The Trellix Intrusion Prevention System signature set releasing on December 20, 2022 will consist of multiple attack signature modifications as part of our continuous Trellix rebranding efforts. The product names have been rebranded from McAfee to Trellix wherever applicable inside each of the signatures.
NOTE: There's no change in the attack detection logic; hence, this shouldn't impact the protection provided by these signatures.
Environment
Trellix Intrusion Prevention System Sensor
Trellix Intrusion Prevention System Signature Set
Summary
List of attack signatures that have been rebranded to Trellix wherever applicable.
|
NSPID |
Attack Signature Name |
|
0x402c6000 |
BACKDOOR: Poison Ivy Traffic Detected |
|
0x40E00300 |
BACKDOOR: Theef Trojan |
|
0x40E00900 |
BACKDOOR: Hack'a'Tack Trojan |
|
0x40E00A00 |
BACKDOOR: BackConstruction Trojan |
|
0x40E01C00 |
BACKDOOR: BigGluck Trojan |
|
0x40E02200 |
BACKDOOR: Delta Source |
|
0x40E02300 |
BACKDOOR: Evil FTP |
|
0x40E02500 |
BACKDOOR: Frenzy |
|
0x40E02800 |
BACKDOOR: Glacier |
|
0x40E02D00 |
BACKDOOR: Snid |
|
0x40E02E00 |
BACKDOOR: SniperNet |
|
0x40E03900 |
BACKDOOR: Y3K RAT |
|
0x40E03D00 |
BACKDOOR: Hvl RAT |
|
0x40E03F00 |
BACKDOOR: Millenium |
|
0x40E04300 |
BACKDOOR: NCX (nc99) |
|
0x40E04400 |
BACKDOOR: NetMonitor (NetSpy) |
|
0x40E04A00 |
BACKDOOR: Crazzy Net |
|
0x40E07300 |
BACKDOOR: Bla |
|
0x40E07c00 |
BACKDOOR: Danton |
|
0x40E08000 |
BACKDOOR: Dark Connection Inside |
|
0x40E08100 |
BACKDOOR: DTr |
|
0x40E08400 |
BACKDOOR: F-Backdoor |
|
0x40E08500 |
BACKDOOR: FileNail |
|
0x40E08700 |
BACKDOOR: GiFt |
|
0x40E08a00 |
BACKDOOR: Hellz Addiction |
|
0x40E08c00 |
BACKDOOR: InCommand |
|
0x40E08f00 |
BACKDOOR: Intruzzo |
|
0x40E09000 |
BACKDOOR: G-Spot |
|
0x40E09200 |
BACKDOOR: Konik |
|
0x40E09300 |
BACKDOOR: Last2000/Singularity |
|
0x40E09400 |
BACKDOOR: Lithium |
|
0x40E09600 |
BACKDOOR: Mantis |
|
0x40E09900 |
BACKDOOR: Microspy |
|
0x40E09e00 |
BACKDOOR: Net Administrator |
|
0x40E09f00 |
BACKDOOR: NetRaider |
|
0x40E0a200 |
BACKDOOR: NetTrash/WinRAT/Oxon |
|
0x40E0a800 |
BACKDOOR: Osiris Trojan Horse |
|
0x40E0ac00 |
BACKDOOR: PC Invader |
|
0x40E0ae00 |
BACKDOOR: Pitfall |
|
0x40E0b100 |
BACKDOOR: Priority |
|
0x40E0b200 |
BACKDOOR: Private Port |
|
0x40E0b900 |
BACKDOOR: Remote Boot Tool |
|
0x40E0bd00 |
BACKDOOR: The Revenger |
|
0x40E0c100 |
BACKDOOR: School Bus |
|
0x40E0c200 |
BACKDOOR: Tcc |
|
0x40E0c700 |
BACKDOOR: Ullysse |
|
0x40E0c800 |
BACKDOOR: Tron |
|
0x40E0c900 |
BACKDOOR: UltimateRAT |
|
0x40E0cb00 |
BACKDOOR: Uploader |
|
0x40E0cf00 |
BACKDOOR: WanRemote |
|
0x40e0d000 |
BACKDOOR: Vampire |
|
0x40E0d100 |
BACKDOOR: War Trojan |
|
0x40E0d200 |
BACKDOOR: Windows Mite |
|
0x40E0d300 |
BACKDOOR: Xanadu |
|
0x40E0d800 |
BACKDOOR: Remote Storm |
|
0x40E0db00 |
BACKDOOR: QAZ |
|
0x40E0de00 |
BACKDOOR: Net Controller |
|
0x40e0e600 |
BACKDOOR: Beast |
|
0x40e0ea00 |
BACKDOOR: Proxy-Agent.af.gen Detection |
|
0x40e10000 |
BACKDOOR: NightDragon Communication Detected |
|
0x40E10100 |
BACKDOOR: CoreFlood Activity Detected |
|
0x45d0ab00 |
BACKDOOR: Operation Aurora Communication Detected |
|
0x48800500 |
BOT: Phatbot Trojan Infection |
|
0x48804b00 |
BOT: Darkshell Botnet Activity Detected |
|
0x48805200 |
BOT: TDSS.C Trojan Traffic Detected |
|
0x48805300 |
BOT: Shady RAT Backdoor Detected |
|
0x48805800 |
BOT: Enfal Traffic Detected |
|
0x48805a00 |
BOT: Backdoor EMN Detected |
|
0x48805d00 |
BOT: Bitcoin bot Traffic Detected |
|
0x48806200 |
BOT: Spyeye Traffic Detected |
|
0x48806300 |
BOT: Android Siniter.A Traffic Detected |
|
0x48806600 |
HTTP: Malicious Bot Activity Detected |
|
0x48806a00 |
BOT: Nitol Activity Detected |
|
0x48808a00 |
BOT: ZBot Activity Detected |
|
0x48808b00 |
BOT: Zeus/Floki Post Request Detected |
|
0x48808f00 |
BOT: VertexNet Bot Activity Detected |
|
0x48809200 |
BOT: Gauss Bot Traffic Detected |
|
0x48809600 |
BOT: Skywiper.B Trojan Activity Detected |
|
0x48809900 |
BOT: NGRBot Activity Detected |
|
0x48809b00 |
BOT: W32 autorun worm aarb-h activity Detected |
|
0x4880a200 |
BOT: Red October Activity Detected |
|
0x4880a500 |
BOT: Travert Traffic Detected |
|
0x4880ae00 |
BOT: Fareit Traffic Detected |
|
0x4880b100 |
BOT: Feodo Activity Detected |
|
0x4880cd00 |
BOT: Blackrav Traffic Detected |
|
0x4880cf00 |
BOT: Hesper Activity Detected |
|
0x4880d200 |
BOT: Napolar Activity Detected |
|
0x4880d400 |
BOT: H-Worm Activity Detected |
|
0x4880d700 |
BOT: Plasma Traffic Detected |
|
0x4880d800 |
BOT: Neverquest Activity Detected |
|
0x4880da00 |
BOT: Zeus/Floki VM Request Detected |
|
0x4880e700 |
SMTP: Aradmax Keylogger Traffic Detected |
|
0x4880eb00 |
BOT: Graftor Activity Detected |
|
0x4880ef00 |
BOT: Zeus/Floki Downloader Activity Detected |
|
0x4880f100 |
BOT: Pandemia Traffic Detected |
|
0x4880fb00 |
BOT: Spike Ddos traffic Detected |
|
0x48811b00 |
BOT: Nanhaishu RAT Traffic Detected |
|
0x48811e00 |
BOT: Hajime Worm Traffic Detected |
|
0x48812500 |
BOT: Dorkbot Traffic Detected |
|
0x48812c00 |
BOT: Shamoon Malware Traffic Detected |
|
0x48814100 |
BOT: Maze Malware Traffic Detected |
|
0x48814500 |
BOT: LooCipher Malware Traffic Detected |
|
0x48814b00 |
BOT: Qakbot Traffic Detected |
|
0x47601a00 |
DCERPC: W32/Gaobot.worm Detected |
|
0x47602400 |
DCERPC: Veritas Backup Exec Server Remote Registry Access |
|
0x4000f400 |
DDoS: Trin00 Daemon-to-Master |
|
0x4000f600 |
DDoS: Stacheldraht Agent-response-gag |
|
0x4000f700 |
DDoS: Stacheldraht Master-Response |
|
0x4000f800 |
DDoS: Stacheldraht Master-Spoofworks |
|
0x4000f900 |
DDoS: TFN Client Command |
|
0x4000fc00 |
DDoS: Trin00 Daemon-to-Master (PONG) |
|
0x40011f00 |
DDoS: Stacheldraht Handler-check-gag |
|
0x40012000 |
DDoS: Trin00 Master-to-Agent Communication |
|
0x4000b700 |
TCP: Inbound TCP RST Volume Too High |
|
0x40017d00 |
TCP: Outbound TCP RST Volume Too High |
|
0x41300A00 |
FINGER: FingerD Backdoor |
|
0x40219e00 |
HTTP: W32/Mydoom@MM DoS |
|
0x4021b600 |
HTTP: Berbew/Webber/Padodor Trojan Keystroke Log Upload |
|
0x4021e200 |
HTTP: Microsoft Product Shell Program Execution |
|
0x4021f600 |
HTTP: Microsoft Office XP Word Long Filename Overflow |
|
0x40221f00 |
HTTP: ocPortal Arbitrary File Inclusion Vulnerability |
|
0x40222200 |
HTTP: PHP Include - Mail Manage EX PHP Include Exploit |
|
0x40222300 |
HTTP: TrackerCam PHP Argument Buffer Overflow |
|
0x40223d00 |
HTTP: Microsoft IE Clip Board Data Reading Vulnerability |
|
0x40225d00 |
HTTP: Windows WMF File Parsing DOS |
|
0x4022a200 |
HTTP: Hidden or Invisible HTML IFrame Detected |
|
0x4022a900 |
HTTP: Microsoft Excel Malformed Record Vulnerability |
|
0x4022aa00 |
HTTP: Microsoft Excel Malformed Name Record Vulnerability |
|
0x4022ab00 |
HTTP: Microsoft Office Malformed Data Vulnerability |
|
0x4022b000 |
HTTP: Microsoft Excel Selection Record Memory Access Error |
|
0x4022c100 |
HTTP: Microsoft Office Malformed String Parsing Vulnerability |
|
0x4022c500 |
HTTP: Malformed Microsoft Excel Exploit |
|
0x4022c600 |
HTTP: MS Office Malformed Image Parsing Vulnerability |
|
0x4022d800 |
HTTP: Microsoft Publisher Stack Overflow |
|
0x4022e500 |
HTTP: McAfee Subscription Manager Stack Buffer Overflow Vulnerability |
|
0x4022e700 |
HTTP: Microsoft PowerPoint Exploit.d Vulnerability |
|
0x40231f00 |
HTTP: Squid FTP URI DoS |
|
0x40233200 |
HTTP: Trellix ePO remote code execution |
|
0x40235e00 |
HTTP: Malformed Microsoft Excel Exploit II |
|
0x40235f00 |
HTTP: Word RTF Parsing Vulnerability |
|
0x40236000 |
HTTP: Microsoft Word Array Overflow |
|
0x40236100 |
HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability |
|
0x40236300 |
HTTP: Microsoft Internet Explorer Arbitrary File Rewrite Vulnerability |
|
0x40238000 |
HTTP: Microsoft Visio Memory Corruption Vulnerability |
|
0x40238600 |
HTTP: Microsoft Win32 API Vulnerability |
|
0x40238900 |
HTTP: Uncompressed Visio File Found |
|
0x40238a00 |
HTTP: Microsoft Outlook Express Information Disclosure Vulnerability |
|
0x40238b00 |
HTTP: Microsoft CSS Tag Memory Corruption Vulnerability |
|
0x40238c00 |
HTTP: Microsoft IE Uninitialized Memory Corruption Vulnerability |
|
0x40238d00 |
HTTP: Microsoft Speech Control Memory Corruption Vulnerability |
|
0x40238e00 |
HTTP: Microsoft COM Object Instantiation Memory Corruption Vulnerability |
|
0x40239300 |
HTTP: HP ActiveX Object Remote Code Execution Vulnerability |
|
0x40239b00 |
HTTP: Generic Double Unescape Evasion Attempt Detected |
|
0x4023a800 |
HTTP: Trellix ePolicy Orchestrator Agent Stack Overflow |
|
0x4023aa00 |
HTTP: Microsoft Excel Calculation Error Vulnerability |
|
0x4023ab00 |
HTTP: Microsoft Workspace Memory Corruption |
|
0x4023ac00 |
HTTP: Microsoft Excel Malformed File Denial of Service |
|
0x4023ad00 |
HTTP: Microsoft IIS Memory Request Vulnerability |
|
0x4023ae00 |
HTTP: Microsoft Publisher 2007 Remote Code Execution |
|
0x4023af00 |
HTTP: Microsoft .NET PE Loader Vulnerability |
|
0x4023b000 |
HTTP: Trellix ePolicy Orchestrator Agent Heap Overflow |
|
0x4023b100 |
HTTP: Trellix ePolicy Orchestrator Agent DoS |
|
0x4023bf00 |
HTTP: Microsoft Windows Media Player Code Execution Vulnerability Parsing Skins |
|
0x4023c000 |
HTTP: Microsoft Excel Workspace Memory Corruption Vulnerability |
|
0x4023c100 |
HTTP: Microsoft Agent Remote Code Execution Vulnerability |
|
0x4023c300 |
HTTP: Microsoft XML Core Services Vulnerability |
|
0x4023c400 |
HTTP: Microsoft OLE Automation Memory Corruption Vulnerability |
|
0x4023c500 |
HTTP: Microsoft Internet Explorer ActiveX Object Vulnerability |
|
0x4023c600 |
HTTP: Microsoft Internet Explorer ActiveX Object Memory Corruption Vulnerability |
|
0x4023c700 |
HTTP: Microsoft Internet Explorer CSS Memory Corruption Vulnerability |
|
0x4023c800 |
HTTP: Microsoft Vista Feed Headlines Gadget Remote Code Execution Vulnerability |
|
0x4023ca00 |
HTTP: Microsoft VML Buffer Overrun Vulnerability |
|
0x4023cb00 |
HTTP: Microsoft Windows Media Player Code Execution Vulnerability Decompressing Skins |
|
0x4023fc00 |
HTTP: Microsoft Office Web Components ActiveX vulnerability |
|
0x40246500 |
HTTP: Microsoft Malware Protection Engine Integer Underflow |
|
0x40246e00 |
HTTP: Danmec Trojan Downloading Detected |
|
0x40247100 |
BOT: SQL Injection - Danmec Bot SQL Injection Attack Detected |
|
0x4024d500 |
HTTP: Trellix Virus Scan LHA Archive Buffer Overflow |
|
0x4024e300 |
HTTP: Trellix VirusScan 8.0 Enterprise File Name Vulnerability |
|
0x4024e400 |
HTTP: Trellix Virus Scan ZIP Archive Scanning Bypass Vulnerability |
|
0x40250400 |
HTTP: Microsoft Uninitialized Memory Corruption Vulnerability (MS08-045) |
|
0x40250800 |
HTTP: Trellix ePolicy Orchestrator Invalid Content-Length Vulnerability |
|
0x40254400 |
HTTP: Trellix ePO buffer overflow vulnerability |
|
0x4026d000 |
HTTP: BackDoor-ASP.Net Detected |
|
0x40272100 |
HTTP: BackDoor JSP I |
|
0x40272200 |
HTTP: BackDoor PHP I |
|
0x40272700 |
HTTP: BackDoor-ASP |
|
0x40276100 |
HTTP: Aurora Malware Download Detected |
|
0x40285f00 |
HTTP: BackDoor-PHP III |
|
0x40287000 |
HTTP: BackDoor PHP II |
|
0x40290900 |
HTTP: Stuxnet Phone-Home Communication Detected |
|
0x40293300 |
BOT: Danmec Bot SQL Injection Attack Detected II |
|
0x40298b00 |
HTTP: Tiny Web Backdoor |
|
0x4029bb00 |
HTTP: BackDoor JSP II |
|
0x4029f000 |
HTTP: DST ASP BackDoor Detected |
|
0x4029f900 |
HTTP: BackDoor xshell |
|
0x402bca00 |
HTTP: McAfee Virtual Technician ActiveX Control Remote Code Execution |
|
0x402bdb00 |
HTTP: W32/SkyWiper Activity Detected |
|
0x402bf100 |
HTTP: Microsoft Col Element Remote Code Execution Vulnerability |
|
0x402bf200 |
HTTP: Microsoft Title Element Change Remote Code Execution Vulnerability |
|
0x402bf300 |
HTTP: Microsoft OnBeforeDeactivate Event Remote Code Execution Vulnerability |
|
0x402d0700 |
HTTP: Trellix Firewall Reporter isValidClient Remote Code ExecutionVulnerability |
|
0x402da600 |
HTTP: Microsoft MSXML XSLT Vulnerability |
|
0x402e3900 |
HTTP: PE overlapping header Vulnerability |
|
0x402e8600 |
HTTP: Trellix ePolicy Orchestrator and ProtectionPilot HTTP Server Remote Buffer Overflow |
|
0x45108800 |
HTTP: Microsoft Internet Explorer Memory Corruption VII Remote Code Execution |
|
0x45108900 |
HTTP: Microsoft Internet Explorer Memory Corruption XII Remote Code Execution |
|
0x45108a00 |
HTTP: Microsoft Internet Explorer Memory Corruption XI Remote Code Execution |
|
0x45109400 |
HTTP: Microsoft Internet Explorer Memory Corruption IX Remote Code Execution |
|
0x45109b00 |
HTTP: Microsoft Internet Explorer Memory Corruption X Remote Code Execution |
|
0x45109c00 |
HTTP: Microsoft Internet Explorer Memory Corruption XVI Remote Code Execution |
|
0x45109d00 |
HTTP: Microsoft Internet Explorer CBlockElement bdo element tag Use After Free Vulnerability |
|
0x4510b300 |
HTTP: Microsoft Internet Explorer MoveToMarkupPointer Use After Free Vulnerability |
|
0x4510b400 |
HTTP: Microsoft Internet Explorer Content Generation Code Use After Free Vulnerability |
|
0x4510b500 |
HTTP: Microsoft Internet Explorer TreeNode Object Use After Free Vulnerability |
|
0x4510b600 |
HTTP: Microsoft Internet Explorer CTreeNode Handling Type Confusion Vulnerability |
|
0x4510b700 |
HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability IX |
|
0x4510b800 |
HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability X |
|
0x4510b900 |
HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability XII |
|
0x4510ba00 |
HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability XIII |
|
0x4510bc00 |
HTTP: Microsoft Windows Uniscribe Font Parsing Engine Stack Overflow Vulnerability |
|
0x4510d800 |
HTTP: Microsoft Internet Explorer CDocumentType Data Object Use After Free Vulnerability |
|
0x4510d900 |
HTTP: Microsoft Internet Explorer Data Object Use After Free Vulnerability |
|
0x4510db00 |
HTTP: Microsoft Internet Explorer CTreePos Data Object Use After Free Vulnerability II |
|
0x4510dd00 |
HTTP: FrontPage Vulnerability Could Allow Information Disclosure |
|
0x4510de00 |
HTTP: POST XSS Vulnerability |
|
0x4510df00 |
HTTP: Microsoft Office Memory Corruption Vulnerability II |
|
0x4510e000 |
HTTP: Microsoft Office Memory Corruption Vulnerability III |
|
0x4510e200 |
HTTP: Microsoft Internet Explorer Iframe Data Object Use After Free Vulnerability |
|
0x4510e300 |
HTTP: Microsoft Internet Explorer CDisplayPointer Use After Free Vulnerability |
|
0x4510e500 |
HTTP: Microsoft SharePoint Disabling MAC Viewstate Malicious Object Deserializing Vulnerability |
|
0x4510e600 |
HTTP: Microsoft Internet Explorer HGROUP Use After Free Vulnerability |
|
0x4510e700 |
HTTP: Microsoft Internet Explorer window onfocus JavaScript Type Confusion Vulnerability |
|
0x4510e800 |
HTTP: Microsoft SharePoint ws asmx Denial of Service Vulnerability |
|
0x4510e900 |
HTTP: Microsoft Office Unspecified Memory Corruption Vulnerability |
|
0x4510ea00 |
HTTP: Microsoft Office Unspecified Memory Corruption Vulnerability II |
|
0x4510eb00 |
HTTP: Microsoft Office Unspecified Memory Corruption Vulnerability III |
|
0x4510ec00 |
HTTP: Windows Theme File Remote Code Execution Vulnerability |
|
0x4510ed00 |
HTTP: Microsoft Word OCXINFO Remote Code Execution Vulnerability |
|
0x4510ee00 |
HTTP: Microsoft Word SDTI record Remote Code Execution Vulnerability |
|
0x4510ef00 |
HTTP: Microsoft Internet Explorer onlosecapture Use After Free Vulnerability |
|
0x4510f400 |
HTTP: Microsoft Internet Explorer CAnchorElement Data Object Use After Free Vulnerability |
|
0x4510f500 |
HTTP: Microsoft Internet Explorer HtmlLayout Use After Free Vulnerability |
|
0x4510f600 |
HTTP: Microsoft Internet Explorer CElement Use After Free Vulnerability |
|
0x4510f700 |
HTTP: Microsoft Internet Explorer CLayoutBlock Use After Free Vulnerability |
|
0x4510f800 |
HTTP: Microsoft Internet Explorer MSHTML Tree::STextBlockPosition Use After Free Vulnerability |
|
0x4510f900 |
HTTP: Entity Expansion Vulnerability |
|
0x4510fa00 |
HTTP: JSON Parsing Vulnerability |
|
0x4510fb00 |
HTTP: Microsoft Internet Explorer CHtmRootParseCtx User-After-Free Vulnerability |
|
0x4510fc00 |
HTTP: Microsoft SharePoint Server Could Allow Remote Code Execution |
|
0x4510ff00 |
HTTP: OpenType Font Parsing Vulnerability |
|
0x45110000 |
HTTP: Microsoft Word Memory Corruption Vulnerability (CVE-2013-3891) |
|
0x45110100 |
HTTP: Internet Explorer Memory Corruption Vulnerability XIV |
|
0x45111100 |
HTTP: Corel PDF Fusion XPS Stack Buffer Overflow Vulnerability |
|
0x45111500 |
HTTP: Oracle Java sun.tracing.ProviderSkeleton Sandbox Bypass Vulnerability |
|
0x45111600 |
HTTP: Apple QuickTime alis Volume Name Parsing Stack Buffer Overflow Vulnerability |
|
0x45111700 |
HTTP: SAP NetWeaver SOAP Request SXPG_CALL_SYSTEM Command Execution Vulnerability |
|
0x45112900 |
HTTP: Word Stack Buffer Overwrite Vulnerability |
|
0x45112a00 |
HTTP: Word Stack Buffer Overwrite Vulnerability II |
|
0x45112b00 |
HTTP: Microsoft Internet Explorer CSelectTracker Data Object Use After Free Vulnerability |
|
0x45112c00 |
HTTP: Microsoft Internet Explorer CEditAdorner Data Object Use After Free Vulnerability |
|
0x45112d00 |
HTTP: Internet Explorer Memory Corruption Vulnerability XV |
|
0x45112e00 |
HTTP: Internet Explorer Memory Corruption Vulnerability XVI |
|
0x45112f00 |
HTTP: InformationCardSigninHelper ActiveX Control Memory Corrupt Vulnerability |
|
0x45113000 |
HTTP: Microsoft Graphics Component Could Allow Remote Code Execution |
|
0x45113500 |
HTTP: Internet Explorer Information Disclosure Vulnerability II |
|
0x45114700 |
HTTP: Adobe Reader CoolType Font Handing Memory Disclosure Vulnerability |
|
0x45114800 |
HTTP: Adobe Reader T0 Font Handing Memory Corruption Vulnerability |
|
0x45114900 |
HTTP: Adobe Reader U3D Stream PCX Header Handling Heap Overflow Vulnerability |
|
0x45114a00 |
HTTP: Adobe Reader FDF After Before XSS Vulnerability |
|
0x45118000 |
HTTP: TRENDnet SecurView Internet Camera UltraMJCam OpenFileDlg Buffer Overflow |
|
0x45118700 |
HTTP: v0pCr3w Web Shell Remote Code Execution |
|
0x45128200 |
HTTP: McAfee Consumer Applications Code Execution Vulnerability |
|
0x4513c800 |
HTTP: Microsoft OLE Cloud Allow Remote Code Execution (CVE-2014-6352) |
|
0x45140400 |
HTTP: Trellix ePO Multiple .do Reflected XSS |
|
0x45143800 |
HTTP: Trellix Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution Vulnerability |
|
0x45148b00 |
HTTP: Trellix ePolicy Orchestrator UID Multiple SQL Injection Vulnerabilities |
|
0x4514d700 |
HTTP: Trellix SIEM ReportsAudit jsp Input Validation Error |
|
0x45150f00 |
HTTP: Trellix ePolicy Orchestrator XML External Entity |
|
0x45153300 |
HTTP: Trellix SIEM DownloadReport Information Disclosure |
|
0x45159300 |
HTTP: Microsoft Internet Explorer Mutation Events Handling Use After Free |
|
0x45161200 |
HTTP: Microsoft Windows Management Console File Format Stack Buffer Overflow(CVE-2015-1681) |
|
0x45161400 |
HTTP: Internet Explorer Protected Mode Bypass Vulnerability (CVE-2015-1713) |
|
0x45161500 |
HTTP: Internet Explorer CTitleElement object Use after Free Vulnerability (CVE-2015-1714) |
|
0x45161700 |
HTTP: Internet Explorer TableGridBlock object Use after Free Vulnerability (CVE-2015-1709) |
|
0x45175a00 |
HTTP: Trellix ePolicy Orchestrator XML Entity Injection |
|
0x4517f400 |
HTTP: Trellix ePolicy Orchestrator Authenticated XXE Credentials Exposure |
|
0x451f3000 |
HTTP: Trellix ePolicy Orchestrator DataChannel GUID SQL Injection |
|
0x451f7000 |
HTTP: Microsoft Col Element Remote Code Execution Vulnerability II |
|
0x451f8800 |
HTTP: Trellix ePO Multiple .do Reflected XSS II |
|
0x45230700 |
HTTP: Goodor Backdoor C2 Activity Detected |
|
0x45251300 |
HTTP: Trellix ePolicy Orchestrator Cross Site Scripting Vulnerability (CVE-2018-6659) |
|
0x45285000 |
HTTP: Yaws Web Server Command Injection vulnerability (CVE-2020-24916) |
|
0x45286500 |
HTTP: Belkin Wemo Insight Smart Plug Stack Buffer Overflow |
|
0x45287a00 |
HTTP: Possible Cobalt Strike Beacon Detected |
|
0x45d34800 |
HTTP: SAP NetWeaver HostControl Command Injection |
|
0x40015500 |
ICMP: Nachi-like Ping |
|
0x48a00700 |
ICMPv6: Nachi Ping |
|
0x41606b00 |
IMAP: Ipswitch IMail Server Imailsec.dll Heap Buffer Overflow |
|
0x41704900 |
LDAP: Microsoft Windows Active Directory Information Disclosure Vulnerability (CVE-2020-0664) |
|
0x41704a00 |
LDAP: Microsoft Windows Active Directory Information Disclosure Vulnerability (CVE-2020-0856) |
|
0x402c3500 |
HTTP: Morcut Malware Traffic Detected |
|
0x45239300 |
Malware: Lazarus Haobao Bitcoin Stealing Malware Traffic Detected |
|
0x4840b300 |
HTTP: Carberp Trojan Traffic Detected |
|
0x4840b500 |
BOT: HongTouTou-ADRD Bot Detected |
|
0x4840b800 |
HTTP: Zeus/Floki Botnet Communication Detected |
|
0x4840b900 |
HTTP: Trojan Ad Clicker Activity Detected |
|
0x4840ba00 |
HTTP: Downloader Abw3 Activity Detected |
|
0x4840c100 |
MALWARE: Malicious File Detected by GAM |
|
0x4840c400 |
MALWARE: File Submitted to Trellix Cloud (CTD) for Analysis |
|
0x4840c600 |
MALWARE: Malicious PDF file transfer detected |
|
0x4840c800 |
HTTP: Expiro Malware Traffic Detected |
|
0x4840c900 |
MALWARE: Malicious File Detected by GTI |
|
0x4841e900 |
MALWARE: Malicious PDF file transfer detected VIII |
|
0x48420b00 |
MALWARE: Malicious PDF file transfer detected VII |
|
0x48433800 |
MALWARE: Malicious PDF File Transfer Detected I |
|
0x48433900 |
MALWARE: Malicious PDF file transfer detected II |
|
0x48433a00 |
MALWARE: Malicious PDF file transfer detected III |
|
0x48433b00 |
MALWARE: Malicious PDF file transfer detected IV |
|
0x48433c00 |
MALWARE: Malicious PDF file transfer detected V |
|
0x48433d00 |
MALWARE: Malicious PDF file transfer detected VI |
|
0x48433f00 |
MALWARE: Malicious PDF file transfer detected ANNOT FUNC VIII |
|
0x48434000 |
MALWARE: Malicious PDF file transfer detected UUID IX |
|
0x48434100 |
MALWARE: Malicious PDF file transfer detected hexname X |
|
0x48434200 |
MALWARE: Malicious PDF file transfer detected suspicious call XI |
|
0x48434300 |
MALWARE: Malicious PDF file transfer detected suspicious call XII |
|
0x48434400 |
MALWARE: Malicious PDF file transfer obfuscated call XIII |
|
0x48434500 |
MALWARE: Malicious PDF file transfer detected ANNOT FUNC VII |
|
0x48434600 |
MALWARE: Malicious File Detected by Intelligent Sandbox |
|
0x48434700 |
MALWARE: File Submitted to ATD for Analysis |
|
0x48434900 |
MALWARE: Malicious File Detected by Trellix Cloud (CTD) |
|
0x48434c00 |
HTTP: Uroburos Traffic Detected |
|
0x48434d00 |
HTTP: Win32/Glupteba.M Traffic Detected |
|
0x48434f00 |
MALWARE: File Submitted to Trellix Cloud (Mobile) for Analysis |
|
0x48435000 |
MALWARE: Malicious File Detected by Trellix Cloud (Mobile) |
|
0x48436800 |
BOT: Neutrino Bot Traffic Detected |
|
0x48436b00 |
MALWARE: Malicious File Detected by TIE |
|
0x48436d00 |
MALWARE: Trojan Wiper Traffic Detected |
|
0x48436e00 |
MALWARE: Superfish Activity Detected |
|
0x48436f00 |
MALWARE: LogPOS Traffic Detected |
|
0x48437200 |
MALWARE: URSNIF Traffic Detected |
|
0x48437300 |
MALWARE: Trojan NetWire Traffic Detected |
|
0x48437400 |
MALWARE: FighterPOS Traffic Detected |
|
0x48437500 |
MALWARE: KRIPTOVOR Traffic Detected |
|
0x48437900 |
MALWARE: Rombertik Traffic Detected |
|
0x48437a00 |
MALWARE: Laziok Traffic Detected |
|
0x48438200 |
MALWARE: Keybase Keylogger Traffic Detected |
|
0x48438400 |
MALWARE: Backdoor Emdivi Traffic Detected |
|
0x48438500 |
MALWARE: Sakula RAT Traffic Detected |
|
0x48438e00 |
MALWARE: FF RAT Traffic Detected |
|
0x48439100 |
MALWARE: Potato Traffic Detected |
|
0x48439200 |
MALWARE: TokenControl Traffic Detected |
|
0x4843a400 |
MALWARE: PUP Downloader Traffic Detected |
|
0x4843a900 |
MALWARE: Upatre Trojan Downloader Traffic Detected |
|
0x4843ba00 |
MALWARE: Fireball Traffic Detected |
|
0x4843cf00 |
MALWARE: Operation Sharpshooter Activity Detected |
|
0x4843e300 |
MALWARE: AgentTesla Activity Detected |
|
0x40708400 |
NETBIOS: W32/MyWife.d@MM!M24 |
|
0x45d04b00 |
PKTSEARCH: E-Business Admin Server Invalid Data Length DoS |
|
0x45d04e00 |
PKTSEARCH: ePolicy Orchestrator Agent Stack Overflow |
|
0x45d05000 |
PKTSEARCH: ePolicy Orchestrator Agent Heap Overflow |
|
0x45d05100 |
PKTSEARCH: ePolicy Orchestrator Agent DoS |
|
0x45d05600 |
PKTSEARCH: E-Business Server Remote Code Execution |
|
0x45d05f00 |
PKTSEARCH: Trellix ePolicy Orchestrator Framework Services Log Handling Format String Vulnerability |
|
0x45d06200 |
PKTSEARCH: Trellix ePO HTTP Request Vulnerability |
|
0x45d09000 |
WORM: W32/Conficker.C Response Detected |
|
0x45d12100 |
PKTSEARCH: ePolicy Orchestrator Framework Services Buffer Overflow |
|
0x45d1a500 |
TROJAN: Poison Ivy traffic detected |
|
0x45d32400 |
PKTSEARCH: Trellix Cloud Single Sign On ExtensionAccessServlet Directory Traversal |
|
0x45d3c700 |
PKTSEARCH: RedLeaves Magic Packet Detected I (APT10 implant_NIDS979) |
|
0x45d3c800 |
PKTSEARCH: RedLeaves Magic Packet Detected II (APT10 implant_NIDS979) |
|
0x45d3c900 |
PKTSEARCH: Red Leaves traffic detected (APT10 implant_NIDS979) |
|
0x40802e00 |
RPC: AUTOFS Remote Command Execution |
|
0x40405f00 |
SMTP: Sendmail Address Buffer Overflow Vulnerability |
|
0x40407200 |
SMTP: W32 Mimail.c Worm |
|
0x4040ad00 |
SMTP: Microsoft Office Malformed Data Vulnerability |
|
0x4040ae00 |
SMTP: Microsoft Word Exploit-VBE |
|
0x4040af00 |
SMTP: PowerPoint Malformed Record Vulnerability |
|
0x4040b000 |
SMTP: Windows Media Player PNG Parsing Vulnerability |
|
0x4040b200 |
SMTP: Malformed Microsoft Excel Exploit |
|
0x4040b300 |
SMTP: Microsoft Office Malformed Data Exploit |
|
0x4040b400 |
SMTP: Microsoft Office Image Parsing Vulnerability |
|
0x4040b500 |
SMTP: MS Office String Parsing Vulnerability |
|
0x4040c000 |
SMTP: Trellix WebShield Bounce Message Format String Vulnerability |
|
0x4040ca00 |
SMTP: Microsoft Malware Protection Engine Integer Underflow |
|
0x40415200 |
SMTP: Possible Malicious Executable Content in Attachment |
|
0x45c00100 |
SSL: Apache SSL Slapper Worm |
|
0x00000400 |
TCP: TCP Header Abnormally Small |
|
0x00008c00 |
MPE Response Sysevent |
|
0x00009200 |
BACKDOOR: Win32.AckCmd Trojan |
|
0x41500300 |
TFTP: Directory Traversal Exploit |
|
0x41500e00 |
TFTP: Microsoft Write File Attempt |
|
0x48301700 |
WORM: W32/Dabber Worm |
|
0x48301900 |
WORM: W32/Stdbot.B Worm |
|
0x48303900 |
WORM: W32/Mytob.gen@MM |
|
0x48304400 |
WORM: W32/Klez.h@MM |
|
0x48304500 |
WORM: W32/MyWife.d@MM |
|
0x48304900 |
WORM: W32/Zafi@MM Worm |
|
0x48304a00 |
WORM: W32/Polybot |
|
0x48304b00 |
WORM: W32/Bagle@MM Worm Variants I |
|
0x48304c00 |
WORM: W32/Bagle@MM Worm Variants II |
|
0x48304d00 |
WORM: W32/Netsky@MM Worm |
|
0x48304e00 |
WORM: W32/Lovgate@MM Worm |
|
0x48304f00 |
WORM: W32/Mydoom@MM Worm Variants IV |
|
0x48305000 |
WORM: W32/Sober@MM |
|
0x48305100 |
WORM: W32/Mydoom@MM Worm Variants I |
|
0x48305200 |
WORM: W32/Mydoom@MM Worm Variants II |
|
0x48305300 |
WORM: W32/Mydoom@MM Worm Variants III |
|
0x48305400 |
WORM: W32/Netsky@MM Worm Variants II |
|
0x48305500 |
WORM: W32/Bagle@MM Worm Variants III |
|
0x47200000 |
XFS: fs.auto Remote Buffer Overflow Vulnerability |