Untitled

108 || MALWARE-BACKDOOR QAZ Worm Client Login access || mcafee,98775
117 || MALWARE-BACKDOOR Infector.1.x || nessus,11157
118 || MALWARE-BACKDOOR SatansBackdoor.2.0.Beta || url,www.megasecurity.org/trojans/s/satanzbackdoor/SBD2.0b.html || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=5260
121 || MALWARE-BACKDOOR Infector 1.6 Client to Server Connection Request || nessus,11157
147 || MALWARE-BACKDOOR GateCrasher || url,www.spywareguide.com/product_show.php?id=973
195 || MALWARE-BACKDOOR DeepThroat 3.1 Server Response || mcafee,98574 || nessus,10053
208 || MALWARE-BACKDOOR PhaseZero Server Active on Network || url,www.megasecurity.org/trojans/p/phasezero/PhaseZero1.0b.html || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=4539
221 || PROTOCOL-ICMP TFN Probe || cve,2000-0138
222 || PROTOCOL-ICMP tfn2k icmp possible communication || cve,2000-0138
223 || MALWARE-OTHER Trin00 Daemon to Master PONG message detected || cve,2000-0138
224 || PROTOCOL-ICMP Stacheldraht server spoof || cve,2000-0138
225 || PROTOCOL-ICMP Stacheldraht gag server response || cve,2000-0138
226 || PROTOCOL-ICMP Stacheldraht server response || cve,2000-0138
227 || PROTOCOL-ICMP Stacheldraht client spoofworks || cve,2000-0138
228 || PROTOCOL-ICMP TFN client command BE || cve,2000-0138
229 || PROTOCOL-ICMP Stacheldraht client check skillz || cve,2000-0138
230 || MALWARE-OTHER shaft client login to handler || cve,2000-0138 || url,security.royans.net/info/posts/bugtraq_ddos3.shtml
231 || MALWARE-OTHER Trin00 Daemon to Master message detected || cve,2000-0138
232 || MALWARE-OTHER Trin00 Daemon to Master *HELLO* message detected || cve,2000-0138 || url,www.sans.org/newlook/resources/IDFAQ/trinoo.htm
233 || MALWARE-OTHER Trin00 Attacker to Master default startup password || cve,2000-0138
234 || MALWARE-OTHER Trin00 Attacker to Master default password || cve,2000-0138
235 || MALWARE-OTHER Trin00 Attacker to Master default mdie password || cve,2000-0138
236 || PROTOCOL-ICMP Stacheldraht client check gag || cve,2000-0138
237 || MALWARE-OTHER Trin00 Master to Daemon default password attempt || cve,2000-0138
238 || PROTOCOL-ICMP TFN server response || cve,2000-0138
239 || MALWARE-OTHER shaft handler to agent || cve,2000-0138
240 || MALWARE-OTHER shaft agent to handler || cve,2000-0138
243 || MALWARE-OTHER mstream agent to handler || cve,2000-0138
244 || MALWARE-OTHER mstream handler to agent || cve,2000-0138
245 || MALWARE-OTHER mstream handler ping to agent || cve,2000-0138
246 || MALWARE-OTHER mstream agent pong to handler || cve,2000-0138
247 || MALWARE-OTHER mstream client to handler || cve,2000-0138
248 || MALWARE-OTHER mstream handler to client || cve,2000-0138
250 || MALWARE-OTHER mstream handler to client || cve,2000-0138
251 || PROTOCOL-ICMP - TFN client command LE || cve,2000-0138
255 || PROTOCOL-DNS dns zone transfer via TCP detected || cve,1999-0532 || nessus,10595
256 || PROTOCOL-DNS named authors attempt || nessus,10728
257 || PROTOCOL-DNS named version attempt || nessus,10028
258 || SERVER-OTHER Bind Buffer Overflow via NXT records || bugtraq,788 || cve,1999-0833
259 || SERVER-OTHER Bind Buffer Overflow via NXT records named overflow ADM || bugtraq,788 || cve,1999-0833
260 || SERVER-OTHER Bind Buffer Overflow via NXT records named overflow ADMROCKS || bugtraq,788 || cve,1999-0833 || url,www.cert.org/advisories/CA-1999-14.html
261 || SERVER-OTHER Bind named overflow attempt || url,www.cert.org/advisories/CA-1998-05.html
271 || SERVER-OTHER UDP echo+chargen bomb || cve,1999-0103 || cve,1999-0635
272 || OS-WINDOWS Microsoft WIndows IGMP dos attack || bugtraq,514 || cve,1999-0918 || url,technet.microsoft.com/en-us/security/bulletin/MS99-034
274 || PROTOCOL-ICMP ath || cve,1999-1228
276 || SERVER-OTHER RealNetworks Audio Server denial of service attempt || cve,1999-0271 || nessus,10183
277 || SERVER-OTHER RealNetworks Server template.html || bugtraq,1288 || cve,2000-0474 || nessus,10461
278 || SERVER-OTHER RealNetworks Server template.html || bugtraq,1288 || cve,2000-0474
279 || SERVER-OTHER Bay/Nortel Nautica Marlin || bugtraq,1009 || cve,2000-0221
281 || SERVER-OTHER Ascend Route || bugtraq,714 || cve,1999-0060
283 || BROWSER-OTHER Netscape 4.7 client overflow || bugtraq,822 || cve,1999-1189 || cve,2000-1187
286 || PROTOCOL-POP EXPLOIT x86 BSD overflow || bugtraq,133 || cve,1999-0006 || nessus,10196
289 || PROTOCOL-POP EXPLOIT x86 SCO overflow || bugtraq,133 || bugtraq,156 || cve,1999-0006
290 || PROTOCOL-POP EXPLOIT qpopper overflow || bugtraq,830 || cve,1999-0822 || nessus,10184
292 || OS-LINUX x86 Linux samba overflow || bugtraq,1816 || bugtraq,536 || cve,1999-0182 || cve,1999-0811
300 || OS-SOLARIS Oracle Solaris npls x86 overflow || bugtraq,2319 || cve,1999-1588
301 || SERVER-OTHER LPRng overflow || bugtraq,1712 || cve,2000-0917
302 || OS-LINUX Redhat 7.0 lprd overflow || bugtraq,1712 || cve,2000-0917
303 || SERVER-OTHER Bind Buffer Overflow named tsig overflow attempt || bugtraq,2302 || cve,2001-0010 || nessus,10605
304 || SERVER-OTHER SCO calserver overflow || bugtraq,2353 || cve,2000-0306
305 || SERVER-OTHER delegate proxy overflow || bugtraq,808 || cve,2000-0165
306 || SERVER-OTHER VQServer admin || bugtraq,1610 || cve,2000-0766 || nessus,10354 || url,www.vqsoft.com/vq/server/docs/other/control.html
307 || SERVER-OTHER CHAT IRC topic overflow || bugtraq,573 || cve,1999-0672
308 || SERVER-OTHER NextFTP client overflow || bugtraq,572 || cve,1999-0671
309 || SERVER-MAIL sniffit overflow || bugtraq,1158 || cve,2000-0343
310 || SERVER-MAIL x86 windows MailMax overflow || bugtraq,2312 || cve,1999-0404
311 || BROWSER-OTHER Netscape 4.7 unsucessful overflow || bugtraq,822 || cve,1999-1189 || cve,2000-1187
313 || OS-LINUX ntalkd x86 Linux overflow || bugtraq,210
314 || SERVER-OTHER Bind Buffer Overflow named tsig overflow attempt || bugtraq,2302 || cve,2001-0010
315 || OS-LINUX x86 Linux mountd overflow || bugtraq,121 || cve,1999-0002
316 || OS-LINUX x86 Linux mountd overflow || bugtraq,121 || cve,1999-0002
317 || OS-LINUX x86 Linux mountd overflow || bugtraq,121 || cve,1999-0002
320 || PROTOCOL-FINGER cmd_rootsh backdoor attempt || nessus,10070 || url,www.sans.org/y2k/TFN_toolkit.htm || url,www.sans.org/y2k/fingerd.htm
321 || PROTOCOL-FINGER account enumeration attempt || nessus,10788
322 || PROTOCOL-FINGER search query || cve,1999-0259
324 || PROTOCOL-FINGER null request || cve,1999-0612
326 || PROTOCOL-FINGER remote command execution attempt || bugtraq,974 || cve,1999-0150
327 || PROTOCOL-FINGER remote command pipe execution attempt || bugtraq,2220 || cve,1999-0152
328 || PROTOCOL-FINGER bomb attempt || cve,1999-0106
330 || PROTOCOL-FINGER redirection attempt || cve,1999-0105 || nessus,10073
331 || PROTOCOL-FINGER cybercop query || cve,1999-0612
332 || PROTOCOL-FINGER 0 query || cve,1999-0197 || nessus,10069
333 || PROTOCOL-FINGER . query || cve,1999-0198 || nessus,10072
336 || PROTOCOL-FTP CWD ~root attempt || cve,1999-0082
337 || PROTOCOL-FTP CEL overflow attempt || bugtraq,679 || cve,1999-0789 || nessus,10009
357 || PROTOCOL-FTP piss scan || url,www.mines.edu/fs_home/dlarue/cc/baby-doe.html
360 || PROTOCOL-FTP serv-u directory traversal || bugtraq,2052 || cve,2001-0054 || nessus,10565
361 || PROTOCOL-FTP SITE EXEC attempt || bugtraq,2241 || cve,1999-0080 || cve,1999-0955
362 || PROTOCOL-FTP tar parameters || bugtraq,2240 || cve,1999-0202 || cve,1999-0997
363 || PROTOCOL-ICMP IRDP router advertisement || bugtraq,578 || cve,1999-0875
364 || PROTOCOL-ICMP IRDP router selection || bugtraq,578 || cve,1999-0875
396 || PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set || cve,2004-0790 || cve,2005-0068 || cve,2015-7759
402 || PROTOCOL-ICMP destination unreachable port unreachable packet detected || cve,2004-0790 || cve,2005-0068
404 || PROTOCOL-ICMP Destination Unreachable Protocol Unreachable || cve,2004-0790 || cve,2005-0068
436 || PROTOCOL-ICMP Redirect for TOS and Host || cve,1999-0265
437 || PROTOCOL-ICMP Redirect for TOS and Network || cve,1999-0265
438 || PROTOCOL-ICMP Redirect undefined code || cve,1999-0265
463 || PROTOCOL-ICMP unassigned type 7 undefined code || cve,1999-0454
494 || INDICATOR-COMPROMISE command completed || bugtraq,1806 || cve,2000-0884 || url,osvdb.org/show/osvdb/436 || url,technet.microsoft.com/en-us/security/bulletin/ms00-078
497 || INDICATOR-COMPROMISE file copied ok || bugtraq,1806 || cve,2000-0884
509 || SERVER-WEBAPP PCCS mysql database admin tool access || bugtraq,1557 || cve,2000-0707 || nessus,10783
510 || POLICY-OTHER HP JetDirect LCD modification attempt || bugtraq,2245
516 || PROTOCOL-SNMP NT UserList || nessus,10546
518 || PROTOCOL-TFTP Put || cve,1999-0183 || url,dev.metasploit.com/redmine/projects/framework/repository/revisions/b73f28f29511d154aed9e94dd262195db60c7e3b/entry/unstable-modules/auxiliary/d20tftpbd.rb
519 || PROTOCOL-TFTP parent directory || cve,1999-0183 || cve,2002-1209 || cve,2011-4722
520 || PROTOCOL-TFTP root directory || cve,1999-0183
530 || OS-WINDOWS NT NULL session || bugtraq,1163 || cve,2000-0347
555 || POLICY-OTHER WinGate telnet server response || cve,1999-0657
567 || SERVER-MAIL SMTP relaying denied || url,mail-abuse.org/tsi/ar-fix.html
568 || POLICY-OTHER HP JetDirect LCD modification attempt || bugtraq,2245
569 || PROTOCOL-RPC snmpXdmi overflow attempt TCP || bugtraq,2417 || cve,2001-0236 || nessus,10659 || url,www.cert.org/advisories/CA-2001-05.html
572 || PROTOCOL-RPC DOS ttdbserv Solaris || bugtraq,122 || cve,1999-0003
576 || PROTOCOL-RPC portmap amountd request UDP || bugtraq,205 || bugtraq,235 || bugtraq,450 || bugtraq,614 || cve,1999-0088 || cve,1999-0210 || cve,1999-0493 || cve,1999-0704
580 || PROTOCOL-RPC portmap nisd request UDP || cve,1999-0008
581 || PROTOCOL-RPC portmap pcnfsd request UDP || bugtraq,205 || bugtraq,4816 || cve,1999-0078 || cve,1999-0353 || cve,2002-0910
584 || PROTOCOL-RPC portmap rusers request UDP || cve,1999-0626
586 || PROTOCOL-RPC portmap selection_svc request UDP || bugtraq,8 || cve,1999-0209
588 || PROTOCOL-RPC portmap ttdbserv request UDP || bugtraq,122 || bugtraq,3382 || cve,1999-0003 || cve,1999-0687 || cve,1999-1075 || cve,2001-0717 || url,www.cert.org/advisories/CA-2001-05.html
590 || PROTOCOL-RPC portmap ypserv request UDP || bugtraq,5914 || bugtraq,6016 || cve,2000-1042 || cve,2000-1043 || cve,2002-1232
591 || PROTOCOL-RPC portmap ypupdated request TCP || bugtraq,1749 || cve,1999-0208
593 || PROTOCOL-RPC portmap snmpXdmi request TCP || bugtraq,2417 || cve,2001-0236 || nessus,10659 || url,www.cert.org/advisories/CA-2001-05.html
595 || PROTOCOL-RPC portmap espd request TCP || bugtraq,2714 || cve,2001-0331
604 || PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt || bugtraq,458 || cve,1999-0113 || url,osvdb.org/show/osvdb/1007
612 || PROTOCOL-RPC rusers query UDP || cve,1999-0626
637 || INDICATOR-SCAN Webtrends Scanner UDP Probe || url,www.netiq.com/products/vsm/default.asp
654 || SERVER-MAIL RCPT TO overflow || bugtraq,2283 || bugtraq,43182 || bugtraq,9696 || cve,2001-0260 || cve,2003-0694 || cve,2008-0394 || cve,2009-0410 || cve,2010-2580
655 || SERVER-MAIL Sendmail 8.6.9 exploit || bugtraq,2311 || cve,1999-0204
657 || SERVER-MAIL Netmanager chameleon SMTPd buffer overflow attempt || bugtraq,2387 || cve,1999-0261
658 || SERVER-MAIL Microsoft Windows Exchange Server 5.5 mime DOS || bugtraq,1869 || cve,2000-1006 || nessus,10558 || url,technet.microsoft.com/en-us/security/bulletin/MS00-082
659 || SERVER-MAIL Sendmail expn decode || cve,1999-0096 || nessus,10248
660 || SERVER-MAIL expn root || nessus,10249
661 || SERVER-MAIL Majordomo ifs || bugtraq,2310 || cve,1999-0207
662 || SERVER-MAIL Sendmail 5.5.5 exploit || cve,1999-0203 || nessus,10258
663 || SERVER-MAIL Sendmail rcpt to command attempt || bugtraq,1 || cve,1999-0095
664 || SERVER-MAIL Sendmail RCPT TO decode attempt || bugtraq,2308 || cve,1999-0203
665 || SERVER-MAIL Sendmail 5.6.5 exploit || bugtraq,2308 || cve,1999-0203
667 || SERVER-MAIL Sendmail 8.6.10 exploit || bugtraq,2311 || cve,1999-0204
668 || SERVER-MAIL Sendmail 8.6.10 exploit || bugtraq,2311 || cve,1999-0204
669 || SERVER-MAIL Sendmail 8.6.9 exploit || bugtraq,2311 || cve,1999-0204
670 || SERVER-MAIL Sendmail 8.6.9 exploit || bugtraq,2311 || cve,1999-0204
671 || SERVER-MAIL Sendmail 8.6.9c exploit || bugtraq,2311 || cve,1999-0204
672 || SERVER-MAIL vrfy decode || cve,1999-0096
681 || SQL xp_cmdshell program execution || bugtraq,5309
686 || SERVER-MSSQL xp_reg* - registry access || bugtraq,5205 || cve,2002-0642 || nessus,10642 || url,technet.microsoft.com/en-us/security/bulletin/MS02-034
687 || SQL xp_cmdshell - program execution || bugtraq,5309
688 || SQL sa login failed || bugtraq,4797 || cve,2000-1209 || nessus,10673
689 || SERVER-MSSQL xp_reg* registry access || bugtraq,5205 || cve,2002-0642 || nessus,10642 || url,technet.microsoft.com/en-us/security/bulletin/MS02-034
695 || SERVER-MSSQL xp_sprintf possible buffer overflow || bugtraq,1204 || url,technet.microsoft.com/en-us/security/bulletin/MS01-060
704 || SERVER-MSSQL xp_sprintf possible buffer overflow || bugtraq,1204 || bugtraq,3733 || cve,2001-0542 || url,technet.microsoft.com/en-us/security/bulletin/MS01-060
709 || PROTOCOL-TELNET 4Dgifts SGI account attempt || cve,1999-0501 || nessus,11243
710 || PROTOCOL-TELNET EZsetup account attempt || cve,1999-0501 || nessus,11244
711 || PROTOCOL-TELNET SGI telnetd format bug || bugtraq,1572 || cve,2000-0733
712 || PROTOCOL-TELNET ld_library_path || bugtraq,459 || cve,1999-0073
713 || PROTOCOL-TELNET livingston DOS || bugtraq,2225 || cve,1999-0218
714 || PROTOCOL-TELNET resolv_host_conf || bugtraq,2181 || cve,2001-0170
803 || SERVER-WEBAPP HyperSeek hsx.cgi directory traversal attempt || bugtraq,2314 || cve,2001-0253 || nessus,10602
804 || SERVER-WEBAPP SWSoft ASPSeek Overflow attempt || bugtraq,2492 || cve,2001-0476
805 || SERVER-WEBAPP Progress webspeed access || bugtraq,969 || cve,2000-0127 || nessus,10304
806 || SERVER-WEBAPP yabb directory traversal attempt || bugtraq,1668 || cve,2000-0853 || nessus,10512
807 || SERVER-WEBAPP /wwwboard/passwd.txt access || bugtraq,649 || cve,1999-0953 || cve,1999-0954 || nessus,10321
808 || SERVER-WEBAPP webdriver access || bugtraq,2166 || nessus,10592
809 || SERVER-WEBAPP whois_raw.cgi arbitrary command execution attempt || bugtraq,304 || cve,1999-1063 || nessus,10306
810 || SERVER-WEBAPP whois_raw.cgi access || bugtraq,304 || cve,1999-1063 || nessus,10306
811 || SERVER-WEBAPP websitepro path access || bugtraq,932 || cve,2000-0066 || nessus,10303
812 || SERVER-WEBAPP webplus version access || bugtraq,1102 || cve,2000-0282
813 || SERVER-WEBAPP webplus directory traversal || bugtraq,1102 || cve,2000-0282 || nessus,10367
815 || SERVER-WEBAPP websendmail access || bugtraq,2077 || cve,1999-0196 || nessus,10301
817 || SERVER-WEBAPP dcboard.cgi invalid user addition attempt || bugtraq,2728 || cve,2001-0527 || nessus,10583
818 || SERVER-WEBAPP dcforum.cgi access || bugtraq,2728 || cve,2001-0527 || nessus,10583
819 || SERVER-WEBAPP mmstdod.cgi access || bugtraq,2063 || cve,2001-0021 || nessus,10566
820 || SERVER-WEBAPP anaconda directory traversal attempt || bugtraq,2338 || bugtraq,2388 || cve,2000-0975 || cve,2001-0308 || nessus,10536
821 || SERVER-WEBAPP imagemap.exe overflow attempt || bugtraq,739 || cve,1999-0951 || nessus,10122
823 || SERVER-WEBAPP cvsweb.cgi access || bugtraq,1469 || cve,2000-0670 || nessus,10465
824 || SERVER-WEBAPP php.cgi access || bugtraq,2250 || bugtraq,712 || cve,1999-0058 || cve,1999-0238 || nessus,10178
825 || SERVER-WEBAPP glimpse access || bugtraq,2026 || cve,1999-0147 || nessus,10095
826 || SERVER-WEBAPP htmlscript access || bugtraq,2001 || cve,1999-0264 || nessus,10106
827 || SERVER-WEBAPP info2www access || bugtraq,1995 || cve,1999-0266 || nessus,10127
829 || SERVER-WEBAPP nph-test-cgi access || bugtraq,686 || cve,1999-0045 || nessus,10165
832 || SERVER-WEBAPP perl.exe access || cve,1999-0509 || nessus,10173 || url,www.cert.org/advisories/CA-1996-11.html
833 || SERVER-WEBAPP rguest.exe access || bugtraq,2024 || cve,1999-0287
834 || SERVER-WEBAPP rwwwshell.pl access || url,www.itsecurity.com/papers/p37.htm
835 || SERVER-WEBAPP test-cgi access || bugtraq,2003 || cve,1999-0070 || nessus,10282
836 || SERVER-WEBAPP textcounter.pl access || bugtraq,2265 || cve,1999-1479 || nessus,11451
837 || SERVER-WEBAPP uploader.exe access || bugtraq,1611 || cve,1999-0177 || cve,2000-0769 || nessus,10291
838 || SERVER-WEBAPP webgais access || bugtraq,2058 || cve,1999-0176 || nessus,10300
839 || SERVER-WEBAPP finger access || cve,1999-0612 || nessus,10071
840 || SERVER-WEBAPP perlshop.cgi access || cve,1999-1374
842 || SERVER-WEBAPP aglimpse access || bugtraq,2026 || cve,1999-0147 || nessus,10095
843 || SERVER-WEBAPP anform2 access || bugtraq,719 || cve,1999-0066
844 || SERVER-WEBAPP args.bat access || cve,1999-1180 || nessus,11465
845 || SERVER-WEBAPP AT-admin.cgi access || cve,1999-1072
846 || SERVER-WEBAPP bnbform.cgi access || bugtraq,2147 || cve,1999-0937
847 || SERVER-WEBAPP campas access || bugtraq,1975 || cve,1999-0146 || nessus,10035
848 || SERVER-WEBAPP view-source directory traversal || bugtraq,2251 || bugtraq,8883 || cve,1999-0174
849 || SERVER-WEBAPP view-source access || bugtraq,2251 || bugtraq,8883 || cve,1999-0174
851 || SERVER-WEBAPP files.pl access || cve,1999-1081
852 || SERVER-WEBAPP wguest.exe access || bugtraq,2024 || cve,1999-0287 || cve,1999-0467
853 || SERVER-WEBAPP wrap access || bugtraq,373 || cve,1999-0149 || nessus,10317
854 || SERVER-WEBAPP classifieds.cgi access || bugtraq,2020 || cve,1999-0934
857 || SERVER-WEBAPP faxsurvey access || bugtraq,2056 || cve,1999-0262 || nessus,10067
858 || SERVER-WEBAPP filemail access || cve,1999-1154
859 || SERVER-WEBAPP man.sh access || bugtraq,2276 || cve,1999-1179
860 || SERVER-WEBAPP snork.bat access || bugtraq,2023 || cve,1999-0233
861 || SERVER-WEBAPP w3-msql access || bugtraq,591 || bugtraq,898 || cve,1999-0276 || cve,1999-0753 || cve,2000-0012 || nessus,10296
862 || SERVER-WEBAPP csh access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html
863 || SERVER-WEBAPP day5datacopier.cgi access || cve,1999-1232
864 || SERVER-WEBAPP day5datanotifier.cgi access || cve,1999-1232
865 || SERVER-WEBAPP ksh access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html
866 || SERVER-WEBAPP post-query access || bugtraq,6752 || cve,2001-0291
867 || SERVER-WEBAPP visadmin.exe access || bugtraq,1808 || cve,1999-0970 || nessus,10295
868 || SERVER-WEBAPP rsh access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html
869 || SERVER-WEBAPP dumpenv.pl access || cve,1999-1178 || nessus,10060
871 || SERVER-WEBAPP survey.cgi access || bugtraq,1817 || cve,1999-0936
872 || SERVER-WEBAPP tcsh access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html
875 || SERVER-WEBAPP win-c-sample.exe access || bugtraq,2078 || cve,1999-0178 || nessus,10008
877 || SERVER-WEBAPP rksh access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html
879 || SERVER-WEBAPP admin.pl access || bugtraq,3839 || cve,2002-1748 || url,online.securityfocus.com/archive/1/249355
880 || SERVER-WEBAPP LWGate access || url,www.netspace.org/~dwb/lwgate/lwgate-history.html || url,www.wiretrip.net/rfp/p/doc.asp/i2/d6.htm
883 || SERVER-WEBAPP flexform access || url,www.wiretrip.net/rfp/p/doc.asp/i2/d6.htm
885 || SERVER-WEBAPP bash access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html
886 || SERVER-WEBAPP phf access || bugtraq,629 || cve,1999-0067
887 || SERVER-WEBAPP www-sql access || url,marc.theaimsgroup.com/?l=bugtraq&m=88704258804054&w=2
889 || SERVER-WEBAPP ppdscgi.exe access || bugtraq,491 || nessus,10187 || url,online.securityfocus.com/archive/1/16878
890 || SERVER-WEBAPP sendform.cgi access || bugtraq,5286 || cve,2002-0710 || url,www.scn.org/help/sendform.txt
892 || SERVER-WEBAPP AnyForm2 access || bugtraq,719 || cve,1999-0066 || nessus,10277
894 || SERVER-WEBAPP bb-hist.sh access || bugtraq,142 || cve,1999-1462 || nessus,10025
895 || SERVER-WEBAPP redirect access || bugtraq,1179 || cve,2000-0382
896 || SERVER-WEBAPP way-board access || bugtraq,2370 || cve,2001-0214 || nessus,10610
897 || SERVER-WEBAPP pals-cgi access || bugtraq,2372 || cve,2001-0216 || cve,2001-0217 || nessus,10611
898 || SERVER-WEBAPP commerce.cgi access || bugtraq,2361 || cve,2001-0210 || nessus,10612
899 || SERVER-WEBAPP Amaya templates sendtemp.pl directory traversal attempt || bugtraq,2504 || cve,2001-0272 || nessus,10614
900 || SERVER-WEBAPP webspirs.cgi directory traversal attempt || bugtraq,2362 || cve,2001-0211 || nessus,10616
901 || SERVER-WEBAPP webspirs.cgi access || bugtraq,2362 || cve,2001-0211 || nessus,10616
902 || SERVER-WEBAPP tstisapi.dll access || bugtraq,2381 || cve,2001-0302
903 || SERVER-OTHER Adobe Coldfusion cfcache.map access || bugtraq,917 || cve,2000-0057
904 || SERVER-OTHER Adobe Coldfusion exampleapp application.cfm || bugtraq,1021 || cve,2000-0189 || cve,2001-0535
905 || SERVER-OTHER Adobe Coldfusion application.cfm access || bugtraq,1021 || cve,2000-0189 || cve,2001-0535
906 || SERVER-OTHER Adobe Coldfusion getfile.cfm access || bugtraq,229 || cve,1999-0800 || cve,2001-0535
907 || SERVER-OTHER Adobe Coldfusion addcontent.cfm access || cve,2001-0535
908 || SERVER-OTHER Adobe Coldfusion administrator access || bugtraq,1314 || cve,2000-0538 || nessus,10581
909 || SERVER-OTHER Adobe Coldfusion datasource username attempt || bugtraq,550 || cve,1999-0760
910 || SERVER-OTHER Adobe Coldfusion fileexists.cfm access || bugtraq,550 || cve,1999-0760
911 || SERVER-OTHER Adobe Coldfusion exprcalc access || bugtraq,115 || bugtraq,550 || cve,1999-0455 || cve,1999-0760
912 || SERVER-OTHER Adobe Coldfusion parks access || bugtraq,550 || cve,1999-0760
913 || SERVER-OTHER Adobe Coldfusion cfappman access || bugtraq,550 || cve,1999-0760
914 || SERVER-OTHER Adobe Coldfusion beaninfo access || bugtraq,550 || cve,1999-0760
915 || SERVER-OTHER Adobe Coldfusion evaluate.cfm access || bugtraq,550 || cve,1999-0760
916 || SERVER-OTHER Adobe Coldfusion getodbcdsn access || bugtraq,550 || cve,1999-0760
917 || SERVER-OTHER Adobe Coldfusion db connections flush attempt || bugtraq,550 || cve,1999-0760
918 || SERVER-OTHER Adobe Coldfusion expeval access || bugtraq,550 || cve,1999-0477 || cve,1999-0760
919 || SERVER-OTHER Adobe Coldfusion datasource passwordattempt || bugtraq,550 || cve,1999-0760
920 || SERVER-OTHER Adobe Coldfusion datasource attempt || bugtraq,550 || cve,1999-0760
921 || SERVER-OTHER Adobe Coldfusion admin encrypt attempt || bugtraq,550 || cve,1999-0760
922 || SERVER-OTHER Adobe Coldfusion displayfile access || bugtraq,550 || cve,1999-0760
923 || SERVER-OTHER Adobe Coldfusion getodbcin attempt || bugtraq,550 || cve,1999-0760
924 || SERVER-OTHER Adobe Coldfusion admin decrypt attempt || bugtraq,550 || cve,1999-0760
925 || SERVER-OTHER Adobe Coldfusion mainframeset access || bugtraq,550 || cve,1999-0760
926 || SERVER-OTHER Adobe Coldfusion set odbc ini attempt || bugtraq,550 || cve,1999-0760
927 || SERVER-OTHER Adobe Coldfusion settings refresh attempt || bugtraq,550 || cve,1999-0760
928 || SERVER-OTHER Adobe Coldfusion exampleapp access || cve,2001-0535
929 || SERVER-OTHER Adobe Coldfusion CFUSION_VERIFYMAIL access || bugtraq,550 || cve,1999-0760
930 || SERVER-OTHER Adobe Coldfusion snippets attempt || bugtraq,550 || cve,1999-0760
931 || SERVER-OTHER Adobe Coldfusion cfmlsyntaxcheck.cfm access || bugtraq,550 || cve,1999-0760
932 || SERVER-OTHER Adobe Coldfusion application.cfm access || bugtraq,550 || cve,1999-0760 || cve,2000-0189
933 || SERVER-OTHER Adobe Coldfusion onrequestend.cfm access || bugtraq,550 || cve,1999-0760 || cve,2000-0189
935 || SERVER-OTHER Adobe Coldfusion startstop DOS access || bugtraq,247 || cve,1999-0756
936 || SERVER-OTHER Adobe Coldfusion gettempdirectory.cfm access  || bugtraq,550 || cve,1999-0760
937 || SERVER-OTHER Microsoft Frontpage _vti_rpc access || bugtraq,2144 || cve,2001-0096 || nessus,10585
939 || SERVER-OTHER Microsoft Frontpage posting || bugtraq,2144 || cve,2001-0096 || nessus,10585 || url,technet.microsoft.com/en-us/security/bulletin/MS00-100
940 || SERVER-OTHER Microsoft Frontpage shtml.dll access || bugtraq,1174 || bugtraq,1594 || bugtraq,1595 || cve,2000-0413 || cve,2000-0746 || nessus,11395 || url,technet.microsoft.com/en-us/security/bulletin/ms00-060
948 || SERVER-OTHER Microsoft Frontpage form_results access || cve,1999-1052
951 || SERVER-OTHER Microsoft Frontpage authors.pwd access || bugtraq,989 || cve,1999-0386 || nessus,10078
953 || SERVER-OTHER Microsoft Frontpage administrators.pwd access || bugtraq,1205
954 || SERVER-OTHER Microsoft Frontpage form_results.htm access || cve,1999-1052
955 || SERVER-OTHER Microsoft Frontpage access.cnf access || bugtraq,4078 || cve,2002-1717 || nessus,10575
958 || SERVER-OTHER Microsoft Frontpage service.cnf access || bugtraq,4078 || cve,2002-1717 || nessus,10575
959 || SERVER-OTHER Microsoft Frontpage service.pwd || bugtraq,1205
961 || SERVER-OTHER Microsoft Frontpage services.cnf access || bugtraq,4078 || cve,2002-1717 || nessus,10575
962 || SERVER-OTHER Microsoft Frontpage shtml.exe access || bugtraq,1174 || bugtraq,1608 || bugtraq,5804 || cve,2000-0413 || cve,2000-0709 || cve,2002-0692 || nessus,10405 || nessus,11311
963 || SERVER-OTHER Microsoft Frontpage svcacl.cnf access || bugtraq,4078 || cve,2002-1717 || nessus,10575
965 || SERVER-OTHER Microsoft Frontpage writeto.cnf access || bugtraq,4078 || cve,2002-1717 || nessus,10575
966 || SERVER-OTHER Microsoft Frontpage .... request || bugtraq,989 || cve,1999-0386 || cve,2000-0153 || nessus,10142
967 || SERVER-OTHER Microsoft Frontpage dvwssr.dll access || bugtraq,1108 || bugtraq,1109 || cve,2000-0260 || nessus,10369 || url,technet.microsoft.com/en-us/security/bulletin/ms00-025
969 || SERVER-IIS WebDAV file lock attempt || bugtraq,2736 || nessus,10732
971 || SERVER-IIS ISAPI .printer access || bugtraq,2674 || cve,2001-0241 || nessus,10661 || url,technet.microsoft.com/en-us/security/bulletin/MS01-023
973 || SERVER-IIS *.idc attempt || bugtraq,1448 || cve,1999-0874 || cve,2000-0661
974 || SERVER-IIS Microsoft Windows IIS directory traversal attempt || bugtraq,2218 || cve,1999-0229
975 || SERVER-IIS Alternate Data streams ASP file access attempt || bugtraq,149 || cve,1999-0278 || nessus,10362 || url,support.microsoft.com/default.aspx?scid=kb\
976 || SERVER-WEBAPP .bat? access || bugtraq,2023 || bugtraq,4335 || cve,1999-0233 || cve,2002-0061 || url,support.microsoft.com/support/kb/articles/Q148/1/88.asp || url,support.microsoft.com/support/kb/articles/Q155/0/56.asp
977 || SERVER-IIS .cnf access || bugtraq,4078 || cve,2002-1717 || nessus,10575
978 || SERVER-IIS ASP contents view || bugtraq,1084 || cve,2000-0302 || nessus,10356 || url,technet.microsoft.com/en-us/security/bulletin/MS00-006
979 || SERVER-IIS ASP contents view || bugtraq,1861 || cve,2000-0942 || url,technet.microsoft.com/en-us/security/bulletin/MS00-006
980 || SERVER-IIS CGImail.exe access || bugtraq,1623 || cve,2000-0726 || nessus,11721
984 || SERVER-IIS JET VBA access || bugtraq,307 || cve,1999-0874 || nessus,10116
985 || SERVER-IIS JET VBA access || bugtraq,286 || cve,1999-0874
986 || SERVER-IIS MSProxy access || url,support.microsoft.com/?kbid=331066
987 || FILE-IDENTIFY .htr access file download request || bugtraq,1488 || cve,2000-0630 || cve,2001-0004 || nessus,10680 || url,technet.microsoft.com/en-us/security/bulletin/ms01-004
989 || MALWARE-CNC sensepost.exe command shell || nessus,11003
990 || SERVER-OTHER Microsoft Frontpage _vti_inf.html access || nessus,11455
991 || SERVER-IIS achg.htr access || bugtraq,2110 || cve,1999-0407
993 || SERVER-IIS iisadmin access || bugtraq,189 || cve,1999-1538 || nessus,11032
995 || SERVER-IIS ism.dll access || bugtraq,189 || cve,1999-1538 || cve,2000-0630
996 || SERVER-IIS anot.htr access || bugtraq,2110 || cve,1999-0407
997 || SERVER-IIS asp-dot attempt || bugtraq,1814 || nessus,10363
999 || SERVER-IIS bdir access || bugtraq,2280
1000 || SERVER-IIS bdir.htr access || bugtraq,2280 || nessus,10577
1001 || SERVER-WEBAPP carbo.dll access || bugtraq,2126 || cve,1999-1069
1004 || SERVER-IIS codebrowser Exair access || cve,1999-0499 || cve,1999-0815
1005 || SERVER-IIS codebrowser SDK access || bugtraq,167 || cve,1999-0736
1007 || SERVER-IIS Form_JScript.asp access || bugtraq,1594 || bugtraq,1595 || cve,2000-0746 || cve,2000-1104 || nessus,10572 || url,technet.microsoft.com/en-us/security/bulletin/MS00-028 || url,technet.microsoft.com/en-us/security/bulletin/MS00-060
1009 || SERVER-IIS directory listing || nessus,10573
1010 || SERVER-IIS encoding access || bugtraq,886 || cve,2000-0024 || url,technet.microsoft.com/en-us/security/bulletin/MS99-061
1012 || SERVER-IIS fpcount attempt || bugtraq,2252 || cve,1999-1376
1013 || SERVER-IIS fpcount access || bugtraq,2252 || cve,1999-1376
1016 || SERVER-IIS global.asa access || cve,2000-0778 || cve,2001-0004 || nessus,10491 || nessus,10991 || url,technet.microsoft.com/en-us/security/bulletin/ms01-004
1017 || SERVER-IIS idc-srch attempt || cve,1999-0874
1018 || SERVER-IIS iisadmpwd attempt || bugtraq,2110 || cve,1999-0407 || nessus,10371
1019 || SERVER-IIS Malformed Hit-Highlighting Argument File Access Attempt || bugtraq,950 || cve,2000-0097 || url,technet.microsoft.com/en-us/security/bulletin/ms00-006 || url,www.securityfocus.com/archive/1/43762
1020 || SERVER-IIS isc$data attempt || bugtraq,307 || cve,1999-0874 || nessus,10116
1021 || SERVER-IIS ism.dll attempt || bugtraq,1193 || cve,2000-0457 || nessus,10680 || url,technet.microsoft.com/en-us/security/bulletin/MS00-031
1022 || SERVER-IIS jet vba access || bugtraq,286 || cve,1999-0874 || url,technet.microsoft.com/en-us/security/bulletin/ms99-030
1023 || SERVER-IIS msadcs.dll access || bugtraq,529 || cve,1999-1011 || nessus,10357 || url,technet.microsoft.com/en-us/security/bulletin/ms99-025
1024 || SERVER-IIS newdsn.exe access || bugtraq,1818 || cve,1999-0191 || nessus,10360
1026 || SERVER-IIS perl-browse newline attempt || bugtraq,6833 || cve,2003-1365
1027 || SERVER-IIS perl-browse space attempt || bugtraq,6833 || cve,2003-1365
1028 || SERVER-IIS query.asp access || bugtraq,193 || cve,1999-0449
1029 || SERVER-IIS scripts-browse access || nessus,11032
1030 || SERVER-IIS search97.vts access || bugtraq,162
1031 || SERVER-IIS /SiteServer/Publishing/viewcode.asp access || nessus,10576
1032 || SERVER-IIS showcode access || cve,1999-0737 || nessus,10576 || url,technet.microsoft.com/en-us/security/bulletin/ms99-013
1033 || SERVER-IIS viewcode access || cve,1999-0737 || nessus,10576 || url,technet.microsoft.com/en-us/security/bulletin/ms99-013
1034 || SERVER-IIS viewcode access || cve,1999-0737 || nessus,10576 || url,technet.microsoft.com/en-us/security/bulletin/ms99-013
1035 || SERVER-IIS viewcode access || cve,1999-0737 || nessus,10576 || url,technet.microsoft.com/en-us/security/bulletin/ms99-013
1036 || SERVER-IIS viewcode access || cve,1999-0737 || nessus,10576 || url,technet.microsoft.com/en-us/security/bulletin/ms99-013
1037 || SERVER-IIS showcode.asp access || bugtraq,167 || cve,1999-0736 || nessus,10007 || url,technet.microsoft.com/en-us/security/bulletin/MS99-013
1038 || SERVER-IIS site server config access || bugtraq,256 || cve,1999-1520
1040 || SERVER-IIS srchadm access || nessus,11032
1041 || SERVER-IIS uploadn.asp access || bugtraq,1811 || cve,1999-0360
1042 || SERVER-IIS view source via translate header || bugtraq,14764 || bugtraq,1578 || cve,2000-0778 || nessus,10491
1043 || SERVER-IIS viewcode.asp access || cve,1999-0737 || nessus,10576
1044 || SERVER-IIS webhits access || bugtraq,950 || cve,2000-0097
1046 || SERVER-IIS site/iisamples access || nessus,10370
1047 || SERVER-WEBAPP Netscape Enterprise DOS || bugtraq,2294 || cve,2001-0251
1048 || SERVER-WEBAPP Netscape Enterprise directory listing attempt || bugtraq,2285 || cve,2001-0250 || nessus,10691
1050 || SERVER-WEBAPP iPlanet GETPROPERTIES attempt || bugtraq,2732 || cve,2001-0746
1051 || FILE-OTHER technote main.cgi file directory traversal attempt || bugtraq,2156 || cve,2001-0075 || nessus,10584
1052 || SERVER-WEBAPP technote print.cgi directory traversal attempt || bugtraq,2156 || cve,2001-0075 || nessus,10584
1053 || SERVER-WEBAPP ads.cgi command execution attempt || bugtraq,2103 || cve,2001-0025 || nessus,11464
1054 || SERVER-WEBAPP weblogic/tomcat .jsp view source attempt || bugtraq,2527
1056 || SERVER-APACHE Apache Tomcat view source attempt || bugtraq,2527 || cve,2001-0590
1061 || SQL xp_cmdshell attempt || bugtraq,5309
1070 || SERVER-WEBAPP WebDAV search access || bugtraq,1756 || cve,2000-0951
1072 || SERVER-WEBAPP Lotus Domino directory traversal || bugtraq,2173 || cve,2001-0009 || nessus,12248
1073 || SERVER-WEBAPP webhits.exe access || bugtraq,950 || cve,2000-0097
1075 || SERVER-IIS postinfo.asp access || bugtraq,1811 || cve,1999-0360
1076 || SERVER-IIS repost.asp access || nessus,10372
1077 || SQL queryhit.htm access || nessus,10370
1078 || SQL counter.exe access || bugtraq,267 || cve,1999-1030
1079 || OS-WINDOWS Microsoft Windows WebDAV propfind access || bugtraq,1656 || cve,2000-0869 || cve,2003-0718 || nessus,10505 || url,technet.microsoft.com/en-us/security/bulletin/MS04-030
1080 || SERVER-WEBAPP unify eWave ServletExec upload || bugtraq,1868 || bugtraq,1876 || cve,2000-1024 || cve,2000-1025 || nessus,10570
1081 || SERVER-WEBAPP Netscape Servers suite DOS || bugtraq,1868 || cve,2000-1025
1082 || SERVER-WEBAPP amazon 1-click cookie theft || bugtraq,1194 || cve,2000-0439
1083 || SERVER-WEBAPP unify eWave ServletExec DOS || bugtraq,1868 || cve,2000-1025
1084 || SERVER-WEBAPP Allaire JRUN DOS attempt || bugtraq,2337 || cve,2000-1049
1085 || SERVER-WEBAPP strings overflow || bugtraq,802
1086 || SERVER-WEBAPP strings overflow || bugtraq,1786 || cve,2000-0967
1088 || SERVER-WEBAPP eXtropia webstore directory traversal || bugtraq,1774 || cve,2000-1005 || nessus,10532
1089 || SERVER-WEBAPP shopping cart directory traversal || bugtraq,1777 || cve,2000-0921
1091 || SERVER-WEBAPP ICQ Webfront HTTP DOS || bugtraq,1463 || cve,2000-1078
1092 || SERVER-WEBAPP Armada Style Master Index directory traversal || bugtraq,1772 || cve,2000-0924 || nessus,10562 || url,www.synnergy.net/downloads/advisories/SLA-2000-16.masterindex.txt
1093 || SERVER-WEBAPP cached_feed.cgi moreover shopping cart directory traversal || bugtraq,1762 || cve,2000-0906
1095 || SERVER-WEBAPP Talentsoft Web+ Source Code view access || bugtraq,1722 || url,archives.neohapsis.com/archives/ntbugtraq/2000-q3/0168.html
1096 || SERVER-WEBAPP Talentsoft Web+ internal IP Address access || bugtraq,1720 || url,archives.neohapsis.com/archives/ntbugtraq/2000-q3/0168.html
1097 || SERVER-WEBAPP Talentsoft Web+ exploit attempt || bugtraq,1725
1098 || SERVER-WEBAPP SmartWin CyberOffice Shopping Cart access || bugtraq,1734 || cve,2000-0925
1103 || SERVER-WEBAPP Netscape admin passwd || bugtraq,1579 || nessus,10468
1105 || SERVER-WEBAPP BigBrother access || bugtraq,1455 || cve,2000-0638 || nessus,10460
1106 || SERVER-WEBAPP Poll-it access || bugtraq,1431 || cve,2000-0590 || nessus,10459
1107 || SERVER-WEBAPP ftp.pl access || bugtraq,1471 || cve,2000-0674 || nessus,10467
1108 || SERVER-APACHE Apache Tomcat server snoop access || bugtraq,1532 || cve,2000-0760 || nessus,10478
1109 || SERVER-WEBAPP ROXEN directory list attempt || bugtraq,1510 || cve,2000-0671 || nessus,10479
1110 || SERVER-WEBAPP apache source.asp file access || bugtraq,1457 || cve,2000-0628 || nessus,10480
1111 || SERVER-APACHE Apache Tomcat server exploit access || bugtraq,1548 || cve,2000-0672 || nessus,10477
1115 || SERVER-WEBAPP ICQ webserver DOS || cve,1999-0474 || url,www.securiteam.com/exploits/2ZUQ1QAQOG.html
1117 || SERVER-WEBAPP Lotus EditDoc attempt || url,www.securiteam.com/exploits/5NP080A1RE.html
1119 || SERVER-WEBAPP mlog.phtml access || bugtraq,713 || cve,1999-0068 || cve,1999-0346
1120 || SERVER-WEBAPP mylog.phtml access || bugtraq,713 || cve,1999-0068 || cve,1999-0346
1123 || SERVER-WEBAPP ?PageServices access || bugtraq,1063 || bugtraq,7621 || cve,1999-0269
1125 || SERVER-WEBAPP webcart access || cve,1999-0610 || nessus,10298
1126 || SERVER-WEBAPP AuthChangeUrl access || bugtraq,2110 || cve,1999-0407
1127 || SERVER-WEBAPP convert.bas access || bugtraq,2025 || cve,1999-0175
1128 || SERVER-WEBAPP cpshost.dll access || bugtraq,1811 || bugtraq,4002 || cve,1999-0360
1132 || SERVER-WEBAPP Netscape Unixware overflow || bugtraq,908 || cve,1999-0744
1134 || SERVER-WEBAPP Phorum admin access || bugtraq,2271 || cve,2000-1228
1137 || SERVER-WEBAPP Phorum authentication access || bugtraq,2274 || cve,2000-1230
1139 || SERVER-WEBAPP whisker HEAD/./ || url,www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html
1140 || SERVER-WEBAPP guestbook.pl access || bugtraq,776 || cve,1999-0237 || cve,1999-1053 || nessus,10099
1141 || SERVER-WEBAPP handler access || bugtraq,380 || cve,1999-0148 || nessus,10100
1147 || SERVER-WEBAPP cat_ access || bugtraq,374 || cve,1999-0039
1149 || SERVER-WEBAPP count.cgi access || bugtraq,128 || cve,1999-0021 || nessus,10049
1150 || SERVER-WEBAPP Domino catalog.nsf access || nessus,10629
1151 || SERVER-WEBAPP Domino domcfg.nsf access || nessus,10629
1152 || SERVER-WEBAPP Domino domlog.nsf access || nessus,10629
1153 || SERVER-WEBAPP Domino log.nsf access || nessus,10629
1154 || SERVER-WEBAPP Domino names.nsf access || nessus,10629
1155 || SERVER-WEBAPP Ecommerce checks.txt access || bugtraq,2281
1156 || SERVER-WEBAPP apache directory disclosure attempt || bugtraq,2503 || cve,2001-0925
1157 || SERVER-WEBAPP Netscape PublishingXpert access || cve,2000-1196 || nessus,10364
1158 || SERVER-WEBAPP windmail.exe access || bugtraq,1073 || cve,2000-0242 || nessus,10365
1159 || SERVER-WEBAPP webplus access || bugtraq,1174 || bugtraq,1720 || bugtraq,1722 || bugtraq,1725 || cve,2000-1005
1160 || SERVER-WEBAPP Netscape dir index wp || bugtraq,1063 || cve,2000-0236 || nessus,10352
1161 || SERVER-WEBAPP piranha passwd.php3 access || bugtraq,1149 || cve,2000-0322
1162 || SERVER-WEBAPP cart 32 AdminPwd access || bugtraq,1153 || cve,2000-0429
1163 || SERVER-WEBAPP webdist.cgi access || bugtraq,374 || cve,1999-0039 || nessus,10299
1164 || SERVER-WEBAPP shopping cart access || bugtraq,1983 || bugtraq,2049 || cve,1999-0607 || cve,2000-1188
1165 || SERVER-WEBAPP Novell Groupwise gwweb.exe access || bugtraq,879 || cve,1999-1005 || cve,1999-1006 || nessus,10877
1166 || SERVER-WEBAPP ws_ftp.ini access || bugtraq,547 || cve,1999-1078
1167 || SERVER-WEBAPP rpm_query access || bugtraq,1036 || cve,2000-0192 || nessus,10340
1168 || SERVER-WEBAPP mall log order access || bugtraq,2266 || cve,1999-0606
1172 || SERVER-WEBAPP bigconf.cgi access || bugtraq,778 || cve,1999-1550 || nessus,10027
1173 || SERVER-WEBAPP architext_query.pl access || bugtraq,2248 || cve,1999-0279 || nessus,10064 || url,www2.fedcirc.gov/alerts/advisories/1998/txt/fedcirc.98.03.txt
1174 || SERVER-WEBAPP /cgi-bin/jj access || bugtraq,2002 || cve,1999-0260 || nessus,10131
1175 || SERVER-WEBAPP wwwboard.pl access || bugtraq,1795 || bugtraq,649 || cve,1999-0930 || cve,1999-0954
1177 || SERVER-WEBAPP Netscape Enterprise Server directory view || bugtraq,1063 || cve,2000-0236
1179 || SERVER-WEBAPP Phorum violation access || bugtraq,2272 || cve,2000-1234
1180 || SERVER-WEBAPP get32.exe access || bugtraq,1485 || bugtraq,770 || cve,1999-0885 || nessus,10011
1181 || SERVER-WEBAPP Annex Terminal DOS attempt || cve,1999-1070 || nessus,10017
1183 || SERVER-WEBAPP Netscape Enterprise Server directory view || bugtraq,1063 || cve,2000-0236 || nessus,10352
1184 || SERVER-WEBAPP Netscape Enterprise Server directory view || bugtraq,1063 || cve,2000-0236
1185 || SERVER-WEBAPP bizdbsearch attempt || bugtraq,1104 || cve,2000-0287 || nessus,10383
1186 || SERVER-WEBAPP Netscape Enterprise Server directory view || bugtraq,1063 || cve,2000-0236
1187 || SERVER-WEBAPP SalesLogix Eviewer web command attempt || bugtraq,1078 || bugtraq,1089 || cve,2000-0278 || cve,2000-0289 || nessus,10361
1188 || SERVER-WEBAPP Netscape Enterprise Server directory view || bugtraq,1063 || cve,2000-0236
1189 || SERVER-WEBAPP Netscape Enterprise Server directory view || bugtraq,1063 || cve,2000-0236
1190 || SERVER-WEBAPP Netscape Enterprise Server directory view || bugtraq,1063 || cve,2000-0236
1191 || SERVER-WEBAPP Netscape Enterprise Server directory view || bugtraq,1063 || cve,2000-0236
1192 || SERVER-WEBAPP Trend Micro OfficeScan access || bugtraq,1057
1193 || SERVER-WEBAPP oracle web arbitrary command execution attempt || bugtraq,1053 || cve,2000-0169 || nessus,10348
1194 || SERVER-WEBAPP sojourn.cgi File attempt || bugtraq,1052 || cve,2000-0180 || nessus,10349
1195 || SERVER-WEBAPP sojourn.cgi access || bugtraq,1052 || cve,2000-0180 || nessus,10349
1196 || SERVER-WEBAPP SGI InfoSearch fname attempt || bugtraq,1031 || cve,2000-0207 || nessus,10128
1198 || SERVER-WEBAPP Netscape Enterprise Server directory view || bugtraq,1063 || cve,2000-0236
1199 || SERVER-WEBAPP Compaq Insight directory traversal || bugtraq,282 || cve,1999-0771
1200 || INDICATOR-COMPROMISE Invalid URL || url,technet.microsoft.com/en-us/security/bulletin/MS00-063
1202 || SERVER-WEBAPP search.vts access || bugtraq,162
1206 || SERVER-WEBAPP cachemgr.cgi access || bugtraq,2059 || cve,1999-0710 || nessus,10034
1207 || SERVER-WEBAPP htgrep access || cve,2000-0832 || nessus,10495
1208 || SERVER-WEBAPP responder.cgi access || bugtraq,3155
1209 || SERVER-WEBAPP .nsconfig access || url,osvdb.org/show/osvdb/5709
1214 || SERVER-WEBAPP intranet access || nessus,11626
1216 || SERVER-WEBAPP filemail access || cve,1999-1154 || cve,1999-1155 || url,www.securityfocus.com/archive/1/11175
1217 || SERVER-WEBAPP plusmail access || bugtraq,2653 || cve,2000-0074 || nessus,10181
1218 || SERVER-WEBAPP adminlogin access || bugtraq,1164 || bugtraq,1175 || cve,2000-0332 || cve,2000-0426 || nessus,11748
1219 || SERVER-WEBAPP dfire.cgi access || bugtraq,564 || cve,1999-0913
1220 || SERVER-WEBAPP ultraboard access || bugtraq,1164 || bugtraq,1175 || cve,2000-0332 || cve,2000-0426 || nessus,11748
1221 || SERVER-WEBAPP Muscat Empower cgi access || bugtraq,2374 || cve,2001-0224 || nessus,10609
1222 || SERVER-WEBAPP pals-cgi arbitrary file access attempt || bugtraq,2372 || cve,2001-0217 || nessus,10611
1224 || SERVER-WEBAPP ROADS search.pl attempt || bugtraq,2371 || cve,2001-0215 || nessus,10627
1229 || PROTOCOL-FTP CWD ... || bugtraq,9237
1230 || SERVER-WEBAPP VirusWall FtpSave access || bugtraq,2808 || cve,2001-0432 || nessus,10733
1231 || SERVER-WEBAPP VirusWall catinfo access || bugtraq,2579 || bugtraq,2808 || cve,2001-0432 || nessus,10650
1232 || SERVER-WEBAPP VirusWall catinfo access || bugtraq,2579 || bugtraq,2808 || cve,2001-0432 || nessus,10650
1234 || SERVER-WEBAPP VirusWall FtpSaveCSP access || bugtraq,2808 || cve,2001-0432 || nessus,10733
1235 || SERVER-WEBAPP VirusWall FtpSaveCVP access || bugtraq,2808 || cve,2001-0432 || nessus,10733
1239 || OS-WINDOWS RFParalyze Attempt || bugtraq,1163 || cve,2000-0347 || nessus,10392
1240 || SERVER-OTHER MDBMS overflow || bugtraq,1252 || cve,2000-0446 || nessus,10422
1241 || SERVER-WEBAPP SWEditServlet directory traversal attempt || bugtraq,2868 || cve,2001-0555
1242 || SERVER-IIS ISAPI .ida access || bugtraq,1065 || cve,2000-0071
1243 || SERVER-IIS ISAPI .ida attempt || bugtraq,1065 || cve,2000-0071 || cve,2001-0500
1244 || SERVER-IIS ISAPI .idq attempt || bugtraq,1065 || bugtraq,968 || cve,2000-0071 || cve,2000-0126 || cve,2001-0500 || nessus,10115
1245 || SERVER-IIS ISAPI .idq access || bugtraq,1065 || cve,2000-0071
1248 || SERVER-OTHER Microsoft Frontpage rad fp30reg.dll access || bugtraq,2906 || cve,2001-0341 || cve,2003-0822 || nessus,10699 || url,technet.microsoft.com/en-us/security/bulletin/MS01-035
1249 || SERVER-OTHER Microsoft Frontpage rad fp4areg.dll access || bugtraq,2906 || cve,2001-0341 || nessus,10699
1250 || OS-OTHER Cisco IOS HTTP configuration attempt || bugtraq,2936 || cve,2001-0537 || nessus,10700
1252 || PROTOCOL-TELNET bsd telnet exploit response || bugtraq,3064 || cve,2001-0554 || nessus,10709
1253 || PROTOCOL-TELNET bsd exploit client finishing || bugtraq,3064 || cve,2001-0554 || nessus,10709
1254 || SERVER-WEBAPP PHPLIB remote command attempt || bugtraq,3079 || cve,2001-1370 || nessus,14910
1255 || SERVER-WEBAPP PHPLIB remote command attempt || bugtraq,3079 || cve,2001-1370
1256 || SERVER-IIS CodeRed v2 root.exe access || url,www.cert.org/advisories/CA-2001-19.html
1257 || SERVER-OTHER Winnuke attack || bugtraq,2010 || cve,1999-0153
1259 || SERVER-WEBAPP SWEditServlet access || bugtraq,2868
1261 || SERVER-OTHER AIX pdnsd overflow || bugtraq,3237 || bugtraq,590 || cve,1999-0745
1263 || PROTOCOL-RPC portmap amountd request TCP || bugtraq,205 || bugtraq,235 || bugtraq,450 || bugtraq,614 || cve,1999-0088 || cve,1999-0210 || cve,1999-0493 || cve,1999-0704
1268 || PROTOCOL-RPC portmap pcnfsd request TCP || bugtraq,205 || bugtraq,4816 || cve,1999-0078 || cve,1999-0353 || cve,2002-0910
1271 || PROTOCOL-RPC portmap rusers request TCP || cve,1999-0626
1273 || PROTOCOL-RPC portmap selection_svc request TCP || bugtraq,205 || cve,1999-0209
1274 || PROTOCOL-RPC portmap ttdbserv request TCP || bugtraq,122 || bugtraq,3382 || cve,1999-0003 || cve,1999-0687 || cve,1999-1075 || cve,2001-0717 || url,www.cert.org/advisories/CA-2001-05.html
1276 || PROTOCOL-RPC portmap ypserv request TCP || bugtraq,5914 || bugtraq,6016 || cve,2000-1042 || cve,2000-1043 || cve,2002-1232
1277 || PROTOCOL-RPC portmap ypupdated request UDP || bugtraq,1749 || bugtraq,28383 || cve,1999-0208
1279 || PROTOCOL-RPC portmap snmpXdmi request UDP || bugtraq,2417 || cve,2001-0236 || nessus,10659 || url,www.cert.org/advisories/CA-2001-05.html
1283 || SERVER-IIS Microsoft Office Outlook web dos || bugtraq,3223
1284 || SERVER-OTHER readme.eml download attempt || url,www.cert.org/advisories/CA-2001-26.html
1285 || SERVER-IIS msdac access || nessus,11032
1286 || SERVER-IIS _mem_bin access || nessus,11032
1288 || SERVER-OTHER Microsoft Frontpage /_vti_bin/ access || nessus,11032
1289 || PROTOCOL-TFTP GET Admin.dll || url,www.cert.org/advisories/CA-2001-26.html
1290 || FILE-OTHER readme.eml autoload attempt || url,www.cert.org/advisories/CA-2001-26.html
1291 || SERVER-WEBAPP sml3com access || bugtraq,2721 || cve,2001-0740
1295 || INDICATOR-COMPROMISE nimda RICHED20.DLL || url,www.f-secure.com/v-descs/nimda.shtml
1300 || SERVER-WEBAPP admin.php file upload attempt || bugtraq,3361 || cve,2001-1032
1301 || SERVER-WEBAPP admin.php access || bugtraq,3361 || bugtraq,7532 || bugtraq,9270 || cve,2001-1032
1302 || SERVER-WEBAPP console.exe access || bugtraq,3375 || cve,2001-1252
1303 || SERVER-WEBAPP cs.exe access || bugtraq,3375 || cve,2001-1252
1307 || SERVER-WEBAPP store.cgi access || bugtraq,2385 || cve,2001-0305 || nessus,10639
1308 || SERVER-WEBAPP sendmessage.cgi access || bugtraq,3673 || cve,2001-1100
1309 || SERVER-WEBAPP zsh access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html
1323 || SERVER-OTHER rwhoisd format string attempt || bugtraq,3474 || cve,2001-0838 || nessus,10790
1324 || INDICATOR-SHELLCODE ssh CRC32 overflow /bin/sh || bugtraq,2347 || cve,2001-0144 || cve,2001-0572
1325 || INDICATOR-SHELLCODE ssh CRC32 overflow filler || bugtraq,2347 || cve,2001-0144 || cve,2001-0572
1326 || INDICATOR-SHELLCODE ssh CRC32 overflow NOOP || bugtraq,2347 || cve,2001-0144 || cve,2001-0572
1327 || INDICATOR-SHELLCODE ssh CRC32 overflow || bugtraq,2347 || cve,2001-0144 || cve,2001-0572 || nessus,10607
1375 || SERVER-WEBAPP sadmind worm access || url,www.cert.org/advisories/CA-2001-11.html
1376 || SERVER-WEBAPP jrun directory browse attempt || bugtraq,3592 || cve,2001-1510
1377 || PROTOCOL-FTP wu-ftp bad file completion attempt || bugtraq,3581 || bugtraq,3707 || cve,2001-0550 || cve,2001-0886 || nessus,10821
1378 || PROTOCOL-FTP wu-ftp bad file completion attempt || bugtraq,3581 || bugtraq,3707 || cve,2001-0550 || cve,2001-0886 || nessus,10821
1379 || PROTOCOL-FTP STAT overflow attempt || bugtraq,3507 || bugtraq,8542 || cve,2001-0325 || cve,2001-1021 || cve,2003-0772 || cve,2011-0762 || url,labs.defcom.com/adv/2001/def-2001-31.txt
1380 || SERVER-IIS Form_VBScript.asp access || bugtraq,1594 || bugtraq,1595 || cve,2000-0746 || cve,2000-1104 || nessus,10572 || url,technet.microsoft.com/en-us/security/bulletin/MS00-060
1381 || SERVER-WEBAPP Trend Micro OfficeScan attempt || bugtraq,1057
1382 || SERVER-OTHER CHAT IRC Ettercap parse overflow attempt || url,www.bugtraq.org/dev/GOBBLES-12.txt
1384 || OS-WINDOWS Microsoft Windows UPnP malformed advertisement || bugtraq,3723 || cve,2001-0876 || cve,2001-0877 || nessus,10829 || url,technet.microsoft.com/en-us/security/bulletin/MS01-059
1385 || SERVER-WEBAPP mod-plsql administration access || bugtraq,3726 || bugtraq,3727 || cve,2001-1216 || cve,2001-1217 || nessus,10849
1386 || SERVER-MSSQL raiserror possible buffer overflow || bugtraq,3733 || cve,2001-0542 || url,technet.microsoft.com/en-us/security/bulletin/MS01-060
1387 || SQL raiserror possible buffer overflow || bugtraq,3733 || cve,2001-0542 || nessus,11217
1388 || OS-WINDOWS Microsoft Windows UPnP Location overflow attempt || bugtraq,3723 || cve,2001-0876 || cve,2007-2386 || nessus,10829 || url,technet.microsoft.com/en-us/security/bulletin/MS01-059
1392 || SERVER-WEBAPP lastlines.cgi access || bugtraq,3754 || bugtraq,3755 || cve,2001-1205 || cve,2001-1206
1393 || POLICY-SOCIAL AIM AddGame attempt || bugtraq,3769 || cve,2002-0005 || url,www.w00w00.org/files/w00aimexp/
1395 || SERVER-WEBAPP zml.cgi attempt || bugtraq,3759 || cve,2001-1209 || nessus,10830
1396 || SERVER-WEBAPP zml.cgi access || bugtraq,3759 || cve,2001-1209 || nessus,10830
1397 || SERVER-WEBAPP wayboard attempt || bugtraq,2370 || cve,2001-0214 || nessus,10610
1398 || SERVER-OTHER CDE dtspcd exploit attempt || bugtraq,3517 || cve,2001-0803 || nessus,10833 || url,www.cert.org/advisories/CA-2002-01.html
1399 || SERVER-WEBAPP PHP-Nuke remote file include attempt || bugtraq,3889 || cve,2002-0206
1400 || SERVER-IIS /scripts/samples/ access || nessus,10370
1401 || SERVER-IIS /msadc/samples/ access || bugtraq,167 || cve,1999-0736 || nessus,1007
1402 || SERVER-IIS iissamples access || nessus,11032
1405 || SERVER-WEBAPP AHG search.cgi access || bugtraq,3985 || cve,2002-2113
1406 || SERVER-WEBAPP agora.cgi access || bugtraq,3702 || bugtraq,3976 || cve,2001-1199 || cve,2002-0215 || nessus,10836
1407 || SERVER-WEBAPP smssend.php access || bugtraq,3982 || cve,2002-0220
1408 || SERVER-OTHER MSDTC attempt || bugtraq,4006 || cve,2002-0224 || nessus,10939
1409 || PROTOCOL-SNMP community string buffer overflow attempt || bugtraq,4088 || bugtraq,4089 || cve,2002-0012 || cve,2002-0013 || url,www.cert.org/advisories/CA-2002-03.html
1410 || SERVER-WEBAPP dcboard.cgi access || bugtraq,2728 || cve,2001-0527 || nessus,10583
1411 || PROTOCOL-SNMP public access udp || bugtraq,2112 || bugtraq,4088 || bugtraq,4089 || cve,1999-0517 || cve,2002-0012 || cve,2002-0013
1412 || PROTOCOL-SNMP public access tcp || bugtraq,2112 || bugtraq,4088 || bugtraq,4089 || bugtraq,7212 || cve,1999-0517 || cve,2002-0012 || cve,2002-0013
1413 || PROTOCOL-SNMP private access udp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || bugtraq,7212 || cve,2002-0012 || cve,2002-0013
1414 || PROTOCOL-SNMP private access tcp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1415 || PROTOCOL-SNMP Broadcast request || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1416 || PROTOCOL-SNMP broadcast trap || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1417 || PROTOCOL-SNMP request udp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1418 || PROTOCOL-SNMP request tcp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1419 || PROTOCOL-SNMP trap udp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1420 || PROTOCOL-SNMP trap tcp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1421 || PROTOCOL-SNMP AgentX/tcp request || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1422 || PROTOCOL-SNMP community string buffer overflow attempt with evasion || bugtraq,4088 || bugtraq,4089 || cve,2002-0012 || cve,2002-0013 || url,www.cert.org/advisories/CA-2002-03.html
1423 || SERVER-WEBAPP content-disposition memchr overflow || bugtraq,4183 || cve,2002-0081 || nessus,10867
1425 || SERVER-WEBAPP content-disposition file upload attempt || bugtraq,4183 || cve,2002-0081 || nessus,10867
1426 || PROTOCOL-SNMP PROTOS test-suite-req-app attempt || url,www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
1427 || PROTOCOL-SNMP PROTOS test-suite-trap-app attempt || url,www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
1434 || SERVER-WEBAPP .bash_history access || bugtraq,337 || cve,1999-0408
1435 || PROTOCOL-DNS named authors attempt || nessus,10728
1447 || POLICY-OTHER Microsoft Windows Terminal server RDP attempt || bugtraq,3099 || cve,2001-0540 || cve,2001-0663 || nessus,10940 || url,technet.microsoft.com/en-us/security/bulletin/MS01-040 || url,technet.microsoft.com/en-us/security/bulletin/MS01-052
1448 || POLICY-OTHER Microsoft Windows Terminal server request attempt || bugtraq,3099 || cve,2001-0540 || cve,2001-0663 || nessus,10940 || url,technet.microsoft.com/en-us/security/bulletin/MS01-040 || url,technet.microsoft.com/en-us/security/bulletin/MS01-052
1450 || SERVER-MAIL Vintra Mailserver expn *@ || cve,1999-1200
1451 || SERVER-WEBAPP NPH-maillist access || bugtraq,2563 || cve,2001-0400 || nessus,10164
1452 || SERVER-WEBAPP args.cmd access || cve,1999-1180 || nessus,11465
1453 || SERVER-WEBAPP AT-generated.cgi access || cve,1999-1072
1454 || SERVER-WEBAPP wwwwais access || cve,2001-0223 || nessus,10597
1455 || SERVER-WEBAPP calendar.pl access || bugtraq,1215 || cve,2000-0432
1456 || SERVER-WEBAPP calender_admin.pl access || cve,2000-0432 || nessus,10506
1457 || SERVER-WEBAPP user_update_admin.pl access || bugtraq,1486 || cve,2000-0627
1458 || SERVER-WEBAPP user_update_passwd.pl access || bugtraq,1486 || cve,2000-0627
1459 || SERVER-WEBAPP bb-histlog.sh access || bugtraq,142 || cve,1999-1462 || nessus,10025
1460 || SERVER-WEBAPP bb-histsvc.sh access || bugtraq,142 || cve,1999-1462
1461 || SERVER-WEBAPP bb-rep.sh access || bugtraq,142 || cve,1999-1462
1462 || SERVER-WEBAPP bb-replog.sh access || bugtraq,142 || cve,1999-1462
1464 || INDICATOR-COMPROMISE oracle one hour install || nessus,10737
1465 || SERVER-WEBAPP auktion.cgi access || bugtraq,2367 || cve,2001-0212 || nessus,10638
1466 || SERVER-WEBAPP cgiforum.pl access || bugtraq,1963 || cve,2000-1171 || nessus,10552
1467 || SERVER-WEBAPP directorypro.cgi access || bugtraq,2793 || cve,2001-0780 || nessus,10679
1468 || SERVER-WEBAPP Web Shopper shopper.cgi attempt || bugtraq,1776 || cve,2000-0922 || nessus,10533
1469 || SERVER-WEBAPP Web Shopper shopper.cgi access || bugtraq,1776 || cve,2000-0922
1470 || SERVER-WEBAPP listrec.pl access || bugtraq,3328 || cve,2001-0997 || nessus,10769
1471 || SERVER-WEBAPP mailnews.cgi access || bugtraq,2391 || cve,2001-0271 || nessus,10641
1472 || SERVER-WEBAPP book.cgi access || bugtraq,3178 || cve,2001-1114 || nessus,10721
1473 || SERVER-WEBAPP newsdesk.cgi access || bugtraq,2172 || cve,2001-0232 || nessus,10586
1474 || SERVER-WEBAPP cal_make.pl access || bugtraq,2663 || cve,2001-0463 || nessus,10664
1475 || SERVER-WEBAPP mailit.pl access || nessus,10417
1476 || SERVER-WEBAPP sdbsearch.cgi access || bugtraq,1658 || cve,2001-1130 || nessus,10503 || nessus,10720
1478 || SERVER-WEBAPP Simple Web Counter URI Parameter Buffer Overflow attempt || bugtraq,6581 || nessus,10493 || url,osvdb.org/show/osvdb/392
1479 || SERVER-WEBAPP ttawebtop.cgi arbitrary file attempt || bugtraq,2890 || cve,2001-0805 || nessus,10696
1480 || SERVER-WEBAPP ttawebtop.cgi access || bugtraq,2890 || cve,2001-0805 || nessus,10696
1481 || SERVER-WEBAPP upload.cgi access || nessus,10290
1482 || SERVER-WEBAPP view_source access || bugtraq,2251 || cve,1999-0174 || nessus,10294
1483 || SERVER-WEBAPP ustorekeeper.pl access || cve,2001-0466 || nessus,10645
1485 || SERVER-IIS mkilog.exe access || nessus,10359 || url,osvdb.org/show/osvdb/274
1486 || SERVER-IIS ctss.idc access || nessus,10359
1487 || SERVER-IIS /iisadmpwd/aexp2.htr access || bugtraq,2110 || bugtraq,4236 || cve,1999-0407 || cve,2002-0421 || nessus,10371
1488 || SERVER-WEBAPP store.cgi directory traversal attempt || bugtraq,2385 || cve,2001-0305 || nessus,10639
1489 || SERVER-WEBAPP nobody access || nessus,10484
1490 || SERVER-WEBAPP Phorum /support/common.php attempt || bugtraq,1997
1491 || SERVER-WEBAPP Phorum /support/common.php access || bugtraq,1997 || bugtraq,9361 || cve,2004-0034
1492 || SERVER-WEBAPP RBS ISP /newuser  directory traversal attempt || bugtraq,1704 || cve,2000-1036 || nessus,10521
1493 || SERVER-WEBAPP RBS ISP /newuser access || bugtraq,1704 || cve,2000-1036 || nessus,10521
1494 || SERVER-WEBAPP SIX webboard generate.cgi attempt || bugtraq,3175 || cve,2001-1115 || nessus,10725
1495 || SERVER-WEBAPP SIX webboard generate.cgi access || bugtraq,3175 || cve,2001-1115 || nessus,10725
1496 || SERVER-WEBAPP spin_client.cgi access || nessus,10393
1499 || SERVER-WEBAPP SiteScope Service access || nessus,10778
1500 || SERVER-WEBAPP ExAir access || bugtraq,193 || cve,1999-0449 || nessus,10002 || nessus,10003 || nessus,10004
1501 || SERVER-WEBAPP a1stats a1disp3.cgi directory traversal attempt || bugtraq,2705 || cve,2001-0561 || nessus,10669
1502 || SERVER-WEBAPP a1stats a1disp3.cgi access || bugtraq,2705 || cve,2001-0561 || nessus,10669
1503 || SERVER-WEBAPP admentor admin.asp access || bugtraq,4152 || cve,2002-0308 || nessus,10880 || url,www.securiteam.com/windowsntfocus/5DP0N1F6AW.html
1504 || POLICY-OTHER AFS access || nessus,10441
1505 || SERVER-WEBAPP alchemy http server PRN arbitrary command execution attempt || bugtraq,3599 || cve,2001-0871 || nessus,10818
1506 || SERVER-WEBAPP alchemy http server NUL arbitrary command execution attempt || bugtraq,3599 || cve,2001-0871 || nessus,10818
1507 || SERVER-WEBAPP alibaba.pl arbitrary command execution attempt || bugtraq,770 || cve,1999-0885 || nessus,10013
1508 || SERVER-WEBAPP alibaba.pl access || bugtraq,770 || cve,1999-0885 || nessus,10013
1509 || SERVER-WEBAPP AltaVista Intranet Search directory traversal attempt || bugtraq,896 || cve,2000-0039 || nessus,10015
1510 || SERVER-WEBAPP test.bat arbitrary command execution attempt || bugtraq,762 || cve,1999-0947 || nessus,10016
1511 || SERVER-WEBAPP test.bat access || bugtraq,762 || cve,1999-0947 || nessus,10016
1512 || SERVER-WEBAPP input.bat arbitrary command execution attempt || bugtraq,762 || cve,1999-0947 || nessus,10016
1513 || SERVER-WEBAPP input.bat access || bugtraq,762 || cve,1999-0947 || nessus,10016
1514 || SERVER-WEBAPP input2.bat arbitrary command execution attempt || bugtraq,762 || cve,1999-0947 || nessus,10016
1515 || SERVER-WEBAPP input2.bat access || bugtraq,762 || cve,1999-0947 || nessus,10016
1516 || SERVER-WEBAPP envout.bat arbitrary command execution attempt || bugtraq,762 || cve,1999-0947 || nessus,10016
1517 || SERVER-WEBAPP envout.bat access || bugtraq,762 || cve,1999-0947 || nessus,10016
1518 || SERVER-WEBAPP nstelemetry.adp access || nessus,10753
1519 || SERVER-WEBAPP apache ?M=D directory list attempt || bugtraq,3009 || cve,2001-0731 || nessus,10704
1520 || SERVER-WEBAPP server-info access || url,httpd.apache.org/docs/mod/mod_info.html
1521 || SERVER-WEBAPP server-status access || url,httpd.apache.org/docs/mod/mod_info.html
1522 || SERVER-WEBAPP ans.pl attempt || bugtraq,4147 || bugtraq,4149 || cve,2002-0306 || cve,2002-0307 || nessus,10875
1523 || SERVER-WEBAPP ans.pl access || bugtraq,4147 || bugtraq,4149 || cve,2002-0306 || cve,2002-0307 || nessus,10875
1524 || SERVER-WEBAPP Axis Storpoint CD attempt || bugtraq,1025 || cve,2000-0191 || nessus,10023
1525 || SERVER-WEBAPP Axis Storpoint CD access || bugtraq,1025 || cve,2000-0191 || nessus,10023
1526 || SERVER-WEBAPP basilix sendmail.inc access || bugtraq,2198 || cve,2001-1044 || nessus,10601
1527 || SERVER-WEBAPP basilix mysql.class access || bugtraq,2198 || cve,2001-1044 || nessus,10601
1528 || SERVER-WEBAPP BBoard access || bugtraq,1459 || cve,2000-0629 || nessus,10507
1529 || PROTOCOL-FTP SITE overflow attempt || cve,1999-0838 || cve,2001-0755 || cve,2001-0770
1531 || SERVER-WEBAPP bb-hist.sh attempt || bugtraq,142 || cve,1999-1462 || nessus,10025
1532 || SERVER-WEBAPP bb-hostscv.sh attempt || bugtraq,1455 || cve,2000-0638 || nessus,10460
1533 || SERVER-WEBAPP bb-hostscv.sh access || bugtraq,1455 || cve,2000-0638 || nessus,10460
1534 || SERVER-WEBAPP agora.cgi attempt || bugtraq,3702 || bugtraq,3976 || cve,2001-1199 || cve,2002-0215 || nessus,10836
1535 || SERVER-WEBAPP bizdbsearch access || bugtraq,1104 || cve,2000-0287 || nessus,10383
1536 || SERVER-WEBAPP calendar_admin.pl arbitrary command execution attempt || bugtraq,1215 || cve,2000-0432 || nessus,10506
1537 || SERVER-WEBAPP calendar_admin.pl access || bugtraq,1215 || cve,2000-0432 || nessus,10506
1538 || PROTOCOL-NNTP AUTHINFO USER overflow attempt || bugtraq,1156 || cve,2000-0341 || nessus,10388
1539 || SERVER-WEBAPP /cgi-bin/ls access || bugtraq,936 || cve,2000-0079 || nessus,10037
1540 || SERVER-OTHER Adobe Coldfusion ?Mode=debug attempt || cve,1999-0760 || nessus,10797
1542 || SERVER-WEBAPP cgimail access || bugtraq,1623 || cve,2000-0726 || nessus,11721
1543 || SERVER-WEBAPP cgiwrap access || bugtraq,1238 || bugtraq,3084 || bugtraq,777 || cve,1999-1530 || cve,2000-0431 || cve,2001-0987 || nessus,10041
1544 || SERVER-WEBAPP Cisco Catalyst command execution attempt || bugtraq,1846 || cve,2000-0945 || nessus,10545
1546 || SERVER-WEBAPP Cisco HTTP double-percent DOS attempt || bugtraq,1154 || cve,2000-0380 || nessus,10387
1547 || SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt || bugtraq,4368 || cve,2002-0495 || nessus,10924
1548 || SERVER-WEBAPP csSearch.cgi access || bugtraq,4368 || cve,2002-0495 || nessus,10924
1549 || SERVER-MAIL HELO overflow attempt || bugtraq,7726 || bugtraq,895 || cve,2000-0042 || nessus,10324 || nessus,11674
1550 || SERVER-MAIL ETRN overflow attempt || bugtraq,1297 || bugtraq,7515 || cve,2000-0490 || nessus,10438
1551 || SERVER-WEBAPP /CVS/Entries access || nessus,10922 || nessus,11032
1552 || SERVER-WEBAPP cvsweb version access || cve,2000-0670 || nessus,10465
1554 || SERVER-WEBAPP dbman db.cgi access || bugtraq,1178 || cve,2000-0381 || nessus,10403
1555 || SERVER-WEBAPP DCShop access || bugtraq,2889 || cve,2001-0821
1556 || SERVER-WEBAPP DCShop orders.txt access || bugtraq,2889 || cve,2001-0821
1557 || SERVER-WEBAPP DCShop auth_user_file.txt access || bugtraq,2889 || cve,2001-0821
1558 || SERVER-WEBAPP Delegate whois overflow attempt || cve,2000-0165 || nessus,10054
1559 || SERVER-WEBAPP /doc/packages access || bugtraq,1707 || cve,2000-1016 || nessus,10518 || nessus,11032
1560 || SERVER-WEBAPP /doc/ access || bugtraq,318 || cve,1999-0678
1562 || PROTOCOL-FTP SITE CHOWN overflow attempt || bugtraq,2120 || cve,2001-0065 || nessus,10579
1563 || SERVER-WEBAPP login.htm attempt || bugtraq,665 || cve,1999-1533
1564 || SERVER-WEBAPP login.htm access || bugtraq,665 || cve,1999-1533
1565 || SERVER-WEBAPP eshop.pl arbitrary command execution attempt || bugtraq,3340 || cve,2001-1014
1566 || SERVER-WEBAPP eshop.pl access || bugtraq,3340 || cve,2001-1014
1567 || SERVER-IIS /exchange/root.asp attempt || bugtraq,3301 || cve,2001-0660 || nessus,10755 || nessus,10781 || url,technet.microsoft.com/en-us/security/bulletin/MS01-047
1568 || SERVER-IIS /exchange/root.asp access || bugtraq,3301 || cve,2001-0660 || nessus,10755 || nessus,10781
1569 || SERVER-WEBAPP loadpage.cgi directory traversal attempt || bugtraq,2109 || cve,2000-1092 || nessus,10065
1570 || SERVER-WEBAPP loadpage.cgi access || bugtraq,2109 || cve,2000-1092 || nessus,10065
1571 || SERVER-WEBAPP dcforum.cgi directory traversal attempt || bugtraq,2611 || cve,2001-0436 || cve,2001-0437 || nessus,10583
1572 || SERVER-WEBAPP commerce.cgi arbitrary file access attempt || bugtraq,2361 || cve,2001-0210 || nessus,10612
1573 || SERVER-WEBAPP cgiforum.pl attempt || bugtraq,1963 || cve,2000-1171 || nessus,10552
1574 || SERVER-WEBAPP directorypro.cgi attempt || bugtraq,2793 || cve,2001-0780 || nessus,10679
1575 || SERVER-WEBAPP Domino mab.nsf access || bugtraq,4022 || cve,2001-1567 || nessus,10953
1576 || SERVER-WEBAPP Domino cersvr.nsf access || nessus,10629
1577 || SERVER-WEBAPP Domino setup.nsf access || nessus,10629
1578 || SERVER-WEBAPP Domino statrep.nsf access || nessus,10629
1579 || SERVER-WEBAPP Domino webadmin.nsf access || bugtraq,9900 || bugtraq,9901 || cve,2004-2310 || cve,2004-2311 || cve,2004-2369 || nessus,10629
1580 || SERVER-WEBAPP Domino events4.nsf access || nessus,10629
1581 || SERVER-WEBAPP Domino ntsync4.nsf access || nessus,10629
1582 || SERVER-WEBAPP Domino collect4.nsf access || nessus,10629
1583 || SERVER-WEBAPP Domino mailw46.nsf access || nessus,10629
1584 || SERVER-WEBAPP Domino bookmark.nsf access || nessus,10629
1585 || SERVER-WEBAPP Domino agentrunner.nsf access || nessus,10629
1586 || SERVER-WEBAPP Domino mail.box access || bugtraq,881 || cve,2000-0021 || cve,2000-0022 || cve,2000-0023 || nessus,10629
1587 || SERVER-WEBAPP cgitest.exe access || bugtraq,1313 || bugtraq,3885 || cve,2000-0521 || cve,2002-0128 || nessus,10040 || nessus,10623 || nessus,11131
1588 || SERVER-WEBAPP SalesLogix Eviewer access || bugtraq,1078 || bugtraq,1089 || cve,2000-0278 || cve,2000-0289
1589 || SERVER-WEBAPP musicat empower attempt || bugtraq,2374 || cve,2001-0224 || nessus,10609
1590 || SERVER-WEBAPP faqmanager.cgi arbitrary file access attempt || bugtraq,3810 || cve,2002-2033 || nessus,10837
1591 || SERVER-WEBAPP faqmanager.cgi access || bugtraq,3810 || cve,2002-2033 || nessus,10837
1592 || SERVER-WEBAPP /fcgi-bin/echo.exe access || nessus,10838
1593 || SERVER-WEBAPP FormHandler.cgi external site redirection attempt || bugtraq,798 || bugtraq,799 || cve,1999-1050 || nessus,10075
1594 || SERVER-WEBAPP FormHandler.cgi access || bugtraq,798 || bugtraq,799 || cve,1999-1050 || nessus,10075
1595 || SERVER-IIS htimage.exe access || bugtraq,1117 || bugtraq,964 || cve,2000-0122 || cve,2000-0256 || nessus,10376
1597 || SERVER-WEBAPP guestbook.cgi access || cve,1999-0237 || nessus,10098
1598 || SERVER-WEBAPP Home Free search.cgi directory traversal attempt || bugtraq,921 || cve,2000-0054 || nessus,10101
1599 || SERVER-WEBAPP search.cgi access || bugtraq,921 || cve,2000-0054
1600 || SERVER-WEBAPP htsearch arbitrary configuration file attempt || bugtraq,3410 || cve,2001-0834
1601 || SERVER-WEBAPP htsearch arbitrary file read attempt || bugtraq,1026 || cve,2000-0208 || nessus,10105
1602 || SERVER-WEBAPP htsearch access || bugtraq,1026 || cve,2000-0208 || nessus,10105
1603 || SERVER-WEBAPP DELETE attempt || nessus,10498
1604 || SERVER-WEBAPP iChat directory traversal attempt || cve,1999-0897
1605 || SERVER-OTHER iParty DOS attempt || bugtraq,6844 || cve,1999-1566 || nessus,10111
1606 || SERVER-WEBAPP icat access || cve,1999-1069
1607 || SERVER-WEBAPP HyperSeek hsx.cgi access || bugtraq,2314 || cve,2001-0253 || nessus,10602
1608 || SERVER-WEBAPP htmlscript attempt || bugtraq,2001 || cve,1999-0264 || nessus,10106
1610 || SERVER-WEBAPP formmail arbitrary command execution attempt || bugtraq,1187 || bugtraq,2079 || cve,1999-0172 || cve,2000-0411 || nessus,10076 || nessus,10782
1611 || SERVER-WEBAPP eXtropia webstore access || bugtraq,1774 || cve,2000-1005 || nessus,10532
1612 || SERVER-WEBAPP ftp.pl attempt || bugtraq,1471 || cve,2000-0674 || nessus,10467
1613 || SERVER-WEBAPP handler attempt || bugtraq,380 || cve,1999-0148 || nessus,10100
1614 || SERVER-WEBAPP Novell Groupwise gwweb.exe attempt || bugtraq,879 || cve,1999-1005 || cve,1999-1006 || nessus,10877
1615 || SERVER-WEBAPP htgrep attempt || cve,2000-0832 || nessus,10495
1616 || PROTOCOL-DNS named version attempt || nessus,10028
1617 || SERVER-WEBAPP Bugzilla doeditvotes.cgi access || bugtraq,3800 || cve,2002-0011
1618 || SERVER-IIS .asp chunked Transfer-Encoding || bugtraq,4474 || bugtraq,4485 || cve,2002-0071 || cve,2002-0079 || nessus,10932
1622 || PROTOCOL-FTP RNFR ././ attempt || cve,1999-0081
1623 || PROTOCOL-FTP invalid MODE || url,www.faqs.org/rfcs/rfc959.html
1625 || PROTOCOL-FTP SYST overflow attempt || url,www.faqs.org/rfcs/rfc959.html
1628 || SERVER-WEBAPP FormHandler.cgi directory traversal attempt attempt || bugtraq,798 || bugtraq,799 || cve,1999-1050 || nessus,10075
1634 || PROTOCOL-POP PASS overflow attempt || bugtraq,21645 || bugtraq,791 || cve,1999-1511 || cve,2006-6605 || nessus,10325
1635 || PROTOCOL-POP APOP overflow attempt || bugtraq,1652 || cve,2000-0840 || cve,2000-0841 || nessus,10559
1636 || SERVER-OTHER Xtramail Username overflow attempt || bugtraq,791 || cve,1999-1511 || nessus,10323
1637 || SERVER-WEBAPP yabb access || bugtraq,1668 || cve,2000-0853 || nessus,10512
1641 || SERVER-OTHER DB2 dos attempt || bugtraq,3010 || cve,2001-1143 || nessus,10871
1642 || SERVER-WEBAPP document.d2w access || bugtraq,2017 || cve,2000-1110
1643 || SERVER-WEBAPP db2www access || cve,2000-0677
1644 || SERVER-WEBAPP test-cgi attempt || bugtraq,2003 || cve,1999-0070 || nessus,10282
1645 || SERVER-WEBAPP testcgi access || bugtraq,7214 || cve,2003-1531 || nessus,11610
1648 || SERVER-WEBAPP perl.exe command attempt || cve,1999-0509 || nessus,10173 || url,www.cert.org/advisories/CA-1996-11.html
1649 || SERVER-WEBAPP perl command attempt || cve,1999-0509 || nessus,10173 || url,www.cert.org/advisories/CA-1996-11.html
1650 || SERVER-WEBAPP tst.bat access || bugtraq,770 || cve,1999-0885 || nessus,10014
1652 || SERVER-WEBAPP campas attempt || bugtraq,1975 || cve,1999-0146 || nessus,10035
1654 || SERVER-WEBAPP cart32.exe access || bugtraq,1153 || nessus,10389
1655 || SERVER-WEBAPP pfdispaly.cgi arbitrary command execution attempt || cve,1999-0270 || nessus,10174
1656 || SERVER-WEBAPP pfdispaly.cgi access || bugtraq,64 || cve,1999-0270 || nessus,10174
1657 || SERVER-WEBAPP pagelog.cgi directory traversal attempt || bugtraq,1864 || cve,2000-0940 || nessus,10591
1658 || SERVER-WEBAPP pagelog.cgi access || bugtraq,1864 || cve,2000-0940 || nessus,10591
1659 || SERVER-OTHER Adobe Coldfusion sendmail.cfm access || cve,1999-0760 || cve,2001-0535
1660 || SERVER-IIS trace.axd access || nessus,10993
1663 || SERVER-WEBAPP *%20.pl access || nessus,11007 || url,rtfm.vn.ua/inet/sec/cgi-bugs.htm || url,www.securityfocus.com/archive/1/149482
1666 || INDICATOR-COMPROMISE index of /cgi-bin/ response || nessus,10039
1667 || SERVER-WEBAPP cross site scripting HTML Image tag set to javascript attempt || bugtraq,4858 || cve,2002-0902
1670 || SERVER-WEBAPP /home/ftp access || nessus,11032
1671 || SERVER-WEBAPP /home/www access || nessus,11032
1672 || PROTOCOL-FTP CWD ~ attempt || bugtraq,2601 || bugtraq,9215 || cve,2001-0421
1700 || SERVER-WEBAPP imagemap.exe access || bugtraq,739 || cve,1999-0951 || nessus,10122
1701 || SERVER-WEBAPP calendar-admin.pl access || bugtraq,1215 || cve,2000-0432 || nessus,10506
1702 || SERVER-WEBAPP Amaya templates sendtemp.pl access || bugtraq,2504 || cve,2001-0272
1703 || SERVER-WEBAPP auktion.cgi directory traversal attempt || bugtraq,2367 || cve,2001-0212 || nessus,10638
1704 || SERVER-WEBAPP cal_make.pl directory traversal attempt || bugtraq,2663 || cve,2001-0463 || nessus,10664
1705 || SERVER-WEBAPP echo.bat arbitrary command execution attempt || bugtraq,1002 || cve,2000-0213 || nessus,10246
1706 || SERVER-WEBAPP echo.bat access || bugtraq,1002 || cve,2000-0213 || nessus,10246
1707 || SERVER-WEBAPP hello.bat arbitrary command execution attempt || bugtraq,1002 || cve,2000-0213 || nessus,10246
1708 || SERVER-WEBAPP hello.bat access || bugtraq,1002 || cve,2000-0213 || nessus,10246
1709 || SERVER-WEBAPP ad.cgi access || bugtraq,2103 || cve,2001-0025 || nessus,11464
1710 || SERVER-WEBAPP bbs_forum.cgi access || bugtraq,2177 || cve,2001-0123 || url,www.cgisecurity.com/advisory/3.1.txt
1711 || SERVER-WEBAPP bsguest.cgi access || bugtraq,2159 || cve,2001-0099
1712 || SERVER-WEBAPP bslist.cgi access || bugtraq,2160 || cve,2001-0100
1713 || SERVER-WEBAPP cgforum.cgi access || bugtraq,1951 || cve,2000-1132
1715 || SERVER-WEBAPP register.cgi access || bugtraq,2157 || cve,2001-0076
1716 || SERVER-WEBAPP gbook.cgi access || bugtraq,1940 || cve,2000-1131
1717 || SERVER-WEBAPP simplestguest.cgi access || bugtraq,2106 || cve,2001-0022
1718 || SERVER-WEBAPP statsconfig.pl access || bugtraq,2211 || cve,2001-0113
1719 || SERVER-WEBAPP talkback.cgi directory traversal attempt || bugtraq,2547 || cve,2001-0420
1720 || SERVER-WEBAPP talkback.cgi access || bugtraq,2547 || cve,2001-0420
1721 || SERVER-WEBAPP adcycle access || bugtraq,3741 || cve,2001-1226
1722 || SERVER-WEBAPP MachineInfo access || cve,1999-1067
1723 || SERVER-WEBAPP emumail.cgi NULL attempt || bugtraq,5824 || cve,2002-1526
1724 || SERVER-WEBAPP emumail.cgi access || bugtraq,5824 || cve,2002-1526
1725 || SERVER-IIS +.htr code fragment attempt || bugtraq,1488 || cve,2000-0630 || cve,2001-0004 || nessus,10680 || url,technet.microsoft.com/en-us/security/bulletin/MS00-044 || url,technet.microsoft.com/en-us/security/bulletin/ms01-004
1727 || SERVER-WEBAPP SGI InfoSearch fname access || bugtraq,1031 || cve,2000-0207
1730 || SERVER-WEBAPP ustorekeeper.pl directory traversal attempt || bugtraq,2536 || cve,2001-0466 || nessus,10645
1731 || SERVER-WEBAPP a1stats access || bugtraq,2705 || cve,2001-0561 || nessus,10669
1732 || PROTOCOL-RPC portmap rwalld request UDP || bugtraq,205 || cve,1999-0181
1733 || PROTOCOL-RPC portmap rwalld request TCP || bugtraq,205 || cve,1999-0181
1734 || PROTOCOL-FTP USER overflow attempt || bugtraq,10078 || bugtraq,10720 || bugtraq,1227 || bugtraq,1504 || bugtraq,15352 || bugtraq,1690 || bugtraq,22044 || bugtraq,22045 || bugtraq,4638 || bugtraq,49750 || bugtraq,7307 || bugtraq,8376 || cve,1999-1510 || cve,1999-1514 || cve,1999-1519 || cve,1999-1539 || cve,2000-0479 || cve,2000-0656 || cve,2000-0761 || cve,2000-0943 || cve,2000-1194 || cve,2001-0256 || cve,2001-0794 || cve,2001-0826 || cve,2002-0126 || cve,2002-1522 || cve,2003-0271 || cve,2004-0286 || cve,2004-0695 || cve,2005-3683
1735 || BROWSER-OTHER Mozilla Netscape XMLHttpRequest local file read attempt || bugtraq,4628 || cve,2002-0354
1736 || SERVER-WEBAPP squirrel mail spell-check arbitrary command attempt || bugtraq,3952
1737 || SERVER-WEBAPP squirrel mail theme arbitrary command attempt || bugtraq,4385 || cve,2002-0516
1738 || SERVER-WEBAPP global.inc access || bugtraq,4612 || cve,2002-0614
1739 || SERVER-WEBAPP DNSTools administrator authentication bypass attempt || bugtraq,4617 || cve,2002-0613
1740 || SERVER-WEBAPP DNSTools authentication bypass attempt || bugtraq,4617 || cve,2002-0613
1741 || SERVER-WEBAPP DNSTools access || bugtraq,4617 || cve,2002-0613
1742 || SERVER-WEBAPP Blahz-DNS dostuff.php modify user attempt || bugtraq,4618 || cve,2002-0599
1743 || SERVER-WEBAPP Blahz-DNS dostuff.php access || bugtraq,4618 || cve,2002-0599
1744 || SERVER-WEBAPP SecureSite authentication bypass attempt || bugtraq,4621
1745 || SERVER-WEBAPP Messagerie supp_membre.php access || bugtraq,4635
1746 || PROTOCOL-RPC portmap cachefsd request UDP || bugtraq,4674 || cve,2002-0033 || cve,2002-0084 || nessus,10951
1747 || PROTOCOL-RPC portmap cachefsd request TCP || bugtraq,4674 || cve,2002-0033 || cve,2002-0084 || nessus,10951
1751 || SERVER-OTHER cachefsd buffer overflow attempt || bugtraq,4631 || cve,2002-0084 || nessus,10951
1752 || POLICY-SOCIAL AIM AddExternalApp attempt || url,www.w00w00.org/files/w00aimexp/
1753 || SERVER-IIS as_web.exe access || bugtraq,4670 || cve,2002-1727 || cve,2002-1728
1754 || SERVER-IIS as_web4.exe access || bugtraq,4670 || cve,2002-1727 || cve,2002-1728
1755 || PROTOCOL-IMAP partial body buffer overflow attempt || bugtraq,4713 || cve,2002-0379 || nessus,10966
1756 || SERVER-IIS NewsPro administration authentication attempt || bugtraq,4672 || cve,2002-1734
1757 || SERVER-WEBAPP b2 arbitrary command execution attempt || bugtraq,4673 || cve,2002-0734 || cve,2002-1466 || nessus,11667
1759 || SQL xp_cmdshell program execution 445 || bugtraq,5309
1762 || SERVER-WEBAPP phf arbitrary command execution attempt || bugtraq,629 || cve,1999-0067
1763 || SERVER-WEBAPP Nortel Contivity cgiproc DOS attempt || bugtraq,938 || cve,2000-0063 || cve,2000-0064 || nessus,10160
1764 || SERVER-WEBAPP Nortel Contivity cgiproc DOS attempt || bugtraq,938 || cve,2000-0063 || cve,2000-0064 || nessus,10160
1765 || SERVER-WEBAPP Nortel Contivity cgiproc access || bugtraq,938 || cve,2000-0063 || cve,2000-0064 || nessus,10160
1766 || SERVER-WEBAPP search.dll directory listing attempt || bugtraq,1684 || cve,2000-0835 || nessus,10514
1767 || SERVER-WEBAPP search.dll access || bugtraq,1684 || cve,2000-0835 || nessus,10514
1769 || SERVER-WEBAPP .DS_Store access || url,www.macintouch.com/mosxreaderreports46.html
1770 || SERVER-WEBAPP .FBCIndex access || url,www.securiteam.com/securitynews/5LP0O005FS.html
1772 || SERVER-IIS pbserver access || cve,2000-1089 || url,technet.microsoft.com/en-us/security/bulletin/ms00-094
1773 || SERVER-WEBAPP php.exe access || url,www.securitytracker.com/alerts/2002/Jan/1003104.html
1774 || SERVER-WEBAPP bb_smilies.php access || url,www.securiteam.com/securitynews/Serious_security_hole_in_PHP-Nuke__bb_smilies_.html
1777 || PROTOCOL-FTP EXPLOIT STAT asterisk dos attempt || bugtraq,4482 || cve,2002-0073 || nessus,10934 || url,technet.microsoft.com/en-us/security/bulletin/MS02-018
1778 || PROTOCOL-FTP EXPLOIT STAT ? dos attempt || bugtraq,4482 || cve,2002-0073 || nessus,10934 || url,technet.microsoft.com/en-us/security/bulletin/MS02-018
1787 || SERVER-WEBAPP csPassword.cgi access || bugtraq,4885 || bugtraq,4886 || bugtraq,4887 || bugtraq,4889 || cve,2002-0917 || cve,2002-0918
1788 || SERVER-WEBAPP csPassword password.cgi.tmp access || bugtraq,4889 || cve,2002-0920
1792 || PROTOCOL-NNTP return code buffer overflow attempt || bugtraq,4900 || cve,2002-0909
1802 || SERVER-IIS .asa HTTP header buffer overflow attempt || bugtraq,4476 || cve,2002-0150 || nessus,10936 || url,technet.microsoft.com/en-us/security/bulletin/MS02-018
1803 || SERVER-IIS .cer HTTP header buffer overflow attempt || bugtraq,4476 || cve,2002-0150 || nessus,10936 || url,technet.microsoft.com/en-us/security/bulletin/MS02-018
1804 || SERVER-IIS .cdx HTTP header buffer overflow attempt || bugtraq,4476 || cve,2002-0150 || nessus,10936 || url,technet.microsoft.com/en-us/security/bulletin/MS02-018
1805 || SERVER-WEBAPP Oracle Reports CGI access || bugtraq,4848 || cve,2002-0947
1806 || SERVER-IIS .htr chunked Transfer-Encoding || bugtraq,4855 || bugtraq,5003 || cve,2002-0364 || nessus,11028
1807 || POLICY-OTHER Chunked-Encoding transfer attempt || bugtraq,4474 || bugtraq,4485 || bugtraq,5033 || cve,2002-0071 || cve,2002-0079 || cve,2002-0392 || nessus,10932
1808 || SERVER-WEBAPP apache chunked encoding memory corruption exploit attempt || bugtraq,5033 || cve,2002-0392
1809 || SERVER-APACHE Apache Chunked-Encoding worm attempt || bugtraq,4474 || bugtraq,4485 || bugtraq,5033 || cve,2002-0071 || cve,2002-0079 || cve,2002-0392 || nessus,10932
1810 || SERVER-OTHER successful gobbles ssh exploit GOBBLE || bugtraq,5093 || cve,2002-0390 || cve,2002-0640
1811 || SERVER-OTHER successful gobbles ssh exploit uname || bugtraq,5093 || cve,2002-0390 || cve,2002-0640 || nessus,11031
1812 || SERVER-OTHER gobbles SSH exploit attempt || bugtraq,5093 || cve,2002-0639 || nessus,11031
1814 || SERVER-WEBAPP CISCO VoIP DOS ATTEMPT || bugtraq,4794 || cve,2002-0882 || nessus,11013
1815 || SERVER-WEBAPP directory.php arbitrary command attempt || bugtraq,4278 || cve,2002-0434 || nessus,11017
1816 || SERVER-WEBAPP directory.php access || bugtraq,4278 || cve,2002-0434
1817 || SERVER-IIS MS Site Server default login attempt || nessus,11018
1818 || SERVER-IIS MS Site Server admin attempt || nessus,11018
1819 || SERVER-OTHER Alcatel PABX 4400 connection attempt || nessus,11019
1820 || SERVER-WEBAPP IBM Net.Commerce orderdspc.d2w access || bugtraq,2350 || cve,2001-0319 || nessus,11020
1821 || SERVER-OTHER LPD dvips remote command execution attempt || bugtraq,3241 || cve,2001-1002 || nessus,11023
1822 || SERVER-WEBAPP AlienForm alienform.cgi directory traversal attempt || bugtraq,4983 || cve,2002-0934 || nessus,11027
1823 || SERVER-WEBAPP AlienForm af.cgi directory traversal attempt || bugtraq,4983 || cve,2002-0934 || nessus,11027
1824 || SERVER-WEBAPP AlienForm alienform.cgi access || bugtraq,4983 || cve,2002-0934 || nessus,11027
1825 || SERVER-WEBAPP AlienForm af.cgi access || bugtraq,4983 || cve,2002-0934 || nessus,11027
1826 || SERVER-WEBAPP WEB-INF access || bugtraq,1830 || bugtraq,5119 || cve,2000-1050 || cve,2001-0179 || nessus,11037
1827 || SERVER-APACHE Apache Tomcat servlet mapping cross site scripting attempt || bugtraq,5193 || cve,2002-0682 || nessus,11041
1828 || SERVER-WEBAPP iPlanet Search directory traversal attempt || bugtraq,5191 || cve,2002-1042 || nessus,11043
1829 || SERVER-APACHE Apache Tomcat TroubleShooter servlet access || bugtraq,4575 || cve,2002-2006 || nessus,11046
1830 || SERVER-APACHE Apache Tomcat SnoopServlet servlet access || bugtraq,4575 || cve,2002-2006 || nessus,11046
1831 || SERVER-WEBAPP jigsaw dos attempt || bugtraq,5258 || cve,2002-1052 || nessus,11047
1832 || POLICY-SOCIAL ICQ forced user addition || bugtraq,3226 || cve,2001-1305
1834 || SERVER-WEBAPP PHP-Wiki cross site scripting attempt || bugtraq,5254 || cve,2002-1070
1835 || SERVER-WEBAPP Macromedia SiteSpring cross site scripting attempt || bugtraq,5249 || cve,2002-1027
1838 || SERVER-OTHER SSH server banner overflow || bugtraq,5287 || cve,2002-1059 || nessus,15822
1839 || SERVER-WEBAPP mailman cross site scripting attempt || bugtraq,5298 || cve,2002-0855 || nessus,14984
1840 || FILE-JAVA Oracle Javascript document.domain attempt || bugtraq,5346 || cve,2002-0815
1841 || BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt || bugtraq,5293 || cve,2002-2314 || url,osvdb.org/show/osvdb/60255
1842 || PROTOCOL-IMAP login buffer overflow attempt || bugtraq,13727 || bugtraq,21110 || bugtraq,502 || cve,1999-0005 || cve,1999-1557 || cve,2004-1011 || cve,2005-1255 || cve,2006-5961 || cve,2007-1373 || cve,2007-2795 || cve,2007-3925 || nessus,10123 || nessus,10125
1843 || MALWARE-BACKDOOR trinity connection attempt || cve,2000-0138 || nessus,10501
1844 || PROTOCOL-IMAP authenticate overflow attempt || bugtraq,12995 || bugtraq,130 || cve,1999-0005 || cve,1999-0042 || nessus,10292
1845 || PROTOCOL-IMAP list literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
1846 || POLICY-MULTIMEDIA vncviewer Java applet download attempt || nessus,10758
1847 || SERVER-WEBAPP webalizer access || bugtraq,3473 || cve,2001-0835 || nessus,10816
1848 || SERVER-WEBAPP webcart-lite access || cve,1999-0610 || nessus,10298
1849 || SERVER-WEBAPP webfind.exe access || bugtraq,1487 || cve,2000-0622 || nessus,10475
1850 || SERVER-WEBAPP way-board.cgi access || nessus,10610
1851 || SERVER-WEBAPP active.log access || bugtraq,1497 || cve,2000-0642 || nessus,10470
1852 || SERVER-WEBAPP robots.txt access || nessus,10302
1853 || MALWARE-BACKDOOR win-trin00 connection attempt || cve,2000-0138 || nessus,10307
1854 || PROTOCOL-ICMP Stacheldraht handler->agent niggahbitch || cve,2000-0138 || url,staff.washington.edu/dittrich/misc/stacheldraht.analysis
1855 || PROTOCOL-ICMP Stacheldraht agent->handler skillz || cve,2000-0138 || url,staff.washington.edu/dittrich/misc/stacheldraht.analysis
1856 || PROTOCOL-ICMP Stacheldraht handler->agent ficken || cve,2000-0138 || url,staff.washington.edu/dittrich/misc/stacheldraht.analysis
1857 || SERVER-WEBAPP robot.txt access || nessus,10302
1858 || SERVER-WEBAPP CISCO PIX Firewall Manager directory traversal attempt || bugtraq,691 || cve,1999-0158 || nessus,10819
1859 || SERVER-WEBAPP Oracle JavaServer default password login attempt || nessus,10995
1860 || SERVER-WEBAPP Linksys router default password login attempt || nessus,10999
1861 || SERVER-WEBAPP Linksys router default username and password login attempt || nessus,10999
1862 || SERVER-WEBAPP mrtg.cgi directory traversal attempt || bugtraq,4017 || cve,2002-0232 || nessus,11001
1864 || PROTOCOL-FTP SITE NEWER attempt || cve,1999-0880 || nessus,10319
1865 || SERVER-WEBAPP webdist.cgi arbitrary command attempt || bugtraq,374 || cve,1999-0039 || nessus,10299
1866 || PROTOCOL-POP USER overflow attempt || bugtraq,11256 || bugtraq,19651 || bugtraq,789 || cve,1999-0494 || cve,2002-1781 || cve,2006-2502 || cve,2006-4364 || nessus,10311 || url,www.delegate.org/mail-lists/delegate-en/1475
1867 || X11 xdmcp info query || nessus,10891
1868 || SERVER-WEBAPP Interactive Story story.pl arbitrary file read attempt || bugtraq,3028 || cve,2001-0804 || nessus,10817
1869 || SERVER-WEBAPP Interactive Story story.pl access || bugtraq,3028 || cve,2001-0804 || nessus,10817
1870 || SERVER-WEBAPP siteUserMod.cgi access || bugtraq,951 || cve,2000-0117 || nessus,10253
1871 || SERVER-WEBAPP Oracle XSQLConfig.xml access || bugtraq,4290 || cve,2002-0568 || nessus,10855
1872 || SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access || nessus,10848
1873 || SERVER-WEBAPP globals.jsa access || bugtraq,4034 || cve,2002-0562 || nessus,10850
1874 || SERVER-WEBAPP Oracle Java Process Manager access || nessus,10851
1875 || SERVER-WEBAPP cgicso access || bugtraq,6141 || cve,2002-1652 || nessus,10779 || nessus,10780
1876 || SERVER-WEBAPP nph-publish.cgi access || cve,1999-1177 || nessus,10164
1877 || SERVER-WEBAPP printenv access || bugtraq,1658 || cve,2000-0868 || nessus,10188 || nessus,10503
1878 || SERVER-WEBAPP sdbsearch.cgi access || bugtraq,1658 || cve,2000-0868 || nessus,10503
1879 || SERVER-WEBAPP book.cgi arbitrary command execution attempt || bugtraq,3178 || cve,2001-1114 || nessus,10721
1880 || SERVER-WEBAPP oracle web application server access || bugtraq,1053 || cve,2000-0169 || nessus,10348
1881 || SERVER-WEBAPP bad HTTP 1.1 request - potential worm attack || url,securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html
1887 || SERVER-OTHER OpenSSL Worm traffic || url,www.cert.org/advisories/CA-2002-27.html
1888 || PROTOCOL-FTP SITE CPWD overflow attempt || bugtraq,5427 || cve,2002-0826
1889 || MALWARE-CNC slapper worm admin traffic || url,isc.incidents.org/analysis.html?id=167 || url,www.cert.org/advisories/CA-2002-27.html
1890 || PROTOCOL-RPC status GHBN format string attack || bugtraq,1480 || cve,2000-0666 || nessus,10544
1891 || PROTOCOL-RPC status GHBN format string attack || bugtraq,1480 || cve,2000-0666 || nessus,10544
1892 || PROTOCOL-SNMP null community string attempt || bugtraq,2112 || bugtraq,8974 || cve,1999-0517
1893 || PROTOCOL-SNMP missing community string attempt || bugtraq,2112 || cve,1999-0517
1894 || INDICATOR-SHELLCODE kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || nessus,15015 || url,www.kb.cert.org/vuls/id/875073
1895 || INDICATOR-SHELLCODE kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1896 || INDICATOR-SHELLCODE kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1897 || INDICATOR-SHELLCODE kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1898 || INDICATOR-SHELLCODE kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1899 || INDICATOR-SHELLCODE kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1900 || SERVER-OTHER successful kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1901 || SERVER-OTHER successful kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1902 || PROTOCOL-IMAP lsub literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
1903 || PROTOCOL-IMAP rename overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
1904 || PROTOCOL-IMAP find overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
1905 || PROTOCOL-RPC AMD UDP amqproc_mount plog overflow attempt || bugtraq,614 || cve,1999-0704
1906 || PROTOCOL-RPC AMD TCP amqproc_mount plog overflow attempt || bugtraq,614 || cve,1999-0704
1907 || PROTOCOL-RPC CMSD UDP CMSD_CREATE buffer overflow attempt || bugtraq,36615 || bugtraq,524 || cve,1999-0696 || cve,2009-3699
1908 || PROTOCOL-RPC CMSD TCP CMSD_CREATE buffer overflow attempt || bugtraq,524 || cve,1999-0696
1909 || PROTOCOL-RPC CMSD TCP CMSD_INSERT buffer overflow attempt || bugtraq,524 || cve,1999-0696 || url,www.cert.org/advisories/CA-99-08-cmsd.html
1910 || PROTOCOL-RPC CMSD udp CMSD_INSERT buffer overflow attempt || cve,1999-0696 || url,www.cert.org/advisories/CA-99-08-cmsd.html
1911 || PROTOCOL-RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt || bugtraq,866 || cve,1999-0977
1912 || PROTOCOL-RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt || bugtraq,0866 || bugtraq,866 || cve,1999-0977
1913 || PROTOCOL-RPC STATD UDP stat mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666 || nessus,10544
1914 || PROTOCOL-RPC STATD TCP stat mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666 || nessus,10544
1915 || PROTOCOL-RPC STATD UDP monitor mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666 || nessus,10544
1916 || PROTOCOL-RPC STATD TCP monitor mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666 || nessus,10544
1919 || PROTOCOL-FTP CWD overflow attempt || bugtraq,11069 || bugtraq,1227 || bugtraq,1690 || bugtraq,6869 || bugtraq,7251 || bugtraq,7950 || cve,1999-0219 || cve,1999-1058 || cve,1999-1510 || cve,2000-1035 || cve,2000-1194 || cve,2001-0781 || cve,2002-0126 || cve,2002-0405
1920 || PROTOCOL-FTP SITE NEWER overflow attempt || bugtraq,229 || cve,1999-0800
1921 || PROTOCOL-FTP SITE ZIPCHK overflow attempt || cve,2000-0040
1930 || PROTOCOL-IMAP auth literal overflow attempt || bugtraq,21724 || cve,1999-0005 || cve,2006-6424
1931 || SERVER-WEBAPP rpc-nlog.pl access || cve,1999-1278 || url,marc.theaimsgroup.com/?l=bugtraq&m=91470326629357&w=2 || url,marc.theaimsgroup.com/?l=bugtraq&m=91471400632145&w=2
1932 || SERVER-WEBAPP rpc-smb.pl access || cve,1999-1278
1933 || SERVER-WEBAPP cart.cgi access || bugtraq,1115 || cve,2000-0252 || nessus,10368
1936 || PROTOCOL-POP AUTH overflow attempt || bugtraq,830 || cve,1999-0822 || nessus,10184
1937 || PROTOCOL-POP LIST overflow attempt || bugtraq,948 || cve,2000-0096 || nessus,10197
1939 || SERVER-OTHER bootp hardware address length overflow || cve,1999-0798
1940 || SERVER-OTHER bootp invalid hardware type || cve,1999-0798
1941 || PROTOCOL-TFTP GET filename overflow attempt || bugtraq,20131 || bugtraq,22923 || bugtraq,36121 || bugtraq,5328 || cve,2002-0813 || cve,2006-4948 || cve,2007-1435 || cve,2009-2957 || cve,2009-2958 || nessus,18264
1942 || PROTOCOL-FTP RMDIR overflow attempt || bugtraq,819
1943 || SERVER-WEBAPP /Carello/add.exe access || bugtraq,1245 || cve,2000-0396 || nessus,11776
1944 || SERVER-WEBAPP /ecscripts/ecware.exe access || bugtraq,6066
1946 || SERVER-WEBAPP answerbook2 admin attempt || bugtraq,5383 || cve,2000-0696
1947 || SERVER-WEBAPP answerbook2 arbitrary command execution attempt || bugtraq,1556 || cve,2000-0697
1948 || PROTOCOL-DNS dns zone transfer via UDP detected || cve,1999-0532 || nessus,10595
1951 || PROTOCOL-RPC mountd TCP mount request || cve,1999-0210
1956 || PROTOCOL-RPC AMD UDP version request || bugtraq,1554 || cve,2000-0696
1957 || PROTOCOL-RPC sadmind UDP PING || bugtraq,866 || cve,1999-0977 || nessus,10229
1958 || PROTOCOL-RPC sadmind TCP PING || bugtraq,866 || cve,1999-0977 || nessus,10229
1963 || PROTOCOL-RPC RQUOTA getquota overflow attempt UDP || bugtraq,864 || cve,1999-0974
1964 || PROTOCOL-RPC tooltalk UDP overflow attempt || bugtraq,122 || cve,1999-0003
1965 || PROTOCOL-RPC tooltalk TCP overflow attempt || bugtraq,122 || cve,1999-0003 || cve,2001-0717
1966 || SERVER-OTHER GlobalSunTech Access Point Information Disclosure attempt || bugtraq,6100 || cve,2002-2137
1967 || SERVER-WEBAPP phpbb quick-reply.php arbitrary command attempt || bugtraq,6173 || cve,2002-2287
1968 || SERVER-WEBAPP phpbb quick-reply.php access || bugtraq,6173 || cve,2002-2287
1969 || SERVER-WEBAPP ion-p access || bugtraq,6091 || cve,2002-1559 || nessus,11729
1970 || SERVER-IIS MDAC Content-Type overflow attempt || bugtraq,6214 || cve,2002-1142 || nessus,11161 || url,technet.microsoft.com/en-us/security/bulletin/MS02-065 || url,technet.microsoft.com/en-us/security/bulletin/MS98-004 || url,www.foundstone.com/knowledge/randd-advisories-display.html?id=337
1971 || PROTOCOL-FTP SITE EXEC format string attempt || bugtraq,1387 || bugtraq,1505 || cve,2000-0573
1972 || PROTOCOL-FTP PASS overflow attempt || bugtraq,10078 || bugtraq,10720 || bugtraq,15457 || bugtraq,1690 || bugtraq,22045 || bugtraq,3884 || bugtraq,45957 || bugtraq,8601 || bugtraq,9285 || cve,1999-1519 || cve,1999-1539 || cve,2000-1035 || cve,2002-0126 || cve,2002-0895 || cve,2005-3683 || cve,2006-6576
1973 || PROTOCOL-FTP MKD overflow attempt || bugtraq,11772 || bugtraq,15457 || bugtraq,39041 || bugtraq,612 || bugtraq,7278 || bugtraq,9872 || cve,1999-0911 || cve,2004-1135 || cve,2005-3683 || cve,2009-3023 || cve,2010-0625 || nessus,12108 || url,technet.microsoft.com/en-us/security/bulletin/MS09-053 || url,www.kb.cert.org/vuls/id/276653
1974 || PROTOCOL-FTP REST overflow attempt || bugtraq,2972 || cve,2001-0826 || nessus,11755
1975 || PROTOCOL-FTP DELE overflow attempt || bugtraq,15457 || bugtraq,2972 || bugtraq,46922 || cve,2001-0826 || cve,2001-1021 || cve,2005-3683 || cve,2010-4228 || nessus,11755
1976 || PROTOCOL-FTP RMD overflow attempt || bugtraq,15457 || bugtraq,2972 || bugtraq,39041 || cve,2000-0133 || cve,2001-0826 || cve,2001-1021 || cve,2005-3683 || cve,2010-0625
1979 || SERVER-WEBAPP perl post attempt || bugtraq,5520 || cve,2002-1436 || nessus,11158
1980 || MALWARE-BACKDOOR DeepThroat 3.1 Connection || mcafee,98574 || nessus,10053
1981 || MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 || mcafee,98574 || nessus,10053
1982 || MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 || mcafee,98574 || nessus,10053
1983 || MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 || mcafee,98574 || nessus,10053
1984 || MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 || mcafee,98574 || nessus,10053
1985 || MALWARE-BACKDOOR Doly variant outbound connection attempt || url,virustotal.com/en/file/499446edf3dfd200ebf3df2526cd4d101979e626afcd1860193f71829be23922/
1987 || SERVER-OTHER xfs overflow attempt || bugtraq,6241 || cve,2002-1317 || nessus,11188
1992 || PROTOCOL-FTP LIST directory traversal attempt || bugtraq,2618 || cve,2001-0680 || cve,2002-1054 || nessus,11112
1993 || PROTOCOL-IMAP login literal buffer overflow attempt || bugtraq,14718 || bugtraq,21724 || bugtraq,23810 || bugtraq,6298 || cve,2002-1580 || cve,2005-1758 || cve,2006-6424 || cve,2007-0221 || nessus,12532
1994 || SERVER-WEBAPP vpasswd.cgi access || bugtraq,6038 || nessus,11165
1995 || SERVER-WEBAPP alya.cgi access || nessus,11118
1996 || SERVER-WEBAPP viralator.cgi access || bugtraq,3495 || cve,2001-0849 || nessus,11107
1997 || SERVER-WEBAPP read_body.php access attempt || bugtraq,6302 || cve,2002-1341 || nessus,11415
1998 || SERVER-WEBAPP calendar.php access || bugtraq,5820 || bugtraq,9353 || cve,2002-1660 || cve,2004-1785 || nessus,11179
1999 || SERVER-WEBAPP edit_image.php access || bugtraq,3288 || cve,2001-1020 || nessus,11104
2000 || SERVER-WEBAPP readmsg.php access || cve,2001-1408 || nessus,11073
2001 || SERVER-WEBAPP smartsearch.cgi access || bugtraq,7133
2002 || SERVER-WEBAPP remote include path attempt || url,en.wikipedia.org/wiki/File_inclusion_vulnerability || url,php.net/manual/en/function.include.php
2003 || SQL Worm propagation attempt || bugtraq,5310 || bugtraq,5311 || cve,2002-0649 || nessus,11214 || url,vil.nai.com/vil/content/v_99992.htm
2004 || SQL Worm propagation attempt OUTBOUND || bugtraq,5310 || bugtraq,5311 || cve,2002-0649 || nessus,11214 || url,vil.nai.com/vil/content/v_99992.htm
2005 || PROTOCOL-RPC portmap kcms_server request UDP || bugtraq,6665 || cve,2003-0027 || url,www.kb.cert.org/vuls/id/850785
2006 || PROTOCOL-RPC portmap kcms_server request TCP || bugtraq,6665 || cve,2003-0027 || url,www.kb.cert.org/vuls/id/850785
2007 || PROTOCOL-RPC kcms_server directory traversal attempt || bugtraq,6665 || cve,2003-0027 || url,www.kb.cert.org/vuls/id/850785
2010 || INDICATOR-COMPROMISE CVS double free exploit attempt response || bugtraq,6650 || cve,2003-0015 || nessus,11385
2011 || INDICATOR-COMPROMISE CVS invalid directory response || bugtraq,6650 || cve,2003-0015 || nessus,11385
2014 || PROTOCOL-RPC portmap UNSET attempt TCP 111 || bugtraq,1892
2015 || PROTOCOL-RPC portmap UNSET attempt UDP 111 || bugtraq,1892 || cve,2011-0321
2017 || PROTOCOL-RPC portmap espd request UDP || bugtraq,2714 || cve,2001-0331
2024 || PROTOCOL-RPC RQUOTA getquota overflow attempt TCP || bugtraq,864 || cve,1999-0974
2025 || PROTOCOL-RPC yppasswd username overflow attempt UDP || bugtraq,2763 || cve,2001-0779 || nessus,10684
2026 || PROTOCOL-RPC yppasswd username overflow attempt TCP || bugtraq,2763 || cve,2001-0779 || nessus,10684
2027 || PROTOCOL-RPC yppasswd old password overflow attempt UDP || bugtraq,2763 || cve,2001-0779
2028 || PROTOCOL-RPC yppasswd old password overflow attempt TCP || bugtraq,2763 || cve,2001-0779
2029 || PROTOCOL-RPC yppasswd new password overflow attempt UDP || bugtraq,2763 || cve,2001-0779
2030 || PROTOCOL-RPC yppasswd new password overflow attempt TCP || bugtraq,2763 || cve,2001-0779
2031 || PROTOCOL-RPC yppasswd user update UDP || bugtraq,2763 || cve,2001-0779
2032 || PROTOCOL-RPC yppasswd user update TCP || bugtraq,2763 || cve,2001-0779
2033 || PROTOCOL-RPC ypserv maplist request UDP || bugtraq,5914 || bugtraq,6016 || cve,2002-1232 || nessus,13976
2034 || PROTOCOL-RPC ypserv maplist request TCP || bugtraq,5914 || bugtraq,6016 || cve,2002-1232
2039 || SERVER-OTHER bootp hostname format string attempt || bugtraq,4701 || cve,2002-0702 || nessus,11312
2045 || PROTOCOL-RPC snmpXdmi overflow attempt UDP || bugtraq,2417 || cve,2001-0236 || nessus,10659 || url,www.cert.org/advisories/CA-2001-05.html
2046 || PROTOCOL-IMAP partial body.peek buffer overflow attempt || bugtraq,4713 || cve,2002-0379 || nessus,10966
2049 || SQL ping attempt || nessus,10674
2050 || SERVER-MSSQL version overflow attempt || bugtraq,5310 || cve,2002-0649 || nessus,10674 || url,technet.microsoft.com/en-us/security/bulletin/MS02-039
2051 || SERVER-WEBAPP cached_feed.cgi moreover shopping cart access || bugtraq,1762 || cve,2000-0906
2052 || SERVER-WEBAPP overflow.cgi access || bugtraq,6326 || cve,2002-1361 || nessus,11190 || url,www.cert.org/advisories/CA-2002-35.html
2053 || SERVER-WEBAPP Bugtraq process_bug.cgi access || bugtraq,3272 || cve,2002-0008
2054 || SERVER-WEBAPP Bugtraq enter_bug.cgi arbitrary command attempt || bugtraq,3272 || cve,2002-0008
2055 || SERVER-WEBAPP Bugtraq enter_bug.cgi access || bugtraq,3272 || cve,2002-0008
2056 || SERVER-WEBAPP TRACE attempt || bugtraq,9561 || cve,2003-1567 || cve,2004-2320 || cve,2010-0360 || nessus,11213
2057 || SERVER-WEBAPP helpout.exe access || bugtraq,6002 || cve,2002-1169 || nessus,11162
2058 || SERVER-WEBAPP MsmMask.exe attempt || nessus,11163
2059 || SERVER-WEBAPP MsmMask.exe access || nessus,11163
2060 || SERVER-WEBAPP DB4Web access || nessus,11180
2061 || SERVER-APACHE Apache Tomcat null byte directory listing attempt || bugtraq,2518 || bugtraq,6721 || cve,2003-0042 || nessus,11438
2062 || SERVER-WEBAPP iPlanet .perf access || nessus,11220
2063 || SERVER-WEBAPP Demarc SQL injection attempt || bugtraq,4520 || cve,2002-0539
2066 || SERVER-WEBAPP Lotus Notes .pl script source download attempt || bugtraq,6841 || cve,2003-1408
2067 || SERVER-WEBAPP Lotus Notes .exe script source download attempt || bugtraq,6841 || cve,2003-1408
2068 || SERVER-WEBAPP BitKeeper arbitrary command attempt || bugtraq,6588
2069 || SERVER-WEBAPP chip.ini access || bugtraq,2755 || bugtraq,2775 || cve,2001-0749 || cve,2001-0771
2070 || SERVER-WEBAPP post32.exe arbitrary command attempt || bugtraq,1485
2071 || SERVER-WEBAPP post32.exe access || bugtraq,1485
2072 || SERVER-WEBAPP lyris.pl access || bugtraq,1584 || cve,2000-0758
2073 || SERVER-WEBAPP globals.pl access || bugtraq,2671 || cve,2001-0330
2074 || SERVER-WEBAPP Mambo uploadimage.php upload php file attempt || bugtraq,6572 || cve,2003-1204 || nessus,16315
2075 || SERVER-WEBAPP Mambo upload.php upload php file attempt || bugtraq,6572 || cve,2003-1204 || nessus,16315
2076 || SERVER-WEBAPP Mambo uploadimage.php access || bugtraq,6572 || cve,2003-1204 || nessus,16315
2077 || SERVER-WEBAPP Mambo upload.php access || bugtraq,6572 || cve,2003-1204 || nessus,16315
2078 || SERVER-WEBAPP phpBB privmsg.php access || bugtraq,6634 || cve,2003-1530
2079 || PROTOCOL-RPC portmap nlockmgr request UDP || bugtraq,1372 || cve,2000-0508 || nessus,10220
2080 || PROTOCOL-RPC portmap nlockmgr request TCP || bugtraq,1372 || cve,2000-0508 || nessus,10220
2081 || PROTOCOL-RPC portmap rpc.xfsmd request UDP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359
2082 || PROTOCOL-RPC portmap rpc.xfsmd request TCP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359
2083 || PROTOCOL-RPC rpc.xfsmd xfs_export attempt UDP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359
2084 || PROTOCOL-RPC rpc.xfsmd xfs_export attempt TCP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359
2085 || SERVER-WEBAPP parse_xml.cgi access || bugtraq,6954 || bugtraq,6955 || bugtraq,6956 || bugtraq,6958 || cve,2003-0050 || cve,2003-0051 || cve,2003-0052 || cve,2003-0053 || cve,2003-0423
2086 || SERVER-WEBAPP streaming server parse_xml.cgi access || bugtraq,6954 || bugtraq,6955 || bugtraq,6956 || bugtraq,6958 || cve,2003-0050 || cve,2003-0051 || cve,2003-0052 || cve,2003-0053 || cve,2003-0423
2087 || SERVER-MAIL From comment overflow attempt || bugtraq,6991 || cve,2002-1337 || url,www.kb.cert.org/vuls/id/398025
2088 || PROTOCOL-RPC ypupdated arbitrary command attempt UDP || bugtraq,1749 || bugtraq,28383 || cve,1999-0208
2089 || PROTOCOL-RPC ypupdated arbitrary command attempt TCP || bugtraq,1749 || cve,1999-0208
2090 || SERVER-IIS WEBDAV exploit attempt || bugtraq,7116 || bugtraq,7716 || cve,2003-0109 || nessus,11413 || url,technet.microsoft.com/en-us/security/bulletin/ms03-007
2091 || SERVER-IIS WEBDAV nessus safe scan attempt || bugtraq,7116 || cve,2003-0109 || nessus,11412 || nessus,11413 || url,technet.microsoft.com/en-us/security/bulletin/ms03-007
2092 || PROTOCOL-RPC portmap proxy integer overflow attempt UDP || bugtraq,36564 || bugtraq,7123 || cve,2003-0028 || nessus,11420
2093 || PROTOCOL-RPC portmap proxy integer overflow attempt TCP || bugtraq,7123 || cve,2003-0028 || nessus,11420
2094 || PROTOCOL-RPC CMSD UDP CMSD_CREATE array buffer overflow attempt || bugtraq,36615 || bugtraq,5356 || cve,2002-0391 || cve,2009-3699 || nessus,11418
2095 || PROTOCOL-RPC CMSD TCP CMSD_CREATE array buffer overflow attempt || bugtraq,5356 || cve,2002-0391 || nessus,11418
2100 || MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response || mcafee,10566 || nessus,10409
2101 || OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt || bugtraq,5556 || cve,2002-0724 || nessus,11110 || url,technet.microsoft.com/en-us/security/bulletin/MS02-045 || url,www.corest.com/common/showdoc.php?idx=262
2103 || NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt || cve,2003-0201
2104 || INDICATOR-COMPROMISE rexec username too long response || bugtraq,7459 || cve,2003-1097
2105 || PROTOCOL-IMAP authenticate literal overflow attempt || bugtraq,21724 || cve,1999-0042 || cve,2006-6424 || nessus,10292
2106 || PROTOCOL-IMAP lsub overflow attempt || bugtraq,1110 || bugtraq,15006 || cve,2000-0284 || cve,2005-3155 || nessus,10374
2107 || PROTOCOL-IMAP create buffer overflow attempt || bugtraq,7446 || cve,2003-1470
2115 || SERVER-WEBAPP album.pl access || bugtraq,7444 || cve,2003-1456 || nessus,11581
2116 || SERVER-WEBAPP chipcfg.cgi access || bugtraq,2767 || cve,2001-1341 || url,archives.neohapsis.com/archives/bugtraq/2001-05/0233.html
2117 || SERVER-IIS Battleaxe Forum login.asp access || bugtraq,7416 || cve,2003-0215 || nessus,11548
2118 || PROTOCOL-IMAP list overflow attempt || bugtraq,1110 || bugtraq,15006 || cve,2000-0284 || cve,2005-3155 || nessus,10374
2119 || PROTOCOL-IMAP rename literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
2120 || PROTOCOL-IMAP create literal buffer overflow attempt || bugtraq,7446 || cve,2003-1470
2121 || PROTOCOL-POP DELE negative argument attempt || bugtraq,6053 || bugtraq,7445 || cve,2002-1539 || nessus,11570
2122 || PROTOCOL-POP UIDL negative argument attempt || bugtraq,6053 || cve,2002-1539 || nessus,11570
2123 || INDICATOR-COMPROMISE Microsoft cmd.exe banner || nessus,11633
2124 || MALWARE-BACKDOOR Remote PC Access connection || nessus,11673
2125 || PROTOCOL-FTP CWD Root directory traversal attempt || bugtraq,7674 || cve,2003-0392 || nessus,11677
2126 || OS-WINDOWS Microsoft Windows PPTP Start Control Request buffer overflow attempt || bugtraq,5807 || cve,2002-1214 || nessus,11178 || url,technet.microsoft.com/en-us/security/bulletin/MS02-063
2127 || SERVER-WEBAPP ikonboard.cgi access || bugtraq,7361 || nessus,11605
2128 || SERVER-WEBAPP swsrv.cgi access || bugtraq,7510 || cve,2003-0217 || nessus,11608
2129 || SERVER-IIS nsiislog.dll access || bugtraq,8035 || cve,2003-0227 || cve,2003-0349 || nessus,11664 || url,technet.microsoft.com/en-us/security/bulletin/ms03-018
2130 || SERVER-IIS IISProtect siteadmin.asp access || bugtraq,7675 || cve,2003-0377 || nessus,11662
2131 || SERVER-IIS IISProtect access || nessus,11661
2132 || SERVER-IIS Synchrologic Email Accelerator userid list access attempt || nessus,11657
2133 || SERVER-IIS MS BizTalk server access || bugtraq,7469 || bugtraq,7470 || cve,2003-0117 || cve,2003-0118 || nessus,11638 || url,technet.microsoft.com/en-us/security/bulletin/MS03-016
2134 || SERVER-IIS register.asp access || nessus,11621
2135 || SERVER-WEBAPP philboard.mdb access || nessus,11682
2136 || SERVER-WEBAPP philboard_admin.asp authentication bypass attempt || bugtraq,7739 || nessus,11675
2137 || SERVER-WEBAPP philboard_admin.asp access || bugtraq,7739 || nessus,11675
2138 || SERVER-WEBAPP logicworks.ini access || bugtraq,6996 || cve,2003-1383 || nessus,11639
2139 || SERVER-WEBAPP /*.shtml access || bugtraq,1517 || cve,2000-0683 || nessus,11604
2140 || SERVER-WEBAPP p-news.php access || nessus,11669
2141 || SERVER-WEBAPP shoutbox.php directory traversal attempt || nessus,11668
2142 || SERVER-WEBAPP shoutbox.php access || nessus,11668
2143 || SERVER-WEBAPP b2 cafelog gm-2-b2.php remote file include attempt || nessus,11667
2144 || SERVER-WEBAPP b2 cafelog gm-2-b2.php access || nessus,11667
2145 || SERVER-WEBAPP TextPortal admin.php default password admin attempt || bugtraq,7673 || nessus,11660
2146 || SERVER-WEBAPP TextPortal admin.php default password 12345 attempt || bugtraq,7673 || nessus,11660
2147 || SERVER-WEBAPP BLNews objects.inc.php4 remote file include attempt || bugtraq,7677 || cve,2003-0394 || nessus,11647
2148 || SERVER-WEBAPP BLNews objects.inc.php4 access || bugtraq,7677 || cve,2003-0394 || nessus,11647
2149 || SERVER-WEBAPP Turba status.php access || nessus,11646
2150 || SERVER-WEBAPP ttCMS header.php remote file include attempt || bugtraq,7542 || bugtraq,7543 || bugtraq,7625 || cve,2003-1458 || cve,2003-1459 || nessus,11636
2151 || SERVER-WEBAPP ttCMS header.php access || bugtraq,7542 || bugtraq,7543 || bugtraq,7625 || cve,2003-1458 || cve,2003-1459 || nessus,11636
2152 || SERVER-WEBAPP test.php access || nessus,11617
2153 || SERVER-WEBAPP autohtml.php directory traversal attempt || nessus,11630
2154 || SERVER-WEBAPP autohtml.php access || nessus,11630
2155 || SERVER-WEBAPP ttforum remote file include attempt || bugtraq,7542 || bugtraq,7543 || cve,2003-1458 || cve,2003-1459 || nessus,11615
2156 || SERVER-WEBAPP mod_gzip_status access || nessus,11685
2157 || SERVER-IIS IISProtect globaladmin.asp access || nessus,11661
2158 || SERVER-OTHER BGP invalid length || bugtraq,6213 || cve,2002-1350 || nessus,14011 || nessus,15043 || url,sf.net/tracker/index.php?func=detail&aid=744523&group_id=53066&atid=469575
2159 || SERVER-OTHER BGP invalid type 0 || bugtraq,6213 || cve,2002-1350 || nessus,14011 || nessus,15043
2178 || PROTOCOL-FTP USER format string attempt || bugtraq,7474 || bugtraq,7776 || bugtraq,9262 || bugtraq,9402 || bugtraq,9600 || bugtraq,9800 || cve,2004-0277 || nessus,10041 || nessus,11687
2179 || PROTOCOL-FTP PASS format string attempt || bugtraq,7474 || bugtraq,9262 || bugtraq,9800 || cve,2000-0699 || cve,2007-1195 || nessus,10490 || url,osvdb.org/show/osvdb/33813
2183 || SERVER-MAIL Sendmail Content-Transfer-Encoding overflow attempt || cve,2003-0161 || url,www.cert.org/advisories/CA-2003-12.html
2184 || PROTOCOL-RPC mountd TCP mount path overflow attempt || bugtraq,8179 || cve,2003-0252 || nessus,11800
2194 || SERVER-WEBAPP CSMailto.cgi access || bugtraq,4579 || bugtraq,6265 || cve,2002-0749 || nessus,11748
2195 || SERVER-WEBAPP alert.cgi access || bugtraq,4211 || bugtraq,4579 || cve,2002-0346 || nessus,11748
2196 || SERVER-WEBAPP catgy.cgi access || bugtraq,3714 || bugtraq,4579 || cve,2001-1212 || nessus,11748
2197 || SERVER-WEBAPP cvsview2.cgi access || bugtraq,4579 || bugtraq,5517 || cve,2003-0153 || nessus,11748
2198 || SERVER-WEBAPP cvslog.cgi access || bugtraq,4579 || bugtraq,5517 || cve,2003-0153 || nessus,11748
2199 || SERVER-WEBAPP multidiff.cgi access || bugtraq,4579 || bugtraq,5517 || cve,2003-0153 || nessus,11748
2200 || SERVER-WEBAPP dnewsweb.cgi access || bugtraq,1172 || bugtraq,4579 || cve,2000-0423 || nessus,11748
2201 || SERVER-WEBAPP Matt Wright download.cgi access || bugtraq,4579 || cve,1999-1377 || nessus,11748
2202 || SERVER-WEBAPP Webmin Directory edit_action.cgi access || bugtraq,3698 || bugtraq,4579 || cve,2001-1196 || nessus,11748
2203 || SERVER-WEBAPP Leif M. Wright everythingform.cgi access || bugtraq,2101 || bugtraq,4579 || cve,2001-0023 || nessus,11748
2204 || SERVER-WEBAPP EasyBoard 2000 ezadmin.cgi access || bugtraq,4068 || bugtraq,4579 || cve,2002-0263 || nessus,11748
2205 || SERVER-WEBAPP EasyBoard 2000 ezboard.cgi access || bugtraq,4068 || bugtraq,4579 || cve,2002-0263 || nessus,11748
2206 || SERVER-WEBAPP EasyBoard 2000 ezman.cgi access || bugtraq,4068 || bugtraq,4579 || cve,2002-0263 || nessus,11748
2207 || SERVER-WEBAPP FileSeek fileseek.cgi access || bugtraq,4579 || bugtraq,6784 || cve,2002-0611 || nessus,11748
2208 || SERVER-WEBAPP Faq-O-Matic fom.cgi access || bugtraq,4579 || cve,2002-0230 || nessus,11748
2209 || SERVER-WEBAPP Infonautics getdoc.cgi access || bugtraq,4579 || cve,2000-0288 || nessus,11748
2210 || SERVER-WEBAPP Multiple Vendors global.cgi access || bugtraq,4579 || cve,2000-0952 || nessus,11748
2211 || SERVER-WEBAPP Lars Ellingsen guestserver.cgi access || bugtraq,4579 || cve,2001-0180 || nessus,11748
2212 || SERVER-WEBAPP cgiCentral WebStore imageFolio.cgi access || bugtraq,4579 || bugtraq,6265 || cve,2002-1334 || nessus,11748
2213 || SERVER-WEBAPP Oatmeal Studios Mail File mailfile.cgi access || bugtraq,1807 || bugtraq,4579 || cve,2000-0977 || nessus,11748
2214 || SERVER-WEBAPP 3R Soft MailStudio 2000 mailview.cgi access || bugtraq,1335 || bugtraq,4579 || cve,2000-0526 || nessus,11748
2215 || SERVER-WEBAPP Alabanza Control Panel nsManager.cgi access || bugtraq,1710 || bugtraq,4579 || cve,2000-1023 || nessus,11748
2216 || SERVER-WEBAPP Ipswitch IMail readmail.cgi access || bugtraq,3427 || bugtraq,4579 || cve,2001-1283 || nessus,11748
2217 || SERVER-WEBAPP Ipswitch IMail printmail.cgi access || bugtraq,3427 || bugtraq,4579 || cve,2001-1283 || nessus,11748
2218 || SERVER-WEBAPP Oracle Cobalt RaQ service.cgi access || bugtraq,4211 || bugtraq,4579 || cve,2002-0346 || nessus,11748
2219 || SERVER-WEBAPP Trend Micro Interscan VirusWall setpasswd.cgi access || bugtraq,2212 || bugtraq,4579 || cve,2001-0133 || nessus,11748
2220 || SERVER-WEBAPP Leif M. Wright simplestmail.cgi access || bugtraq,2106 || bugtraq,4579 || cve,2001-0022 || nessus,11748
2221 || SERVER-WEBAPP cgiCentral WebStore ws_mail.cgi access || bugtraq,2861 || bugtraq,4579 || cve,2001-1343 || nessus,11748
2222 || SERVER-WEBAPP Infinity CGI exploit scanner nph-exploitscanget.cgi access || bugtraq,7910 || bugtraq,7911 || bugtraq,7913 || cve,2003-0434 || nessus,11740
2223 || SERVER-WEBAPP CGIScript.net csNews.cgi access || bugtraq,4994 || cve,2002-0923 || nessus,11726
2224 || SERVER-WEBAPP Psunami Bulletin Board psunami.cgi access || bugtraq,6607 || nessus,11750
2225 || SERVER-WEBAPP Linksys BEFSR41 gozila.cgi access || bugtraq,6086 || cve,2002-1236 || nessus,11773
2226 || SERVER-WEBAPP pmachine remote file include attempt || bugtraq,7919 || nessus,11739
2227 || SERVER-WEBAPP forum_details.php access || bugtraq,7933 || nessus,11760
2228 || SERVER-WEBAPP phpMyAdmin db_details_importdocsql.php access || bugtraq,7962 || bugtraq,7965 || nessus,11761
2229 || SERVER-WEBAPP viewtopic.php access || bugtraq,7979 || cve,2003-0486 || nessus,11767
2230 || SERVER-WEBAPP NetGear router default password login attempt admin/password || nessus,11737
2231 || SERVER-WEBAPP register.dll access || bugtraq,3327 || cve,2001-0958 || nessus,11747
2232 || SERVER-WEBAPP ContentFilter.dll access || bugtraq,3327 || cve,2001-0958 || nessus,11747
2233 || SERVER-WEBAPP SFNofitication.dll access || bugtraq,3327 || cve,2001-0958 || nessus,11747
2234 || SERVER-WEBAPP TOP10.dll access || bugtraq,3327 || cve,2001-0958 || nessus,11747
2235 || SERVER-WEBAPP SpamExcp.dll access || bugtraq,3327 || cve,2001-0958 || nessus,11747
2236 || SERVER-WEBAPP spamrule.dll access || bugtraq,3327 || cve,2001-0958 || nessus,11747
2237 || SERVER-WEBAPP cgiWebupdate.exe access || bugtraq,3216 || cve,2001-1150 || nessus,11722
2238 || SERVER-WEBAPP WebLogic ConsoleHelp view source attempt || bugtraq,1518 || cve,2000-0682 || nessus,11724
2239 || SERVER-WEBAPP redirect.exe access || bugtraq,1256 || cve,2000-0401 || nessus,11723
2240 || SERVER-WEBAPP changepw.exe access || bugtraq,1256 || cve,2000-0401 || nessus,11723
2241 || SERVER-WEBAPP cwmail.exe access || bugtraq,4093 || cve,2002-0273 || nessus,11727
2242 || SERVER-WEBAPP ddicgi.exe access || bugtraq,1657 || cve,2000-0826 || nessus,11728
2243 || SERVER-WEBAPP ndcgi.exe access || bugtraq,3583 || cve,2001-0922 || nessus,11730
2244 || SERVER-WEBAPP VsSetCookie.exe access || bugtraq,3784 || cve,2002-0236 || nessus,11731
2245 || SERVER-WEBAPP Webnews.exe access || bugtraq,4124 || cve,2002-0290 || nessus,11732
2246 || SERVER-WEBAPP webadmin.dll access || bugtraq,7438 || bugtraq,7439 || bugtraq,8024 || cve,2003-0471 || nessus,11771
2247 || SERVER-IIS UploadScript11.asp access || bugtraq,3608 || cve,2001-0938 || nessus,11746
2248 || SERVER-IIS DirectoryListing.asp access || cve,2001-0938
2249 || SERVER-IIS /pcadmin/login.asp access || bugtraq,8103 || nessus,11785
2250 || PROTOCOL-POP USER format string attempt || bugtraq,10976 || bugtraq,7667 || cve,2003-0391 || nessus,11742
2252 || OS-WINDOWS Microsoft Windows SMB-DS DCERPC Remote Activation bind attempt || bugtraq,8234 || bugtraq,8458 || cve,2003-0528 || cve,2003-0605 || cve,2003-0715 || nessus,11798 || nessus,11835 || url,technet.microsoft.com/en-us/security/bulletin/MS03-039
2253 || SERVER-MAIL XEXCH50 overflow attempt || bugtraq,8838 || cve,2003-0714 || nessus,11889 || url,technet.microsoft.com/en-us/security/bulletin/MS03-046
2257 || OS-WINDOWS DCERPC Messenger Service buffer overflow attempt || bugtraq,8826 || cve,2003-0717 || nessus,11888 || nessus,11890 || url,technet.microsoft.com/en-us/security/bulletin/MS03-043
2258 || OS-WINDOWS Microsoft Windows SMB-DS DCERPC Messenger Service buffer overflow attempt || bugtraq,8826 || cve,2003-0717 || nessus,11888 || nessus,11890 || url,technet.microsoft.com/en-us/security/bulletin/MS03-043
2259 || SERVER-MAIL EXPN overflow attempt || bugtraq,6991 || bugtraq,7230 || cve,2002-1337 || cve,2003-0161
2260 || SERVER-MAIL VRFY overflow attempt || bugtraq,6991 || bugtraq,7230 || cve,2002-1337 || cve,2003-0161
2261 || SERVER-MAIL Sendmail SEND FROM prescan too many addresses overflow || bugtraq,6991 || cve,2002-1337 || nessus,11316
2262 || SERVER-MAIL Sendmail SEND FROM prescan too long addresses overflow || bugtraq,7230 || cve,2003-0161 || nessus,11499
2263 || SERVER-MAIL Sendmail SAML FROM prescan too many addresses overflow || bugtraq,6991 || cve,2002-1337
2264 || SERVER-MAIL Sendmail SAML FROM prescan too long addresses overflow || bugtraq,7230 || cve,2003-0161 || nessus,11499
2265 || SERVER-MAIL Sendmail SOML FROM prescan too many addresses overflow || bugtraq,6991 || cve,2002-1337
2266 || SERVER-MAIL Sendmail SOML FROM prescan too long addresses overflow || bugtraq,7230 || cve,2003-0161 || nessus,11499
2267 || SERVER-MAIL Sendmail MAIL FROM prescan too many addresses overflow || bugtraq,6991 || cve,2002-1337
2268 || SERVER-MAIL Sendmail MAIL FROM prescan too long addresses overflow || bugtraq,7230 || cve,2003-0161 || nessus,11499
2269 || SERVER-MAIL Sendmail RCPT TO prescan too many addresses overflow || bugtraq,6991 || cve,2002-1337
2270 || SERVER-MAIL Sendmail RCPT TO prescan too long addresses overflow || bugtraq,7230 || cve,2003-0161 || cve,2003-0694 || nessus,11499
2271 || MALWARE-BACKDOOR FsSniffer connection attempt || nessus,11854
2272 || PROTOCOL-FTP LIST integer overflow attempt || bugtraq,8875 || cve,2003-0853 || cve,2003-0854 || nessus,11912
2276 || SERVER-WEBAPP oracle portal demo access || nessus,11918
2277 || SERVER-WEBAPP PeopleSoft PeopleBooks psdoccgi access || bugtraq,9037 || bugtraq,9038 || cve,2003-0626 || cve,2003-0627
2278 || SERVER-WEBAPP client negative Content-Length attempt || bugtraq,16354 || bugtraq,17879 || bugtraq,9098 || bugtraq,9476 || bugtraq,9576 || cve,2004-0095 || cve,2005-3653 || cve,2006-2162 || cve,2006-3655 || cve,2014-9192 || cve,2015-5343
2279 || SERVER-WEBAPP UpdateClasses.php access || bugtraq,9057
2280 || SERVER-WEBAPP Title.php access || bugtraq,9057
2281 || SERVER-WEBAPP Setup.php access || bugtraq,9057 || cve,2009-1151
2282 || SERVER-WEBAPP GlobalFunctions.php access || bugtraq,9057
2283 || SERVER-WEBAPP DatabaseFunctions.php access || bugtraq,9057
2284 || SERVER-WEBAPP rolis guestbook remote file include attempt || bugtraq,9057
2285 || SERVER-WEBAPP rolis guestbook access || bugtraq,9057
2286 || SERVER-WEBAPP friends.php access || bugtraq,9088
2287 || SERVER-WEBAPP Advanced Poll admin_comment.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2288 || SERVER-WEBAPP Advanced Poll admin_edit.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2289 || SERVER-WEBAPP Advanced Poll admin_embed.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2290 || SERVER-WEBAPP Advanced Poll admin_help.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2291 || SERVER-WEBAPP Advanced Poll admin_license.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2292 || SERVER-WEBAPP Advanced Poll admin_logout.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2293 || SERVER-WEBAPP Advanced Poll admin_password.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2294 || SERVER-WEBAPP Advanced Poll admin_preview.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2295 || SERVER-WEBAPP Advanced Poll admin_settings.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2296 || SERVER-WEBAPP Advanced Poll admin_stats.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2297 || SERVER-WEBAPP Advanced Poll admin_templates_misc.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2298 || SERVER-WEBAPP Advanced Poll admin_templates.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2299 || SERVER-WEBAPP Advanced Poll admin_tpl_misc_new.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2300 || SERVER-WEBAPP Advanced Poll admin_tpl_new.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2301 || SERVER-WEBAPP Advanced Poll booth.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2302 || SERVER-WEBAPP Advanced Poll poll_ssi.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2303 || SERVER-WEBAPP Advanced Poll popup.php access || bugtraq,8890 || cve,2003-1178 || cve,2003-1179 || cve,2003-1180 || cve,2003-1181 || nessus,11487
2304 || SERVER-WEBAPP files.inc.php access || bugtraq,8910 || cve,2003-1153
2305 || SERVER-WEBAPP chatbox.php access || bugtraq,8930 || cve,2003-1191
2306 || SERVER-WEBAPP gallery remote file include attempt || bugtraq,8814 || cve,2003-1227 || nessus,11876
2307 || SERVER-WEBAPP PayPal Storefront remote file include attempt || bugtraq,8791 || nessus,11873
2317 || INDICATOR-COMPROMISE CVS non-relative path error response || bugtraq,9178 || cve,2003-0977 || nessus,11947
2318 || SERVER-OTHER CVS non-relative path access attempt || bugtraq,9178 || cve,2003-0977 || nessus,11947
2319 || SERVER-OTHER ebola PASS overflow attempt || bugtraq,9156
2320 || SERVER-OTHER ebola USER overflow attempt || bugtraq,9156
2321 || SERVER-IIS foxweb.exe access || nessus,11939
2322 || SERVER-IIS foxweb.dll access || nessus,11939
2323 || SERVER-WEBAPP iSoft-Solutions QuickStore shopping cart quickstore.cgi access || bugtraq,9282 || nessus,11975
2324 || SERVER-IIS VP-ASP shopsearch.asp access || bugtraq,9133 || bugtraq,9134 || nessus,11942
2325 || SERVER-IIS VP-ASP ShopDisplayProducts.asp access || bugtraq,9133 || bugtraq,9134 || nessus,11942
2326 || SERVER-IIS sgdynamo.exe access || bugtraq,4720 || cve,2002-0375 || nessus,11955
2327 || SERVER-WEBAPP bsml.pl access || bugtraq,9311 || nessus,11973
2328 || SERVER-WEBAPP authentication_index.php access || cve,2004-0032 || nessus,11982
2329 || SERVER-MSSQL probe response overflow attempt || bugtraq,9407 || cve,2003-0903 || nessus,11990 || url,technet.microsoft.com/en-us/security/bulletin/MS04-003
2330 || PROTOCOL-IMAP auth overflow attempt || bugtraq,8861 || cve,2003-1177 || nessus,11910
2331 || SERVER-WEBAPP MatrikzGB privilege escalation attempt || bugtraq,8430
2332 || PROTOCOL-FTP MKD format string attempt || bugtraq,9262
2333 || PROTOCOL-FTP RENAME format string attempt || bugtraq,9262
2334 || PROTOCOL-FTP Yak! FTP server default account login attempt || bugtraq,9072
2335 || PROTOCOL-FTP RMD / attempt || bugtraq,9159
2337 || PROTOCOL-TFTP PUT filename overflow attempt || bugtraq,20131 || bugtraq,22923 || bugtraq,7819 || bugtraq,8505 || cve,2003-0380 || cve,2003-0729 || cve,2006-4948 || cve,2008-1611 || cve,2009-2957 || cve,2009-2958 || nessus,18264
2338 || PROTOCOL-FTP LIST buffer overflow attempt || bugtraq,10181 || bugtraq,14339 || bugtraq,33454 || bugtraq,58247 || bugtraq,6869 || bugtraq,7251 || bugtraq,7861 || bugtraq,8486 || bugtraq,9675 || cve,1999-0349 || cve,1999-1510 || cve,2000-0129 || cve,2004-1992 || cve,2005-2373 || cve,2007-0019 || cve,2009-0351 || url,technet.microsoft.com/en-us/security/bulletin/MS99-003
2339 || PROTOCOL-TFTP NULL command attempt || bugtraq,7575
2340 || PROTOCOL-FTP SITE CHMOD overflow attempt || bugtraq,10181 || bugtraq,9483 || bugtraq,9675 || cve,1999-0838 || nessus,12037
2341 || SERVER-WEBAPP DCP-Portal remote file include editor script attempt || bugtraq,6525
2342 || SERVER-WEBAPP DCP-Portal remote file include lib script attempt || bugtraq,6525
2343 || PROTOCOL-FTP STOR overflow attempt || bugtraq,8668 || cve,2000-0133 || url,exploit-db.com/exploits/39662/
2344 || PROTOCOL-FTP XCWD overflow attempt || bugtraq,11542 || bugtraq,8704 || cve,2004-2728
2345 || SERVER-WEBAPP PhpGedView search.php access || bugtraq,9369 || cve,2004-0032
2346 || SERVER-WEBAPP myPHPNuke chatheader.php access || bugtraq,6544
2347 || SERVER-WEBAPP myPHPNuke partner.php access || bugtraq,6544
2353 || SERVER-WEBAPP IdeaBox cord.php file include || bugtraq,7488
2354 || SERVER-WEBAPP IdeaBox notification.php file include || bugtraq,7488
2355 || SERVER-WEBAPP Invision Board emailer.php file include || bugtraq,7204
2356 || SERVER-WEBAPP WebChat db_mysql.php file include || bugtraq,7000 || cve,2007-0485
2357 || SERVER-WEBAPP WebChat english.php file include || bugtraq,7000 || cve,2007-0485
2358 || SERVER-WEBAPP Typo3 translations.php file include || bugtraq,6984
2359 || SERVER-WEBAPP Invision Board ipchat.php file include || bugtraq,6976 || cve,2003-1385
2360 || SERVER-WEBAPP myphpPagetool pt_config.inc file include || bugtraq,6744
2361 || SERVER-WEBAPP news.php file include || bugtraq,6674
2362 || SERVER-WEBAPP YaBB SE packages.php file include || bugtraq,6663
2363 || SERVER-WEBAPP Cyboards default_header.php access || bugtraq,6597
2364 || SERVER-WEBAPP Cyboards options_form.php access || bugtraq,6597
2365 || SERVER-WEBAPP newsPHP Language file include attempt || bugtraq,8488
2366 || SERVER-WEBAPP PhpGedView PGV authentication_index.php base directory manipulation attempt || bugtraq,9368 || cve,2004-0030
2367 || SERVER-WEBAPP PhpGedView PGV functions.php base directory manipulation attempt || bugtraq,9368 || cve,2004-0030
2368 || SERVER-WEBAPP PhpGedView PGV config_gedcom.php base directory manipulation attempt || bugtraq,9368 || cve,2004-0030
2369 || SERVER-WEBAPP ISAPISkeleton.dll access || bugtraq,9516 || cve,2004-2128
2370 || SERVER-WEBAPP BugPort config.conf file access || bugtraq,9542 || cve,2004-2353
2371 || SERVER-WEBAPP Sample_showcode.html access || bugtraq,9555 || cve,2004-2170
2372 || SERVER-WEBAPP Photopost PHP Pro showphoto.php access || bugtraq,9557 || cve,2004-0239 || cve,2004-0250
2373 || PROTOCOL-FTP XMKD overflow attempt || bugtraq,7909 || cve,2000-0133 || cve,2001-1021
2374 || PROTOCOL-FTP NLST overflow attempt || bugtraq,7909 || cve,1999-1544 || cve,2009-3023 || url,technet.microsoft.com/en-us/security/bulletin/MS09-053 || url,www.kb.cert.org/vuls/id/276653
2375 || MALWARE-CNC DoomJuice/mydoom.a backdoor upload/execute || url,securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html
2376 || SERVER-OTHER ISAKMP first payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040
2377 || SERVER-OTHER ISAKMP second payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040
2378 || SERVER-OTHER ISAKMP third payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040
2379 || SERVER-OTHER ISAKMP forth payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040
2380 || SERVER-OTHER ISAKMP fifth payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040
2381 || SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt || bugtraq,9581 || cve,2004-0039 || nessus,12084
2382 || OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,technet.microsoft.com/en-us/security/bulletin/MS04-007
2383 || OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,technet.microsoft.com/en-us/security/bulletin/MS04-007
2386 || SERVER-IIS NTLM ASN1 vulnerability scan attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12055 || nessus,12065 || url,technet.microsoft.com/en-us/security/bulletin/MS04-007
2388 || SERVER-WEBAPP Apple QuickTime streaming server view_broadcast.cgi access || bugtraq,8257 || cve,2003-0422
2389 || PROTOCOL-FTP RNTO overflow attempt || bugtraq,15457 || bugtraq,8315 || cve,2000-0133 || cve,2001-1021 || cve,2003-0466 || cve,2005-3683
2390 || PROTOCOL-FTP STOU overflow attempt || bugtraq,8315 || cve,2003-0466
2391 || PROTOCOL-FTP APPE overflow attempt || bugtraq,8315 || bugtraq,8542 || cve,2000-0133 || cve,2003-0466 || cve,2003-0772
2392 || PROTOCOL-FTP RETR overflow attempt || bugtraq,15457 || bugtraq,23168 || bugtraq,8315 || cve,2003-0466 || cve,2004-0287 || cve,2004-0298 || cve,2005-3683
2393 || SERVER-WEBAPP /_admin access || bugtraq,9537 || cve,2007-1156 || nessus,12032
2394 || SERVER-WEBAPP Compaq web-based management agent denial of service attempt || bugtraq,8014
2395 || SERVER-WEBAPP InteractiveQuery.jsp access || bugtraq,8938 || cve,2003-0624
2396 || SERVER-WEBAPP CCBill whereami.cgi arbitrary command execution attempt || bugtraq,8095 || url,secunia.com/advisories/9191/
2397 || SERVER-WEBAPP CCBill whereami.cgi access || bugtraq,8095 || url,secunia.com/advisories/9191/
2398 || SERVER-WEBAPP WAnewsletter newsletter.php file include attempt || bugtraq,6965
2399 || SERVER-WEBAPP WAnewsletter db_type.php access || bugtraq,6964
2400 || SERVER-WEBAPP edittag.pl access || bugtraq,6675 || cve,2003-1351
2401 || NETBIOS SMB Session Setup andx username overflow attempt || bugtraq,9752 || cve,2004-0193 || url,www.eeye.com/html/Research/Advisories/AD20040226.html
2402 || NETBIOS SMB-DS Session Setup andx username overflow attempt || bugtraq,9752 || cve,2004-0193 || url,www.eeye.com/html/Research/Advisories/AD20040226.html
2403 || NETBIOS SMB Session Setup unicode username overflow attempt || bugtraq,9752 || cve,2004-0193 || url,www.eeye.com/html/Research/Advisories/AD20040226.html
2404 || NETBIOS SMB-DS Session Setup unicode andx username overflow attempt || bugtraq,9752 || cve,2004-0193 || url,www.eeye.com/html/Research/Advisories/AD20040226.html
2405 || SERVER-WEBAPP phptest.php access || bugtraq,9737 || cve,2004-2374
2406 || PROTOCOL-TELNET APC SmartSlot default admin account attempt || bugtraq,9681 || cve,2004-0311 || nessus,12066
2407 || SERVER-WEBAPP util.pl access || bugtraq,9748 || cve,2004-2379
2408 || SERVER-WEBAPP Invision Power Board search.pl access || bugtraq,9766 || cve,2004-0338
2409 || PROTOCOL-POP APOP USER overflow attempt || bugtraq,9794 || cve,2004-2375
2410 || SERVER-WEBAPP IGeneric Free Shopping Cart page.php access || bugtraq,9773
2411 || SERVER-WEBAPP RealNetworks RealSystem Server DESCRIBE buffer overflow attempt || bugtraq,8476 || cve,2003-0725 || nessus,11642 || url,www.service.real.com/help/faq/security/rootexploit091103.html
2413 || SERVER-OTHER ISAKMP delete hash with empty hash attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164
2414 || SERVER-OTHER ISAKMP initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164
2415 || SERVER-OTHER ISAKMP second payload initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164
2416 || PROTOCOL-FTP invalid MDTM command attempt || bugtraq,9751 || cve,2001-1021 || cve,2004-0330
2417 || PROTOCOL-FTP format string attempt || bugtraq,15352 || bugtraq,30993 || bugtraq,9800 || cve,2002-2074 || cve,2007-1195 || cve,2009-4769 || url,osvdb.org/show/osvdb/33813
2418 || POLICY-OTHER Microsoft Windows Terminal Server no encryption session initiation attempt || cve,2001-0663 || url,technet.microsoft.com/en-us/security/bulletin/MS01-052
2419 || FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request || url,en.wikipedia.org/wiki/.ram
2420 || FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request || url,en.wikipedia.org/wiki/.ram
2422 || FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request || url,en.wikipedia.org/wiki/.ram
2423 || FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request || url,en.wikipedia.org/wiki/.ram
2424 || PROTOCOL-NNTP sendsys overflow attempt || bugtraq,9382 || cve,2004-0045 || nessus,11984
2425 || PROTOCOL-NNTP senduuname overflow attempt || bugtraq,9382 || cve,2004-0045 || nessus,11984
2426 || PROTOCOL-NNTP version overflow attempt || bugtraq,9382 || cve,2004-0045 || nessus,11984
2427 || PROTOCOL-NNTP checkgroups overflow attempt || bugtraq,9382 || cve,2004-0045 || nessus,11984
2428 || PROTOCOL-NNTP ihave overflow attempt || bugtraq,9382 || cve,2004-0045 || nessus,11984
2429 || PROTOCOL-NNTP sendme overflow attempt || bugtraq,9382 || cve,2004-0045 || nessus,11984
2430 || PROTOCOL-NNTP newgroup overflow attempt || bugtraq,9382 || cve,2004-0045 || nessus,11984
2431 || PROTOCOL-NNTP rmgroup overflow attempt || bugtraq,9382 || cve,2004-0045 || nessus,11984
2433 || SERVER-WEBAPP MDaemon form2raw.cgi overflow attempt || bugtraq,9317 || cve,2003-1200 || url,secunia.com/advisories/10512/
2434 || SERVER-WEBAPP MDaemon form2raw.cgi access || bugtraq,9317 || cve,2003-1200 || url,secunia.com/advisories/10512/
2435 || FILE-IDENTIFY Microsoft emf file download request || bugtraq,10120 || bugtraq,28819 || bugtraq,9707 || cve,2003-0906 || cve,2007-5746 || url,technet.microsoft.com/en-us/security/bulletin/MS04-011 || url,technet.microsoft.com/en-us/security/bulletin/MS04-032 || url,technet.microsoft.com/en-us/security/bulletin/MS05-053 || url,technet.microsoft.com/en-us/security/bulletin/MS06-001
2436 || FILE-IDENTIFY Microsoft Windows Audio wmf file download request || url,en.wikipedia.org/wiki/.wmf
2437 || FILE-MULTIMEDIA RealNetworks RealPlayer arbitrary javascript command attempt || bugtraq,8453 || bugtraq,9378 || cve,2003-0726
2438 || FILE-MULTIMEDIA RealNetworks RealPlayer playlist file URL overflow attempt || bugtraq,13264 || bugtraq,9579 || cve,2004-0258 || cve,2005-0755
2439 || FILE-MULTIMEDIA RealNetworks RealPlayer playlist http URL overflow attempt || bugtraq,13264 || bugtraq,9579 || cve,2004-0258 || cve,2005-0755
2440 || FILE-MULTIMEDIA RealNetworks RealPlayer playlist rtsp URL overflow attempt || bugtraq,13264 || bugtraq,9579 || cve,2004-0258 || cve,2005-0755
2441 || SERVER-WEBAPP NetObserve authentication bypass attempt || bugtraq,9319
2446 || SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt - ISS Witty Worm || cve,2004-0362 || url,www.eeye.com/html/Research/Advisories/AD20040318.html
2447 || SERVER-WEBAPP ServletManager access || bugtraq,3697 || cve,2001-1195 || nessus,12122
2448 || SERVER-WEBAPP setinfo.hts access || bugtraq,9973 || cve,2004-1857 || nessus,12120
2449 || PROTOCOL-FTP ALLO overflow attempt || bugtraq,9953 || cve,2004-1883 || nessus,14598
2462 || SERVER-OTHER Ethereal IGMP IGAP account overflow attempt || bugtraq,9952 || cve,2004-0176 || cve,2004-0367
2463 || SERVER-OTHER Ethereal IGMP IGAP message overflow attempt || bugtraq,9952 || cve,2004-0176 || cve,2004-0367
2464 || SERVER-OTHER Ethereal EIGRP prefix length overflow attempt || bugtraq,9952 || cve,2004-0176 || cve,2004-0367
2484 || SERVER-WEBAPP source.jsp access || nessus,12119
2485 || BROWSER-PLUGINS Symantec Norton Internet Security 2004 ActiveX clsid access || bugtraq,9916 || cve,2004-0363 || url,osvdb.org/show/osvdb/6249
2486 || SERVER-OTHER ISAKMP invalid identification payload attempt || bugtraq,10004 || cve,2004-0184
2487 || SERVER-MAIL WinZip MIME content-type buffer overflow || bugtraq,9758 || cve,2004-0333 || nessus,12621
2488 || SERVER-MAIL WinZip MIME content-disposition buffer overflow || bugtraq,9758 || cve,2004-0333 || nessus,12621
2489 || SERVER-OTHER esignal STREAMQUOTE buffer overflow attempt || bugtraq,9978 || cve,2004-1868
2490 || SERVER-OTHER esignal SNAPQUOTE buffer overflow attempt || bugtraq,9978 || cve,2004-1868
2508 || OS-WINDOWS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt || bugtraq,10108 || cve,2003-0533 || nessus,12205 || url,technet.microsoft.com/en-us/security/bulletin/MS04-011
2511 || OS-WINDOWS DCERPC NCADG-IP-UDP lsass DsRolerUpgradeDownlevelServer overflow attempt || bugtraq,10108 || cve,2003-0533 || nessus,12205 || url,technet.microsoft.com/en-us/security/bulletin/MS04-011
2523 || SERVER-OTHER BGP spoofed connection reset attempt || bugtraq,10183 || cve,2004-0230 || url,www.uniras.gov.uk/vuls/2004/236929/index.htm
2545 || SERVER-OTHER AFP FPLoginExt username buffer overflow attempt || bugtraq,10271 || cve,2004-0430 || url,www.atstake.com/research/advisories/2004/a050304-1.txt
2546 || PROTOCOL-FTP MDTM overflow attempt || bugtraq,9751 || cve,2001-1021 || cve,2004-0330 || nessus,12080
2547 || SERVER-OTHER HP Web JetAdmin remote file upload attempt || bugtraq,9971 || cve,2004-1856
2548 || SERVER-OTHER HP Web JetAdmin setinfo access || bugtraq,9972 || cve,2004-1857 || nessus,12120
2549 || SERVER-OTHER HP Web JetAdmin file write attempt || bugtraq,9973
2550 || FILE-OTHER Nullsoft Winamp XM file buffer overflow attempt || cve,2004-1896 || url,www.securityfocus.com/bid/10045
2551 || SERVER-OTHER Oracle Web Cache GET overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
2552 || SERVER-OTHER Oracle Web Cache HEAD overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
2553 || SERVER-OTHER Oracle Web Cache PUT overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
2554 || SERVER-OTHER Oracle Web Cache POST overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
2555 || SERVER-OTHER Oracle Web Cache TRACE overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
2556 || SERVER-OTHER Oracle Web Cache DELETE overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
2557 || SERVER-OTHER Oracle Web Cache LOCK overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
2558 || SERVER-OTHER Oracle Web Cache MKCOL overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
2559 || SERVER-OTHER Oracle Web Cache COPY overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
2560 || SERVER-OTHER Oracle Web Cache MOVE overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
2561 || SERVER-OTHER rsync backup-dir directory traversal attempt || bugtraq,10247 || cve,2004-0426 || nessus,12230
2562 || SERVER-WEBAPP McAfee ePO file upload attempt || bugtraq,10200 || cve,2004-0038
2563 || NETBIOS NS lookup response name overflow attempt || bugtraq,10333 || cve,2004-0444 || url,www.eeye.com/html/Research/Advisories/AD20040512A.html
2564 || NETBIOS NS lookup short response attempt || bugtraq,10335 || cve,2004-0444 || url,www.eeye.com/html/Research/Advisories/AD20040512C.html
2565 || SERVER-WEBAPP modules.php access || bugtraq,9879 || cve,2004-1817
2566 || SERVER-WEBAPP PHPBB viewforum.php access || bugtraq,9865 || bugtraq,9866 || cve,2004-1809 || nessus,12093
2567 || SERVER-WEBAPP Emumail init.emu access || bugtraq,9861 || cve,2004-2334 || cve,2004-2385 || nessus,12095
2568 || SERVER-WEBAPP Emumail emumail.fcgi access || bugtraq,9861 || cve,2004-2334 || cve,2004-2385 || nessus,12095
2569 || SERVER-WEBAPP cPanel resetpass access || bugtraq,9848 || cve,2004-1769
2570 || SERVER-WEBAPP invalid HTTP version string || bugtraq,34240 || bugtraq,9809 || cve,2009-0478 || nessus,11593
2571 || SERVER-IIS SmarterTools SmarterMail frmGetAttachment.aspx access || bugtraq,9805 || cve,2004-2585
2572 || SERVER-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt || bugtraq,9805 || cve,2004-2585
2573 || SERVER-IIS SmarterTools SmarterMail frmCompose.asp access || bugtraq,9805 || cve,2004-2585
2574 || PROTOCOL-FTP RETR format string attempt || bugtraq,9800 || cve,2004-1883
2575 || SERVER-WEBAPP Opt-X header.php remote file include attempt || bugtraq,9732 || cve,2004-2368
2576 || SERVER-ORACLE dbms_repcat.generate_replication_support buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck93.html
2577 || FILE-OTHER local resource redirection attempt || cve,2004-0549 || url,www.kb.cert.org/vuls/id/713878
2578 || SERVER-OTHER kerberos principal name overflow UDP || cve,2003-0072 || nessus,11512 || url,web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
2579 || SERVER-OTHER kerberos principal name overflow TCP || cve,2003-0072 || nessus,11512 || url,web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
2580 || SERVER-WEBAPP server negative Content-Length attempt || bugtraq,10508 || cve,2004-0492 || url,www.guninski.com/modproxy1.html
2581 || SERVER-WEBAPP SAP Crystal Reports crystalimagehandler.aspx access || cve,2004-0204 || url,www.microsoft.com/security/bulletins/200406_crystal.mspx
2582 || OS-WINDOWS SAP Crystal Reports crystalImageHandler.asp directory traversal attempt || bugtraq,10260 || cve,2004-0204 || nessus,12271 || url,technet.microsoft.com/en-us/security/bulletin/ms04-017
2583 || SERVER-OTHER CVS Max-dotdot integer overflow attempt || bugtraq,10499 || cve,2004-0417
2584 || SERVER-OTHER eMule buffer overflow attempt || bugtraq,10039 || cve,2004-1892 || nessus,12233
2585 || SERVER-WEBAPP nessus 2.x 404 probe || nessus,10386
2587 || PUA-P2P eDonkey server response || url,www.emule-project.net
2588 || SERVER-WEBAPP TUTOS path disclosure attempt || bugtraq,10129 || url,www.securiteam.com/unixfocus/5FP0J15CKE.html
2589 || OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt || bugtraq,9510 || cve,2004-0420 || url,technet.microsoft.com/en-us/security/bulletin/ms04-024
2597 || SERVER-WEBAPP Samba SWAT Authorization overflow attempt || bugtraq,10780 || cve,2004-0600
2598 || SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt || bugtraq,10780 || cve,2004-0600
2603 || SERVER-ORACLE dbms_repcat.create_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html
2605 || SERVER-ORACLE dbms_repcat.compare_old_values buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck91.html
2606 || SERVER-ORACLE dbms_repcat.comment_on_repobject buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html
2608 || SERVER-ORACLE sysdbms_repcat_rgt.check_ddl_text buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
2611 || SERVER-ORACLE LINK metadata buffer overflow attempt || bugtraq,12296 || bugtraq,7453 || cve,2003-0222 || cve,2005-0297 || nessus,11563 || url,archives.neohapsis.com/archives/bugtraq/2003-04/0360.html
2612 || SERVER-ORACLE sys.dbms_repcat_auth.revoke_surrogate_repcat buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
2614 || SERVER-ORACLE time_zone buffer overflow attempt || bugtraq,9587 || cve,2003-1208 || nessus,12047 || url,www.nextgenss.com/advisories/ora_time_zone.txt
2615 || SERVER-ORACLE sys.dbms_repcat_auth.grant_surrogate_repcat buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
2617 || SERVER-ORACLE sys.dbms_repcat.alter_mview_propagation buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html
2619 || SERVER-ORACLE dbms_repcat.alter_master_repobject buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html
2621 || SERVER-ORACLE dbms_repcat_sna_utl.register_flavor_change buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
2624 || SERVER-ORACLE dbms_repcat_admin.unregister_user_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html
2626 || SERVER-ORACLE dbms_repcat.send_old_values buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck91.html
2627 || SERVER-ORACLE dbms_repcat.repcat_import_check buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html
2629 || SERVER-ORACLE dbms_repcat_admin.register_user_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html
2633 || SERVER-ORACLE sys.dbms_rectifier_diff.rectify buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
2637 || SERVER-ORACLE dbms_repcat.drop_master_repobject buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html
2639 || SERVER-ORACLE dbms_repcat.drop_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html
2643 || SERVER-ORACLE sys.dbms_repcat_fla.ensure_not_published buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck96.html
2644 || SERVER-ORACLE from_tz buffer overflow attempt || url,www.nextgenss.com/advisories/ora_from_tz.txt
2649 || SERVER-ORACLE Oracle 9i TNS Listener SERVICE_NAME Remote Buffer Overflow attempt || cve,2002-0965
2650 || SERVER-ORACLE user name buffer overflow attempt || bugtraq,6849 || cve,2003-0095 || url,otn.oracle.com/deploy/security/pdf/2003alert51.pdf || url,www.appsecinc.com/Policy/PolicyCheck62.html
2651 || SERVER-ORACLE NUMTODSINTERVAL/NUMTOYMINTERVAL buffer overflow attempt || bugtraq,9587 || cve,2003-1208 || url,www.nextgenss.com/advisories/ora_numtodsinterval.txt || url,www.nextgenss.com/advisories/ora_numtoyminterval.txt
2652 || SERVER-ORACLE dbms_offline_og.begin_load buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2654 || SERVER-WEBAPP PHPNuke Forum viewtopic SQL insertion attempt || bugtraq,7193
2655 || SERVER-OTHER HP Web JetAdmin ExecuteFile admin access || bugtraq,10224
2656 || SERVER-WEBAPP SSLv2 Client_Hello Challenge Length overflow attempt || bugtraq,11015 || cve,2004-0826
2663 || SERVER-WEBAPP Ipswitch WhatsUpGold instancename overflow attempt || bugtraq,11043 || cve,2004-0798
2664 || PROTOCOL-IMAP login format string attempt || bugtraq,10976 || cve,2004-0777
2665 || PROTOCOL-IMAP login literal format string attempt || bugtraq,10976 || cve,2007-0221 || url,technet.microsoft.com/en-us/security/bulletin/MS07-026
2666 || PROTOCOL-POP PASS format string attempt || bugtraq,10976 || cve,2004-0777
2667 || SERVER-IIS ping.asp access || nessus,10968
2668 || SERVER-WEBAPP processit access || nessus,10649
2669 || SERVER-WEBAPP ibillpm.pl access || bugtraq,3476 || cve,2001-0839 || nessus,11083
2670 || SERVER-WEBAPP pgpmail.pl access || bugtraq,3605 || cve,2001-0937 || nessus,11070
2671 || BROWSER-IE Microsoft Internet Explorer bitmap BitmapOffset integer overflow attempt || bugtraq,9663 || cve,2004-0566 || url,technet.microsoft.com/en-us/security/bulletin/ms04-025
2672 || SERVER-WEBAPP sresult.exe access || bugtraq,10837 || cve,2004-2528 || nessus,14186
2673 || FILE-IMAGE libpng tRNS overflow attempt || bugtraq,10872 || cve,2004-0597
2686 || SERVER-ORACLE sys.dbms_rectifier_diff.differences buffer overflow attempt || bugtraq,10871 || cve,2004-1362 || cve,2004-1363 || cve,2004-1364 || cve,2004-1365 || cve,2004-1366 || cve,2004-1368 || cve,2004-1369 || cve,2004-1370 || cve,2004-1371 || url,www.appsecinc.com/Policy/PolicyCheck97.html
2699 || SERVER-ORACLE TO_CHAR buffer overflow attempt || bugtraq,10871 || cve,2004-1364
2701 || SERVER-WEBAPP Oracle iSQLPlus sid overflow attempt || bugtraq,10871 || cve,2004-1362 || cve,2004-1363 || cve,2004-1364 || cve,2004-1365 || cve,2004-1366 || cve,2004-1368 || cve,2004-1369 || cve,2004-1370 || cve,2004-1371 || url,www.nextgenss.com/advisories/ora-isqlplus.txt
2702 || SERVER-WEBAPP Oracle iSQLPlus username overflow attempt || bugtraq,10871 || cve,2004-1362 || cve,2004-1363 || cve,2004-1364 || cve,2004-1365 || cve,2004-1366 || cve,2004-1368 || cve,2004-1369 || cve,2004-1370 || cve,2004-1371 || url,www.nextgenss.com/advisories/ora-isqlplus.txt
2703 || SERVER-WEBAPP Oracle iSQLPlus login.uix username overflow attempt || bugtraq,10871 || cve,2004-1362 || cve,2004-1363 || cve,2004-1364 || cve,2004-1365 || cve,2004-1366 || cve,2004-1368 || cve,2004-1369 || cve,2004-1370 || cve,2004-1371 || url,www.nextgenss.com/advisories/ora-isqlplus.txt
2704 || SERVER-WEBAPP Oracle 10g iSQLPlus login.unix connectID overflow attempt || bugtraq,10871 || cve,2004-1362 || cve,2004-1363 || cve,2004-1364 || cve,2004-1365 || cve,2004-1366 || cve,2004-1368 || cve,2004-1369 || cve,2004-1370 || cve,2004-1371 || url,www.nextgenss.com/advisories/ora-isqlplus.txt
2705 || FILE-IMAGE Microsoft Multiple Products JPEG parser heap overflow attempt || bugtraq,11173 || cve,2004-0200 || url,www.microsoft.com/security/bulletins/200409_jpeg.mspx
2707 || FILE-IMAGE JPEG parser multipacket heap overflow attempt || bugtraq,11173 || cve,2004-0200 || cve,2017-16392 || url,helpx.adobe.com/security/products/acrobat/apsb17-36.html || url,technet.microsoft.com/en-us/security/bulletin/MS04-028
2708 || SERVER-ORACLE dbms_offline_og.begin_flavor_change buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2709 || SERVER-ORACLE dbms_offline_og.begin_instantiation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2711 || SERVER-ORACLE dbms_offline_og.end_flavor_change buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2712 || SERVER-ORACLE dbms_offline_og.end_instantiation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2713 || SERVER-ORACLE dbms_offline_og.end_load buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2714 || SERVER-ORACLE dbms_offline_og.resume_subset_of_masters buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2715 || SERVER-ORACLE dbms_offline_snapshot.begin_load buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2716 || SERVER-ORACLE dbms_offline_snapshot.end_load buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2717 || SERVER-ORACLE dbms_rectifier_diff.differences buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2718 || SERVER-ORACLE dbms_rectifier_diff.rectify buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2719 || SERVER-ORACLE dbms_repcat.abort_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2720 || SERVER-ORACLE dbms_repcat.add_column_group_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2721 || SERVER-ORACLE dbms_repcat.add_columns_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2722 || SERVER-ORACLE dbms_repcat.add_object_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2723 || SERVER-ORACLE dbms_repcat.add_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2724 || SERVER-ORACLE dbms_repcat.add_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2725 || SERVER-ORACLE dbms_repcat.add_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2726 || SERVER-ORACLE dbms_repcat.add_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2727 || SERVER-ORACLE dbms_repcat.add_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2728 || SERVER-ORACLE dbms_repcat.add_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2729 || SERVER-ORACLE dbms_repcat.add_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2730 || SERVER-ORACLE dbms_repcat.add_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2731 || SERVER-ORACLE dbms_repcat.add_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2732 || SERVER-ORACLE dbms_repcat.add_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2733 || SERVER-ORACLE dbms_repcat.alter_master_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2734 || SERVER-ORACLE dbms_repcat.alter_mview_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2735 || SERVER-ORACLE dbms_repcat.alter_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2736 || SERVER-ORACLE dbms_repcat.alter_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2737 || SERVER-ORACLE dbms_repcat.alter_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2738 || SERVER-ORACLE dbms_repcat.alter_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2739 || SERVER-ORACLE dbms_repcat.alter_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2740 || SERVER-ORACLE dbms_repcat.alter_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2741 || SERVER-ORACLE dbms_repcat.alter_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2742 || SERVER-ORACLE dbms_repcat.alter_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2743 || SERVER-ORACLE dbms_repcat.alter_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2744 || SERVER-ORACLE dbms_repcat.alter_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2745 || SERVER-ORACLE dbms_repcat.alter_snapshot_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2746 || SERVER-ORACLE dbms_repcat_auth.revoke_surrogate_repcat buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2747 || SERVER-ORACLE dbms_repcat.begin_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2748 || SERVER-ORACLE dbms_repcat.comment_on_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2749 || SERVER-ORACLE dbms_repcat.comment_on_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2750 || SERVER-ORACLE dbms_repcat.comment_on_mview_repsites buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2751 || SERVER-ORACLE dbms_repcat.comment_on_priority_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2752 || SERVER-ORACLE dbms_repcat.comment_on_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2753 || SERVER-ORACLE dbms_repcat.comment_on_repsites buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2754 || SERVER-ORACLE dbms_repcat.comment_on_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2755 || SERVER-ORACLE dbms_repcat.comment_on_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2756 || SERVER-ORACLE dbms_repcat.comment_on_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2757 || SERVER-ORACLE dbms_repcat.create_master_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2758 || SERVER-ORACLE dbms_repcat.create_master_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2759 || SERVER-ORACLE dbms_repcat.create_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2760 || SERVER-ORACLE dbms_repcat.define_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2761 || SERVER-ORACLE dbms_repcat.define_priority_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2762 || SERVER-ORACLE dbms_repcat.define_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2763 || SERVER-ORACLE dbms_repcat.do_deferred_repcat_admin buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2764 || SERVER-ORACLE dbms_repcat.drop_column_group_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2765 || SERVER-ORACLE dbms_repcat.drop_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2766 || SERVER-ORACLE dbms_repcat.drop_columns_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2767 || SERVER-ORACLE dbms_repcat.drop_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2768 || SERVER-ORACLE dbms_repcat.drop_grouped_column buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2769 || SERVER-ORACLE dbms_repcat.drop_mview_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2770 || SERVER-ORACLE dbms_repcat.drop_object_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2771 || SERVER-ORACLE dbms_repcat.drop_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2772 || SERVER-ORACLE dbms_repcat.drop_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2773 || SERVER-ORACLE dbms_repcat.drop_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2774 || SERVER-ORACLE dbms_repcat.drop_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2775 || SERVER-ORACLE dbms_repcat.drop_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2776 || SERVER-ORACLE dbms_repcat.drop_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2777 || SERVER-ORACLE dbms_repcat.drop_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2778 || SERVER-ORACLE dbms_repcat.drop_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2779 || SERVER-ORACLE dbms_repcat.drop_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2780 || SERVER-ORACLE dbms_repcat.drop_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2781 || SERVER-ORACLE dbms_repcat.drop_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2782 || SERVER-ORACLE dbms_repcat.drop_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2783 || SERVER-ORACLE dbms_repcat.drop_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2784 || SERVER-ORACLE dbms_repcat.drop_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2785 || SERVER-ORACLE dbms_repcat.execute_ddl buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2786 || SERVER-ORACLE dbms_repcat.generate_replication_package buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2787 || SERVER-ORACLE dbms_repcat_instantiate.instantiate_online buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2788 || SERVER-ORACLE dbms_repcat.make_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2789 || SERVER-ORACLE dbms_repcat.obsolete_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2790 || SERVER-ORACLE dbms_repcat.publish_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2791 || SERVER-ORACLE dbms_repcat.purge_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2792 || SERVER-ORACLE dbms_repcat.purge_master_log buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2793 || SERVER-ORACLE dbms_repcat.purge_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2794 || SERVER-ORACLE dbms_repcat.refresh_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2795 || SERVER-ORACLE dbms_repcat.refresh_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2796 || SERVER-ORACLE dbms_repcat.register_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2797 || SERVER-ORACLE dbms_repcat.register_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2798 || SERVER-ORACLE dbms_repcat.register_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2799 || SERVER-ORACLE dbms_repcat.relocate_masterdef buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2800 || SERVER-ORACLE dbms_repcat.rename_shadow_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2801 || SERVER-ORACLE dbms_repcat.resume_master_activity buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2802 || SERVER-ORACLE dbms_repcat_rgt.check_ddl_text buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2803 || SERVER-ORACLE dbms_repcat_rgt.drop_site_instantiation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2804 || SERVER-ORACLE dbms_repcat.send_and_compare_old_values buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2805 || SERVER-ORACLE dbms_repcat.set_columns buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2806 || SERVER-ORACLE dbms_repcat.set_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2807 || SERVER-ORACLE dbms_repcat.specify_new_masters buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2808 || SERVER-ORACLE dbms_repcat.suspend_master_activity buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2809 || SERVER-ORACLE dbms_repcat.unregister_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2810 || SERVER-ORACLE dbms_repcat.unregister_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2811 || SERVER-ORACLE dbms_repcat.validate_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2812 || SERVER-ORACLE dbms_repcat.validate_for_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2813 || SERVER-ORACLE sys.dbms_repcat_fla.abort_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2814 || SERVER-ORACLE sys.dbms_repcat_fla.add_object_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2815 || SERVER-ORACLE sys.dbms_repcat_fla.begin_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2816 || SERVER-ORACLE sys.dbms_repcat_fla.drop_object_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2817 || SERVER-ORACLE sys.dbms_repcat_fla_mas.add_column_group_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2818 || SERVER-ORACLE sys.dbms_repcat_fla_mas.add_columns_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2819 || SERVER-ORACLE sys.dbms_repcat_fla_mas.drop_column_group_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2820 || SERVER-ORACLE sys.dbms_repcat_fla_mas.drop_columns_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2821 || SERVER-ORACLE sys.dbms_repcat_fla_mas.obsolete_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2822 || SERVER-ORACLE sys.dbms_repcat_fla_mas.publish_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2823 || SERVER-ORACLE sys.dbms_repcat_fla_mas.purge_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2824 || SERVER-ORACLE sys.dbms_repcat_fla.set_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2825 || SERVER-ORACLE sys.dbms_repcat_fla.validate_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2826 || SERVER-ORACLE sys.dbms_repcat_fla.validate_for_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2827 || SERVER-ORACLE sys.dbms_repcat_mas.alter_master_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2828 || SERVER-ORACLE sys.dbms_repcat_mas.comment_on_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2829 || SERVER-ORACLE sys.dbms_repcat_mas.comment_on_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2830 || SERVER-ORACLE sys.dbms_repcat_mas.create_master_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2831 || SERVER-ORACLE sys.dbms_repcat_mas.create_master_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2832 || SERVER-ORACLE sys.dbms_repcat_mas.do_deferred_repcat_admin buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2833 || SERVER-ORACLE sys.dbms_repcat_mas.drop_master_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2834 || SERVER-ORACLE sys.dbms_repcat_mas.generate_replication_package buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2835 || SERVER-ORACLE sys.dbms_repcat_mas.purge_master_log buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2836 || SERVER-ORACLE sys.dbms_repcat_mas.relocate_masterdef buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2837 || SERVER-ORACLE sys.dbms_repcat_mas.rename_shadow_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2838 || SERVER-ORACLE sys.dbms_repcat_mas.resume_master_activity buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2839 || SERVER-ORACLE sys.dbms_repcat_mas.suspend_master_activity buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2840 || SERVER-ORACLE sys.dbms_repcat_sna_utl.alter_snapshot_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2841 || SERVER-ORACLE sys.dbms_repcat_sna_utl.create_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2842 || SERVER-ORACLE sys.dbms_repcat_sna_utl.drop_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2843 || SERVER-ORACLE sys.dbms_repcat_sna_utl.drop_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2844 || SERVER-ORACLE sys.dbms_repcat_sna_utl.refresh_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2845 || SERVER-ORACLE sys.dbms_repcat_sna_utl.register_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2846 || SERVER-ORACLE sys.dbms_repcat_sna_utl.repcat_import_check buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2847 || SERVER-ORACLE sys.dbms_repcat_sna_utl.unregister_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2848 || SERVER-ORACLE sys.dbms_repcat_utl4.drop_master_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2849 || SERVER-ORACLE sys.dbms_repcat_utl.drop_an_object buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2850 || SERVER-ORACLE dbms_repcat.create_mview_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2851 || SERVER-ORACLE dbms_repcat.create_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2852 || SERVER-ORACLE dbms_repcat.generate_mview_support buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2853 || SERVER-ORACLE dbms_repcat.generate_replication_trigger buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2854 || SERVER-ORACLE dbms_repcat.generate_snapshot_support buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2855 || SERVER-ORACLE dbms_repcat.remove_master_databases buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2856 || SERVER-ORACLE dbms_repcat.switch_mview_master buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2857 || SERVER-ORACLE dbms_repcat.switch_snapshot_master buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2858 || SERVER-ORACLE sys.dbms_repcat_conf.add_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2859 || SERVER-ORACLE sys.dbms_repcat_conf.add_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2860 || SERVER-ORACLE sys.dbms_repcat_conf.add_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2861 || SERVER-ORACLE sys.dbms_repcat_conf.add_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2862 || SERVER-ORACLE sys.dbms_repcat_conf.add_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2863 || SERVER-ORACLE sys.dbms_repcat_conf.add_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2864 || SERVER-ORACLE sys.dbms_repcat_conf.add_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2865 || SERVER-ORACLE sys.dbms_repcat_conf.add_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2866 || SERVER-ORACLE sys.dbms_repcat_conf.add_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2867 || SERVER-ORACLE sys.dbms_repcat_conf.add_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2868 || SERVER-ORACLE sys.dbms_repcat_conf.add_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2869 || SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2870 || SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2871 || SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2872 || SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2873 || SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2874 || SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2875 || SERVER-ORACLE sys.dbms_repcat_conf.alter_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2876 || SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2877 || SERVER-ORACLE sys.dbms_repcat_conf.alter_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2878 || SERVER-ORACLE sys.dbms_repcat_conf.alter_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2879 || SERVER-ORACLE sys.dbms_repcat_conf.cancel_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2880 || SERVER-ORACLE sys.dbms_repcat_conf.comment_on_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2881 || SERVER-ORACLE sys.dbms_repcat_conf.comment_on_priority_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2882 || SERVER-ORACLE sys.dbms_repcat_conf.comment_on_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2883 || SERVER-ORACLE sys.dbms_repcat_conf.comment_on_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2884 || SERVER-ORACLE sys.dbms_repcat_conf.comment_on_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2885 || SERVER-ORACLE sys.dbms_repcat_conf.define_priority_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2886 || SERVER-ORACLE sys.dbms_repcat_conf.define_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2887 || SERVER-ORACLE sys.dbms_repcat_conf.drop_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2888 || SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2889 || SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2890 || SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2891 || SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2892 || SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2893 || SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2894 || SERVER-ORACLE sys.dbms_repcat_conf.drop_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2895 || SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2896 || SERVER-ORACLE sys.dbms_repcat_conf.drop_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2897 || SERVER-ORACLE sys.dbms_repcat_conf.drop_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2898 || SERVER-ORACLE sys.dbms_repcat_conf.drop_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2899 || SERVER-ORACLE sys.dbms_repcat_conf.drop_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2900 || SERVER-ORACLE sys.dbms_repcat_conf.purge_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2901 || SERVER-ORACLE sys.dbms_repcat_conf.register_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2902 || SERVER-ORACLE sys.dbms_repcat_sna.alter_snapshot_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2903 || SERVER-ORACLE sys.dbms_repcat_sna.create_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2904 || SERVER-ORACLE sys.dbms_repcat_sna.create_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2905 || SERVER-ORACLE sys.dbms_repcat_sna.create_snapshot_repschema buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2906 || SERVER-ORACLE sys.dbms_repcat_sna.drop_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2907 || SERVER-ORACLE sys.dbms_repcat_sna.drop_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2908 || SERVER-ORACLE sys.dbms_repcat_sna.drop_snapshot_repschema buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2909 || SERVER-ORACLE sys.dbms_repcat_sna.generate_snapshot_support buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2910 || SERVER-ORACLE sys.dbms_repcat_sna.refresh_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2911 || SERVER-ORACLE sys.dbms_repcat_sna.refresh_snapshot_repschema buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2912 || SERVER-ORACLE sys.dbms_repcat_sna.register_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2913 || SERVER-ORACLE sys.dbms_repcat_sna.repcat_import_check buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2914 || SERVER-ORACLE sys.dbms_repcat_sna.set_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2915 || SERVER-ORACLE sys.dbms_repcat_sna.switch_snapshot_master buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2916 || SERVER-ORACLE sys.dbms_repcat_sna.unregister_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2917 || SERVER-ORACLE sys.dbms_repcat_sna_utl.switch_snapshot_master buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2918 || SERVER-ORACLE sys.dbms_repcat_sna.validate_for_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2919 || SERVER-ORACLE sys.dbms_repcat_untrusted.register_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
2921 || PROTOCOL-DNS UDP inverse query || bugtraq,2321 || cve,2001-0012 || nessus,10605
2922 || PROTOCOL-DNS TCP inverse query || bugtraq,2321 || cve,2001-0012 || nessus,10605
2926 || SERVER-WEBAPP PhpGedView PGV base directory manipulation || bugtraq,9368 || cve,2004-0030
2927 || OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt || cve,2004-0574 || url,technet.microsoft.com/en-us/security/bulletin/MS04-036
2936 || OS-WINDOWS DCERPC NCACN-IP-TCP nddeapi NDdeSetTrustedShareW overflow attempt || bugtraq,11372 || cve,2004-0206 || url,technet.microsoft.com/en-us/security/bulletin/ms04-031
2942 || NETBIOS DCERPC NCACN-IP-TCP winreg InitiateSystemShutdown attempt || url,msdn.microsoft.com/library/default.asp?url=/library/en-us/shutdown/base/initiatesystemshutdown.asp
3000 || OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,technet.microsoft.com/en-us/security/bulletin/MS04-007
3001 || OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,technet.microsoft.com/en-us/security/bulletin/MS04-007
3002 || OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,technet.microsoft.com/en-us/security/bulletin/MS04-007
3003 || OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,technet.microsoft.com/en-us/security/bulletin/MS04-007
3004 || OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,technet.microsoft.com/en-us/security/bulletin/MS04-007
3005 || OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,technet.microsoft.com/en-us/security/bulletin/MS04-007
3006 || SERVER-OTHER Volition Freespace 2 buffer overflow attempt || bugtraq,9785
3007 || PROTOCOL-IMAP command overflow attempt || bugtraq,11675 || bugtraq,11775 || bugtraq,15006 || bugtraq,15753 || cve,2004-1211 || cve,2005-0707 || cve,2005-1520 || cve,2005-2923 || cve,2005-3155 || nessus,15771
3008 || PROTOCOL-IMAP delete literal overflow attempt || bugtraq,11675 || cve,2005-1520 || nessus,15771
3017 || OS-WINDOWS Microsoft Windows WINS overflow attempt || bugtraq,11763 || cve,2004-0567 || cve,2004-1080 || url,technet.microsoft.com/en-us/security/bulletin/MS04-045 || url,www.immunitysec.com/downloads/instantanea.pdf
3018 || NETBIOS SMB NT Trans NT CREATE oversized Security Descriptor attempt || cve,2004-1154
3019 || NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt || cve,2004-1154
3020 || NETBIOS SMB NT Trans NT CREATE unicode oversized Security Descriptor attempt || cve,2004-1154
3021 || NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt || cve,2004-1154
3022 || NETBIOS SMB-DS NT Trans NT CREATE oversized Security Descriptor attempt || cve,2004-1154
3023 || NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt || cve,2004-1154
3024 || NETBIOS SMB-DS NT Trans NT CREATE unicode oversized Security Descriptor attempt || cve,2004-1154
3025 || NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt || cve,2004-1154
3026 || NETBIOS SMB NT Trans NT CREATE SACL overflow attempt || cve,2004-1154
3027 || NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt || cve,2004-1154
3028 || NETBIOS SMB NT Trans NT CREATE unicode SACL overflow attempt || cve,2004-1154
3029 || NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt || cve,2004-1154
3030 || NETBIOS SMB-DS NT Trans NT CREATE SACL overflow attempt || cve,2004-1154
3031 || NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt || cve,2004-1154
3032 || NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt || cve,2004-1154
3033 || NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt || cve,2004-1154
3034 || NETBIOS SMB NT Trans NT CREATE DACL overflow attempt || cve,2004-1154
3035 || NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt || cve,2004-1154
3036 || NETBIOS SMB NT Trans NT CREATE unicode DACL overflow attempt || cve,2004-1154
3037 || NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt || cve,2004-1154
3038 || NETBIOS SMB-DS NT Trans NT CREATE DACL overflow attempt || cve,2004-1154
3039 || NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt || cve,2004-1154
3040 || NETBIOS SMB-DS NT Trans NT CREATE unicode DACL overflow attempt || cve,2004-1154
3041 || NETBIOS SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt || cve,2004-1154
3058 || PROTOCOL-IMAP copy literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
3061 || APP-DETECT distccd remote command execution attempt || url,distcc.samba.org/security.html
3062 || SERVER-WEBAPP NetScreen SA 5000 delhomepage.cgi access || bugtraq,9791 || cve,2004-0347
3065 || PROTOCOL-IMAP append literal overflow attempt || bugtraq,11775 || cve,2004-1211 || nessus,15867
3066 || PROTOCOL-IMAP append overflow attempt || bugtraq,11775 || bugtraq,21729 || cve,2004-1211 || cve,2006-6425 || nessus,15867
3067 || PROTOCOL-IMAP examine literal overflow attempt || bugtraq,11775 || cve,2004-1211 || nessus,15867
3069 || PROTOCOL-IMAP fetch literal overflow attempt || bugtraq,11775 || cve,2004-1211 || nessus,15867
3070 || PROTOCOL-IMAP fetch overflow attempt || bugtraq,11775 || cve,2004-1211 || nessus,15867
3071 || PROTOCOL-IMAP status literal overflow attempt || bugtraq,11775 || bugtraq,15491 || cve,2004-1211 || nessus,15867
3072 || PROTOCOL-IMAP status overflow attempt || bugtraq,11775 || bugtraq,13727 || bugtraq,14243 || bugtraq,15491 || cve,2004-1211 || cve,2005-1256 || cve,2005-2278 || cve,2005-3314 || nessus,15867
3073 || PROTOCOL-IMAP SUBSCRIBE literal overflow attempt || bugtraq,11775 || bugtraq,15488 || bugtraq,23050 || bugtraq,26219 || cve,2004-1211 || cve,2005-3189 || cve,2007-3510 || nessus,15867
3074 || PROTOCOL-IMAP SUBSCRIBE overflow attempt || bugtraq,11775 || bugtraq,15488 || bugtraq,23050 || bugtraq,26219 || cve,2004-1211 || cve,2005-3189 || cve,2007-1579 || cve,2007-3510 || nessus,15867
3075 || PROTOCOL-IMAP unsubscribe literal overflow attempt || bugtraq,11775 || cve,2004-1211 || nessus,15867
3076 || PROTOCOL-IMAP UNSUBSCRIBE overflow attempt || bugtraq,11775 || bugtraq,15488 || cve,2004-1211 || cve,2005-3189 || nessus,15867
3077 || PROTOCOL-FTP RNFR overflow attempt || bugtraq,14339
3078 || PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt || cve,2004-0574 || url,technet.microsoft.com/en-us/security/bulletin/MS04-036
3079 || BROWSER-IE Microsoft Internet Explorer ANI file parsing buffer overflow attempt || cve,2004-1049 || cve,2007-0038 || cve,2007-1765 || url,technet.microsoft.com/en-us/security/bulletin/MS05-002 || url,technet.microsoft.com/en-us/security/bulletin/MS07-017
3080 || SERVER-OTHER Unreal Tournament secure overflow attempt || bugtraq,10570 || cve,2004-0608
3084 || SERVER-OTHER Veritas backup overflow attempt || bugtraq,11974 || cve,2004-1172
3085 || SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt || bugtraq,10889 || cve,2004-0636 || url,osvdb.org/show/osvdb/8398
3086 || SERVER-WEBAPP 3Com 3CRADSL72 ADSL 11g Wireless Router app_sta.stm access attempt || bugtraq,11408 || cve,2004-1596
3087 || SERVER-IIS w3who.dll buffer overflow attempt || bugtraq,11820 || cve,2004-1134
3088 || FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt || bugtraq,11730 || cve,2004-1119 || nessus,15817
3089 || SERVER-OTHER squid WCCP I_SEE_YOU message overflow attempt || bugtraq,12275 || cve,2005-0095
3114 || OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt || bugtraq,12481 || cve,2005-0050 || url,technet.microsoft.com/en-us/security/bulletin/ms05-010
3130 || PUA-OTHER Microsoft MSN Messenger png overflow || bugtraq,10872 || cve,2004-0957 || url,technet.microsoft.com/en-us/security/bulletin/MS05-009
3131 || SERVER-WEBAPP mailman directory traversal attempt || cve,2005-0202
3132 || FILE-IMAGE Microsoft and libpng multiple products PNG large image width overflow attempt || bugtraq,11523 || cve,2004-0990 || cve,2004-1244 || cve,2007-5503 || url,sourceforge.net/p/png-mng/mailman/message/33173462/ || url,technet.microsoft.com/en-us/security/bulletin/MS05-009
3133 || FILE-IMAGE Microsoft Multiple Products PNG large image height download attempt || bugtraq,11481 || bugtraq,11523 || cve,2004-0599 || cve,2004-0990 || cve,2004-1244 || cve,2007-5503 || url,technet.microsoft.com/en-us/security/bulletin/MS05-009
3134 || FILE-IMAGE Microsoft PNG large colour depth download attempt || bugtraq,11523 || cve,2004-0990 || cve,2004-1244 || url,technet.microsoft.com/en-us/security/bulletin/MS05-009
3143 || OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 command response overflow attempt || bugtraq,12484 || cve,2005-0045 || url,technet.microsoft.com/en-us/security/bulletin/MS05-011
3144 || OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 response andx overflow attempt || bugtraq,12484 || cve,2005-0045 || url,technet.microsoft.com/en-us/security/bulletin/MS05-011
3145 || OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response overflow attempt || bugtraq,12484 || cve,2005-0045 || url,technet.microsoft.com/en-us/security/bulletin/MS05-011
3146 || OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt || bugtraq,12484 || cve,2005-0045 || url,technet.microsoft.com/en-us/security/bulletin/MS05-011
3147 || PROTOCOL-TELNET login buffer overflow attempt || bugtraq,3681 || cve,2001-0797 || nessus,10827
3148 || OS-WINDOWS Microsoft Windows HTML Help hhctrl.ocx clsid access attempt || bugtraq,11467 || bugtraq,4857 || bugtraq,5874 || cve,2002-0693 || cve,2002-0823 || cve,2004-1043 || url,technet.microsoft.com/en-us/security/bulletin/MS02-055 || url,technet.microsoft.com/en-us/security/bulletin/MS05-001 || url,www.ngssoftware.com/advisories/ms-winhlp.txt
3149 || BROWSER-IE Microsoft Internet Explorer 5/6 object type overflow attempt || cve,2003-0344 || url,technet.microsoft.com/en-us/security/bulletin/MS03-020
3150 || SERVER-IIS SQLXML content type overflow || bugtraq,5004 || cve,2002-0186 || nessus,11304 || url,technet.microsoft.com/en-us/security/bulletin/MS02-030 || url,www.westpoint.ltd.uk/advisories/wp-02-0007.txt
3151 || PROTOCOL-FINGER / execution attempt || cve,1999-0612 || cve,2000-0915
3152 || SQL sa brute force failed login attempt || bugtraq,4797 || cve,2000-1209 || nessus,10673
3153 || PROTOCOL-DNS TCP inverse query overflow || bugtraq,134 || cve,1999-0009
3154 || PROTOCOL-DNS UDP inverse query overflow || bugtraq,134 || cve,1999-0009
3158 || OS-WINDOWS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile attempt || cve,2003-0715 || url,technet.microsoft.com/en-us/security/bulletin/ms03-039
3159 || OS-WINDOWS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile attempt || cve,2003-0715 || url,technet.microsoft.com/en-us/security/bulletin/ms03-039
3171 || OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt || cve,2005-0059 || url,technet.microsoft.com/en-us/security/bulletin/MS05-017
3192 || OS-WINDOWS Microsoft Windows Media Player directory traversal via Content-Disposition attempt || bugtraq,7517 || cve,2003-0228 || nessus,11595 || url,technet.microsoft.com/en-us/security/bulletin/MS03-017
3193 || SERVER-IIS .cmd executable file parsing attack || bugtraq,1912 || cve,2000-0886
3194 || SERVER-IIS .bat executable file parsing attack || bugtraq,1912 || cve,2000-0886
3195 || OS-WINDOWS name query overflow attempt TCP || bugtraq,9624 || cve,2003-0825 || nessus,15912 || url,technet.microsoft.com/en-us/security/bulletin/ms04-006
3196 || OS-WINDOWS name query overflow attempt UDP || bugtraq,9624 || cve,2003-0825 || nessus,15912 || url,technet.microsoft.com/en-us/security/bulletin/ms04-006
3199 || OS-WINDOWS Microsoft Windows WINS name query overflow attempt TCP || bugtraq,9624 || cve,2003-0825 || nessus,15912 || url,technet.microsoft.com/en-us/security/bulletin/MS04-006
3200 || OS-WINDOWS Microsoft Windows WINS name query overflow attempt UDP || bugtraq,9624 || cve,2003-0825 || nessus,15912 || url,technet.microsoft.com/en-us/security/bulletin/MS04-006
3201 || SERVER-IIS httpodbc.dll access - nimda || bugtraq,2708 || cve,2001-0333
3218 || OS-WINDOWS DCERPC NCACN-IP-TCP winreg OpenKey overflow attempt || bugtraq,1331 || cve,2000-0377 || url,technet.microsoft.com/en-us/security/bulletin/ms00-040
3234 || OS-WINDOWS Messenger message little endian overflow attempt || bugtraq,8826 || cve,2003-0717
3235 || OS-WINDOWS Messenger message overflow attempt || bugtraq,8826 || cve,2003-0717
3238 || OS-WINDOWS DCERPC NCACN-IP-TCP irot IrotIsRunning/Revoke overflow attempt || bugtraq,6005 || cve,2002-1561 || url,technet.microsoft.com/en-us/security/bulletin/ms03-010
3239 || OS-WINDOWS DCERPC NCADG-IP-UDP irot IrotIsRunning/Revoke overflow attempt || bugtraq,6005 || cve,2002-1561 || url,technet.microsoft.com/en-us/security/bulletin/ms03-010
3273 || SQL sa brute force failed login unicode attempt || bugtraq,4797 || cve,2000-1209 || nessus,10673
3274 || PROTOCOL-TELNET login buffer non-evasive overflow attempt || bugtraq,3681 || cve,2001-0797 || nessus,10827
3397 || OS-WINDOWS DCERPC NCACN-IP-TCP ISystemActivator RemoteCreateInstance attempt || bugtraq,8205 || cve,2003-0352 || cve,2003-0715 || url,technet.microsoft.com/en-us/security/bulletin/MS03-026 || url,technet.microsoft.com/en-us/security/bulletin/MS03-039
3398 || OS-WINDOWS DCERPC NCADG-IP-UDP ISystemActivator RemoteCreateInstance attempt || bugtraq,8205 || cve,2003-0352 || cve,2003-0715 || url,technet.microsoft.com/en-us/security/bulletin/MS03-026 || url,technet.microsoft.com/en-us/security/bulletin/MS03-039
3409 || OS-WINDOWS DCERPC NCACN-IP-TCP IActivation remoteactivation overflow attempt || bugtraq,8205 || cve,2003-0352 || cve,2003-0528 || cve,2003-0715 || url,technet.microsoft.com/en-us/security/bulletin/MS03-026 || url,technet.microsoft.com/en-us/security/bulletin/MS03-039
3442 || OS-WINDOWS Microsoft Windows TCP print service overflow attempt || bugtraq,1082 || cve,2000-0232 || url,technet.microsoft.com/en-us/security/bulletin/MS00-021
3453 || SERVER-OTHER Arkeia client backup system info probe || bugtraq,12594 || cve,2005-0491
3454 || SERVER-OTHER Arkeia client backup generic info probe || bugtraq,12594 || cve,2005-0491
3455 || SERVER-OTHER Bontago Game Server Nickname buffer overflow || bugtraq,12603 || cve,2005-0501 || url,aluigi.altervista.org/adv/bontagobof-adv.txt
3457 || SERVER-OTHER Arkeia backup client type 77 overflow attempt || bugtraq,12594 || cve,2005-0491 || nessus,17158
3458 || SERVER-OTHER Arkeia backup client type 84 overflow attempt || bugtraq,12594 || cve,2005-0491
3459 || PUA-P2P Manolito Search Query || url,openlito.sourceforge.net || url,www.blubster.com
3460 || PROTOCOL-FTP REST with numeric argument || bugtraq,7825
3461 || SERVER-MAIL Content-Type overflow attempt || bugtraq,44732 || bugtraq,7419 || cve,2003-0113 || url,technet.microsoft.com/en-us/security/bulletin/MS03-015
3462 || BROWSER-IE Microsoft Internet Explorer Content-Encoding overflow attempt || bugtraq,7419 || cve,2003-0113 || url,technet.microsoft.com/en-us/security/bulletin/MS03-015
3463 || SERVER-WEBAPP awstats access || bugtraq,12572 || nessus,16456
3464 || SERVER-WEBAPP awstats.pl command execution attempt || bugtraq,12572 || nessus,16456
11968 || PROTOCOL-VOIP inbound INVITE message || url,www.ietf.org/rfc/rfc3261.txt
16368 || MALWARE-CNC Win.Trojan.Hydraq variant outbound connection || url,www.virustotal.com/analisis/9051f618a5a8253a003167e65ce1311fa91a8b70d438a384be48b02e73ba855c-1263878624
17904 || BLACKLIST URI request for known malicious URI - /tongji.js || url,snort.org/rule_docs/1-17904
19678 || SERVER-OTHER multiple products blacknurse ICMP denial of service attempt || cve,2011-1871 || url,soc.tdc.dk/blacknurse/blacknurse.pdf || url,technet.microsoft.com/en-us/security/bulletin/MS11-064 || url,technet.microsoft.com/en-us/security/bulletin/MS11-083
20080 || MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection || url,www.virustotal.com/file-scan/report.html?id=6fecd042c3c0b54e7354cd8dfb1975c626acd8df55f88c4149462e15e77918b0-1314630371 || url,www.virustotal.com/file-scan/report.html?id=705404d6bbf6dae254e2d3bc44eca239976be7f0dc4d49fe93b0fb1d1c2704fe-1314630371
20221 || MALWARE-CNC Win.Trojan.Injector variant outbound connection || url,www.virustotal.com/file-scan/report.html?id=2afb098dfea7d2acd73da520fe26d09acee1449c79d2c8753f3008a2a8f648b2-1303397086
21230 || MALWARE-CNC Win.Trojan.Betad variant outbound connection || url,www.virustotal.com/file-scan/report.html?id=46a87d0818ffd828df5c8fca63b1628f068e50cf3d20ec0e4e009e1dd547b9e9-1324042194
21246 || BLACKLIST User-Agent known malicious user-agent string DataCha0s || url,www.internetofficer.com/web-robot/datacha0s/
21255 || BLACKLIST known malicious FTP login banner - 0wns j0 || url,seclists.org/fulldisclosure/2004/Sep/895 || url,www.cyber-ta.org/releases/malware-analysis/public/SOURCES/CLUSTERS-NEW/behavior-summary.html
21256 || BLACKLIST known malicious FTP quit banner - Goodbye happy r00ting || url,taosecurity.blogspot.com/2006/01/nepenthes-discoveries-earlier-today-i.html
21257 || BLACKLIST URI - known scanner tool muieblackcat || url,serverfault.com/questions/309309/what-is-muieblackcat
21267 || POLICY-OTHER TRENDnet IP Camera anonymous access attempt || url,console-cowboys.blogspot.com/2012/01/trendnet-cameras-i-always-feel-like.html || url,www.trendnet.com/press/view.asp?id=1958 || url,www.wired.com/threatlevel/2012/02/home-cameras-exposed/
21327 || BLACKLIST User-Agent ASafaWeb Scan || url,asafaweb.com
21375 || SERVER-WEBAPP Remote Execution Backdoor Attempt Against Horde || cve,2012-0209 || url,dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155 || url,eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/ || url,pastebin.com/U3ADiWrP
21438 || EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet || cve,2006-0003 || cve,2007-5659 || cve,2008-0655 || cve,2008-2992 || cve,2009-0927 || cve,2010-1885 || cve,2011-0559 || cve,2011-2110 || cve,2011-3544 || cve,2012-0188 || cve,2012-0507 || cve,2012-1723 || cve,2012-1889 || cve,2012-4681 || url,community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.aspx
21442 || MALWARE-CNC URI request for known malicious URI - base64 encoded || url,www.damballa.com/tdl4/
21444 || MALWARE-CNC Win.Trojan.TDSS variant outbound connection || url,about-threats.trendmicro.com/Malware.aspx?language=apac&name=TDSS || url,www.virustotal.com/file/75e8b49e1d316f28363cccb697cfd2ebca3122dba3dba321dba6391b49fc757e/analysis/
21492 || EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch || cve,2006-0003 || cve,2007-5659 || cve,2008-0655 || cve,2008-2992 || cve,2009-0927 || cve,2010-1885 || cve,2011-0559 || cve,2011-2110 || cve,2011-3544 || cve,2012-0188 || cve,2012-0507 || cve,2012-1723 || cve,2012-1889 || cve,2012-4681 || url,community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.aspx
21562 || MALWARE-CNC Win.Trojan.Bredolab variant outbound connection || url,www.virustotal.com/file/9384733182a6cbe5236b9b253d1f070570b7f6b6ff31aa86be253421f4c5c645/analysis/
21646 || EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch || cve,2006-0003 || cve,2007-5659 || cve,2008-0655 || cve,2008-2992 || cve,2009-0927 || cve,2010-1885 || cve,2011-0559 || cve,2011-2110 || cve,2011-3544 || cve,2012-0188 || cve,2012-0507 || cve,2012-1723 || cve,2012-1889 || cve,2012-4681 || url,community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.aspx
21845 || MALWARE-OTHER TDS Sutra - redirect received || url,wepawet.iseclab.org/view.php?hash=822b95927fd4d8bb6eb2e62f4e1ef645&t=1243359208&type=js || url,www.nartv.org/tag/tds/ || url,xylibox.blogspot.com/2011/12/sutra-tds-v34.html
21846 || MALWARE-CNC TDS Sutra - request in.cgi || url,wepawet.iseclab.org/view.php?hash=822b95927fd4d8bb6eb2e62f4e1ef645&t=1243359208&type=js || url,www.nartv.org/tag/tds/ || url,xylibox.blogspot.com/2011/12/sutra-tds-v34.html
21848 || MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS || url,wepawet.iseclab.org/view.php?hash=822b95927fd4d8bb6eb2e62f4e1ef645&t=1243359208&type=js || url,www.nartv.org/tag/tds/ || url,xylibox.blogspot.com/2011/12/sutra-tds-v34.html
21849 || MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS || url,wepawet.iseclab.org/view.php?hash=822b95927fd4d8bb6eb2e62f4e1ef645&t=1243359208&type=js || url,www.nartv.org/tag/tds/ || url,xylibox.blogspot.com/2011/12/sutra-tds-v34.html
21850 || MALWARE-OTHER TDS Sutra - request hi.cgi || url,wepawet.iseclab.org/view.php?hash=822b95927fd4d8bb6eb2e62f4e1ef645&t=1243359208&type=js || url,www.nartv.org/tag/tds/ || url,xylibox.blogspot.com/2011/12/sutra-tds-v34.html
21851 || MALWARE-OTHER TDS Sutra - redirect received || url,wepawet.iseclab.org/view.php?hash=822b95927fd4d8bb6eb2e62f4e1ef645&t=1243359208&type=js || url,www.nartv.org/tag/tds/ || url,xylibox.blogspot.com/2011/12/sutra-tds-v34.html
22063 || SERVER-WEBAPP PHP-CGI remote file include attempt || cve,2012-1823 || cve,2012-2311 || cve,2012-2335 || cve,2012-2336
22958 || BLACKLIST DNS request for known malware domain slade.safehousenumber.com - Mal/Rimecud-R || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Rimecud-R/detailed-analysis.aspx
22960 || BLACKLIST DNS request for known malware domain portal.roomshowerbord.com - Mal/EncPk-ADU || url,www.threatexpert.com/report.aspx?md5=d3d6f87d8f8e3dd5c2793d5a1d3ca7ca
23492 || MALWARE-CNC Win.Trojan.ZeroAccess outbound connection || url,www.virustotal.com/file/50cdd9f6c5629630c8d8a3a4fe7d929d3c6463b2f9407d9a90703047e7db7ff9/analysis/
23621 || INDICATOR-OBFUSCATION known packer routine with secondary obfuscation || url,dean.edwards.name/packer/
23636 || INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder || url,snort.org/rule_docs/1-23636
24015 || MALWARE-CNC Win.Trojan.Magania variant outbound connection || url,www.seculert.com/blog/2013/06/adversary-arsenal-exposed-part-i-pinkstats.html || url,www.virustotal.com/file/6a813f96bb65367a8b5c5ba2937c773785a0a0299032a6c77b9b0862be8bdb71/analysis/
24017 || MALWARE-OTHER Possible malicious redirect - rebots.php || url,blog.sucuri.net/2012/08/rebots-php-javascript-malware-being-actively-injected.html || url,labs.sucuri.net/db/malware/mwjs-include-rebots
24031 || BLACKLIST DNS request for known malware domain api.wipmania.com - Troj.Dorkbot-AO || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Dorkbot-AO/detailed-analysis.aspx
24032 || BLACKLIST DNS request for known malware domain lolcantpwnme.net - W32.DorkBot-S || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~DorkBot-S/detailed-analysis.aspx
24033 || BLACKLIST DNS request for known malware domain rewt.ru - W32.DorkBot-S || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~DorkBot-S/detailed-analysis.aspx
24034 || BLACKLIST DNS request for known malware domain jebena.ananikolic.su - Malware.HPsus/Palevo-B || url,www.sophos.com/en-us/threat-center/threat-analyses/suspicious-behavior-and-files/HPsus~Palevo-B/detailed-analysis.aspx
24225 || MALWARE-OTHER malicious redirection attempt || url,blog.sucuri.net/2012/09/compromised-websites-hosting-calls-to-java-exploit.html
24251 || OS-MOBILE Android/Fakelash.A!tr.spy trojan command and control channel traffic || url,blog.fortiguard.com/android-malware-distributed-by-malicious-sms-in-france/
24265 || MALWARE-OTHER Malicious UA detected on non-standard port || url,anubis.iseclab.org/?action=result&task_id=1691c3b8835221fa4692960681f39c736&format=html
24598 || POLICY-SPAM 1.usa.gov URL in email, possible spam redirect || url,www.symantec.com/connect/blogs/spam-gov-urls
24885 || MALWARE-CNC Potential Banking Trojan Config File Download || url,www.virustotal.com/file/2418469245edf860633f791b972e1a8a11e5744c6deb0cc1a55531cba3d0bd7f/analysis/
24886 || MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection || url,www.virustotal.com/file/c425af6875dff2c0627421086f66b7e058f51d22939478529702d193837c6cfe/analysis/
25119 || BLACKLIST User-Agent known malicious user agent - NewBrandTest || url,www.virustotal.com/file/02b18d0aa415e299515891b56424751e846ca917d3bb55b82f07cfb97f62c4e1/analysis/
25257 || MALWARE-CNC Win.Trojan.Skintrim variant outbound connection || url,www.virustotal.com/file/80e67695fa394f56fd6ddae74b72e9050f651244aad52ad48ebe6304edff95e2/analysis/1357239259/
25258 || MALWARE-CNC Win.Trojan.Rombrast variant outbound connection || url,www.virustotal.com/file/af1ffe831112cbb34866fe1a65ed18613578039b002ca221757b791a5006894d/analysis/
25259 || MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection || url,www.virustotal.com/file/098fa9dbc519669a50fc6f3cdc8d9e4b05a6f0c32d154f515e403b54d72efff6/analysis/1357138873/
25269 || MALWARE-CNC Win.Trojan.Buterat variant outbound connection || url,www.virustotal.com/file/90fb793d1fd7245b841ca4b195e3944a991d97d854090729062d700fe74553e5/analysis/
25277 || MALWARE-OTHER Request for a non-legit postal receipt || url,urlquery.net/search.php?q=.php%3Fphp%3Dreceipt&type=string
25358 || APP-DETECT Acunetix web vulnerability scan attempt || url,www.acunetix.com
25359 || APP-DETECT Acunetix web vulnerability scanner probe attempt || url,www.acunetix.com
25360 || APP-DETECT Acunetix web vulnerability scanner authentication attempt || url,www.acunetix.com
25361 || APP-DETECT Acunetix web vulnerability scanner RFI attempt || url,www.acunetix.com
25362 || APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt || url,www.acunetix.com
25363 || APP-DETECT Acunetix web vulnerability scanner URI injection attempt || url,www.acunetix.com
25364 || APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt || url,www.acunetix.com
25365 || APP-DETECT Acunetix web vulnerability scanner XSS attempt || url,www.acunetix.com
25471 || MALWARE-CNC Pushdo Spiral Traffic || url,updates.atomicorp.com/channels/rules/delayed/modsec/10_asl_antimalware.conf
25503 || MALWARE-CNC Necurs Rootkit sba.cgi || url,www.virustotal.com/file/b1e6f0cad0ae5c60e9e4fa18fd3b4a045d6db172c10a1c8e054e22d1aff4c673/analysis/
25504 || MALWARE-CNC Necurs Rootkit op.cgi || url,www.virustotal.com/file/b1e6f0cad0ae5c60e9e4fa18fd3b4a045d6db172c10a1c8e054e22d1aff4c673/analysis/
25511 || MALWARE-CNC Win.Trojan.Symmi variant outbound connection || url,www.virustotal.com/file/f4c44b5331c30b62beacae5d343d591584715c2d9d6d65848216b61efd916ec1/analysis/
25577 || MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST || url,www.virustotal.com/file/98fb9778208cb74c11a71afd065ae64e562ded1ae477ad42e392fe3711170319/analysis/
25578 || MALWARE-OTHER Fake postal receipt HTTP Response phishing attack || url,www.urlquery.net/search.php?q=receipt&type=string&start=2013-01-03&end=2013-01-18&max=50
25579 || MALWARE-OTHER Fake bookinginfo HTTP Response phishing attack || url,www.urlquery.net/search.php?q=receipt&type=string&start=2013-01-03&end=2013-01-18&max=50
25580 || MALWARE-OTHER Fake bookingdetails HTTP Response phishing attack || url,www.urlquery.net/search.php?q=receipt&type=string&start=2013-01-03&end=2013-01-18&max=50
25627 || MALWARE-CNC Win.Trojan.Reventon variant outbound connection || url,www.virustotal.com/file/25c690dac0d17f9ba304e5e68c1da2381685b1aa0aa3cd503589bbc59daf81eb/analysis/
25652 || MALWARE-CNC Win.Trojan.Kryptic variant outbound connection || url,www.virustotal.com/file/3ff78086c2e0fb839beeea7e4a209850c00f338005872e845155341cc30a5db5/analysis/
25660 || MALWARE-CNC Win.Trojan.Medfos variant outbound connection
25675 || MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection || url,www.virustotal.com/file/c49f7dbc036ad0a86df02cbbde00cb3b3fbd651d82f6c9c5a98170644374f64f/analysis/
25765 || MALWARE-CNC Trojan Agent YEH variant outbound connection || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-YEH/detailed-analysis.aspx
25766 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fBancos
25807 || MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection || url,www.botnets.fr/index.php/Urausy
25829 || MALWARE-CNC Trojan Banker FTC variant outbound connection || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Banker-FTC/detailed-analysis.aspx
25854 || MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie || url,en.wikipedia.org/wiki/Zeus_(Trojan_horse)
25947 || APP-DETECT Ammyy remote access tool || url,www.ammyy.com
25949 || MALWARE-CNC GzWaaa outbound data connection || url,www.virustotal.com/en/file/04edf40eaf652dfab4e8dc2ca21fbf2e99d361746995767071789cc3fa24d2cc/analysis/1361822708/
26020 || EXPLOIT-KIT Sibhost exploit kit || url,www.malwaresigs.com/2013/02/26/sport-cd-am-sibhost
26023 || MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection || url,zeustracker.abuse.ch/monitor.php?ipaddress=195.22.26.231
26024 || MALWARE-CNC Win.Trojan.Wecod variant outbound connection || url,www.virustotal.com/en/file/22e0300501e6bbb7f46c2fb5aed12e4c0d23385cc6319d430cd4faed5241f362/analysis/
26075 || MALWARE-CNC Bancos variant outbound connection SQL query POST data || url,www.virustotal.com/en/file/88efcb549a52e3fb6359a3888e72726aac00c730edcd5280e0248d11306a645d/analysis/
26203 || MALWARE-CNC Win.Trojan.Gupd variant outbound connection || url,www.virustotal.com/en/file/0DD9018A9AF609382FABDA8E4EC86033DA83E42FEC25499C329DBDCBB00F2AF0/analysis/
26211 || MALWARE-CNC Win.Trojan.Eldorado variant outbound connection || url,www.virustotal.com/en/file/46b01e093493ff14a4f1a43905d4943f5559fb518c04edde46084d9672d0f20f/analysis/1363359002/
26261 || MALWARE-OTHER Fake postal receipt HTTP Response phishing attack || url,www.urlquery.net/search.php?q=receipt&type=string&start=2013-01-03&end=2013-01-18&max=50
26264 || MALWARE-CNC Dapato banking Trojan variant outbound connection || url,www.virustotal.com/en/file/ebcff32473d032041bd69e9599fbff4ad295128003f76d1f452ba7cb6e2d20d4/analysis/1364314446/
26286 || APP-DETECT Absolute Software Computrace outbound connection - search.dnssearch.org || url,absolute.com/support/consumer/technology_computrace || url,www.blackhat.com/presentations/bh-usa-09/ORTEGA/BHUSA09-Ortega-DeactivateRootkit-PAPER.pdf
26287 || APP-DETECT Absolute Software Computrace outbound connection - search.namequery.com || url,absolute.com/support/consumer/technology_computrace || url,www.blackhat.com/presentations/bh-usa-09/ORTEGA/BHUSA09-Ortega-DeactivateRootkit-PAPER.pdf
26288 || MALWARE-CNC Brontok Worm variant outbound connection || url,www.securelist.com/en/descriptions/10286064/Email-Worm.Win32.Brontok.rf?print_mode=1
26289 || MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port || url,www.virustotal.com/file/f810c56734a686fdf46eb3ff895db6f3dd0cebb45c1e74bcc1c43f8050242d53/analysis/1359999907/
26319 || MALWARE-CNC file path used as User-Agent - potential Trojan || url,www.virustotal.com/en/file/5dd932e083cf9d910bc43bb998983f5ec35691c1b84708a355f7c46b358fa375/analysis/
26325 || MALWARE-CNC Win.Trojan.Scar variant outbound connection || url,www.virustotal.com/en/file/171a0b12197c1b1b525e2db1a62adb6f6c3f42ccb5704c8174944ee8b901abec/analysis/
26370 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt || url,www.virustotal.com/en/file/d8870137f7f761055a2ac83b03eb3f8fe26015fa0ba99f41551ca59374c6a3ec/analysis/1365436849/
26371 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST || url,www.virustotal.com/en/file/d8870137f7f761055a2ac83b03eb3f8fe26015fa0ba99f41551ca59374c6a3ec/analysis/1365436849/
26395 || APP-DETECT Ufasoft bitcoin miner possible data upload || url,ufasoft.com/open/bitcoin/
26398 || MALWARE-CNC Win.Trojan.Gamarue variant outbound connection || url,www.virustotal.com/en/file/b34f23afc2f6ca093b2923f0aa12d942a5960cf48475272df5b60edf556e4299/analysis/
26467 || MALWARE-CNC Win.Trojan.Magic variant inbound connection || url,www.seculert.com/blog/2013/04/magic-persistent-threat.html
26468 || SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt || cve,2013-1509 || url,www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
26469 || SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt || cve,2013-1509 || url,www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
26470 || MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download || url,www.virustotal.com/en/file/2eff3ee6ac7f5bf85e4ebcbe51974d0708cef666581ef1385c628233614b22c0/analysis/
26482 || MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C || url,support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=95.57.120.111
26483 || SERVER-WEBAPP JavaScript tag in User-Agent field possible XSS attempt || url,blog.spiderlabs.com/2012/11/honeypot-alert-referer-field-xss-attacks.html
26522 || BLACKLIST User-Agent known malicious user agent NOKIAN95/WEB || url,blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-campaign-hides-behind-ssl-communication/
26526 || EXPLOIT-KIT Portable Executable downloaded with bad DOS stub || cve,2013-2423 || url,www.invincea.com/2013/04/k-i-a-java-cve-2013-2423-via-new-and-improved-cool-ek/
26528 || INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirect attempt || url,blog.sucuri.net/2013/04/apache-binary-backdoors-on-cpanel-based-servers.html || url,virustotal.com/en/file/7b3cd8c1bd0249df458084f28d91648ad14e1baf455fdd53b174481d540070c6/analysis/
26558 || BLACKLIST User-Agent known Malicious user agent Brutus AET || url,sectools.org/tool/brutus
26560 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data || url,www.virustotal.com/en/file/a8f162a9c7347e485db374664227884b16112e2983923d0888c8b80661f25e44/analysis/1367267173/
26563 || MALWARE-CNC Harakit botnet traffic || url,www.symantec.com/security_response/attacksignatures/detail.jsp?asid=23239 || url,www.virustotal.com/en/file/3df72fe102fddc74de2da518ea16948bd2c8c0e910c28c4358367e10723ba21f/analysis/
26576 || MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt || url,blog.avast.com/2013/05/03/regents-of-louisiana-spreading-sirefef-malware
26577 || BLACKLIST User-Agent known malicious user agent Opera 10 || url,blog.avast.com/2013/05/03/regents-of-louisiana-spreading-s irefef-malware || url,dev.opera.com/articles/view/opera-ua-string-changes
26578 || MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent || url,www.virustotal.com/en/file/b288d6eadc9d4bca710f73e850a0901cf5fe62c775350c9a30ebaf9a05097a0f/analysis/1367713929/
26579 || MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent || url,www.virustotal.com/en/file/b288d6eadc9d4bca710f73e850a0901cf5fe62c775350c9a30ebaf9a05097a0f/analysis/1367713929/
26583 || BLACKLIST DNS request for known malware domain msnsolution.nicaze.net - Genome Trojan || url,camas.comodo.com/cgi-bin/submit?file=f48652bff483682938b8c281d32f8f3df424018270900956d30658e1dcec4b44 || url,www.virustotal.com/en/file/f48652bff483682938b8c281d32f8f3df424018270900956d30658e1dcec4b44/analysis/1367863560/
26585 || INDICATOR-COMPROMISE config.inc.php in iframe || url,blog.sucuri.net/2013/05/auto-generated-iframes-to-blackhole-exploit-kit-following-the-cookie-trail.html
26589 || BLACKLIST DNS request for known malware domain theimageparlour.net - Vobfus worm || url,www.virustotal.com/en/file/cbee43ecc75d6f29061416add74a78ce5e36c67b85e186d66338399305e594d4/analysis/
26613 || MALWARE-CNC Medfos Trojan variant outbound connection || url,www.virustotal.com/en/file/5bad5a2e4497f866291813aed264b5dc3c9fad4e56796306842c7b50b553ae11/analysis/
26655 || MALWARE-BACKDOOR Win.Backdoor.PCRat data upload || url,www.virustotal.com/en/file/669DF9DED24D56997D7B1EA6249BB704226DADA09230DC285AE66CA0C9B7247B/analysis/
26656 || MALWARE-CNC Win.Trojan.Travnet Botnet data upload || url,www.virustotal.com/en/file/F7E9A1A4FC4766ABD799B517AD70CD5FA234C8ACC10D96CA51ECF9CF227B94E8/analysis/
26657 || MALWARE-CNC Win.Trojan.Shiz variant outbound connection || url,camas.comodo.com/cgi-bin/submit?file=58963fd6a567513990ec6be52dc036bc5b728bb6528fca61227b22681ac838e6 || url,www.virustotal.com/en/file/58963fd6a567513990ec6be52dc036bc5b728bb6528fca61227b22681ac838e6/analysis/1368563326/
26658 || BROWSER-WEBKIT Possible Google Chrome Plugin install from non-trusted source || url,blogs.technet.com/b/mmpc/archive/2013/05/10/browser-extension-hijacks-facebook-profiles.aspx
26659 || BROWSER-FIREFOX Possible Mozilla Firefox Plugin install from non-Mozilla source || url,research.zscaler.com/2012/09/how-to-install-silently-malicious.html
26696 || MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers || url,malware.dontneedcoffee.com/2013/02/cbeplayp-now-target-australia-and-moved.html
26697 || MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body || url,malware.dontneedcoffee.com/2013/02/cbeplayp-now-target-australia-and-moved.html
26698 || MALWARE-OTHER Compromised Website response - leads to Exploit Kit || url,www.jsunpack.jeek.org/?report=c94ca7cda909cf93ae95db22a27bb5d711c2ae8f
26712 || MALWARE-CNC Kazy Trojan check-in || url,camas.comodo.com/cgi-bin/submit?file=6d823488b26533f5151c3bab93c2a8ba832c9320e612d58d1134740abe3ca157
26713 || MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26714 || MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26715 || MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26718 || BLACKLIST DNS request for known malware domain - Backdoor Rbot || url,www.virustotal.com/en/file/bee6e4bb1aba3934388948b48c59068fac3bf467ea9bde8d043ee6481a4d8431/analysis/1369236935/
26719 || MALWARE-CNC Win.Trojan.Kbot variant outbound connection || url,blog.avast.com/2013/05/22/grum-lives/
26720 || MALWARE-CNC Win.Trojan.Kbot variant outbound connection || url,blog.avast.com/2013/05/22/grum-lives/
26723 || MALWARE-CNC Trojan Downloader7 || url,www.drwebhk.com/en/virus_techinfo/Trojan.DownLoader7.25647.html
26725 || MALWARE-CNC Win.Trojan.BlackRev cnc http command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26726 || MALWARE-CNC Win.Trojan.BlackRev cnc stop command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26727 || MALWARE-CNC Win.Trojan.BlackRev cnc die command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26728 || MALWARE-CNC Win.Trojan.BlackRev cnc sleep command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26729 || MALWARE-CNC Win.Trojan.BlackRev cnc simple command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26730 || MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26731 || MALWARE-CNC Win.Trojan.BlackRev cnc datapost command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26732 || MALWARE-CNC Win.Trojan.BlackRev cnc syn command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26733 || MALWARE-CNC Win.Trojan.BlackRev cnc udp command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26734 || MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26735 || MALWARE-CNC Win.Trojan.BlackRev cnc data command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26736 || MALWARE-CNC Win.Trojan.BlackRev cnc icmp command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26737 || MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26738 || MALWARE-CNC Win.Trojan.BlackRev cnc dataget command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26739 || MALWARE-CNC Win.Trojan.BlackRev cnc connect command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26740 || MALWARE-CNC Win.Trojan.BlackRev cnc dns command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26741 || MALWARE-CNC Win.Trojan.BlackRev cnc exec command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26742 || MALWARE-CNC Win.Trojan.BlackRev cnc resolve command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26743 || MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26744 || MALWARE-CNC Win.Trojan.BlackRev cnc range command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26745 || MALWARE-CNC Win.Trojan.BlackRev cnc ftp command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26746 || MALWARE-CNC Win.Trojan.BlackRev cnc download command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26747 || MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26748 || MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26749 || MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26750 || MALWARE-CNC Win.Trojan.BlackRev cnc full command || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi
26774 || MALWARE-CNC Win.Worm.Luder variant outbound connection || url,www.virustotal.com/en/file/6077fd6cbb44c78a16d66fedb10492c7776127dc76ee071b051970971212bae8/analysis/
26775 || MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure || url,www.virustotal.com/en/file/c157a06965bf9edc101350c6122d108ccb1d99600cbb6967ef41dfed255f2009/analysis/
26776 || MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST || url,www.virustotal.com/en/file/c157a06965bf9edc101350c6122d108ccb1d99600cbb6967ef41dfed255f2009/analysis/
26779 || MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in || url,www.virustotal.com/en/file/843ffd922b9bd902d736ddb664b578cde6e3033fa5a14b862b09045c36aa7524/analysis/1369942427/
26780 || MALWARE-CNC cridex HTTP Response - default0.js || url,www.virustotal.com/en/file/843ffd922b9bd902d736ddb664b578cde6e3033fa5a14b862b09045c36aa7524/analysis/1369942427/
26781 || BLACKLIST DNS request for known malware domain vseforyou.ru - Cridex Trojan || url,www.virustotal.com/en/file/843ffd922b9bd902d736ddb664b578cde6e3033fa5a14b862b09045c36aa7524/analysis/1369942427/
26811 || MALWARE-CNC XP Fake Antivirus Payment Page Request || url,camas.comodo.com/cgi-bin/submit?file=cf3eff5320b0c8d41490e412e89b97559bf34fcde8f9934e5fb7c76467a679d8
26812 || MALWARE-CNC XP Fake Antivirus Check-in || url,camas.comodo.com/cgi-bin/submit?file=cf3eff5320b0c8d41490e412e89b97559bf34fcde8f9934e5fb7c76467a679d8
26834 || EXPLOIT-KIT Sweet Orange exploit kit landing page in.php base64 uri || cve,2010-0188 || cve,2012-0422 || cve,2012-0431 || cve,2012-0607 || cve,2012-1723 || cve,2012-4681 || cve,2012-5076 || cve,2013-2423
26835 || MALWARE-CNC RDN Banker POST variant outbound connection || url,www.virustotal.com/en/file/1a23f27b046af92b7dd2c4a8f8349c9fd9582ad91b5a61556470c58b15af3b26/analysis/1369251144/
26836 || MALWARE-CNC RDN Banker Strange Google Traffic || url,www.virustotal.com/en/file/1a23f27b046af92b7dd2c4a8f8349c9fd9582ad91b5a61556470c58b15af3b26/analysis/1369251144/
26911 || MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection || url,www.virustotal.com/en/file/deac0b06fb36e38520b002489dae6fff3d346e72d331c3889e9d2764fe2bcf14/analysis/
26912 || MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection || url,www.virustotal.com/en/file/deac0b06fb36e38520b002489dae6fff3d346e72d331c3889e9d2764fe2bcf14/analysis/
26914 || BLACKLIST DNS request for known malware domain goliyonzo.pw - BackDoor Comet || url,mwanalysis.org/?page=report&analysisid=2156196&password=gtrcgbtwhh || url,www.virustotal.com/en/file/b2e7148311c223519042ba38e1ef8a48061645d5bdcadf9763386ad92fcc2654/analysis/
26915 || BLACKLIST DNS request for known malware domain zalil.ru - Kazy Trojan || url,mwanalysis.org/?page=report&analysisid=2156195&password=ykndnbluja || url,www.virustotal.com/en/file/22ecaeec7bf54ac3bb8deecd092447c8d62e8e4a928dcaada0348b08db2d1f94/analysis/
26917 || BLACKLIST DNS request for known malware domain bigmack.opendns.be - Palevo Botnet || url,www.mywot.com/en/scorecard/bigmack.opendns.be?page=3
26918 || BLACKLIST DNS request for known malware domain trafficconverter.biz - ChronoPay || url,krebsonsecurity.com/2011/03/chronopays-scareware-diaries/#more-8331
26920 || BLACKLIST DNS request for known malware domain kukutrustnet777.info - W32.Sality || url,www.threatexpert.com/report.aspx?md5=7abf56a5fbced892d2bdbe1fcbff233a
26925 || SQL generic convert injection attempt - GET parameter || url,www.securiteam.com/securityreviews/5DP0N1P76E.html
26947 || EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download || cve,2013-2423 || url,www.basemont.com/new_exploit_kit_june_2013
26948 || EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download || cve,2013-1493 || url,www.basemont.com/new_exploit_kit_june_2013
26949 || EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit landing page || url,www.basemont.com/new_exploit_kit_june_2013
26951 || EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit Malvertising Campaign URI request || url,research.zscaler.com/2013/06/openxadvertisingcom-mass-malvertising.html
26965 || MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 || url,blog.avast.com/2013/06/18/your-facebook-connection-is-now-secured
26966 || MALWARE-CNC Win32/Autorun.JN variant outbound connection || url,www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FAutorun.JN || url,www.virustotal.com/en/file/36144738373c665d262bc007fceaeb9613e59ec29ea3d7424dd9f400af2c0f06/analysis/
26968 || MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data || url,www.virustotal.com/en/file/b78c5c53d3b54acbca2b344a779528f0408258b6ac12899c860d99bf563e883a/analysis/
26969 || MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL || url,www.virustotal.com/en/file/b78c5c53d3b54acbca2b344a779528f0408258b6ac12899c860d99bf563e883a/analysis/
26970 || MALWARE-CNC Win.Trojan.Pirminay variant outbound connection || url,www.virustotal.com/en/file/97f97c2126ed6ffc447a5f8c72d504679129a38f8a62e4678321f9a8057c3307/analysis/
26984 || MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection || url,www.virustotal.com/en/file/4BAF26D033E17F0171AB27291649EEAE19EE33BD0246F17BC921E3ADB7F36F42/analysis/
27017 || MALWARE-CNC Win.Trojan.Dapato variant inbound response connection || url,www.virustotal.com/en/file/111ffe389dc8fa802b8aff3b4e02a2f59d1b6492763f9dc5a20a84f4da46932a/analysis/
27039 || MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection || url,image.ahnlab.com/global/upload/download/asecreport/ASEC_Report_Vol.39_Eng.pdf
27040 || EXPLOIT-KIT Styx exploit kit plugin detection connection jorg || cve,2007-5659 || cve,2008-0655 || cve,2011-3544 || cve,2012-0507 || cve,2012-1723 || cve,2012-4681 || cve,2012-4969 || cve,2013-0422 || cve,2013-2423
27041 || EXPLOIT-KIT Styx exploit kit plugin detection connection jlnp || cve,2007-5659 || cve,2008-0655 || cve,2011-3544 || cve,2012-0507 || cve,2012-1723 || cve,2012-4681 || cve,2012-4969 || cve,2013-0422 || cve,2013-2423
27042 || EXPLOIT-KIT Styx exploit kit plugin detection connection jovf || cve,2007-5659 || cve,2008-0655 || cve,2011-3544 || cve,2012-0507 || cve,2012-1723 || cve,2012-4681 || cve,2012-4969 || cve,2013-0422 || cve,2013-2423
27044 || BLACKLIST User-Agent known malicious user-agent string pb - Htbot || url,malwr.com/analysis/MTNlMDg4ZTQwZjU2NDUxM2EwZDNlYzllNjZkMjRkNDI/ || url,www.virustotal.com/en/file/36802c72d1d5addc87d16688dcb37b680fd48f832fa7b93c15cf4f426aa3f0a7/analysis/
27045 || MALWARE-CNC Win.Trojan.Blocker Download || url,www.virustotal.com/en/file/6d4d93f68aaf783a2526d920fa3c070d061fd56853669a72a10b2c2232008582/analysis/1372086855/
27113 || EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit Zeroaccess download attempt || cve,2013-1493 || cve,2013-2423 || url,www.basemont.com/new_exploit_kit_june_2013 || url,www.malwaresigs.com/2013/06/14/dotcachef/
27144 || EXPLOIT-KIT Private exploit kit outbound traffic || cve,2006-0003 || cve,2010-0188 || cve,2011-3544 || cve,2013-1347 || cve,2013-1493 || cve,2013-2423 || url,malwageddon.blogspot.com/2013/07/unknown-ek-well-hey-hey-i-wanna-be.html || url,malware.dontneedcoffee.com/2013/07/pep-new-bep.html || url,www.malwaresigs.com/2013/07/03/another-unknown-ek
27146 || BLACKLIST DNS request for known malware domain scari-elegante.ro - Yakes Trojan || url,www.virustotal.com/en/file/980c4ed3dd130c9313a35434e0b102a6b8b038c98735814834334ccc03e4da3c/analysis/
27180 || BLACKLIST DNS request for known malware domain twinkcam.net - W32/Kryptik || url,threatpost.com/nsa-whistleblower-article-redirects-to-malware || url,www.virustotal.com/en/file/5d7b09613c03cb3b54b9ab7a886558bba38861a899638f4318c09eaa56401821/analysis/1373466967/
27181 || BLACKLIST DNS request for known malware domain cinnamyn.com - W32/Kryptik || url,threatpost.com/nsa-whistleblower-article-redirects-to-malware || url,www.virustotal.com/en/file/5d7b09613c03cb3b54b9ab7a886558bba38861a899638f4318c09eaa56401821/analysis/1373466967/
27199 || MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request || url,www.virustotal.com/en/file/dfb0050cb7fd6c879027cbecda703613b8d9fb2b2a5682478dbcd0518172302c/analysis/1373576492/
27200 || MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request || url,www.virustotal.com/en/file/dfb0050cb7fd6c879027cbecda703613b8d9fb2b2a5682478dbcd0518172302c/analysis/1373576492/
27203 || INDICATOR-COMPROMISE Apache auto_prepend_file a.control.bin C2 traffic || url,blog.sucuri.net/2013/06/apache-php-injection-to-javascript-files.html
27246 || MALWARE-OTHER Mac OSX FBI ransomware || url,blog.malwarebytes.org/intelligence/2013/07/fbi-ransomware-now-targeting-apples-mac-os-x-users/
27247 || BLACKLIST DNS request for known malware domain restless.su - Gamarue Trojan || url,www.virustotal.com/en/file/03103b40b95070e4d14803e949dc754ca02bcea25e8b3a4194f7d248f15ca515/analysis/
27248 || MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent || url,www.virustotal.com/en/file/03103b40b95070e4d14803e949dc754ca02bcea25e8b3a4194f7d248f15ca515/analysis/
27253 || MALWARE-CNC Win.Trojan.Cridex Encrypted POST w/ URL Pattern || url,www.virustotal.com/en/file/cd0cdc216e456b34dc2e4c6db6bacbbba20122489e6751621f921ca53cc7e421/analysis/
27254 || MALWARE-CNC Yakes Trojan HTTP Header Structure || url,www.virustotal.com/en/file/980c4ed3dd130c9313a35434e0b102a6b8b038c98735814834334ccc03e4da3c/analysis/
27255 || INDICATOR-COMPROMISE All Numbers .EXE file name from abnormally ordered HTTP headers - Potential Yakes Trojan Download || url,www.virustotal.com/en/file/980c4ed3dd130c9313a35434e0b102a6b8b038c98735814834334ccc03e4da3c/analysis/
27256 || MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware || url,threatpost.com/nsa-whistleblower-article-redirects-to-malware || url,www.virustotal.com/en/file/5d7b09613c03cb3b54b9ab7a886558bba38861a899638f4318c09eaa56401821/analysis/1373466967/
27257 || MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language || url,www.virustotal.com/en/file/8c1ff08a25b93da66921c75d0d21a9c08c5d3d36b95f9eaf113ecd84fa452944/analysis/1374505566/
27533 || MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg || url,www.virustotal.com/en/file/33525f8cf5ca951095d4af7376e026821b81557526d4846916805387fb9c5bb2/analysis/
27535 || BLACKLIST DNS request for known malware domain mainenbha.com - Win.Kraziomel Trojan || url,www.virustotal.com/en/file/33525f8cf5ca951095d4af7376e026821b81557526d4846916805387fb9c5bb2/analysis/
27537 || BLACKLIST DNS request for known malware domain ohtheigh.cc - Foreign-R Trojan || url,secure2.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Foreign-R/detailed-analysis.aspx || url,www.virustotal.com/en/file/787cf06f029d8f79ed375aef13d18301541d73a56b4415da433833b8dae27b63/analysis/1374765802/
27538 || MALWARE-OTHER self-signed SSL certificate with default MyCompany Ltd organization name || url,en.wikipedia.org/wiki/Self-signed_certificate || url,security.ncsa.illinois.edu/research/grid-howtos/usefulopenssl.html
27565 || MALWARE-OTHER HideMeBetter spam injection variant || url,blog.sucuri.net/2013/07/hidemebetter-spam-injection-variant.html
27567 || MALWARE-CNC Win.Trojan.Rovnix malicious download request || url,blog.didierstevens.com/2013/08/04/quickpost-rovnix-pcap || url,blogs.technet.com/b/mmpc/archive/2013/07/25/the-evolution-of-ronvix-private-tcp-ip-stacks.aspx
27596 || MALWARE-CNC Win.Trojan.Redyms variant outbound connection || url,www.virustotal.com/en/file/1c61afd792257cbc72dc3221deb3d0093f0fc1abf2c3f2816e041e37769137a4/analysis/1375189147/
27599 || MALWARE-CNC Fort Disco Registration variant outbound connection || url,www.net-security.org/secworld.php?id=15370
27632 || BLACKLIST DNS request for known malware domain hidatabase.cn - Worm.Silly || url,www.virustotal.com/en/file/0ddd3488b618b17437413a9d579aa111f0a2ba302262d0a9b0d2832718a93524/analysis/
27633 || MALWARE-CNC Worm.Silly variant outbound connection || url,www.virustotal.com/en/file/0ddd3488b618b17437413a9d579aa111f0a2ba302262d0a9b0d2832718a93524/analysis/
27648 || MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection || url,www.virustotal.com/en/file/709fa674b301e9123fc2c01e817da21cb29cdfb5a42634a793e27c9533d335b1/analysis/1375811416/
27707 || BLACKLIST DNS request for known malware domain www.wolfvr.com || url,www.virustotal.com/en/file/f53a483befed8d1494827a3f2444cfe638d3f7e595d72b722eab92d1aca9ede3/analysis/1376847283/
27708 || MALWARE-CNC Win.Ransomware.Urausy outbound connection || url,www.virustotal.com/en/file/f53a483befed8d1494827a3f2444cfe638d3f7e595d72b722eab92d1aca9ede3/analysis/1376847283/
27726 || MALWARE-CNC Orbit Downloader denial of service update || url,www.welivesecurity.com/2013/08/21/orbital-decay-the-dark-side-of-a-popular-file-downloading-tool
27727 || MALWARE-CNC Orbit Downloader denial of service update || url,www.welivesecurity.com/2013/08/21/orbital-decay-the-dark-side-of-a-popular-file-downloading-tool
27728 || MALWARE-CNC Orbit Downloader denial of service update || url,www.welivesecurity.com/2013/08/21/orbital-decay-the-dark-side-of-a-popular-file-downloading-tool
27802 || MALWARE-CNC Win.Trojan.PRISM variant outbound connection || url,www.virustotal.com/en/file/417cb84f48d20120b92530c489e9c3ee9a9deab53fddc0dc153f1034d3c52c58/analysis/1377785686/
27803 || MALWARE-CNC Win.Trojan.PRISM variant outbound connection || url,www.virustotal.com/en/file/417cb84f48d20120b92530c489e9c3ee9a9deab53fddc0dc153f1034d3c52c58/analysis/1377785686/
27804 || MALWARE-CNC Win.Trojan.PRISM variant outbound connection || url,www.virustotal.com/en/file/417cb84f48d20120b92530c489e9c3ee9a9deab53fddc0dc153f1034d3c52c58/analysis/1377785686/
27805 || MALWARE-CNC Win.Trojan.Bisonha variant outbound connection || url,bl0g.cedricpernet.net/post/2013/08/29/APT-More-on-G20Summit-Espionage-Operation || url,www.virustotal.com/en/file/f0d8834fb0e2d3c6e7c1fde7c6bcf9171e5deca119338e4fac21568e0bb70ab7/analysis/
27865 || EXPLOIT-KIT Blackholev2/Darkleech exploit kit landing page request || cve,2012-1889 || cve,2012-4681
27899 || PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt || url,blog.sipvicious.org/2008/02/detecting-sip-attacks-with-snort.html
27900 || PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt || url,blog.sipvicious.org/2008/02/detecting-sip-attacks-with-snort.html
27901 || PROTOCOL-VOIP Ghost call attack attempt || url,blog.sipvicious.org/2008/02/detecting-sip-attacks-with-snort.html
27902 || PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt || url,blog.sipvicious.org/2008/02/detecting-sip-attacks-with-snort.html
27903 || PROTOCOL-VOIP Ghost call attack attempt || url,blog.sipvicious.org/2008/02/detecting-sip-attacks-with-snort.html
27904 || PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt || url,blog.sipvicious.org/2008/02/detecting-sip-attacks-with-snort.html
27913 || PUA-ADWARE Vittalia adware - get ads || url,www.virustotal.com/en/file/9cdb2b3095cfb94cf8f6204d0f073674dd808b0f742a16216c2f06cf3b5afd50/analysis/1378700802/
27914 || PUA-ADWARE Vittalia adware - post install || url,www.virustotal.com/en/file/9cdb2b3095cfb94cf8f6204d0f073674dd808b0f742a16216c2f06cf3b5afd50/analysis/1378700802/
27915 || PUA-ADWARE Vittalia adware outbound connection - pre install || url,www.virustotal.com/en/file/9cdb2b3095cfb94cf8f6204d0f073674dd808b0f742a16216c2f06cf3b5afd50/analysis/1378700802/
27916 || PUA-TOOLBARS Vittalia adware outbound connection - Eazel toolbar install || url,www.virustotal.com/en/file/9cdb2b3095cfb94cf8f6204d0f073674dd808b0f742a16216c2f06cf3b5afd50/analysis/1378700802/
27917 || PUA-TOOLBARS Vittalia adware outbound connection - offers || url,www.virustotal.com/en/file/9cdb2b3095cfb94cf8f6204d0f073674dd808b0f742a16216c2f06cf3b5afd50/analysis/1378700802/
27918 || MALWARE-CNC Win.Trojan.Zeus variant outbound connection || url,www.virustotal.com/en/file/8825abfca1a6d843ce5670858886cb63bb1317ddbb92f91ffd46cfdcaba9ac00/analysis/
27919 || MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration || url,www.virustotal.com/en/file/8825abfca1a6d843ce5670858886cb63bb1317ddbb92f91ffd46cfdcaba9ac00/analysis/
27964 || MALWARE-CNC Win.Trojan.Gh0st variant outbound connection || url,virustotal.com/en/file/a4fd37b8b9eabd0bfda7293acbb1b6c9f97f8cc3042f3f78ad2b11816e1f9a59/analysis/1425053730/
27965 || MALWARE-CNC Win.Trojan.Eupuds variant connection || url,www.virustotal.com/en/file/09f4611c05dcff55d4471b90d41b0fd3e6d3289f71321301751008dab75ded4d/analysis/
27966 || MALWARE-CNC Win.Backdoor.Chopper web shell connection || url,informationonsecurity.blogspot.com/2012/11/china-chopper-webshell.html || url,www.virustotal.com/en/file/BE24561427D754C0C150272CAB5017D5A2DA64D41BEC74416B8AE363FB07FD77/analysis/
27967 || MALWARE-CNC Win.Backdoor.Chopper web shell connection || url,informationonsecurity.blogspot.com/2012/11/china-chopper-webshell.html || url,www.virustotal.com/en/file/BE24561427D754C0C150272CAB5017D5A2DA64D41BEC74416B8AE363FB07FD77/analysis/
27968 || MALWARE-CNC Win.Backdoor.Chopper web shell connection || url,informationonsecurity.blogspot.com/2012/11/china-chopper-webshell.html || url,www.virustotal.com/en/file/BE24561427D754C0C150272CAB5017D5A2DA64D41BEC74416B8AE363FB07FD77/analysis/
28005 || MALWARE-CNC Win.Trojan.Kuluoz outbound command || url,www.virustotal.com/en/file/2d134b69c41fadc5d3a28c90e452323f1c54dd1aa20ac5f5e897feac8d86755a/analysis/
28006 || MALWARE-OTHER Win.Trojan.Kuluoz outbound download request || url,malwaremustdie.blogspot.com/2013/09/302-redirector-new-cushion-attempt-to.html
28007 || MALWARE-CNC BLYPT installer startupkey outbound traffic || url,blog.trendmicro.com/trendlabs-security-intelligence/blypt-a-new-backdoor-family-installed-via-java-exploit
28008 || MALWARE-CNC BLYPT installer reuse outbound traffic || url,blog.trendmicro.com/trendlabs-security-intelligence/blypt-a-new-backdoor-family-installed-via-java-exploit
28009 || MALWARE-CNC BLYPT installer configkey outbound traffic || url,blog.trendmicro.com/trendlabs-security-intelligence/blypt-a-new-backdoor-family-installed-via-java-exploit
28010 || MALWARE-CNC BLYPT installer tserror outbound traffic || url,blog.trendmicro.com/trendlabs-security-intelligence/blypt-a-new-backdoor-family-installed-via-java-exploit
28011 || MALWARE-CNC BLYPT installer createproc outbound traffic || url,blog.trendmicro.com/trendlabs-security-intelligence/blypt-a-new-backdoor-family-installed-via-java-exploit
28012 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection || url,www.virustotal.com/en/file/d8870137f7f761055a2ac83b03eb3f8fe26015fa0ba99f41551ca59374c6a3ec/analysis/1365436849/
28033 || MALWARE-CNC Win.Ransomware.Urausy variant outbound connection || url,www.virustotal.com/en/file/e74e0b2f3efbe8edadeaeef501fe268e2ff7c8a8bc8550de7924f77f2a612941/analysis/1378636986/
28042 || MALWARE-CNC Win.Trojan.Caphaw variant outbound connection || url,research.zscaler.com/2013/09/a-new-wave-of-win32caphaw-attacks.html
28044 || MALWARE-CNC Win.Trojan.CryptoLocker variant connection || url,www.virustotal.com/en/file/d4b16269c9849c33a7bb2fdc782173a00e99db12a585689618dde3f4c6fcb101/analysis
28079 || MALWARE-CNC Win.Trojan.Napolar variant outbound connection || url,www.virustotal.com/en/file/463d39dcbf19b5c4c9e314e5ce77bf8a51848b8c7d64e4f0a6656b9d28941e2e/analysis/
28080 || MALWARE-CNC Win.Trojan.Napolar data theft || url,www.virustotal.com/en/file/12781be5908ecc3dbf4a459e4cbc7bedb654b50236f7a961e85f3af5e2275ddf/analysis/
28105 || MALWARE-CNC Win.Trojan.Banload variant outbound connection || url,www.nyxbone.com/malware/banload.html
28106 || MALWARE-CNC Win.Trojan.Banload information upload || url,www.nyxbone.com/malware/banload.html
28107 || MALWARE-CNC Win.Trojan.Banload download || url,www.nyxbone.com/malware/banload.html
28114 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload || url,www.virustotal.com/en/file/0682508f3d7c85e086055ce943aeaa634484d8e0cb22be776bac6930b00fae49/analysis/
28115 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload || url,www.virustotal.com/en/file/0682508f3d7c85e086055ce943aeaa634484d8e0cb22be776bac6930b00fae49/analysis/
28116 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload || url,www.virustotal.com/en/file/0682508f3d7c85e086055ce943aeaa634484d8e0cb22be776bac6930b00fae49/analysis/
28117 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload || url,www.virustotal.com/en/file/0682508f3d7c85e086055ce943aeaa634484d8e0cb22be776bac6930b00fae49/analysis/
28118 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload || url,www.virustotal.com/en/file/0682508f3d7c85e086055ce943aeaa634484d8e0cb22be776bac6930b00fae49/analysis/
28119 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload || url,www.virustotal.com/en/file/0682508f3d7c85e086055ce943aeaa634484d8e0cb22be776bac6930b00fae49/analysis/
28120 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload || url,www.virustotal.com/en/file/0682508f3d7c85e086055ce943aeaa634484d8e0cb22be776bac6930b00fae49/analysis/
28121 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload || url,www.virustotal.com/en/file/0682508f3d7c85e086055ce943aeaa634484d8e0cb22be776bac6930b00fae49/analysis/
28122 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload || url,www.virustotal.com/en/file/0682508f3d7c85e086055ce943aeaa634484d8e0cb22be776bac6930b00fae49/analysis/
28123 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload || url,www.virustotal.com/en/file/0682508f3d7c85e086055ce943aeaa634484d8e0cb22be776bac6930b00fae49/analysis/
28147 || MALWARE-CNC Win.Trojan.Conficker variant outbound connection || url,www.virustotal.com/en/file/57212e057db0d45d94d08cd47dec85f0d85a20a7f4d3824559c81a50999cc2a5/analysis/
28148 || MALWARE-CNC Win.Trojan.Mevade variant outbound connection || url,www.virustotal.com/en/file/526fe8eee74dc51a23e458115179dcda4027277b696b6a06889ed52751b39f54/analysis/
28153 || MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ || url,www.virustotal.com/en/file/5a9cd53f13825e17107d6b9f81ebe4013f3abf23429d9735c7258d43c101b71f/analysis/
28154 || MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 || url,www.virustotal.com/en/file/5a9cd53f13825e17107d6b9f81ebe4013f3abf23429d9735c7258d43c101b71f/analysis/
28155 || MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 || url,www.virustotal.com/en/file/5a9cd53f13825e17107d6b9f81ebe4013f3abf23429d9735c7258d43c101b71f/analysis/
28156 || PUA-ADWARE Linkury outbound time check || url,www.virustotal.com/en/file/a2c4e162624ddb169542e12e148a3be6bfe79a1fed4adfb28ad1a308a0d1bade/analysis/1380219003/
28192 || MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL || url,urlquery.net/report.php?id=5117077 || url,www.soleranetworks.com/blogs/kuluoz-spam-uses-a-lot-of-stolen-web-servers/
28193 || BLACKLIST DNS request for known malware domain- Win.Vobfus worm variant || url,www.virustotal.com/en/file/451318847bae50e855299a1878d9cbd74e7467bfff8df396e886732254fc3ade/analysis/1380827494/
28215 || SERVER-WEBAPP vBulletin upgrade.php exploit attempt || url,www.net-security.org/secworld.php?id=15743
28242 || MALWARE-CNC Win.Trojan.KanKan variant connection || url,www.virustotal.com/en/file/db31bdf400dd0d28487a0d298bc383a4a2912566130ea512b25639b3f95e94c4/analysis/
28255 || MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL || url,urlquery.net/search.php?q=get.php%3Finvite%3D&type=string&start=2013-10-01&end=2013-10-16&max=50 || url,www.virustotal.com/en/file/93a40a83977ca24df6e12d7d6f19a9b9d92cb3ea3174ea9d4398ad2048205c42/analysis/
28285 || MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 || url,www.virustotal.com/en/file/ca1bc54e33064eb08163a17a56dcb1d0d811fc694c05af1d9ea768ef992cb489/analysis/1381870348/ || url,www.virustotal.com/en/file/d4b16269c9849c33a7bb2fdc782173a00e99db12a585689618dde3f4c6fcb101/analysis/
28293 || BLACKLIST DNS request www.xiaopijia.com - Backdoor.Yaddos || url,www.virustotal.com/en/file/08e49d4b699ac39193ae6bb952d8ef8a79e9958916683db4a8fa0e9c6ee512d7/analysis/
28294 || BLACKLIST DNS request www.akwm139.com - Backdoor.Yaddos || url,www.virustotal.com/en/file/08e49d4b699ac39193ae6bb952d8ef8a79e9958916683db4a8fa0e9c6ee512d7/analysis/
28295 || BLACKLIST DNS request www.1860tour.com - Backdoor.Yaddos || url,www.virustotal.com/en/file/08e49d4b699ac39193ae6bb952d8ef8a79e9958916683db4a8fa0e9c6ee512d7/analysis/
28296 || BLACKLIST DNS request ghjgf.info - Backdoor.Yaddos || url,www.virustotal.com/en/file/08e49d4b699ac39193ae6bb952d8ef8a79e9958916683db4a8fa0e9c6ee512d7/analysis/
28300 || MALWARE-CNC Win.Trojan.Agent variant connection || url,www.virustotal.com/en/file/e21a7333f5e6fe6de87b0b4ef928202724680d46ee3524983ec6962b4061813c/analysis/1381409595/
28323 || MALWARE-CNC Win.Backdoor.Chopper web shell connection || url,informationonsecurity.blogspot.com/2012/11/china-chopper-webshell.html || url,www.virustotal.com/en/file/BE24561427D754C0C150272CAB5017D5A2DA64D41BEC74416B8AE363FB07FD77/analysis/
28344 || INDICATOR-OBFUSCATION large number of calls to chr function - possible sql injection obfuscation || url,isc.sans.org/diary.html?storyid=3823
28404 || BLACKLIST DNS request for known malware domain goobzo.com - Kazy Trojan || url,www.virustotal.com/en/file/a064a1d3d8b9d8ab649686b7fb01e0631e569412388084f5c391722c98660763/analysis/
28405 || MALWARE-CNC Win.Trojan.Kazy variant outbound connection || url,www.virustotal.com/en/file/a064a1d3d8b9d8ab649686b7fb01e0631e569412388084f5c391722c98660763/analysis/
28406 || MALWARE-CNC Win.Trojan.Kazy variant outbound connection || url,www.virustotal.com/en/file/a064a1d3d8b9d8ab649686b7fb01e0631e569412388084f5c391722c98660763/analysis/
28428 || EXPLOIT-KIT Glazunov exploit kit landing page || cve,2013-2471 || url,nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/
28429 || EXPLOIT-KIT Glazunov exploit kit outbound jnlp download attempt || cve,2013-2471 || url,nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/
28430 || EXPLOIT-KIT Glazunov exploit kit zip file download || cve,2013-2471 || url,nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/
28446 || MALWARE-CNC Win.Trojan.Symmi variant SQL check-in || url,www.virustotal.com/en/file/47c71ff0eb61b371e967b93b6909bb05f2aab973e3214ea2d5ed246884dd045e/analysis/
28493 || MALWARE-CNC DeputyDog diskless method outbound connection || cve,2013-3918 || url,technet.microsoft.com/en-us/security/bulletin/MS13-090
28538 || MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection || url,stopmalvertising.com/malware-reports/analysis-of-asprox-and-its-new-encryption-scheme.html || url,www.virustotal.com/en/file/929b62b673db55f443a36fa2de184a2be03788bbe714fc586b82a19444727a54/analysis/
28539 || BLACKLIST DNS request for known malware domain lovesyr.sytes.net - Win.Worm Dunhihi || url,www.virustotal.com/en/file/c3c4abd4ccf24da96abc0b4045219a89c86662bad9201913c5317f6e3e7841d9/analysis/
28541 || MALWARE-CNC Win.Trojan.ZeroAccess Download Headers || url,www.virustotal.com/en/analisis//file/eeaeb1506d805271b5147ce911df9c264d63e4d229de4464ef879a83fb225a40/analysis/
28542 || MALWARE-CNC Win.Trojan.Conficker variant outbound connection || url,www.sans.org/security-resources/malwarefaq/conficker-worm.php
28543 || MALWARE-CNC Win.Trojan.Conficker variant outbound connection || url,www.sans.org/security-resources/malwarefaq/conficker-worm.php
28552 || INDICATOR-SCAN inbound probing for IPTUX messenger port  || url,github.com/iptux-src/iptux
28553 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload || url,www.virustotal.com/en/file/0682508f3d7c85e086055ce943aeaa634484d8e0cb22be776bac6930b00fae49/analysis/
28554 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload || url,www.virustotal.com/en/file/0682508f3d7c85e086055ce943aeaa634484d8e0cb22be776bac6930b00fae49/analysis/
28555 || MALWARE-OTHER SQL Slammer worm propagation attempt inbound || bugtraq,5310 || bugtraq,5311 || cve,2002-0649
28556 || PROTOCOL-DNS DNS query amplification attempt || url,www.us-cert.gov/ncas/alerts/TA13-088A
28557 || PROTOCOL-DNS Malformed DNS query with HTTP content || url,www.ietf.org/rfc/rfc2616.txt
28800 || MALWARE-CNC Win.Trojan.Zeus outbound connection || url,www.virustotal.com/en/file/d4b16269c9849c33a7bb2fdc782173a00e99db12a585689618dde3f4c6fcb101/analysis/
28802 || MALWARE-CNC Win.Trojan.Bancos outbound connection || url,www.virustotal.com/en/file/26c60976776d212aefc9863efde914059dd2847291084c158ce51655fc1e48d0/analysis/1382620137/
28803 || MALWARE-CNC Win.Trojan.Injector inbound connection || url,www.virustotal.com/en/file/253b2cb7f6eacaaaca5053f73445defce5df2cd4a5564ebc0721e0323a6c3557/analysis/1383139183/
28804 || MALWARE-CNC Win.Trojan.Injector outbound connection || url,www.virustotal.com/en/file/253b2cb7f6eacaaaca5053f73445defce5df2cd4a5564ebc0721e0323a6c3557/analysis/1383139183/
28805 || MALWARE-CNC Win.Trojan.Palevo outbound connection || url,palevotracker.abuse.ch/?ipaddress=209.222.14.3 || url,palevotracker.abuse.ch/?ipaddress=31.170.179.179
28806 || INDICATOR-COMPROMISE potential malware download - single digit .exe file download || url,urlquery.net/search.php?q=%5C%2F%5Ba-zA-Z%5D%5C.%5BEe%5D%5BXx%5D%5BEe%5D%24&type=regexp&start=2013-09-07&end=2013-12-06&max=400
28807 || MALWARE-CNC Win.Trojan.Injector variant outbound connection || url,urlquery.net/search.php?q=%5C%2Fload%5C.exe%24&type=regexp&start=2013-08-24&end=2013-11-22&max=400 || url,www.virustotal.com/en/file/032572ea1f34a060ecac98a8e2899dc0f2a41dff199e879050481ddd3818b4d0/analysis/
28809 || MALWARE-CNC Win.Trojan.Dofoil inbound connection || url,www.virustotal.com/en/file/2325492f457a8b7d3df48a570210f65f3a094fe8925278451713768d938bec86/analysis/
28810 || MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie || url,en.wikipedia.org/wiki/Zeus_(Trojan_horse)
28814 || MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection || url,www.virustotal.com/en/file/b78c5c53d3b54acbca2b344a779528f0408258b6ac12899c860d99bf563e883a/analysis/
28815 || MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection || url,www.virustotal.com/en/file/b78c5c53d3b54acbca2b344a779528f0408258b6ac12899c860d99bf563e883a/analysis/
28852 || BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard || url,www.virustotal.com/en/file/d757aa51974806e5402fb8a5c930518bf9ba0b2fd62f74e0f4c33d85bce08ada/analysis/
28859 || BLACKLIST User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot || url,www.virustotal.com/en/file/0220b1071c8a0093e673d836ae436cb468b8cd1bd5873dad08351309e13af9e5/analysis/1383673331/
28913 || MALWARE-BACKDOOR Zollard variant outbound connection attempt || url,www.deependresearch.org/2013/12/hey-zollard-leave-my-internet-of-things.html
28918 || MALWARE-CNC Win.Trojan.Symmi variant network connectivity check || url,www.virustotal.com/en/file/47c71ff0eb61b371e967b93b6909bb05f2aab973e3214ea2d5ed246884dd045e/analysis/
28919 || MALWARE-CNC Win.Trojan.Symmi variant network connectivity check || url,www.virustotal.com/en/file/084455c1de5d9440eb95edd2e6868aab1ce3dd674c2e3ba481254edc65b30b89/analysis/
28940 || MALWARE-CNC Win.Trojan.Rovnix malicious download || url,isc.sans.edu/forums/diary/Suspected+Active+Rovnix+Botnet+Controller/17180 || url,www.welivesecurity.com/2012/02/22/rovnix-reloaded-new-step-of-evolution/
28945 || INDICATOR-COMPROMISE exe.exe download || url,urlquery.net/search.php?q=%5C%2F%5BEe%5D%5BXx%5D%5BEe%5D%5C.%5BEe%5D%5BXx%5D%5BEe%5D%24&type=regexp&start=2013-11-21&end=2013-12-06&max=400
28959 || BLACKLIST DNS request for known malware domain fenhelua.com || url,www.sophos.com/ja-jp/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-AFDE/detailed-analysis.aspx
28960 || MALWARE-CNC Win.Trojan.Alurewo outbound connection || url,www.sophos.com/ja-jp/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-AFDE/detailed-analysis.aspx || url,www.virustotal.com/en/file/9171bd76d3fa26a78225cb7c9d5112635fa84e8bdf3388577f22da9178871161/analysis/
28976 || MALWARE-CNC Win.Trojan.Agent.DF - Data Exfiltration || url,www.virustotal.com/en/file/b9587fc86f1459ccf7b096b6bf68b4fcc165946a86f3ed9ce84c61907aa99dae/analysis/1386599712/
28977 || MALWARE-CNC Win.Trojan.Agent.DF - User-Agent Missing Bracket || url,www.virustotal.com/en/file/b9587fc86f1459ccf7b096b6bf68b4fcc165946a86f3ed9ce84c61907aa99dae/analysis/1386599712/
28982 || MALWARE-CNC Win.Worm.Steckt IRCbot requesting URL through IRC || url,www.virustotal.com/en/file/411e93206a7750c8df25730349bf9756ddba52c1bc780eaac4bba2b3872bc037/analysis/
28983 || MALWARE-CNC Win.Trojan.Steckt IRCbot executable download || url,www.virustotal.com/en/file/411e93206a7750c8df25730349bf9756ddba52c1bc780eaac4bba2b3872bc037/analysis/
28984 || MALWARE-CNC Win.Worm.Steckt IRCbot executable download || url,www.virustotal.com/en/file/411e93206a7750c8df25730349bf9756ddba52c1bc780eaac4bba2b3872bc037/analysis/
28985 || MALWARE-CNC Win.Worm.Steckt IRCbot executable download || url,www.virustotal.com/en/file/411e93206a7750c8df25730349bf9756ddba52c1bc780eaac4bba2b3872bc037/analysis/
28986 || MALWARE-CNC Win.Worm.Neeris IRCbot variant outbound connection || url,www.virustotal.com/en/file/0a8f320fc7535f164bbd9d0e462fd459c55ff448cf5e84dc2115f2f4aa800e6b/analysis/1387176826/
28987 || MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection || url,www.virustotal.com/en/file/480eb4aa76a55ad7b0db128138113615ca834f9e6c62f798f54c8ac0759657fe/analysis/1387177714/ || url,www.virustotal.com/en/file/5b1d04b7504a3ac1befe4408fd4f9cd877b92661db47a75f197924cb660551d3/analysis/1387178129/
28988 || MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection || url,www.virustotal.com/en/file/480eb4aa76a55ad7b0db128138113615ca834f9e6c62f798f54c8ac0759657fe/analysis/1387177714/ || url,www.virustotal.com/en/file/5b1d04b7504a3ac1befe4408fd4f9cd877b92661db47a75f197924cb660551d3/analysis/1387178129/
29031 || MALWARE-CNC Win.Trojan.Banload variant inbound connection || url,www.virustotal.com/en/file/30032d2b7fd928392837eeb814cf1e2add0d80b0e17b8dbfec2e2c3be9164cf6/analysis/
29174 || BLACKLIST User-Agent known malicious user-agent string fortis || url,www.virustotal.com/en/file/92614908e7842e0dfa72ecfee868b06017b5cc445f201874776583f754b137a3/analysis/
29216 || MALWARE-CNC Win.Trojan.Androm variant outbound connection || url,www.virustotal.com/en/file/0baf3197bdb2c665fea0a84db91d3f65171cf6cf9a732fd394ff9f707ddaf682/analysis/
29220 || MALWARE-CNC Win.Trojan.Strictor variant outbound connection || url,www.virustotal.com/en/file/0fe413704c85751b060546ebfd428d57726d8fd002ca95ec8deb76f5f37ed9c4/analysis/1389125202/
29259 || MALWARE-CNC Win.Trojan.Graftor variant outbound connection || url,www.virustotal.com/en/file/a46c3fee842f1ded35b6a4e003c0e6ea62ee66d354d4b826b4c3e5aa9310b3ba/analysis/
29260 || MALWARE-CNC Win.Trojan.Graftor variant outbound connection || url,www.virustotal.com/en/file/a46c3fee842f1ded35b6a4e003c0e6ea62ee66d354d4b826b4c3e5aa9310b3ba/analysis/
29261 || MALWARE-CNC Win.Trojan.Dropper variant outbound connection || url,file-analyzer.net/analysis/1087/5386/0/html || url,www.virustotal.com/en/file/913cc54750e8bb6b88d5ccbfc988e0107f80ad14ba4d052a3f3db11ccfd8ce4a/analysis/
29262 || BLACKLIST DNS request for known malware domain bog5151.zapto.org - Win.Trojan.Dunihi || url,www.virustotal.com/en/file/fc274838271cc9e28d8c3c9c925f38c07da14c13f3df56f41450f514904ae876/analysis/
29263 || BLACKLIST DNS request for known malware domain kara.no-ip.info - Win.Trojan.Dunihi || url,www.virustotal.com/en/file/e3cbce74e7fa73b931283b0187f237d0acb4ea3e1f5ce2be4af83493a6bef460/analysis/
29300 || MALWARE-CNC Win.Trojan.Graftor variant inbound connection || url,www.virustotal.com/en/file/b20fcfe7d851dfe1f835e60072e53b0a3c54e14d0fc94814ce841be4740f295c/analysis
29349 || MALWARE-CNC Win.Trojan.Zusy variant outbound connection || url,www.virustotal.com/en/file/6fdd7c0630ea89a58cdc1f3fb74bf5a99732bd5649a39411868bf71e90cfdc84/analysis/1389362066/
29378 || MALWARE-CNC Win.Trojan.Dropper inbound encrypted traffic || url,www.virustotal.com/en/file/20b49af8b750a1899117827476402ccaf7095fb5b7aad2e96c8109290da453cb/analysis/ || url,www.virustotal.com/en/file/559e8dbe388c8c103996b208eb5532e295da717f84b4a7ddf5c9885de8115606/analysis/
29379 || MALWARE-CNC Win.Trojan.Dropper outbound encrypted traffic - potential exfiltration || url,www.virustotal.com/en/file/20b49af8b750a1899117827476402ccaf7095fb5b7aad2e96c8109290da453cb/analysis/ || url,www.virustotal.com/en/file/559e8dbe388c8c103996b208eb5532e295da717f84b4a7ddf5c9885de8115606/analysis/
29380 || MALWARE-CNC Win.Trojan.Dropper outbound encrypted traffic || url,www.virustotal.com/en/file/20b49af8b750a1899117827476402ccaf7095fb5b7aad2e96c8109290da453cb/analysis/ || url,www.virustotal.com/en/file/559e8dbe388c8c103996b208eb5532e295da717f84b4a7ddf5c9885de8115606/analysis/
29395 || MALWARE-CNC Win.Trojan.Zeus variant outbound connection || url,www.virustotal.com/en/file/ef4e0ccc49decb41f213a20f61d92374c3b97497105d7c20e7284f65055d2ccb/analysis/
29454 || PROTOCOL-ICMP Unusual L3retriever Ping detected || url,krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/ || url,krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/
29455 || PROTOCOL-ICMP Unusual Microsoft Windows Ping detected || url,krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/ || url,krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/
29456 || PROTOCOL-ICMP Unusual PING detected || url,krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/ || url,krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/
29457 || PROTOCOL-ICMP Unusual Microsoft Windows 7 Ping detected || url,krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/ || url,krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/
29459 || MALWARE-CNC Win.Trojan.Fexel variant outbound connection || url,www.virustotal.com/en/file/b33ffbec01b43301edd9db42a59dcd33dd45f638733e2f92f0cb5bfe86714734/analysis/
29567 || BLACKLIST DNS request for known malware domain antiq.scifi.ro - Linux.Backdoor.Shellbot || url,www.virustotal.com/en/file/8eb6c4a844cbfe98db78aef08a634c460c7c9f7d576b62444114306effb4023d/analysis/1390763713/ || url,www.virustotal.com/en/file/daffe8b88d7fd99e5a5000b697aeca46aa7c305a6408d952018b9d1f5f5c6fdb/analysis/1390763695/
29568 || BLACKLIST DNS request for known malware domain funny.evils.in - Linux.Backdoor.Shellbot || url,www.virustotal.com/en/file/8eb6c4a844cbfe98db78aef08a634c460c7c9f7d576b62444114306effb4023d/analysis/1390763713/ || url,www.virustotal.com/en/file/daffe8b88d7fd99e5a5000b697aeca46aa7c305a6408d952018b9d1f5f5c6fdb/analysis/1390763695/
29569 || MALWARE-CNC Linux.Backdoor.Shellbot outbound connection || url,www.virustotal.com/en/file/8eb6c4a844cbfe98db78aef08a634c460c7c9f7d576b62444114306effb4023d/analysis/1390763713/
29664 || MALWARE-CNC Win.Trojan.DomaIQ variant outbound connection || url,file-analyzer.net/analysis/1546/6325/0/html#network || url,www.virustotal.com/en/file/59795540fc058979c6be02351507330fce8a8d3c6f10cbcd4ee21ab0144b9a7f/analysis/1390421409/
29665 || MALWARE-CNC Win.Trojan.Graftor variant outbound connection || url,www.virustotal.com/en/file/9ce3d15cbb5bc8cd42570f44ab4eb8f6332c5d0f28291d295883bf2923c01d4b/analysis/
29666 || MALWARE-CNC Win.Trojan.Linkup outbound connection || url,blog.emsisoft.com/2014/02/03/malware-analysis-ransomware-linkup-blocks-dns-and-mines-bitcoins/
29760 || BLACKLIST User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29761 || BLACKLIST DNS request for known malware domain appleupdt.com - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29762 || BLACKLIST DNS request for known malware domain carrus.gotdns.com - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29763 || BLACKLIST DNS request for known malware domain cherry1962.dyndns.org - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29764 || BLACKLIST DNS request for known malware domain ctronlinenews.dyndns.tv - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29765 || BLACKLIST DNS request for known malware domain dfup.selfip.org - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29766 || BLACKLIST DNS request for known malware domain fast8.homeftp.org - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29767 || BLACKLIST DNS request for known malware domain gx5639.dyndns.tv - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29768 || BLACKLIST DNS request for known malware domain helpcenter1it6238.cz.cc - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29771 || BLACKLIST DNS request for known malware domain mango66.dyndns.org - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29772 || BLACKLIST DNS request for known malware domain msupdt.com - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29773 || BLACKLIST DNS request for known malware domain nav1002.ath.cx - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29774 || BLACKLIST DNS request for known malware domain nthost.shacknet.nu - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29775 || BLACKLIST DNS request for known malware domain oco-231-ms.xns01.com - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29776 || BLACKLIST DNS request for known malware domain pininfarina.dynalias.com - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29777 || BLACKLIST DNS request for known malware domain pl400.dyndns.org - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29778 || BLACKLIST DNS request for known malware domain prosoccer1.dyndns.info - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29780 || BLACKLIST DNS request for known malware domain ricush.ath.cx - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29781 || BLACKLIST DNS request for known malware domain services.serveftp.org - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29782 || BLACKLIST DNS request for known malware domain sv.serveftp.org - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29783 || BLACKLIST DNS request for known malware domain swupdt.com - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29784 || BLACKLIST DNS request for known malware domain takami.podzone.net - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29785 || BLACKLIST DNS request for known malware domain tunga.homedns.org - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29786 || BLACKLIST DNS request for known malware domain wqq.dyndns.org - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29787 || BLACKLIST DNS request for known malware domain wwnav.selfip.net - Win.Trojan.Careto || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29788 || MALWARE-CNC Win.Trojan.Careto outbound connection || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29789 || MALWARE-CNC Win.Trojan.Careto plugin download || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29790 || MALWARE-CNC Win.Trojan.Careto plugin download || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29791 || MALWARE-CNC Win.Trojan.Careto plugin download || url,www.virustotal.com/en/file/19e818d0da361c4feedd456fca63d68d4b024fbbd3d9265f606076c7ee72e8f8/analysis/
29816 || MALWARE-CNC Win.Trojan.Jackpos outbound connection || url,www.virustotal.com/en/file/39c13ee490a2c4cf6f3aafe92734edbf2373f25cc6fab8e15cd4cf590f1abdf1/analysis
29817 || MALWARE-CNC Win.Trojan.Jackpos outbound connection || url,www.virustotal.com/en/file/39c13ee490a2c4cf6f3aafe92734edbf2373f25cc6fab8e15cd4cf590f1abdf1/analysis
29824 || BLACKLIST User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq || url,www.virustotal.com/en/file/f5fbdc74afc209f2648490e077a2fcddc402cbc57ababbc2f735aaecde95681b/analysis/
29828 || MALWARE-CNC Win.Trojan.Adload.dyhq variant outbound connection || url,www.virustotal.com/en/file/f5fbdc74afc209f2648490e077a2fcddc402cbc57ababbc2f735aaecde95681b/analysis/
29829 || SERVER-WEBAPP HNAP remote code execution attempt || url,isc.sans.edu/diary/Linksys+Worm+%22TheMoon%22+Summary%3A+What+we+know+so+far/17633
29830 || SERVER-WEBAPP HNAP remote code execution attempt || url,isc.sans.edu/diary/Linksys+Worm+%28%22TheMoon%22%29+Captured/17630
29831 || SERVER-WEBAPP HNAP remote code execution attempt || url,isc.sans.edu/diary/Linksys+Worm+%28%22TheMoon%22%29+Captured/17630
29832 || BLACKLIST DNS request for known malware domain hattouma12.no-ip.biz - Win.Trojan.Dunihi || url,www.virustotal.com/en/file/960aee6e11a44bf18a5f224019bd40e35112a2f312c220c9aaf0b30c9a5ba084/analysis/
29833 || BLACKLIST DNS request for known malware domain sidisalim.myvnc.com - Win.Trojan.Dunihi || url,www.virustotal.com/en/file/b560a6719a23095cbaeabcff55e8a9dd8fde1fdf4c428b6261731072eb5256d2/analysis/
29862 || MALWARE-CNC Win.Trojan.Pirminay variant outbout connection || url,www.virustotal.com/en/file/5e1a615ddf73b27390d7a3c87a28932761fc1c843e01cd68253e873270bef69d/analysis/1392222514/
29863 || MALWARE-CNC Win.Trojan.Pirminay variant outbound connection || url,www.virustotal.com/en/file/5e1a615ddf73b27390d7a3c87a28932761fc1c843e01cd68253e873270bef69d/analysis/1392222514/
29864 || EXPLOIT-KIT Redkit exploit kit payload request || url,www.invincea.com/2014/02/ekia-citadel-a-k-a-the-malware-the-popped-fazio-mechanical/
29865 || MALWARE-CNC Win.Trojan.Kuluoz outbound connection || url,www.virustotal.com/en/file/8b53c46a7dfbe738c558e653f33fccf2004fc294848eee20903daa556bb3af09/analysis/
29867 || BLACKLIST DNS request for known malware domain 0zz0.com - Win.Trojan.Napolar || url,www.virustotal.com/en/file/58762cf6aa8eea5744716986773a2c22ae7412eae634be7bed648c96465bc8ef/analysis/
29868 || BLACKLIST DNS request for known malware domain www.rekurigo.com - Win.Trojan.Napolar || url,www.virustotal.com/en/file/58762cf6aa8eea5744716986773a2c22ae7412eae634be7bed648c96465bc8ef/analysis/
29869 || MALWARE-CNC Win.Trojan.Napolar phishing attack || url,www.virustotal.com/en/file/58762cf6aa8eea5744716986773a2c22ae7412eae634be7bed648c96465bc8ef/analysis/
29870 || MALWARE-CNC Win.Trojan.Pony HTTP response connection || url,file-analyzer.net/analysis/1830/6840/0/html || url,www.virustotal.com/en/file/58762cf6aa8eea5744716986773a2c22ae7412eae634be7bed648c96465bc8ef/analysis/
29882 || MALWARE-CNC Win.Trojan.WEC variant outbound connection || url,www.virustotal.com/en/file/164c792247b2822ab1dce8271a9498d3c9172ff21d36feccf83265ded1be8d0b/analysis/
29887 || BLACKLIST User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre || url,www.virustotal.com/en/file/F167C95A467F584890F39BA2162F1B96E7626F5C575EB151C8E4E00E68F97478/analysis/
29895 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection  || url,www.virustotal.com/en/file/51540d7c9a4bc2a430bc50c85cf9cec5c6f2bb755e800a3f3575ba34fe5f008c/analysis
29897 || MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection || url,www.virustotal.com/en/file/b6f44c7466338ea14d1e711491b1d8174ee71e00541759eb18a31f959da521a9/analysis/ || url,www.virustotal.com/en/file/de67654959d29ffc5b9ec854d1e9e240ec96090ce8b3f9c3c9b337b7f2a54f8a/analysis/
29981 || MALWARE-CNC Win.Trojan.Tiny variant outbound connection || url,www.virustotal.com/en/file/d446e176ba2141d0e7ae0799335fdd98f94d5e6b41c88083f4a3d3c04805a721/analysis/
30068 || MALWARE-CNC Win.Trojan.Androm variant outbound connection || url,www.virustotal.com/en/file/0baf3197bdb2c665fea0a84db91d3f65171cf6cf9a732fd394ff9f707ddaf682/analysis
30069 || BLACKLIST DNS request for known malware domain smsgrabber.url.ph - Android iBanking/Spy.49 || url,www.kernelmode.info/forum/viewtopic.php?f=16&t=3166 || url,www.virustotal.com/en/file/38f6fccfc8a31306c0a03cad6908c148e8506fd70ce03165fd89e18113b68e02/analysis/
30070 || MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt || url,www.kernelmode.info/forum/viewtopic.php?f=16&t=3166 || url,www.virustotal.com/en/file/38f6fccfc8a31306c0a03cad6908c148e8506fd70ce03165fd89e18113b68e02/analysis/
30071 || MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt || url,www.kernelmode.info/forum/viewtopic.php?f=16&t=3166 || url,www.virustotal.com/en/file/38f6fccfc8a31306c0a03cad6908c148e8506fd70ce03165fd89e18113b68e02/analysis/
30072 || MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt || url,www.kernelmode.info/forum/viewtopic.php?f=16&t=3166 || url,www.virustotal.com/en/file/38f6fccfc8a31306c0a03cad6908c148e8506fd70ce03165fd89e18113b68e02/analysis/
30087 || MALWARE-CNC Win.Trojan.Gamut configuration download || url,www.virustotal.com/en/file/dcb60900fcfd4ec83930177b7055fbdbba37f8e217409874be130f9c2e5b78fb/analysis/
30091 || MALWARE-CNC Win.Trojan.Necurs variant outbound connection || url,file-analyzer.net/analysis/2306/8066/0/html#network || url,www.virustotal.com/en/file/009f75196d1df18713d2572e3a797fb6a784a5c6c7dd7d253ba408ed7164c313/analysis/1393271978/
30191 || MALWARE-CNC Win.Trojan.Uroburos usermode-centric client request || url,info.baesystemsdetica.com/rs/baesystems/images/snake_whitepaper.pdf || url,public.gdatasoftware.com/Web/Content/INT/Blog/2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf || url,www.virustotal.com/en/file/50edc955a6e8e431f5ecebb5b1d3617d3606b8296f838f0f986a929653d289ed/analysis/
30196 || MALWARE-CNC Win.Trojan.Androm variant outbound connection || url,www.virustotal.com/en/file/0fb9613582fd025b6fd14dcd003973c676db3798b733851a6b37ef6b0bc5f3be/analysis
30198 || MALWARE-CNC Win.Trojan.Symmi variant outbound connection || url,www.virustotal.com/en/file/d28a89d789d51b30730a43ef903bc0fbb58e7014e9d55fbb2e42fd640fee1eac/analysis/
30234 || MALWARE-CNC Win.Trojan.Graftor variant outbound connection || url,www.virustotal.com/en/file/9ce3d15cbb5bc8cd42570f44ab4eb8f6332c5d0f28291d295883bf2923c01d4b/analysis/
30255 || MALWARE-CNC Win.Trojan.Strictor HTTP Response - Brazil Geolocated Infected User || url,www.virustotal.com/en/file/4b6a4211191c8115a3bce64897159127dabcef0fbf6268007cb223dfa0870b60/analysis/
30256 || MALWARE-CNC Win.Trojan.Strictor HTTP Response - Non-Brazil Geolocated Infected User || url,www.virustotal.com/en/file/4b6a4211191c8115a3bce64897159127dabcef0fbf6268007cb223dfa0870b60/analysis/
30257 || MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection || url,www.virustotal.com/en/file/29c3af334ce712ff66985f3584ad0af53ab16c2968ca41f06b900d703a27064e/analysis/1393266939/ || url,www.virustotal.com/en/file/5c2689920192836b3788a15f856ba311b54976a0a75016cbf0ae9a85d5a21d76/analysis/
30258 || MALWARE-CNC Win.Trojan.Zeus variant outbound connection || url,www.virustotal.com/en/file/52906104fa7cf93bbaba9ac9c6c5ffb8c72799e14248045e467c6568926cb494/analysis/1386078525/ || url,www.virustotal.com/en/file/5a9cd53f13825e17107d6b9f81ebe4013f3abf23429d9735c7258d43c101b71f/analysis/
30259 || MALWARE-CNC Win.Trojan.Strictor variant outbound connection attempt || url,www.virustotal.com/en/file/143756537dfb4964c04d874fd16366ef384bdb4f64a739db019fa9b947b821a1/analysis/1395684118/
30260 || PUA-ADWARE Lucky Leap Adware outbound connection || url,www.virustotal.com/en/file/43c6fb02baf800b3ab3d8f35167c37dced8ef3244691e70499a7a9243068c016/analysis/1395425759/
30261 || PUA-ADWARE Lucky Leap Adware outbound connection || url,www.virustotal.com/en/file/43c6fb02baf800b3ab3d8f35167c37dced8ef3244691e70499a7a9243068c016/analysis/1395425759/
30262 || MALWARE-CNC Win.Trojan.Symmi variant outbound connection || url,www.virustotal.com/en/file/c70ca3914e44cf574f50019892916ed910d7454cdb64b4eab403961c953fe44e/analysis/1395407305/
30288 || MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection || url,www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf
30336 || MALWARE-CNC Linux.Trojan.Calfbot outbound connection || url,www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf
30481 || BLACKLIST DNS request for known malware domain titan2014.sytes.net - Win.Trojan.Zbot/Bublik || url,isc.sans.edu/forums/diary/Malicious+PDF+sent+in+massive+scam+to+Colombian+users+claiming+to+be+from+Credit+score+agency/17875 || url,www.virustotal.com/en/file/bbc1a8b0892785c75f0f44d9414e424ed03cefbf951ed20eaae50031670c8a96/analysis/
30482 || MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection || url,isc.sans.edu/forums/diary/Malicious+PDF+sent+in+massive+scam+to+Colombian+users+claiming+to+be+from+Credit+score+agency/17875 || url,www.virustotal.com/en/file/bbc1a8b0892785c75f0f44d9414e424ed03cefbf951ed20eaae50031670c8a96/analysis/
30483 || MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection || url,isc.sans.edu/forums/diary/Malicious+PDF+sent+in+massive+scam+to+Colombian+users+claiming+to+be+from+Credit+score+agency/17875 || url,www.virustotal.com/en/file/bbc1a8b0892785c75f0f44d9414e424ed03cefbf951ed20eaae50031670c8a96/analysis/
30484 || MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection || url,isc.sans.edu/forums/diary/Malicious+PDF+sent+in+massive+scam+to+Colombian+users+claiming+to+be+from+Credit+score+agency/17875 || url,www.virustotal.com/en/file/bbc1a8b0892785c75f0f44d9414e424ed03cefbf951ed20eaae50031670c8a96/analysis/
30510 || SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt || cve,2014-0160
30511 || SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt || cve,2014-0160
30512 || SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt || cve,2014-0160
30513 || SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt || cve,2014-0160
30514 || SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30515 || SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30516 || SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30517 || SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30520 || SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response || cve,2014-0160
30521 || SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response || cve,2014-0160
30522 || SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response || cve,2014-0160
30523 || SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response || cve,2014-0160
30524 || SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt || cve,2014-0160
30525 || SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt || cve,2014-0160
30544 || BLACKLIST DNS request for known malware domain eimqqakugeccgwak.org - Win.Trojan.Ramdo || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Ramdo-K/detailed-analysis.aspx
30546 || BLACKLIST DNS request for known malware domain uogwoigiuweyccsw.org - Win.Trojan.Ramdo || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Ramdo-K/detailed-analysis.aspx
30547 || MALWARE-CNC Win.Trojan.Ramdo variant outbound connection || url,blogs.technet.com/b/mmpc/archive/2014/04/08/msrt-april-2014-ramdo.aspx
30548 || MALWARE-CNC Win.Trojan.Zeus variant outbound connection || url,blog.malwaremustdie.org/2014/03/a-post-to-sting-zeus-p2pgameover-crooks.html || url,www.virustotal.com/en/file/7647eec6ae87c203085fe433f25c78f415baf31d01ee8aa31241241712b46a0d/analysis/
30549 || SERVER-OTHER OpenSSL Heartbleed masscan access exploitation attempt || cve,2014-0160
30551 || MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd || url,www.virustotal.com/en/file/583b585078f37f5d399a228f1b8021ca0a9e904a55792281048bae9cfe0e95c1/analysis/
30552 || MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema || url,www.virustotal.com/en/file/583b585078f37f5d399a228f1b8021ca0a9e904a55792281048bae9cfe0e95c1/analysis/ || url,www.virustotal.com/en/file/e8bd297b1f59b7ea11db7d90e81002469a8f054f79638a57332ac448d819fb5d/analysis/
30566 || MALWARE-CNC Linux.Trojan.Elknot outbound connection || url,www.virustotal.com/en/file/13f13f4e214c2755235ba36643e4ab08d4ea679da008397b7a540e0d45e70ab2/analysis/
30567 || MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt || url,www.virustotal.com/en/file/4e102fd6fce767fa6c0d0a9871bb71ec5969ded694a9292c2c8a9749e5648ed4/analysis/
30568 || MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt || url,www.virustotal.com/en/file/4e102fd6fce767fa6c0d0a9871bb71ec5969ded694a9292c2c8a9749e5648ed4/analysis/
30569 || MALWARE-OTHER Win.Trojan.Agent Funeral ceremony phishing attempt || url,www.virustotal.com/en/file/285ec7e2f8cbaed5d8cebde56bb6d44a921eb4e8384981832822329d8ccfb125/analysis/1395241815/
30570 || MALWARE-CNC Win.Trojan.Zeus variant outbound connection || url,www.virustotal.com/en/file/2f2e20d92f7551fccae73bba64d25dd1f18a4018fffd30bdb1f9fb6280182bd0/analysis/1396537812/ || url,www.virustotal.com/en/file/ef4e0ccc49decb41f213a20f61d92374c3b97497105d7c20e7284f65055d2ccb/analysis/
30772 || BLACKLIST DNS request for known malware domain universal2010.no-ip.org - Win.Worm.Dunihi || url,www.virustotal.com/en/file/2dc9930a0d324838f847f940ea7fa1da8808f910a39c2e701020820f7e33974a/analysis/
30777 || SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30778 || SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30779 || SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30780 || SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30781 || SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30782 || SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30783 || SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30784 || SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30785 || SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30786 || SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30787 || SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30788 || SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt || cve,2014-0160
30914 || MALWARE-CNC Win.Trojan.SpySmall variant outbound connection || url,www.virustotal.com/en/file/df51eccf430ac391d09817d003977b4ea6af36117ce3aaee2fa0ebf04505c0d2/analysis/
30915 || MALWARE-CNC Win.Trojan.SpySmall variant outbound connection || url,www.virustotal.com/en/file/df51eccf430ac391d09817d003977b4ea6af36117ce3aaee2fa0ebf04505c0d2/analysis/
30918 || BLACKLIST User-Agent known malicious user agent - User-Agent User-Agent Mozilla || url,www.virustotal.com/file/D67B6706559C5F7AB97CC788E668E27A29B7D2D39C9ACA93AF73778E53993339/analysis/
30919 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection || url,www.virustotal.com/en/file/51540d7c9a4bc2a430bc50c85cf9cec5c6f2bb755e800a3f3575ba34fe5f008c/analysis
30948 || MALWARE-BACKDOOR Win.Backdoor.Hikit outbound banner response || url,www.virustotal.com/en/file/aa4b2b448a5e246888304be51ef9a65a11a53bab7899bc1b56e4fc20e1b1fd9f/analysis/
31020 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection || url,www.virustotal.com/en/file/51540d7c9a4bc2a430bc50c85cf9cec5c6f2bb755e800a3f3575ba34fe5f008c/analysis
31034 || BLACKLIST DNS request for known malware domain www.casting.diamondhostess.hu- Win.Trojan.SpyBanker || url,www.virustotal.com/en/file/af56f8f97c8872d043a4002daa6331f3b3be296427b0e5d0560fd174e9f59e78/analysis/
31035 || BLACKLIST DNS request for known malware domain www.uslugi-ryazan.ru - Win.Trojan.SpyBanker || url,www.virustotal.com/en/file/af56f8f97c8872d043a4002daa6331f3b3be296427b0e5d0560fd174e9f59e78/analysis/
31036 || MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection || url,www.virustotal.com/en/file/726644e5f666b133159e6c2591cdd3bc628bcd335b381b74fcfd2e4db73689af/analysis/ || url,www.virustotal.com/en/file/af56f8f97c8872d043a4002daa6331f3b3be296427b0e5d0560fd174e9f59e78/analysis/
31053 || MALWARE-CNC Win.Trojan.MadnessPro outbound connection || url,blog.cylance.com/a-study-in-bots-madness-pro
31070 || MALWARE-CNC Win.Rootkit.Necurs outbound connection || url,www.virustotal.com/en/file/b47a1bdf5e53f4a754413d2461f7db9a4c7d1e0845c1f676b5399061e3dc1a4b/analysis/
31084 || MALWARE-CNC Win.Trojan.Zbot variant outbound connection || url,www.virustotal.com/en/file/750d533898f19c606ee9e96ff72c1aa3d830c469f2f564890ebbc38b169eb41b/analysis/1400275398/
31090 || BLACKLIST User-Agent known malicious user agent - User-Agent hello crazyk || url,www.virustotal.com/file/e61acf1cf61938eaa9cfa40e9dcd357f271c17c20218ba895c1f4a/analysis/
31112 || MALWARE-CNC Win.Trojan.Bancos password stealing attempt || url,www.virustotal.com/en/file/61cbe9b94bca25503c884bb0c9363b95fac6203534e5b23c5887dde91fbd4951/analysis/1384873658
31113 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection || url,www.virustotal.com/en/file/61cbe9b94bca25503c884bb0c9363b95fac6203534e5b23c5887dde91fbd4951/analysis/1384873658
31136 || MALWARE-CNC Win.Trojan.ZeroAccess inbound connection || url,www.virustotal.com/file/50cdd9f6c5629630c8d8a3a4fe7d929d3c6463b2f9407d9a90703047e7db7ff9/analysis/
31221 || MALWARE-CNC Win.Trojan.Banker variant outbound connection || url,www.virustotal.com/en/file/bf40d710dda1a3ada127d68b34b837eca03a28699cd858cda7d4a3e36690628a/analysis/
31222 || MALWARE-CNC Win.Trojan.Banker variant outbound connection || url,www.virustotal.com/en/file/bf40d710dda1a3ada127d68b34b837eca03a28699cd858cda7d4a3e36690628a/analysis/
31243 || MALWARE-CNC Win.Trojan.Necurs variant outbound connection || url,www.virustotal.com/en/file/565496cb40fc868d233dabfb1e178e8b9042d964cb1e4f5f3386a6db4f1cf30e/analysis/1400509611/
31244 || MALWARE-CNC Win.Trojan.Kuluoz outbound connection || url,www.virustotal.com/en/file/93a40a83977ca24df6e12d7d6f19a9b9d92cb3ea3174ea9d4398ad2048205c42/analysis/
31260 || MALWARE-CNC Win.Trojan.Andromeda HTTP proxy response attempt || url,www.exposedbotnets.com/2013/06/localmworg-andromeda-http-botnet-hosted.html
31261 || MALWARE-CNC Win.Trojan.Symmi outbound connection || url,www.virustotal.com/en/file/c77a679df3b74c622e39ab163fc876cc9d7719f2c2e8cf80beb36c813827d0c7/analysis/
31262 || MALWARE-CNC Win.Worm.VBNA variant check-in attempt || url,malwr.com/analysis/NWI5M2QwY2QxZWIwNDU4NDliYjU5NWJmMzc0MzQ2MDE/ || url,www.virustotal.com/en/file/0a777870b65d3dc80b56baf77f6d9e342d25a1c7d670077eca14a0f4309f9e26/analysis/ || url,www.virustotal.com/en/file/b5a01ce5e2b074f40d86ecca802658a5c998b5bf452f164b1a76f8fa27f53b15/analysis/
31293 || MALWARE-CNC Win.Trojan.Dyre publickey outbound connection || url,phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl || url,www.virustotal.com/en/file/417c9cd7c8abbd7bbddfc313c9f153758fd11bda47f754b9c59bc308d808c486/analysis/
31295 || MALWARE-CNC Win.Trojan.Zusy variant outbound connection || url,www.virustotal.com/en/file/0f3243a4645ab4acb88e1e0ee4fa0cb254a88709ce00a193ad6e20faec3243dc/analysis/
31315 || MALWARE-CNC Win.Trojan.MSIL variant outbound connection || url,malwr.com/analysis/ZDI5NTViMGI2MzZiNDU0MTlhMzNlZDhiZGUwNjFmOGY/
31405 || SERVER-APACHE Apache Chunked-Encoding worm attempt || bugtraq,4474 || bugtraq,4485 || bugtraq,5033 || cve,2002-0071 || cve,2002-0079 || cve,2002-0392 || nessus,10932
31423 || BLACKLIST DNS request for known malware domain indo.msname.org || url,www.virustotal.com/en/file/2f6f2b5b356db1620fecdbf92fbaf7abffec0d8d79893c809bdd31a0169ecbc8/analysis/
31442 || MALWARE-CNC Win.Trojan.Injector variant outbound connection || url,www.virustotal.com/en/file/56939273f68158dacc58d4e8d5bb5b0c4c04be89e279651c8f19fa6392f3d837/analysis/ || url,www.virustotal.com/en/file/ad40cabf66001087c2e9f548811b17341f63f19f528a3c04a1c9ab9f10b5eff9/analysis/
31449 || MALWARE-CNC Win.Trojan.CryptoWall downloader attempt || url,www.virustotal.com/en/file/e370c1fc6e7e289523fdf2f090edb7885f8d0de1b99be0164dafffeca9914b10/analysis/
31450 || MALWARE-CNC Win.Trojan.CryptoWall outbound connection || url,www.virustotal.com/en/file/a92ae8e80b0b70288a32c0455856453c5980021156132a540035e7ef5e0fa79e/analysis/
31452 || MALWARE-CNC Win.Trojan.Symmi variant outbound connection || url,www.virustotal.com/en/file/08e670fd1f7141f219f0bb7f48c179485146e439847a68cdf52b85328b66dd22/analysis/
31453 || MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection || url,www.virustotal.com/en/file/0423e10a674fb7e96557eac50b51207709a248df6e06aeeba401ded6157c1298/analysis/
31454 || MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection || url,www.virustotal.com/en/file/0423e10a674fb7e96557eac50b51207709a248df6e06aeeba401ded6157c1298/analysis/
31455 || EXPLOIT-KIT Rig Exploit Kit Outbound DGA Request || url,www.symantec.com/connect/blogs/rig-exploit-kit-used-recent-website-compromise
31458 || MALWARE-CNC Win.Trojan.SDBot variant outbound connection || url,www.virustotal.com/en/file/5682e096bad2d2e75fb09122af272572b23ca5defb70325ab7cdc4c534a68e7d/analysis
31464 || BLACKLIST DNS request for known malware domain disk57.com - Win.Trojan.Androm || url,malwr.com/analysis/ZmE3ZWU2YTkyM2U0NGQ0MmI1NDcxMjUwZDE2NTM5MjQ/
31465 || MALWARE-CNC Win.Trojan.Androm Click Fraud Request || url,malwr.com/analysis/ZmE3ZWU2YTkyM2U0NGQ0MmI1NDcxMjUwZDE2NTM5MjQ/
31466 || MALWARE-CNC Win.Trojan.Androm Click Fraud Request || url,malwr.com/analysis/ZmE3ZWU2YTkyM2U0NGQ0MmI1NDcxMjUwZDE2NTM5MjQ/
31467 || MALWARE-CNC Win.Trojan.Androm variant outbound connection || url,malwr.com/analysis/ZmE3ZWU2YTkyM2U0NGQ0MmI1NDcxMjUwZDE2NTM5MjQ/
31468 || MALWARE-CNC Win.Trojan.Papras variant outbound connection || url,www.virustotal.com/en/file/9e548d9a37c46423680e324b31204197babc45ddc05835afa772fde8627e72b2/analysis/
31472 || BLACKLIST DNS request for known malware domain nanoseklo.net - Win.Trojan.HW32 || url,www.virustotal.com/en/file/e69b310dff09830641d4b9682375ce3df503674d23c429bd7847979ea9250b2b/analysis/
31507 || MALWARE-CNC Win.Trojan.HW32 variant spam attempt || url,www.virustotal.com/en/file/e69b310dff09830641d4b9682375ce3df503674d23c429bd7847979ea9250b2b/analysis/
31530 || MALWARE-CNC Win.Trojan.Symmi variant outbound connection || url,www.virustotal.com/en/file/b2b7571ffc6ee27fc716f308d72a3268ffa5f32330ca6349aacc92e6cecb2582/analysis/1406043461/
31531 || INDICATOR-COMPROMISE MinerDeploy monitor request attempt || url,www.virustotal.com/en/file/06033b08afd30b413cce3b9a169cb8396fe34865f3bacd436c652dbb469ced62/analysis/
31593 || MALWARE-CNC Andr.Trojan.SMSSend outbound connection || url,www.virustotal.com/en/file/a70a62ac920e83bab5e3e38ac8853ca3f45b6022f4d4ca47c9ae5cb9049700bb/analysis/1406724303/
31600 || BLACKLIST DNS reverse lookup response for known malware domain spheral.ru - Win.Trojan.Glupteba || url,www.virustotal.com/en/file/0bcc2bf3cf06952e18c3e1d9860698dbb3ff1644a0389a9756c1b82b66fb2b83/analysis/
31603 || MALWARE-CNC Win.Trojan.Glupteba C&C server HELLO request to client || url,www.virustotal.com/en/file/0bcc2bf3cf06952e18c3e1d9860698dbb3ff1644a0389a9756c1b82b66fb2b83/analysis/
31604 || MALWARE-CNC Win.Trojan.Glupteba C&C server READD command to client || url,www.virustotal.com/en/file/0bcc2bf3cf06952e18c3e1d9860698dbb3ff1644a0389a9756c1b82b66fb2b83/analysis/
31605 || MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client || url,www.virustotal.com/en/file/0bcc2bf3cf06952e18c3e1d9860698dbb3ff1644a0389a9756c1b82b66fb2b83/analysis/
31606 || MALWARE-CNC Win.Trojan.Glupteba payload download request || url,www.virustotal.com/en/file/0bcc2bf3cf06952e18c3e1d9860698dbb3ff1644a0389a9756c1b82b66fb2b83/analysis/
31607 || MALWARE-CNC Win.Trojan.Glupteba client response/authenticate to C&C server || url,www.virustotal.com/en/file/0bcc2bf3cf06952e18c3e1d9860698dbb3ff1644a0389a9756c1b82b66fb2b83/analysis/
31639 || BLACKLIST DNS request for known malware domain hslh.sytes.net - Win.Worm.Jenxcus || url,www.virustotal.com/en/file/5382192453e48d46e20096b14458b17368d401ccbf365020e6094cd5ed20ac51/analysis/
31641 || MALWARE-CNC Win.Tinybanker variant outbound connection || url,blog.avast.com/2014/07/17/tinybanker-trojan-targets-banking-customers/ || url,www.virustotal.com/en/file/b88b978d00b9b3a011263f398fa6a21098aba714db14f7e71062ea4a6b2e974e/analysis/
31642 || MALWARE-CNC Win.Tinybanker variant outbound connection || url,blog.avast.com/2014/07/17/tinybanker-trojan-targets-banking-customers/ || url,www.virustotal.com/en/file/b88b978d00b9b3a011263f398fa6a21098aba714db14f7e71062ea4a6b2e974e/analysis/
31644 || MALWARE-CNC Andr.Trojan.Scarelocker outbound connection || url,malware.dontneedcoffee.com/2014/08/scarepackageknstant.html || url,www.virustotal.com/en/file/ebed6a20738f68787e19eaafc725bc8c76fba6b104e468ddcfb05a4d88a11811/analysis/
31649 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection || url,www.virustotal.com/en/file/61cbe9b94bca25503c884bb0c9363b95fac6203534e5b23c5887dde91fbd4951/analysis/1384873658/
31680 || MALWARE-CNC Win.Trojan.Tirabot variant outbound connection || url,www.virustotal.com/en/file/7ea920d297e23cf58e9f00fa3d48e02994253cb4a673bdd6db9a02fa5ab9ffb8/analysis/1407432311/
31681 || MALWARE-CNC Win.Trojan.Badur download attempt || url,www.virustotal.com/en/file/adf5d662af390ad3a187a1991e0b463327fb8360fd55a27e6f9961c8a84a47c5/analysis/
31682 || MALWARE-CNC Win.Trojan.Badur download attempt || url,www.virustotal.com/en/file/840b3b76030696b1ce9eccd5ee6d55dd79c0120871094cb9266769c09f03029c/analysis/
31683 || MALWARE-CNC Win.Trojan.Badur variant outbound connection || url,www.virustotal.com/en/file/840b3b76030696b1ce9eccd5ee6d55dd79c0120871094cb9266769c09f03029c/analysis/
31719 || FILE-IMAGE Microsoft Multiple Products JPEG parser heap overflow attempt || bugtraq,11173 || cve,2004-0200 || url,www.microsoft.com/security/bulletins/200409_jpeg.mspx
31820 || MALWARE-CNC Win.Banker.Delf variant outbound connection || url,www.virustotal.com/en/file/dce2799df1da1ad992d37c78ea586dfd0cf673642ecc56ac464fe7a81a6994ca/analysis/
31824 || MALWARE-CNC Win.Trojan.Graftor variant outbound connection || url,www.virustotal.com/en/file/53ac9c629cf0cc468cfaf77fe4b54f1da7576e0c0327650915b79f9340fa84ff/analysis/
31826 || MALWARE-CNC Win.Trojan.Delf variant HTTP Response || url,www.virustotal.com/en/file/59e721000aa38a91ed42799e955f9337482c627e0675520aa54dcad068e6e004/analysis/1409846457/
31827 || MALWARE-CNC Win.Trojan.Delf variant outbound connection || url,www.virustotal.com/en/file/59e721000aa38a91ed42799e955f9337482c627e0675520aa54dcad068e6e004/analysis/1409846457/
31829 || BLACKLIST DNS request for known malware domain eduarditopallares.mooo.com - Win.Trojan.VBKrypt || url,www.virustotal.com/en/file/0a7e5ba1ba4c1ae22b7d6d30026ffb287911be4bdc8042363d29c93c3c71b3e7/analysis/
31830 || POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt || url,filedownloads.qlogic.com/files/Manual/81355/UserGuide_5800V_Series_QuickTools_v80_59264-02B.pdf || url,filedownloads.qlogic.com/files/manual/67941/QuickTools_Guide_Sb5600_Series_v74_59235-03_%5BA%5D.pdf
31831 || POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt || url,filedownloads.qlogic.com/files/Manual/81355/UserGuide_5800V_Series_QuickTools_v80_59264-02B.pdf || url,filedownloads.qlogic.com/files/manual/67941/QuickTools_Guide_Sb5600_Series_v74_59235-03_%5BA%5D.pdf
31916 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection || url,www.virustotal.com/en/file/61cbe9b94bca25503c884bb0c9363b95fac6203534e5b23c5887dde91fbd4951/analysis/1384873658/
31919 || BLACKLIST DNS request for known malware domain saltsecond.net - Win.Trojan.Symmi || url,www.virustotal.com/en/file/4c0549384574ae91b68d58d92da3deacfcf714b27fb8d762ce9de8c58990ffb1/analysis/
31921 || BLACKLIST DNS request for known malware domain southblood.net - Win.Trojan.Symmi || url,www.virustotal.com/en/file/4c0549384574ae91b68d58d92da3deacfcf714b27fb8d762ce9de8c58990ffb1/analysis/
31923 || MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt || url,www.virustotal.com/en/file/4c0549384574ae91b68d58d92da3deacfcf714b27fb8d762ce9de8c58990ffb1/analysis/
31924 || MALWARE-CNC Win.Trojan.Symmi variant outbound connection || url,www.virustotal.com/en/file/4c0549384574ae91b68d58d92da3deacfcf714b27fb8d762ce9de8c58990ffb1/analysis/
31964 || MALWARE-CNC Win.Trojan.Banker variant outbound connection || url,www.virustotal.com/en/file/bf40d710dda1a3ada127d68b34b837eca03a28699cd858cda7d4a3e36690628a/analysis/
31965 || EXPLOIT-KIT Astrum exploit kit landing page || url,malware.dontneedcoffee.com/2014/09/astrum-ek.html
31966 || EXPLOIT-KIT Astrum exploit kit payload delivery || url,malware.dontneedcoffee.com/2014/09/astrum-ek.html
31967 || EXPLOIT-KIT Astrum exploit kit payload delivery || url,malware.dontneedcoffee.com/2014/09/astrum-ek.html
31970 || EXPLOIT-KIT Astrum exploit kit redirection attempt || url,malware.dontneedcoffee.com/2014/09/astrum-ek.html
31971 || EXPLOIT-KIT Astrum exploit kit multiple exploit download request || url,malware.dontneedcoffee.com/2014/09/astrum-ek.html
31972 || EXPLOIT-KIT Astrum exploit kit payload delivery || url,malware.dontneedcoffee.com/2014/09/astrum-ek.html
31973 || MALWARE-CNC Win.Trojan.Chebri variant outbound connection || url,www.virustotal.com/en/file/db94644fc351fb4a9117b68ab625494daa2ebe36117a8333577d857a7c2d1ec6/analysis/1409853252/
31975 || OS-OTHER Bash CGI environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
31976 || OS-OTHER Bash CGI environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
31977 || OS-OTHER Bash CGI environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
31978 || OS-OTHER Bash CGI environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
31985 || OS-OTHER Malicious DHCP server bash environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
31990 || BLACKLIST User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre || url,www.virustotal.com/en/file/ae7f419e0093fd2d4892ea6920aaa2c12c95cede9c97cb0a1f096496d4ff93ea/analysis/
31991 || BLACKLIST User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre || url,www.virustotal.com/en/file/e295922322324e048657a5b4c0c4c9717a1a127e39ba45a03dc5d4d4bb2e523f/analysis/
32008 || MALWARE-OTHER Fake Delta Ticket HTTP Response phishing attack || url,www.satinfo.es/blog/tag/deltaticket_et-rm-0hj423891156-exe
32009 || MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command || url,www.virustotal.com/en/file/73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6ebcba6fa489/analysis/
32010 || MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt || url,www.virustotal.com/en/file/73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6ebcba6fa489/analysis/
32011 || MALWARE-CNC Linux.Backdoor.Flooder outbound connection || url,www.virustotal.com/en/file/73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6ebcba6fa489/analysis/
32038 || OS-OTHER Bash environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
32039 || OS-OTHER Bash environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
32041 || OS-OTHER Bash environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
32042 || OS-OTHER Bash environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
32043 || OS-OTHER Bash environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
32065 || MALWARE-CNC Win.Trojan.Asprox inbound connection || url,www.virustotal.com/en/file/8ba8292eaa47967618c2376afe524736f4fa7eec15ed9cca17abfca692d26fe4/analysis/
32066 || MALWARE-CNC Win.Trojan.Asprox outbound connection || url,www.virustotal.com/en/file/8ba8292eaa47967618c2376afe524736f4fa7eec15ed9cca17abfca692d26fe4/analysis/
32067 || MALWARE-CNC Win.Trojan.Asprox outbound connection || url,www.virustotal.com/en/file/8ba8292eaa47967618c2376afe524736f4fa7eec15ed9cca17abfca692d26fe4/analysis/
32069 || OS-OTHER Bash environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
32072 || MALWARE-CNC Win.Trojan.Zemot configuration download attempt || url,www.virustotal.com/en/file/8ba8292eaa47967618c2376afe524736f4fa7eec15ed9cca17abfca692d26fe4/analysis/
32073 || MALWARE-CNC Win.Trojan.Zemot outbound connection || url,www.virustotal.com/en/file/8ba8292eaa47967618c2376afe524736f4fa7eec15ed9cca17abfca692d26fe4/analysis/
32074 || MALWARE-CNC Win.Trojan.Zemot payload download attempt || url,www.virustotal.com/en/file/8ba8292eaa47967618c2376afe524736f4fa7eec15ed9cca17abfca692d26fe4/analysis/
32130 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection || url,www.virustotal.com/en/file/51540d7c9a4bc2a430bc50c85cf9cec5c6f2bb755e800a3f3575ba34fe5f008c/analysis
32176 || BLACKLIST DNS request for known malware domain av4.microsoftsp3.com - Win.Trojan.Plugx || url,virustotal.com/en/file/4d464f9def2276dac15d19ccf049b7c68642290bc0e345e06d4b6e9103fde9e6/analysis/
32177 || BLACKLIST DNS request for known malware domain java.ns1.name - Win.Trojan.Plugx || url,virustotal.com/en/file/4d464f9def2276dac15d19ccf049b7c68642290bc0e345e06d4b6e9103fde9e6/analysis/
32179 || MALWARE-CNC WIN.Trojan.Plugx variant outbound connection || url,virustotal.com/en/file/4d464f9def2276dac15d19ccf049b7c68642290bc0e345e06d4b6e9103fde9e6/analysis/
32180 || MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt || url,virustotal.com/en/file/438ed90e1f69b5dcae2d30d241159aaed74f9d3125c60f1003915b2237978f7d/analysis/
32181 || MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt || url,virustotal.com/en/file/438ed90e1f69b5dcae2d30d241159aaed74f9d3125c60f1003915b2237978f7d/analysis/
32192 || MALWARE-CNC Win.Trojan.Zxshell variant outbound connection || url,www.virustotal.com/en/file/547044cb73f1c18ccd92cd28afded37756f749a9338ed7c04306c1de46889d6b/analysis/
32196 || MALWARE-CNC Win.Trojan.Graftor variant outbound connection || url,www.virustotal.com/en/file/f7215718184d5fa1a2057e5dd714d3cdbd00fe924334ecdd3cd5662c3c284d90/analysis/
32225 || MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection || url,www.virustotal.com/en/file/f75b9ed535c3b33ead4da28854f3e8d6e805135679a2352463184acb06ffcaf0/analysis/
32244 || BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt || bugtraq,5293 || cve,2002-2314 || url,osvdb.org/show/osvdb/60255
32309 || BLACKLIST DNS request for known malware domain good.myftp.org - Win.Trojan.Farfi || url,www.virustotal.com/en/file/184c083e839451c2ab0de7a89aa801dc0458e2bd1fe79e60f35c26d92a0dbf6a/analysis/
32335 || OS-OTHER Bash CGI environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
32336 || OS-OTHER Bash CGI environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
32366 || OS-OTHER Bash environment variable injection attempt || cve,2014-6271 || cve,2014-6277 || cve,2014-6278 || cve,2014-7169
32367 || MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection || url,www.virustotal.com/en/file/d866214d1f921028f9001ae399e9f8dec32ec8998c84d20d60a992164888a6fc/analysis
32370 || SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt || bugtraq,10889 || cve,2004-0636 || url,osvdb.org/show/osvdb/8398
32374 || MALWARE-CNC Win.Trojan.Androm variant outbound connection || url,malwr.com/analysis/ZmE3ZWU2YTkyM2U0NGQ0MmI1NDcxMjUwZDE2NTM5MjQ/
32385 || BLACKLIST DNS request for known malware domain tiptronic.soxx.us - Scarsi Trojan || url,www.virustotal.com/en/file/403bca7e414291c4aecf8646ef6157e441d51915149fbcd2f70aabe05585c8ff/analysis/
32583 || MALWARE-CNC Win.Trojan.Symmi variant outbound connection || url,www.virustotal.com/en/file/7c110c2d125a4100322bd9c4328d0a01259cb00a4e3709815711b8b364a58bdd/analysis/1415285838/
32584 || MALWARE-CNC Win.Trojan.Symmi variant outbound connection || url,malwr.com/analysis/NDUwYTczYzQ0YWMwNGM2Yjk5MDc5YmU4Yjg5MzY5OWY/ || url,www.virustotal.com/en/file/d34644047c451081e9332e18600dba25aed42ff76f96fc51cb3eada95ba57e59/analysis/
32604 || MALWARE-CNC Win.Trojan.Geodo variant outbound connection || url,www.virustotal.com/en/file/330b408173d45365dd6372bc659ebdd54b9eb18b323079da9552c4e3d8e62d1e/analysis/
32605 || MALWARE-CNC Win.Worm.Jenxcus variant outbound connection || url,www.virustotal.com/en/file/8538cbb2271f90c57f57150d714ec92e59869f52c7060bb2ab1f57ef6757321d/analysis/
32606 || MALWARE-CNC Win.Trojan.Sodebral variant outbound connection || url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/
32607 || MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt || url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/
32608 || MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt || url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/
32645 || BLACKLIST User-Agent known malicious user-agent string RUpdate || url,www.virustotal.com/en/file/0d68f1d3855543a4732e551e9e4375a2cd85d9ab11a86334f67ad99c5f6990a0/analysis/
32646 || INDICATOR-COMPROMISE Potential malware download - _pdf.exe within .zip file || url,www.virustotal.com/en/file/0d68f1d3855543a4732e551e9e4375a2cd85d9ab11a86334f67ad99c5f6990a0/analysis/
32655 || BLACKLIST DNS request for known malware domain mail.q0v.pl - Group 74 || url,virustotal.com/en/file/7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965/analysis/
32658 || BLACKLIST DNS request for known malware domain natoexhibitionff14.com - Group 74 || url,virustotal.com/en/file/7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965/analysis/
32660 || BLACKLIST DNS request for known malware domain q0v.pl - Group 74 || url,virustotal.com/en/file/7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965/analysis/
32661 || BLACKLIST DNS request for known malware domain qov.hu.com - Group 74 || url,virustotal.com/en/file/7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965/analysis/
32665 || MALWARE-CNC Win.Trojan.Chopstick variant outbound request || url,virustotal.com/en/file/7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965/analysis/
32667 || MALWARE-CNC Win.Trojan.Chopstick variant outbound request || url,virustotal.com/en/file/7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965/analysis/
32670 || MALWARE-CNC Win.Dropper.Ch variant outbound connection || url,www.virustotal.com/en/file/3d8f05f45f8335198e5488716be2a9c5cebead7d0321bc371fa475d689ffe658/analysis/
32674 || MALWARE-CNC Win.Trojan.Wiper variant outbound connection || url,virustotal.com/en/file/e2ecec43da974db02f624ecadc94baf1d21fd1a5c4990c15863bb9929f781a0a/analysis/
32776 || MALWARE-CNC FIN4 VBA Macro credentials upload attempt || url,www.virustotal.com/en/url/536ed7236769b9a5f09b2a31ab138fbad7331108cb65e1f4c77d129df7fb7764/analysis/
32823 || MALWARE-CNC Win.Trojan.Darkhotel outbound connection || url,securelist.com/files/2014/11/darkhotel_kl_07.11.pdf || url,securelist.com/files/2014/11/darkhotelappendixindicators_kl.pdf
32824 || MALWARE-CNC Win.Trojan.Darkhotel outbount connection attempt || url,securelist.com/files/2014/11/darkhotel_kl_07.11.pdf || url,securelist.com/files/2014/11/darkhotelappendixindicators_kl.pdf
32825 || MALWARE-CNC Win.Trojan.Darkhotel outbound connection || url,securelist.com/files/2014/11/darkhotel_kl_07.11.pdf || url,securelist.com/files/2014/11/darkhotelappendixindicators_kl.pdf
32826 || MALWARE-CNC Win.Trojan.Darkhotel data upload attempt || url,securelist.com/files/2014/11/darkhotel_kl_07.11.pdf || url,securelist.com/files/2014/11/darkhotelappendixindicators_kl.pdf
32827 || MALWARE-CNC Win.Trojan.Darkhotel response connection attempt || url,securelist.com/files/2014/11/darkhotel_kl_07.11.pdf || url,securelist.com/files/2014/11/darkhotelappendixindicators_kl.pdf
32845 || APP-DETECT Absolute Software Computrace outbound connection - 209.53.113.223 || url,absolute.com/support/consumer/technology_computrace || url,www.blackhat.com/docs/us-14/materials/us-14-Kamlyuk-Kamluk-Computrace-Backdoor-Revisited.pdf || url,www.blackhat.com/presentations/bh-usa-09/ORTEGA/BHUSA09-Ortega-DeactivateRootkit-PAPER.pdf
32846 || APP-DETECT Absolute Software Computrace outbound connection - absolute.com || url,absolute.com/support/consumer/technology_computrace || url,www.blackhat.com/docs/us-14/materials/us-14-Kamlyuk-Kamluk-Computrace-Backdoor-Revisited.pdf || url,www.blackhat.com/presentations/bh-usa-09/ORTEGA/BHUSA09-Ortega-DeactivateRootkit-PAPER.pdf
32847 || APP-DETECT Absolute Software Computrace outbound connection - bh.namequery.com || url,absolute.com/support/consumer/technology_computrace || url,www.blackhat.com/docs/us-14/materials/us-14-Kamlyuk-Kamluk-Computrace-Backdoor-Revisited.pdf || url,www.blackhat.com/presentations/bh-usa-09/ORTEGA/BHUSA09-Ortega-DeactivateRootkit-PAPER.pdf
32848 || APP-DETECT Absolute Software Computrace outbound connection - namequery.nettrace.co.za || url,absolute.com/support/consumer/technology_computrace || url,www.blackhat.com/docs/us-14/materials/us-14-Kamlyuk-Kamluk-Computrace-Backdoor-Revisited.pdf || url,www.blackhat.com/presentations/bh-usa-09/ORTEGA/BHUSA09-Ortega-DeactivateRootkit-PAPER.pdf
32849 || APP-DETECT Absolute Software Computrace outbound connection - search.us.namequery.com || url,absolute.com/support/consumer/technology_computrace || url,www.blackhat.com/docs/us-14/materials/us-14-Kamlyuk-Kamluk-Computrace-Backdoor-Revisited.pdf || url,www.blackhat.com/presentations/bh-usa-09/ORTEGA/BHUSA09-Ortega-DeactivateRootkit-PAPER.pdf
32850 || APP-DETECT Absolute Software Computrace outbound connection - search2.namequery.com || url,absolute.com/support/consumer/technology_computrace || url,www.blackhat.com/docs/us-14/materials/us-14-Kamlyuk-Kamluk-Computrace-Backdoor-Revisited.pdf || url,www.blackhat.com/presentations/bh-usa-09/ORTEGA/BHUSA09-Ortega-DeactivateRootkit-PAPER.pdf
32851 || APP-DETECT Absolute Software Computrace outbound connection - search64.namequery.com || url,absolute.com/support/consumer/technology_computrace || url,www.blackhat.com/docs/us-14/materials/us-14-Kamlyuk-Kamluk-Computrace-Backdoor-Revisited.pdf || url,www.blackhat.com/presentations/bh-usa-09/ORTEGA/BHUSA09-Ortega-DeactivateRootkit-PAPER.pdf
32852 || MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection || url,www.virustotal.com/en/file/12a803cd2f67d2dbdc3fb1a6940b9a11b61f6d8455f139e6e90893d9a4eb455a/analysis/
32853 || MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection || url,www.virustotal.com/en/file/12a803cd2f67d2dbdc3fb1a6940b9a11b61f6d8455f139e6e90893d9a4eb455a/analysis/
32888 || INDICATOR-COMPROMISE Potential Redirect from Compromised WordPress site to Fedex - Spammed Malware Download attempt || url,www.hybrid-analysis.com/sample/a531bc62b0460eba5b0003b535a2e9cceae0b623aecfdc6f0331743fbee77e56/
32889 || FILE-IMAGE Microsoft and libpng multiple products PNG large image width overflow attempt || bugtraq,11523 || cve,2004-0990 || cve,2004-1244 || cve,2007-5503 || url,sourceforge.net/p/png-mng/mailman/message/33173462/ || url,technet.microsoft.com/en-us/security/bulletin/MS05-009
32911 || MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32912 || MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32913 || MALWARE-BACKDOOR Win.Trojan.Wiper download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32914 || MALWARE-BACKDOOR Win.Trojan.Wiper download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32915 || MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32916 || MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32917 || MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32918 || MALWARE-BACKDOOR Win.Trojan.Wiper download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32919 || MALWARE-OTHER Win.Trojan.Wiper download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32920 || MALWARE-OTHER Win.Trojan.Wiper download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32921 || MALWARE-OTHER Win.Trojan.Wiper download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32922 || MALWARE-OTHER Win.Trojan.Wiper listener download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32923 || MALWARE-OTHER Win.Trojan.Wiper listener download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32924 || MALWARE-OTHER Win.Trojan.Wiper listener download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32925 || MALWARE-OTHER Win.Trojan.Wiper listener download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32926 || MALWARE-OTHER Win.Trojan.Wiper listener download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32927 || MALWARE-OTHER Win.Trojan.Wiper listener download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32928 || MALWARE-OTHER Win.Trojan.Wiper listener download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32929 || MALWARE-OTHER Win.Trojan.Wiper listener download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32930 || MALWARE-OTHER Win.Trojan.Wiper listener download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32931 || MALWARE-OTHER Win.Trojan.Wiper listener download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32932 || MALWARE-OTHER Win.Trojan.Wiper listener download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32933 || MALWARE-OTHER Win.Trojan.Wiper listener download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32934 || MALWARE-OTHER Win.Trojan.Wiper download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32935 || MALWARE-OTHER Win.Trojan.Wiper download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32936 || MALWARE-TOOLS Win.Trojan.Wiper proxy tools download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32937 || MALWARE-TOOLS Win.Trojan.Wiper proxy communication attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32938 || MALWARE-TOOLS Win.Trojan.Wiper proxy tool download attempt || url,us-cert.gov/ncas/alerts/TA14-353A
32956 || MALWARE-CNC Android.CoolReaper.Trojan outbound connection || url,www.virustotal.com/en/file/94b3d27488d10ec2dd73f39513a6d7845ab50b395d6b3adb614b94f8a8609f0e/analysis/
32957 || MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt || url,www.virustotal.com/en/file/0d1f479842cd5bde4f18ab8c85a099da39e13a4051a7c21334e33d55b6f18d76/analysis/
32958 || MALWARE-CNC Win.Trojan.TinyZBot response connection attempt || url,www.virustotal.com/en/file/0d1f479842cd5bde4f18ab8c85a099da39e13a4051a7c21334e33d55b6f18d76/analysis/
32976 || MALWARE-CNC Win.Trojan.Kuluos variant outbound connection || url,www.virustotal.com/en/file/48936d3242ccd9decedf1057b08eacf5f952efeb1b7bb2f354bb02028a361ac2/analysis/
32977 || MALWARE-CNC Win.Trojan.Kuluos variant outbound connection || url,www.virustotal.com/en/file/48936d3242ccd9decedf1057b08eacf5f952efeb1b7bb2f354bb02028a361ac2/analysis/
33153 || MALWARE-CNC Win.Trojan.Heur variant outbound connection || url,www.virustotal.com/en/file/2fb5c3859df3b46cc7e2e2176654cb7e5f739f2bc9faf3e813736b37c6d3b6bc/analysis/
33212 || PUA-ADWARE SoftPulse variant HTTP response attempt || url,www.virustotal.com/en/file/7aa774bffa2eb38c691774c1cc59e0adf6186da62afc417baa6333670e1e3011/analysis/1421687954/
33219 || MALWARE-CNC Win.Trojan.Gamarue variant outbound connection || url,www.virustotal.com/en/file/eefe5370b09a32a7b295c136073a8560958c4a58822a7da5b501a10543266c6e/analysis/1421697833/
33220 || MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt || url,www.virustotal.com/en/file/f4499928a6fee5d37fb711ed6d68708bf116cfc7f284d3295dd30ded7ecf64b2/analysis/
33221 || MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot || url,www.virustotal.com/en/file/f4499928a6fee5d37fb711ed6d68708bf116cfc7f284d3295dd30ded7ecf64b2/analysis/
33222 || MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot || url,www.virustotal.com/en/file/f4499928a6fee5d37fb711ed6d68708bf116cfc7f284d3295dd30ded7ecf64b2/analysis/
33223 || MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot || url,www.virustotal.com/en/file/f4499928a6fee5d37fb711ed6d68708bf116cfc7f284d3295dd30ded7ecf64b2/analysis/
33224 || INDICATOR-COMPROMISE Win.Trojan.Blocker variant outbound connection attempt || url,www.virustotal.com/en/file/79b75a8564e2e446789e1890f52c025792de919b63719e02630a70d6ae9a3ca4/analysis/1421439683/
33227 || MALWARE-CNC Win.Agent.BHHK variant outbound connection || url,www.virustotal.com/en/file/cab1fffe7a34b5bb7dab2cacd406cf15628d835ab63502d28df78c2faeaad366/analysis/1421677054/
33228 || MALWARE-CNC Win.Trojan.Kovter variant outbound connection || url,www.virustotal.com/en/file/599dc4c4dae2d12f8c8ea00114c1cbddecbc171c552e7fbe5aba516ef11b08f0/analysis/
33282 || MALWARE-CNC Win.Trojan.Upatre variant outbound connection || url,www.virustotal.com/en/file/7a06565bb9d49aa92084b5bc32cf59d04dc1d60d63827099ca7c14063f54967a/analysis/1421616162/
33443 || MALWARE-CNC Win.Trojan.Symmi variant outbound connection || url,www.virustotal.com/en/file/4ca26daa7cfb81c8ee05c955f19ef527a9452f2dad3c63674afa7f6796d96f02/analysis/
33444 || MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection || url,www.virustotal.com/en/file/66e69ff2c4881a1c95eccd287af3b8db692fd5c9df3caee464f8b4125d46c1a4/analysis/
33449 || MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt || url,www.virustotal.com/en/file/17edf82c40df6c7268191def7cbff6e60e78d7388018408800d42581567f78cf/analysis/
33450 || MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection || url,www.virustotal.com/en/file/17edf82c40df6c7268191def7cbff6e60e78d7388018408800d42581567f78cf/analysis/
33452 || PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection || url,www.virustotal.com/en/file/06f3bd3df0326b5c3c5b03070d9d870507b868ee4e1acff62f0d301c43492709/analysis/
33453 || MALWARE-CNC Win.Trojan.Kovter variant outbound connection || url,www.virustotal.com/en/file/db8952943708f4eefa72ad04ff01bdf9acb33fdd89a5ad98b0ec2649fb116a52/analysis/1422981882/
33457 || MALWARE-CNC Win.Trojan.Symmi variant outbound connection || url,www.virustotal.com/en/file/609c2c8ab60a30822689a3955fb84f06b5c3962e0d2b894f4794ac8ee5eee2eb/analysis/
33519 || BLACKLIST User-Agent known malicious user agent - ALIZER || url,www.virustotal.com/en/file/958c004400ca2a736473c68d842cbea9038bde940d1e44fb08cf08c4352c5f55/analysis/
33520 || MALWARE-CNC Win.Trojan.Zusy inbound CNC response || url,www.virustotal.com/en/file/958c004400ca2a736473c68d842cbea9038bde940d1e44fb08cf08c4352c5f55/analysis/
33521 || MALWARE-CNC Win.Trojan.Zusy variant outbound connection || url,www.virustotal.com/en/file/958c004400ca2a736473c68d842cbea9038bde940d1e44fb08cf08c4352c5f55/analysis/
33522 || BLACKLIST User-Agent known malicious user-agent - DNS Changer || url,www.virustotal.com/en/file/2b16bd74ed6cf86938a7108b6a6fa9343ac4f890f0228b964a98c45428cb4e3c/analysis/ || url,www.virustotal.com/en/file/e5cbca1c1cca4ce5ef8beddca38869bdb18e089b969171e5ba337aa756371c36/analysis/
33523 || MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection || url,www.virustotal.com/en/file/2b16bd74ed6cf86938a7108b6a6fa9343ac4f890f0228b964a98c45428cb4e3c/analysis/ || url,www.virustotal.com/en/file/e5cbca1c1cca4ce5ef8beddca38869bdb18e089b969171e5ba337aa756371c36/analysis/
33524 || MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection || url,www.virustotal.com/en/file/2b16bd74ed6cf86938a7108b6a6fa9343ac4f890f0228b964a98c45428cb4e3c/analysis/ || url,www.virustotal.com/en/file/e5cbca1c1cca4ce5ef8beddca38869bdb18e089b969171e5ba337aa756371c36/analysis/
33547 || MALWARE-CNC Win.Trojan.Turla outbound connection || url,www.virustotal.com/en/file/1a488c6824bd39f3568346b2aaf3f6666f41b1d4961a2d77360c7c65c7978b5e/analysis/
33560 || BLACKLIST DNS request for known malware domain tracking-recipient.net46.net - Win.Cossta || url,www.virustotal.com/en/file/cdaa661e2b5913997f4d905e0490bd8d9069a0c9f90a13944d5d3e1d6d1f2089/analysis/
33646 || MALWARE-CNC Linux.Trojan.XORDDoS outbound connection || url,www.virustotal.com/en/file/e8cb63cc050c952c1168965f597105a128b56114835eb7d40bdec964a0e243dc/analysis/
33647 || MALWARE-CNC Linux.Trojan.XORDDoS outbound connection || url,www.virustotal.com/en/file/e8cb63cc050c952c1168965f597105a128b56114835eb7d40bdec964a0e243dc/analysis/
33648 || MALWARE-CNC Linux.Trojan.XORDDoS outbound connection || url,www.virustotal.com/en/file/e8cb63cc050c952c1168965f597105a128b56114835eb7d40bdec964a0e243dc/analysis/
33649 || BLACKLIST User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro || url,www.virustotal.com/en/file/34a3667846bbdea8dc92150e6766e3bac129a2b5fd4856c6f1512e794b90f23d/analysis/
33650 || MALWARE-CNC Win.Trojan.Tinba outbound connection || url,www.virustotal.com/en/file/8eb2c85abe7acee219e344ae0592a2b1c159bdafa037be39ac062bdaeeb1f621/analysis/
33677 || MALWARE-CNC Win.Trojan.Babar outbound connection || url,www.virustotal.com/en/file/c72a055b677cd9e5e2b2dcbba520425d023d906e6ee609b79c643d9034938ebf/analysis/
33678 || MALWARE-CNC Win.Trojan.FannyWorm outbound connection || url,www.virustotal.com/en/file/003315b0aea2fcb9f77d29223dd8947d0e6792b3a0227e054be8eb2a11f443d9/analysis/
33740 || FILE-IMAGE Microsoft emf file download request || bugtraq,10120 || bugtraq,28819 || bugtraq,9707 || cve,2003-0906 || cve,2007-5746 || url,technet.microsoft.com/en-us/security/bulletin/MS04-011 || url,technet.microsoft.com/en-us/security/bulletin/MS04-032 || url,technet.microsoft.com/en-us/security/bulletin/MS05-053 || url,technet.microsoft.com/en-us/security/bulletin/MS06-001
33815 || PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection || url,www.virustotal.com/en/file/bace69ffe133e7693b3b77994a3c81e990288ca4b642cffe12938d705c7019df/analysis/
33816 || PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection || url,www.virustotal.com/en/file/bace69ffe133e7693b3b77994a3c81e990288ca4b642cffe12938d705c7019df/analysis/
33822 || MALWARE-CNC Win.Trojan.Egamipload variant outbound connection || url,www.virustotal.com/en/file/50d7dab7095d5b84a6ccb11769d82cc105b519d84ab7aef4d540ed3703ae3e45/analysis/
33851 || MALWARE-CNC Win.Trojan.Poseidon outbound connection || url,blogs.cisco.com/security/talos/poseidon
33852 || MALWARE-CNC Win.Trojan.Poseidon outbound connection || url,blogs.cisco.com/security/talos/poseidon
33885 || MALWARE-CNC Win.Trojan.Gh0st variant outbound connection || url,virustotal.com/en/file/a4fd37b8b9eabd0bfda7293acbb1b6c9f97f8cc3042f3f78ad2b11816e1f9a59/analysis/1425053730/
34047 || MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection || url,www.virustotal.com/en/file/4f0988ac590d52b97b1a162f5ee098c38f6e640be783a511049d8e5006cac011/analysis/
34119 || PUA-ADWARE InstallMetrix precheck stage outbound connection || url,www.virustotal.com/en/file/d99db4f7f047cbf672eb19ea2e492a45d948338c0f10ef4761db3b9e372ba90e/analysis/1426449298/
34120 || PUA-ADWARE InstallMetrix fetch offers stage outbound connection || url,www.virustotal.com/en/file/d99db4f7f047cbf672eb19ea2e492a45d948338c0f10ef4761db3b9e372ba90e/analysis/1426449298/
34121 || PUA-ADWARE InstallMetrix reporting binary installation stage status || url,www.virustotal.com/en/file/d99db4f7f047cbf672eb19ea2e492a45d948338c0f10ef4761db3b9e372ba90e/analysis/1426449298/
34122 || PUA-ADWARE InstallMetrix reporting fetch offers stage status || url,www.virustotal.com/en/file/d99db4f7f047cbf672eb19ea2e492a45d948338c0f10ef4761db3b9e372ba90e/analysis/1426449298/
34125 || PUA-ADWARE User-Agent Vitruvian || url,www.virustotal.com/en/file/a59f0e717dc530814dea3fdf65597faaad90ed8bfe3c8b8f6cea0e708049a784/analysis/1426449345/
34126 || PUA-ADWARE Vitruvian outbound connection || url,www.virustotal.com/en/file/a59f0e717dc530814dea3fdf65597faaad90ed8bfe3c8b8f6cea0e708049a784/analysis/1426449345/
34127 || PUA-ADWARE Vitruvian outbound connection || url,www.virustotal.com/en/file/a59f0e717dc530814dea3fdf65597faaad90ed8bfe3c8b8f6cea0e708049a784/analysis/1426449345/
34136 || MALWARE-CNC Win.Trojan.Banload variant MSSQL response || url,www.virustotal.com/en/file/22ccd94c7e99a17753218708cea1abe162d289b7a0105c3be9620bf224f36f3f/analysis/
34137 || PUA-ADWARE SearchProtect user-agent detection || url,www.virustotal.com/en/file/cbddccb934d302497ac60f924088034a1852c378cc51df20c2e53b401ffc4651/analysis/
34140 || MALWARE-CNC Win.Trojan.Dyre publickey outbound connection || url,phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl || url,www.virustotal.com/en/file/417c9cd7c8abbd7bbddfc313c9f153758fd11bda47f754b9c59bc308d808c486/analysis/
34144 || PUA-ADWARE SuperOptimizer installation status || url,www.virustotal.com/en/file/1df4d1f316bd526e56b5fa0f84704bac365484c049e6a7c76145cb45e5e32049/analysis/1426449377/
34145 || PUA-ADWARE SuperOptimizer encrypted data transmission || url,www.virustotal.com/en/file/1df4d1f316bd526e56b5fa0f84704bac365484c049e6a7c76145cb45e5e32049/analysis/1426449377/
34146 || PUA-ADWARE SuperOptimizer geolocation request || url,www.virustotal.com/en/file/1df4d1f316bd526e56b5fa0f84704bac365484c049e6a7c76145cb45e5e32049/analysis/1426449377/
34236 || PUA-ADWARE Eorezo outbound connection || url,www.virustotal.com/en/file/a31d47e5d6885c32cad2fb5799033982e7f9d070ed350cd2025dd8594d067651/analysis/1426449407/
34237 || PUA-ADWARE Eorezo get advertisement || url,www.virustotal.com/en/file/a31d47e5d6885c32cad2fb5799033982e7f9d070ed350cd2025dd8594d067651/analysis/1426449407/
34261 || MALWARE-CNC Linux.Trojan.XORDDoS outbound connection || url,www.virustotal.com/en/file/92a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86/analysis/
34262 || MALWARE-CNC Linux.Trojan.XORDDoS outbound connection || url,www.virustotal.com/en/file/92a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86/analysis/
34263 || MALWARE-CNC Linux.Trojan.XORDDoS outbound connection || url,www.virustotal.com/en/file/92a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86/analysis/
34287 || SERVER-WEBAPP vBulletin XSS redirect attempt || url,www.virustotal.com/en/url/6a7664105f1f144930f51e71dd0fec728607b4c9e33037d376cd7bf8351273a9/analysis/1430224991/
34292 || MALWARE-CNC Win.Trojan.Kraken outbound connection || url,itsjack.cc/blog/2015/02/krakenhttp-not-sinking-my-ship-part-1 || url,www.virustotal.com/en/file/27fa65a3166def75feb75f8feb25dd9784b8f2518c73defcc4ed3e9f46868e76/analysis/
34307 || MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection || url,www.virustotal.com/en/file/015fbc0b216d197136df8692b354bf2fc7bd6eb243e73283d861a4dbbb81a751/analysis/
34308 || MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection || url,www.virustotal.com/en/file/015fbc0b216d197136df8692b354bf2fc7bd6eb243e73283d861a4dbbb81a751/analysis/
34309 || MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection || url,www.virustotal.com/en/file/015fbc0b216d197136df8692b354bf2fc7bd6eb243e73283d861a4dbbb81a751/analysis/
34310 || MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection || url,www.virustotal.com/en/file/015fbc0b216d197136df8692b354bf2fc7bd6eb243e73283d861a4dbbb81a751/analysis/
34311 || MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection || url,www.virustotal.com/en/file/015fbc0b216d197136df8692b354bf2fc7bd6eb243e73283d861a4dbbb81a751/analysis/
34312 || MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection || url,www.virustotal.com/en/file/015fbc0b216d197136df8692b354bf2fc7bd6eb243e73283d861a4dbbb81a751/analysis/
34313 || MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection || url,www.virustotal.com/en/file/015fbc0b216d197136df8692b354bf2fc7bd6eb243e73283d861a4dbbb81a751/analysis/
34314 || MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection || url,www.virustotal.com/en/file/015fbc0b216d197136df8692b354bf2fc7bd6eb243e73283d861a4dbbb81a751/analysis/
34315 || MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection || url,www.virustotal.com/en/file/015fbc0b216d197136df8692b354bf2fc7bd6eb243e73283d861a4dbbb81a751/analysis/
34316 || MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection || url,www.virustotal.com/en/file/015fbc0b216d197136df8692b354bf2fc7bd6eb243e73283d861a4dbbb81a751/analysis/
34317 || MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection || url,www.virustotal.com/en/file/015fbc0b216d197136df8692b354bf2fc7bd6eb243e73283d861a4dbbb81a751/analysis/
34318 || MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection || url,www.virustotal.com/en/file/d14f1d1e07bd116ed0faf5896438177f36a05adacf5af4f32910e313e9c1fd93/analysis/
34365 || SERVER-WEBAPP Magento remote code execution attempt || cve,2015-1398
34366 || MALWARE-CNC Win.Trojan.Beebone outbound connection || url,www.virustotal.com/en/file/b06c6ac1174a6992f423d935ccba6f34f107b6591768a743d44d66423312d33a/analysis/
34367 || MALWARE-CNC Win.Trojan.Banload variant outbound connection || url,www.virustotal.com/en/file/fc2cc624c2357bad23eaff951c4eac3a1f1c1c3ec5133665c7e101f4f4e3bbba/analysis/1430145774/
34368 || MALWARE-CNC Win.Trojan.Banload variant outbound connection || url,www.virustotal.com/en/file/fc2cc624c2357bad23eaff951c4eac3a1f1c1c3ec5133665c7e101f4f4e3bbba/analysis/1430145774/
34370 || BLACKLIST DNS request for known malware domain mymoney.000a.de - Win.Trojan.Fareit || url,www.virustotal.com/en/file/74e82708e5ac9eea253f3701bc625cef1ffc6385ee96954ddc586e198bc8dd41/analysis/
34452 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection || url,www.virustotal.com/en/file/6ca7047c377ad26b9db86c4028b59aa2f6600bfbdb74f1af3519ebf10314b3a6/analysis/
34453 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection || url,www.virustotal.com/en/file/6ca7047c377ad26b9db86c4028b59aa2f6600bfbdb74f1af3519ebf10314b3a6/analysis/
34461 || MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection || url,virustotal.com/file/9512cd72e901d7df95ddbcdfc42cdb16141ff155e0cb0f8321069212e0cd67a8/analysis/1430996623
34462 || MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection || url,virustotal.com/file/84dfe2ac489ba41dfb25166a983ee2d664022bbcc01058c56a1b1de82f785a43/analysis/1430849540/
34500 || MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection || url,www.virustotal.com/en/file/1D6BCF409C85887861D587C8AABFC8C8393EA692FE93C0A6836BE507A7F75985/analysis/
34501 || MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection || url,www.virustotal.com/en/file/1D6BCF409C85887861D587C8AABFC8C8393EA692FE93C0A6836BE507A7F75985/analysis/
34622 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection || url,www.virustotal.com/en/file/d6beeae945d570d98784bdea68310ddef17f4a03534632dec48c691677c67402/analysis/
34843 || BLACKLIST User-Agent known malicious user agent - EMERY - Win.Trojan.W97M || url,www.virustotal.com/en/file/d0f0a446162c6dafc58e4034f4879275d3766f20336b6998cb5a5779d995a243/analysis/
34864 || INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate || url,blog.didierstevens.com
34868 || MALWARE-CNC Win.Trojan.Rovnix variant outbound connection || url,www.virustotal.com/en/file/a184775757cf30f9593977ee0344cd6c54deb4b14a012a7af8e3a2cdbb85a749/analysis/
34917 || MALWARE-CNC Win.Trojan.Critroni certificate exchange || url,www.virustotal.com/en/file/af7a9f581653394955bec5cf10a7dbafbf64f42d09918807274b5d25849a1251/analysis/
34931 || MALWARE-CNC Win.Trojan.Bancos variant outbound connection || url,www.virustotal.com/en/file/7816d2b6507950177cf1af596744abe523cad492f4d78e230962602b1b269044/analysis/
34950 || MALWARE-CNC Win.Trojan.Prok variant outbound connection || url,www.virustotal.com/en/file/ada4a63abae42266f9d472f1d4ebd0bd22702270f8b38ad7a824a16ce449ea2b/analysis/
34958 || MALWARE-CNC Win.Trojan.Androm variant outbound connection || url,www.virustotal.com/en/file/38c7d403660c98ceb0246192d7d89cd66e126c6721008f6b347d4d53b4dc063b/analysis/
34959 || MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection || url,www.virustotal.com/en/file/33b598e185ba483c5c1571651a03b90359fb1f56b55e902c7038baf315c5dad9/analysis/
34964 || PUA-ADWARE Win.Adware.Sendori user-agent detection || url,www.virustotal.com/en/file/26ee215c531b6c50d28ef9b9a48db05b08139e460b997167de1813484beb7a9e/analysis/
34994 || MALWARE-CNC Win.Trojan.Banbra variant outbound connection || url,www.virustotal.com/en/file/078f4f7bbd0a7fc3f1934a4988997e9f3b69ca8b9dc1bfd37a6c85b44fb50b48/analysis/
34995 || MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure || url,www.virustotal.com/en/file/078f4f7bbd0a7fc3f1934a4988997e9f3b69ca8b9dc1bfd37a6c85b44fb50b48/analysis/
34996 || MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection || url,www.virustotal.com/en/file/6452bea82dbef796eaed8d2403ffa7141e4379bb052fdb7b63a21400c04b0334/analysis/
34997 || MALWARE-CNC Win.Trojan.Graftor variant HTTP Response || url,www.virustotal.com/en/file/1ed49a78ee46c4a0d2eeb3b9ab707b40d3c87448c6f399d7fceefc0c16c66d38/analysis/
35030 || MALWARE-CNC Win.Trojan.Zeus variant outbound connection || url,www.virustotal.com/en/file/a7009a6ed3ff0191e3c8e7f8b27b9b16afe2a82d1eb131ecd27d8f8a5b17e819/analysis/1433243075/
35068 || BLACKLIST DNS request for known malware domain tooti15.no-ip.biz - Win.Trojan.AutoIt || url,www.virustotal.com/en/file/c35d9d75b674906496826be297611adb3e5bb31e6cd9504902aed6ada8d77b78/analysis/
35076 || MALWARE-CNC Win.Zusy variant outbound connection || url,www.www.virustotal.com/en/file/857ae380e297f840b88146ec042286ef459a1c4dc53680b117a9677b189e6c68/analysis/
35312 || MALWARE-CNC Win.Trojan.Ursnif outbound connection || url,malware.dontneedcoffee.com/2015/07/a-fileless-ursnif-doing-some-pos.html
35344 || MALWARE-CNC Win.Trojan.Cryptowall click fraud response || url,www.virustotal.com/en/file/3b78dd891a81c18cffa5031e52f9c2329e2986ba83c5c75a67dc4ae3d1f0bec3/analysis/
35353 || MALWARE-CNC Win.Trojan.Elise.B variant outbound connection || url,www.virustotal.com/en/file/9a226eeae1fc51a2bc2e72b098d5654238d0cc8eae29c0cdaacb49ae9d997d04/analysis/
35386 || MALWARE-CNC Win.Trojan.Bedep initial outbound connection || url,malware.dontneedcoffee.com/2015/07/a-fileless-ursnif-doing-some-pos.html
35387 || MALWARE-CNC Win.Trojan.Andromeda initial outbound connection || url,malware.dontneedcoffee.com/2015/07/a-fileless-ursnif-doing-some-pos.html
35388 || MALWARE-CNC Win.Trojan.Andromeda download request || url,malware.dontneedcoffee.com/2015/07/a-fileless-ursnif-doing-some-pos.html
35393 || MALWARE-CNC Win.Trojan.TorrentLocker/Teerac self-signed certificate || url,www.virustotal.com/en/file/4072beeaf09fe6fef48365f1c14fd800e21b32cfa2af561f515bc45372dd590d/analysis/
35394 || MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request || url,www.virustotal.com/en/file/4072beeaf09fe6fef48365f1c14fd800e21b32cfa2af561f515bc45372dd590d/analysis/
35549 || MALWARE-CNC Win.Trojan.Zeus variant outbound connection || url,www.virustotal.com/en/file/a7009a6ed3ff0191e3c8e7f8b27b9b16afe2a82d1eb131ecd27d8f8a5b17e819/analysis/1433243075/
35733 || MALWARE-CNC Win.Trojan.Potao outbound connection || url,www.virustotal.com/en/file/c66955f667e9045ea5591ebf9b59246ad86227f174ea817d1398815a292b8c88/analysis/
35745 || INDICATOR-COMPROMISE Wild Neutron potential exploit attempt || url,securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/
35746 || MALWARE-CNC Win.Trojan.Zeus variant outbound connection || url,www.virustotal.com/en/file/a7009a6ed3ff0191e3c8e7f8b27b9b16afe2a82d1eb131ecd27d8f8a5b17e819/analysis/
35749 || MALWARE-CNC Win.Backdoor.IsSpace outbound connection || url,publicintelligence.net/fbi-hack-tools-opm/
35750 || MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection || url,publicintelligence.net/fbi-hack-tools-opm/
36064 || MALWARE-CNC Win.Trojan.Bagsu variant outbound connection || url,www.virustotal.com/en/file/049bc9beeba4acd2a558dc695f65ad284b0ae1ff89f69a38f743510d6ab640c0/analysis
36065 || MALWARE-CNC Win.Trojan.Bagsu variant outbound connection || url,www.virustotal.com/en/file/049bc9beeba4acd2a558dc695f65ad284b0ae1ff89f69a38f743510d6ab640c0/analysis
36066 || MALWARE-CNC Win.Trojan.Bagsu variant outbound connection || url,www.virustotal.com/en/file/1fbe27602da7de2ce95254ffd409f70635179371354b4914997de273f6be9422/analysis/
36107 || MALWARE-CNC Win.Trojan.FakeAV variant outbound connection || url,www.virustotal.com/en/file/f4c10d33b8c46cc7922a6eebc9f14858a01b2f573ee99dd1dc02a4534b537e18/analysis
36108 || MALWARE-CNC Win.Trojan.Nimisi variant outbound connection || url,www.virustotal.com/en/file/a1f8f8b509001e5bca811a168455a89517000a2534d271018c0c87c6210bd69f/analysis/
36202 || MALWARE-CNC Win.Trojan.Yakes variant dropper || url,www.virustotal.com/en/file/ff0ae81f0dece17baf8480d866c9462c9f3d49be9adde8b16f105e244eb31d67/analysis/
36611 || INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate || url,blog.didierstevens.com
36612 || INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate || url,blog.didierstevens.com
37045 || MALWARE-CNC Win.Trojan.Kovter outbound connection || url,virustotal.com/en/file/e3da9c7f20e7f24891e0dec594dad6d9deebee145153611a5c05c69593284a27/analysis/ || url,www.virustotal.com/en/file/9d6b1bd74848dd0549ad3883b7292d3ba0a4fa06d0aaf562032b0bf6dc198249/analysis/
37245 || MALWARE-CNC Win.Backdoor.Chopper web shell connection || url,informationonsecurity.blogspot.com/2012/11/china-chopper-webshell.html || url,www.virustotal.com/en/file/BE24561427D754C0C150272CAB5017D5A2DA64D41BEC74416B8AE363FB07FD77/analysis/
37467 || MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection || url,www.virustotal.com/en/file/6ADFAFFEA064A9F89064FBA300CDFCD7634CFD06802BF250FA1B070CABFBEBF5/analysis/
37521 || MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection || url,www.virustotal.com/en/file/84409422426933e6f1ea227f042ff56d1f6686873454959d2e3308b9f5daac61/analysis/
37522 || MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection || url,www.virustotal.com/en/file/84409422426933e6f1ea227f042ff56d1f6686873454959d2e3308b9f5daac61/analysis/
37523 || MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection || url,www.virustotal.com/en/file/84409422426933e6f1ea227f042ff56d1f6686873454959d2e3308b9f5daac61/analysis/
37552 || MALWARE-CNC Win.Trojan.Engr variant outbound connection || url,www.virustotal.com/en/file/54f6600db99fdab31453f3e23e8fb080438cd1ec36b6fc2868ff86cf88f14bb0/analysis/
37646 || MALWARE-CNC Win.Trojan.Symmi variant dropper download connection || url,www.virustotal.com/en/file/881bb1538b4d077976cd9b27523cd5af9bd86c0ae3bce4edf453e74bba9f4c1b/analysis/
37647 || MALWARE-CNC Win.Trojan.Symmi variant outbound connection || url,www.virustotal.com/en/file/881bb1538b4d077976cd9b27523cd5af9bd86c0ae3bce4edf453e74bba9f4c1b/analysis/
37730 || PROTOCOL-DNS glibc getaddrinfo A record stack buffer overflow attempt || cve,2015-7547 || url,googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
37731 || PROTOCOL-DNS glibc getaddrinfo AAAA record stack buffer overflow attempt || cve,2015-7547 || url,googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
37733 || MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection || url,www.virustotal.com/en/file/8a80760f60f42ce5574a8020c08123a6a8fc2a12d28e8802f3d5101f72c2ad0c/analysis/
37814 || POLICY-OTHER Polycom Botnet inbound connection attempt || url,support.polycom.com/global/documents/support/documentation/H_3_2_3_Botnet_Bulletin_v_1_2.pdf
37815 || POLICY-OTHER Polycom Botnet inbound connection attempt || url,support.polycom.com/global/documents/support/documentation/H_3_2_3_Botnet_Bulletin_v_1_2.pdf
37816 || MALWARE-CNC Win.Trojan.Kazy variant outbound connection || url,www.virustotal.com/en/file/522e5d4ea0771f5c0bc300c2d66a0445a66ae85bd4b50c21a502365db0a638d9/analysis/
37834 || MALWARE-CNC Win.Trojan.Locky variant outbound connection || url,www.virustotal.com/en/file/ee6abe4a9530b78e997d9c28394356216778eaf2d46aa3503999e7d6bfbefe90/analysis/
37835 || MALWARE-CNC Win.Trojan.Locky variant outbound connection || url,www.virustotal.com/en/file/ee6abe4a9530b78e997d9c28394356216778eaf2d46aa3503999e7d6bfbefe90/analysis/
38255 || MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection || url,www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602%283%29.pdf
38256 || MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection || url,www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602%283%29.pdf
38257 || MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection || url,www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602%283%29.pdf
38258 || MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection || url,www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602%283%29.pdf
38331 || MALWARE-CNC Win.Trojan.Locky variant outbound connection || url,www.virustotal.com/en/file/33ab0605b83356e065459559bb81ec5e7464be563059fce607760517fedaf603/analysis/
38333 || MALWARE-CNC Linux.Trojan.Bifrose outbound connection || url,www.virustotal.com/en/file/0a0d7bed3c8aa0e0e87e484a37e62b0bd0e97981b0bea55f6f3607316831ba5d/analysis/
38353 || MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup || url,www.circl.lu/pub/tr-23/
38354 || MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs || url,www.circl.lu/pub/tr-23/
38355 || MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive || url,www.circl.lu/pub/tr-23/
38357 || MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials || url,www.circl.lu/pub/tr-23/
38359 || MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials || url,www.circl.lu/pub/tr-23/
38378 || MALWARE-CNC Win.Trojan.Dridex certificate exchange || url,www.virustotal.com/en/file/f4bf52759270fa4fc4e5745d51dd8d73b49feae9de5bedfd8f4e0a865e8047c4/analysis/1459264179/
38379 || MALWARE-CNC Win.Trojan.Dridex file download attempt || url,www.virustotal.com/en/file/f4bf52759270fa4fc4e5745d51dd8d73b49feae9de5bedfd8f4e0a865e8047c4/analysis/1459264179/
38380 || MALWARE-CNC Win.Trojan.Dridex file download attempt || url,www.virustotal.com/en/file/f4bf52759270fa4fc4e5745d51dd8d73b49feae9de5bedfd8f4e0a865e8047c4/analysis/1459264179/
38385 || MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection || url,www.virustotal.com/en/file/44f956d41f5aea97884f88f60c1e28dc246b4b7318a87b332367e7f0476ca8fc/analysis/1459279340/
38386 || MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection || url,www.virustotal.com/en/file/44f956d41f5aea97884f88f60c1e28dc246b4b7318a87b332367e7f0476ca8fc/analysis/1459279340/
38387 || MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection || url,www.virustotal.com/en/file/44f956d41f5aea97884f88f60c1e28dc246b4b7318a87b332367e7f0476ca8fc/analysis/1459279340/
38388 || MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check || url,www.virustotal.com/en/file/44f956d41f5aea97884f88f60c1e28dc246b4b7318a87b332367e7f0476ca8fc/analysis/1459279340/
38509 || MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection || url,www.virustotal.com/en/file/efd9036e675507da76cd0946408aedb814aff9da62d23de4f0680a4e7186a75c/analysis/1460471360/
38510 || MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt || url,www.virustotal.com/en/file/146889acc9c4a5dbda2de339320159560567b14f846653df727284076f092e63/analysis/1460466642/
38514 || MALWARE-CNC Win.Trojan.Sweeper outbound connection || url,www.virustotal.com/en/file/38221267218184b17a78d8814d1bd06b12143be859488ae15ca0d754f32d60fc/analysis/1460472611/
38515 || MALWARE-CNC Win.Trojan.Sweeper outbound connection || url,www.virustotal.com/en/file/38221267218184b17a78d8814d1bd06b12143be859488ae15ca0d754f32d60fc/analysis/1460472611/
38516 || MALWARE-CNC Win.Trojan.Sweeper outbound connection || url,www.virustotal.com/en/file/38221267218184b17a78d8814d1bd06b12143be859488ae15ca0d754f32d60fc/analysis/1460472611/
38517 || MALWARE-CNC binary download while video expected || url,www.virustotal.com/en/file/38221267218184b17a78d8814d1bd06b12143be859488ae15ca0d754f32d60fc/analysis/1460472611/
38557 || MALWARE-CNC Win.Trojan.GateKeylogger outbound connection || url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/
38558 || MALWARE-CNC Win.Trojan.GateKeylogger outbound connection || url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/
38559 || MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes || url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/
38560 || MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot || url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/
38561 || MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt || url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/
38562 || MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt || url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/
38563 || MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response || url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/
38564 || MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt || url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/
38565 || MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt || url,www.virustotal.com/en/file/70e6df66c76700afef596e2dd7c956f4f476acca5b935b3f067084241638d182/analysis/1460636221/
38566 || MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt || url,www.virustotal.com/en/file/70e6df66c76700afef596e2dd7c956f4f476acca5b935b3f067084241638d182/analysis/1460636221/
38580 || FILE-OFFICE RFT document malformed header || cve,2015-1641 || url,technet.microsoft.com/en-us/security/bulletin/ms15-033
38581 || FILE-OFFICE RFT document malformed header || cve,2015-1641 || url,technet.microsoft.com/en-us/security/bulletin/ms15-033
38584 || MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection || url,www.virustotal.com/en/file/7a32e9d01e66f68461e410a29e38e147fb8a3d3695f1e55f4cf0d2ad789d5b2d/analysis/1460564508/
38585 || MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection || url,www.virustotal.com/en/file/7a32e9d01e66f68461e410a29e38e147fb8a3d3695f1e55f4cf0d2ad789d5b2d/analysis/1460564508/
38586 || MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection || url,www.virustotal.com/en/file/7a32e9d01e66f68461e410a29e38e147fb8a3d3695f1e55f4cf0d2ad789d5b2d/analysis/1460564508/
38587 || MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt || url,www.virustotal.com/en/file/7a32e9d01e66f68461e410a29e38e147fb8a3d3695f1e55f4cf0d2ad789d5b2d/analysis/1460564508/
38588 || MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection || url,www.virustotal.com/en/file/7a32e9d01e66f68461e410a29e38e147fb8a3d3695f1e55f4cf0d2ad789d5b2d/analysis/1460564508/
38594 || APP-DETECT Bloomberg web crawler outbound connection || url,irwebreport.com/20110223/bloomberg-bot-strikes-again-transocean-earnings-leaked
38603 || MALWARE-CNC Win.Trojan.UP007 variant outbound connection || url,citizenlab.org/2016/04/between-hong-kong-and-burma/
38606 || MALWARE-CNC Win.Trojan.Qakbot variant network speed test || url,www.virustotal.com/en/file/1826dba769dad9898acd95d6bd026a0b55d0a093a267b481695494f3ab547088/analysis/1461598351/
38607 || MALWARE-CNC Win.Trojan.Qakbot variant outbound connection || url,www.virustotal.com/en/file/1826dba769dad9898acd95d6bd026a0b55d0a093a267b481695494f3ab547088/analysis/1461598351/
38608 || MALWARE-CNC Win.Trojan.RockLoader variant outbound connection || url,www.virustotal.com/en/file/d3cd3630b5709535f9bfa59c4ec75c8061262985919a43a175ec9d7e15c9419a/analysis/1461598531/
38610 || MALWARE-CNC Win.Trojan.Godzilla downloader successful base64 binary download || url,www.virustotal.com/en/file/f597634ff5e2623baff35d99bfdb2aac1725c9f49805b4903c13093c43172cb7/analysis/1461593386
38619 || INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data || url,www.virustotal.com/en/file/fc25709c4e05dbfbcc6ae0cf8a7c06e80156ae05179203021838259aeda9801a/analysis/1461600547/
38620 || MALWARE-CNC Win.Trojan.Dridex certificate exchange || url,www.virustotal.com/en/file/fc25709c4e05dbfbcc6ae0cf8a7c06e80156ae05179203021838259aeda9801a/analysis/1461600547/
38621 || MALWARE-CNC Win.Trojan.Dridex certificate exchange || url,www.virustotal.com/en/file/fc25709c4e05dbfbcc6ae0cf8a7c06e80156ae05179203021838259aeda9801a/analysis/1461600547/
38886 || MALWARE-CNC Win.Trojan.Bayrob variant outbound connection || url,www.virustotal.com/en/file/6b6b91cd104f4a6d32b5187131d9053911607672076e6ed26ed51369e5329cad/analysis/1462889491/
38887 || MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection || url,www.virustotal.com/en/file/11180a0ff4576e0dbbe48d77ed717e72678520516ff13f523cad832d1b9fa9ac/analysis/1462906326/
38888 || MALWARE-CNC Win.Trojan.Locky variant outbound connection || url,www.virustotal.com/en/file/2d766d57bc549b3ac7b87b604e2103318eaf41b526086ffe0201d5778521c1b6/analysis/1462906540/
38890 || MALWARE-CNC Win.Trojan.Kirts exfiltration attempt || url,www.virustotal.com/en/file/f81128f3b9c0347f4ee5946ecf9a95a3d556e8e3a4742d01e5605f862e1d116d/analysis/1462888129/
38891 || MALWARE-CNC Win.Trojan.Kirts initial registration || url,www.virustotal.com/en/file/f81128f3b9c0347f4ee5946ecf9a95a3d556e8e3a4742d01e5605f862e1d116d/analysis/1462888129/
38950 || MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt || url,virustotal.com/en/file/5780e8408c8d5c84d1fbe5c53eeb77832a6af54fd41fab7f720c89fc10989340/analysis/1463495191/
38951 || PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt || url,www.virustotal.com/en/file/829918eb3edb26deccd2d80c7ac8bc8ad58b4fb76a370c11731884b408a21a73/analysis/1463575824/
38952 || PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt || url,www.virustotal.com/en/file/829918eb3edb26deccd2d80c7ac8bc8ad58b4fb76a370c11731884b408a21a73/analysis/1463575824/
38953 || PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt || url,www.virustotal.com/en/file/829918eb3edb26deccd2d80c7ac8bc8ad58b4fb76a370c11731884b408a21a73/analysis/1463575824/
38993 || SQL use of sleep function in HTTP header - likely SQL injection attempt || url,blog.cloudflare.com/the-sleepy-user-agent/
39064 || MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection || url,www.virustotal.com/en/file/e0f8b6fd78c724b688f6467baf37f08c5ed198ea1b4224f31f50c8acbad49742/analysis/
39080 || MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup || url,www.virustotal.com/en/file/5db3b9ce06e334cb61279dd936a40be75df6732228bb692a7a84b1299eb09071/analysis/1464362377/
39106 || MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection || url,virustotal.com/en/file/0a6ee066b27f5f8dfeedb8e5f19659e47b70296a49a627e2ce9d3d9456287051/analysis/
39107 || MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection || url,virustotal.com/en/file/0a6ee066b27f5f8dfeedb8e5f19659e47b70296a49a627e2ce9d3d9456287051/analysis/
39159 || MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate || url,www.virustotal.com/en/file/45e8df88b177cec3972f36284290eab652fb21806ef7e9575be853fb30528f28/analysis/
39160 || MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate || url,www.virustotal.com/en/file/9d54565f8fb7cf50df11bf9745f7efd04a49abb03e85a3aafbf9a5b5fcd065c9/analysis/
39163 || MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange || url,www.virustotal.com/en/file/6467418eea0564f77c66844e30a17c8561089f2b8301a7d306a71a34e4fef693/analysis/
39164 || MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange || url,www.virustotal.com/en/file/6467418eea0564f77c66844e30a17c8561089f2b8301a7d306a71a34e4fef693/analysis/
39409 || MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection || url,www.virustotal.com/en/file/f4e902c1c2647e79167262bf948fe41368bab4d3876255eb3d9edb5ae02097b7/analysis/
39410 || MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection || url,www.virustotal.com/en/file/f4e902c1c2647e79167262bf948fe41368bab4d3876255eb3d9edb5ae02097b7/analysis/
39411 || MALWARE-CNC Win.Trojan.Qbot variant outbound connection || url,www.virustotal.com/en/file/020356457e95f7607c1941e03294b4c16e23daa402d7e79cfd2ba91b23969480/analysis/1463667519/
39526 || FILE-OFFICE RTF document incorrect file magic attempt || cve,2015-1641 || url,technet.microsoft.com/en-us/security/bulletin/ms15-033
39527 || FILE-OFFICE RTF document incorrect file magic attempt || cve,2015-1641 || url,technet.microsoft.com/en-us/security/bulletin/ms15-033
39528 || FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt || cve,2015-1641 || url,technet.microsoft.com/en-us/security/bulletin/ms15-033
39529 || FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt || cve,2015-1641 || url,technet.microsoft.com/en-us/security/bulletin/ms15-033
39573 || MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection || url,www.virustotal.com/en/file/d74fcf6b8f2f1c3a1ed742feb3f323f7826e9fc79a3d642082cee46770a4697a/analysis/1461003042/
39574 || MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection || url,www.virustotal.com/en/file/d74fcf6b8f2f1c3a1ed742feb3f323f7826e9fc79a3d642082cee46770a4697a/analysis/1461003042/
39575 || MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection || url,www.virustotal.com/en/file/d74fcf6b8f2f1c3a1ed742feb3f323f7826e9fc79a3d642082cee46770a4697a/analysis/1461003042/
39576 || MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection || url,www.virustotal.com/en/file/d74fcf6b8f2f1c3a1ed742feb3f323f7826e9fc79a3d642082cee46770a4697a/analysis/1461003042/
39577 || MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection || url,www.virustotal.com/en/file/0a19499dec07ca2ade3aefdf910e13231d63d7a2e238776272b4fffd0ff3a527/analysis/1467727738/
39578 || MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection || url,www.virustotal.com/en/file/0a19499dec07ca2ade3aefdf910e13231d63d7a2e238776272b4fffd0ff3a527/analysis/1467727738/
39579 || MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection || url,www.virustotal.com/en/file/0a19499dec07ca2ade3aefdf910e13231d63d7a2e238776272b4fffd0ff3a527/analysis/1467727738/
39580 || MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection || url,www.virustotal.com/en/file/0a19499dec07ca2ade3aefdf910e13231d63d7a2e238776272b4fffd0ff3a527/analysis/1467727738/
39581 || MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection || url,www.virustotal.com/en/file/4b16d1e205f198222bd2b2bb8dbd55886a9e2b79de484eec0d8cce5db376d3c8/analysis/
39582 || MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt || url,www.virustotal.com/en/file/4b16d1e205f198222bd2b2bb8dbd55886a9e2b79de484eec0d8cce5db376d3c8/analysis/
39583 || MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt || url,www.virustotal.com/en/file/4b16d1e205f198222bd2b2bb8dbd55886a9e2b79de484eec0d8cce5db376d3c8/analysis/
39705 || MALWARE-CNC Win.Trojan.Zeus variant inbound connection || url,www.virustotal.com/en/file/292c12a4c9cf8724c7bfa9ec73e1b703bd51720ea18cd4528e9be516d05b5628/analysis/1468961317/
39729 || INDICATOR-COMPROMISE Content-Type image containing Portable Executable data || url,www.virustotal.com/en/file/2dc752d12baa8c8441b82dd52abfd51c25abd28ba42344b22869ba7ae5a9a877/analysis/1469197722/
39737 || SERVER-WEBAPP HttpOxy CGI application vulnerability potential man-in-the-middle attempt || cve,2016-5385 || cve,2016-5386 || cve,2016-5387 || cve,2016-5388 || url,httpoxy.org
39738 || MALWARE-CNC Win.Trojan.Trans variant outbound connection || url,www.virustotal.com/en/file/a4c1234bb748f9bcabeb9ab990614fd4c1035135c5f5068fd42bace4b75fff0e/analysis/
39800 || MALWARE-CNC Win.Trojan.Hancitor variant outbound connection || url,www.virustotal.com/en/file/5ec4ba1a97500e664af6896f4c02846ca6777e671bb600103dc8d49224e38f48/analysis/1469201551/
39801 || MALWARE-CNC Win.Trojan.Spyrat variant outbound connection || url,www.virustotal.com/en/file/e64f536556739d50a673a952da7f110f1156fad0f7360d401794e5a8d65ce63a/analysis/
39911 || MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt || url,www.virustotal.com/en/file/f4499928a6fee5d37fb711ed6d68708bf116cfc7f284d3295dd30ded7ecf64b2/analysis/
40011 || MALWARE-CNC Win.Trojan.Locky variant outbound connection || url,www.virustotal.com/en/file/f29ce76169727ff5a43ef7baa5c4e04f7d3302189e3d2a31cfc9dec39e84ad03/analysis/
40015 || BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt || cve,2016-5268 || url,bugzilla.mozilla.org/show_bug.cgi?id=1253673 || url,www.mozilla.org/en-US/security/advisories/mfsa2016-83/
40184 || EXPLOIT-KIT Phoenix Exploit Kit inbound geoip.php bdr exploit attempt || url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/phoenix_exec.rb
40220 || SERVER-OTHER Cisco IOS Group-Prime memory disclosure exfiltration attempt || cve,2016-6415 || url,tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
40221 || SERVER-OTHER Cisco IOS Group-Prime MD5 memory disclosure attempt || cve,2016-6415 || url,tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
40222 || SERVER-OTHER Cisco IOS Group-Prime SHA memory disclosure attempt || cve,2016-6415 || url,tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
40234 || MALWARE-CNC Installation Keylogger Osx.Trojan.Mokes ping reply || url,www.virustotal.com/en/file/664e0a048f61a76145b55d1f1a5714606953d69edccec5228017eb546049dc8c/analysis/
40235 || MALWARE-CNC Installation Keylogger Osx.Trojan.Mokes ping request || url,www.virustotal.com/en/file/664e0a048f61a76145b55d1f1a5714606953d69edccec5228017eb546049dc8c/analysis/
40251 || BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Perseus || url,www.virustotal.com/en/file/e88709501e6c8923c7c9bf112f7a824f241f86b001dd824eb12a4284778c8137/analysis/
40252 || MALWARE-CNC Win.Perseus variant outbound connection attempt || url,www.virustotal.com/en/file/e88709501e6c8923c7c9bf112f7a824f241f86b001dd824eb12a4284778c8137/analysis/
40260 || MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt || url,blog.malwarebytes.com/cybercrime/2016/07/mac-malware-osx-keydnap-steals-keychain/ || url,www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/
40541 || MALWARE-CNC Win.Trojan.Satana ransomware outbound connection attempt || url,www.virustotal.com/en/file/683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96/analysis/1477327210/
40549 || MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection || url,www.virustotal.com/en/file/de6da70478e7f84cd06ace1a0934cc9d5732f35aa20e960dc121fd8cf2388d6e/analysis/1477329470/
40550 || MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt || url,www.virustotal.com/en/file/25657a5b4e65add11d42c59aa854834977ddb3fe969f10efa2fa637b0329b3bb/analysis/1477407128/
40551 || MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt || url,www.virustotal.com/en/file/25657a5b4e65add11d42c59aa854834977ddb3fe969f10efa2fa637b0329b3bb/analysis/1477407128/
40559 || MALWARE-CNC Win.Trojan.iSpy variant outbound connection attempt || url,www.virustotal.com/en/file/11e611585bfb6ff1f823e3c035ef6cfae39dfe2209e15ed01a8db8b3f9526519/analysis/1477417828/
40762 || MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection || url,www.virustotal.com/en/file/14eb51b26fa4932fc660daf7e803600bf29a8a46fe3f1d652194bc48e9617bd9/analysis/1478720273/
40763 || MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response || url,www.virustotal.com/en/file/14eb51b26fa4932fc660daf7e803600bf29a8a46fe3f1d652194bc48e9617bd9/analysis/1478720273/
40764 || MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response || url,www.virustotal.com/en/file/14eb51b26fa4932fc660daf7e803600bf29a8a46fe3f1d652194bc48e9617bd9/analysis/1478720273/
40816 || MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt || url,www.virustotal.com/en/file/ab082d6047fb73b9de7ebc59fb12fa1f8c2d547949d4add3b7a573d48172889b/analysis/1479147777/
40827 || PUA-ADWARE MindSpark framework installer attempt || url,www.virustotal.com/en/file/9f2cc1688bee96849ced91ade04d4d51e6fd18fa47ab1dc2c12a029aa672f7ce/analysis/
40839 || PUA-ADWARE Sokuxuan outbound connection attempt || url,www.virustotal.com/en/file/f35b65743142090ecf031731cb0bd77b15055e36dcdaa7a4ab09c5b2add13d15/analysis/1479759162/
40840 || PUA-OTHER Bitcoin Mining subscribe Stratum protocol client request attempt || url,www.virustotal.com/en/file/f35b65743142090ecf031731cb0bd77b15055e36dcdaa7a4ab09c5b2add13d15/analysis/1479759162/
40841 || PUA-OTHER Bitcoin Mining authorize Stratum protocol client request attempt || url,www.virustotal.com/en/file/f35b65743142090ecf031731cb0bd77b15055e36dcdaa7a4ab09c5b2add13d15/analysis/1479759162/
40842 || PUA-OTHER Bitcoin Mining extranonce Stratum protocol subscribe client request attempt || url,www.virustotal.com/en/file/f35b65743142090ecf031731cb0bd77b15055e36dcdaa7a4ab09c5b2add13d15/analysis/1479759162/
40866 || PROTOCOL-OTHER TP-Link TDDP SET_CONFIG type buffer overflow attempt || url,www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities
40888 || BROWSER-FIREFOX Mozilla Firefox ESR NotifyTimeChange use after free attempt || cve,2016-9079 || url,www.mozilla.org/en-US/security/advisories/mfsa2016-92/
40896 || BROWSER-FIREFOX Mozilla Firefox ESR NotifyTimeChange use after free attempt || cve,2016-9079 || url,www.mozilla.org/en-US/security/advisories/mfsa2016-92/
40907 || PROTOCOL-OTHER TP-Link TDDP Get_config configuration leak attempt || url,www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities
40911 || MALWARE-CNC Win.Rootkit.Sednit variant outbound connection attempt || url,virustotal.com/en/file/471fbdc52b501dfe6275a32f89a8a6b02a2aa9a0e70937f5de610b4185334668/analysis/1480953133/
40991 || MALWARE-CNC Linux.DDoS.D93 outbound connection || url,www.virustotal.com/en/file/2c017c94d9f40cba9a20e92c7c636e98de15c599bf004fa06508d701ab9e3068/analysis/
41334 || MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt || url,virustotal.com/en/file/b9cf176ddb51fa60c7512cdbafc5a598929ac3d0b3d0443a80a7f33259aa70f2/analysis/1484673198/
41335 || MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt || url,virustotal.com/en/file/b9cf176ddb51fa60c7512cdbafc5a598929ac3d0b3d0443a80a7f33259aa70f2/analysis/1484673198/
41336 || MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt || url,virustotal.com/en/file/5a0bb7bba9153801fa88ef1bedfad564d95d2d61a23de8cb87af8b589207277f/analysis/1484684079/ || url,virustotal.com/en/file/82da35ab3b0a47fe8de8b0cc24d53711e17960f5887a16769e76650d9556b399/analysis/1484684069/
41337 || MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt || url,virustotal.com/en/file/5a0bb7bba9153801fa88ef1bedfad564d95d2d61a23de8cb87af8b589207277f/analysis/1484684079/ || url,virustotal.com/en/file/82da35ab3b0a47fe8de8b0cc24d53711e17960f5887a16769e76650d9556b399/analysis/1484684069/
41346 || SERVER-WEBAPP Western Digital MyCloud command injection attempt || url,cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10108
41347 || SERVER-WEBAPP Western Digital MyCloud command injection attempt || url,cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10108
41348 || SERVER-WEBAPP Western Digital MyCloud command injection attempt || url,cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10108
41349 || SERVER-WEBAPP Western Digital MyCloud command injection attempt || url,cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10108
41374 || MALWARE-CNC Win.Trojan.NetWiredRC variant registration message || url,virustotal.com/en/file/6f179a4dc1c0393b6f2dac5aaa9c20b120ced4e82ba257bb45e693472c56a88b/analysis/1484683135/
41375 || MALWARE-CNC Win.Trojan.NetWiredRC variant check logs || url,virustotal.com/en/file/6f179a4dc1c0393b6f2dac5aaa9c20b120ced4e82ba257bb45e693472c56a88b/analysis/1484683135/
41376 || MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive || url,virustotal.com/en/file/6f179a4dc1c0393b6f2dac5aaa9c20b120ced4e82ba257bb45e693472c56a88b/analysis/1484683135/
41409 || POLICY-OTHER Cisco WebEx explicit use of web plugin || cve,2017-3823 || cve,2017-6753 || url,tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex
41441 || BLACKLIST User-Agent known malicious user-agent string - X-Mas || url,virustotal.com/en/file/2aa91ed4e591da10499708bde44b1f9d0000eaee9a81018cb0f36bd44844df7a/analysis/1484847335/ || url,virustotal.com/en/file/83a2b429b969fc5cd38b6c5072391c3513b3b914f54ea80e245b243dbd5377be/analysis/1484847306/
41442 || MALWARE-CNC Win.Ransomware.X-Mas outbound connection attempt || url,virustotal.com/en/file/2aa91ed4e591da10499708bde44b1f9d0000eaee9a81018cb0f36bd44844df7a/analysis/1484847335/ || url,virustotal.com/en/file/83a2b429b969fc5cd38b6c5072391c3513b3b914f54ea80e245b243dbd5377be/analysis/1484847306/
41443 || MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection attempt || url,virustotal.com/en/file/b49d2b3c6978584408f3c668863cc88e892bd333a9db9c3de14964d59fc3298f/analysis/1484847208/
41444 || MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection attempt || url,virustotal.com/en/file/b49d2b3c6978584408f3c668863cc88e892bd333a9db9c3de14964d59fc3298f/analysis/1484847208/
41445 || SERVER-OTHER QNAP remote buffer overflow attempt || url,seclists.org/bugtraq/2017/Jan/5
41495 || SERVER-WEBAPP WordPress get_post authentication bypass attempt || url,wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
41496 || SERVER-WEBAPP WordPress get_post authentication bypass attempt || url,wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
41497 || SERVER-WEBAPP WordPress get_post authentication bypass attempt || url,wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
41498 || MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt || url,virustotal.com/en/file/571a7014d1ee4e359e7eb5d2c7b3e6c527f4fcef322781f1c56a1b5bf28c8eb2/analysis/1485884599/
41499 || SERVER-SAMBA Microsoft Windows SMBv2/SMBv3 Buffer Overflow attempt || cve,2017-0016
41663 || MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection || url,virustotal.com/en/file/7a9cdb9d608b88bd7afce001cb285c2bb2ae76f5027977e8635aa04bd064ffb7/analysis/
41711 || MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection || url,virustotal.com/en/file/8d75e47c04bb2cc0f4c2e973475d4ff1fc8f32039794e3ea5ca2494c66d80d3f/analysis/
41712 || MALWARE-CNC Win.Trojan.Houdini backdoor file download request || url,virustotal.com/en/file/8d75e47c04bb2cc0f4c2e973475d4ff1fc8f32039794e3ea5ca2494c66d80d3f/analysis/
41713 || SERVER-WEBAPP DotNetNuke installation attempt detected || cve,2015-2794 || url,www.exploit-db.com/exploits/39777
41722 || SERVER-OTHER Cisco IOS Smart Install protocol backup config command attempt || url,tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
41723 || SERVER-OTHER Cisco IOS Smart Install protocol download config command attempt || url,tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
41724 || SERVER-OTHER Cisco IOS Smart Install protocol download image command attempt || url,tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
41725 || SERVER-OTHER Cisco IOS Smart Install protocol version command attempt || url,tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170214-smi
41978 || OS-WINDOWS Microsoft Windows SMB remote code execution attempt || cve,2017-0144 || cve,2017-0146 || url,blog.talosintelligence.com/2017/05/wannacry.html || url,isc.sans.edu/forums/diary/ETERNALBLUE+Possible+Window+SMB+Buffer+Overflow+0Day/22304/ || url,technet.microsoft.com/en-us/security/bulletin/MS17-010
42019 || BLACKLIST User-Agent known malicious user-agent string - Andr.Trojan.Agent || url,www.virustotal.com/en/file/a3a849ef491a40c0fc1cb4c5e4769447da27ca02552a5fd270b9c2b8dbc0ff70/analysis/
42021 || MALWARE-CNC Andr.Trojan.Agent variant outbound connection attempt || url,www.virustotal.com/en/file/a3a849ef491a40c0fc1cb4c5e4769447da27ca02552a5fd270b9c2b8dbc0ff70/analysis/
42059 || MALWARE-CNC Win.Ransomware.Sage variant outbound connection || url,www.virustotal.com/en/file/c1c31129a39441607c060a7da57855d3969cf47ce4119cda9beaf65b63faca60/analysis/
42128 || MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection || url,blog.vectranetworks.com/blog/an-analysis-of-the-shamoon-2-malware-attack
42129 || MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection || url,blog.vectranetworks.com/blog/an-analysis-of-the-shamoon-2-malware-attack
42130 || BLACKLIST DNS request for known malware domain update.winappupdater.com - Win.Trojan.Ismdoor || url,www.virustotal.com/en/domain/update.winappupdater.com/information/
42225 || MALWARE-CNC Win.Trojan.RedLeaves outbound connection attempt || url,github.com/nccgroup/Cyber-Defence/blob/master/Technical%20Notes/Red%20Leaves/Red%20Leaves%20technical%20note%20v1.0.pdf
42255 || OS-WINDOWS Microsoft Windows empty RDP cookie negotiation attempt || cve,2017-0176 || cve,2017-9073 || url,www.securitytracker.com/id/1038264
42256 || OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected || url,msdn.microsoft.com/en-us/library/ee441638.aspx
42338 || OS-WINDOWS Microsoft Windows SMB large NT RENAME transaction request memory leak attempt || url,msdn.microsoft.com/en-us/library/ee441910.aspx || url,technet.microsoft.com/en-us/security/bulletin/MS17-010
42339 || OS-WINDOWS Microsoft Windows SMB possible leak of kernel heap memory || cve,2017-0147 || url,technet.microsoft.com/en-us/security/bulletin/MS17-010
42340 || OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt || url,msdn.microsoft.com/en-us/library/ee441910.aspx || url,technet.microsoft.com/en-us/security/bulletin/MS17-010
42398 || MALWARE-CNC Win.Trojan.RedLeaves outbound connection attempt || url,github.com/nccgroup/Cyber-Defence/blob/master/Technical%20Notes/Red%20Leaves/Red%20Leaves%20technical%20note%20v1.0.pdf
42820 || OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt || cve,2017-0290 || url,technet.microsoft.com/en-us/library/security/4022344.aspx
42821 || OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt || cve,2017-0290 || url,technet.microsoft.com/en-us/library/security/4022344.aspx
42834 || MALWARE-CNC Win.Backdoor.Chopper web shell connection || url,www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-ii.html
42835 || MALWARE-CNC Win.Backdoor.Chopper web shell connection || url,www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-ii.html
42836 || MALWARE-CNC Win.Backdoor.Chopper web shell connection || url,www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-ii.html
42944 || OS-WINDOWS Microsoft Windows SMB remote code execution attempt || cve,2017-0144 || cve,2017-0146 || url,isc.sans.edu/forums/diary/ETERNALBLUE+Possible+Window+SMB+Buffer+Overflow+0Day/22304/ || url,technet.microsoft.com/en-us/security/bulletin/MS17-010
43004 || SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt || cve,2017-7494 || url,www.samba.org/samba/security/CVE-2017-7494.html
43193 || MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection || url,www.us-cert.gov/ncas/alerts/TA17-164A
43194 || MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection || url,www.us-cert.gov/ncas/alerts/TA17-164A
43291 || SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt || cve,2001-1371
43562 || POLICY-OTHER Teleopti WFM database information request detected || url,seclists.org/fulldisclosure/2017/Feb/13
43563 || POLICY-OTHER Teleopti WFM administrative user credentials request detected || url,seclists.org/fulldisclosure/2017/Feb/13
43564 || POLICY-OTHER Teleopti WFM administrative user creation detected || url,seclists.org/fulldisclosure/2017/Feb/13
43663 || SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt || cve,2004-1885
43809 || SERVER-WEBAPP Kaspersky Linux File Server WMC cross site request forgery attempt || bugtraq,99330 || cve,2017-9810 || url,coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities
43810 || SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt || bugtraq,99330 || cve,2017-9812 || url,coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities
43811 || SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt || bugtraq,99330 || cve,2017-9812 || url,coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities
43812 || SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt || bugtraq,99330 || cve,2017-9812 || url,coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities
43813 || SERVER-WEBAPP Kaspersky Linux File Server WMC cross site scripting attempt || bugtraq,99330 || cve,2017-9813 || url,coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities
43825 || MALWARE-CNC Osx.Trojan.Xagent outbound connection || url,contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html || url,download.bitdefender.com/resources/files/News/CaseStudies/study/143/Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web.pdf
43957 || SERVER-WEBAPP Ubiquiti Networks UniFi Cloud Key Firm v0.6.1 Host Remote Command Execution attempt || url,cxsecurity.com/issue/WLB-2017080038
43972 || MALWARE-CNC Win.Trojan.Fareit variant outbound connection || url,virustotal.com/#/file/01092ea6b5eb749254cf61a58c7c8fe5f6700197643271202fe420ac7cc68d1f/detection
43981 || MALWARE-CNC Andr.Trojan.Femas variant outbound connection || url,blog.lookout.com/blog/2017/02/16/viperrat-mobile-apt/ || url,securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-strongest-chain/
43982 || MALWARE-CNC Andr.Trojan.Femas variant outbound connection || url,blog.lookout.com/blog/2017/02/16/viperrat-mobile-apt/ || url,securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-strongest-chain/
44004 || POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected || url,nvd.nist.gov/vuln/detail/CVE-2017-11587 || url,seclists.org/fulldisclosure/2017/Jul/26
44005 || SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt || url,nvd.nist.gov/vuln/detail/CVE-2017-11588 || url,seclists.org/fulldisclosure/2017/Jul/26
44006 || SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt || url,nvd.nist.gov/vuln/detail/CVE-2017-11588 || url,seclists.org/fulldisclosure/2017/Jul/26
44007 || SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt || url,nvd.nist.gov/vuln/detail/CVE-2017-11588 || url,seclists.org/fulldisclosure/2017/Jul/26
44008 || SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt || url,seclists.org/fulldisclosure/2017/Jul/26
44399 || MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange || url,virustotal.com/#/file/604bd405cf8edd910b25c52b63ab7e4b6c2242bc6eaf6eca4cccb718e1d291e2
44400 || MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange || url,virustotal.com/#/file/604bd405cf8edd910b25c52b63ab7e4b6c2242bc6eaf6eca4cccb718e1d291e2
44401 || MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange || url,malware-traffic-analysis.net/2017/08/12/index.html
44402 || MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange || url,virustotal.com/en/file/70041c335a374d84f64c6c31d59ff09bd8473fd049cfcb46fe085d1eb92ac0b8/analysis/1502073944/
44469 || MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt || url,blog.avast.com/2013/05/03/regents-of-louisiana-spreading-sirefef-malware
44470 || MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt || url,blog.avast.com/2013/05/03/regents-of-louisiana-spreading-sirefef-malware
44591 || MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange || url,virustotal.com/#/file/220a2b2d7353a697496abcabf1b4c1990b8c9b7143e6dada17782ddd9ee2c232
44592 || MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange || url,virustotal.com/#/file/00fa65c8fced0abfab3f544801014a349f7d960819d8d79c47abe090bd75ccfc
44652 || MALWARE-CNC Win.Zusy variant outbound connection || url,www.virustotal.com/en/file/5dea4247e021eeeb1347ff269a357dee77e8ac1837383b0ef37fb123339639a1/analysis/
44678 || POLICY-OTHER NetSupport Manager RAT outbound connection detected || url,www.virustotal.com/#/file/b87ef28981defd135496e25233cc7a47a376a75ddea97fcd4c0927995dd22e47/detection
44689 || MALWARE-CNC Win.Trojan.Gen variant outbound communication || url,us-cert.gov/ncas/alerts/TA17-293A
44762 || MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected || url,securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-from-turla/
44763 || MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected || url,www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack