Web Detections

Name	Data Source	Technique	Type	Analytic Story	Date
Access to Vulnerable Ivanti Connect Secure Bookmark Endpoint	Suricata	Exploit Public-Facing Application	TTP	CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities	2024-05-14
Adobe ColdFusion Access Control Bypass	Suricata	Exploit Public-Facing Application	TTP	Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360	2024-05-29
Adobe ColdFusion Unauthenticated Arbitrary File Read	Suricata	Exploit Public-Facing Application	TTP	Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360	2024-05-17
Cisco IOS XE Implant Access	Suricata	Exploit Public-Facing Application	TTP	Cisco IOS XE Software Web Management User Interface vulnerability	2024-05-16
Citrix ADC and Gateway Unauthorized Data Disclosure	Suricata	Exploit Public-Facing Application	TTP	Citrix NetScaler ADC and NetScaler Gateway CVE-2023-4966	2024-05-11
Citrix ADC Exploitation CVE-2023-3519	Palo Alto Network Threat	Exploit Public-Facing Application	Hunting	CISA AA24-241A, Citrix Netscaler ADC CVE-2023-3519	2024-05-25
Citrix ShareFile Exploitation CVE-2023-24489	Suricata	Exploit Public-Facing Application	Hunting	Citrix ShareFile RCE CVE-2023-24489	2024-05-29
Confluence CVE-2023-22515 Trigger Vulnerability	Suricata	Exploit Public-Facing Application	TTP	CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server	2024-05-22
Confluence Data Center and Server Privilege Escalation	Nginx Access	Exploit Public-Facing Application	TTP	CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server, Confluence Data Center and Confluence Server Vulnerabilities	2024-05-28
Confluence Pre-Auth RCE via OGNL Injection CVE-2023-22527	Suricata	Exploit Public-Facing Application	TTP	Confluence Data Center and Confluence Server Vulnerabilities	2024-05-28
Confluence Unauthenticated Remote Code Execution CVE-2022-26134	Palo Alto Network Threat	Server Software Component Exploit Public-Facing Application External Remote Services	TTP	Atlassian Confluence Server and Data Center CVE-2022-26134, Confluence Data Center and Confluence Server Vulnerabilities	2024-05-30
ConnectWise ScreenConnect Authentication Bypass	Suricata	Exploit Public-Facing Application	TTP	ConnectWise ScreenConnect Vulnerabilities	2024-05-24
Detect attackers scanning for vulnerable JBoss servers		System Information Discovery External Remote Services	TTP	JBoss Vulnerability, SamSam Ransomware	2024-05-19
Detect F5 TMUI RCE CVE-2020-5902		Exploit Public-Facing Application	TTP	F5 TMUI RCE CVE-2020-5902	2024-08-16
Detect malicious requests to exploit JBoss servers		N/A	TTP	JBoss Vulnerability, SamSam Ransomware	2024-05-19
Detect Remote Access Software Usage URL	Palo Alto Network Threat	Remote Access Software	Anomaly	CISA AA24-241A, Command And Control, Insider Threat, Ransomware	2024-07-09
Exploit Public Facing Application via Apache Commons Text	Nginx Access	Web Shell Server Software Component Exploit Public-Facing Application External Remote Services	Anomaly	Text4Shell CVE-2022-42889	2024-05-21
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	TTP	Fortinet FortiNAC CVE-2022-39952	2024-05-09
F5 TMUI Authentication Bypass	Suricata	N/A	TTP	F5 Authentication Bypass with TMUI	2024-05-24
Fortinet Appliance Auth bypass	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	TTP	CVE-2022-40684 Fortinet Appliance Auth bypass	2024-05-12
Hunting for Log4Shell	Nginx Access	Exploit Public-Facing Application External Remote Services	Hunting	CISA AA22-320A, Log4Shell CVE-2021-44228	2024-08-14
Ivanti Connect Secure Command Injection Attempts	Suricata	Exploit Public-Facing Application	TTP	CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities	2024-05-20
Ivanti Connect Secure SSRF in SAML Component	Suricata	Exploit Public-Facing Application	TTP	Ivanti Connect Secure VPN Vulnerabilities	2024-05-29
Ivanti Connect Secure System Information Access via Auth Bypass	Suricata	Exploit Public-Facing Application	Anomaly	CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities	2024-05-18
Ivanti EPM SQL Injection Remote Code Execution	Suricata	Exploit Public-Facing Application	TTP	Ivanti EPM Vulnerabilities	2024-06-18
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35078	Suricata	Exploit Public-Facing Application External Remote Services	TTP	Ivanti EPMM Remote Unauthenticated Access	2024-05-18
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35082	Suricata	Exploit Public-Facing Application External Remote Services	TTP	Ivanti EPMM Remote Unauthenticated Access	2024-05-28
Ivanti Sentry Authentication Bypass	Suricata	Exploit Public-Facing Application	TTP	Ivanti Sentry Authentication Bypass CVE-2023-38035	2024-05-17
Jenkins Arbitrary File Read CVE-2024-23897	Nginx Access	Exploit Public-Facing Application	TTP	Jenkins Server Vulnerabilities	2024-05-24
JetBrains TeamCity Authentication Bypass CVE-2024-27198	Suricata	Exploit Public-Facing Application	TTP	JetBrains TeamCity Vulnerabilities	2024-05-20
JetBrains TeamCity Authentication Bypass Suricata CVE-2024-27198	Suricata	Exploit Public-Facing Application	TTP	JetBrains TeamCity Vulnerabilities	2024-05-16
JetBrains TeamCity Limited Auth Bypass Suricata CVE-2024-27199	Suricata	Exploit Public-Facing Application	TTP	JetBrains TeamCity Vulnerabilities	2024-05-26
JetBrains TeamCity RCE Attempt	Suricata	Exploit Public-Facing Application	TTP	CISA AA23-347A, JetBrains TeamCity Unauthenticated RCE, JetBrains TeamCity Vulnerabilities	2024-08-16
Juniper Networks Remote Code Execution Exploit Detection	Suricata	Exploit Public-Facing Application Ingress Tool Transfer Command and Scripting Interpreter	TTP	Juniper JunOS Remote Code Execution	2024-05-14
Log4Shell JNDI Payload Injection Attempt	Nginx Access	Exploit Public-Facing Application External Remote Services	Anomaly	CISA AA22-257A, CISA AA22-320A, Log4Shell CVE-2021-44228	2024-05-25
Log4Shell JNDI Payload Injection with Outbound Connection		Exploit Public-Facing Application External Remote Services	Anomaly	CISA AA22-320A, Log4Shell CVE-2021-44228	2024-05-16
Microsoft SharePoint Server Elevation of Privilege	Suricata	Exploitation for Privilege Escalation	TTP	Microsoft SharePoint Server Elevation of Privilege CVE-2023-29357	2024-05-19
Monitor Web Traffic For Brand Abuse		N/A	TTP	Brand Monitoring	2024-05-20
Nginx ConnectWise ScreenConnect Authentication Bypass	Nginx Access	Exploit Public-Facing Application	TTP	ConnectWise ScreenConnect Vulnerabilities	2024-05-16
PaperCut NG Remote Web Access Attempt	Suricata	Exploit Public-Facing Application External Remote Services	TTP	PaperCut MF NG Vulnerability	2024-05-23
ProxyShell ProxyNotShell Behavior Detected		Exploit Public-Facing Application External Remote Services	Correlation	BlackByte Ransomware, ProxyNotShell, ProxyShell	2024-05-21
Spring4Shell Payload URL Request	Nginx Access	Web Shell Server Software Component Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2024-05-26
SQL Injection with Long URLs		Exploit Public-Facing Application	TTP	SQL Injection	2024-05-12
Supernova Webshell		Web Shell External Remote Services	TTP	NOBELIUM Group	2024-05-26
VMWare Aria Operations Exploit Attempt	Palo Alto Network Threat	External Remote Services Exploit Public-Facing Application Exploitation of Remote Services Exploitation for Privilege Escalation	TTP	VMware Aria Operations vRealize CVE-2023-20887	2024-05-19
VMware Server Side Template Injection Hunt	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	Hunting	VMware Server Side Injection and Privilege Escalation	2024-05-12
VMware Workspace ONE Freemarker Server-side Template Injection	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	Anomaly	VMware Server Side Injection and Privilege Escalation	2024-05-19
Web JSP Request via URL	Nginx Access	Web Shell Server Software Component Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2024-05-15
Web Remote ShellServlet Access	Nginx Access	Exploit Public-Facing Application	TTP	CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server	2024-05-19
Web Spring4Shell HTTP Request Class Module	Splunk Stream HTTP	Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2024-05-28
Web Spring Cloud Function FunctionRouter	Splunk Stream HTTP	Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2024-05-22
Windows Exchange Autodiscover SSRF Abuse	Windows IIS	Exploit Public-Facing Application External Remote Services	TTP	BlackByte Ransomware, ProxyNotShell, ProxyShell	2024-05-16
WordPress Bricks Builder plugin RCE	Nginx Access	Exploit Public-Facing Application	TTP	WordPress Vulnerabilities	2024-05-17
WS FTP Remote Code Execution	Suricata	Exploit Public-Facing Application	TTP	WS FTP Server Critical Vulnerabilities	2024-08-16
Zscaler Adware Activities Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-05-15
Zscaler Behavior Analysis Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-05-17
Zscaler CryptoMiner Downloaded Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-05-22
Zscaler Employment Search Web Activity		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-05-11
Zscaler Exploit Threat Blocked		Phishing	TTP	Zscaler Browser Proxy Threats	2024-05-13
Zscaler Legal Liability Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-05-23
Zscaler Malware Activity Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-05-12
Zscaler Phishing Activity Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-05-12
Zscaler Potentially Abused File Download		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-05-22
Zscaler Privacy Risk Destinations Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-05-24
Zscaler Scam Destinations Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-05-27
Zscaler Virus Download threat blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-05-17