiveX Control ReadMolFile Method Buffer Overflow Attempt
ET ACTIVEX IAS Helper COM Component iashlpr.dll activex remote DOS
ET ACTIVEX IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt
ET ACTIVEX Microsoft Multimedia Controls - ActiveX control's spline function call CLSID
ET ACTIVEX Microsoft WMIScriptUtils.WMIObjectBroker object call CSLID
ET ACTIVEX Microsoft VsmIDE.DTE object call CSLID
ET ACTIVEX Microsoft DExplore.AppObj.8.0 object call CSLID
ET ACTIVEX Microsoft VisualStudio.DTE.8.0 object call CSLID
ET ACTIVEX Wmm2fxa.dll COM Object Instantiation Memory Corruption CLSID 1 Access Attempt
ET ACTIVEX Wmm2fxa.dll COM Object Instantiation Memory Corruption CLSID 2 Access Attempt
ET ACTIVEX Wmm2fxa.dll COM Object Instantiation Memory Corruption CLSID 3 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 1 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 2 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 3 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 4 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 5 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 6 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 7 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 8 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 9 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 10 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 11 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 12 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 13 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 14 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 15 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 16 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 17 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 18 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 19 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 20 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 22 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 23 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 24 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 25 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 26 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 27 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 28 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 29 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 30 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 31 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 32 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 33 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 34 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 35 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 36 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 37 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 38 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 39 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 40 Access Attempt
ET ACTIVEX COM Object MS06-042 CLSID 41 Access Attempt
ET ACTIVEX Microsoft Communications Control Clsid Access
ET ACTIVEX Microsoft DebugDiag CrashHangExt.dll ActiveX Control Remote Denial of Service
ET ACTIVEX Microsoft Visual Basic Common AVI ActiveX Control File Parsing Buffer Overflow
ET ACTIVEX Microsoft Whale Intelligent Application Gateway ActiveX Buffer Overflow-1
ET ACTIVEX Microsoft Whale Intelligent Application Gateway ActiveX Buffer Overflow-2
ET ACTIVEX Microsoft Windows Media Services nskey.dll ActiveX Control Possible Remote Buffer Overflow
ET ACTIVEX Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit
ET ACTIVEX Microsoft XML Core Services DTD Cross Domain Information Disclosure clsid
ET ACTIVEX Macrovision FLEXnet Connect ActiveX Control Arbitrary File Download
ET ACTIVEX McAfee ePolicy Orchestrator naPolicyManager.dll Arbitrary Data Write Attempt
ET ACTIVEX MetaProducts MetaTreeX ActiveX Control Arbitrary File Overwrite
ET ACTIVEX Microgaming FlashXControl Control Clsid Access
ET ACTIVEX NCTsoft NCTAudioFile2 ActiveX Control NCTWMAFILE2.DLL Arbitrary File Overwrite
ET ACTIVEX Nokia Phoenix Service Software ActiveX Control Buffer Overflow
ET ACTIVEX Possible Novell GroupWise Client 'gxmim1.dll' ActiveX Buffer Overflow Attempt
ET ACTIVEX Possible Novell iPrint Client ExecuteRequest ActiveX Control Buffer Overflow Attempt
ET ACTIVEX Possible Novell iPrint Client GetDriverSettings ActiveX Control Buffer Overflow Attempt
ET ACTIVEX Orbit Downloader ActiveX Control Arbitrary File Delete
ET ACTIVEX Orca Browser 1.1 Activex Command Execution clsid access attempt
ET ACTIVEX PDFZilla 1.0.8 ActiveX DebugMsgLog method DOS CLSid Access
ET ACTIVEX PPStream PowerPlayer.DLL ActiveX Control BoF Vulnerability
ET ACTIVEX Possible PPStream MList.ocx Buffer Overflow Attempt
ET ACTIVEX Phoenician Casino FlashAX ActiveX Control Remote Buffer Overflow
ET ACTIVEX Dart Communications PowerTCP FTP for ActiveX DartFtp.dll Control Buffer Overflow
ET ACTIVEX PrecisionID Datamatrix ActiveX control Arbitrary File Overwrite
ET ACTIVEX ProgramChecker 1.5 Activex Command Execution clsid access attempt
ET ACTIVEX Remote Desktop Connection ActiveX Control Heap Overflow clsid access
ET ACTIVEX RKD Software ActiveX Control SaveasMolFile Method Buffer Overflow Attempt
ET ACTIVEX RTSP MPEG4 SP Control ActiveX Control Url Property Buffer Overflow Vulnerability
ET ACTIVEX Rediff Bol Downloader ActiveX Control Remote Code Execution
ET ACTIVEX Registry OCX ActiveX FullPath Method Buffer Overflow Attempt
ET ACTIVEX Possible Rising Online Virus Scanner ActiveX Control Scan
ET ACTIVEX Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow
ET ACTIVEX Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow
ET ACTIVEX Possible SAP GUI ActiveX Control Insecure Method File Overwrite Attempt
ET ACTIVEX ACTIVEX SAP AG SAPgui sapirrfc.dll ActiveX Control Buffer Overflow Attempt
ET ACTIVEX SAP GUI vsflexGrid ActiveX Archive method Buffer Overflow CLSID Attempt
ET ACTIVEX SAP GUI vsflexGrid ActiveX Text method Buffer Overflow CLSID Attempt
ET ACTIVEX SAP GUI vsflexGrid ActiveX EditSelText method Buffer Overflow CLSID Attempt
ET ACTIVEX SAP GUI vsflexGrid ActiveX EditText method Buffer Overflow CLSID Attempt
ET ACTIVEX SAP GUI vsflexGrid ActiveX CellFontName method Buffer Overflow CLSID Attempt
ET ACTIVEX SAP AG SAPgui EAI WebViewer2D ActiveX stack buffer overflow CLSid Access
ET ACTIVEX SAP GUI SAPBExCommonResources ActiveX Insecure Method Code Execution Attempt
ET ACTIVEX SaschArt SasCam Webcam Server ActiveX Control Get Method Buffer Overflow
ET ACTIVEX Possible SmartVMD VideoMovement.dll Buffer Overflow Attempt
ET ACTIVEX SonicWALL SSL VPN Client Remote ActiveX AddRouteEntry Attempt
ET ACTIVEX Sopcast SopCore ActiveX Control Remote Code Execution
ET ACTIVEX SupportSoft DNA Editor Module ActiveX Control Insecure Method Remote Code Execution
ET ACTIVEX Possible Sygate Personal Firewall ActiveX SetRegString Method Stack Overflow Attempt
ET ACTIVEX Symantec BackupExec Calendar Control
ET ACTIVEX Symantec Norton Ghost EasySetupInt.dll ActiveX Multiple Remote Denial of Service
ET ACTIVEX Symantec WinFax Pro DCCFAXVW.DLL Heap Buffer Overflow
ET ACTIVEX Symantec Security Check RuFSI ActiveX Control Buffer Overflow
ET ACTIVEX Symantec Multiple Altiris Products AeXNSConsoleUtilities.dll ActiveX Control BrowseAndSaveFile Method Buffer Overflow Attempt
ET ACTIVEX Possible Symantec Altiris Deployment Solution and Notification Server ActiveX Control RunCmd Arbitrary Code Execution Attempt
ET ACTIVEX Possible Symantec Antivirus 10.0 Client Proxy ActiveX Control Buffer Overflow Attempt
ET ACTIVEX Possible activePDF WebGrabber ActiveX Control Buffer Overflow Attempt
ET ACTIVEX Tumbleweed SecureTransport FileTransfer ActiveX BOF Exploit
ET ACTIVEX Possible HTTP ACTi SaveXMLFile
ET ACTIVEX Possible HTTP ACTi SetText
ET ACTIVEX Possible Edraw PDF Viewer FtpConnect Component ActiveX Remote code execution Attempt
ET ACTIVEX Windows Defender ActiveX DeleteValue/WriteValue method Heap Overflow Attempt
ET ACTIVEX Possible Windows Live Messenger ActiveX Control RichUploadControlContextData Buffer Overflow Attempt
ET ACTIVEX VeryDOC PDF Viewer ActiveX Control OpenPDF Buffer Overflow
ET ACTIVEX Visagesoft eXPert PDF EditorX ActiveX Control Arbitrary File Overwrite
ET ACTIVEX Viscom Software Movie Player Pro SDK ActiveX 6.8 Remote Buffer Overflow Attempt
ET ACTIVEX Possible VMware Console ActiveX Format String Remote Code Execution Attempt
ET ACTIVEX Web on Windows ActiveX Insecure Methods
ET ACTIVEX WinDVD7 IASystemInfo.DLL ActiveX ApplicationType method buffer overflow Attempt
ET ACTIVEX Universal HTTP File Upload Remote File Deletetion
ET ACTIVEX Possible Universal HTTP Image/File Upload ActiveX Remote File Deletion Exploit
ET ACTIVEX Novell ZENWorks for Desktops Remote Heap-Based Buffer Overflow
ET ACTIVEX IE ActiveX control Exec method Remote code execution Attempt
ET ACTIVEX Internet Information Service iisext.dll activex setpassword Insecure Method
ET ACTIVEX 4XEM VatDecoder VatCtrl Class ActiveX Control Url Property Buffer Overflow Vulnerability
ET ACTIVEX Danim.dll and Dxtmsft.dll COM Objects
ET ACTIVEX NCTAudioFile2 ActiveX SetFormatLikeSample
ET ACTIVEX Morovia Barcode ActiveX Control Arbitrary File Overwrite
ET ACTIVEX NCTAVIFile V 1.6.2 Activex File Creation clsid access attempt
ET ACTIVEX iDefense COMRaider ActiveX Control Arbitrary File Deletion
ET ACTIVEX Avaya CallPilot Unified Messaging ActiveX InstallFrom Method Access Attempt
ET ACTIVEX Avaya CallPilot Unified Messaging ActiveX Function Call
ET ACTIVEX Axis Media Controller ActiveX SetImage Method Remote Code Execution Attempt
ET ACTIVEX DjVu DjVu_ActiveX_MSOffice.dll ActiveX Component Heap Buffer Overflow
ET ACTIVEX EasyMail Object SMTP Component Buffer Overflow Function call Attempt
ET ACTIVEX AoA Audio Extractor ActiveX Control Buffer Overflow Attempt
ET ACTIVEX Microsoft DirectX 9 ActiveX Control Format String Function Call
ET ACTIVEX Softek Barcode Reader Toolkit ActiveX Control Format String Function Call
ET ACTIVEX Softek Barcode Reader Toolkit ActiveX Control Buffer Overflow Attempt
ET ACTIVEX Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution Attempt
ET ACTIVEX MW6 Technologies Barcode ActiveX Barcode.dll Multiple Arbitrary File Overwrite
ET ACTIVEX MW6 PDF417 MW6PDF417.dll ActiveX Control Multiple Arbitrary File Overwrite
ET ACTIVEX MW6 DataMatrix DataMatrix.dll ActiveX Control Multiple Arbitrary File Overwrite
ET ACTIVEX MW6 Aztec ActiveX Aztec.dll ActiveX Control Multiple Arbitrary File Overwrite
ET ACTIVEX RSP MP3 Player OCX ActiveX OpenFile Method Buffer Overflow Attempt
ET ACTIVEX AOL Radio AmpX ActiveX Control ConvertFile Method Buffer Overflow
ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 1
ET ACTIVEX MciWndx ActiveX Control
ET ACTIVEX ACTIVEX PPMate PPMedia Class ActiveX Control Buffer Overflow
ET ACTIVEX DB Software Laboratory VImpX.ocx ActiveX Control Multiple Insecure Methods
ET ACTIVEX Microsoft DirectX 9 msvidctl.dll ActiveX Control Code Execution Attempt
ET ACTIVEX Possible Microsoft WMI Administration Tools WEBSingleView.ocx ActiveX Buffer Overflow Attempt Function Call
ET ACTIVEX NewV SmartClient NewvCommon.ocx DelFile Method Arbitrary File Deletion Attempt
ET ACTIVEX Real Networks RealPlayer SP RecordClip Method Remote Code Execution Attempt
ET ACTIVEX COM Object MS06-042 CLSID 21 Access Attempt
ET ACTIVEX Novell iPrint ActiveX GetDriverSettings Remote Code Execution Attempt
ET ACTIVEX Oracle Document Capture Insecure Read Method File Access Attempt
ET ACTIVEX Oracle Document Capture File Deletion Attempt
ET ACTIVEX Oracle Document Capture File Overwrite Attempt
ET ACTIVEX Oracle Document Capture File Overwrite or Buffer Overflow Attempt
ET ACTIVEX RealPlayer CDDA URI Overflow Uninitialized Pointer Attempt
ET ACTIVEX RealNetworks RealGames StubbyUtil.ProcessMgr.1 InstallerDlg.dll Remote Command Execution Attempt
ET ACTIVEX RealNetworks RealGames StubbyUtil.ProcessMgr.1 InstallerDlg.dll Remote Command Execution Attempt
ET ACTIVEX RealNetworks RealGames StubbyUtil.ShellCtl.1 InstallerDlg.dll Remote Command Execution Attempt
ET ACTIVEX RealNetworks RealGames StubbyUtil.ShellCtl.1 InstallerDlg.dll Remote Command Execution Attempt
ET ACTIVEX RealNetworks RealGames StubbyUtil.ShellCtl.1 InstallerDlg.dll Remote Command Execution Attempt
ET ACTIVEX Sun Java Runtime New Plugin Docbase Buffer Overflow Attempt
ET ACTIVEX Possible Microsoft WMI Administration Tools WEBSingleView.ocx ActiveX Buffer Overflow Attempt
ET ACTIVEX Gesytec ElonFmt ActiveX Component GetItem1 member Buffer Overflow Attempt
ET ACTIVEX Gesytec ElonFmt ActiveX Component Format String Function Call
ET ACTIVEX Microsoft Internet Explorer Tabular DataURL ActiveX Control Memory Corruption Attempt
ET ACTIVEX Magneto ICMP ActiveX ICMPSendEchoRequest Remote Code Execution Attempt
ET ACTIVEX Cisco AnyConnect VPN Secure Mobility Client Arbitrary Program Execution Attempt
ET ACTIVEX Cisco AnyConnect VPN Secure Mobility Client Cisco.AnyConnect.VPNWeb.1 Arbitrary Program Execution Attempt
ET ACTIVEX Easewe FTP OCX ActiveX Control EaseWeFtp.ocx Remote Code Execution Attempt
ET ACTIVEX Black Ice Fax Voice SDK GetFirstItem Method Remote Code Execution Exploit
ET ACTIVEX Black Ice Fax Voice SDK GetItemQueue Method Remote Code Execution Exploit
ET ACTIVEX Black Ice Cover Page SDK DownloadImageFileURL Method Exploit
ET ACTIVEX LEADTOOLS Imaging LEADSmtp ActiveX SaveMessage Method Vulnerability
ET ACTIVEX Ubisoft CoGSManager ActiveX RunCore method Buffer Overflow Vulnerability
ET ACTIVEX Ubisoft CoGSManager ActiveX Initialize method Buffer Overflow Vulnerability
ET ACTIVEX CygniCon CyViewer ActiveX Control SaveData Insecure Method Vulnerability
ET ACTIVEX Chilkat Crypt ActiveX Control SaveDecrypted Insecure Method Vulnerability
ET ACTIVEX IDrive Online Backup ActiveX control SaveToFile Insecure Method
ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 5
ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 4
ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 3
ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 2
ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 1
ET ACTIVEX Tom Sawyer Software Possible Memory Corruption Attempt
ET ACTIVEX Tom Sawyer Possible Memory Corruption Attempt Format String Function Call
ET ACTIVEX DivX Plus Web Player DivXPlaybackModule File URL Buffer Overflow Attempt
ET ACTIVEX Oracle AutoVue Activex Insecure method
ET ACTIVEX Oracle AutoVue Activex Insecure method
ET ACTIVEX Oracle AutoVue Activex Insecure method
ET ACTIVEX Oracle AutoVue Activex Insecure method
ET ACTIVEX Oracle AutoVue Activex Insecure method
ET ACTIVEX Oracle AutoVue Activex Insecure method
GPL ACTIVEX winhelp clsid attempt
ET ACTIVEX ASUS Net4Switch ipswcom.dll ActiveX Stack Buffer Overflow
ET ACTIVEX ASUS Net4Switch ActiveX CxDbgPrint Format String Function Call Attempt
ET ACTIVEX EdrawSoft Office Viewer Component ActiveX FtpUploadFile Stack Buffer Overflow
ET ACTIVEX EdrawSoft Office Viewer Component ActiveX FtpUploadFile Format String Function Call Attempt
ET ACTIVEX Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx Access 2
ET ACTIVEX Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx Access 1
ET ACTIVEX 2X Client for RDP ClientSystem Class ActiveX Control InstallClient Function Call Attempt
ET ACTIVEX 2X ApplicationServer TuxSystem Class ActiveX Control ExportSettings Function Call Attempt
ET ACTIVEX 2X ApplicationServer TuxSystem Class ActiveX Control ExportSettings Remote File Overwrite Attempt
ET ACTIVEX 2X ApplicationServer TuxSystem Class ActiveX Control ImportSettings Function Call Attempt
ET ACTIVEX 2X ApplicationServer TuxSystem Class ActiveX Control ImportSettings Remote File Overwrite Attempt
ET ACTIVEX 2X Client for RDP ClientSystem Class ActiveX Control InstallClient Download and Execute
ET ACTIVEX Dell Webcam CrazyTalk ActiveX Control BackImage Access Potential Buffer Overflow Attempt
ET ACTIVEX Quest InTrust Annotation Objects ActiveX Control Add Access Potential Remote Code Execution
ET ACTIVEX Quest InTrust Annotation Objects ActiveX Control Add Access Potential Remote Code Execution 2
ET ACTIVEX TRENDnet TV-IP121WN UltraMJCam ActiveX Control OpenFileDlg Access Potential Remote Stack Buffer Overflow
ET ACTIVEX TRENDnet TV-IP121WN UltraMJCam ActiveX Control OpenFileDlg Access Potential Remote Stack Buffer Overflow 2
ET ACTIVEX Possible UserManager SelectServer method Buffer Overflow Attempt
ET ACTIVEX Dell Webcam CrazyTalk ActiveX Control BackImage Access Potential Buffer Overflow Attempt 2
ET ACTIVEX Microsoft PicturePusher ActiveX Cross Site File Upload Attack
ET ACTIVEX Possible IBM Tivoli Provisioning Manager Express Isig.isigCtl.1 ActiveX RunAndUploadFile Method Overflow
ET ACTIVEX Possible IBM Tivoli Provisioning Manager Express Isig.isigCtl.1 ActiveX RunAndUploadFile Method Overflow 2
ET ACTIVEX Possible Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal Remote Registry Dump Vulnerability
ET ACTIVEX Possible Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal Remote Registry Dump Vulnerability 2
ET ACTIVEX Possible Edraw Diagram Component 5 ActiveX LicenseName Access Potential buffer overflow DOS
ET ACTIVEX Possible Edraw Diagram Component 5 ActiveX LicenseName Access Potential buffer overflow DOS 2
ET ACTIVEX Possible Quest vWorkspace Broker Client ActiveX Control SaveMiniLaunchFile Remote File Creation/Overwrite
ET ACTIVEX Quest vWorkspace Broker Client ActiveX Control SaveMiniLaunchFile Remote File Creation/Overwrite 2
ET ACTIVEX Possible Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution
ET ACTIVEX Possible Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution 2
ET ACTIVEX Possible McAfee SaaS MyCioScan ShowReport Method Call Remote Command Execution
ET ACTIVEX Possible McAfee SaaS MyCioScan ShowReport Method Call Remote Command Execution 2
ET ACTIVEX Tracker Software pdfSaver ActiveX InitFromRegistry Method Access Potential Buffer Overflow 2
ET ACTIVEX Tracker Software pdfSaver ActiveX InitFromRegistry Method Access Potential Buffer Overflow
ET ACTIVEX Tracker Software pdfSaver ActiveX StoreInRegistry Method Access Potential Buffer Overflow
ET ACTIVEX Tracker Software pdfSaver ActiveX StoreInRegistry Method Access Potential Buffer Overflow 2
ET ACTIVEX Quest Explain Plan Display ActiveX Control SaveToFile Insecure Method Access
ET ACTIVEX Quest Explain Plan Display ActiveX Control SaveToFile Insecure Method Access 2
ET ACTIVEX Possible McAfee Virtual Technician MVT.MVTControl.6300 ActiveX Control GetObject method Remote Code Execution
ET ACTIVEX Possible McAfee Virtual Technician MVT.MVTControl.6300 ActiveX Control GetObject method Remote Code Execution 2
ET ACTIVEX Possible Samsung NET-i Viewer Active-X SEH Overwrite
ET ACTIVEX Possible WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow
ET ACTIVEX Possible WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow 2
ET ACTIVEX Possible Camera Stream Client Possible ActiveX Control SetDirectory Method Access Buffer Overflow 2
ET ACTIVEX Possible Camera Stream Client Possible ActiveX Control SetDirectory Method Access Buffer Overflow
ET ACTIVEX Possible IBM Lotus iNotes Upload Module possible ActiveX Control Attachment_Times Method Access Buffer Overflow Attempt
ET ACTIVEX Possible Autodesk MapGuide Viewer ActiveX LayersViewWidth Method Access Denial of Service
ET ACTIVEX Possible Autodesk MapGuide Viewer ActiveX LayersViewWidth Method Access Denial of Service 2
ET ACTIVEX Possible SonciWALL Aventail AuthCredential Format String Exploit 2
ET ACTIVEX Possible SonciWALL Aventail AuthCredential Format String Exploit
ET ACTIVEX Possible IBM Rational ClearQuest Activex Control RegisterSchemaRepoFromFileByDbSet Insecure Method Access
ET ACTIVEX Possible Crystal Reports Viewer Activex Control ServerResourceVersion Insecure Method Access
ET ACTIVEX Possible Crystal Reports Viewer Activex Control ServerResourceVersion Insecure Method Access 2
ET ACTIVEX Possible AdminStudio Activex Control LaunchProcess Method Access Arbitrary Code Execution
ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt
ET ACTIVEX Possible beSTORM ActiveX
ET ACTIVEX Possible CA BrightStor ARCserve Backup ActiveX AddColumn Method Access Buffer Overflow
ET ACTIVEX Possible CommuniCrypt Mail SMTP ActiveX AddAttachments Method Access Stack Buffer Overflow
ET ACTIVEX Possible CA BrightStor ARCserve Backup ActiveX AddColumn Method Access Buffer Overflow 2
ET ACTIVEX Possible Oracle AutoVue ActiveX SetMarkupMode Method Access Remote Code Execution
ET ACTIVEX Possible Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute
ET ACTIVEX Possible WinZip FileView ActiveX CreateNewFolderFromName Method Access Buffer Overflow
ET ACTIVEX Possible WinZip FileView
ET ACTIVEX Possible BarCodeWiz
ET ACTIVEX Possible AOL ICQ ActiveX Control DownloadAgent Method Access Arbitrary File Download and Execute
ET ACTIVEX Possible AOL ICQ ActiveX Control DownloadAgent Method Access Arbitrary File Download and Execute 2
ET ACTIVEX Possible BarCodeWiz BarcodeWiz.dll ActiveX Control Barcode Method Remote Buffer Overflow Attempt
ET ACTIVEX Possible HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
ET ACTIVEX Possible HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution 2
ET ACTIVEX Possible Kazaa Altnet Download Manager ActiveX Control Install Method Access Buffer Overflow
ET ACTIVEX Possible CA eTrust PestPatrol ActiveX Control Buffer Overflow
ET ACTIVEX Possible Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow
ET ACTIVEX Possible Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow 2
ET ACTIVEX Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow
ET ACTIVEX Image Viewer CP Gold Image2PDF Buffer Overflow
ET ACTIVEX Netcraft Toolbar Remote Code Execution
ET ACTIVEX ImageShack Toolbar Remote Code Execution
ET ACTIVEX Advanced File Vault Activex Heap Spray Attempt
ET ACTIVEX dBpowerAMP Audio Player 2 FileExists Method ActiveX Buffer Overflow
ET ACTIVEX FathFTP 1.8 EnumFiles Method ActiveX Buffer Overflow
ET ACTIVEX Possible NVIDIA Install Application ActiveX Control AddPackages Unicode Buffer Overflow
ET ACTIVEX Possible HP ALM XGO.ocx ActiveX Control SetShapeNodeType method Remote Code Execution
ET ACTIVEX Possible Cyme ChartFX client server ActiveX Control ShowPropertiesDialog arbitrary code execution
ET ACTIVEX Possible Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Attempt
ET ACTIVEX Possible Sony PC Companion Load method Stack-based Unicode Buffer Overload SEH
ET ACTIVEX Possible Sony PC Companion CheckCompatibility method Stack-based Unicode Buffer Overload
ET ACTIVEX Possible Sony PC Companion Admin_RemoveDirectory Stack-based Unicode Buffer Overload SEH
ET ACTIVEX Possible Honeywell Tema Remote Installer ActiveX DownloadFromURL method Remote Code Execution
ET ACTIVEX Possible KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability
ET ACTIVEX Possible Samsung Kies ActiveX PrepareSync method Buffer overflow
ET ACTIVEX Possible KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability 2
ET ACTIVEX Possible Aloaha PDF Crypter activex SaveToFile method arbitrary file overwrite
ET ACTIVEX Possible Ecava IntegraXor save method Remote ActiveX Buffer Overflow
GPL ACTIVEX Norton antivirus sysmspam.dll load attempt
ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdSave Method Access Buffer Overflow
ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdExport Method Access Buffer Overflow
ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdSave Method Access Buffer Overflow 2
ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdExport Method Access Buffer Overflow 2
ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdImport Method Access Buffer Overflow
ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdImport Method Access Buffer Overflow 2
ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdOpen Method Access Buffer Overflow
ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdOpen Method Access Buffer Overflow 2
ET ACTIVEX Possible Chilkat Software FTP2 ActiveX Component GetFile Access Remote Code Execution
ET ACTIVEX Possible NET-i viewer ActiveX Control ConnectDDNS Method Access Code Execution Vulnerability 2
ET ACTIVEX Possible Chilkat Software FTP2 ActiveX Component GetFile Access Remote Code Execution 2
ET ACTIVEX Possible NET-i viewer ActiveX Control ConnectDDNS Method Access Code Execution Vulnerability
ET ACTIVEX Possible Windows Live Writer ActiveX BlogThisLink Method Access Denail of Service Attack
ET ACTIVEX Possible NET-i viewer ActiveX Control BackupToAvi Method Access Buffer Overflow 2
ET ACTIVEX Possible NET-i viewer ActiveX Control BackupToAvi Method Access Buffer Overflow
ET ACTIVEX Possible Windows Live Writer ActiveX BlogThisLink Method Access Denail of Service Attack 2
ET ACTIVEX Possible SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control Install3rdPartyComponent Method Buffer Overflow
ET ACTIVEX Possible LEADTOOLS ActiveX Raster Twain AppName Method Access Buffer Overflow 2
ET ACTIVEX Possible SkinCrafter ActiveX Control InitLicenKeys Method Access Buffer Overflow
ET ACTIVEX Possible LEADTOOLS ActiveX Raster Twain AppName Method Access Buffer Overflow
ET ACTIVEX Possible Wireless Manager Sony VAIO ConnectToNetwork Method Access Buffer Overflow
ET ACTIVEX Possible Wireless Manager Sony VAIO SetTmpProfileOption Method Access Buffer Overflow
ET ACTIVEX Possible SkinCrafter ActiveX Control InitLicenKeys Method Access Buffer Overflow 2
ET ACTIVEX Possible IBM Lotus Quickr for Domino ActiveX control Import_Times Method Access buffer overflow Attempt
ET ACTIVEX Possible IBM Lotus Quickr for Domino ActiveX control Attachment_Times Method Access buffer overflow Attempt
ET ACTIVEX SigPlus Pro 3.74 ActiveX LCDWriteString Method Remote Buffer Overflow
ET ACTIVEX SoftArtisans XFile FileManager ActiveX Buildpath method stack overflow Attempt
ET ACTIVEX SoftArtisans XFile FileManager ActiveX stack overfow Function call Attempt
ET ACTIVEX SoftArtisans XFile FileManager ActiveX GetDriveName method stack overflow Attempt
ET ACTIVEX SoftArtisans XFile FileManager ActiveX DriveExists method stack overflow Attempt
ET ACTIVEX SoftArtisans XFile FileManager ActiveX DeleteFile method stack overflow Attempt
ET ACTIVEX HP Easy Printer Care Software XMLCacheMgr ActiveX Control Remote Code Execution Attempt
ET ACTIVEX J-Integra ActiveX SetIdentity Buffer Overflow
ET ACTIVEX J-Integra Remote Code Execution
ET ACTIVEX WMITools ActiveX Remote Code Execution
ET ACTIVEX COM Object Instantiation Memory Corruption Vulnerability MS05-054
ET ACTIVEX winhlp32 ActiveX control attack - phase 1
ET ACTIVEX winhlp32 ActiveX control attack - phase 2
ET ACTIVEX winhlp32 ActiveX control attack - phase 3
ET ATTACK_RESPONSE Cisco TclShell TFTP Read Request
ET ATTACK_RESPONSE Cisco TclShell TFTP Download
ET ATTACK_RESPONSE FTP inaccessible directory access COM1
ET ATTACK_RESPONSE FTP inaccessible directory access COM2
ET ATTACK_RESPONSE FTP inaccessible directory access COM3
ET ATTACK_RESPONSE FTP inaccessible directory access COM4
ET ATTACK_RESPONSE FTP inaccessible directory access LPT1
ET ATTACK_RESPONSE FTP inaccessible directory access LPT2
ET ATTACK_RESPONSE FTP inaccessible directory access LPT3
ET ATTACK_RESPONSE FTP inaccessible directory access LPT4
ET ATTACK_RESPONSE FTP inaccessible directory access AUX
ET ATTACK_RESPONSE FTP inaccessible directory access NULL
ET ATTACK_RESPONSE Off-Port FTP Without Banners - pass
ET ATTACK_RESPONSE Off-Port FTP Without Banners - retr
ET ATTACK_RESPONSE Hostile FTP Server Banner
ET ATTACK_RESPONSE Hostile FTP Server Banner
ET ATTACK_RESPONSE Hostile FTP Server Banner
ET ATTACK_RESPONSE Unusual FTP Server Banner
ET ATTACK_RESPONSE Unusual FTP Server Banner
ET ATTACK_RESPONSE Metasploit Meterpreter File Download Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Process List
ET ATTACK_RESPONSE Metasploit Meterpreter Getuid Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Process Migration Detected
ET ATTACK_RESPONSE Metasploit Meterpreter ipconfig Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Sysinfo Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Route Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Kill Process Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Print Working Directory Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter View Current Process ID Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Execute Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter System Reboot/Shutdown Detected
ET ATTACK_RESPONSE Metasploit Meterpreter System Get Idle Time Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Make Directory Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Remove Directory Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Change Directory Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter List
ET ATTACK_RESPONSE Metasploit Meterpreter rev2self Command Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Enabling/Disabling of Keyboard Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Enabling/Disabling of Mouse Detected
ET ATTACK_RESPONSE Metasploit Meterpreter File/Memory Interaction Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Registry Interation Detected
ET ATTACK_RESPONSE Metasploit Meterpreter File Upload Detected
ET ATTACK_RESPONSE Metasploit Meterpreter Channel Interaction Detected, Likely Interaction With Executable
ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host
ET ATTACK_RESPONSE c99shell phpshell detected
ET ATTACK_RESPONSE Weak Netbios Lanman Auth Challenge Detected
ET ATTACK_RESPONSE FTP CWD to windows system32 - Suspicious
ET ATTACK_RESPONSE Windows LMHosts File Download - Likely DNSChanger Infection
ET ATTACK_RESPONSE Outbound PHP Connection
ET ATTACK_RESPONSE r57 phpshell source being uploaded
ET ATTACK_RESPONSE r57 phpshell footer detected
ET ATTACK_RESPONSE x2300 phpshell detected
ET ATTACK_RESPONSE RFI Scanner detected
ET ATTACK_RESPONSE C99 Modified phpshell detected
ET ATTACK_RESPONSE lila.jpg phpshell detected
ET ATTACK_RESPONSE ALBANIA id.php detected
ET ATTACK_RESPONSE Mic22 id.php detected
ET ATTACK_RESPONSE Off-Port FTP Without Banners - user
ET ATTACK_RESPONSE Unusual FTP Server Banner on High Port
ET ATTACK_RESPONSE Unusual FTP Server Banner on High Port
ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host
ET ATTACK_RESPONSE Unusual FTP Server Banner
ET ATTACK_RESPONSE Unusual FTP Server Banner
ET ATTACK_RESPONSE Ipconfig Response Detected
ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system
ET ATTACK_RESPONSE Windows 7 CMD Shell from Local System
GPL ATTACK_RESPONSE id check returned userid
GPL ATTACK_RESPONSE id check returned nobody
GPL ATTACK_RESPONSE id check returned http
GPL ATTACK_RESPONSE id check returned apache
GPL ATTACK_RESPONSE index of /cgi-bin/ response
GPL ATTACK_RESPONSE Invalid URL
GPL ATTACK_RESPONSE command completed
GPL ATTACK_RESPONSE command error
GPL ATTACK_RESPONSE file copied ok
GPL ATTACK_RESPONSE isakmp login failed
GPL ATTACK_RESPONSE del attempt
GPL ATTACK_RESPONSE directory listing
GPL ATTACK_RESPONSE directory listing
GPL ATTACK_RESPONSE id check returned root
GPL ATTACK_RESPONSE id check returned web
ET ATTACK_RESPONSE HTTP 401 Unauthorized
ET ATTACK_RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack
ET ATTACK_RESPONSE Backdoor reDuh http initiate
ET ATTACK_RESPONSE Backdoor reDuh http tunnel
ET ATTACK_RESPONSE Possible Ipconfig Information Detected in HTTP Response
ET ATTACK_RESPONSE MySQL User Account Enumeration
ET ATTACK_RESPONSE Net User Command Response
ET ATTACK_RESPONSE Non-Local Burp Proxy Error
ET ATTACK_RESPONSE python shell spawn attempt
ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system 2
ET ATTACK_RESPONSE Output of id command from HTTP server
ET ATTACK_RESPONSE Possible IPMI 2.0 RAKP Remote SHA1 Password Hash Retreival RAKP message 2 status code Unauthorized Name
ET ATTACK_RESPONSE Microsoft Powershell Banner Outbound
ET ATTACK_RESPONSE Microsoft CScript Banner Outbound
ET ATTACK_RESPONSE Microsoft WMIC Prompt Outbound
ET ATTACK_RESPONSE Microsoft Netsh Firewall Disable Output Outbound
ET ATTACK_RESPONSE SysInternals sc.exe Output Outbound
ET ATTACK_RESPONSE MySQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE MySQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE MySQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE MySQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE MySQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE MySQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE PostgreSQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE PostgreSQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE PostgreSQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE PostgreSQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE PostgreSQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE PostgreSQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Microsoft SQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Microsoft SQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Microsoft SQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Microsoft SQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Microsoft SQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Microsoft Access error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Microsoft Access error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Microsoft Access error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Oracle error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Oracle error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Oracle error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Oracle error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Oracle error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE DB2 error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE DB2 error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE DB2 error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Informix error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Firebird error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Firebird error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE SQLite error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE SQLite error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE SQLite error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE SQLite error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE SQLite error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE SAP MaxDB error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE SAP MaxDB error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Sybase error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Sybase error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Sybase error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Ingres error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE SQLite error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Ingres error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Ingres error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Frontbase error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE HSQLDB error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Microsoft SQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Microsoft SQL error in HTTP response, possible SQL injection point
ET ATTACK_RESPONSE Possible /etc/passwd via HTTP
ET ATTACK_RESPONSE Possible /etc/passwd via HTTP
ET ATTACK_RESPONSE Possible /etc/passwd via SMTP
ET ATTACK_RESPONSE Possible /etc/passwd via SMTP
ET ATTACK_RESPONSE Matahari client
ET ATTACK_RESPONSE Possible CVE-2016-1287 Inbound Reverse CLI Shellcode
ET ATTACK_RESPONSE Possible BeEF HTTP Headers Inbound
ET ATTACK_RESPONSE 401TRG Perl DDoS IRCBot File Download
ET ATTACK_RESPONSE webr00t WebShell Access
ET ATTACK_RESPONSE PHP script in OptimizePress Upload Directory Possible WebShell Access
ET ATTACK_RESPONSE Linksys Router Returning Device Settings To External Source
ET ATTACK_RESPONSE Zone-H.org defacement notification
ET ATTACK_RESPONSE WSO - WebShell Activity - WSO Title
ET ATTACK_RESPONSE WSO - WebShell Activity - POST structure
ET ATTACK_RESPONSE passwd file Outbound from WEB SERVER Linux
ET ATTACK_RESPONSE Possible ASPXSpy Request
ET ATTACK_RESPONSE Possible ASPXSpy Related Activity
ET ATTACK_RESPONSE Possible ASPXSpy Upload Attempt
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded New-Object
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Start-Process
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-WmiMethod
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command
ET ATTACK_RESPONSE PowerShell Execution String Base64 Encoded Invoke-Command
ET ATTACK_RESPONSE UTF8 base64 string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF8 base64 string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF8 base64 string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF16-LE base64 string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF16-LE base64 string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF16-LE base64 string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF8 base64 wide string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF8 base64 wide string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF8 base64 wide string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF16-LE base64 wide string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF16-LE base64 wide string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF16-LE base64 wide string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF8 base64 reversed string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF8 base64 reversed string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF8 base64 reversed string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF16 base64 reversed string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF16 base64 reversed string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE UTF16 base64 reversed string /This Program/ in DNS TXT Reponse
ET ATTACK_RESPONSE Metasploit Meterpreter Reverse HTTPS certificate
ET ATTACK_RESPONSE LaZagne Artifact Outbound in FTP
ET ATTACK_RESPONSE Windows SCM DLL Hijack Command Inbound via HTTP M1
ET ATTACK_RESPONSE Windows SCM DLL Hijack Command Inbound via HTTP M2
ET ATTACK_RESPONSE Windows SCM DLL Hijack Command
ET ATTACK_RESPONSE Windows SCM DLL Hijack Command
ET ATTACK_RESPONSE Windows SCM DLL Hijack Command Inbound via HTTP M3
ET ATTACK_RESPONSE Windows SCM DLL Hijack Command
ET ATTACK_RESPONSE Possible Lateral Movement - File Creation Request in Remote System32 Directory
ET ATTACK_RESPONSE Possible Remote System32 DLL Hijack Command Inbound via HTTP
ET CHAT Facebook Chat using XMPP
ET CHAT GaduGadu Chat Client Login Packet
ET CHAT GaduGadu Chat Server Login Failed Packet
ET CHAT GaduGadu Chat Server Available Status Packet
ET CHAT GaduGadu Chat Send Message
ET CHAT GaduGadu Chat Receive Message
ET CHAT GaduGadu Chat Keepalive PING
ET CHAT GaduGadu Chat Keepalive PONG
ET CHAT GaduGadu Chat File Send Request
ET CHAT GaduGadu Chat File Send Details
ET CHAT GaduGadu Chat File Send Accept
ET CHAT GaduGadu Chat File Send Begin
ET CHAT ICQ Status Invisible
ET CHAT ICQ Status Change
ET CHAT ICQ Status Change
ET CHAT ICQ Login
ET CHAT ICQ Message
ET CHAT Google Talk
ET CHAT MSN file transfer request
ET CHAT MSN file transfer accept
ET CHAT MSN file transfer reject
ET CHAT MSN status change
ET CHAT Yahoo IM voicechat
ET CHAT Yahoo IM ping
ET CHAT Yahoo IM conference invitation
ET CHAT Yahoo IM conference logon success
ET CHAT Yahoo IM conference message
ET CHAT Yahoo IM Unavailable Status
ET CHAT Yahoo IM message
ET CHAT Yahoo IM conference offer invitation
ET CHAT Yahoo IM conference request
ET CHAT Yahoo IM conference watch
ET CHAT IRC authorization message
ET CHAT Known SSL traffic on port 5222
ET CHAT Known SSL traffic on port 5223
ET CHAT Yahoo IM Client Install
ET CHAT Google IM traffic Jabber client sign-on
ET CHAT Possible MSN Messenger File Transfer
ET CHAT Skype VOIP Checking Version
ET CHAT General MSN Chat Activity
ET CHAT Facebook Chat
ET CHAT Facebook Chat
GPL CHAT MSN user search
GPL CHAT MSN login attempt
GPL CHAT MSN outbound file transfer request
GPL CHAT MSN outbound file transfer accept
GPL CHAT MSN outbound file transfer rejected
GPL CHAT AIM receive message
GPL CHAT AIM send message
GPL CHAT AIM login
GPL CHAT MSN message
GPL CHAT ICQ access
GPL CHAT IRC Channel join
GPL CHAT IRC DCC chat request
GPL CHAT IRC DCC file transfer request
ET CHAT IRC NICK command
ET CHAT IRC JOIN command
ET CHAT IRC USER command
ET CHAT IRC PRIVMSG command
ET CHAT IRC PING command
GPL CHAT Yahoo IM successful chat join
GPL CHAT Yahoo IM conference request
GPL CHAT Yahoo IM ping
GPL CHAT Yahoo IM conference offer invitation
GPL CHAT Yahoo IM conference message
GPL CHAT Yahoo IM conference watch
GPL CHAT Yahoo Messenger File Transfer Receive Request
GPL CHAT Yahoo IM voicechat
GPL CHAT Yahoo IM conference logon success
GPL CHAT Yahoo IM conference invitation
ET CHAT Skype User-Agent detected
ET CHAT Facebook Chat
ET CHAT MSN IM Poll via HTTP
ET CHAT IRC USER Likely bot with 0 0 colon checkin
ET CHAT IRC USER Off-port Likely bot with 0 0 colon checkin
ET CHAT IRC PONG response
ET CHAT GaduGadu Chat Server Login OK Packet
ET CHAT Yahoo IM file transfer request
ET CHAT Skype Bootstrap Node
GPL CHAT Jabber/Google Talk Outoing Message
GPL CHAT Jabber/Google Talk Outgoing Traffic
GPL CHAT Jabber/Google Talk Outgoing Auth
GPL CHAT Jabber/Google Talk Log Out
GPL CHAT Google Talk Startup
GPL CHAT Google Talk Logon
GPL CHAT Google Talk Version Check
GPL CHAT Jabber/Google Talk Logon Success
GPL CHAT Jabber/Google Talk Incoming Message
ET CHAT Gadu-Gadu IM Login Server Request
ET CHAT Gadu-Gadu Chat Client Checkin via HTTP
ET CHAT GaduGadu Chat Server Welcome Packet
ET CURRENT_EVENTS Malvertising drive by kit encountered - Loading...
ET CURRENT_EVENTS SWF served from /tmp/
ET CURRENT_EVENTS Possible Neosploit Toolkit download
ET CURRENT_EVENTS RetroGuard Obfuscated JAR likely part of hostile exploit kit
ET CURRENT_EVENTS WindowsLive Imposter Site WindowsLive.png
ET CURRENT_EVENTS WindowsLive Imposter Site Landing Page
ET CURRENT_EVENTS WindowsLive Imposter Site blt .png
ET CURRENT_EVENTS WindowsLive Imposter Site Payload Download
ET CURRENT_EVENTS Java Exploit io.exe download served
ET CURRENT_EVENTS Internal WebServer Compromised By Lizamoon Mass SQL-Injection Attacks
ET CURRENT_EVENTS Potential Lizamoon Client Request /ur.php
ET CURRENT_EVENTS Paypal Phishing victim POSTing data
ET CURRENT_EVENTS Potential Paypal Phishing Form Attachment
ET CURRENT_EVENTS Potential ACH Transaction Phishing Attachment
ET CURRENT_EVENTS Java Exploit Attempt Request for hostile binary
ET CURRENT_EVENTS Malicious JAR olig
ET CURRENT_EVENTS Unknown Exploit Pack Binary Load Request
ET CURRENT_EVENTS Adobe Flash Unicode SWF File Embedded in Office File Caution - Could be Hostile
ET CURRENT_EVENTS Likely Redirector to Exploit Page /in/rdrct/rckt/?
ET CURRENT_EVENTS Unknown .ru Exploit Redirect Page
ET CURRENT_EVENTS Eleonore Exploit Pack exemple.com Request
ET CURRENT_EVENTS Java/PDF Exploit kit from /Home/games/ initial landing
ET CURRENT_EVENTS Exploit kit mario.jar
ET CURRENT_EVENTS Java/PDF Exploit kit initial landing
ET CURRENT_EVENTS Fake Shipping Invoice Request to JPG.exe Executable
ET CURRENT_EVENTS Sidename.js Injected Script Served by Local WebServer
ET CURRENT_EVENTS Java Exploit Attempt applet via file URI setAttribute
ET CURRENT_EVENTS Driveby Exploit Kit Browser Progress Checkin - Binary Likely Previously Downloaded
ET CURRENT_EVENTS Possible CVE-2011-2110 Flash Exploit Attempt Embedded in Web Page
ET CURRENT_EVENTS Possible CVE-2011-2110 Flash Exploit Attempt
ET CURRENT_EVENTS cssminibar.js Injected Script Served by Local WebServer
ET CURRENT_EVENTS Known Injected Credit Card Fraud Malvertisement Script
ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - flickr.com.*
ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - picasa.com.*
ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - blogger.com.*
ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - wordpress.com.*
ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - img.youtube.com.*
ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - upload.wikimedia.com.*
ET CURRENT_EVENTS Obfuscated Javascript Often Used in Drivebys
ET CURRENT_EVENTS Malicious 1px iframe related to Mass Wordpress Injections
ET CURRENT_EVENTS Java Exploit Attempt applet via file URI param
ET CURRENT_EVENTS Exploit kit worms.jar
ET CURRENT_EVENTS Driveby Generic Java Exploit Attempt
ET CURRENT_EVENTS Driveby Generic Java Exploit Attempt 2
ET CURRENT_EVENTS Unknown Java Exploit Kit x.jar?o=
ET CURRENT_EVENTS Unknown Java Exploit Kit lo.class
ET CURRENT_EVENTS Unknown Java Exploit Kit lo2.jar
ET CURRENT_EVENTS Lilupophilupop Injected Script Being Served to Client
ET CURRENT_EVENTS Lilupophilupop Injected Script Being Served from Local Server
ET CURRENT_EVENTS Likely Generic Java Exploit Attempt Request for Java to decimal host
ET CURRENT_EVENTS Probable Scalaxy exploit kit Java or PDF exploit request
ET CURRENT_EVENTS Obfuscated Base64 in Javascript probably Scalaxy exploit kit
ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested com.class
ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested org.class
ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested edu.class
ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested net.class
ET CURRENT_EVENTS User-Agent used in Injection Attempts
ET CURRENT_EVENTS Download of Microsft Office File From Russian Content-Language Website
ET CURRENT_EVENTS Download of Microsoft Office File From Chinese Content-Language Website
ET CURRENT_EVENTS Download of PDF File From Russian Content-Language Website
ET CURRENT_EVENTS Download of PDF File From Chinese Content-Language Website
ET CURRENT_EVENTS Saturn Exploit Kit binary download request
ET CURRENT_EVENTS Saturn Exploit Kit probable Java MIDI exploit request
ET CURRENT_EVENTS DRIVEBY SEO Exploit Kit request for PDF exploit
ET CURRENT_EVENTS SEO Exploit Kit - client exploited
ET CURRENT_EVENTS Unknown Exploit Kit reporting Java and PDF state
ET CURRENT_EVENTS Unknown Exploit Kit Java requesting malicious JAR
ET CURRENT_EVENTS Unknown Exploit Kit Java requesting malicious EXE
ET CURRENT_EVENTS Unknown Exploit Kit request for pdf_err__Error__Unspecified
ET CURRENT_EVENTS Phoenix-style Exploit Kit Java Request with semicolon in URI
ET CURRENT_EVENTS Document.write Long Backslash UTF-16 Encoded Content - Exploit Kit Behavior Flowbit Set
ET CURRENT_EVENTS Excessive new Array With Newline - Exploit Kit Behavior Flowbit Set
ET CURRENT_EVENTS DRIVEBY SEO Exploit Kit request for Java exploit
ET CURRENT_EVENTS Unknown Exploit Kit Landing Response Malicious JavaScript
ET CURRENT_EVENTS Jupiter Exploit Kit Landing Page with Malicious Java Applets
ET CURRENT_EVENTS Phoenix Exploit Kit Newplayer.pdf
ET CURRENT_EVENTS Phoenix Exploit Kit Printf.pdf
ET CURRENT_EVENTS Phoenix Exploit Kit Geticon.pdf
ET CURRENT_EVENTS Phoenix Exploit Kit All.pdf
ET CURRENT_EVENTS Saturn Exploit Kit probable Java exploit request
ET CURRENT_EVENTS PDF served from /tmp/ could be Phoenix Exploit Kit
ET CURRENT_EVENTS JAR served from /tmp/ could be Phoenix Exploit Kit
ET CURRENT_EVENTS DRIVEBY SEO Exploit Kit request for Java and PDF exploits
ET CURRENT_EVENTS Adobe Flash SWF File Embedded in XLS FILE Caution - Could be Exploit
ET CURRENT_EVENTS Sakura Exploit Kit Landing Page Request
ET CURRENT_EVENTS Sakura Exploit Kit Binary Load Request
ET CURRENT_EVENTS Clickfraud Framework Request
ET CURRENT_EVENTS Known Malicious Link Leading to Exploit Kits
ET CURRENT_EVENTS Incognito Exploit Kit Java request to showthread.php?t=
ET CURRENT_EVENTS Yang Pack Exploit Kit Landing Page Known JavaScript Function Detected
ET CURRENT_EVENTS Exploit Kit Exploiting IEPeers
ET CURRENT_EVENTS CUTE-IE.html CutePack Exploit Kit Landing Page Request
ET CURRENT_EVENTS CutePack Exploit Kit JavaScript Variable Detected
ET CURRENT_EVENTS CUTE-IE.html CutePack Exploit Kit Iframe for Landing Page Detected
ET CURRENT_EVENTS CutePack Exploit Kit Landing Page Detected
ET CURRENT_EVENTS Dadong Exploit Kit Downloaded
ET CURRENT_EVENTS Obfuscated Content Using Dadongs JSXX 0.41 VIP Obfuscation Script
ET CURRENT_EVENTS DRIVEBY Incognito libtiff PDF Exploit Requested
ET CURRENT_EVENTS Clickpayz redirection to *.clickpayz.com
ET CURRENT_EVENTS Dadong Java Exploit Requested
ET CURRENT_EVENTS RogueAV Wordpress Injection Campaign Compromised Page Served to Local Client
ET CURRENT_EVENTS Compromised Wordpress Redirect
ET CURRENT_EVENTS RougeAV Wordpress Injection Campaign Compromised Page Served From Local Compromised Server
ET CURRENT_EVENTS Likely Scalaxy Exploit Kit URL template download
ET CURRENT_EVENTS Probable Scalaxy exploit kit secondary request
ET CURRENT_EVENTS Java Rhino Exploit Attempt - evilcode.class
ET CURRENT_EVENTS Possible Dynamic DNS Exploit Pack Landing Page /de/sN
ET CURRENT_EVENTS Possible Dynamic Dns Exploit Pack Java exploit
ET CURRENT_EVENTS SEO Exploit Kit - Landing Page
ET CURRENT_EVENTS Italian Spam Campaign
ET CURRENT_EVENTS Known Fraudulent DigiNotar SSL Certificate for google.com
ET CURRENT_EVENTS Malicious TDS /indigo?
ET CURRENT_EVENTS TDS Sutra - redirect received
ET CURRENT_EVENTS TDS Sutra - request in.cgi
ET CURRENT_EVENTS TDS Sutra - HTTP header redirecting to a SutraTDS
ET CURRENT_EVENTS TDS Sutra - cookie set
ET CURRENT_EVENTS Unkown exploit kit version check
ET CURRENT_EVENTS Incognito Exploit Kit Java request to images.php?t=
ET CURRENT_EVENTS TDS Sutra - cookie set RULEZ
ET CURRENT_EVENTS TDS Sutra - cookie is set RULEZ
ET CURRENT_EVENTS Jembot PHP Webshell
ET CURRENT_EVENTS Jembot PHP Webshell
ET CURRENT_EVENTS Suspicious Self Signed SSL Certificate CN of common Possible SSL CnC
ET CURRENT_EVENTS Suspicious Self Signed SSL Certificate with admin@common Possible SSL CnC
ET CURRENT_EVENTS TDS Sutra - cookie set
ET CURRENT_EVENTS TDS Sutra - redirect received
ET CURRENT_EVENTS Incognito Exploit Kit payload request to images.php?t=N
ET CURRENT_EVENTS Incognito Exploit Kit PDF request to images.php?t=81118
ET CURRENT_EVENTS Neosploit Java Exploit Kit request to /? plus hex 32
ET CURRENT_EVENTS Unkown exploit kit jar download
ET CURRENT_EVENTS Unkown exploit kit pdf download
ET CURRENT_EVENTS Unkown exploit kit payload download
ET CURRENT_EVENTS Redkit Java Exploit request to /24842.jar
ET CURRENT_EVENTS Unknown java_ara Bin Download
ET CURRENT_EVENTS Incognito Exploit Kit landing page request to images.php?t=4xxxxxxx
ET CURRENT_EVENTS FedEX Spam Inbound
ET CURRENT_EVENTS UPS Spam Inbound
ET CURRENT_EVENTS Post Express Spam Inbound
ET CURRENT_EVENTS webshell used In timthumb attacks GIF98a 16129xX with PHP
ET CURRENT_EVENTS Possible Sakura Exploit Kit Version 1.1 document.write Fake 404 - Landing Page
ET CURRENT_EVENTS Sakura Exploit Kit Version 1.1 Archive Request
ET CURRENT_EVENTS Redirect to driveby sid=mix
ET CURRENT_EVENTS SN and CN From MS TS Revoked Cert Chain Seen
ET CURRENT_EVENTS RedKit - Java Exploit Requested - 5 digit jar
ET CURRENT_EVENTS RedKit - Jar File Naming Algorithm
ET CURRENT_EVENTS RedKit - Landing Page Received - applet and code
ET CURRENT_EVENTS NuclearPack - JAR Naming Algorithm
ET CURRENT_EVENTS DRIVEBY Incognito Landing Page Requested .php?showtopic=6digit
ET CURRENT_EVENTS DRIVEBY Incognito Landing Page Received applet and flowbit
ET CURRENT_EVENTS DRIVEBY Incognito Payload Requested /getfile.php by Java Client
ET CURRENT_EVENTS Unknown Java Malicious Jar /eeltff.jar
ET CURRENT_EVENTS Unknown - Java Request .jar from dl.dropbox.com
ET CURRENT_EVENTS Request to malicious info.php drive-by landing
ET CURRENT_EVENTS Java Exploit Attempt Request for .id from octal host
ET CURRENT_EVENTS FoxxySoftware - Landing Page Received - applet and 0px
ET CURRENT_EVENTS Base64 - Java Exploit Requested - /1Digit
ET CURRENT_EVENTS Base64 - Landing Page Received - base64encode
ET CURRENT_EVENTS FoxxySoftware - Landing Page Received - foxxysoftware
ET CURRENT_EVENTS - Landing Page Requested - 15Alpha1Digit.php
ET CURRENT_EVENTS Unknown - Java Exploit Requested - 13-14Alpha.jar
ET CURRENT_EVENTS Runforestrun Malware Campaign Infected Website
ET CURRENT_EVENTS Googlebot UA POST to /uploadify.php
ET CURRENT_EVENTS Incognito - Malicious PDF Requested - /getfile.php
ET CURRENT_EVENTS g01pack exploit pack /mix/ Java exploit
ET CURRENT_EVENTS g01pack exploit pack /mix/ payload
ET CURRENT_EVENTS g01pack - 32Char.php by Java Client
ET CURRENT_EVENTS Unknown_s=1 - Payload Requested - 32AlphaNum?s=1 Java Request
ET CURRENT_EVENTS Incognito - Java Exploit Requested - /gotit.php by Java Client
ET CURRENT_EVENTS Incognito - Payload Request - /load.php by Java Client
ET CURRENT_EVENTS Incognito/RedKit Exploit Kit vulnerable Java payload request to /1digit.html
ET CURRENT_EVENTS Compromised WordPress Server pulling Malicious JS
ET CURRENT_EVENTS NuclearPack - Landing Page Received - applet archive=32CharHex
ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect
ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect
ET CURRENT_EVENTS RedKit PluginDetect Rename Saigon
ET CURRENT_EVENTS .HTM being served from WP 1-flash-gallery Upload DIR
ET CURRENT_EVENTS .PHP being served from WP 1-flash-gallery Upload DIR
ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect
ET CURRENT_EVENTS JS.Runfore Malware Campaign Request
ET CURRENT_EVENTS Fake-AV Conditional Redirect
ET CURRENT_EVENTS Malicious PHP 302 redirect response with avtor URI and cookie
ET CURRENT_EVENTS Yszz JS/Encryption
ET CURRENT_EVENTS Possible Unknown TDS /rem2.html
ET CURRENT_EVENTS Obfuscated Javascript redirecting to badness August 6 2012
ET CURRENT_EVENTS FoxxySoftware - Comments
ET CURRENT_EVENTS FoxxySoftware - Hit Counter Access
ET CURRENT_EVENTS Sutra TDS /simmetry
ET CURRENT_EVENTS DRIVEBY SPL - Java Exploit Requested - /spl_data/
ET CURRENT_EVENTS DRIVEBY SPL - Java Exploit Requested .jar Naming Pattern
ET CURRENT_EVENTS Unknown Exploit Kit seen with O1/O2.class /form
ET CURRENT_EVENTS Unknown Exploit Kit seen with O1/O2.class /search
ET CURRENT_EVENTS Malicious Redirect n.php h=*&s=*
ET CURRENT_EVENTS NeoSploit - Version Enumerated - null
ET CURRENT_EVENTS Likely TDS redirecting to exploit kit
ET CURRENT_EVENTS NeoSploit - Version Enumerated - Java
ET CURRENT_EVENTS Unknown Exploit Kit redirect
ET CURRENT_EVENTS Unknown Java Exploit Kit Payload Download Request - Sep 04 2012
ET CURRENT_EVENTS Sakura exploit kit exploit download request /view.php
ET CURRENT_EVENTS Probable Sakura exploit kit landing page with obfuscated URLs
ET CURRENT_EVENTS Unknown Java Exploit Kit with fast-flux like behavior static initial landing - Sep 05 2012
ET CURRENT_EVENTS Unknown Java Exploit Kit with fast-flux like behavior hostile java archive - Sep 05 2012
ET CURRENT_EVENTS Possible Remote PHP Code Execution
ET CURRENT_EVENTS DRIVEBY NeoSploit - Java Exploit Requested
ET CURRENT_EVENTS NeoSploit - Obfuscated Payload Requested
ET CURRENT_EVENTS NeoSploit - PDF Exploit Requested
ET CURRENT_EVENTS NeoSploit - Version Enumerated - Java
ET CURRENT_EVENTS NeoSploit - Version Enumerated - null
ET CURRENT_EVENTS DRIVEBY Generic - 8Char.JAR Naming Algorithm
ET CURRENT_EVENTS DoSWF Flash Encryption Banner
ET CURRENT_EVENTS Compromised Wordpress Install Serving Malicious JS
ET CURRENT_EVENTS HeapLib JS Library
ET CURRENT_EVENTS Access To mm-forms-community upload dir
ET CURRENT_EVENTS Access To mm-forms-community upload dir
ET CURRENT_EVENTS Sakura exploit kit exploit download request /sarah.php
ET CURRENT_EVENTS Sakura exploit kit exploit download request /nano.php
ET CURRENT_EVENTS Jembot PHP Webshell
ET CURRENT_EVENTS Phoenix Java Exploit Attempt Request for .class from octal host
ET CURRENT_EVENTS Unknown Java Exploit Kit 32-32 byte hex initial landing
ET CURRENT_EVENTS BegOpEK - TDS - icon.php
ET CURRENT_EVENTS BegOpEK - Landing Page
ET CURRENT_EVENTS Scalaxy Secondary Landing Page 10/11/12
ET CURRENT_EVENTS Scalaxy Java Exploit 10/11/12
ET CURRENT_EVENTS SofosFO Jar file 10/17/12
ET CURRENT_EVENTS g01pack Exploit Kit .homeip. Landing Page
ET CURRENT_EVENTS g01pack Exploit Kit .homelinux. Landing Page
ET CURRENT_EVENTS JavaScript Obfuscation JSXX Script
ET CURRENT_EVENTS Unknown Exploit Kit Landing Page
ET CURRENT_EVENTS Unknown Exploit Kit Landing Page
ET CURRENT_EVENTS DRIVEBY Generic Java Exploit Obfuscated With Allatori
ET CURRENT_EVENTS Imposter USPS Domain
ET CURRENT_EVENTS Metasploit CVE-2012-1723 Path
ET CURRENT_EVENTS Metasploit CVE-2012-1723 Attacker.class
ET CURRENT_EVENTS Sophos PDF Standard Encryption Key Length Buffer Overflow
ET CURRENT_EVENTS Sophos PDF Standard Encryption Key Length Buffer Overflow
ET CURRENT_EVENTS Self-Singed SSL Cert Used in Conjunction with Neosploit
ET CURRENT_EVENTS Probable Sakura Java applet with obfuscated URL Sep 21 2012
ET CURRENT_EVENTS Cool Exploit Kit Requesting Payload
ET CURRENT_EVENTS SofosFO Jar file 09 Nov 12
ET CURRENT_EVENTS KaiXin Exploit Kit Landing Page NOP String
ET CURRENT_EVENTS KaiXin Exploit Kit Landing Page parseInt Javascript Replace
ET CURRENT_EVENTS Java Exploit Campaign SetAttribute Java Applet
ET CURRENT_EVENTS CritXPack Landing Page
ET CURRENT_EVENTS CritXPack - No Java URI - Dot.class
ET CURRENT_EVENTS CirtXPack - No Java URI - /a.Test
ET CURRENT_EVENTS CoolEK - Landing Page - FlashExploit
ET CURRENT_EVENTS Possible TDS Exploit Kit /flow redirect at .ru domain
ET CURRENT_EVENTS Spam Campaign JPG CnC Link
ET CURRENT_EVENTS Possible Glazunov Java payload request /5-digit
ET CURRENT_EVENTS RedKit Exploit Kit Java Request to Recent jar
ET CURRENT_EVENTS RedKit Exploit Kit Java Request to Recent jar
ET CURRENT_EVENTS RedKit Exploit Kit Vulnerable Java Payload Request URI
ET CURRENT_EVENTS RedKit Exploit Kit vulnerable Java Payload Request to URI
ET CURRENT_EVENTS g01pack Exploit Kit .blogsite. Landing Page
ET CURRENT_EVENTS Nuclear Exploit Kit HTTP Off-port Landing Page Request
ET CURRENT_EVENTS Crimeboss - Java Exploit - Recent Jar
ET CURRENT_EVENTS CrimeBoss - Stats Access
ET CURRENT_EVENTS CrimeBoss - Stats Java On
ET CURRENT_EVENTS BegOp Exploit Kit Payload
ET CURRENT_EVENTS Propack Recent Jar
ET CURRENT_EVENTS Propack Payload Request
ET CURRENT_EVENTS PDF /FlateDecode and PDF version 1.1
ET CURRENT_EVENTS Serenity Exploit Kit Landing Page HTML Header
ET CURRENT_EVENTS CritXPack PDF Request
ET CURRENT_EVENTS Zuponcic EK Payload Request
ET CURRENT_EVENTS Zuponcic EK Java Exploit Jar
ET CURRENT_EVENTS Unknown EK Landing URL
ET CURRENT_EVENTS CritXPack - Landing Page
ET CURRENT_EVENTS Zuponcic Hostile Jar
ET CURRENT_EVENTS Zuponcic Hostile JavaScript
ET CURRENT_EVENTS PHISH Bank - York - Creds Phished
ET CURRENT_EVENTS CrimeBoss - Stats Load Fail
ET CURRENT_EVENTS RedKit - Potential Java Exploit Requested - 3 digit jar
ET CURRENT_EVENTS RedKit - Potential Payload Requested - /2Digit.html
ET CURRENT_EVENTS Robopak - Landing Page Received
ET CURRENT_EVENTS Fake Google Chrome Update/Install
ET CURRENT_EVENTS Possible Glazunov Java exploit request /9-10-/4-5-digit
ET CURRENT_EVENTS PDF /XFA and PDF-1.[0-4] Spec Violation
ET CURRENT_EVENTS Embedded Open Type Font file .eot seeing at Cool Exploit Kit
ET CURRENT_EVENTS MALVERTISING FlashPost - Redirection IFRAME
ET CURRENT_EVENTS MALVERTISING FlashPost - POST to *.stats
ET CURRENT_EVENTS CritXPack PDF Request
ET CURRENT_EVENTS Unknown_gmf EK - Payload Download Received
ET CURRENT_EVENTS Unknown_gmf EK - flsh.html
ET CURRENT_EVENTS Unknown_gmf EK - Server Response - Application Error
ET CURRENT_EVENTS SofosFO 20 Dec 12 - .jar file request
ET CURRENT_EVENTS SofosFO 20 Dec 12 - .pdf file request
ET CURRENT_EVENTS Hostile Gate landing seen with pamdql/Sweet Orange base64
ET CURRENT_EVENTS Drupal Mass Injection Campaign Inbound
ET CURRENT_EVENTS Drupal Mass Injection Campaign Outbound
ET CURRENT_EVENTS Unknown EK Landing Page
ET CURRENT_EVENTS RedKit - Landing Page
ET CURRENT_EVENTS Escaped Unicode Char in Location CVE-2012-4792 EIP
ET CURRENT_EVENTS Escaped Unicode Char in Location CVE-2012-4792 EIP % Hex Encode
ET CURRENT_EVENTS CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain
ET CURRENT_EVENTS Escaped Unicode Char in Window Location CVE-2012-4792 EIP
ET CURRENT_EVENTS CVE-2012-4792 EIP in URI
ET CURRENT_EVENTS Metasploit CVE-2012-4792 EIP in URI IE 8
ET CURRENT_EVENTS g01pack - Landing Page Received - applet and 32AlphaNum.jar
ET CURRENT_EVENTS Injected iframe leading to Redkit Jan 02 2013
ET CURRENT_EVENTS Possible TURKTRUST Spoofed Google Cert
ET CURRENT_EVENTS Possible CrimeBoss Generic URL Structure
ET CURRENT_EVENTS DRIVEBY RedKit - Landing Page
ET CURRENT_EVENTS Possible CVE-2013-0156 Ruby On Rails XML POST to Disallowed Type YAML
ET CURRENT_EVENTS Possible CVE-2013-0156 Ruby On Rails XML POST to Disallowed Type SYMBOL
ET CURRENT_EVENTS probable malicious Glazunov Javascript injection
ET CURRENT_EVENTS DRIVEBY SPL - Landing Page Received
ET CURRENT_EVENTS CoolEK - Landing Page Received
ET CURRENT_EVENTS DRIVEBY Unknown - Please wait...
ET CURRENT_EVENTS Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request
ET CURRENT_EVENTS Metasploit CVE-2013-0422 Landing Page
ET CURRENT_EVENTS Impact Exploit Kit Class Download
ET CURRENT_EVENTS StyX Landing Page
ET CURRENT_EVENTS StyX Landing Page
ET CURRENT_EVENTS Possible Red Dot Exploit Kit Single Character JAR Request
ET CURRENT_EVENTS Red Dot Exploit Kit Binary Payload Request
ET CURRENT_EVENTS Gondad Exploit Kit Post Exploitation Request
ET CURRENT_EVENTS TDS - in.php
ET CURRENT_EVENTS MetaSploit CVE-2012-1723 Class File
ET CURRENT_EVENTS MetaSploit CVE-2012-1723 Class File
ET CURRENT_EVENTS Malicious iframe
ET CURRENT_EVENTS Malicious iframe
ET CURRENT_EVENTS JDB Exploit Kit Landing URL structure
ET CURRENT_EVENTS JDB Exploit Kit Landing Page
ET CURRENT_EVENTS Non-Standard HTML page in Joomla /com_content/ dir
ET CURRENT_EVENTS Possible JDB Exploit Kit Class Request
ET CURRENT_EVENTS JDB Exploit Kit Fake Adobe Download
ET CURRENT_EVENTS Impact Exploit Kit Landing Page
ET CURRENT_EVENTS Sakura/RedKit obfuscated URL
ET CURRENT_EVENTS CritXPack Landing Pattern
ET CURRENT_EVENTS CritXPack Payload Request
ET CURRENT_EVENTS Styx Exploit Kit Jerk.cgi TDS
ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Getmyfile.exe Payload
ET CURRENT_EVENTS WSO WebShell Activity POST structure 2
ET CURRENT_EVENTS Styx Exploit Kit Secondary Landing
ET CURRENT_EVENTS CritXPack - Landing Page - Received
ET CURRENT_EVENTS CritXPack - URI - jpfoff.php
ET CURRENT_EVENTS Unknown_MM EK - Landing Page
ET CURRENT_EVENTS Unknown_MM - Payload Download
ET CURRENT_EVENTS Adobe Flash Zero Day LadyBoyle Infection Campaign
ET CURRENT_EVENTS Impact Exploit Kit Landing Page
ET CURRENT_EVENTS Exploit Specific Uncompressed Flash CVE-2013-0634
ET CURRENT_EVENTS Exploit Specific Uncompressed Flash Inside of OLE CVE-2013-0634
ET CURRENT_EVENTS Flash Action Script Invalid Regex CVE-2013-0634
ET CURRENT_EVENTS Flash Action Script Invalid Regex CVE-2013-0634
ET CURRENT_EVENTS CoolEK Payload - obfuscated binary base 0
ET CURRENT_EVENTS Cool Java Exploit Recent Jar
ET CURRENT_EVENTS TDS Vdele
ET CURRENT_EVENTS Adobe PDF Zero Day Trojan.666 Payload libarext32.dll Second Stage Download POST
ET CURRENT_EVENTS Adobe PDF Zero Day Trojan.666 Payload libarhlp32.dll Second Stage Download POST
ET CURRENT_EVENTS CoolEK landing applet plus class Feb 18 2013
ET CURRENT_EVENTS StyX Landing Page
ET CURRENT_EVENTS Possible Nicepack EK Landing
ET CURRENT_EVENTS Possible g01pack Landing Page
ET CURRENT_EVENTS Unknown Exploit Kit Exploit Request
ET CURRENT_EVENTS Possible Portal TDS Kit GET
ET CURRENT_EVENTS Possible Portal TDS Kit GET
ET CURRENT_EVENTS SUSPICIOUS JAR Download by Java UA with non JAR EXT matches various EKs
ET CURRENT_EVENTS Possible CrimeBoss Generic URL Structure
ET CURRENT_EVENTS Query to a *.opengw.net Open VPN Relay Domain
ET CURRENT_EVENTS Redkit Landing Page URL March 03 2013
ET CURRENT_EVENTS DNS Query Sykipot Domain peocity.com
ET CURRENT_EVENTS DNS Query Sykipot Domain rusview.net
ET CURRENT_EVENTS DNS Query Sykipot Domain skyruss.net
ET CURRENT_EVENTS DNS Query Sykipot Domain commanal.net
ET CURRENT_EVENTS DNS Query Sykipot Domain natareport.com
ET CURRENT_EVENTS DNS Query Sykipot Domain photogellrey.com
ET CURRENT_EVENTS DNS Query Sykipot Domain photogalaxyzone.com
ET CURRENT_EVENTS DNS Query Sykipot Domain insdet.com
ET CURRENT_EVENTS DNS Query Sykipot Domain creditrept.com
ET CURRENT_EVENTS DNS Query Sykipot Domain pollingvoter.org
ET CURRENT_EVENTS DNS Query Sykipot Domain dfasonline.com
ET CURRENT_EVENTS DNS Query Sykipot Domain hudsoninst.com
ET CURRENT_EVENTS DNS Query Sykipot Domain wsurveymaster.com
ET CURRENT_EVENTS DNS Query Sykipot Domain nhrasurvey.org
ET CURRENT_EVENTS DNS Query Sykipot Domain pdi2012.org
ET CURRENT_EVENTS DNS Query Sykipot Domain nceba.org
ET CURRENT_EVENTS DNS Query Sykipot Domain linkedin-blog.com
ET CURRENT_EVENTS DNS Query Sykipot Domain aafbonus.com
ET CURRENT_EVENTS DNS Query Sykipot Domain milstars.org
ET CURRENT_EVENTS DNS Query Sykipot Domain vatdex.com
ET CURRENT_EVENTS DNS Query Sykipot Domain insightpublicaffairs.org
ET CURRENT_EVENTS DNS Query Sykipot Domain applesea.net
ET CURRENT_EVENTS DNS Query Sykipot Domain appledmg.net
ET CURRENT_EVENTS DNS Query Sykipot Domain appleintouch.net
ET CURRENT_EVENTS DNS Query Sykipot Domain seyuieyahooapis.com
ET CURRENT_EVENTS DNS Query Sykipot Domain appledns.net
ET CURRENT_EVENTS DNS Query Sykipot Domain emailserverctr.com
ET CURRENT_EVENTS DNS Query Sykipot Domain dailynewsjustin.com
ET CURRENT_EVENTS DNS Query Sykipot Domain hi-tecsolutions.org
ET CURRENT_EVENTS DNS Query Sykipot Domain slashdoc.org
ET CURRENT_EVENTS DNS Query Sykipot Domain photosmagnum.com
ET CURRENT_EVENTS DNS Query Sykipot Domain resume4jobs.net
ET CURRENT_EVENTS DNS Query Sykipot Domain searching-job.net
ET CURRENT_EVENTS DNS Query Sykipot Domain servagency.com
ET CURRENT_EVENTS DNS Query Sykipot Domain gsasmartpay.org
ET CURRENT_EVENTS DNS Query Sykipot Domain tech-att.com
ET CURRENT_EVENTS Possible RedDotv2 applet with 32hex value Landing Page
ET CURRENT_EVENTS Postal Reciept EXE in Zip
ET CURRENT_EVENTS SofosFO - possible second stage landing page
ET CURRENT_EVENTS Karagany encrypted binary
ET CURRENT_EVENTS Probable Sakura exploit kit landing page obfuscated applet tag Mar 28 2013
ET CURRENT_EVENTS Likely EgyPack Exploit kit landing page
ET CURRENT_EVENTS DRIVEBY EgyPack Exploit Kit Cookie Present
ET CURRENT_EVENTS W32/BaneChant.APT Winword.pkg Redirect
ET CURRENT_EVENTS DNS Query Targeted Tibetan Android Malware C2 Domain
ET CURRENT_EVENTS NuclearPack - Landing Page Received - applet and 32HexChar.jar
ET CURRENT_EVENTS BHEK q.php iframe outbound
ET CURRENT_EVENTS BHEK q.php iframe inbound
ET CURRENT_EVENTS BHEK ff.php iframe inbound
ET CURRENT_EVENTS BHEK ff.php iframe outbound
ET CURRENT_EVENTS Potential Fiesta Flash Exploit
ET CURRENT_EVENTS RedDotv2 Jar March 18 2013
ET CURRENT_EVENTS RedKit applet + obfuscated URL Apr 7 2013
ET CURRENT_EVENTS GonDadEK Kit Jar
ET CURRENT_EVENTS W32/Citadel Infection or Config URL Request
ET CURRENT_EVENTS SUSPICIOUS winlogon.exe in URI
ET CURRENT_EVENTS SUSPICIOUS services.exe in URI
ET CURRENT_EVENTS SUSPICIOUS smss.exe in URI
ET CURRENT_EVENTS SUSPICIOUS csrss.exe in URI
ET CURRENT_EVENTS SUSPICIOUS rundll32.exe in URI
ET CURRENT_EVENTS SUSPICIOUS lsass.exe in URI
ET CURRENT_EVENTS SUSPICIOUS explorer.exe in URI
ET CURRENT_EVENTS Lizamoon Related Compromised site served to local client
ET CURRENT_EVENTS Unknown_gmf EK - pdfx.html
ET CURRENT_EVENTS SUSPICIOUS svchost.exe in URI Probable Process Dump/Trojan Download
ET CURRENT_EVENTS SofosFO obfuscator string 19 Dec 12 - possible landing
ET CURRENT_EVENTS Sakura obfuscated javascript Apr 21 2013
ET CURRENT_EVENTS Fake DHL Kuluoz.B URI
ET CURRENT_EVENTS Fiesta - Payload - flashplayer11
ET CURRENT_EVENTS Redkit encrypted binary
ET CURRENT_EVENTS Possible Wordpress Super Cache Plugin PHP Injection mfunc
ET CURRENT_EVENTS Possible Wordpress Super Cache Plugin PHP Injection mclude
ET CURRENT_EVENTS Possible Wordpress Super Cache Plugin PHP Injection dynamic-cached-content
ET CURRENT_EVENTS Possible Metasploit Java Exploit
ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated Click To Run Bypass
ET CURRENT_EVENTS Sweet Orange applet with obfuscated URL March 03 2013
ET CURRENT_EVENTS SofosFO/NeoSploit possible second stage landing page
ET CURRENT_EVENTS Sweet Orange Java payload request
ET CURRENT_EVENTS Sweet Orange Java obfuscated binary
ET CURRENT_EVENTS pamdql/Sweet Orange delivering exploit kit payload
ET CURRENT_EVENTS Possible Metasploit Java Payload
ET CURRENT_EVENTS NuclearPack Java exploit binary get request
ET CURRENT_EVENTS Unknown EK UAC Disable in Uncompressed JAR
ET CURRENT_EVENTS Sibhost Status Check
ET CURRENT_EVENTS Possible Exodus Intel IE HTML+TIME EIP Control Technique
ET CURRENT_EVENTS Injection - var j=0
ET CURRENT_EVENTS CVE-2013-2423 IVKM PoC Seen in Unknown EK
ET CURRENT_EVENTS IE HTML+TIME ANIMATECOLOR with eval as seen in unknown EK
ET CURRENT_EVENTS Sakura obfuscated javascript May 10 2013
ET CURRENT_EVENTS FlimKit Post Exploit Payload Download
ET CURRENT_EVENTS Unknown EK Requesting Payload
ET CURRENT_EVENTS Malicious Redirect URL
ET CURRENT_EVENTS KaiXin Exploit Kit Java Class
ET CURRENT_EVENTS KaiXin Exploit Kit Java Class 2 May 24 2013
ET CURRENT_EVENTS KaiXin Exploit Landing Page 1 May 24 2013
ET CURRENT_EVENTS HellSpawn EK Landing 1 May 24 2013
ET CURRENT_EVENTS HellSpawn EK Landing 2 May 24 2013
ET CURRENT_EVENTS Possible HellSpawn EK Fake Flash May 24 2013
ET CURRENT_EVENTS KaiXin Exploit Landing Page 2 May 24 2013
ET CURRENT_EVENTS Sakura - Landing Page - Received
ET CURRENT_EVENTS Sakura - Java Exploit Recievied
ET CURRENT_EVENTS Sakura - Payload Downloaded
ET CURRENT_EVENTS Sakura - Landing Page - Received May 29 2013
ET CURRENT_EVENTS Topic EK Requesting PDF
ET CURRENT_EVENTS Neosploit Exploit Pack Activity Observed
ET CURRENT_EVENTS Sakura Exploit Kit Version 1.1 Applet Value lxxt
ET CURRENT_EVENTS CritX/SafePack Reporting Plugin Detect Data June 03 2013
ET CURRENT_EVENTS CritXPack Jar Request
ET CURRENT_EVENTS Sakura obfuscated javascript Jun 1 2013
ET CURRENT_EVENTS CoolEK Payload Download
ET CURRENT_EVENTS pamdql Exploit Kit 09/25/12 Sending Jar
ET CURRENT_EVENTS pamdql obfuscated javascript --- padding
ET CURRENT_EVENTS Kuluoz.B Spam Campaign Shipment_Label.exe in Zip
ET CURRENT_EVENTS FlimKit Landing
ET CURRENT_EVENTS Possible 2012-1533 altjvm
ET CURRENT_EVENTS Possible 2012-1533 altjvm RCE via JNLP command injection
ET CURRENT_EVENTS Unknown EK Landing
ET CURRENT_EVENTS Kuluoz.B Shipping Label Spam Campaign
ET CURRENT_EVENTS Dotka Chef EK .cache request
ET CURRENT_EVENTS Karagany encrypted binary
ET CURRENT_EVENTS MALVERTISING Unknown_InIFRAME - RedTDS URI Structure
ET CURRENT_EVENTS Unknown_InIFRAME - URI Structure
ET CURRENT_EVENTS Unknown_InIFRAME - Redirect to /iniframe/ URI
ET CURRENT_EVENTS MALVERTISING Flash - URI - /loading?vkn=
ET CURRENT_EVENTS NailedPack EK Landing June 18 2013
ET CURRENT_EVENTS Javadoc API Redirect CVE-2013-1571
ET CURRENT_EVENTS Rawin Exploit Kit Landing URI Struct
ET CURRENT_EVENTS AryaN IRC bot Download and Execute Scheduled file command
ET CURRENT_EVENTS AryaN IRC bot CnC2
ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64
ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 2
ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 3
ET CURRENT_EVENTS Dotka Chef EK exploit/payload URI request
ET CURRENT_EVENTS CoolEK Payload Download
ET CURRENT_EVENTS AryaN IRC bot CnC1
ET CURRENT_EVENTS AryaN IRC bot Flood command
ET CURRENT_EVENTS AryaN IRC bot Botkill command
ET CURRENT_EVENTS Neutrino Exploit Kit Redirector To Landing Page
ET CURRENT_EVENTS Neutrino Exploit Kit Clicker.php TDS
ET CURRENT_EVENTS Applet tag in jjencode as
ET CURRENT_EVENTS Cool Exploit Kit iframe with obfuscated Java version check Jun 26 2013
ET CURRENT_EVENTS Redirect to DotkaChef EK Landing
ET CURRENT_EVENTS Sakura encrypted binary
ET CURRENT_EVENTS Sibhost Status Check GET Jul 01 2013
ET CURRENT_EVENTS CritX/SafePack/FlashPack Jar Download Jul 01 2013
ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17 2013 2
ET CURRENT_EVENTS CritX/SafePack/FlashPack EXE Download Jul 01 2013
ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar pipe.class
ET CURRENT_EVENTS Lucky7 EK Landing Encoded Plugin-Detect
ET CURRENT_EVENTS Lucky7 EK IE Exploit
ET CURRENT_EVENTS FlashPlayerSetup.x86.exe pull
ET CURRENT_EVENTS FlashPlayerSetup.x86.exe checkin UA
ET CURRENT_EVENTS FlashPlayerSetup.x86.exe checkin response 2
ET CURRENT_EVENTS Sweet Orange applet with obfuscated URL April 01 2013
ET CURRENT_EVENTS VBulletin Backdoor CMD inbound
ET CURRENT_EVENTS VBulletin Backdoor C2 URI Structure
ET CURRENT_EVENTS VBulletin Backdoor C2 Domain
ET CURRENT_EVENTS Cool Exploit Kit Plugin-Detect July 08 2013
ET CURRENT_EVENTS Sibhost Zip as Applet Archive July 08 2013
ET CURRENT_EVENTS Fake Adobe Flash Player update warning enticing clicks to malware payload
ET CURRENT_EVENTS Fake Adobe Flash Player malware binary requested
ET CURRENT_EVENTS DRIVEBY Redirection - Wordpress Injection
ET CURRENT_EVENTS - Possible Redkit 1-4 char JNLP request
ET CURRENT_EVENTS FlimKit Landing July 10 2013
ET CURRENT_EVENTS g01pack - Java JNLP Requested
ET CURRENT_EVENTS DotkaChef JJencode Script URI Struct
ET CURRENT_EVENTS DRIVEBY Redirection - phpBB Injection
ET CURRENT_EVENTS Successful Compromise svchost.jpg Beacon - Java Zeroday
ET CURRENT_EVENTS Malicious Redirect June 18 2013
ET CURRENT_EVENTS Styx PDF July 15 2013
ET CURRENT_EVENTS Cool PDF July 15 2013
ET CURRENT_EVENTS FlimKit Landing Applet Jul 05 2013
ET CURRENT_EVENTS FlimKit JNLP URI Struct
ET CURRENT_EVENTS Possible Sakura Jar Download
ET CURRENT_EVENTS Sakura encrypted binary
ET CURRENT_EVENTS JS Browser Based Ransomware
ET CURRENT_EVENTS CoolEK Possible Java Payload Download
ET CURRENT_EVENTS Unknown - Java Request - gt 60char hex-ascii
ET CURRENT_EVENTS CritXPack Jar Request
ET CURRENT_EVENTS Topic EK Requesting Jar
ET CURRENT_EVENTS Redkit Class Request
ET CURRENT_EVENTS Redkit Class Request
ET CURRENT_EVENTS JDB Exploit Kit JAR Download
ET CURRENT_EVENTS WhiteHole Exploit Kit Payload Download
ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class Request
ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class Request
ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class Request
ET CURRENT_EVENTS Unknown Exploit Kit Java Archive Request
ET CURRENT_EVENTS SUSPICIOUS Java Request to DynDNS Pro Dynamic DNS Domain
ET CURRENT_EVENTS SUSPICIOUS Java Request to DNSDynamic Dynamic DNS Domain
ET CURRENT_EVENTS SUSPICIOUS Java Request to DtDNS Dynamic DNS Domain
ET CURRENT_EVENTS RedDotv2 Java Check-in
ET CURRENT_EVENTS SUSPICIOUS Java Request to cd.am Dynamic DNS Domain
ET CURRENT_EVENTS Watering Hole applet name AppletHigh.jar
ET CURRENT_EVENTS Watering Hole applet name AppletLow.jar
ET CURRENT_EVENTS CrimeBoss Recent Jar
ET CURRENT_EVENTS CrimeBoss Recent Jar
ET CURRENT_EVENTS GonDadEK Java Exploit Requested
ET CURRENT_EVENTS GonDadEK Java Exploit Requested
ET CURRENT_EVENTS Sakura - Payload Requested
ET CURRENT_EVENTS Unknown_MM - Java Exploit - jreg.jar
ET CURRENT_EVENTS Unknown EK Requsting Payload
ET CURRENT_EVENTS HellSpawn EK Requesting Jar
ET CURRENT_EVENTS FlimKit hex.zip Java Downloading Jar
ET CURRENT_EVENTS Possible HellSpawn EK Java Artifact May 24 2013
ET CURRENT_EVENTS Sakura - Payload Requested
ET CURRENT_EVENTS Metasploit Based Unknown EK Jar Download June 03 2013
ET CURRENT_EVENTS Unknown EK Jar 1 June 12 2013
ET CURRENT_EVENTS Unknown EK Jar 2 June 12 2013
ET CURRENT_EVENTS Unknown EK Jar 3 June 12 2013
ET CURRENT_EVENTS RedKit Jar Download June 20 2013
ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.7.x
ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6
ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6
ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6
ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar app.jar
ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar cm2.jar
ET CURRENT_EVENTS CritX/SafePack Java Exploit Payload June 03 2013
ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class Request
ET CURRENT_EVENTS DRIVEBY Rawin - Java Exploit -dubspace.jar
ET CURRENT_EVENTS DRIVEBY Possible CritXPack - Landing Page - jnlp_embedded
ET CURRENT_EVENTS FlimKit Landing 07/22/13
ET CURRENT_EVENTS DRIVEBY Rawin - Landing Page Received
ET CURRENT_EVENTS c0896 Hacked Site Response
ET CURRENT_EVENTS c0896 Hacked Site Response
ET CURRENT_EVENTS c0896 Hacked Site Response
ET CURRENT_EVENTS c0896 Hacked Site Response
ET CURRENT_EVENTS c0896 Hacked Site Response
ET CURRENT_EVENTS c0896 Hacked Site Response
ET CURRENT_EVENTS CrimeBoss - Java Exploit - Recent Jar
ET CURRENT_EVENTS CrimeBoss - Java Exploit - Recent Jar
ET CURRENT_EVENTS Unknown_gmf EK - Payload Download Requested
ET CURRENT_EVENTS Pony Loader default URI struct
ET CURRENT_EVENTS Redkit Class Request
ET CURRENT_EVENTS Unknown_MM - Java Exploit - jaxws.jar
ET CURRENT_EVENTS Unknown_MM - Java Exploit - jre.jar
ET CURRENT_EVENTS Unknown_MM EK - Java Exploit - fbyte.jar
ET CURRENT_EVENTS CrimeBoss - Java Exploit - jhan.jar
ET CURRENT_EVENTS CrimeBoss - Java Exploit - jmx.jar
ET CURRENT_EVENTS Unknown_MM - Java Exploit - cee.jar
ET CURRENT_EVENTS Possible Sakura Jar Download
ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64
ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated Click To Run Bypass
ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 2
ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 3
ET CURRENT_EVENTS c0896 Hacked Site Response Hex
ET CURRENT_EVENTS c0896 Hacked Site Response Hex
ET CURRENT_EVENTS c0896 Hacked Site Response Octal
ET CURRENT_EVENTS c0896 Hacked Site Response Octal
ET CURRENT_EVENTS Java UA Requesting Numeric.ext From Base Dir
ET CURRENT_EVENTS Neutrino Exploit Kit XOR decodeURIComponent
ET CURRENT_EVENTS GonDadEK Plugin Detect March 11 2013
ET CURRENT_EVENTS c0896 Hacked Site Response
ET CURRENT_EVENTS c0896 Hacked Site Response
ET CURRENT_EVENTS PluginDetect plus Java version check
ET CURRENT_EVENTS %Hex Encoded Applet
ET CURRENT_EVENTS %Hex Encoded jnlp_embedded
ET CURRENT_EVENTS %Hex Encoded applet_ssv_validated
ET CURRENT_EVENTS %Hex Encoded/base64 1 applet_ssv_validated
ET CURRENT_EVENTS %Hex Encoded/base64 2 applet_ssv_validated
ET CURRENT_EVENTS %Hex Encoded/base64 3 applet_ssv_validated
ET CURRENT_EVENTS Fake FedEX/Pony spam campaign URI Struct 2
ET CURRENT_EVENTS FlimKit Jar URI Struct
ET CURRENT_EVENTS Unknown_gmf/Styx EK - fnts.html
ET CURRENT_EVENTS /Styx EK - /jlnp.html
ET CURRENT_EVENTS /Styx EK - /jovf.html
ET CURRENT_EVENTS /Styx EK - /jorg.html
ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Payload Aug 02 2013
ET CURRENT_EVENTS Plugin-Detect with global % replace on unescaped string
ET CURRENT_EVENTS Rawin EK Java
ET CURRENT_EVENTS Rawin EK Java 1.7 /caramel.jar
ET CURRENT_EVENTS Styx iframe with obfuscated Java version check Jul 04 2013
ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17 2013 1
ET CURRENT_EVENTS Possible CritX/SafePack/FlashPack Jar Download
ET CURRENT_EVENTS Rawin -TDS - POST w/Java Version
ET CURRENT_EVENTS Fake Trojan Dropper purporting to be missing application page landing
ET CURRENT_EVENTS Fake Trojan Dropper purporting to be missing application - findloader
ET CURRENT_EVENTS 0f2490 Hacked Site Response
ET CURRENT_EVENTS 0f2490 Hacked Site Response
ET CURRENT_EVENTS Possible FortDisco Wordpress Brute-force Site list download 10+ wp-login.php
ET CURRENT_EVENTS FlimKit obfuscated hex-encoded jnlp_embedded Aug 08 2013
ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and 3 Letter Country Code
ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and Win
ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and -PC
ET CURRENT_EVENTS Unknown EK setSecurityManager hex August 14 2013
ET CURRENT_EVENTS Sibhost Zip as Applet Archive July 08 2013
ET CURRENT_EVENTS Styx EK - /jvvn.html
ET CURRENT_EVENTS FlimKit/Other - Landing Page - 100HexChar value and applet
ET CURRENT_EVENTS X20 EK Payload Download
ET CURRENT_EVENTS AutoIT C&C Check-In 2013-08-23 URL
ET CURRENT_EVENTS Winwebsec/Zbot/Luder Checkin Response
ET CURRENT_EVENTS Sweet Orange Landing with Applet Aug 26 2013
ET CURRENT_EVENTS Possible CookieBomb Generic JavaScript Format
ET CURRENT_EVENTS CookieBomb Generic PHP Format
ET CURRENT_EVENTS CookieBomb Generic HTML Format
ET CURRENT_EVENTS Possible APT-12 Related C2
ET CURRENT_EVENTS Unknown EK Landing Aug 27 2013
ET CURRENT_EVENTS Possible Sweet Orange Payload Download Aug 28 2013
ET CURRENT_EVENTS Sweet Orange applet July 08 2013
ET CURRENT_EVENTS Rawin EK Java /victoria.jar
ET CURRENT_EVENTS Sakura Landing with Applet Aug 30 2013
ET CURRENT_EVENTS GondadEK Landing Sept 03 2013
ET CURRENT_EVENTS Possible MHTML CVE-2012-0158 Vulnerable CLSID+b64 Office Doc Magic 1
ET CURRENT_EVENTS Possible MHTML CVE-2012-0158 Vulnerable CLSID+b64 Office Doc Magic 2
ET CURRENT_EVENTS Possible MHTML CVE-2012-0158 Vulnerable CLSID+b64 Office Doc Magic 3
ET CURRENT_EVENTS Possible BHEK Landing URI Format
ET CURRENT_EVENTS Unknown Bleeding EK Variant Landing Sep 06 2013
ET CURRENT_EVENTS Sakura EK Landing Sep 06 2013
ET CURRENT_EVENTS Unknown Bleeding EK Variant Landing JAR Sep 06 2013
ET CURRENT_EVENTS FlimKit Landing Page
ET CURRENT_EVENTS X20 EK Landing July 22 2013
ET CURRENT_EVENTS Unknown EK Fake Microsoft Security Update Applet Sep 16 2013
ET CURRENT_EVENTS SNET EK Encoded VBS 1
ET CURRENT_EVENTS SNET EK Encoded VBS 2
ET CURRENT_EVENTS SNET EK Encoded VBS 3
ET CURRENT_EVENTS SNET EK Downloading Payload
ET CURRENT_EVENTS Possible SNET EK VBS Download
ET CURRENT_EVENTS Magnitude EK
ET CURRENT_EVENTS Magnitude EK
ET CURRENT_EVENTS Magnitude EK
ET CURRENT_EVENTS Magnitude EK
ET CURRENT_EVENTS DRIVEBY Styx - TDS - Redirect To Landing Page
ET CURRENT_EVENTS Magnitude EK
ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
ET CURRENT_EVENTS WhiteHole Exploit Kit Jar Request
ET CURRENT_EVENTS WhiteHole Exploit Landing Page
ET CURRENT_EVENTS Rawin EK - Java Exploit - bona.jar
ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
ET CURRENT_EVENTS Probably Evil Long Unicode string only string and unescape 1
ET CURRENT_EVENTS Probably Evil Long Unicode string only string and unescape 2
ET CURRENT_EVENTS Probably Evil Long Unicode string only string and unescape 3
ET CURRENT_EVENTS Probably Evil Long Unicode string only string and unescape 3
ET CURRENT_EVENTS Unknown EK Used in various watering hole attacks
ET CURRENT_EVENTS DRIVEBY Generic - *.com.exe HTTP Attachment
ET CURRENT_EVENTS Sakura - Java Exploit Recieved - Atomic
ET CURRENT_EVENTS Cushion Redirection
ET CURRENT_EVENTS Possible J7u21 click2play bypass
ET CURRENT_EVENTS Sakura Exploit Kit Encrypted Binary
ET CURRENT_EVENTS W32/Caphaw DriveBy Campaign Statistic.js
ET CURRENT_EVENTS W32/Caphaw DriveBy Campaign Ping.html
ET CURRENT_EVENTS Sakura Sep 10 2013
ET CURRENT_EVENTS LightsOut EK Payload Download
ET CURRENT_EVENTS Possible LightsOut EK info3i.html
ET CURRENT_EVENTS Possible LightsOut EK info3i.php
ET CURRENT_EVENTS Possible LightsOut EK inden2i.html
ET CURRENT_EVENTS Possible LightsOut EK leks.html
ET CURRENT_EVENTS Possible LightsOut EK negc.html
ET CURRENT_EVENTS Possible LightsOut EK negq.html
ET CURRENT_EVENTS Possible LightsOut EK leks.jar
ET CURRENT_EVENTS Possible LightsOut EK start.jar
ET CURRENT_EVENTS Possible LightsOut EK stoq.jar
ET CURRENT_EVENTS Possible LightsOut EK erno_rfq.html
ET CURRENT_EVENTS Possible LightsOut EK inden2i.php
ET CURRENT_EVENTS Possible LightsOut EK gami.html
ET CURRENT_EVENTS Possible LightsOut EK gami.jar
ET CURRENT_EVENTS LightsOut EK POST Compromise POST
ET CURRENT_EVENTS Sweet Orange Landing with Applet Sep 30 2013
ET CURRENT_EVENTS Possible FortDisco POP3 Site list download
ET CURRENT_EVENTS CoolEK Jar Download Sep 30 2013
ET CURRENT_EVENTS Fake MS Security Update
ET CURRENT_EVENTS HiMan EK Landing Oct 1 2013
ET CURRENT_EVENTS Obfuscated http 2 digit sep in applet
ET CURRENT_EVENTS Possible CritX/SafePack/FlashPack EXE Download
ET CURRENT_EVENTS HiMan EK Reporting Host/Exploit Info
ET CURRENT_EVENTS BHEK Payload Download
ET CURRENT_EVENTS DotkaChef EK initial landing from Oct 02 2013 mass-site compromise EK campaign
ET CURRENT_EVENTS Possible LightsOut EK sort.html
ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
ET CURRENT_EVENTS Possible Java CVE-2013-1488 java.sql.Drivers Service Object in JAR
ET CURRENT_EVENTS Sweet Orange Landing with Applet Oct 4 2013
ET CURRENT_EVENTS DRIVEBY Redirection - Forum Injection
ET CURRENT_EVENTS Possible Java CVE-2013-2465 Based on PoC
ET CURRENT_EVENTS Unknown EK Landing
ET CURRENT_EVENTS Possible Metasploit Java CVE-2013-2465 Class Name Sub Algo
ET CURRENT_EVENTS X20 EK Download Aug 07 2013
ET CURRENT_EVENTS FiestaEK js-redirect
ET CURRENT_EVENTS Styx EK jply.html
ET CURRENT_EVENTS Fake MS Security Update EK
ET CURRENT_EVENTS SUSPICIOUS Possible Secondary Indicator of Java Exploit
ET CURRENT_EVENTS DotkaChef Payload October 09
ET CURRENT_EVENTS Sweet Orange Landing with Applet Aug 30 2013
ET CURRENT_EVENTS Fiesta EK Landing Oct 09 2013
ET CURRENT_EVENTS Base64 http argument in applet
ET CURRENT_EVENTS D-LINK Router Backdoor via Specific UA
ET CURRENT_EVENTS Unknown EK Initial Payload Internet Connectivity Check
ET CURRENT_EVENTS Unknown Malvertising Related EK Landing Oct 14 2013
ET CURRENT_EVENTS Unknown Malvertising Related EK Redirect Oct 14 2013
ET CURRENT_EVENTS Possible Magnitude EK
ET CURRENT_EVENTS Possible Cutwail Redirect to Magnitude EK
ET CURRENT_EVENTS Tenda Router Backdoor 1
ET CURRENT_EVENTS Tenda Router Backdoor 2
ET CURRENT_EVENTS 81a338 Hacked Site Response
ET CURRENT_EVENTS 81a338 Hacked Site Response
ET CURRENT_EVENTS Possible Sakura Jar Download Oct 22 2013
ET CURRENT_EVENTS FlashPack Oct 23 2013
ET CURRENT_EVENTS Possible CoolEK Variant Payload Download Sep 16 2013
ET CURRENT_EVENTS Netgear WNDR4700 Auth Bypass
ET CURRENT_EVENTS Netgear WNDR3700 Auth Bypass
ET CURRENT_EVENTS Glazunov EK Downloading Jar
ET CURRENT_EVENTS Styx Landing Page Oct 25 2013
ET CURRENT_EVENTS Metasploit CVE-2013-0422 Jar
ET CURRENT_EVENTS SibHost Jar Request
ET CURRENT_EVENTS Possible SibHost PDF Request
ET CURRENT_EVENTS Alpha Networks ADSL2/2+ router remote administration password disclosure
ET CURRENT_EVENTS Host Domain .bit
ET CURRENT_EVENTS SofosFO/Grandsoft Plugin-Detect
ET CURRENT_EVENTS Malicious Cookie Set By Flash Malvertising
ET CURRENT_EVENTS Fredcot campaign php5-cgi initial exploit
ET CURRENT_EVENTS Fredcot campaign IRC CnC
ET CURRENT_EVENTS Fredcot campaign payload download
ET CURRENT_EVENTS Possible CVE-2013-3906 CnC Checkin
ET CURRENT_EVENTS SUSPICIOUS msctcd.exe in URI Probable Process Dump/Trojan Download
ET CURRENT_EVENTS SUSPICIOUS taskmgr.exe in URI Probable Process Dump/Trojan Download
ET CURRENT_EVENTS SUSPICIOUS wsqmocn.exe in URI Probable Process Dump/Trojan Download
ET CURRENT_EVENTS SUSPICIOUS connhost.exe in URI Probable Process Dump/Trojan Download
ET CURRENT_EVENTS SUSPICIOUS lgfxsrvc.exe in URI Probable Process Dump/Trojan Download
ET CURRENT_EVENTS SUSPICIOUS wimhost.exe in URI Probable Process Dump/Trojan Download
ET CURRENT_EVENTS SUSPICIOUS winlog.exe in URI Probable Process Dump/Trojan Download
ET CURRENT_EVENTS SUSPICIOUS waulct.exe in URI Probable Process Dump/Trojan Download
ET CURRENT_EVENTS SUSPICIOUS alg.exe in URI Probable Process Dump/Trojan Download
ET CURRENT_EVENTS SUSPICIOUS mssrs.exe in URI Probable Process Dump/Trojan Download
ET CURRENT_EVENTS SUSPICIOUS winhosts.exe in URI Probable Process Dump/Trojan Download
ET CURRENT_EVENTS SUSPICIOUS Word DOCX with Many ActiveX Objects and Media
ET CURRENT_EVENTS Styx iframe with obfuscated Java version check Jul 04 2013
ET CURRENT_EVENTS Styx iframe with obfuscated CVE-2013-2551
ET CURRENT_EVENTS Possible Magnitude IE EK Payload Nov 8 2013
ET CURRENT_EVENTS FaceBook IM & Web Driven Facebook Trojan Download
ET CURRENT_EVENTS Magnitude Landing Nov 11 2013
ET CURRENT_EVENTS Possible Fake Codec Download
ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 IE Exploit URI Struct
ET CURRENT_EVENTS Sweet Orange Java payload request
ET CURRENT_EVENTS Possible Styx EK SilverLight Payload
ET CURRENT_EVENTS Sweet Orange Landing Page May 16 2013
ET CURRENT_EVENTS Sweet Orange applet structure June 27 2013
ET CURRENT_EVENTS Sweet Orange applet structure Jul 05 2013
ET CURRENT_EVENTS Sweet Orange Landing with Applet July 08 2013
ET CURRENT_EVENTS WhiteLotus EK PluginDetect Nov 20 2013
ET CURRENT_EVENTS Possible WhiteLotus EK 2013-2551 Exploit 1
ET CURRENT_EVENTS Possible WhiteLotus EK 2013-2551 Exploit 2
ET CURRENT_EVENTS Possible WhiteLotus EK 2013-2551 Exploit 3
ET CURRENT_EVENTS Possible WhiteLotus Java Payload
ET CURRENT_EVENTS Magnitude EK
ET CURRENT_EVENTS StyX EK Payload Cookie
ET CURRENT_EVENTS Fake Media Player malware binary requested
ET CURRENT_EVENTS Possible Goon EK Jar Download
ET CURRENT_EVENTS Possible Java Lang Runtime in B64 Observed in Goon EK 1
ET CURRENT_EVENTS Possible Java Lang Runtime in B64 Observed in Goon EK 2
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class file Accessing Security Manager
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class file Importing Protection Domain
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Accessing Importing glassfish
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class B64 encoded class
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing jmx mbeanserver
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing mbeanserver Introspector
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing glassfish external statistics impl
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing management MBeanServer
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Mozilla JS Class Creation
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Hex Encoded Class file
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing tracing Provider Factory
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing Classes used in awt exploits
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing Classe used in CVE-2013-2471/2472/2473
ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing Classe used in CVE-2013-2465/2463
ET CURRENT_EVENTS Nuclear/Safe/CritX/FlashPack - Java Request - 32char hex-ascii
ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access takeCameraPicture
ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access getGalleryImage
ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access makeCall
ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access postToSocial
ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access sendMail
ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access sendSMS
ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access registerMicListener
ET CURRENT_EVENTS Nuclear EK IE Exploit CVE-2013-2551
ET CURRENT_EVENTS SNET EK Activity Nov 27 2013
ET CURRENT_EVENTS JJEncode Encoded Script Inside of PDF Likely Evil
ET CURRENT_EVENTS Polling/Check-in/Compromise from fake DHL mailing campaign
ET CURRENT_EVENTS Hostile fake DHL mailing campaign
ET CURRENT_EVENTS HiMan EK - Flash Exploit
ET CURRENT_EVENTS HiMan EK - TDS - POST hyt=
ET CURRENT_EVENTS Magnitude EK
ET CURRENT_EVENTS Magnitude EK - Landing Page - Java ClassID and 32/32 archive Oct 16 2013
ET CURRENT_EVENTS Magnitude EK
ET CURRENT_EVENTS Possible Safe/CritX/FlashPack Edwards Packed PluginDetect
ET CURRENT_EVENTS Possible Java Lang Runtime in B64 Observed in Goon EK 3
ET CURRENT_EVENTS Safe/CritX/FlashPack URI Struct .php?id=Hex
ET CURRENT_EVENTS Probable Sakura exploit kit landing page obfuscated applet tag Mar 1 2013
ET CURRENT_EVENTS Sweet Orange Landing Page Nov 21 2013
ET CURRENT_EVENTS Styx EK iexp.html
ET CURRENT_EVENTS heapSpray in jjencode
ET CURRENT_EVENTS Hostile Gate landing seen with pamdql/Sweet Orange /in.php?q=
ET CURRENT_EVENTS Styx Exploit Kit - JAR Exploit
ET CURRENT_EVENTS SUSPICIOUS winhost
ET CURRENT_EVENTS SUSPICIOUS pony.exe in URI
ET CURRENT_EVENTS Styx Exploit Kit - EOT Exploit
ET CURRENT_EVENTS HiMan EK - Landing Page
ET CURRENT_EVENTS DRIVEBY FakeUpdate - URI - /styles/javaupdate.css
ET CURRENT_EVENTS DRIVEBY FakeUpdate - URI - Payload Requested
ET CURRENT_EVENTS Browlock Landing Page URI Struct
ET CURRENT_EVENTS SPL2 EK SilverLight
ET CURRENT_EVENTS Possible CVE-2013-2551 As seen in SPL2 EK
ET CURRENT_EVENTS HiMan EK Exploit URI Struct
ET CURRENT_EVENTS HiMan EK Secondary Landing
ET CURRENT_EVENTS Sweet Orange Landing Page Oct 25 2013
ET CURRENT_EVENTS SPL2 EK Landing Dec 09 2013
ET CURRENT_EVENTS SPL2 EK Dec 09 2013 Java Request
ET CURRENT_EVENTS Grandsoft/SofosFO EK PDF URI Struct
ET CURRENT_EVENTS Grandsoft/SofosFO EK Java Payload URI Struct
ET CURRENT_EVENTS CrimePack Java Exploit
ET CURRENT_EVENTS CrimePack PDF Exploit
ET CURRENT_EVENTS CrimePack HCP Exploit
ET CURRENT_EVENTS CrimePack Jar 1 Dec 16 2013
ET CURRENT_EVENTS CrimePack Jar 2 Dec 16 2013
ET CURRENT_EVENTS W32/BitCoinMiner Fake Flash Player Distribution Campaign - December 2013
ET CURRENT_EVENTS CritXPack Jar Request
ET CURRENT_EVENTS DotkaChef Landing URI Struct
ET CURRENT_EVENTS DotkaChef Payload Dec 20 2013
ET CURRENT_EVENTS Metasploit 2013-3346
ET CURRENT_EVENTS SofosFO/GrandSoft PDF
ET CURRENT_EVENTS TDS Unknown_.aso - URI - IP.aso
ET CURRENT_EVENTS Possible PDF Dictionary Entry with Hex/Ascii replacement
ET CURRENT_EVENTS GoonEK encrypted binary
ET CURRENT_EVENTS GoonEK Landing with CVE-2013-2551 Dec 29 2013
ET CURRENT_EVENTS DRIVEBY Redirection - Injection - Modified Edwards Packer Script
ET CURRENT_EVENTS GoonEK Landing Jan 10 2014
ET CURRENT_EVENTS Nuclear EK CVE-2013-3918
ET CURRENT_EVENTS Possible Updatre SSL Certificate cardiffpower
ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate marchsf
ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate california89
ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate thebostonshaker
ET CURRENT_EVENTS Upatre SSL Compromised site appsredeeem
ET CURRENT_EVENTS Possible AnglerEK Landing URI Struct
ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 1
ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 2
ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 3
ET CURRENT_EVENTS Fiesta EK Landing Jan 24 2013
ET CURRENT_EVENTS ehow/livestrong Malicious Flash 10/11
ET CURRENT_EVENTS Hostile _dsgweed.class JAR exploit
ET CURRENT_EVENTS StyX Landing Jan 29 2014
ET CURRENT_EVENTS CookieBomb 2.0 In Server Response Jan 29 2014
ET CURRENT_EVENTS PHISH Visa - Landing Page
ET CURRENT_EVENTS Possible Flash Exploit CVE-2014-0497
ET CURRENT_EVENTS TecSystems
ET CURRENT_EVENTS Suspicious Jar name JavaUpdate.jar
ET CURRENT_EVENTS SUSPICIOUS .CPL File Inside of Zip
ET CURRENT_EVENTS Goon EK Java JNLP URI Struct Feb 12 2014
ET CURRENT_EVENTS Current Asprox Spam Campaign
ET CURRENT_EVENTS Wordpress timthumb look-alike domain list RFI
ET CURRENT_EVENTS Current Asprox Spam Campaign 2
ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - photobucket.com.*
ET CURRENT_EVENTS EXE Accessing Kaspersky System Driver
ET CURRENT_EVENTS Possible GoonEK Landing Feb 19 2014 1
ET CURRENT_EVENTS GoonEK Landing Feb 19 2014 2
ET CURRENT_EVENTS SUSPICIOUS Java Lang Runtime in Response
ET CURRENT_EVENTS SUSPICIOUS XXTEA UTF-16 Encoded HTTP Response
ET CURRENT_EVENTS OnClick Anti-BOT TDS POST Feb 25 2014
ET CURRENT_EVENTS OnClick Anti-BOT TDS Hidden Form Feb 25 2014
ET CURRENT_EVENTS Obfuscation Technique Used in CVE-2014-0322 Attacks
ET CURRENT_EVENTS SUSPICIOUS .PIF File Inside of Zip
ET CURRENT_EVENTS SUSPICIOUS .exe Downloaded from SVN/HTTP on GoogleCode
ET CURRENT_EVENTS Possible FakeAV .exe.vbe HTTP Content-Disposition
ET CURRENT_EVENTS Blatantly Evil JS Function
ET CURRENT_EVENTS Malicious Spam Redirection Feb 28 2014
ET CURRENT_EVENTS Hello/LightsOut EK Secondary Landing
ET CURRENT_EVENTS LightsOut EK Exploit/Payload Request
ET CURRENT_EVENTS Rawin EK Java fakav.jar
ET CURRENT_EVENTS SWF filename used in IE 2014-0322 Watering Hole Attacks
ET CURRENT_EVENTS Possible Fiesta Jar with four-letter class names
ET CURRENT_EVENTS Rawin Flash Landing URI Struct March 05 2014
ET CURRENT_EVENTS RedKit/Sakura/CritX/SafePack/FlashPack applet + obfuscated URL Apr 10 2013
ET CURRENT_EVENTS CritX/SafePack/FlashPack CVE-2013-2551
ET CURRENT_EVENTS CritX/SafePack/FlashPack SilverLight Secondary Landing
ET CURRENT_EVENTS CritX/SafePack/FlashPack SilverLight file as eot
ET CURRENT_EVENTS Possible Safe/CritX/FlashPack Common Filename javadb.php
ET CURRENT_EVENTS Possible Safe/CritX/FlashPack Common Filename javaim.php
ET CURRENT_EVENTS Possible Safe/CritX/FlashPack Common Filename javarh.php
ET CURRENT_EVENTS Styx Exploit Kit Payload Download
ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 URI Struct Nov 26 2013
ET CURRENT_EVENTS Gamut Spambot Checkin
ET CURRENT_EVENTS Gamut Spambot Checkin Response
ET CURRENT_EVENTS Gamut Spambot Checkin 2
ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF URI Struct March 12 2014
ET CURRENT_EVENTS DRIVEBY Nuclear EK CVE-2013-2551 URI Struct Nov 26 2013
ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Page Mar 12 2014
ET CURRENT_EVENTS DRIVEBY Nuclear EK IE Exploit CVE-2013-2551 March 12 2014
ET CURRENT_EVENTS Dell Kace backdoor
ET CURRENT_EVENTS Possible Goon EK Java Payload
ET CURRENT_EVENTS Cool/BHEK/Goon Applet with Alpha-Numeric Encoded HTML entity
ET CURRENT_EVENTS DRIVEBY Styx Landing Page Mar 08 2014
ET CURRENT_EVENTS EMET.DLL in jjencode
ET CURRENT_EVENTS Joomla 3.2.1 SQL injection attempt
ET CURRENT_EVENTS Joomla 3.2.1 SQL injection attempt 2
ET CURRENT_EVENTS Possible Linux/Cdorked.A Incoming Command
ET CURRENT_EVENTS GoonEK encrypted binary
ET CURRENT_EVENTS GoonEK Landing Mar 20 2014
ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 5
ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 6
ET CURRENT_EVENTS Upatre SSL Compromised site trudeausociety
ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 2
ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 3
ET CURRENT_EVENTS Captcha Malware C2 SSL Certificate
ET CURRENT_EVENTS Payload Filename Used in Various 2014-0322 Attacks
ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 1
ET CURRENT_EVENTS DRIVEBY Goon/Infinity EK Landing Mar 31 2014
ET CURRENT_EVENTS DRIVEBY Goon/Infinity EK Landing Mar 31 2014
ET CURRENT_EVENTS Hikvision DVR attempted Synology Recon Scan
ET CURRENT_EVENTS Hikvision DVR Synology Recon Scan Checkin
ET CURRENT_EVENTS Possible Deep Panda WateringHole Related URI Struct
ET CURRENT_EVENTS SofosFO/GrandSoft landing applet plus class Mar 03 2013
ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 4
ET CURRENT_EVENTS Upatre SSL Compromised site potpourriflowers
ET CURRENT_EVENTS Upatre SSL Compromised site kionic
ET CURRENT_EVENTS Possible FakeAV binary download
ET CURRENT_EVENTS Win32.RBrute Scan
ET CURRENT_EVENTS Win32.RBrute Scan
ET CURRENT_EVENTS Win32.RBrute http server request
ET CURRENT_EVENTS Win32.RBrute http response
ET CURRENT_EVENTS EvilTDS Redirection
ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF Struct
ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF
ET CURRENT_EVENTS Nuclear EK PDF URI Struct
ET CURRENT_EVENTS SUSPICIOUS OVH Shared Host SSL Certificate
ET CURRENT_EVENTS Possible OpenSSL HeartBleed Large HeartBeat Response
ET CURRENT_EVENTS Possible OpenSSL HeartBleed Large HeartBeat Response
ET CURRENT_EVENTS TLS HeartBeat Request
ET CURRENT_EVENTS TLS HeartBeat Request
ET CURRENT_EVENTS Unknown_InIFRAME - In Referer
ET CURRENT_EVENTS Malicious Redirect Evernote Spam Campaign Feb 19 2014
ET CURRENT_EVENTS Possible TLS HeartBleed Unencrypted Request Method 4
ET CURRENT_EVENTS Malformed HeartBeat Response
ET CURRENT_EVENTS Malformed HeartBeat Request
ET CURRENT_EVENTS Malformed HeartBeat Request method 2
ET CURRENT_EVENTS BrowseTor .onion Proxy Service SSL Cert
ET CURRENT_EVENTS Tor2Web .onion Proxy Service SSL Cert
ET CURRENT_EVENTS Lucky7 Java Exploit URI Struct June 28 2013
ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Payload
ET CURRENT_EVENTS DRIVEBY EL8 EK Landing
ET CURRENT_EVENTS Fiesta PDF Exploit Download
ET CURRENT_EVENTS Fiesta SilverLight Exploit Download
ET CURRENT_EVENTS Fiesta Flash Exploit Download
ET CURRENT_EVENTS Fiesta Flash Exploit Download
ET CURRENT_EVENTS Phoenix/Fiesta URI Requested Contains /? and hex
ET CURRENT_EVENTS Possible OpenSSL HeartBleed Large HeartBeat Response from Common SSL Port
ET CURRENT_EVENTS Possible OpenSSL HeartBleed Large HeartBeat Response from Common SSL Port
ET CURRENT_EVENTS SUSPICIOUS Crystalize Filter in Uncompressed Flash
ET CURRENT_EVENTS Possible W32/Zbot.InfoStealer SSL Cert Parallels.com
ET CURRENT_EVENTS Common Bad Actor Indicators Used in Various Targeted 0-day Attacks
ET CURRENT_EVENTS 32-byte by 32-byte PHP EK Gate with HTTP POST
ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing May 05 2014
ET CURRENT_EVENTS Goon/Infinity URI Struct EK Landing May 05 2014
ET CURRENT_EVENTS NeoSploit Jar with three-letter class names
ET CURRENT_EVENTS Possible Upatre SSL Compromised site iclasshd.net
ET CURRENT_EVENTS Possible Upatre SSL Compromised site sabzevarsez.com
ET CURRENT_EVENTS DRIVEBY FlashPack 2013-2551 May 13 2014
ET CURRENT_EVENTS DRIVEBY FlashPack Flash Exploit flash2013.php
ET CURRENT_EVENTS DRIVEBY FlashPack Flash Exploit flash2014.php
ET CURRENT_EVENTS DRIVEBY FlashPack Plugin-Detect May 13 2014
ET CURRENT_EVENTS DRIVEBY Goon/Infinity EK Landing May 05 2014
ET CURRENT_EVENTS Possible Upatre SSL Compromised site dfsdirect.ca
ET CURRENT_EVENTS .gadget Email Attachment - Possible Upatre
ET CURRENT_EVENTS Metasploit Various Java Exploit Common Class name
ET CURRENT_EVENTS Gongda EK Secondary Landing
ET CURRENT_EVENTS Gongda EK Landing 1
ET CURRENT_EVENTS Gongda EK Landing 2
ET CURRENT_EVENTS Possible Malicious Injected Redirect June 02 2014
ET CURRENT_EVENTS DRIVEBY Possible CritX/SafePack/FlashPack IE Exploit
ET CURRENT_EVENTS CottonCastle EK URI Struct
ET CURRENT_EVENTS CottonCastle EK Landing June 05 2014
ET CURRENT_EVENTS CottonCastle EK Landing EK Struct
ET CURRENT_EVENTS CottonCastle EK Java Jar
ET CURRENT_EVENTS tor2www .onion Proxy SSL cert
ET CURRENT_EVENTS TorExplorer Certificate - Potentially Linked To W32/Cryptowall.Ransomware
ET CURRENT_EVENTS DRIVEBY FlashPack Flash Exploit flash0515.php
ET CURRENT_EVENTS Possible Upatre SSL Cert
ET CURRENT_EVENTS CottonCastle EK Landing June 05 2014 2
ET CURRENT_EVENTS SUSPICIOUS EXE Download from Google Common Data Storage with no Referer
ET CURRENT_EVENTS BleedingLife Exploit Kit Landing Page Requested
ET CURRENT_EVENTS BleedingLife Exploit Kit SWF Exploit Request
ET CURRENT_EVENTS BleedingLife Exploit Kit JAR Exploit Request
ET CURRENT_EVENTS Possible Inbound SNMP Router DoS
ET CURRENT_EVENTS Possible Inbound SNMP Router DoS
ET CURRENT_EVENTS Safe/CritX/FlashPack EK Secondary Landing
ET CURRENT_EVENTS Safe/CritX/FlashPack EK Secondary Landing 2
ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack exploit request
ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack payload request
ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack payload download
ET CURRENT_EVENTS Sweet Orange EK Common Java Exploit
ET CURRENT_EVENTS Malicious Redirect 8x8 script tag
ET CURRENT_EVENTS Multiple EKs CVE-2013-3918
ET CURRENT_EVENTS Safe/CritX/FlashPack EK CVE-2013-3918
ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing May 23 2014
ET CURRENT_EVENTS Trojan-Banker.JS.Banker fraudulent redirect boleto payment code
ET CURRENT_EVENTS Possible Malvertising Redirect URI Struct
ET CURRENT_EVENTS Evil EK Redirector Cookie June 27 2014
ET CURRENT_EVENTS Safe/CritX/FlashPack EK Secondary Landing June 25 2014
ET CURRENT_EVENTS Sweet Orange WxH redirection
ET CURRENT_EVENTS Possible Upatre SSL Cert 999servers.com
ET CURRENT_EVENTS CottonCastle EK Jar Download Method 2
ET CURRENT_EVENTS Safe/CritX/FlashPack EK Secondary Landing Jul 11 2014
ET CURRENT_EVENTS Probable FlimKit Redirect July 10 2013
ET CURRENT_EVENTS Possible Upatre SSL Cert acesecureshop.com
ET CURRENT_EVENTS Possible Upatre SSL Cert new-install.privatedns.com
ET CURRENT_EVENTS Possible Upatre SSL Cert July 14 2014
ET CURRENT_EVENTS Possible Upatre SSL Cert faithmentoringandmore.com
ET CURRENT_EVENTS Possible Malvertising Redirect URI Struct Jul 16 2014
ET CURRENT_EVENTS Possible Upatre SSL Cert karinejoncas.com
ET CURRENT_EVENTS Possible Upatre SSL Cert deslematin.ca
ET CURRENT_EVENTS Fake CDN Sweet Orange Gate July 17 2014
ET CURRENT_EVENTS Fiesta EK randomized javascript Gate Jul 18 2014
ET CURRENT_EVENTS Possible Sweet Orange redirection 21 July 2014
ET CURRENT_EVENTS SUSPICIOUS Java Request to NOIP Dynamic DNS Domain
ET CURRENT_EVENTS SUSPICIOUS Java Request to ChangeIP Dynamic DNS Domain
ET CURRENT_EVENTS SUSPICIOUS Java Request to Afraid.org Top 100 Dynamic DNS Domain May 28 2013
ET CURRENT_EVENTS XMLDOM Check for Presence Kaspersky AV Observed in RIG EK
ET CURRENT_EVENTS XMLDOM Check for Presence TrendMicro AV Observed in RIG EK
ET CURRENT_EVENTS Possible Upatre SSL Cert twitterbacklinks.com
ET CURRENT_EVENTS Possible Upatre SSL Cert thelabelnashville.com
ET CURRENT_EVENTS Possible Upatre SSL Cert cactussports.com
ET CURRENT_EVENTS Possible Upatre SSL Cert yellowdevilgear.com
ET CURRENT_EVENTS Possible Upatre SSL Cert michaelswinecellar.com
ET CURRENT_EVENTS Possible Upatre SSL Cert migsparkle.com
ET CURRENT_EVENTS Likely Evil XMLDOM Detection of Local File
ET CURRENT_EVENTS Possible Upatre SSL Cert server.abaphome.net
ET CURRENT_EVENTS Possible Upatre SSL Cert 1stopmall.us
ET CURRENT_EVENTS Safe/CritX/FlashPack EK Secondary Landing June 28 2014
ET CURRENT_EVENTS Safe/CritX/FlashPack EK Plugin Detect IE Exploit
ET CURRENT_EVENTS Safe/CritX/FlashPack EK Plugin Detect Java Exploit
ET CURRENT_EVENTS Safe/CritX/FlashPack EK Plugin Detect Flash Exploit
ET CURRENT_EVENTS Possible ShellCode Passed as Argument to FlashVars
ET CURRENT_EVENTS Possible Upatre SSL Cert disenart.info
ET CURRENT_EVENTS Possible Upatre SSL Cert host-galaxy.com
ET CURRENT_EVENTS Possible Upatre SSL Cert fxbingpanel.fareexchange.co.uk
ET CURRENT_EVENTS Possible Upatre SSL Cert 66h.66hosting.net
ET CURRENT_EVENTS Possible Upatre SSL Cert businesswebstudios.com
ET CURRENT_EVENTS Possible Upatre SSL Cert udderperfection.com
ET CURRENT_EVENTS Sweet Orange EK CDN Landing Page
ET CURRENT_EVENTS Possible Upatre SSL Cert www.senorwooly.com
ET CURRENT_EVENTS Possible Upatre SSL Cert ns2.sicher.in
ET CURRENT_EVENTS Possible Phishing E-ZPass Email Toll Notification July 30 2014
ET CURRENT_EVENTS Possible Upatre SSL Cert chinasemservice.com
ET CURRENT_EVENTS Possible Upatre SSL Cert ns7-777.777servers.com
ET CURRENT_EVENTS Possible Upatre SSL Cert adodis.com
ET CURRENT_EVENTS Possible Upatre SSL Cert power2.mschosting.com
ET CURRENT_EVENTS Possible Upatre SSL Cert tradeledstore.co.uk
ET CURRENT_EVENTS CoolEK Variant Landing Page - Applet Sep 16 2013
ET CURRENT_EVENTS FlimKit Landing 07/22/13 2
ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
ET CURRENT_EVENTS FlimKit Landing 07/22/13 3
ET CURRENT_EVENTS FlimKit Landing 07/22/13 4
ET CURRENT_EVENTS Nuclear Exploit Kit exe.exe Payload
ET CURRENT_EVENTS DRIVEBY Malicious Plugin Detect URI struct
ET CURRENT_EVENTS Turla/SPL EK Java Applet
ET CURRENT_EVENTS Turla/SPL EK Java Exploit
ET CURRENT_EVENTS Turla/SPL EK Java Exploit
ET CURRENT_EVENTS DRIVEBY Archie.EK PluginDetect URI Struct
ET CURRENT_EVENTS DRIVEBY Archie.EK CVE-2013-2551 URI Struct
ET CURRENT_EVENTS ZeroLocker EXE Download
ET CURRENT_EVENTS Malvertising Leading to EK Aug 19 2014 M3
ET CURRENT_EVENTS Malvertising Leading to EK Aug 19 2014 M1
ET CURRENT_EVENTS Malvertising Leading to EK Aug 19 2014 M2
ET CURRENT_EVENTS Possible Dyre SSL Cert Aug 20 2014 D1
ET CURRENT_EVENTS Possible Dyre SSL Cert Aug 20 2014 D2
ET CURRENT_EVENTS Sweet Orange EK Thread Specific Java Exploit
ET CURRENT_EVENTS Unknown Malvertising EK Landing Aug 22 2014
ET CURRENT_EVENTS Unknown Malvertising EK Landing URI Sruct Aug 22 2014
ET CURRENT_EVENTS Unknown Malvertising EK Payload URI Sruct Aug 22 2014
ET CURRENT_EVENTS Unknown Malvertising EK Silverlight URI Sruct Aug 22 2014
ET CURRENT_EVENTS Unknown Malvertising EK Flash URI Sruct Aug 22 2014
ET CURRENT_EVENTS Unknown Malvertising EK Payload URI Sruct Aug 22 2014
ET CURRENT_EVENTS Archie EK Secondary Landing Aug 24 2014
ET CURRENT_EVENTS FlashPack EK Exploit Flash Post Aug 25 2014
ET CURRENT_EVENTS FlashPack EK Exploit Landing Aug 25 2014
ET CURRENT_EVENTS FlashPack EK JS Include Aug 25 2014
ET CURRENT_EVENTS Safe/CritX/FlashPack Java Payload
ET CURRENT_EVENTS Safe/CritX/FlashPack Payload
ET CURRENT_EVENTS BleedingLife EK Variant Aug 26 2014
ET CURRENT_EVENTS Offensive Security EMET Bypass Observed in BleedingLife Variant Aug 26 2014
ET CURRENT_EVENTS Possible Upatre SSL Cert freeb4u.com
ET CURRENT_EVENTS Possible Upatre SSL Cert developmentinn.com
ET CURRENT_EVENTS Possible Upatre SSL Cert directory92.com
ET CURRENT_EVENTS Possible Upatre SSL Cert epr-co.ch
ET CURRENT_EVENTS Possible Upatre SSL Cert pouyasazan.org
ET CURRENT_EVENTS Possible Upatre SSL Cert ara-photos.net
ET CURRENT_EVENTS Possible Upatre SSL Cert tecktalk.com
ET CURRENT_EVENTS Possible Upatre SSL Cert cyclivate.com
ET CURRENT_EVENTS Possible Upatre SSL Cert mentoringgroup.com
ET CURRENT_EVENTS Possible Upatre SSL Cert ssshosting.net
ET CURRENT_EVENTS Possible Upatre SSL Cert erotikturk.com
ET CURRENT_EVENTS Possible Upatre SSL Cert mtnoutfitters.com
ET CURRENT_EVENTS Possible Upatre SSL Cert jojik-international.com
ET CURRENT_EVENTS Possible Upatre SSL Cert abarsolutions.com
ET CURRENT_EVENTS Possible Upatre SSL Cert eastwoodvalley.com
ET CURRENT_EVENTS Possible Upatre SSL Cert pejlain.se
ET CURRENT_EVENTS Possible Upatre SSL Cert dominionthe.com
ET CURRENT_EVENTS Possible Upatre SSL Cert delanecanada.ca
ET CURRENT_EVENTS Possible Upatre SSL Cert hebergement-solutions.com
ET CURRENT_EVENTS Possible Upatre SSL Cert sportofteniq.com
ET CURRENT_EVENTS Possible Upatre SSL Cert adoraacc.com
ET CURRENT_EVENTS Possible Upatre SSL Cert tristacey.com
ET CURRENT_EVENTS Possible Upatre SSL Cert nbc-mail.com
ET CURRENT_EVENTS Possible Upatre SSL Cert tridayacipta.com
ET CURRENT_EVENTS Possible Upatre SSL Cert trainthetrainerinternational.com
ET CURRENT_EVENTS Possible Upatre SSL Cert lingayasuniversity.edu.in
ET CURRENT_EVENTS Possible Upatre SSL Cert uleideargan.com
ET CURRENT_EVENTS Possible Upatre SSL Cert picklingtank.com
ET CURRENT_EVENTS Possible Upatre SSL Cert vcomdesign.com
ET CURRENT_EVENTS Possible Upatre SSL Cert technosysuk.com
ET CURRENT_EVENTS Possible Upatre SSL Cert slmp-550-105.slc.westdc.net
ET CURRENT_EVENTS Possible Upatre SSL Cert itiltrainingcertworkshop.com
ET CURRENT_EVENTS Possible Upatre SSL Cert udderperfection.com
ET CURRENT_EVENTS Possible Upatre SSL Cert efind.co.il
ET CURRENT_EVENTS Possible Upatre SSL Cert bloodsoft.com
ET CURRENT_EVENTS Possible Upatre SSL Cert walletmix.com
ET CURRENT_EVENTS Possible Upatre SSL Cert turnaliinsaat.com
ET CURRENT_EVENTS Possible Upatre SSL Cert mdus-pp-wb12.webhostbox.net
ET CURRENT_EVENTS Possible Upatre SSL Cert plastics-technology.com
ET CURRENT_EVENTS Possible Upatre SSL Cert deserve.org.uk
ET CURRENT_EVENTS Possible Upatre SSL Cert worldbuy.biz
ET CURRENT_EVENTS NullHole EK Landing Aug 27 2014
ET CURRENT_EVENTS RIG EK Landing URI Struct
ET CURRENT_EVENTS NullHole EK Landing Redirect Aug 27 2014
ET CURRENT_EVENTS Possible Upatre SSL Cert paydaypedro.co.uk
ET CURRENT_EVENTS Possible Upatre SSL Cert chatso.com
ET CURRENT_EVENTS Possible Upatre SSL Cert dineshuthayakumar.in
ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF
ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks
ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks
ET CURRENT_EVENTS ScanBox Framework used in WateringHole Attacks KeepAlive
ET CURRENT_EVENTS Archie EK Sending Plugin-Detect Data
ET CURRENT_EVENTS Possible Archie/Metasploit SilverLight Exploit
ET CURRENT_EVENTS FlashPack EK Redirect Aug 25 2014
ET CURRENT_EVENTS FlashPack EK Redirect Sept 01 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 3 2014
ET CURRENT_EVENTS Possible Upatre SSL Cert bluehost.com Aug 27 2014
ET CURRENT_EVENTS Possible Microsoft Office PNG overflow attempt invalid tEXt chunk length
ET CURRENT_EVENTS Sweet Orange EK Java Exploit
ET CURRENT_EVENTS Possible Upatre SSL Cert webhostingpad.com
ET CURRENT_EVENTS Nuclear EK Silverlight URI Struct
ET CURRENT_EVENTS Driveby Bredolab - client exploited by acrobat
ET CURRENT_EVENTS exploit kit x/load/svchost.exe
ET CURRENT_EVENTS Nuclear landing with obfuscated plugindetect Apr 29 2013
ET CURRENT_EVENTS DNS Query for Known Hostile Domain gooqlepics com
ET CURRENT_EVENTS Request to .in FakeAV Campaign June 19 2012 exe or zip
ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 15 2014
ET CURRENT_EVENTS Astrum EK Landing
ET CURRENT_EVENTS Astrum EK Landing
ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 16 2014
ET CURRENT_EVENTS Malvertising Leading to EK Aug 19 2014 M4
ET CURRENT_EVENTS Fiesta EK Gate
ET CURRENT_EVENTS Fiesta EK Silverlight Based Redirect
ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 16 2014
ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 05 2013
ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 Sept 17 2014
ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 URI Struct Sept 17 2014
ET CURRENT_EVENTS Nuclear EK Redirect Sept 18 2014
ET CURRENT_EVENTS Nuclear EK Redirect Sept 18 2014
ET CURRENT_EVENTS Androm SSL Cert Sept 18 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 19 2014
ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF
ET CURRENT_EVENTS Nuclear EK Gate Sep 16 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 22 2014
ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013
ET CURRENT_EVENTS DRIVEBY Nuclear EK 2013-3918
ET CURRENT_EVENTS Win32/Spy.Zbot.ACB SSL Cert Sept 24 2014
ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Aug 27 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 26 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 26 2014
ET CURRENT_EVENTS Possible Upatre SSL Cert santa.my
ET CURRENT_EVENTS Possible Upatre SSL Cert glynwedasia.com
ET CURRENT_EVENTS BlackEnergy Possible SSL Cert Sept 26 2014
ET CURRENT_EVENTS DRIVEBY Possible Job314 EK JAR URI Struct
ET CURRENT_EVENTS DRIVEBY Job314 EK Landing
ET CURRENT_EVENTS Upatre redirector GET Sept 29 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 30 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 30 2014
ET CURRENT_EVENTS suspicious embedded zip file in web page
ET CURRENT_EVENTS Upatre redirector 29 Sept 2014 - POST
ET CURRENT_EVENTS Possible Upatre SSL Cert mypreschool.sg
ET CURRENT_EVENTS DRIVEBY Generic URLENCODED CollectGarbage
ET CURRENT_EVENTS Possible ComputerCop Log Transmitted via SMTP
ET CURRENT_EVENTS Cryptowall 2.0 DL URI Struct Oct 2 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 3 2014
ET CURRENT_EVENTS Possible CryptoLocker TorComponent DL
ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF Struct
ET CURRENT_EVENTS DRIVEBY Nuclear EK PDF Struct
ET CURRENT_EVENTS Nuclear EK Payload URI Struct Oct 5 2014
ET CURRENT_EVENTS DRIVEBY Generic CollectGarbage in Hex
ET CURRENT_EVENTS DRIVEBY Sednit EK Landing
ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2014-1776 M2
ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2014-1776 M3
ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2013-1347 M1
ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2013-1347 M2
ET CURRENT_EVENTS DRIVEBY Generic CollectGarbage in JJEncode
ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2013-3897 M1
ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2014-1776 M1
ET CURRENT_EVENTS Win32/Zbot SSL Cert Oct 9 2014
ET CURRENT_EVENTS Possible TWiki RCE attempt
ET CURRENT_EVENTS Possible TWiki Apache config file upload attempt
ET CURRENT_EVENTS Flashpack Redirect Method 2
ET CURRENT_EVENTS Possible SandWorm INF Download
ET CURRENT_EVENTS Possible SandWorm INF Download
ET CURRENT_EVENTS Possible SandWorm INF Download
ET CURRENT_EVENTS Possible SandWorm INF Download
ET CURRENT_EVENTS SUSPICIOUS PPT Download with Embedded OLE Object
ET CURRENT_EVENTS SUSPICIOUS SMTP Attachment Inbound PPT attachment with Embedded OLE Object M2
ET CURRENT_EVENTS SUSPICIOUS SMTP Attachment Inbound PPT attachment with Embedded OLE Object M3
ET CURRENT_EVENTS SUSPICIOUS SMTP Attachment Inbound PPT attachment with Embedded OLE Object M4
ET CURRENT_EVENTS SUSPICIOUS SMTP Attachment Inbound PPT attachment with Embedded OLE Object M5
ET CURRENT_EVENTS SUSPICIOUS SMTP Attachment Inbound PPT attachment with Embedded OLE Object M6
ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 15 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 15 2014
ET CURRENT_EVENTS Possible Sweet Orange redirection Oct 8 2014
ET CURRENT_EVENTS FlashPack Payload URI Struct Oct 16 2014
ET CURRENT_EVENTS Archie EK CVE-2014-0515 Aug 24 2014
ET CURRENT_EVENTS Archie EK CVE-2014-0497 Aug 24 2014
ET CURRENT_EVENTS Archie EK SilverLight URI Struct
ET CURRENT_EVENTS BlackEnergy URI Struct Oct 17 2014 BE1
ET CURRENT_EVENTS BlackEnergy URI Struct Oct 17 2014 BE2
ET CURRENT_EVENTS BlackEnergy URI Struct Oct 17 2014 BE3
ET CURRENT_EVENTS BlackEnergy URI Struct Oct 17 2014 BE4
ET CURRENT_EVENTS BlackEnergy URI Struct Oct 17 2014 BE5
ET CURRENT_EVENTS Win32/Zbot SSL Cert Oct 17 2014
ET CURRENT_EVENTS Job314 EK URI Landing Struct
ET CURRENT_EVENTS Orca RAT URI Struct 1
ET CURRENT_EVENTS Orca RAT URI Struct 2
ET CURRENT_EVENTS Orca RAT URI Struct 3
ET CURRENT_EVENTS Orca RAT URI Struct 4
ET CURRENT_EVENTS Job314 EK URI Exploit/Payload Struct
ET CURRENT_EVENTS Win32/Zbot SSL Cert Oct 21 2014
ET CURRENT_EVENTS FlashPack Payload URI Struct Oct 22 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 22 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 22 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 22 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 22 2014
ET CURRENT_EVENTS Nuclear EK Gate Injected iframe Oct 22 2014
ET CURRENT_EVENTS SSL SinkHole Cert Possible Infected Host
ET CURRENT_EVENTS Possible Upatre SSL Cert Oct 24 2014
ET CURRENT_EVENTS Possible Upatre SSL Cert www.tradeledstore.co.uk
ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 27 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 27 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 27 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Oct 27 2014
ET CURRENT_EVENTS Likely SweetOrange EK Flash Exploit URI Struct
ET CURRENT_EVENTS SSL excessive fatal alerts
ET CURRENT_EVENTS Potential Sofacy Phishing Redirect
ET CURRENT_EVENTS FlashPack EK Plugin-Detect Post
ET CURRENT_EVENTS FlashPack Payload Download Oct 29
ET CURRENT_EVENTS FlashPack Secondary Landing Oct 29
ET CURRENT_EVENTS DRIVEBY FakeSupport - Landing Page - Windows Firewall Warning
ET CURRENT_EVENTS DRIVEBY FakeSupport - URI - windows-firewall.png
ET CURRENT_EVENTS DRIVEBY FakeSupport - Landing Page - Operating System Check
ET CURRENT_EVENTS Likely SweetOrange EK Java Exploit Struct
ET CURRENT_EVENTS Win32/Trustezeb.J SSL Cert Oct 30 2014
ET CURRENT_EVENTS SUSPICIOUS SMTP Attachment Inbound PPT attachment with Embedded OLE Object M1
ET CURRENT_EVENTS Fiesta Flash Exploit URI Struct
ET CURRENT_EVENTS Fiesta Java Exploit/Payload URI Struct
ET CURRENT_EVENTS Fiesta SilverLight 4.x Exploit URI Struct
ET CURRENT_EVENTS Fiesta SilverLight 5.x Exploit URI Struct
ET CURRENT_EVENTS Sweet Orange Landing Nov 3 2014
ET CURRENT_EVENTS Evil EK Redirector Cookie Nov 03 2014
ET CURRENT_EVENTS Win32.Zbot.umpz SSL Cert Nov 4 2014
ET CURRENT_EVENTS Sweet Orange CDN Gate Sept 09 2014 Method 2
ET CURRENT_EVENTS Possible Sweet Orange redirection Nov 4 2014
ET CURRENT_EVENTS Possible Sweet Orange redirection 19 September 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 05 2014
ET CURRENT_EVENTS Win32/Trustezeb.E SSL Cert Nov 05 2014
ET CURRENT_EVENTS Archie EK Exploit Flash URI Struct
ET CURRENT_EVENTS Archie EK Exploit Flash URI Struct
ET CURRENT_EVENTS Archie EK Exploit IE URI Struct
ET CURRENT_EVENTS DRIVEBY Archie.EK Landing
ET CURRENT_EVENTS Archie EK Exploit SilverLight URI Struct
ET CURRENT_EVENTS Nuclear SilverLight URI Struct
ET CURRENT_EVENTS Nuclear SilverLight Exploit
ET CURRENT_EVENTS Possible HanJuan EK Flash Payload DL
ET CURRENT_EVENTS Possible HanJuan EK URI Struct Actor Specific
ET CURRENT_EVENTS Possible HanJuan Flash Exploit
ET CURRENT_EVENTS Possible HanJuan EK Actor Specific Injected iframe
ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 07 2014
ET CURRENT_EVENTS Archie EK Exploit Flash URI Struct
ET CURRENT_EVENTS Operation Huyao Landing Page Nov 07 2014
ET CURRENT_EVENTS Operation Huyao Phishing Page Nov 07 2014
ET CURRENT_EVENTS Evil EK Redirector Cookie Nov 07 2014
ET CURRENT_EVENTS Archie EK Landing URI Struct
ET CURRENT_EVENTS Nuclear EK Payload URI Struct Oct 5 2014
ET CURRENT_EVENTS Archie EK Landing Aug 24 2014
ET CURRENT_EVENTS Fiesta URI Struct
ET CURRENT_EVENTS Possible Dridex Campaign Download Nov 11 2014
ET CURRENT_EVENTS Win32/Zbot SSL Cert Nov 11 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 11 2014
ET CURRENT_EVENTS Archie EK Landing Nov 10 2014
ET CURRENT_EVENTS Job314 EK Landing Nov 10 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 12 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Nov 17 2014
ET CURRENT_EVENTS Archie EK Landing Nov 17 2014
ET CURRENT_EVENTS Archie EK Landing Nov 17 2014 M2
ET CURRENT_EVENTS Archie EK Flash Exploit URI Struct Nov 17 2014
ET CURRENT_EVENTS Archie EK Flash Exploit URI Struct 2 Nov 17 2014
ET CURRENT_EVENTS Archie EK Landing URI Struct 2 Nov 17 2014
ET CURRENT_EVENTS NullHole EK Exploit URI Struct
ET CURRENT_EVENTS SPL2 EK JS HashLib Nov 18 2014
ET CURRENT_EVENTS SPL2 EK Landing Nov 18 2014
ET CURRENT_EVENTS SPL2 EK Flash Exploit Nov 18 2014
ET CURRENT_EVENTS SPL2 EK PluginDetect Data Hash Nov 18 2014
ET CURRENT_EVENTS Possible FlashPack
ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF
ET CURRENT_EVENTS FlashPack Flash Exploit Nov 20 2014
ET CURRENT_EVENTS Turla/SPL EK Java Exploit Requested - /spl/
ET CURRENT_EVENTS Archie EK T2 Landing Struct Nov 20 2014
ET CURRENT_EVENTS Archie EK T2 PD Struct Nov 20 2014
ET CURRENT_EVENTS Fiesta EK Landing Nov 05 2014
ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct b64 1
ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct b64 2
ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct b64 3
ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct URLENCODE
ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct HEX
ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct HEXC
ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct HEXCS
ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct DECC
ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct DECCS
ET CURRENT_EVENTS Magnitude Flash Payload
ET CURRENT_EVENTS Possible Internet Explorer CVE-2014-6332 Common Construct
ET CURRENT_EVENTS KaiXin Landing Page Nov 25 2014
ET CURRENT_EVENTS Malicious Iframe Leading to EK
ET CURRENT_EVENTS Possible Sweet Orange Landing Nov 3 2014
ET CURRENT_EVENTS WinHttpRequest Downloading EXE
ET CURRENT_EVENTS WinHttpRequest Downloading EXE Non-Port 80
ET CURRENT_EVENTS Magnitude Flash Exploit
ET CURRENT_EVENTS Nuclear EK Landing Dec 03 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Dec 4 2014
ET CURRENT_EVENTS Possible Double Flated Encoded Inbound Malicious PDF
ET CURRENT_EVENTS Possible Double Flated Encoded Inbound Malicious PDF
ET CURRENT_EVENTS Possible Double Flated Encoded Inbound Malicious PDF
ET CURRENT_EVENTS MS Office Macro Dridex Download URI Dec 5 2014
ET CURRENT_EVENTS Malicious Iframe Leading to EK Dec 08 2014
ET CURRENT_EVENTS Malicious Redirect Leading to EK Dec 08 2014
ET CURRENT_EVENTS QNAP Shellshock CVE-2014-6271
ET CURRENT_EVENTS QNAP Shellshock script retrieval
ET CURRENT_EVENTS DRIVEBY Nuclear EK Payload
ET CURRENT_EVENTS Gootkit SSL Cert Dec 10 2014
ET CURRENT_EVENTS DRIVEBY Nuclear EK Exploit Struct
ET CURRENT_EVENTS Malicious JS Leading to Fiesta EK
ET CURRENT_EVENTS Win32/Spy.Zbot.ACB SSL Cert Dec 15 2014
ET CURRENT_EVENTS DNS Query SoakSoak Malware
ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Sep 29 2014
ET CURRENT_EVENTS Upatre Redirector Dec 16 2014 set
ET CURRENT_EVENTS Upatre Redirector Dec 16 2014
ET CURRENT_EVENTS Possible Zbot SSL Cert Dec 16 2014
ET CURRENT_EVENTS SoakSoak Malware GET request
ET CURRENT_EVENTS RIG EK Landing Page Sept 17 2014
ET CURRENT_EVENTS SweetOrange EK Landing Nov 19 2014
ET CURRENT_EVENTS Archie EK T2 SWF Exploit Struct Nov 20 2014
ET CURRENT_EVENTS Malicious Referer Bulk Traffic Sometimes Leading to EKs
ET CURRENT_EVENTS Evil Flash Redirector to RIG EK Dec 17 2014
ET CURRENT_EVENTS Upatre Download Redirection Dec 18 2014
ET CURRENT_EVENTS Archie EK T2 Activity Dec 18 2014
ET CURRENT_EVENTS W32/Dridex Distribution Campaign Dec 19 2014
ET CURRENT_EVENTS Evil Redirector Leading to EK Dec 22 2014 Video
ET CURRENT_EVENTS Evil Redirector Leading to EK Dec 22 2014 Player
ET CURRENT_EVENTS Evil Redirector Leading to EK Dec 22 2014 Search
ET CURRENT_EVENTS Possible CVE-2014-6332 Arrays with Offset Dec 23
ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Dec 29 2014
ET CURRENT_EVENTS Cushion Redirection URI Struct Mon Jan 05 2015
ET CURRENT_EVENTS Nuclear EK Landing Jan 06 2014
ET CURRENT_EVENTS Probable malicious download from e-mail link /1.php
ET CURRENT_EVENTS Upatre Firefox/Chrome Redirector Receiving Payload Jan 9 2015
ET CURRENT_EVENTS MS Office Macro Dridex Download URI Jan 7 2015
ET CURRENT_EVENTS Nuclear EK Landing Jan 14 2014
ET CURRENT_EVENTS Nuclear EK Landing Jan 19 2014
ET CURRENT_EVENTS Possible Successful Phishing Attempt Jan 20 2015
ET CURRENT_EVENTS Nuclear EK Landing Jan 21 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert Jan 22 2015
ET CURRENT_EVENTS Possible Dyre SSL Cert Jan 22 2015
ET CURRENT_EVENTS Possible Sweet Orange redirection Jan 22 2015
ET CURRENT_EVENTS Upatre IE Redirector Receiving Payload Jan 9 2015
ET CURRENT_EVENTS Upatre Redirector Jan 23 2015
ET CURRENT_EVENTS Upatre Redirector IE Requesting Payload Jan 19 2015
ET CURRENT_EVENTS DRIVEBY Nuclear EK SilverLight M2
ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Jan 27 2015 M2
ET CURRENT_EVENTS Possible Dridex Campaign Download Jan 28 2015
ET CURRENT_EVENTS HanJuan Landing Dec 10 2014
ET CURRENT_EVENTS Possible Dridex e-mail inbound
ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Feb 03 2015 M2
ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Feb 01 2015 M2
ET CURRENT_EVENTS Sweet Orange Landing Nov 04 2013
ET CURRENT_EVENTS Evil Redirector Leading to EK Feb 11 2015 Banner
ET CURRENT_EVENTS Evil Redirector Leading to EK Feb 11 2015 Blog
ET CURRENT_EVENTS Upatre Common URI Struct Feb 12 2015
ET CURRENT_EVENTS Unknown EK Landing Feb 16 2015 b64 1 M1
ET CURRENT_EVENTS Unknown EK Landing Feb 16 2015 b64 2 M1
ET CURRENT_EVENTS Unknown EK Landing Feb 16 2015 b64 3 M1
ET CURRENT_EVENTS Unknown EK Landing Feb 16 2015 b64 2 M2
ET CURRENT_EVENTS Unknown EK Landing Feb 16 2015 b64 3 M2
ET CURRENT_EVENTS Uknown EK Java Exploit
ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Jan 27 2015 M1
ET CURRENT_EVENTS Possible CVE-2014-6332 DECS2
ET CURRENT_EVENTS KaiXin EK Jar URI Struct
ET CURRENT_EVENTS KaiXin EK Possible Jar Download
ET CURRENT_EVENTS KaiXin EK Possible Jar Download
ET CURRENT_EVENTS DRIVEBY GENERIC CollectGarbage in Hex String No Seps
ET CURRENT_EVENTS DRIVEBY GENERIC ShellExecute in Hex No Seps
ET CURRENT_EVENTS DRIVEBY GENERIC ShellExecute in URLENCODE
ET CURRENT_EVENTS Unknown EK Comment in Body
ET CURRENT_EVENTS KaiXin Landing Page M2
ET CURRENT_EVENTS KaiXin Secondary Landing Page M2
ET CURRENT_EVENTS KaiXin Landing M3
ET CURRENT_EVENTS Possible Upatre or Dyre SSL Cert Jan 22 2015
ET CURRENT_EVENTS DRIVEBY Possible Unknown EK HFS CVE-2014-6332
ET CURRENT_EVENTS DRIVEBY Likely Evil EXE with no referer from HFS webserver
ET CURRENT_EVENTS DRIVEBY Unknown EK Landing
ET CURRENT_EVENTS DRIVEBY [PwC CTD] -- MultiGroup - ScanBox Watering Hole Content form tag appended to head
ET CURRENT_EVENTS DRIVEBY [PwC CTD] -- MultiGroup - ScanBox Watering Hole function return value
ET CURRENT_EVENTS DRIVEBY [PwC CTD] -- MultiGroup - TH3BUG and Non-Targetted Groups Watering Hole Deobfuscation function
ET CURRENT_EVENTS DRIVEBY [PwC CTD] -- MultiGroup - ScanBox Watering Hole iframe
ET CURRENT_EVENTS DRIVEBY [PwC CTD] -- MultiGroup - ScanBox and Targetted Watering Holes ActiveX Call
ET CURRENT_EVENTS DRIVEBY [PwC CTD] -- MultiGroup - ScanBox and Targetted Watering Holes PDF
ET CURRENT_EVENTS KaiXin Secondary Landing Page
ET CURRENT_EVENTS INFO .exe download with no referer
ET CURRENT_EVENTS Sweet Orange EK Flash Exploit IE March 03 2015
ET CURRENT_EVENTS Possible Scam - FakeAV Alert Landing March 2 2015
ET CURRENT_EVENTS Possible Scam - FakeAV Alert Landing March 2 2015
ET CURRENT_EVENTS rechnung zip file download
ET CURRENT_EVENTS Possible Upatre SSL Cert www.eshaalfoundation.org
ET CURRENT_EVENTS Unknown Malicious Second Stage Download URI Struct M1 Feb 06 2015
ET CURRENT_EVENTS Unknown Malicious Second Stage Download URI Struct M2 Feb 06 2015
ET CURRENT_EVENTS Upatre Redirector Jan 9 2015
ET CURRENT_EVENTS Fiesta EK Landing URI Struct March 6 2015
ET CURRENT_EVENTS Evil Redirector Leading to EK March 16 2015
ET CURRENT_EVENTS Fake Windows Security Warning - Alert
ET CURRENT_EVENTS Fake Windows Security Warning - png
ET CURRENT_EVENTS RIG Payload URI Struct March 20 2015
ET CURRENT_EVENTS RIG EK Landing March 20 2015
ET CURRENT_EVENTS RIG EK Landing March 20 2015 M2
ET CURRENT_EVENTS HanJuan EK Landing March 24 2015 M1
ET CURRENT_EVENTS HanJuan EK Landing March 24 2015 M2
ET CURRENT_EVENTS Unauthorized SSL Cert for Google Domains
ET CURRENT_EVENTS VBA Office Document Dridex Binary Download User-Agent
ET CURRENT_EVENTS Nuclear EK JAR URI Struct Nov 05 2013
ET CURRENT_EVENTS VBA Office Document Dridex Binary Download User-Agent 2
ET CURRENT_EVENTS VBScript Driveby MAR 31 2015
ET CURRENT_EVENTS VBScript Driveby Related TDS MAR 31 2015
ET CURRENT_EVENTS Evil Redirector Leading to EK Apr 2 2015
ET CURRENT_EVENTS DRIVEBY Nuclear EK Landing Feb 03 2015 M2
ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF M2
ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF
ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF
ET CURRENT_EVENTS Nuclear EK SilverLight Exploit
ET CURRENT_EVENTS DRIVEBY Nuclear EK Payload
ET CURRENT_EVENTS Malicious Redirect Leading to EK Apr 03 2015
ET CURRENT_EVENTS Nuclear EK Landing Apr 03 2015
ET CURRENT_EVENTS Nuclear EK Landing Apr 03 2015
ET CURRENT_EVENTS Possible Upatre DNS Query
ET CURRENT_EVENTS Chrome Cookie Data Theft April 06 2015
ET CURRENT_EVENTS DRIVEBY Router DNS Changer Apr 07 2015
ET CURRENT_EVENTS Possible Dridex downloader SSL Certificate srv1.mainsftdomain.com
ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1
ET CURRENT_EVENTS DRIVEBY EXE Embeded in Page Likely Evil M2
ET CURRENT_EVENTS Nuclear EK Landing Apr 08 2015
ET CURRENT_EVENTS Evil Redirector Leading to EK Mar 19 2015
ET CURRENT_EVENTS SPL2 EK Post-Compromise Data Dump M1
ET CURRENT_EVENTS SPL2 EK Post-Compromise Data Dump M2
ET CURRENT_EVENTS SPL2 EK Post-Compromise Data Dump M3
ET CURRENT_EVENTS Potential Dridex.Maldoc Minimal Executable Request
ET CURRENT_EVENTS Possible Dridex downloader SSL Certificate
ET CURRENT_EVENTS Fiesta EK PDF Exploit Apr 23 2015
ET CURRENT_EVENTS Sundown EK Secondary Landing Apr 20 2015
ET CURRENT_EVENTS Possible Dridex Downloader SSL Certificate
ET CURRENT_EVENTS Download file with Powershell via LNK file
ET CURRENT_EVENTS Possible Sundown EK URI Struct T1 Apr 24 2015
ET CURRENT_EVENTS Possible Sundown EK Payload Struct T1 Apr 24 2015
ET CURRENT_EVENTS Sundown EK Secondary Landing T1 M2 Apr 24 2015
ET CURRENT_EVENTS Possible Sundown EK Payload Struct T2 M1 Apr 24 2015
ET CURRENT_EVENTS Possible Sundown EK Payload Struct T2 M2 Apr 24 2015
ET CURRENT_EVENTS IonCube Encoded Page
ET CURRENT_EVENTS Possible Sundown EK Flash Exploit Struct T2 Apr 24 2015
ET CURRENT_EVENTS Sundown EK Landing Apr 20 2015
ET CURRENT_EVENTS Sundown EK Flash Exploit Apr 20 2015
ET CURRENT_EVENTS Nuclear EK Landing Apr 22 2015
ET CURRENT_EVENTS CottonCastle/Niteris EK Landing URI Struct April 29 2015 M2
ET CURRENT_EVENTS CottonCastle/Niteris EK Landing April 29 2015
ET CURRENT_EVENTS CottonCastle/Niteris EK SWF Exploit April 30 2015
ET CURRENT_EVENTS CottonCastle/Niteris EK SilverLight Exploit April 30 2015
ET CURRENT_EVENTS CottonCastle/Niteris EK SWF Exploit April 30 2015
ET CURRENT_EVENTS CottonCastle/Niteris EK Exploit Struct April 30 2015
ET CURRENT_EVENTS Unknown EK Landing Page May 01 2015
ET CURRENT_EVENTS Unknown EK Secondary Landing Page May 01 2015 M1
ET CURRENT_EVENTS Unknown EK Secondary Landing Page May 01 2015 M2
ET CURRENT_EVENTS Fiesta EK IE Exploit Apr 23 2015
ET CURRENT_EVENTS Fiesta EK Landing Apr 23 2015
ET CURRENT_EVENTS Fiesta EK Java Exploit Apr 23 2015
ET CURRENT_EVENTS Fiesta EK Flash Exploit Apr 23 2015
ET CURRENT_EVENTS Fiesta EK SilverLight Exploit Apr 23 2015
ET CURRENT_EVENTS Magnitude EK Flash Payload ShellCode Apr 23 2015
ET CURRENT_EVENTS Likely Trojan Multi-part Macro Download M1
ET CURRENT_EVENTS Possible CryptoPHP Leaking Credentials May 8 2015 M1
ET CURRENT_EVENTS Possible CryptoPHP Leaking Credentials May 8 2015 M2
ET CURRENT_EVENTS Possible CryptoPHP Leaking Credentials May 8 2015 M3
ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17 2013 3
ET CURRENT_EVENTS Download file with BITS via LNK file
ET CURRENT_EVENTS Possible Dridex Remote Macro Download
ET CURRENT_EVENTS DNSChanger EK Landing May 12 2015
ET CURRENT_EVENTS DNSChanger EK Secondary Landing May 12 2015 M2
ET CURRENT_EVENTS Sundown EK Landing May 21 2015 M1
ET CURRENT_EVENTS DNSChanger EK Landing URI Struct May 22 2015
ET CURRENT_EVENTS Likely Malicious Redirect SSL Cert
ET CURRENT_EVENTS Evil JS iframe Embedded In GIF
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 2 2015
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 4 2015 M1
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 4 2015 M2
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 4 2015 M3
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 8 2015 M1
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 8 2015 M2
ET CURRENT_EVENTS KaiXin Secondary Landing Page
ET CURRENT_EVENTS Likely Evil JS used in Unknown EK Landing
ET CURRENT_EVENTS KaiXin Secondary Landing Jun 09 2015
ET CURRENT_EVENTS Possible Evil Redirector Leading to EK June 11 2015
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 11 2015 M2
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 11 2015 M3
ET CURRENT_EVENTS Likely Evil JS used in Unknown EK Landing
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 16 2015 M1
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 16 2015 M4
ET CURRENT_EVENTS KaiXin Landing M4
ET CURRENT_EVENTS KaiXin Secondary Landing Page
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 17 2015 M1
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 17 2015 M2
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 16 2015 M2
ET CURRENT_EVENTS CottonCastle/Niteris EK Landing URI Struct April 29 2015 M1
ET CURRENT_EVENTS CottonCastle/Niteris EK Java Exploit URI Struct April 29 2015
ET CURRENT_EVENTS CottonCastle/Niteris EK Payload April 29 2015
ET CURRENT_EVENTS CottonCastle/Niteris EK Landing URI Struct June 19 2015 M3
ET CURRENT_EVENTS Likely CottonCastle/Niteris EK Response June 19 2015
ET CURRENT_EVENTS CottonCastle/Niteris EK Payload June 19 2015
ET CURRENT_EVENTS CottonCastle/Niteris EK Landing June 19 2015
ET CURRENT_EVENTS Likely Malicious wininet UA Downloading EXE
ET CURRENT_EVENTS Suspicious JS Observed in Unknown EK Landing
ET CURRENT_EVENTS CottonCastle/Niteris EK POST Beacon April 29 2015
ET CURRENT_EVENTS KaiXin Secondary Landing Page June 22 2015
ET CURRENT_EVENTS Likely Linux/Xorddos.F DDoS Attack Participation
ET CURRENT_EVENTS Likely Linux/Xorddos.F DDoS Attack Participation
ET CURRENT_EVENTS Likely Linux/Xorddos.F DDoS Attack Participation
ET CURRENT_EVENTS Likely Linux/Xorddos.F DDoS Attack Participation
ET CURRENT_EVENTS Likely Linux/Xorddos.F DDoS Attack Participation
ET CURRENT_EVENTS Likely Linux/Xorddos.F DDoS Attack Participation
ET CURRENT_EVENTS Likely Linux/Xorddos.F DDoS Attack Participation
ET CURRENT_EVENTS Likely Linux/Xorddos.F DDoS Attack Participation
ET CURRENT_EVENTS Sundown EK Landing May 21 2015 M2
ET CURRENT_EVENTS suspicious VBE-encoded script
ET CURRENT_EVENTS Possible Elasticsearch CVE-2015-1427 Exploit Campaign SSL Certificate
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 26 2015 M2
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 26 2015 M3
ET CURRENT_EVENTS Magnitude CVE-2015-3113 Jun 29 2015 M1
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 26 2015 M4
ET CURRENT_EVENTS Fake AV Phone Scam Stylesheet June 26 2015
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 26 2015 M5
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 26 2015 M6
ET CURRENT_EVENTS NullHole EK Landing URI struct
ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 02
ET CURRENT_EVENTS SUSPICIOUS IRC - PRIVMSG *.
ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 08
ET CURRENT_EVENTS Targeted Attack from APT Actor Delivering HT SWF Exploit RIP
ET CURRENT_EVENTS HanJuan EK Current Campaign Landing URI Struct Jul 10 2015
ET CURRENT_EVENTS Likely Linux/Xorddos DDoS Attack Participation
ET CURRENT_EVENTS Likely Linux/Xorddos DDoS Attack Participation
ET CURRENT_EVENTS Suspicious SWF filename movie
ET CURRENT_EVENTS Likely Malicious Redirect SSL Cert
ET CURRENT_EVENTS Possible IE MSMXL Detection of Local DLL
ET CURRENT_EVENTS Possible Dyre SSL Cert M1
ET CURRENT_EVENTS Possible Dyre SSL Cert M2
ET CURRENT_EVENTS Possible Dyre SSL Cert M3
ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 17
ET CURRENT_EVENTS Likely Linux/Xorddos.F DDoS Attack Participation
ET CURRENT_EVENTS Likely Linux/IptabLesX C2 Domain Lookup
ET CURRENT_EVENTS Fake AV Phone Scam Landing July 20 2015 M2
ET CURRENT_EVENTS Fake AV Phone Scam Landing July 20 2015 M4
ET CURRENT_EVENTS Fake AV Phone Scam Landing July 20 2015 M1
ET CURRENT_EVENTS NullHole URI Struct Jul 22 2015 M2
ET CURRENT_EVENTS NullHole URI Struct Jul 22 2015 M3
ET CURRENT_EVENTS CottonCastle/Niteris EK URI Struct April 29 2015
ET CURRENT_EVENTS Possible Tsukuba Banker Edwards Packed proxy.pac
ET CURRENT_EVENTS DRIVEBY Possible Goon/Infinity/Magnitude EK SilverLight Exploit
ET CURRENT_EVENTS ScanBox Jun 06 2015 M1 T1
ET CURRENT_EVENTS ScanBox Jun 06 2015 M2 T1
ET CURRENT_EVENTS ScanBox Jun 06 2015 M3 T1
ET CURRENT_EVENTS Possible Malicious Redirect 8x8 script tag URI struct
ET CURRENT_EVENTS NuclearPack - PDF Naming Algorithm
ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 29
ET CURRENT_EVENTS Malvertising Redirection to Exploit Kit Aug 07 2014
ET CURRENT_EVENTS Possible Dyre SSL Cert
ET CURRENT_EVENTS HT SWF Exploit RIP
ET CURRENT_EVENTS Dridex Downloader SSL Certificate
ET CURRENT_EVENTS Nuclear EK Exploit URI Struct Aug 12
ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and Possible Windows XP/7
ET CURRENT_EVENTS CottonCastle/Niteris EK Secondary Landing Aug 17 2015
ET CURRENT_EVENTS CottonCastle/Niteris EK Landing Aug 17 2015
ET CURRENT_EVENTS CottonCastle/Niteris EK Secondary Landing URI Struct Aug 17 2015
ET CURRENT_EVENTS CottonCastle/Niteris EK Exploit URI Struct Aug 17 2015
ET CURRENT_EVENTS Likely Linux/Tsunami DDoS Attack Participation
ET CURRENT_EVENTS Possible TDS Redirecting to EK Aug 19 2015
ET CURRENT_EVENTS Possible Magnitude EK Landing URI Struct Aug 21 2015
ET CURRENT_EVENTS Magnitude EK Landing Aug 21 2015
ET CURRENT_EVENTS Magnitude Flash Exploit
ET CURRENT_EVENTS HT SWF Exploit RIP M2
ET CURRENT_EVENTS Cryptowall docs campaign Aug 2015 encrypted binary
ET CURRENT_EVENTS Magnitude/Hunter EK IE Exploit Aug 23 2015
ET CURRENT_EVENTS PawnStorm Java Class Stage 1 M1 Aug 28 2015
ET CURRENT_EVENTS PawnStorm Java Class Stage 2 M1 Aug 28 2015
ET CURRENT_EVENTS PawnStorm Java Class Stage 2 M2 Aug 28 2015
ET CURRENT_EVENTS PawnStorm Sednit DL Aug 28 2015
ET CURRENT_EVENTS Evil Redirector Leading to EK Aug 31 2015 T2
ET CURRENT_EVENTS RIG Landing URI Struct March 20 2015
ET CURRENT_EVENTS Double-Encoded Reverse Base64/Dean Edwards Packed JavaScript Observed in Unknown EK Feb 16 2015 b64 1 M2
ET CURRENT_EVENTS Possible Dyre SSL Cert Aug 31 2015
ET CURRENT_EVENTS Possible Dyre SSL Cert Aug 31 2015
ET CURRENT_EVENTS Google Drive Phishing Landing Sept 3
ET CURRENT_EVENTS possible Sofacy encrypted binary
ET CURRENT_EVENTS CottonCastle/Niteris EK Receiving Payload May 7 2015
ET CURRENT_EVENTS Spartan EK Secondary Flash Exploit DL
ET CURRENT_EVENTS Possible Spartan EK Secondary Flash Exploit DL M2
ET CURRENT_EVENTS Cryptowall docs campaign Sept 2015 encrypted binary
ET CURRENT_EVENTS Unknown Malicious Second Stage Download URI Struct Sept 15 2015
ET CURRENT_EVENTS Unknown Malicious Second Stage Download URI Struct Sept 15 2015
ET CURRENT_EVENTS Possible Spartan/Nuclear EK Payload
ET CURRENT_EVENTS Fake AV Phone Scam Landing Sept 21 2015
ET CURRENT_EVENTS Evil Redirector Leading to EK Sept 25 2015
ET CURRENT_EVENTS Evil JavaScript Injection Sep 29 2015
ET CURRENT_EVENTS Evil Redirector Sep 29 2015
ET CURRENT_EVENTS Evil Redirector from iframe Sep 29 2015
ET CURRENT_EVENTS Possible Upatre/Dyre/Kegotip SSL Cert Sept 14 2015
ET CURRENT_EVENTS Evil Redirector Leading To EK Sep 30 2015
ET CURRENT_EVENTS Possible Astrum EK URI Struct
ET CURRENT_EVENTS Likely SweetOrange EK Java Exploit Struct
ET CURRENT_EVENTS KaiXin Landing M5 1 Oct 05 2015
ET CURRENT_EVENTS KaiXin Landing M5 2 Oct 05 2015
ET CURRENT_EVENTS KaiXin Landing M5 3 Oct 05 2015
ET CURRENT_EVENTS KaiXin Landing Page Oct 05 2015
ET CURRENT_EVENTS Magnitude EK Landing Oct 08 2015
ET CURRENT_EVENTS Netgear Multiple Router Auth Bypass
ET CURRENT_EVENTS Possible Upatre/Dyre/Kegotip SSL Cert Sept 8 2015
ET CURRENT_EVENTS Possible Upatre/Dyre/Kegotip SSL Cert Oct 12 2015
ET CURRENT_EVENTS Possible Magento Directory Traversal Attempt
ET CURRENT_EVENTS Fake AV Phone Scam Landing June 26 2015 M1
ET CURRENT_EVENTS Fake Virus Phone Scam Landing Oct 19 M1
ET CURRENT_EVENTS Fake Virus Phone Scam Landing Oct 19 M2
ET CURRENT_EVENTS Fake Virus Phone Scam Landing Oct 19 M3
ET CURRENT_EVENTS Fake Virus Phone Scam Landing Oct 19 M4
ET CURRENT_EVENTS Fake Virus Phone Scam Redirector Oct 19 M1
ET CURRENT_EVENTS Fake Virus Phone Scam Redirector Oct 19 M2
ET CURRENT_EVENTS Fake Virus Phone Scam Redirector Oct 19 M3
ET CURRENT_EVENTS Fake Virus Phone Scam Landing Oct 19 M5
ET CURRENT_EVENTS Cushion Redirection
ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015 B64 1
ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015 B64 2
ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015 B64 3
ET CURRENT_EVENTS Possible click2play bypass Oct 19 2015 as observed in PawnStorm
ET CURRENT_EVENTS Fake Java Installer Landing Page Oct 21
ET CURRENT_EVENTS Chase Account Phish Landing Oct 22
ET CURRENT_EVENTS Evil Redirector Leading to EK Oct 26 2015
ET CURRENT_EVENTS Nuclear EK IE Exploit Aug 23 2015
ET CURRENT_EVENTS Possible Dyre SSL Cert Sept 2 2015
ET CURRENT_EVENTS Possible Malicious Redirect Leading to EK Oct 29
ET CURRENT_EVENTS Possible WhiteLotus IE Payload
ET CURRENT_EVENTS Fake AV Phone Scam Landing Oct 29
ET CURRENT_EVENTS Fake Virus Phone Scam Landing Oct 30
ET CURRENT_EVENTS Fake Virus Phone Scam Audio Oct 30
ET CURRENT_EVENTS Fake Video Player Update Scam Oct 30
ET CURRENT_EVENTS Successful Paypal Account Phish Oct 30
ET CURRENT_EVENTS Successful Paypal Account Phish Oct 30 2
ET CURRENT_EVENTS Successful Paypal Account Phish Oct 30 3
ET CURRENT_EVENTS Jimdo.com Phishing PDF via HTTP
ET CURRENT_EVENTS Fake Virus Phone Scam Landing Nov 4 M2 </