Access to Vulnerable Ivanti Connect Secure Bookmark Endpoint
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities
|
2024-09-30
|
Adobe ColdFusion Access Control Bypass
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360
|
2024-09-30
|
Adobe ColdFusion Unauthenticated Arbitrary File Read
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360
|
2024-09-30
|
Cisco IOS XE Implant Access
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
Cisco IOS XE Software Web Management User Interface vulnerability
|
2024-09-30
|
Citrix ADC and Gateway Unauthorized Data Disclosure
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
Citrix NetScaler ADC and NetScaler Gateway CVE-2023-4966
|
2024-09-30
|
Citrix ADC Exploitation CVE-2023-3519
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
|
Hunting
|
CISA AA24-241A, Citrix Netscaler ADC CVE-2023-3519
|
2024-10-17
|
Citrix ShareFile Exploitation CVE-2023-24489
|
Suricata
|
Exploit Public-Facing Application
|
Hunting
|
Citrix ShareFile RCE CVE-2023-24489
|
2024-10-17
|
Confluence CVE-2023-22515 Trigger Vulnerability
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server
|
2024-09-30
|
Confluence Data Center and Server Privilege Escalation
|
Nginx Access
|
Exploit Public-Facing Application
|
TTP
|
CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server, Confluence Data Center and Confluence Server Vulnerabilities
|
2024-09-30
|
Confluence Pre-Auth RCE via OGNL Injection CVE-2023-22527
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
Confluence Data Center and Confluence Server Vulnerabilities
|
2024-09-30
|
Confluence Unauthenticated Remote Code Execution CVE-2022-26134
|
Palo Alto Network Threat
|
Server Software Component
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Atlassian Confluence Server and Data Center CVE-2022-26134, Confluence Data Center and Confluence Server Vulnerabilities
|
2024-09-30
|
ConnectWise ScreenConnect Authentication Bypass
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
ConnectWise ScreenConnect Vulnerabilities
|
2024-09-30
|
Detect attackers scanning for vulnerable JBoss servers
|
|
System Information Discovery
External Remote Services
|
TTP
|
JBoss Vulnerability, SamSam Ransomware
|
2024-10-17
|
Detect F5 TMUI RCE CVE-2020-5902
|
|
Exploit Public-Facing Application
|
TTP
|
F5 TMUI RCE CVE-2020-5902
|
2024-10-17
|
Detect malicious requests to exploit JBoss servers
|
|
N/A
|
TTP
|
JBoss Vulnerability, SamSam Ransomware
|
2024-10-17
|
Detect Remote Access Software Usage URL
|
Palo Alto Network Threat
|
Remote Access Software
|
Anomaly
|
CISA AA24-241A, Command And Control, Insider Threat, Ransomware
|
2024-09-30
|
Exploit Public Facing Application via Apache Commons Text
|
Nginx Access
|
Web Shell
Server Software Component
Exploit Public-Facing Application
External Remote Services
|
Anomaly
|
Text4Shell CVE-2022-42889
|
2024-09-30
|
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Fortinet FortiNAC CVE-2022-39952
|
2024-09-30
|
F5 TMUI Authentication Bypass
|
Suricata
|
N/A
|
TTP
|
F5 Authentication Bypass with TMUI
|
2024-09-30
|
Fortinet Appliance Auth bypass
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
CVE-2022-40684 Fortinet Appliance Auth bypass
|
2024-09-30
|
High Volume of Bytes Out to Url
|
Nginx Access
|
Exfiltration Over Web Service
|
Anomaly
|
Data Exfiltration
|
2024-09-30
|
Hunting for Log4Shell
|
Nginx Access
|
Exploit Public-Facing Application
External Remote Services
|
Hunting
|
CISA AA22-320A, Log4Shell CVE-2021-44228
|
2024-10-17
|
Ivanti Connect Secure Command Injection Attempts
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities
|
2024-09-30
|
Ivanti Connect Secure SSRF in SAML Component
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
Ivanti Connect Secure VPN Vulnerabilities
|
2024-09-30
|
Ivanti Connect Secure System Information Access via Auth Bypass
|
Suricata
|
Exploit Public-Facing Application
|
Anomaly
|
CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities
|
2024-09-30
|
Ivanti EPM SQL Injection Remote Code Execution
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
Ivanti EPM Vulnerabilities
|
2024-09-30
|
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35078
|
Suricata
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Ivanti EPMM Remote Unauthenticated Access
|
2024-09-30
|
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35082
|
Suricata
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Ivanti EPMM Remote Unauthenticated Access
|
2024-09-30
|
Ivanti Sentry Authentication Bypass
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
Ivanti Sentry Authentication Bypass CVE-2023-38035
|
2024-09-30
|
Java Class File download by Java User Agent
|
Splunk Stream HTTP
|
Exploit Public-Facing Application
|
TTP
|
Log4Shell CVE-2021-44228
|
2024-10-16
|
Jenkins Arbitrary File Read CVE-2024-23897
|
Nginx Access
|
Exploit Public-Facing Application
|
TTP
|
Jenkins Server Vulnerabilities
|
2024-09-30
|
JetBrains TeamCity Authentication Bypass CVE-2024-27198
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
JetBrains TeamCity Vulnerabilities
|
2024-09-30
|
JetBrains TeamCity Authentication Bypass Suricata CVE-2024-27198
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
JetBrains TeamCity Vulnerabilities
|
2024-09-30
|
JetBrains TeamCity Limited Auth Bypass Suricata CVE-2024-27199
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
JetBrains TeamCity Vulnerabilities
|
2024-09-30
|
JetBrains TeamCity RCE Attempt
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
CISA AA23-347A, JetBrains TeamCity Unauthenticated RCE, JetBrains TeamCity Vulnerabilities
|
2024-09-30
|
Juniper Networks Remote Code Execution Exploit Detection
|
Suricata
|
Exploit Public-Facing Application
Ingress Tool Transfer
Command and Scripting Interpreter
|
TTP
|
Juniper JunOS Remote Code Execution
|
2024-09-30
|
Log4Shell JNDI Payload Injection Attempt
|
Nginx Access
|
Exploit Public-Facing Application
External Remote Services
|
Anomaly
|
CISA AA22-257A, CISA AA22-320A, Log4Shell CVE-2021-44228
|
2024-09-30
|
Log4Shell JNDI Payload Injection with Outbound Connection
|
|
Exploit Public-Facing Application
External Remote Services
|
Anomaly
|
CISA AA22-320A, Log4Shell CVE-2021-44228
|
2024-09-30
|
Microsoft SharePoint Server Elevation of Privilege
|
Suricata
|
Exploitation for Privilege Escalation
|
TTP
|
Microsoft SharePoint Server Elevation of Privilege CVE-2023-29357
|
2024-09-30
|
Monitor Web Traffic For Brand Abuse
|
|
N/A
|
TTP
|
Brand Monitoring
|
2024-10-17
|
Multiple Archive Files Http Post Traffic
|
Splunk Stream HTTP
|
Exfiltration Over Unencrypted Non-C2 Protocol
Exfiltration Over Alternative Protocol
|
TTP
|
Command And Control, Data Exfiltration
|
2024-09-30
|
Nginx ConnectWise ScreenConnect Authentication Bypass
|
Nginx Access
|
Exploit Public-Facing Application
|
TTP
|
ConnectWise ScreenConnect Vulnerabilities
|
2024-09-30
|
PaperCut NG Remote Web Access Attempt
|
Suricata
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
PaperCut MF NG Vulnerability
|
2024-09-30
|
Plain HTTP POST Exfiltrated Data
|
Splunk Stream HTTP
|
Exfiltration Over Unencrypted Non-C2 Protocol
Exfiltration Over Alternative Protocol
|
TTP
|
Command And Control, Data Exfiltration
|
2024-09-30
|
ProxyShell ProxyNotShell Behavior Detected
|
|
Exploit Public-Facing Application
External Remote Services
|
Correlation
|
BlackByte Ransomware, ProxyNotShell, ProxyShell
|
2024-09-30
|
Spring4Shell Payload URL Request
|
Nginx Access
|
Web Shell
Server Software Component
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Spring4Shell CVE-2022-22965
|
2024-09-30
|
SQL Injection with Long URLs
|
|
Exploit Public-Facing Application
|
TTP
|
SQL Injection
|
2024-10-17
|
Supernova Webshell
|
|
Web Shell
External Remote Services
|
TTP
|
NOBELIUM Group
|
2024-10-17
|
Unusually Long Content-Type Length
|
|
N/A
|
Anomaly
|
Apache Struts Vulnerability
|
2024-10-17
|
VMWare Aria Operations Exploit Attempt
|
Palo Alto Network Threat
|
External Remote Services
Exploit Public-Facing Application
Exploitation of Remote Services
Exploitation for Privilege Escalation
|
TTP
|
VMware Aria Operations vRealize CVE-2023-20887
|
2024-09-30
|
VMware Server Side Template Injection Hunt
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
Hunting
|
VMware Server Side Injection and Privilege Escalation
|
2024-10-17
|
VMware Workspace ONE Freemarker Server-side Template Injection
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
Anomaly
|
VMware Server Side Injection and Privilege Escalation
|
2024-09-30
|
Web JSP Request via URL
|
Nginx Access
|
Web Shell
Server Software Component
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Spring4Shell CVE-2022-22965
|
2024-09-30
|
Web Remote ShellServlet Access
|
Nginx Access
|
Exploit Public-Facing Application
|
TTP
|
CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server
|
2024-09-30
|
Web Spring4Shell HTTP Request Class Module
|
Splunk Stream HTTP
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Spring4Shell CVE-2022-22965
|
2024-09-30
|
Web Spring Cloud Function FunctionRouter
|
Splunk Stream HTTP
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Spring4Shell CVE-2022-22965
|
2024-09-30
|
Windows Exchange Autodiscover SSRF Abuse
|
Windows IIS
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
BlackByte Ransomware, ProxyNotShell, ProxyShell
|
2024-09-30
|
Windows IIS Server PSWA Console Access
|
Windows IIS
|
Exploit Public-Facing Application
|
Hunting
|
CISA AA24-241A
|
2024-10-17
|
WordPress Bricks Builder plugin RCE
|
Nginx Access
|
Exploit Public-Facing Application
|
TTP
|
WordPress Vulnerabilities
|
2024-09-30
|
WS FTP Remote Code Execution
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
WS FTP Server Critical Vulnerabilities
|
2024-09-30
|
Zscaler Adware Activities Threat Blocked
|
|
Phishing
|
Anomaly
|
Zscaler Browser Proxy Threats
|
2024-09-30
|
Zscaler Behavior Analysis Threat Blocked
|
|
Phishing
|
Anomaly
|
Zscaler Browser Proxy Threats
|
2024-09-30
|
Zscaler CryptoMiner Downloaded Threat Blocked
|
|
Phishing
|
Anomaly
|
Zscaler Browser Proxy Threats
|
2024-09-30
|
Zscaler Employment Search Web Activity
|
|
Phishing
|
Anomaly
|
Zscaler Browser Proxy Threats
|
2024-09-30
|
Zscaler Exploit Threat Blocked
|
|
Phishing
|
TTP
|
Zscaler Browser Proxy Threats
|
2024-09-30
|
Zscaler Legal Liability Threat Blocked
|
|
Phishing
|
Anomaly
|
Zscaler Browser Proxy Threats
|
2024-09-30
|
Zscaler Malware Activity Threat Blocked
|
|
Phishing
|
Anomaly
|
Zscaler Browser Proxy Threats
|
2024-09-30
|
Zscaler Phishing Activity Threat Blocked
|
|
Phishing
|
Anomaly
|
Zscaler Browser Proxy Threats
|
2024-09-30
|
Zscaler Potentially Abused File Download
|
|
Phishing
|
Anomaly
|
Zscaler Browser Proxy Threats
|
2024-09-30
|
Zscaler Privacy Risk Destinations Threat Blocked
|
|
Phishing
|
Anomaly
|
Zscaler Browser Proxy Threats
|
2024-09-30
|
Zscaler Scam Destinations Threat Blocked
|
|
Phishing
|
Anomaly
|
Zscaler Browser Proxy Threats
|
2024-09-30
|
Zscaler Virus Download threat blocked
|
|
Phishing
|
Anomaly
|
Zscaler Browser Proxy Threats
|
2024-09-30
|