Detailed List of IPS rules used in the ASG

Last update: Thu Sep 14 17:10:52 2017



Group Name# of attack rules# of warning rulesgoto
 
OS         
OS / Windows  967    3067    goto rules ...  
OS / Linux  29    163    goto rules ...  
OS / Other  188    365    goto rules ...  
 
Server         
Server / HTTP         
Server / HTTP / Common  6    60    goto rules ...  
Server / HTTP / Apache  43    113    goto rules ...  
Server / HTTP / Microsoft IIS  2    203    goto rules ...  
Server / HTTP / Other         
Server / HTTP / Coldfusion         
Server / HTTP / Frontpage  0    38    goto rules ...  
Server / HTTP / PHP  172    493    goto rules ...  
Server / HTTP / CGI  103    276    goto rules ...  
Server / Mail         
Server / Mail / Microsoft Exchange  10    26    goto rules ...  
Server / Mail / Sendmail  1    27    goto rules ...  
Server / Mail / POP3  0    3    goto rules ...  
Server / Mail / IMAP  2    69    goto rules ...  
Server / Mail / SMTP  96    47    goto rules ...  
Server / Database         
Server / Database / Microsoft  3    83    goto rules ...  
Server / Database / Oracle         
Server / Database / MySQL  7    70    goto rules ...  
Server / Database / Common SQL  156    292    goto rules ...  
Server / Database / Common SQL         
Server / Misc         
Server / Misc / DNS  660    957    goto rules ...  
Server / Misc / FTP  36    254    goto rules ...  
Server / Misc / SSH  3    27    goto rules ...  
Server / Misc / Backup  9    112    goto rules ...  
Server / Misc / TFTP         
Server / Misc / SNMP  2    13    goto rules ...  
Server / Misc / Authentication  10    37    goto rules ...  
Server / Misc / CVS  0    21    goto rules ...  
 
Client         
Client / Office  774    1165    goto rules ...  
Client / Browser  1659    1676    goto rules ...  
Client / Email  1    105    goto rules ...  
Client / Multimedia  2564    1365    goto rules ...  
Client / Peer to Peer         
Client / Instant Messenger  2    28    goto rules ...  
 
Protocol Anomaly         
Protocol Anomaly / Invalid Traffic  7    199    goto rules ...  
Protocol Anomaly / ICMP         
Protocol Anomaly / IGMP         
Protocol Anomaly / RPC         
Protocol Anomaly / Misc         
 
Malware  3371    10816    goto rules ...  
Malware / Trojans         
Malware / DoS         

 goto Top

Group: OS

# of attack rules in this group: 0

# of warning rules in this group: 0

 goto Top

Group: OS / Windows

# of attack rules in this group: 967

IDMessageClasstypeCVEBugtraqIDNessusIDCustom
2435FILE-IDENTIFY Microsoft emf file download request (more info ...)misc-activity  2007-5746  9707    URL
7209OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt (more info ...)attempted-admin  2006-3439  19409    URL
7856MALWARE-OTHER Trackware winsysba-a runtime detection - track surfing activity (more info ...)successful-recon-limited        URL
14782OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (more info ...)attempted-admin  2008-4250      URL
15148SERVER-OTHER Microsoft SMS remote control client message length denial of service attempt (more info ...)attempted-dos  2004-0728  10726    
15266BROWSER-PLUGINS MW6 Technologies Barcode.dll ActiveX clsid access attempt (more info ...)attempted-user  2009-0298  33451    
15528OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (more info ...)protocol-command-decode  2009-0230      URL
16395OS-WINDOWS Microsoft Windows SMB COPY command oversized pathname attempt (more info ...)attempted-admin  2010-0020      URL
16417OS-WINDOWS Microsoft Windows SMB Negotiate Protocol Response overflow attempt (more info ...)attempted-admin  2010-0016      URL
16538NETBIOS NT QUERY SECURITY DESC flowbit (more info ...)misc-activity        
16539OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (more info ...)attempted-admin  2010-0269      URL
16540OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (more info ...)attempted-admin  2010-0477      URL
16728NETBIOS Samba SMB1 chain_reply function memory corruption attempt (more info ...)attempted-admin  2010-2063  40884    
16772BROWSER-PLUGINS EMC Captiva QuickScan Pro ActiveX clsid access (more info ...)attempted-user  2012-2515  36546    URL
16774BROWSER-PLUGINS EMC Captiva QuickScan Pro ActiveX function call access (more info ...)attempted-user  2012-2515  36546    URL
16776BROWSER-PLUGINS KeyWorks KeyHelp ActiveX control JumpURL method access attempt (more info ...)attempted-user  2012-2515  36546    URL
17042FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (more info ...)attempted-user  2017-8464      URL
17125OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (more info ...)attempted-admin  2010-2550      URL
17249OS-WINDOWS Microsoft Windows LSASS integer overflow attempt (more info ...)attempted-user  2010-0820      URL
17508 (more info ...)misc-activity  2006-6696  21688    URL
18405 (more info ...)attempted-user  2011-0039      URL
19290FILE-OTHER Microsoft LNK shortcut arbitary dll load attempt (more info ...)attempted-user  2010-2568      URL
20581PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (more info ...)attempted-user  2012-0242      URL
20582PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (more info ...)attempted-user  2012-0242      URL
20850FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (more info ...)misc-activity        
20851FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (more info ...)misc-activity        
20878OS-WINDOWS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (more info ...)attempted-user  2012-0009      URL
21078FILE-MULTIMEDIA Microsoft Windows DirectShow GraphEdt closed captioning memory corruption (more info ...)attempted-user  2012-0004      URL
21299BROWSER-PLUGINS Microsoft Silverlight privilege escalation attempt (more info ...)attempted-admin  2012-0014      URL
21305FILE-EXECUTABLE Microsoft .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (more info ...)attempted-user  2012-0015      URL
21308FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (more info ...)attempted-user  2012-0150      URL
21504OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
21505OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
21506OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
21507OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
21508OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
21567OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (more info ...)attempted-user  2012-0016      URL
21570OS-WINDOWS Microsoft Windows RemoteDesktop new session flood attempt (more info ...)attempted-admin  2012-0002      URL
21619OS-WINDOWS Microsoft Windows RemoteDesktop connect-initial pdu remote code execution attempt (more info ...)attempted-admin  2012-0002      URL
21792FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (more info ...)attempted-user  2012-0163      URL
21795FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (more info ...)attempted-user  2012-0151      
22042FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (more info ...)attempted-user  2012-0163      URL
22079OS-WINDOWS Microsoft .NET framework EvidenceBase class remote code execution attempt (more info ...)attempted-user  2012-0160      URL
22087FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (more info ...)attempted-user  2012-0159      URL
22090OS-WINDOWS Microsoft .NET framework malicious XBAP attempt (more info ...)attempted-user  2012-0162      URL
22942FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (more info ...)attempted-user  2012-0151      
23048BROWSER-PLUGINS McAfee Virtual Technician Security Bypass ActiveX clsid attempt (more info ...)attempted-user  2012-4598  53304    
23049BROWSER-PLUGINS McAfee Virtual Technician Security Bypass ActiveX function call attempt (more info ...)attempted-user  2012-4598  53304    
23050BROWSER-PLUGINS McAfee Virtual Technician Security Bypass ActiveX function call attempt (more info ...)attempted-user  2012-4598  53304    
23127FILE-EXECUTABLE Microsoft Windows .NET xbap STGMEDIUM.unionmember arbitrary number overwrite attempt (more info ...)attempted-user  2012-1855      URL
23181FILE-EXECUTABLE Microsoft Windows .NET Framework xbap DataObject object pointer attempt (more info ...)attempted-user  2012-1855      URL
23237OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (more info ...)attempted-admin  2010-0477      URL
23283BROWSER-PLUGINS Oracle WebCenter Forms Recognition ActiveX clsid access attempt (more info ...)attempted-user  2012-1709      URL
23284BROWSER-PLUGINS Oracle WebCenter Forms Recognition ActiveX clsid access attempt (more info ...)attempted-user  2012-1709      URL
23352BROWSER-PLUGINS Cisco Linksys PlayerPT ActiveX clsid access attempt (more info ...)attempted-user  2012-0284      URL
23353BROWSER-PLUGINS Cisco Linksys PlayerPT ActiveX function call access attempt (more info ...)attempted-user  2012-0284      URL
23395BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (more info ...)attempted-user  2012-5896  52765    
23396BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (more info ...)attempted-user  2012-5896  52765    
23837OS-WINDOWS Microsoft Windows SMB host announcement format string exploit attempt (more info ...)attempted-admin  2012-1851      URL
23838OS-WINDOWS Microsoft Windows SMB NetServerEnum response host format string exploit attempt (more info ...)attempted-admin  2012-1851      URL
23839OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (more info ...)attempted-dos  2012-1853  54940    URL
23846OS-WINDOWS Microsoft Windows Terminal server RDP freed memory write attempt (more info ...)attempted-admin  2012-2526      URL
24007OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (more info ...)attempted-dos  2012-1853  54940    URL
24089OS-WINDOWS Microsoft WebDAV PROPFIND request (more info ...)misc-activity        
24090OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (more info ...)attempted-user  2012-0175  54307    URL
24196BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX clsid access attempt (more info ...)attempted-user  2012-2516  54215    URL
24197BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (more info ...)attempted-user  2012-2516  54215    URL
24359OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (more info ...)attempted-recon  2000-0347  1163    
24446SERVER-OTHER EMC NetWorker SunRPC format string exploit attempt (more info ...)attempted-admin  2012-2288  55330    URL
24500FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (more info ...)attempted-user  2017-8464      URL
24580PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (more info ...)attempted-user  2012-0242      URL
24581PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (more info ...)attempted-user  2012-0242      URL
24582PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (more info ...)attempted-user  2012-0242      URL
24583PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (more info ...)attempted-user  2012-0242      URL
24584PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (more info ...)attempted-user  2012-0242      URL
24585PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (more info ...)attempted-user  2012-0242      URL
24649FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (more info ...)attempted-admin  2012-4786      URL
24650FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (more info ...)attempted-admin  2012-4786      URL
24664FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (more info ...)misc-activity  2012-1895      URL
24665FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (more info ...)misc-activity  2012-1895      URL
24696PROTOCOL-RPC EMC Networker nsrindexd.exe procedure 0x01 buffer overflow attempt (more info ...)attempted-user  2012-0395      URL
24771BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (more info ...)attempted-user  2012-2175      URL
24772BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (more info ...)attempted-user  2012-2175  53879    URL
24773BROWSER-PLUGINS IBM Lotus iNotes Attachement_Times ActiveX clsid access (more info ...)attempted-user  2012-2175  53879    URL
24957BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (more info ...)attempted-user  2012-1537  56839    URL
24958BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (more info ...)attempted-user  2012-1537  56839    URL
24959BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (more info ...)attempted-user  2012-1537  56839    URL
24960BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (more info ...)attempted-user  2012-1537  56839    URL
24961BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (more info ...)attempted-user  2012-1537  56839    URL
24962BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (more info ...)attempted-user  2012-1537  56839    URL
24963BROWSER-PLUGINS Microsoft DirectPlay ActiveX clsid access (more info ...)attempted-user  2012-1537  56839    URL
25032FILE-IDENTIFY Microsoft Silverlight application file download request (more info ...)misc-activity        
25033FILE-IDENTIFY Microsoft Silverlight application file attachment detected (more info ...)misc-activity        
25034FILE-IDENTIFY Microsoft Silverlight application file attachment detected (more info ...)misc-activity        
25252FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (more info ...)attempted-user  2012-0015      URL
25253FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (more info ...)attempted-user  2012-0015      URL
25254BROWSER-PLUGINS Cisco Linksys PlayerPT ActiveX clsid access attempt (more info ...)attempted-user  2012-0284      URL
25299BROWSER-PLUGINS IBM VsVIEW ActiveX control directory traversal attempt (more info ...)attempted-user  2012-0189  51448    URL
25300BROWSER-PLUGINS IBM VsVIEW ActiveX control directory traversal attempt (more info ...)attempted-user  2012-0189  51448    URL
25357FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (more info ...)attempted-user  2012-0151      
25542PROTOCOL-RPC EMC NetWorker nsrindexd service buffer overflow attempt (more info ...)attempted-admin  2012-4607  57182    URL
25779FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (more info ...)attempted-user  2012-0151      
25795FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (more info ...)attempted-user  2013-0077      URL
25796FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (more info ...)attempted-user  2013-0077      URL
26066OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
26067OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
26068OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
26069OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
26181BROWSER-PLUGINS Samsung NET-i viewer BackupToAvi ActiveX clsid access attempt (more info ...)attempted-user  2012-4333  53193    
26182BROWSER-PLUGINS Samsung NET-i viewer BackupToAvi ActiveX function call access attempt (more info ...)attempted-user  2012-4333  53193    
26183BROWSER-PLUGINS TRENDNet SecurView internet camera UltraMJCam ActiveX clsid access attempt (more info ...)attempted-user  2012-4876  52760    URL
26184BROWSER-PLUGINS TRENDNet SecurView internet camera UltraMJCam ActiveX function call access attempt (more info ...)attempted-user  2012-4876  52760    URL
26187BROWSER-PLUGINS McAfee Virtual Technician Security Bypass ActiveX clsid attempt (more info ...)attempted-user  2012-4598  53304    
26355BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
26356BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
26357BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
26358BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
26359BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
26360BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
26361BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
26362BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
26363BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
26364BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
26365BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
26865FILE-IMAGE Microsoft Multiple Products malformed PNG detected tEXt overflow attempt (more info ...)attempted-user  2013-1331  18385    URL
27136OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (more info ...)attempted-admin  2013-3134      URL
27139OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (more info ...)attempted-admin  2013-3134      URL
27576FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (more info ...)attempted-user  2012-0159      URL
27798BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX clsid access attempt (more info ...)attempted-user  2012-2516  54215    URL
27799BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (more info ...)attempted-user  2012-2516  54215    URL
27822FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (more info ...)attempted-admin  2013-0810      URL
27869BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (more info ...)attempted-user  2013-4798  61443    URL
27870BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (more info ...)attempted-user  2013-4798  61443    URL
27871BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (more info ...)attempted-user  2013-4798  61443    URL
27872BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (more info ...)attempted-user  2013-4798  61443    URL
28435BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (more info ...)attempted-user  2014-0895  66116    URL
28436BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (more info ...)attempted-user  2014-0895  66116    URL
28487OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt (more info ...)attempted-user  2013-3906      
28488OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt (more info ...)attempted-user  2013-3906      
28505BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (more info ...)attempted-user  2013-3918      URL
28506BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (more info ...)attempted-user  2013-3918      URL
28507FILE-IDENTIFY Microsoft Write file download file attachment detected (more info ...)misc-activity        
28508FILE-IDENTIFY Microsoft Write file download file attachment detected (more info ...)misc-activity        
28579BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (more info ...)attempted-user  2013-0074  58327    URL
28580BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (more info ...)attempted-user  2013-0074  58327    URL
28581BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (more info ...)attempted-user  2013-0074  58327    URL
28582BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (more info ...)attempted-user  2013-0074  58327    URL
28583BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (more info ...)attempted-user  2013-0074  58327    URL
28584BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (more info ...)attempted-user  2013-0074  58327    URL
29059BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX clsid access (more info ...)attempted-user        URL
29060BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX function call access (more info ...)attempted-user        URL
29092BROWSER-PLUGINS ABB Test Signal Viewer CWGraph3D ActiveX clsid access attempt (more info ...)attempted-user  2013-5022  61828    
29097BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (more info ...)attempted-user        URL
29098BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX function call access (more info ...)attempted-user        URL
29099BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (more info ...)attempted-user        URL
29100BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (more info ...)attempted-user        URL
29101BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (more info ...)attempted-user        URL
29102BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX function call access (more info ...)attempted-user        URL
29405FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (more info ...)misc-activity        
29406FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (more info ...)misc-activity        
29407FILE-IDENTIFY Microsoft Internet Shortcut file download request (more info ...)misc-activity        
29506BROWSER-PLUGINS ABB Test Signal Viewer CWGraph3D ActiveX clsid access attempt (more info ...)attempted-user  2013-5022  61828    
29507BROWSER-PLUGINS ABB Test Signal Viewer CWGraph3D ActiveX clsid access attempt (more info ...)attempted-user  2013-5022  61828    
29508BROWSER-PLUGINS ABB Test Signal Viewer CWGraph3D ActiveX clsid access attempt (more info ...)attempted-user  2013-5022  61828    
29533BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (more info ...)attempted-user  2012-5896  52765    
29618SERVER-WEBAPP Novell GroupWise Client activex InvokeContact untrusted pointer dereference (more info ...)attempted-user  2013-0804  57657    
29619SERVER-WEBAPP Novell GroupWise Client activex GenerateSummaryPage untrusted pointer dereference (more info ...)attempted-user  2013-0804  57657    
29943OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (more info ...)attempted-admin  2010-0477      URL
29944FILE-IMAGE Microsoft Multiple Products potentially malicious PNG detected - large or invalid chunk size (more info ...)attempted-user  2013-1331  18385    URL
29945FILE-IMAGE Microsoft Multiple Products potentially malicious PNG detected - large or invalid chunk size (more info ...)attempted-user  2013-1331  18385    URL
30048BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (more info ...)attempted-user  2013-6040  65038    URL
30049BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (more info ...)attempted-user  2013-6040  65038    URL
30050BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (more info ...)attempted-user  2013-6040  65038    URL
30051BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (more info ...)attempted-user  2013-6040  65038    URL
30052BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (more info ...)attempted-user  2013-6040  65038    URL
30053BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (more info ...)attempted-user  2013-6040  65038    URL
30092BROWSER-PLUGINS Novell GroupWise Client for Windows ActiveX clsid access (more info ...)attempted-user  2013-0804      URL
30093BROWSER-PLUGINS Novell GroupWise Client for Windows ActiveX function call access (more info ...)attempted-user  2013-0804      URL
30898FILE-OTHER Microsoft Windows Briefcase integer underflow (more info ...)attempted-user  2012-1527      URL
30972EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (more info ...)trojan-activity        
31369EXPLOIT-KIT Rig exploit kit outbound Microsoft Silverlight request (more info ...)trojan-activity        
31427FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (more info ...)attempted-user  2012-0150      URL
31702FILE-IDENTIFY Microsoft Silverlight application file magic detected (more info ...)misc-activity        
31703FILE-IDENTIFY Microsoft Silverlight application file magic detected (more info ...)misc-activity        
31877SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (more info ...)attempted-user    55272    URL
31878SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (more info ...)attempted-user    55272    URL
31879SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (more info ...)attempted-user    55272    URL
31880SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (more info ...)attempted-user    55272    URL
31881SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (more info ...)attempted-user    55272    URL
31882SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (more info ...)attempted-user    55272    URL
32190OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (more info ...)attempted-user  2014-4148      URL
32191OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (more info ...)attempted-user  2014-4148      URL
32361FILE-OTHER Microsoft Windows Briefcase integer overflow (more info ...)attempted-user  2012-1528      URL
32404OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32405OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32406OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32407OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32408OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32409OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32410OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32411OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32412OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32413OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32414OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32415OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32416OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32417OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32422OS-WINDOWS Microsoft Windows DTLSv1.0 handshake cookie buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32423OS-WINDOWS Microsoft Windows DTLSv1.0 hello verify request out of bounds read attempt (more info ...)attempted-admin  2014-6321      URL
32501FILE-OTHER Microsoft XML invalid priority in xsl template (more info ...)attempted-user  2014-4118      URL
32502FILE-OTHER Microsoft XML invalid priority in xsl template (more info ...)attempted-user  2014-4118      URL
32730FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (more info ...)attempted-admin  2013-0010      URL
32731OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32732OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32876EXPLOIT-KIT Nuclear exploit kit outbound Microsoft Silverlight exploit request (more info ...)trojan-activity        
33003BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (more info ...)attempted-user    62585    
33004BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (more info ...)attempted-user    62585    
33018BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX clsid access attempt (more info ...)attempted-user  2013-1516      URL
33019BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX clsid access attempt (more info ...)attempted-user  2013-1516      URL
33020BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX clsid access attempt (more info ...)attempted-user  2013-1516      URL
33021BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX clsid access attempt (more info ...)attempted-user  2013-1516      URL
33050PROTOCOL-TELNET Microsoft Telnet Server buffer overflow attempt (more info ...)attempted-user  2015-0014      URL
33051BROWSER-PLUGINS CTSWebProxy ActiveX privilege escalation attempt (more info ...)attempted-admin  2015-0016      URL
33052BROWSER-PLUGINS CTSWebProxy ActiveX privilege escalation attempt (more info ...)attempted-admin  2015-0016      URL
33451PROTOCOL-TELNET Microsoft Telnet Server buffer overflow attempt (more info ...)attempted-user  2015-0014      URL
33825OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (more info ...)attempted-recon  2000-0347  1163    
34057OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
34058OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
34178OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (more info ...)attempted-admin        
34179OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (more info ...)attempted-admin        
34331EXPLOIT-KIT Fiesta exploit kit Microsoft SilverLight exploit download (more info ...)trojan-activity        
34371FILE-OTHER Microsoft Journal memory corruption attempt (more info ...)attempted-user  2015-1698      URL
34372FILE-OTHER Microsoft Journal memory corruption attempt (more info ...)attempted-user  2015-1698      URL
34385FILE-OTHER Microsoft Journal memory corruption attempt (more info ...)attempted-user  2015-1697      URL
34386FILE-OTHER Microsoft Journal memory corruption attempt (more info ...)attempted-user  2015-1697      URL
34387FILE-OTHER Microsoft Journal out of bounds write attempt (more info ...)attempted-user  2015-1695      URL
34388FILE-OTHER Microsoft Journal out of bounds write attempt (more info ...)attempted-user  2015-1695      URL
34389FILE-OTHER Microsoft Journal out of bounds read attempt (more info ...)attempted-user  2015-1696      URL
34390FILE-OTHER Microsoft Journal out of bounds read attempt (more info ...)attempted-user  2015-1696      URL
34399FILE-OTHER Microsoft Journal file exploitation attempt (more info ...)attempted-user  2015-1675      URL
34400FILE-OTHER Microsoft Journal file exploitation attempt (more info ...)attempted-user  2015-1675      URL
34401OS-WINDOWS Microsoft Windows Calendar object heap corruption attempt (more info ...)attempted-user  2015-1673      URL
34402OS-WINDOWS Microsoft Windows Calendar object heap corruption attempt (more info ...)attempted-user  2015-1673      URL
34403FILE-OTHER Microsoft Journal out of bounds read attempt (more info ...)attempted-user  2015-1699      URL
34404FILE-OTHER Microsoft Journal out of bounds read attempt (more info ...)attempted-user  2015-1699      URL
34440OS-WINDOWS Microsoft Windows Win32k TrueType Font parsing out of bounds attempt (more info ...)attempted-user  2015-1671      URL
34441OS-WINDOWS Microsoft Windows Win32k TrueType Font parsing out of bounds attempt (more info ...)attempted-user  2015-1671      URL
34638BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access attempt (more info ...)attempted-user  2014-8511      
34639BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (more info ...)attempted-user  2014-8511      
34640BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (more info ...)attempted-user  2014-8511      
34641BROWSER-PLUGINS McAfee Virtual Technician ActiveX clsid access attempt (more info ...)attempted-user  2012-5879      
34642BROWSER-PLUGINS McAfee Virtual Technician ActiveX clsid access attempt (more info ...)attempted-user  2012-5879      
35151OS-WINDOWS Microsoft Windows RDP server PDU length heap overflow attempt (more info ...)attempted-admin  2015-2373      URL
35304FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (more info ...)attempted-admin  2015-2426      URL
35305FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (more info ...)attempted-admin  2015-2426      URL
35483FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file remote code execution attempt (more info ...)attempted-admin  2015-2432      URL
35484FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file remote code execution attempt (more info ...)attempted-admin  2015-2432      URL
35485FILE-OTHER Microsoft Windows atmfd.dll font driver malformed OTF file remote code execution attempt (more info ...)attempted-admin  2015-2462      URL
35486FILE-OTHER Microsoft Windows atmfd.dll font driver malformed OTF file remote code execution attempt (more info ...)attempted-admin  2015-2462      URL
35489FILE-OTHER Microsoft Windows OTF file parsing error exploitation attempt (more info ...)attempted-user  2015-2458      URL
35490FILE-OTHER Microsoft Windows OTF file parsing error exploitation attempt (more info ...)attempted-user  2015-2458      URL
35491FILE-OTHER Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remote code execution attempt (more info ...)attempted-user  2015-2435      URL
35492FILE-OTHER Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remote code execution attempt (more info ...)attempted-user  2015-2435      URL
35495FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file remote code execution attempt (more info ...)attempted-admin  2015-2459      URL
35496FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file remote code execution attempt (more info ...)attempted-admin  2015-2459      URL
35515OS-WINDOWS Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt (more info ...)attempted-user  2015-2460      URL
35516OS-WINDOWS Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt (more info ...)attempted-user  2015-2460      URL
35517FILE-OTHER Microsoft Windows FontView OpenType Font atmfd.dll invalid memory reference attempt (more info ...)attempted-admin  2015-2461      URL
35518FILE-OTHER Microsoft Windows FontView OpenType Font atmfd.dll invalid memory reference attempt (more info ...)attempted-admin  2015-2461      URL
35519FILE-OTHER Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt (more info ...)attempted-admin  2015-2463      URL
35520FILE-OTHER Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt (more info ...)attempted-admin  2015-2463      URL
35523OS-WINDOWS Microsoft Windows TTF invalid system memory access attempt (more info ...)attempted-admin  2015-2464      URL
35524OS-WINDOWS Microsoft Windows TTF invalid system memory access attempt (more info ...)attempted-admin  2015-2464      URL
35525OS-WINDOWS Microsoft Windows TrueType font parsing integer underflow attempt (more info ...)attempted-admin  2015-2455      URL
35526OS-WINDOWS Microsoft Windows TrueType font parsing integer underflow attempt (more info ...)attempted-admin  2015-2455      URL
35705BROWSER-IE Microsoft Edge history.state use after free attempt (more info ...)attempted-user        
35706BROWSER-IE Microsoft Edge history.state use after free attempt (more info ...)attempted-user        
35719OS-WINDOWS Microsoft Windows CDD font parsing kernel memory corruption attempt (more info ...)attempted-admin  2015-2506      URL
35720OS-WINDOWS Microsoft Windows CDD font parsing kernel memory corruption attempt (more info ...)attempted-admin  2015-2506      URL
35731OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (more info ...)attempted-user  2012-0175  54307    URL
35872BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (more info ...)attempted-user        
35873BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (more info ...)attempted-user        
35874BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (more info ...)attempted-user        
35875BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (more info ...)attempted-user        
35955BROWSER-IE Microsoft Edge CStr object use after free attempt (more info ...)attempted-user  2015-2490      URL
35956BROWSER-IE Microsoft Edge CStr object use after free attempt (more info ...)attempted-user  2015-6087      URL
35957BROWSER-IE Microsoft Edge CStr object use after free attempt (more info ...)attempted-user  2015-2490      URL
35958BROWSER-IE Microsoft Edge CStr object use after free attempt (more info ...)attempted-user  2015-6087      URL
35959BROWSER-IE Microsoft Edge DOMNode manipulation use after free attempt (more info ...)attempted-user  2015-2488      URL
35960BROWSER-IE Microsoft Edge DOMNode manipulation use after free attempt (more info ...)attempted-user  2015-2488      URL
35961FILE-OTHER Microsoft Journal file parsing remote code execution attempt (more info ...)attempted-user  2015-2513      URL
35962FILE-OTHER Microsoft Journal file parsing remote code execution attempt (more info ...)attempted-user  2015-2513      URL
35984OS-WINDOWS Microsoft Windows GDI+ denial of service attempt (more info ...)attempted-user  2015-2510      URL
35985OS-WINDOWS Microsoft Windows GDI+ denial of service attempt (more info ...)attempted-user  2015-2510      URL
36014OS-WINDOWS Microsoft Windows System.DirectoryServices.Protocols.Utility class memory overflow attempt (more info ...)attempted-user  2015-2504      URL
36015OS-WINDOWS Microsoft Windows System.DirectoryServices.Protocols.Utility class memory overflow attempt (more info ...)attempted-user  2015-2504      URL
36109BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven InterfaceFilter ActiveX clsid access (more info ...)attempted-user  2014-9208      URL
36110BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven InterfaceFilter ActiveX clsid access (more info ...)attempted-user  2014-9208      URL
36111BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven InterfaceFilter ActiveX clsid access (more info ...)attempted-user  2014-9208      URL
36112BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven InterfaceFilter ActiveX clsid access (more info ...)attempted-user  2014-9208      URL
36472BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access (more info ...)attempted-user  2014-9208  76672    
36473BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access (more info ...)attempted-user  2014-9208  76672    
36474BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access (more info ...)attempted-user  2014-9208  76672    
36475BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access (more info ...)attempted-user  2014-9208  76672    
36533BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (more info ...)attempted-user  2012-5896  52765    
36534BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (more info ...)attempted-user  2012-5896  52765    
36618BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven GetWideStrCpy ActiveX clsid access (more info ...)attempted-user  2014-9208  76672    
36619BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven GetWideStrCpy ActiveX clsid access (more info ...)attempted-user  2014-9208  76672    
36620BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven GetWideStrCpy ActiveX clsid access (more info ...)attempted-user  2014-9208  76672    
36621BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven GetWideStrCpy ActiveX clsid access (more info ...)attempted-user  2014-9208  76672    
36640BROWSER-PLUGINS Advantech WebAccess SCADA webdact.ocx AccessCode ActiveX clsid access attempt (more info ...)attempted-user  2014-0767  66728    URL
36641BROWSER-PLUGINS Advantech WebAccess SCADA webdact.ocx AccessCode ActiveX clsid access attempt (more info ...)attempted-user  2014-0767  66728    URL
36642BROWSER-PLUGINS Advantech WebAccess SCADA webdact.ocx AccessCode ActiveX clsid access attempt (more info ...)attempted-user  2014-0767  66728    URL
36643BROWSER-PLUGINS Advantech WebAccess SCADA webdact.ocx AccessCode ActiveX clsid access attempt (more info ...)attempted-user  2014-0767  66728    URL
36644BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (more info ...)attempted-user  2012-2175  53879    URL
36645BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (more info ...)attempted-user  2012-2175  53879    URL
36646BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (more info ...)attempted-user  2012-2175  53879    URL
36653BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (more info ...)attempted-user  2013-6040  65038    URL
36654BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (more info ...)attempted-user  2013-6040  65038    URL
36697FILE-OTHER Microsoft Windows Journal integer overflow attempt (more info ...)attempted-user  2015-6097      URL
36698FILE-OTHER Microsoft Windows Journal integer overflow attempt (more info ...)attempted-user  2015-6097      URL
36703OS-WINDOWS Microsoft Windows DeferWindowPos privilege escalation attempt (more info ...)attempted-admin  2015-6101      URL
36704OS-WINDOWS Microsoft Windows DeferWindowPos privilege escalation attempt (more info ...)attempted-admin  2015-6101      URL
36705OS-WINDOWS Microsoft Windows afd.sys memory corruption attempt (more info ...)attempted-admin  2015-2478      URL
36706OS-WINDOWS Microsoft Windows afd.sys memory corruption attempt (more info ...)attempted-admin  2015-2478      URL
36709OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (more info ...)attempted-admin  2015-6100      URL
36710OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (more info ...)attempted-admin  2015-6100      URL
36711FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (more info ...)misc-activity        
36712OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (more info ...)attempted-user  2015-6096      URL
36713OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (more info ...)attempted-user  2015-6096      URL
36722OS-WINDOWS Microsoft Windows win32k information disclosure attempt (more info ...)attempted-recon  2015-6109      URL
36723OS-WINDOWS Microsoft Windows win32k information disclosure attempt (more info ...)attempted-recon  2015-6109      URL
36736FILE-OTHER Microsoft Windows malformed TrueType file remote code execution attempt (more info ...)attempted-user  2015-6104      URL
36737FILE-OTHER Microsoft Windows malformed TrueType file remote code execution attempt (more info ...)attempted-user  2015-6104      URL
36744OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (more info ...)attempted-admin  2015-6098      URL
36745OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (more info ...)attempted-admin  2015-6098      URL
36746BROWSER-IE Microsoft Edge click method use after free attempt (more info ...)attempted-user  2015-6088      URL
36747BROWSER-IE Microsoft Edge click method use after free attempt (more info ...)attempted-user  2015-6088      URL
36749FILE-OTHER Microsoft Windows TrueType font parsing out of bounds write attempt (more info ...)attempted-user  2015-6103      URL
36750FILE-OTHER Microsoft Windows TrueType font parsing out of bounds write attempt (more info ...)attempted-user  2015-6103      URL
36761OS-WINDOWS Microsoft Windows NtSetInformationFile hard link sandbox bypass attempt (more info ...)policy-violation  2015-6113      URL
36762OS-WINDOWS Microsoft Windows NtSetInformationFile hard link sandbox bypass attempt (more info ...)policy-violation  2015-6113      URL
36817FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field integer overflow attempt (more info ...)attempted-user  2010-0028      URL
36818FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field integer overflow attempt (more info ...)attempted-user  2010-0028      URL
36865BROWSER-PLUGINS IDAutomation IDAuto.BarCode ActiveX clsid access attempt (more info ...)attempted-user  2008-2283      
36866BROWSER-PLUGINS IDAutomation IDAuto.Datamatrix ActiveX clsid access attempt (more info ...)attempted-user  2008-2283      
36867BROWSER-PLUGINS IDAutomation IDAuto.Datamatrix ActiveX clsid access attempt (more info ...)attempted-user  2008-2283      
36868BROWSER-PLUGINS IDAutomation IDAuto.BarCode ActiveX clsid access attempt (more info ...)attempted-user  2008-2283      
36869BROWSER-PLUGINS IDAutomation IDAuto.PDF417 ActiveX clsid access attempt (more info ...)attempted-user  2008-2283      
36870BROWSER-PLUGINS IDAutomation IDAuto.PDF417 ActiveX clsid access attempt (more info ...)attempted-user  2008-2283      
36871BROWSER-PLUGINS IDAutomation IDAuto.Aztec ActiveX clsid access attempt (more info ...)attempted-user  2008-2283      
36872BROWSER-PLUGINS IDAutomation IDAuto.Aztec ActiveX clsid access attempt (more info ...)attempted-user  2008-2283      
36884FILE-IMAGE Microsoft Windows Paint jpeg with malformed SOFx field integer overflow attempt (more info ...)attempted-user  2010-0028      URL
36932BROWSER-IE Microsoft Edge iframe climbing cross site scripting attempt (more info ...)attempted-user  2015-6170      URL
36933BROWSER-IE Microsoft Edge iframe climbing cross site scripting attempt (more info ...)attempted-user  2015-6170      URL
36952FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (more info ...)attempted-user  2015-6130      URL
36953FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (more info ...)attempted-user  2015-6130      URL
36970OS-WINDOWS Microsoft Windows win32k.sys palette double free attempt (more info ...)attempted-admin  2015-6173      URL
36971OS-WINDOWS Microsoft Windows win32k.sys palette double free attempt (more info ...)attempted-admin  2015-6173      URL
36976OS-WINDOWS Microsoft Windows thread lock desynchronization null pointer dereference attempt (more info ...)attempted-admin  2015-6174      URL
36977OS-WINDOWS Microsoft Windows thread lock desynchronization null pointer dereference attempt (more info ...)attempted-admin  2015-6174      URL
36984BROWSER-IE Microsoft Edge CAttrArray out of bounds read attempt (more info ...)attempted-user  2015-6168      URL
36985BROWSER-IE Microsoft Edge CAttrArray out of bounds read attempt (more info ...)attempted-user  2015-6168      URL
36989OS-WINDOWS Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt (more info ...)attempted-admin  2015-6175      URL
36990OS-WINDOWS Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt (more info ...)attempted-admin  2015-6175      URL
36997OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (more info ...)attempted-recon  2015-6114      URL
36998OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (more info ...)attempted-recon  2015-6114      URL
37005BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (more info ...)attempted-user  2009-0134      
37006BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (more info ...)attempted-user  2009-0134      
37007BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (more info ...)attempted-user  2009-0134      
37008BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (more info ...)attempted-user  2009-0134      
37021BROWSER-PLUGINS MW6 Technologies Barcode.dll ActiveX clsid access attempt (more info ...)attempted-user  2009-0298  33451    
37022BROWSER-PLUGINS MW6 Technologies Barcode.dll ActiveX clsid access attempt (more info ...)attempted-user  2009-0298  33451    
37023BROWSER-PLUGINS MW6 Technologies Barcode.dll ActiveX clsid access attempt (more info ...)attempted-user  2009-0298  33451    
37267BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (more info ...)attempted-user  2016-0034      URL
37268BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (more info ...)attempted-user  2016-0034      URL
37269OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (more info ...)attempted-user  2016-0007      URL
37270OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (more info ...)attempted-user  2016-0007      URL
37271OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (more info ...)attempted-user  2016-0006      URL
37272OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (more info ...)attempted-user  2016-0006      URL
37275OS-WINDOWS Microsoft Windows feclient.dll dll-load exploit attempt (more info ...)attempted-user  2016-0014      URL
37276OS-WINDOWS Microsoft Windows feclient.dll dll-load exploit attempt (more info ...)attempted-user  2016-0014      URL
37277OS-WINDOWS Microsoft Windows devenum.dll device moniker underflow attempt (more info ...)attempted-admin  2016-0015      URL
37278OS-WINDOWS Microsoft Windows devenum.dll device moniker underflow attempt (more info ...)attempted-admin  2016-0015      URL
37279BROWSER-IE Microsoft Edge mutation event memory corruption attempt (more info ...)attempted-user  2016-0124      URL
37280BROWSER-IE Microsoft Edge mutation event memory corruption attempt (more info ...)attempted-user  2016-0124      URL
37512BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (more info ...)attempted-user  2015-8561      
37513BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (more info ...)attempted-user  2015-8561      
37514BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (more info ...)attempted-user  2015-8561      
37515BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (more info ...)attempted-user  2015-8561      
37537BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (more info ...)attempted-user    60161    
37538BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (more info ...)attempted-user    60161    
37539BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (more info ...)attempted-user    60158    
37540BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (more info ...)attempted-user    60158    
37541BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (more info ...)attempted-user    60161    
37542BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (more info ...)attempted-user    60161    
37543BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (more info ...)attempted-user    60158    
37544BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (more info ...)attempted-user    60158    
37565FILE-PDF Microsoft Reader dynamic object stream uninitialized memory corruption attempt (more info ...)attempted-user  2016-0046      URL
37566FILE-PDF Microsoft Reader dynamic object stream uninitialized memory corruption attempt (more info ...)attempted-user  2016-0046      URL
37567OS-WINDOWS Microsoft Windows WmipReceiveNotifications out of bounds write attempt (more info ...)attempted-admin  2016-0040      URL
37568OS-WINDOWS Microsoft Windows WmipReceiveNotifications out of bounds write attempt (more info ...)attempted-admin  2016-0040      URL
37569OS-WINDOWS Microsoft Windows WmipReceiveNotifications out of bounds write attempt (more info ...)attempted-admin  2016-0040      URL
37570OS-WINDOWS Microsoft Windows WmipReceiveNotifications out of bounds write attempt (more info ...)attempted-admin  2016-0040      URL
37575BROWSER-IE Microsoft Edge CTextBlock out of bounds read attempt (more info ...)attempted-user  2016-0083      URL
37576BROWSER-IE Microsoft Edge CTextBlock out of bounds read attempt (more info ...)attempted-user  2016-0083      URL
37577FILE-OTHER Microsoft Windows Journal CWispTiss use after free attempt (more info ...)attempted-user  2016-0038      URL
37578FILE-OTHER Microsoft Windows Journal CWispTiss use after free attempt (more info ...)attempted-user  2016-0038      URL
37581BROWSER-IE Microsoft Edge SysFreeString double free attempt (more info ...)attempted-user  2016-0060      URL
37582BROWSER-IE Microsoft Edge SysFreeString double free attempt (more info ...)attempted-user  2016-0060      URL
37584OS-WINDOWS Microsoft Windows wind32kfull.sys out of bounds write attempt (more info ...)attempted-admin  2016-0048      URL
37585OS-WINDOWS Microsoft Windows wind32kfull.sys out of bounds write attempt (more info ...)attempted-admin  2016-0048      URL
37586OS-WINDOWS Microsoft Windows WebDAV mini redirector driver privilege escalation attempt (more info ...)attempted-admin  2016-0051      URL
37587OS-WINDOWS Microsoft Windows WebDAV mini redirector driver privilege escalation attempt (more info ...)attempted-admin  2016-0051      URL
37594FILE-PDF Microsoft Windows PDF Library invalid JPX image heap corruption attempt (more info ...)attempted-user  2016-0058      URL
37595FILE-PDF Microsoft Windows PDF Library invalid JPX image heap corruption attempt (more info ...)attempted-user  2016-0058      URL
37655OS-WINDOWS Microsoft .NET Framework XSLT parser stack exhaustion attempt (more info ...)attempted-dos  2016-0033      URL
37656OS-WINDOWS Microsoft .NET Framework XSLT parser stack exhaustion attempt (more info ...)attempted-dos  2016-0033      URL
37663FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (more info ...)attempted-user  2010-0265      URL
37677BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (more info ...)attempted-user  2014-0895  66116    URL
37678BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (more info ...)attempted-user  2014-0895  66116    URL
37801BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (more info ...)attempted-user  2013-0074  58327    URL
37822BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (more info ...)attempted-user  2013-3918      URL
37823BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (more info ...)attempted-user  2013-3918      URL
37995BROWSER-PLUGINS IE MsRdpClient ActiveX attempt (more info ...)attempted-user  2013-1302      
37996BROWSER-PLUGINS IE MsRdpClient ActiveX attempt (more info ...)attempted-user  2013-1302      
37997BROWSER-PLUGINS IE MsRdpClient ActiveX attempt (more info ...)attempted-user  2013-1302      
37998BROWSER-PLUGINS IE MsRdpClient ActiveX attempt (more info ...)attempted-user  2013-1302      
37999BROWSER-PLUGINS IE MsRdpClient ActiveX attempt (more info ...)attempted-user  2013-1302      
38000BROWSER-PLUGINS IE MsRdpClient ActiveX attempt (more info ...)attempted-user  2013-1302      
38001BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
38002BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
38003BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
38004BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
38005BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
38006BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
38007BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
38008BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
38009BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
38010BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
38011BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (more info ...)attempted-user  2013-1302  58874    URL
38061OS-WINDOWS Microsoft Windows rpdesk remote code execution attempt (more info ...)attempted-user  2016-0095      URL
38062OS-WINDOWS Microsoft Windows rpdesk remote code execution attempt (more info ...)attempted-user  2016-0095      URL
38063FILE-OTHER Microsoft Windows atmfd.dll font driver malformed OTF file remote code execution attempt (more info ...)attempted-user  2016-0121      URL
38064FILE-OTHER Microsoft Windows atmfd.dll font driver malformed OTF file remote code execution attempt (more info ...)attempted-user  2016-0121      URL
38071OS-WINDOWS Microsoft Windows ValidateParentDepth out of bounds read attempt (more info ...)attempted-admin  2016-0096      URL
38072OS-WINDOWS Microsoft Windows ValidateParentDepth out of bounds read attempt (more info ...)attempted-admin  2016-0096      URL
38073BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (more info ...)attempted-user  2016-0118      URL
38074BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (more info ...)attempted-user  2016-0118      URL
38075BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (more info ...)attempted-user  2016-0118      URL
38076BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (more info ...)attempted-user  2016-0118      URL
38077BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (more info ...)attempted-user  2016-0117      URL
38078BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (more info ...)attempted-user  2016-0117      URL
38083OS-WINDOWS Microsoft Windows GreCreateDisplayDC surface object use after free attempt (more info ...)attempted-admin  2016-0093      URL
38084OS-WINDOWS Microsoft Windows GreCreateDisplayDC surface object use after free attempt (more info ...)attempted-admin  2016-0093      URL
38092OS-WINDOWS Microsoft Windows ObReferenceObjectByHandle function privilege escalation attempt (more info ...)attempted-user  2016-0087      URL
38093OS-WINDOWS Microsoft Windows ObReferenceObjectByHandle function privilege escalation attempt (more info ...)attempted-user  2016-0087      URL
38106BROWSER-IE Microsoft Edge LineBoxBuilder out-of-bound memory access attempt (more info ...)attempted-user  2016-0123      URL
38107BROWSER-IE Microsoft Edge LineBoxBuilder out-of-bound memory access attempt (more info ...)attempted-user  2016-0123      URL
38114OS-WINDOWS Microsoft Windows WebDAV mini redirector driver privilege escalation attempt (more info ...)attempted-admin  2016-0099      URL
38115OS-WINDOWS Microsoft Windows WebDAV mini redirector driver privilege escalation attempt (more info ...)attempted-admin  2016-0099      URL
38119OS-WINDOWS Microsoft Windows EPOINTQF privilege escalation attempt (more info ...)attempted-admin  2016-0094      URL
38120OS-WINDOWS Microsoft Windows EPOINTQF privilege escalation attempt (more info ...)attempted-admin  2016-0094      URL
38124FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap Overflow attempt (more info ...)attempted-user  2016-0101      URL
38125FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap Overflow attempt (more info ...)attempted-user  2016-0101      URL
38146BROWSER-PLUGINS SolarWinds Server Monitor ActiveX clsid access attempt (more info ...)attempted-user  2015-1500  72600    URL
38147BROWSER-PLUGINS SolarWinds Server Monitor ActiveX clsid access attempt (more info ...)attempted-user  2015-1500  72600    URL
38148BROWSER-PLUGINS SolarWinds Server Monitor ActiveX clsid access attempt (more info ...)attempted-user  2015-1500  72600    URL
38149BROWSER-PLUGINS SolarWinds Server Monitor ActiveX clsid access attempt (more info ...)attempted-user  2015-1500  72600    URL
38152BROWSER-PLUGINS WebGate WESPDiscovery ActiveX clsid access attempt (more info ...)attempted-user  2015-2100  72843    URL
38153BROWSER-PLUGINS WebGate WESPDiscovery ActiveX clsid access attempt (more info ...)attempted-user  2015-2100  72843    URL
38154BROWSER-PLUGINS WebGate WESPDiscovery ActiveX clsid access attempt (more info ...)attempted-user  2015-2100  72843    URL
38155BROWSER-PLUGINS WebGate WESPDiscovery ActiveX clsid access attempt (more info ...)attempted-user  2015-2100  72843    URL
38383BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (more info ...)attempted-user        
38384BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (more info ...)attempted-user        
38435BROWSER-PLUGINS Schneider F1 Bookview ActiveX clsid access attempt (more info ...)attempted-user  2015-7918      
38436BROWSER-PLUGINS Schneider F1 Bookview ActiveX clsid access attempt (more info ...)attempted-user  2015-7918      
38458OS-WINDOWS Microsoft Windows LSARPC LsapLookupSids denial of service attempt (more info ...)attempted-dos  2016-0135      URL
38459OS-WINDOWS Microsoft Windows DrawMenuBarTemp memory corruption attempt (more info ...)attempted-admin  2016-0143      URL
38460OS-WINDOWS Microsoft Windows DrawMenuBarTemp memory corruption attempt (more info ...)attempted-admin  2016-0143      URL
38461OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (more info ...)protocol-command-decode        URL
38462OS-WINDOWS DCERPC Bind auth level packet privacy downgrade attempt (more info ...)attempted-recon  2016-0128      URL
38463BROWSER-PLUGINS Microsoft XML Core Services ActiveX control use after free attempt (more info ...)attempted-user  2016-0147      URL
38464BROWSER-PLUGINS Microsoft XML Core Services ActiveX control use after free attempt (more info ...)attempted-user  2016-0147      URL
38469OS-WINDOWS Microsoft Windows api-ms-win-appmodel-runtime dll-load exploit attempt (more info ...)attempted-user  2016-0160      URL
38470OS-WINDOWS Microsoft Windows api-ms-win-appmodel-runtime dll-load exploit attempt (more info ...)attempted-user  2016-0160      URL
38473BROWSER-IE Microsoft Edge iframe cross-site scripting attempt (more info ...)attempted-user  2016-0158      URL
38474BROWSER-IE Microsoft Edge iframe cross-site scripting attempt (more info ...)attempted-user  2016-0158      URL
38475OS-WINDOWS Microsoft Windows anonymous user token impersonation attempt (more info ...)attempted-admin  2016-0151      URL
38476OS-WINDOWS Microsoft Windows anonymous user token impersonation attempt (more info ...)attempted-admin  2016-0151      URL
38477BROWSER-IE Microsoft Edge webnote exit event css arbitrary file read attempt (more info ...)attempted-user  2016-0161      URL
38478BROWSER-IE Microsoft Edge webnote exit event css arbitrary file read attempt (more info ...)attempted-user  2016-0161      URL
38479BROWSER-IE Microsoft Edge remove range out of bounds read attempt (more info ...)attempted-user  2016-0156      URL
38480BROWSER-IE Microsoft Edge remove range out of bounds read attempt (more info ...)attempted-user  2016-0156      URL
38483BROWSER-IE Microsoft Edge CStyleSheet keyframes out of bounds read attempt (more info ...)attempted-user  2016-0157      URL
38484BROWSER-IE Microsoft Edge CStyleSheet keyframes out of bounds read attempt (more info ...)attempted-user  2016-0157      URL
38485BROWSER-IE Microsoft Edge TextDataSlice type confusion attempt (more info ...)attempted-user  2016-0155      URL
38486BROWSER-IE Microsoft Edge TextDataSlice type confusion attempt (more info ...)attempted-user  2016-0155      URL
38487OS-WINDOWS Microsoft Windows win32k.sys PathToRegion buffer overflow attempt (more info ...)attempted-admin  2016-0165      URL
38488OS-WINDOWS Microsoft Windows win32k.sys PathToRegion buffer overflow attempt (more info ...)attempted-admin  2016-0165      URL
38491OS-WINDOWS Microsoft Windows CreatePopupMenu win32k.sys use after free attempt (more info ...)attempted-user  2016-0167      URL
38492OS-WINDOWS Microsoft Windows CreatePopupMenu win32k.sys use after free attempt (more info ...)attempted-user  2016-0167      URL
38493FILE-OTHER Microsoft Windows win32k.sys glyph bitmap boundary out of bounds memory access attempt (more info ...)attempted-admin  2016-0145      URL
38494FILE-OTHER Microsoft Windows win32k.sys glyph bitmap boundary out of bounds memory access attempt (more info ...)attempted-admin  2016-0145      URL
38759OS-WINDOWS Microsoft Windows Win32k window handle use after free attempt (more info ...)attempted-admin  2016-0196      URL
38760OS-WINDOWS Microsoft Windows Win32k window handle use after free attempt (more info ...)attempted-admin  2016-0196      URL
38761OS-WINDOWS Microsoft Windows win32kfull.sys font object use after free attempt (more info ...)attempted-admin  2016-0174      URL
38762OS-WINDOWS Microsoft Windows win32kfull.sys font object use after free attempt (more info ...)attempted-admin  2016-0174      URL
38765OS-WINDOWS Microsoft Windows Dxgkrnl.sys RtlMemoryCopy buffer overflow attempt (more info ...)attempted-admin  2016-0167      URL
38766OS-WINDOWS Microsoft Windows Dxgkrnl.sys RtlMemoryCopy buffer overflow attempt (more info ...)attempted-admin  2016-0167      URL
38774OS-WINDOWS Microsoft Windows device content surface bitmap use after free attempt (more info ...)attempted-user  2016-0171      URL
38775OS-WINDOWS Microsoft Windows device content surface bitmap use after free attempt (more info ...)attempted-user  2016-0171      URL
38787OS-WINDOWS Microsoft Windows Device Context bitmap use after free attempt (more info ...)attempted-user  2016-0172      URL
38788OS-WINDOWS Microsoft Windows Device Context bitmap use after free attempt (more info ...)attempted-user  2016-0172      URL
38797BROWSER-IE Microsoft Edge graphics subcomponent use after free attempt (more info ...)attempted-user  2016-0184      URL
38798BROWSER-IE Microsoft Edge graphics subcomponent use after free attempt (more info ...)attempted-user  2016-0184      URL
38801OS-WINDOWS Microsoft Windows NtGdiGetEmbUFI kernel information disclosure attempt (more info ...)attempted-user  2016-0175      URL
38802OS-WINDOWS Microsoft Windows NtGdiGetEmbUFI kernel information disclosure attempt (more info ...)attempted-user  2016-0175      URL
38803OS-WINDOWS Microsoft Windows kernel Configuration Manager failure attempt (more info ...)attempted-user  2016-0180      URL
38804OS-WINDOWS Microsoft Windows kernel Configuration Manager failure attempt (more info ...)attempted-user  2016-0180      URL
38805BROWSER-IE Microsoft Edge Array.prototype.fill out of bounds write attempt (more info ...)attempted-user  2016-0193      URL
38806BROWSER-IE Microsoft Edge Array.prototype.fill out of bounds write attempt (more info ...)attempted-user  2016-0193      URL
38808OS-WINDOWS Microsoft Windows win32kfull.sys device context use after free attempt (more info ...)attempted-admin  2016-0173      URL
38809OS-WINDOWS Microsoft Windows win32kfull.sys device context use after free attempt (more info ...)attempted-admin  2016-0173      URL
38816FILE-OTHER Microsoft Windows gdi32 malformed EMF file ExtEscape buffer overflow attempt (more info ...)attempted-user  2016-0170      URL
38817FILE-OTHER Microsoft Windows gdi32 malformed EMF file ExtEscape buffer overflow attempt (more info ...)attempted-user  2016-0170      URL
38839OS-WINDOWS Microsoft Windows RPC NDR64 denial of service attempt (more info ...)attempted-dos  2016-0178      URL
38840OS-WINDOWS Microsoft Windows RPC NDR64 denial of service attempt (more info ...)attempted-dos  2016-0178      URL
39038BROWSER-PLUGINS Emerson ROCLINK800 ActiveX clsid access attempt (more info ...)attempted-user        
39039BROWSER-PLUGINS Emerson ROCLINK800 ActiveX clsid access attempt (more info ...)attempted-user        
39041BROWSER-PLUGINS National Instruments ActiveX clsid access attempt (more info ...)attempted-user  2013-5025      
39042BROWSER-PLUGINS National Instruments ActiveX clsid access attempt (more info ...)attempted-user  2013-5025      
39043BROWSER-PLUGINS Mitsubishi MX ActiveX clsid access attempt (more info ...)attempted-user        
39044BROWSER-PLUGINS Mitsubishi MX ActiveX clsid access attempt (more info ...)attempted-user        
39054BROWSER-PLUGINS Siemens Automation License Manager ActiveX clsid access attempt (more info ...)attempted-user  2011-4529      
39055BROWSER-PLUGINS Siemens Automation License Manager ActiveX clsid access attempt (more info ...)attempted-user  2011-4529      
39193OS-WINDOWS Microsoft Windows Win32k.sys MakeWindowForegroundWithState null pointer dereference attempt (more info ...)attempted-admin  2016-3221      URL
39194OS-WINDOWS Microsoft Windows Win32k.sys MakeWindowForegroundWithState null pointer dereference attempt (more info ...)attempted-admin  2016-3221      URL
39195OS-WINDOWS Microsoft Windows Win32k.sys MakeWindowForegroundWithState null pointer dereference attempt (more info ...)attempted-admin  2016-3221      URL
39196OS-WINDOWS Microsoft Windows Win32k.sys MakeWindowForegroundWithState null pointer dereference attempt (more info ...)attempted-admin  2016-3221      URL
39199BROWSER-IE Microsoft Edge class object confusion attempt (more info ...)attempted-user  2016-3199      URL
39200BROWSER-IE Microsoft Edge class object confusion attempt (more info ...)attempted-user  2016-3199      URL
39205BROWSER-IE Microsoft Edge PDF reader out of bounds memory access attempt (more info ...)attempted-user  2016-3203      URL
39206BROWSER-IE Microsoft Edge PDF reader out of bounds memory access attempt (more info ...)attempted-user  2016-3203      URL
39209OS-WINDOWS Microsoft Windows sandbox ProcessFontDisablePolicy check bypass attempt (more info ...)attempted-user  2016-3219      URL
39210OS-WINDOWS Microsoft Windows sandbox ProcessFontDisablePolicy check bypass attempt (more info ...)attempted-user  2016-3219      URL
39213OS-WINDOWS Microsoft Windows WebDAV NTLM reflection attack attempt (more info ...)attempted-admin  2016-3225      URL
39214OS-WINDOWS Microsoft Windows WebDAV NTLM reflection attack attempt (more info ...)attempted-admin  2016-3225      URL
39215OS-WINDOWS Microsoft Windows WebDAV NTLM reflection attack attempt (more info ...)attempted-admin  2016-3225      URL
39216OS-WINDOWS Microsoft Windows WebDAV NTLM reflection attack attempt (more info ...)attempted-admin  2016-3225      URL
39217OS-WINDOWS Microsoft Windows win32kfull.sys NtGdiExtFloodFill use after free attempt (more info ...)attempted-user  2016-3218      URL
39218OS-WINDOWS Microsoft Windows win32kfull.sys NtGdiExtFloodFill use after free attempt (more info ...)attempted-user  2016-3218      URL
39219BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (more info ...)attempted-user  2016-3222      URL
39220BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (more info ...)attempted-user  2016-3222      URL
39225OS-WINDOWS Microsoft Windows Diagnostics Hub directory traversal attempt (more info ...)attempted-admin  2016-3231      URL
39226OS-WINDOWS Microsoft Windows Diagnostics Hub directory traversal attempt (more info ...)attempted-admin  2016-3231      URL
39227OS-WINDOWS Microsoft Windows WPAD spoofing attempt (more info ...)attempted-user  2016-3236      URL
39232BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (more info ...)attempted-user  2016-3198      URL
39238BROWSER-IE Microsoft Edge malformed PDF JPEG2000 object out of bounds memory access attempt (more info ...)attempted-user  2016-3215      URL
39239BROWSER-IE Microsoft Edge malformed PDF JPEG2000 object out of bounds memory access attempt (more info ...)attempted-user  2016-3215      URL
39260FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (more info ...)attempted-user  2016-3220      URL
39261FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (more info ...)attempted-admin  2016-3220      URL
39266OS-WINDOWS Microsoft Windows GdiPlus malformed EMF file out of bounds read attempt (more info ...)attempted-user  2016-3216      URL
39267OS-WINDOWS Microsoft Windows GdiPlus malformed EMF file out of bounds read attempt (more info ...)attempted-user  2016-3216      URL
39478OS-WINDOWS Microsoft Windows NtGdiSelectPen privilege escalation attempt (more info ...)attempted-admin  2016-3252      URL
39479OS-WINDOWS Microsoft Windows NtGdiSelectPen privilege escalation attempt (more info ...)attempted-admin  2016-3252      URL
39480OS-WINDOWS Microsoft Windows win32k out of bound read attempt (more info ...)attempted-admin  2016-3251      URL
39481OS-WINDOWS Microsoft Windows win32k out of bound read attempt (more info ...)attempted-admin  2016-3251      URL
39482OS-WINDOWS Microsoft Windows NtUserDraw privilege escalation attempt (more info ...)attempted-admin  2016-3249      URL
39483OS-WINDOWS Microsoft Windows NtUserDraw privilege escalation attempt (more info ...)attempted-admin  2016-3249      URL
39486BROWSER-IE Microsoft Edge chakra.dll invalid pointer access attempt (more info ...)attempted-user  2016-3259      URL
39487BROWSER-IE Microsoft Edge chakra.dll invalid pointer access attempt (more info ...)attempted-user  2016-3259      URL
39493BROWSER-IE Microsoft Edge edgehtml negative length out of bound memory copy attempt (more info ...)attempted-user  2016-3246      URL
39494BROWSER-IE Microsoft Edge edgehtml negative length out of bound memory copy attempt (more info ...)attempted-user  2016-3246      URL
39495OS-WINDOWS Microsoft Windows win32k.sys desktop switch use after free attempt (more info ...)attempted-admin  2016-3250      URL
39496OS-WINDOWS Microsoft Windows win32k.sys desktop switch use after free attempt (more info ...)attempted-admin  2016-3250      URL
39506BROWSER-IE Microsoft Edge ArrayBuffer.transfer information disclosure attempt (more info ...)attempted-recon  2016-3271      URL
39507BROWSER-IE Microsoft Edge ArrayBuffer.transfer information disclosure attempt (more info ...)attempted-recon  2016-3271      URL
39508OS-WINDOWS Microsoft Windows EndDeferWindowPos null page dereference attempt (more info ...)attempted-admin  2016-3254      URL
39509OS-WINDOWS Microsoft Windows EndDeferWindowPos null page dereference attempt (more info ...)attempted-admin  2016-3254      URL
39510BROWSER-IE Microsoft Edge bypassing window.opener protection attempt (more info ...)attempted-user  2016-3274      URL
39511BROWSER-IE Microsoft Edge bypassing window.opener protection attempt (more info ...)attempted-user  2016-3274      URL
39516OS-WINDOWS Microsoft Windows win32kfull.sys out of bounds read attempt (more info ...)attempted-admin  2016-3286      URL
39517OS-WINDOWS Microsoft Windows win32kfull.sys out of bounds read attempt (more info ...)attempted-admin  2016-3286      URL
39530BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (more info ...)attempted-user  2016-3264      URL
39531BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (more info ...)attempted-user  2016-3264      URL
39743SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC method command injection attempt (more info ...)web-application-attack        URL
39808OS-WINDOWS Microsoft Windows graphics subcomponent local privilege escalation attempt (more info ...)attempted-admin  2016-3310      URL
39809OS-WINDOWS Microsoft Windows graphics subcomponent local privilege escalation attempt (more info ...)attempted-admin  2016-3310      URL
39814OS-WINDOWS Microsoft Windows Win32kfull FloodFillWindow privilege escalation attempt (more info ...)attempted-admin  2016-3311      URL
39815OS-WINDOWS Microsoft Windows Win32kfull FloodFillWindow privilege escalation attempt (more info ...)attempted-admin  2016-3311      URL
39822BROWSER-IE Microsoft Edge edgehtml.dll invalid history state use after free attempt (more info ...)attempted-user  2016-3293      URL
39823BROWSER-IE Microsoft Edge edgehtml.dll invalid history state use after free attempt (more info ...)attempted-user  2016-3293      URL
39824OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (more info ...)attempted-user  2016-3303      URL
39825OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (more info ...)attempted-user  2016-3303      URL
39841OS-WINDOWS Microsoft Windows win32kbase bOutline out of bounds read attempt (more info ...)attempted-admin  2016-3309      URL
39842OS-WINDOWS Microsoft Windows win32kbase bOutline out of bounds read attempt (more info ...)attempted-admin  2016-3309      URL
39843OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (more info ...)attempted-user  2017-3121      URL
39844OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (more info ...)attempted-user  2017-3121      URL
39873FILE-OTHER Microsoft Windows PDF parsing invalid JPEG2000 SIZ marker attempt (more info ...)attempted-user  2016-3319      URL
39932BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (more info ...)attempted-user        URL
39933BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (more info ...)attempted-user        URL
39934BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (more info ...)attempted-user        URL
39935BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (more info ...)attempted-user        URL
39959BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (more info ...)attempted-user        URL
39960BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (more info ...)attempted-user        URL
39961BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (more info ...)attempted-user        URL
39962BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (more info ...)attempted-user        URL
39963BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (more info ...)attempted-user  2015-0986      
39964BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (more info ...)attempted-user  2015-0986      
39965BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (more info ...)attempted-user  2015-0986      
39966BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (more info ...)attempted-user  2015-0986      
39970BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (more info ...)attempted-user        URL
39971BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (more info ...)attempted-user        URL
39972BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (more info ...)attempted-user        URL
39973BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (more info ...)attempted-user        URL
40008SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (more info ...)attempted-admin  2016-0856  80745    URL
40064OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (more info ...)attempted-dos  2013-1281      URL
40065OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (more info ...)attempted-dos  2013-1281      URL
40073BROWSER-IE Microsoft Edge white-space information disclosure attempt (more info ...)attempted-recon  2016-3247      URL
40074BROWSER-IE Microsoft Edge white-space information disclosure attempt (more info ...)attempted-user  2016-3247      URL
40096OS-WINDOWS Microsoft Windows 7 Win32k ValidateZorder privilege escalation attempt (more info ...)attempted-admin  2016-3348      URL
40097OS-WINDOWS Microsoft Windows 7 Win32k ValidateZorder privilege escalation attempt (more info ...)attempted-admin  2016-3348      URL
40098BROWSER-IE Microsoft Edge proxy object type confusion attempt (more info ...)attempted-user  2016-3377      URL
40099BROWSER-IE Microsoft Edge proxy object type confusion attempt (more info ...)attempted-user  2016-3377      URL
40100BROWSER-IE Microsoft Edge PDF PostScript calculator out of bounds read attempt (more info ...)attempted-recon  2016-3374      URL
40101BROWSER-IE Microsoft Edge PDF PostScript calculator out of bounds read attempt (more info ...)attempted-recon  2016-3374      URL
40110OS-WINDOWS Microsoft Windows Server Ntoskrnl concurrent login attempt (more info ...)attempted-user  2016-3306      URL
40111OS-WINDOWS Microsoft Windows Server Ntoskrnl concurrent login attempt (more info ...)attempted-user  2016-3306      URL
40112OS-WINDOWS Microsoft Windows 10 GDI privilege escalation attempt (more info ...)attempted-admin  2016-3355      URL
40113OS-WINDOWS Microsoft Windows 10 GDI privilege escalation attempt (more info ...)attempted-admin  2016-3355      URL
40114OS-WINDOWS Microsoft Windows 10 privilege escalation attempt (more info ...)attempted-admin  2016-3373      URL
40115OS-WINDOWS Microsoft Windows 10 privilege escalation attempt (more info ...)attempted-admin  2016-3373      URL
40123BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt (more info ...)attempted-user  2016-3294      URL
40124BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt (more info ...)attempted-user  2016-3294      URL
40127OS-WINDOWS Microsoft Windows 10 and 8.1 registry key privilege escalation attempt (more info ...)attempted-user  2016-3371      URL
40128OS-WINDOWS Microsoft Windows 10 and 8.1 registry key privilege escalation attempt (more info ...)attempted-user  2016-3371      URL
40129OS-WINDOWS Microsoft Windows Server lsass.exe memory corruption attempt (more info ...)attempted-admin  2016-3368      URL
40134BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (more info ...)attempted-user  2016-3295      URL
40135BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (more info ...)attempted-user  2016-3295      URL
40136BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (more info ...)attempted-user  2016-3295      URL
40137BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (more info ...)attempted-user  2016-3295      URL
40138BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (more info ...)attempted-user  2016-3295      URL
40139BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (more info ...)attempted-user  2016-3295      URL
40140BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (more info ...)attempted-user  2016-3295      URL
40141BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (more info ...)attempted-user  2016-3295      URL
40146BROWSER-IE Microsoft Edge malformed response information disclosure attempt (more info ...)attempted-recon  2016-3325      URL
40345BROWSER-PLUGINS Samsung SmartViewer ActiveX clsid access attempt (more info ...)attempted-user  2015-8040      
40346BROWSER-PLUGINS Samsung SmartViewer ActiveX clsid access attempt (more info ...)attempted-user  2015-8040      
40347BROWSER-PLUGINS Samsung SmartViewer ActiveX clsid access attempt (more info ...)attempted-user  2015-8040      
40348BROWSER-PLUGINS Samsung SmartViewer ActiveX clsid access attempt (more info ...)attempted-user  2015-8040      
40372BROWSER-IE Microsoft Windows Edge emodel use after free attempt (more info ...)attempted-user  2016-3331      URL
40373BROWSER-IE Microsoft Windows Edge emodel use after free attempt (more info ...)attempted-user  2016-3331      URL
40374OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (more info ...)attempted-admin  2016-3387      URL
40375OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (more info ...)attempted-admin  2016-3387      URL
40380OS-WINDOWS Microsoft Windows win32kfull.sys FBitsTouch use after free attempt (more info ...)attempted-user  2016-7211      URL
40381OS-WINDOWS Microsoft Windows win32kfull.sys FBitsTouch use after free attempt (more info ...)attempted-user  2016-7211      URL
40383BROWSER-IE Microsoft Edge array.join information disclosure attempt (more info ...)attempted-user  2016-7189      URL
40384BROWSER-IE Microsoft Edge array.join information disclosure attempt (more info ...)attempted-user  2016-7189      URL
40392OS-WINDOWS Microsoft Windows Ntoskrnl privilege escalation attempt (more info ...)attempted-admin  2016-3376      URL
40393OS-WINDOWS Microsoft Windows Ntoskrnl privilege escalation attempt (more info ...)attempted-admin  2016-3376      URL
40394OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (more info ...)attempted-admin  2017-0103      URL
40395OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (more info ...)attempted-admin  2017-0103      URL
40396OS-WINDOWS Microsoft Windows Edge DACL privilege escalation attempt (more info ...)attempted-admin  2016-3388      URL
40397OS-WINDOWS Microsoft Windows Edge DACL privilege escalation attempt (more info ...)attempted-admin  2016-3388      URL
40398OS-WINDOWS Microsoft Windows Diagnostics Hub dll load from stream attempt (more info ...)attempted-admin  2016-7188      URL
40399OS-WINDOWS Microsoft Windows Diagnostics Hub dll load from stream attempt (more info ...)attempted-admin  2016-7188      URL
40400OS-WINDOWS Microsoft Windows 10 arbitrary registry key access privelege escalation attempt (more info ...)attempted-admin  2016-0075      URL
40401OS-WINDOWS Microsoft Windows 10 arbitrary registry key access privelege escalation attempt (more info ...)attempted-admin  2016-0075      URL
40402OS-WINDOWS Microsoft Windows user hive impersonation privelege escalation attempt (more info ...)attempted-admin  2016-0073      URL
40403OS-WINDOWS Microsoft Windows user hive impersonation privelege escalation attempt (more info ...)attempted-admin  2016-0073      URL
40408FILE-OTHER Microsoft Windows malformed TrueType file RCVT out of bounds read attempt (more info ...)attempted-user  2016-3209      URL
40409FILE-OTHER Microsoft Windows malformed TrueType file RCVT out of bounds read attempt (more info ...)attempted-user  2016-3209      URL
40410OS-WINDOWS Microsoft Windows win32k.sys ExtTextOut memory corruption attempt (more info ...)attempted-admin  2016-3270      URL
40411OS-WINDOWS Microsoft Windows win32k.sys ExtTextOut memory corruption attempt (more info ...)attempted-admin  2016-3270      URL
40412OS-WINDOWS Microsoft Windows registry hive privilege escalation attempt (more info ...)attempted-admin  2016-0079      URL
40413OS-WINDOWS Microsoft Windows registry hive privilege escalation attempt (more info ...)attempted-admin  2016-0079      URL
40418OS-WINDOWS Microsoft Windows DFS client driver privilege escalation attempt (more info ...)attempted-user  2016-7185      URL
40419OS-WINDOWS Microsoft Windows DFS client driver privilege escalation attempt (more info ...)attempted-user  2016-7185      URL
40423BROWSER-IE Microsoft Windows Edge function.apply use afterfree attempt (more info ...)attempted-user  2016-7194      URL
40424BROWSER-IE Microsoft Windows Edge function.apply use afterfree attempt (more info ...)attempted-user  2016-7194      URL
40425OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (more info ...)attempted-user  2016-3263      URL
40426OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (more info ...)attempted-user  2016-3263      URL
40427OS-WINDOWS Microsoft Windows Win32k.sys sbit_Embolden use after free attempt (more info ...)attempted-admin  2016-7182      URL
40428OS-WINDOWS Microsoft Windows Win32k.sys sbit_Embolden use after free attempt (more info ...)attempted-admin  2016-7182      URL
40555OS-WINDOWS Microsoft Windows AHCACHE.SYS remote denial of service attempt (more info ...)attempted-dos  2016-3369      URL
40556OS-WINDOWS Microsoft Windows AHCACHE.SYS remote denial of service attempt (more info ...)attempted-dos  2016-3369      URL
40645FILE-IMAGE Microsoft Windows asycfilt.dll malformed jpeg buffer overread attempt (more info ...)attempted-user  2016-7212      URL
40646FILE-IMAGE Microsoft Windows asycfilt.dll malformed jpeg buffer overread attempt (more info ...)attempted-user  2016-7212      URL
40657OS-WINDOWS Microsoft Windows clfs.sys local privilege escalation attempt (more info ...)attempted-admin  2016-3343      URL
40658OS-WINDOWS Microsoft Windows clfs.sys local privilege escalation attempt (more info ...)attempted-admin  2016-3343      URL
40659BROWSER-IE Microsoft Edge Chakra.dll Array.splice heap overflow attempt (more info ...)attempted-user  2016-7203      URL
40660BROWSER-IE Microsoft Edge Chakra.dll Array.splice heap overflow attempt (more info ...)attempted-user  2016-7203      URL
40661BROWSER-IE Microsoft Edge Array.concat type confusion attempt (more info ...)attempted-user  2016-7242      URL
40662BROWSER-IE Microsoft Edge Array.concat type confusion attempt (more info ...)attempted-user  2016-7242      URL
40663OS-WINDOWS Microsoft Windows NtGdiSetBitmapAttributes privilege escalation attempt (more info ...)attempted-admin  2016-7215      URL
40664OS-WINDOWS Microsoft Windows NtGdiSetBitmapAttributes privilege escalation attempt (more info ...)attempted-admin  2016-7215      URL
40665OS-WINDOWS Microsoft Windows keybd_event type confusion code execution attempt (more info ...)attempted-admin  2016-7255      URL
40666OS-WINDOWS Microsoft Windows keybd_event type confusion code execution attempt (more info ...)attempted-admin  2016-7255      URL
40671OS-WINDOWS Microsoft windows InProcServer32 privilege escalation attempt (more info ...)attempted-user  2016-7221      URL
40672OS-WINDOWS Microsoft windows InProcServer32 privilege escalation attempt (more info ...)attempted-user  2016-7221      URL
40675BROWSER-IE Microsoft Edge video html tag buffer overflow attempt (more info ...)attempted-admin  2016-7217      URL
40676BROWSER-IE Microsoft Edge video html tag buffer overflow attempt (more info ...)attempted-admin  2016-7217      URL
40677OS-WINDOWS Microsoft Windows Task Scheduler SystemLocal NTLM remote path authentication challenge attempt (more info ...)attempted-admin  2016-7222      URL
40678OS-WINDOWS Microsoft Windows Task Scheduler SystemLocal NTLM remote path authentication challenge attempt (more info ...)attempted-admin  2016-7222      URL
40683BROWSER-IE Microsoft Edge stack variable memory access attempt (more info ...)attempted-user  2016-7198      URL
40684BROWSER-IE Microsoft Edge stack variable memory access attempt (more info ...)attempted-user  2016-7198      URL
40685OS-WINDOWS Microsoft Windows win32kfull.sys MegSetLensContextInformation use after free attempt (more info ...)attempted-user  2016-7246      URL
40686OS-WINDOWS Microsoft Windows win32kfull.sys MegSetLensContextInformation use after free attempt (more info ...)attempted-user  2016-7246      URL
40687OS-WINDOWS Microsoft Windows win32k.sys GetDIBits out of bounds read attempt (more info ...)attempted-user  2016-7214      URL
40688OS-WINDOWS Microsoft Windows win32k.sys GetDIBits out of bounds read attempt (more info ...)attempted-user  2016-7214      URL
40689FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt (more info ...)attempted-user  2016-7184      URL
40690FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt (more info ...)attempted-user  2016-7184      URL
40691FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt (more info ...)attempted-user  2016-3342      URL
40692FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt (more info ...)attempted-user  2016-3342      URL
40693OS-WINDOWS Microsoft Windows VHDMP generic privilege escalation attempt (more info ...)attempted-user  2016-7226      URL
40694OS-WINDOWS Microsoft Windows VHDMP generic privilege escalation attempt (more info ...)attempted-user  2016-7226      URL
40705FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (more info ...)attempted-admin  2016-7210      URL
40706FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (more info ...)attempted-admin  2016-7210      URL
40729FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (more info ...)attempted-admin  2016-7256      URL
40730FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (more info ...)attempted-admin  2016-7256      URL
40759OS-WINDOWS Microsoft Windows LSASS GSS-API DER decoding null pointer dereference attempt (more info ...)attempted-dos  2017-0004      URL
40813BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (more info ...)attempted-user  2016-0034      URL
40814BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (more info ...)attempted-user  2016-0034      URL
40886OS-WINDOWS Microsoft Windows keybd_event type confusion code execution attempt (more info ...)attempted-admin  2016-7255      URL
40887OS-WINDOWS Microsoft Windows keybd_event type confusion code execution attempt (more info ...)attempted-admin  2016-7255      URL
40936FILE-EXECUTABLE Microsoft CLFS.sys information leak attempt (more info ...)attempted-recon  2016-7295      URL
40937FILE-EXECUTABLE Microsoft CLFS.sys information leak attempt (more info ...)attempted-recon  2016-7295      URL
40942FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (more info ...)attempted-user  2016-7274      URL
40943FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (more info ...)attempted-user  2016-7274      URL
40947OS-WINDOWS Microsoft Windows StripSolidHorizontal out of bounds memory access attempt (more info ...)attempted-admin  2016-7260      URL
40948OS-WINDOWS Microsoft Windows StripSolidHorizontal out of bounds memory access attempt (more info ...)attempted-admin  2016-7260      URL
40949BROWSER-IE Microsoft Edge SIMD memory corruption attempt (more info ...)attempted-user  2016-7286      URL
40950BROWSER-IE Microsoft Edge SIMD memory corruption attempt (more info ...)attempted-user  2016-7286      URL
40953OS-WINDOWS Microsoft Windows ksecdd.sys kernel information disclosure attempt (more info ...)attempted-user  2016-7219      URL
40954OS-WINDOWS Microsoft Windows ksecdd.sys kernel information disclosure attempt (more info ...)attempted-user  2016-7219      URL
40955OS-WINDOWS Microsoft Windows ksecdd.sys kernel information disclosure attempt (more info ...)attempted-user  2016-7219      URL
40956OS-WINDOWS Microsoft Windows ksecdd.sys kernel information disclosure attempt (more info ...)attempted-user  2016-7219      URL
40969BROWSER-IE Microsoft Edge Object.defineProperty type confusion attempt (more info ...)attempted-user  2016-7287      URL
40970BROWSER-IE Microsoft Edge Object.defineProperty type confusion attempt (more info ...)attempted-user  2016-7287      URL
40975BROWSER-IE Microsoft Edge iframe information disclosure attempt (more info ...)attempted-recon  2016-7282      URL
40976BROWSER-IE Microsoft Edge iframe information disclosure attempt (more info ...)attempted-recon  2016-7282      URL
40984OS-WINDOWS Microsoft Windows MSIEXEC privilege escalation attempt (more info ...)attempted-admin  2016-7292      URL
40985OS-WINDOWS Microsoft Windows MSIEXEC privilege escalation attempt (more info ...)attempted-admin  2016-7292      URL
41385BROWSER-IE Microsoft Edge mutation event memory corruption attempt (more info ...)attempted-user  2016-0124      URL
41386BROWSER-IE Microsoft Edge mutation event memory corruption attempt (more info ...)attempted-user  2016-0124      URL
41499SERVER-SAMBA Microsoft Windows SMBv2/SMBv3 Buffer Overflow attempt (more info ...)attempted-dos  2017-0016      
41500BROWSER-PLUGINS NTR ActiveX clsid access attempt (more info ...)attempted-user  2012-0267  51374    
41501BROWSER-PLUGINS NTR ActiveX clsid access attempt (more info ...)attempted-user  2012-0267  51374    
41553BROWSER-IE Microsoft Edge url forgery attempt (more info ...)attempted-user  2017-0033      URL
41554BROWSER-IE Microsoft Edge url forgery attempt (more info ...)attempted-user  2017-0033      URL
41557BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (more info ...)attempted-user  2017-0046      URL
41558BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (more info ...)attempted-user  2017-0046      URL
41559BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (more info ...)attempted-user  2017-0046      URL
41560BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (more info ...)attempted-user  2017-0046      URL
41567OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0007      URL
41568OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0007      URL
41569OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0007      URL
41570OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0007      URL
41571OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0007      URL
41572OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0007      URL
41573BROWSER-IE Microsoft Edge CSS animation style information disclosure attempt (more info ...)attempted-recon  2017-0011      URL
41574BROWSER-IE Microsoft Edge CSS animation style information disclosure attempt (more info ...)attempted-recon  2017-0011      URL
41579OS-WINDOWS Microsoft Windows DirectComposition double free attempt (more info ...)attempted-admin  2017-0026      URL
41580OS-WINDOWS Microsoft Windows DirectComposition double free attempt (more info ...)attempted-admin  2017-0026      URL
41591OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (more info ...)attempted-admin  2017-0047      URL
41592OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (more info ...)attempted-admin  2017-0047      URL
41595OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (more info ...)attempted-recon  2017-0038      URL
41596OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (more info ...)attempted-recon  2017-0038      URL
41601FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (more info ...)attempted-user  2017-0023      URL
41602FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (more info ...)attempted-user  2017-0023      URL
41605BROWSER-IE Microsoft Edge AsmJs memory corruption attempt (more info ...)denial-of-service  2017-0035      URL
41606BROWSER-IE Microsoft Edge AsmJs memory corruption attempt (more info ...)denial-of-service  2017-0035      URL
41607OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (more info ...)attempted-user  2017-0050      URL
41608OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (more info ...)attempted-user  2017-0050      URL
41609OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (more info ...)attempted-user  2017-0050      URL
41610OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (more info ...)attempted-user  2017-0050      URL
41625BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (more info ...)attempted-admin  2017-0037      URL
41626BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (more info ...)attempted-admin  2017-0037      URL
41666BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (more info ...)attempted-user  2013-2827      
41667BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (more info ...)attempted-user  2013-2827      
41668BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (more info ...)attempted-user  2013-2827      
41669BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (more info ...)attempted-user  2013-2827      
41710INDICATOR-COMPROMISE Binary file download request from internationalized domain name using Microsoft BITS (more info ...)trojan-activity        
41763BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (more info ...)attempted-admin  2017-0037      
41764BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (more info ...)attempted-admin  2017-0037      
41803BROWSER-PLUGINS Elipse E3 ActiveReports ActiveX clsid access attempt (more info ...)attempted-user  2007-3982      
41804BROWSER-PLUGINS Elipse E3 ActiveReports ActiveX clsid access attempt (more info ...)attempted-user  2007-3982      
41805BROWSER-PLUGINS Elipse E3 ActiveReports ActiveX clsid access attempt (more info ...)attempted-user  2007-3982      
41806BROWSER-PLUGINS Elipse E3 ActiveReports ActiveX clsid access attempt (more info ...)attempted-user  2007-3982      
41839BROWSER-IE Microsoft Edge object mutation memory corruption attempt (more info ...)attempted-user  2016-0003      URL
41840BROWSER-IE Microsoft Edge object mutation memory corruption attempt (more info ...)attempted-user  2016-0003      URL
41846SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (more info ...)attempted-admin  2016-0856  80745    URL
41847SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (more info ...)attempted-admin  2016-0856  80745    URL
41848SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (more info ...)attempted-admin  2016-0856  80745    URL
41849SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (more info ...)attempted-admin  2016-0856  80745    URL
41882SERVER-OTHER Advantech WebAccess DCERPC heap buffer overflow attempt (more info ...)attempted-admin  2016-0857  80745    URL
41926OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (more info ...)attempted-admin  2017-0056      URL
41927OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (more info ...)attempted-admin  2017-0056      URL
41928OS-WINDOWS Microsoft Win32k DDI use after free attempt (more info ...)attempted-admin  2017-0079      URL
41929OS-WINDOWS Microsoft Win32k DDI use after free attempt (more info ...)attempted-admin  2017-0079      URL
41930OS-WINDOWS Microsoft Win32k DDI use after free attempt (more info ...)attempted-admin  2017-0082      URL
41931OS-WINDOWS Microsoft Win32k DDI use after free attempt (more info ...)attempted-admin  2017-0082      URL
41932FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (more info ...)attempted-admin  2017-0108      URL
41933FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (more info ...)attempted-admin  2017-0108      URL
41934FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (more info ...)attempted-admin  2017-0086      URL
41935FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (more info ...)attempted-admin  2017-0086      URL
41936BROWSER-IE Microsoft Edge TypedArray setter arbitrary write attempt (more info ...)attempted-user  2017-0071      URL
41937BROWSER-IE Microsoft Edge TypedArray setter arbitrary write attempt (more info ...)attempted-user  2017-0071      URL
41938BROWSER-IE Microsoft Edge reverse helper heap buffer overflow attempt (more info ...)attempted-user  2017-0141      URL
41939BROWSER-IE Microsoft Edge reverse helper heap buffer overflow attempt (more info ...)attempted-user  2017-0141      URL
41940OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (more info ...)attempted-user  2017-0088      URL
41941OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (more info ...)attempted-user  2017-0088      URL
41942BROWSER-IE Microsoft Edge EntrySimpleSlotGetter use after free attempt (more info ...)attempted-user  2017-0070      URL
41943BROWSER-IE Microsoft Edge EntrySimpleSlotGetter use after free attempt (more info ...)attempted-user  2017-0070      URL
41944BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (more info ...)attempted-user  2017-0066      URL
41945BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (more info ...)attempted-user  2017-0066      URL
41950BROWSER-IE Microsoft Edge WebAssembly memory corruption attempt (more info ...)attempted-user  2017-0133      URL
41951BROWSER-IE Microsoft Edge WebAssembly memory corruption attempt (more info ...)attempted-user  2017-0133      URL
41952BROWSER-IE Microsoft Edge local file read information leak attempt (more info ...)attempted-user  2017-0065      URL
41953BROWSER-IE Microsoft Edge local file read information leak attempt (more info ...)attempted-user  2017-0065      URL
41958BROWSER-IE Microsoft Edge malformed UTF-8 decode arbitrary read attempt (more info ...)attempted-user  2017-0131      URL
41959BROWSER-IE Microsoft Edge malformed UTF-8 decode arbitrary read attempt (more info ...)attempted-user  2017-0131      URL
41960OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (more info ...)attempted-user  2017-0089      URL
41961OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (more info ...)attempted-user  2017-0089      URL
41966OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (more info ...)attempted-user  2017-0087      URL
41967OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (more info ...)attempted-user  2017-0087      URL
41972OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (more info ...)attempted-user  2017-0072      URL
41973OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (more info ...)attempted-user  2017-0072      URL
41974OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (more info ...)attempted-user  2017-0090      URL
41975OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (more info ...)attempted-user  2017-0090      URL
41978OS-WINDOWS Microsoft Windows SMB remote code execution attempt (more info ...)attempted-admin  2017-0146      URL
41984OS-WINDOWS Microsoft Windows SMBv1 identical MID and FID type confusion attempt (more info ...)attempted-admin  2017-0143      URL
41985OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (more info ...)attempted-user  2017-0121      URL
41986OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (more info ...)attempted-user  2017-0121      URL
41991FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (more info ...)attempted-admin  2017-0083      URL
41992FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (more info ...)attempted-admin  2017-0083      URL
41993OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (more info ...)attempted-user  2017-0073      URL
41994OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (more info ...)attempted-user  2017-0073      URL
41995OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (more info ...)attempted-admin  2017-0080      URL
41996OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (more info ...)attempted-admin  2017-0080      URL
41998OS-WINDOWS Microsoft GDI+ privilege escalation attempt (more info ...)attempted-admin  2017-0188      URL
42041BROWSER-IE Microsoft Edge proxy object type confusion attempt (more info ...)attempted-user  2016-7240      URL
42122BROWSER-PLUGINS Invensys Wonderware Archestra ActiveX clsid access attempt (more info ...)attempted-user  2010-2974      
42123BROWSER-PLUGINS Invensys Wonderware Archestra ActiveX clsid access attempt (more info ...)attempted-user  2010-2974      
42124BROWSER-PLUGINS Invensys Wonderware Archestra ActiveX clsid access attempt (more info ...)attempted-user  2010-2974      
42125BROWSER-PLUGINS Invensys Wonderware Archestra ActiveX clsid access attempt (more info ...)attempted-user  2010-2974      
42148FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (more info ...)attempted-user  2017-0192      
42149FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (more info ...)attempted-user  2017-0192      
42150FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (more info ...)attempted-user  2017-0192      
42151FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (more info ...)attempted-user  2017-0192      
42154OS-WINDOWS Microsoft Windows win32k information disclosure attempt (more info ...)attempted-admin  2017-0167      
42155OS-WINDOWS Microsoft Windows win32k information disclosure attempt (more info ...)attempted-admin  2017-0167      
42158OS-WINDOWS Microsoft Win32k privilege escalation attempt (more info ...)attempted-admin  2017-0189      
42159OS-WINDOWS Microsoft Win32k privilege escalation attempt (more info ...)attempted-admin  2017-0189      
42160SERVER-OTHER Microsoft LDAP MaxBuffSize buffer overflow attempt (more info ...)attempted-user  2017-0166      
42173OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (more info ...)attempted-user  2017-0155      
42174OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (more info ...)attempted-user  2017-0155      
42183BROWSER-IE Microsoft Edge format rendering type confusion attempt (more info ...)attempted-user  2017-0205      
42184BROWSER-IE Microsoft Edge format rendering type confusion attempt (more info ...)attempted-user  2017-0205      
42185OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (more info ...)attempted-user  2017-0160      
42186OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (more info ...)attempted-user  2017-0160      
42187OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (more info ...)attempted-user  2017-0165      
42188OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (more info ...)attempted-user  2017-0165      
42199OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (more info ...)attempted-admin  2017-0156      
42200OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (more info ...)attempted-admin  2017-0156      
42208OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (more info ...)attempted-user  2017-0211      
42209OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (more info ...)attempted-user  2017-0211      
42210BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (more info ...)attempted-user  2017-0200      
42211BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (more info ...)attempted-user  2017-0200      
42255OS-WINDOWS Microsoft Windows empty RDP cookie negotiation attempt (more info ...)policy-violation  2017-9073      URL
42256OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (more info ...)policy-violation        URL
42294OS-WINDOWS Microsoft Windows SMBv1 WriteAndX and TransSecondaryRequest TotalDataCount out of bounds write attempt (more info ...)attempted-admin  2017-0145      URL
42338OS-WINDOWS Microsoft Windows SMB large NT RENAME transaction request information leak attempt (more info ...)attempted-recon        URL
42339OS-WINDOWS Microsoft Windows SMB possible leak of kernel heap memory (more info ...)attempted-recon  2017-0147      URL
42340OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt (more info ...)attempted-recon        URL
42443OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (more info ...)attempted-user  2005-0944  12960    
42749BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt (more info ...)attempted-user  2017-0236      
42750BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt (more info ...)attempted-user  2017-0236      
42751OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (more info ...)attempted-admin  2017-0220      
42752OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (more info ...)attempted-admin  2017-0220      
42753BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (more info ...)attempted-user  2017-8605      
42754BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (more info ...)attempted-user  2017-8605      
42757OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (more info ...)attempted-admin  2017-0077      
42758OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (more info ...)attempted-admin  2017-0077      
42759OS-WINDOWS Microsoft Windows COM privilege escalation attempt (more info ...)attempted-admin  2017-0214      
42760OS-WINDOWS Microsoft Windows COM privilege escalation attempt (more info ...)attempted-admin  2017-0214      
42761BROWSER-IE Microsoft Edge Chakra array unshift heap overflow attempt (more info ...)attempted-user  2017-0238      
42762BROWSER-IE Microsoft Edge Chakra array unshift heap overflow attempt (more info ...)attempted-user  2017-0238      
42763OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (more info ...)attempted-recon  2017-0259      
42764OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (more info ...)attempted-recon  2017-0259      
42765OS-WINDOWS Microsoft win32k privilege escalation attempt (more info ...)attempted-admin  2017-0263      
42766OS-WINDOWS Microsoft win32k privilege escalation attempt (more info ...)attempted-admin  2017-0263      
42767OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (more info ...)attempted-admin        URL
42768OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (more info ...)attempted-admin        URL
42769OS-WINDOWS Microsoft Win32k kernel memory leak attempt (more info ...)attempted-user  2017-0245      
42770OS-WINDOWS Microsoft Win32k kernel memory leak attempt (more info ...)attempted-user  2017-0245      
42771OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (more info ...)attempted-admin  2017-0246      
42772OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (more info ...)attempted-admin  2017-0246      
42775BROWSER-IE Microsoft Edge Chakra JIT memory corruption attempt (more info ...)attempted-user  2017-0234      
42776BROWSER-IE Microsoft Edge Chakra JIT memory corruption attempt (more info ...)attempted-user  2017-0234      
42777BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (more info ...)attempted-user  2017-0064      URL
42778BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (more info ...)attempted-user  2017-0064      URL
42779BROWSER-IE Microsoft Edge CSS writing mode type confusion attempt (more info ...)attempted-user  2017-0227      
42780BROWSER-IE Microsoft Edge CSS writing mode type confusion attempt (more info ...)attempted-user  2017-0227      
42781BROWSER-IE Microsoft Windows Edge AudioContext use after free attempt (more info ...)attempted-user  2017-0240      
42782BROWSER-IE Microsoft Windows Edge AudioContext use after free attempt (more info ...)attempted-user  2017-0240      
42783OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (more info ...)attempted-admin  2017-0258      
42784OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (more info ...)attempted-admin  2017-0258      
42798BROWSER-IE Microsoft Edge out of bounds read attempt (more info ...)attempted-admin  2017-0221      
42799BROWSER-IE Microsoft Edge out of bounds read attempt (more info ...)attempted-admin  2017-0221      
42811BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (more info ...)attempted-user  2017-0228      
42812BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (more info ...)attempted-user  2017-0228      
42820OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (more info ...)attempted-admin  2017-0290      URL
42821OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (more info ...)attempted-admin  2017-0290      URL
42855BROWSER-PLUGINS Schneider SoMachine ActiveX clsid access attempt (more info ...)attempted-user  2016-4529      
42856BROWSER-PLUGINS Schneider SoMachine ActiveX clsid access attempt (more info ...)attempted-user  2016-4529      
42906BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (more info ...)attempted-user        URL
42907BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (more info ...)attempted-user        URL
42908BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (more info ...)attempted-user        URL
42909BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (more info ...)attempted-user        URL
42944OS-WINDOWS Microsoft Windows SMB remote code execution attempt (more info ...)attempted-admin  2017-0146      URL
43002PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (more info ...)misc-activity        
43003PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (more info ...)misc-activity        
43114FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (more info ...)attempted-admin  2016-7256      URL
43115FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (more info ...)attempted-admin  2016-7256      URL
43163BROWSER-IE Microsoft Edge object property type confusion attempt (more info ...)attempted-user  2017-8524      
43164BROWSER-IE Microsoft Edge object property type confusion attempt (more info ...)attempted-user  2017-8524      
43165BROWSER-IE Microsoft Edge cssText use after free attempt (more info ...)attempted-user  2017-8496      
43166BROWSER-IE Microsoft Edge cssText use after free attempt (more info ...)attempted-user  2017-8496      
43169BROWSER-IE Microsoft Edge textContent use after free attempt (more info ...)attempted-user  2017-8497      
43170BROWSER-IE Microsoft Edge textContent use after free attempt (more info ...)attempted-user  2017-8497      
43175OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (more info ...)attempted-admin  2017-8543      
43176OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (more info ...)attempted-admin  2017-8543      
43188PROTOCOL-RPC Linux kernel NFSv2 malformed WRITE arbitrary memory read attempt (more info ...)attempted-user  2017-7895      
43189PROTOCOL-RPC Linux kernel NFSv3 malformed WRITE arbitrary memory read attempt (more info ...)attempted-user  2017-7895      
43312BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (more info ...)attempted-user        URL
43313BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (more info ...)attempted-user        URL
43314BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (more info ...)attempted-user        URL
43315BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (more info ...)attempted-user        URL
43320BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (more info ...)attempted-user        URL
43321BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (more info ...)attempted-user        URL
43322BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (more info ...)attempted-user        URL
43323BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (more info ...)attempted-user        URL
43380OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (more info ...)attempted-admin  2017-8558      
43381OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (more info ...)attempted-admin  2017-8558      
43460BROWSER-IE Microsoft Edge use-after-free attempt (more info ...)attempted-user  2017-8617      
43461BROWSER-IE Microsoft Edge use-after-free attempt (more info ...)attempted-user  2017-8617      
43462BROWSER-IE Microsoft Edge use-after-free attempt (more info ...)attempted-user  2017-8617      
43463BROWSER-IE Microsoft Edge use-after-free attempt (more info ...)attempted-user  2017-8617      
43465BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (more info ...)attempted-admin  2017-8601      
43466BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (more info ...)attempted-admin  2017-8601      
43469BROWSER-IE Microsoft Edge uninitialized memory attempt (more info ...)attempted-user  2017-8598      
43470BROWSER-IE Microsoft Edge uninitialized memory attempt (more info ...)attempted-user  2017-8598      
43471BROWSER-IE Microsoft Edge VBScript VarType out of bounds read attempt (more info ...)attempted-user  2017-8618      
43472BROWSER-IE Microsoft Edge VBScript VarType out of bounds read attempt (more info ...)attempted-user  2017-8618      
43473OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (more info ...)attempted-admin  2017-8578      
43474OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (more info ...)attempted-admin  2017-8578      
43490OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (more info ...)attempted-admin  2017-8577      
43491OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (more info ...)attempted-admin  2017-8577      
43492BROWSER-IE Microsoft Windows Edge array out of bounds write (more info ...)attempted-user  2017-8619      
43493BROWSER-IE Microsoft Windows Edge array out of bounds write (more info ...)attempted-user  2017-8619      
43851FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (more info ...)attempted-user  2017-8625      
43852FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (more info ...)attempted-user  2017-8625      
100007RPC_LARGE_FRAGSIZE (more info ...)bad-unknown        
100008RPC_INCOMPLETE_SEGMENT (more info ...)bad-unknown        
100009RPC_ZERO_LENGTH_FRAGMENT (more info ...)bad-unknown        


# of warning rules in this group: 3067

IDMessageClasstypeCVEBugtraqIDNessusIDCustom
529NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrShareEnum null policy handle attempt (more info ...)protocol-command-decode    
534NETBIOS SMB CD.. (more info ...)attempted-recon    
535NETBIOS SMB CD... (more info ...)attempted-recon    
540 (more info ...)policy-violation    
572PROTOCOL-RPC DOS ttdbserv Solaris (more info ...)attempted-dos 1999-0003 122  
574PROTOCOL-RPC mountd TCP export request (more info ...)attempted-recon    
575PROTOCOL-RPC portmap admind request UDP (more info ...)rpc-portmap-decode    
576PROTOCOL-RPC portmap amountd request UDP (more info ...)rpc-portmap-decode 1999-0704 614  
577PROTOCOL-RPC portmap bootparam request UDP (more info ...)rpc-portmap-decode    
578PROTOCOL-RPC portmap cmsd request UDP (more info ...)rpc-portmap-decode    
579PROTOCOL-RPC portmap mountd request UDP (more info ...)rpc-portmap-decode    
580PROTOCOL-RPC portmap nisd request UDP (more info ...)rpc-portmap-decode 1999-0008   
581PROTOCOL-RPC portmap pcnfsd request UDP (more info ...)rpc-portmap-decode 2002-0910 4816  
582PROTOCOL-RPC portmap rexd request UDP (more info ...)rpc-portmap-decode    
583PROTOCOL-RPC portmap rstatd request UDP (more info ...)rpc-portmap-decode    
584PROTOCOL-RPC portmap rusers request UDP (more info ...)rpc-portmap-decode 1999-0626   
585PROTOCOL-RPC portmap sadmind request UDP attempt (more info ...)rpc-portmap-decode    
586PROTOCOL-RPC portmap selection_svc request UDP (more info ...)rpc-portmap-decode 1999-0209 8  
587PROTOCOL-RPC portmap status request UDP (more info ...)rpc-portmap-decode    
588PROTOCOL-RPC portmap ttdbserv request UDP (more info ...)rpc-portmap-decode 2001-0717 3382  URL
589PROTOCOL-RPC portmap yppasswd request UDP (more info ...)rpc-portmap-decode    
590PROTOCOL-RPC portmap ypserv request UDP (more info ...)rpc-portmap-decode 2002-1232 6016  
591PROTOCOL-RPC portmap ypupdated request TCP (more info ...)rpc-portmap-decode 1999-0208 1749  
595PROTOCOL-RPC portmap espd request TCP (more info ...)rpc-portmap-decode 2001-0331 2714  
598PROTOCOL-RPC portmap listing TCP 111 (more info ...)rpc-portmap-decode    
599PROTOCOL-RPC portmap listing TCP 32771 (more info ...)rpc-portmap-decode    
612PROTOCOL-RPC rusers query UDP (more info ...)attempted-recon 1999-0626   
1079OS-WINDOWS Microsoft Windows WebDAV propfind access (more info ...)web-application-activity 2003-0718 1656 10505 URL
1262PROTOCOL-RPC portmap admind request TCP (more info ...)rpc-portmap-decode    
1263PROTOCOL-RPC portmap amountd request TCP (more info ...)rpc-portmap-decode 1999-0704 614  
1264PROTOCOL-RPC portmap bootparam request TCP (more info ...)rpc-portmap-decode    
1265PROTOCOL-RPC portmap cmsd request TCP (more info ...)rpc-portmap-decode    
1267PROTOCOL-RPC portmap nisd request TCP (more info ...)rpc-portmap-decode    
1268PROTOCOL-RPC portmap pcnfsd request TCP (more info ...)rpc-portmap-decode 2002-0910 4816  
1269PROTOCOL-RPC portmap rexd request TCP (more info ...)rpc-portmap-decode    
1270PROTOCOL-RPC portmap rstatd request TCP (more info ...)rpc-portmap-decode    
1271PROTOCOL-RPC portmap rusers request TCP (more info ...)rpc-portmap-decode 1999-0626   
1272PROTOCOL-RPC portmap sadmind request TCP (more info ...)rpc-portmap-decode    
1273PROTOCOL-RPC portmap selection_svc request TCP (more info ...)rpc-portmap-decode 1999-0209 205  
1274PROTOCOL-RPC portmap ttdbserv request TCP (more info ...)rpc-portmap-decode 2001-0717 3382  URL
1275PROTOCOL-RPC portmap yppasswd request TCP (more info ...)rpc-portmap-decode    
1276PROTOCOL-RPC portmap ypserv request TCP (more info ...)rpc-portmap-decode 2002-1232 6016  
1277PROTOCOL-RPC portmap ypupdated request UDP (more info ...)rpc-portmap-decode 1999-0208 28383  
1280PROTOCOL-RPC portmap listing UDP 111 (more info ...)rpc-portmap-decode    
1281PROTOCOL-RPC portmap listing UDP 32771 (more info ...)rpc-portmap-decode    
1384 (more info ...)misc-attack 2001-0877 3723 10829 URL
1388OS-WINDOWS Microsoft Windows UPnP Location overflow attempt (more info ...)misc-attack 2007-2386 3723 10829 URL
1447POLICY-OTHER Microsoft Windows Terminal server RDP attempt (more info ...)protocol-command-decode 2001-0663 3099 10940 URL
1448 (more info ...)protocol-command-decode 2001-0663 3099 10940 URL
1732PROTOCOL-RPC portmap rwalld request UDP (more info ...)rpc-portmap-decode 1999-0181 205  
1733PROTOCOL-RPC portmap rwalld request TCP (more info ...)rpc-portmap-decode 1999-0181 205  
1746PROTOCOL-RPC portmap cachefsd request UDP (more info ...)rpc-portmap-decode 2002-0084 4674 10951 
1747PROTOCOL-RPC portmap cachefsd request TCP (more info ...)rpc-portmap-decode 2002-0084 4674 10951 
1890PROTOCOL-RPC status GHBN format string attack (more info ...)misc-attack 2000-0666 1480 10544 
1891PROTOCOL-RPC status GHBN format string attack (more info ...)misc-attack 2000-0666 1480 10544 
1905PROTOCOL-RPC AMD UDP amqproc_mount plog overflow attempt (more info ...)misc-attack 1999-0704 614  
1906PROTOCOL-RPC AMD TCP amqproc_mount plog overflow attempt (more info ...)misc-attack 1999-0704 614  
1907PROTOCOL-RPC CMSD UDP CMSD_CREATE buffer overflow attempt (more info ...)attempted-admin 2009-3699 524  
1908PROTOCOL-RPC CMSD TCP CMSD_CREATE buffer overflow attempt (more info ...)attempted-admin 1999-0696 524  
1909PROTOCOL-RPC CMSD TCP CMSD_INSERT buffer overflow attempt (more info ...)misc-attack 1999-0696 524  URL
1910PROTOCOL-RPC CMSD udp CMSD_INSERT buffer overflow attempt (more info ...)misc-attack 1999-0696   URL
1911PROTOCOL-RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (more info ...)attempted-admin 1999-0977 866  
1912PROTOCOL-RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (more info ...)attempted-admin 1999-0977 866  
1913PROTOCOL-RPC STATD UDP stat mon_name format string exploit attempt (more info ...)attempted-admin 2000-0666 1480 10544 
1914PROTOCOL-RPC STATD TCP stat mon_name format string exploit attempt (more info ...)attempted-admin 2000-0666 1480 10544 
1915PROTOCOL-RPC STATD UDP monitor mon_name format string exploit attempt (more info ...)attempted-admin 2000-0666 1480 10544 
1916PROTOCOL-RPC STATD TCP monitor mon_name format string exploit attempt (more info ...)attempted-admin 2000-0666 1480 10544 
1922PROTOCOL-RPC portmap proxy attempt TCP (more info ...)rpc-portmap-decode    
1923PROTOCOL-RPC portmap proxy attempt UDP (more info ...)rpc-portmap-decode    
1924PROTOCOL-RPC mountd UDP export request (more info ...)attempted-recon    
1925PROTOCOL-RPC mountd TCP exportall request (more info ...)attempted-recon    
1926PROTOCOL-RPC mountd UDP exportall request (more info ...)attempted-recon    
1931SERVER-WEBAPP rpc-nlog.pl access (more info ...)web-application-activity 1999-1278   URL
1932SERVER-WEBAPP rpc-smb.pl access (more info ...)web-application-activity 1999-1278   
1949PROTOCOL-RPC portmap SET attempt TCP 111 (more info ...)rpc-portmap-decode    
1950PROTOCOL-RPC portmap SET attempt UDP 111 (more info ...)rpc-portmap-decode    
1951PROTOCOL-RPC mountd TCP mount request (more info ...)attempted-recon 1999-0210   
1952PROTOCOL-RPC mountd UDP mount request (more info ...)attempted-recon    
1953PROTOCOL-RPC AMD TCP pid request (more info ...)rpc-portmap-decode    
1954PROTOCOL-RPC AMD UDP pid request (more info ...)rpc-portmap-decode    
1955PROTOCOL-RPC AMD TCP version request (more info ...)rpc-portmap-decode    
1956PROTOCOL-RPC AMD UDP version request (more info ...)rpc-portmap-decode 2000-0696 1554  
1957PROTOCOL-RPC sadmind UDP PING (more info ...)protocol-command-decode 1999-0977 866 10229 
1958PROTOCOL-RPC sadmind TCP PING (more info ...)protocol-command-decode 1999-0977 866 10229 
1959PROTOCOL-RPC portmap NFS request UDP (more info ...)rpc-portmap-decode    
1960PROTOCOL-RPC portmap NFS request TCP (more info ...)rpc-portmap-decode    
1961PROTOCOL-RPC portmap RQUOTA request UDP (more info ...)rpc-portmap-decode    
1962PROTOCOL-RPC portmap RQUOTA request TCP (more info ...)rpc-portmap-decode    
1963PROTOCOL-RPC RQUOTA getquota overflow attempt UDP (more info ...)misc-attack 1999-0974 864  
1964PROTOCOL-RPC tooltalk UDP overflow attempt (more info ...)attempted-admin 1999-0003 122  
1965PROTOCOL-RPC tooltalk TCP overflow attempt (more info ...)attempted-admin 2001-0717 122  
1986 (more info ...)policy-violation    
1988POLICY-SOCIAL Microsoft MSN outbound file transfer accept (more info ...)policy-violation    
1989 (more info ...)policy-violation    
1990 (more info ...)policy-violation    
1991 (more info ...)policy-violation    
2005PROTOCOL-RPC portmap kcms_server request UDP (more info ...)rpc-portmap-decode 2003-0027 6665  URL
2006PROTOCOL-RPC portmap kcms_server request TCP (more info ...)rpc-portmap-decode 2003-0027 6665  URL
2007PROTOCOL-RPC kcms_server directory traversal attempt (more info ...)misc-attack 2003-0027 6665  URL
2014PROTOCOL-RPC portmap UNSET attempt TCP 111 (more info ...)rpc-portmap-decode  1892  
2015PROTOCOL-RPC portmap UNSET attempt UDP 111 (more info ...)rpc-portmap-decode 2011-0321 1892  
2016PROTOCOL-RPC portmap status request TCP (more info ...)rpc-portmap-decode    
2017PROTOCOL-RPC portmap espd request UDP (more info ...)rpc-portmap-decode 2001-0331 2714  
2018PROTOCOL-RPC mountd TCP dump request (more info ...)attempted-recon    
2019PROTOCOL-RPC mountd UDP dump request (more info ...)attempted-recon    
2020PROTOCOL-RPC mountd TCP unmount request (more info ...)attempted-recon    
2021PROTOCOL-RPC mountd UDP unmount request (more info ...)attempted-recon    
2022PROTOCOL-RPC mountd TCP unmountall request (more info ...)attempted-recon    
2023PROTOCOL-RPC mountd UDP unmountall request (more info ...)attempted-recon    
2024PROTOCOL-RPC RQUOTA getquota overflow attempt TCP (more info ...)misc-attack 1999-0974 864  
2025PROTOCOL-RPC yppasswd username overflow attempt UDP (more info ...)rpc-portmap-decode 2001-0779 2763 10684 
2026PROTOCOL-RPC yppasswd username overflow attempt TCP (more info ...)rpc-portmap-decode 2001-0779 2763 10684 
2031PROTOCOL-RPC yppasswd user update UDP (more info ...)rpc-portmap-decode 2001-0779 2763  
2032PROTOCOL-RPC yppasswd user update TCP (more info ...)rpc-portmap-decode 2001-0779 2763  
2033PROTOCOL-RPC ypserv maplist request UDP (more info ...)rpc-portmap-decode 2002-1232 6016 13976 
2034PROTOCOL-RPC ypserv maplist request TCP (more info ...)rpc-portmap-decode 2002-1232 6016  
2035PROTOCOL-RPC portmap network-status-monitor request UDP (more info ...)rpc-portmap-decode    
2036PROTOCOL-RPC portmap network-status-monitor request TCP (more info ...)rpc-portmap-decode    
2037PROTOCOL-RPC network-status-monitor mon-callback request UDP (more info ...)rpc-portmap-decode    
2038PROTOCOL-RPC network-status-monitor mon-callback request TCP (more info ...)rpc-portmap-decode    
2079PROTOCOL-RPC portmap nlockmgr request UDP (more info ...)rpc-portmap-decode 2000-0508 1372 10220 
2080PROTOCOL-RPC portmap nlockmgr request TCP (more info ...)rpc-portmap-decode 2000-0508 1372 10220 
2081PROTOCOL-RPC portmap rpc.xfsmd request UDP (more info ...)rpc-portmap-decode 2002-0359 5075  
2082PROTOCOL-RPC portmap rpc.xfsmd request TCP (more info ...)rpc-portmap-decode 2002-0359 5075  
2083PROTOCOL-RPC rpc.xfsmd xfs_export attempt UDP (more info ...)rpc-portmap-decode 2002-0359 5075  
2084PROTOCOL-RPC rpc.xfsmd xfs_export attempt TCP (more info ...)rpc-portmap-decode 2002-0359 5075  
2088PROTOCOL-RPC ypupdated arbitrary command attempt UDP (more info ...)misc-attack 1999-0208 28383  
2089PROTOCOL-RPC ypupdated arbitrary command attempt TCP (more info ...)misc-attack 1999-0208 1749  
2092PROTOCOL-RPC portmap proxy integer overflow attempt UDP (more info ...)rpc-portmap-decode 2003-0028 7123 11420 
2093PROTOCOL-RPC portmap proxy integer overflow attempt TCP (more info ...)rpc-portmap-decode 2003-0028 7123 11420 
2094PROTOCOL-RPC CMSD UDP CMSD_CREATE array buffer overflow attempt (more info ...)attempted-admin 2009-3699 5356 11418 
2095PROTOCOL-RPC CMSD TCP CMSD_CREATE array buffer overflow attempt (more info ...)attempted-admin 2002-0391 5356 11418 
2101OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt (more info ...)protocol-command-decode 2002-0724 5556 11110 URL
2103NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (more info ...)protocol-command-decode 2003-0201   
2123INDICATOR-COMPROMISE Microsoft cmd.exe banner (more info ...)successful-admin   11633 
2126OS-WINDOWS Microsoft Windows PPTP Start Control Request buffer overflow attempt (more info ...)attempted-admin 2002-1214 5807 11178 URL
2176OS-WINDOWS Microsoft Windows SMB startup folder access (more info ...)attempted-recon    
2177OS-WINDOWS Microsoft Windows SMB startup folder unicode access (more info ...)attempted-recon    
2184PROTOCOL-RPC mountd TCP mount path overflow attempt (more info ...)misc-attack 2003-0252 8179 11800 
2185PROTOCOL-RPC mountd UDP mount path overflow attempt (more info ...)misc-attack 2010-4227 8179 11800 
2190NETBIOS DCERPC invalid bind attempt (more info ...)attempted-dos    
2191NETBIOS SMB DCERPC invalid bind attempt (more info ...)attempted-dos    
2252OS-WINDOWS Microsoft Windows SMB-DS DCERPC Remote Activation bind attempt (more info ...)attempted-admin 2003-0715 8458 11835 URL
2255PROTOCOL-RPC sadmind query with root credentials attempt TCP (more info ...)misc-attack    
2256PROTOCOL-RPC sadmind query with root credentials attempt UDP (more info ...)misc-attack    
2257OS-WINDOWS DCERPC Messenger Service buffer overflow attempt (more info ...)attempted-admin 2003-0717 8826 11890 URL
2258OS-WINDOWS Microsoft Windows SMB-DS DCERPC Messenger Service buffer overflow attempt (more info ...)attempted-admin 2003-0717 8826 11890 URL
2382OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP asn1 overflow attempt (more info ...)protocol-command-decode 2003-0818 9635 12065 URL
2383OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP asn1 overflow attempt (more info ...)protocol-command-decode 2003-0818 9635 12065 URL
2401NETBIOS SMB Session Setup andx username overflow attempt (more info ...)protocol-command-decode 2004-0193 9752  URL
2402NETBIOS SMB-DS Session Setup andx username overflow attempt (more info ...)protocol-command-decode 2004-0193 9752  URL
2403NETBIOS SMB Session Setup unicode username overflow attempt (more info ...)protocol-command-decode 2004-0193 9752  URL
2404NETBIOS SMB-DS Session Setup unicode andx username overflow attempt (more info ...)protocol-command-decode 2004-0193 9752  URL
2418 (more info ...)attempted-dos 2001-0663   URL
2436FILE-IDENTIFY Microsoft Windows Audio wmf file download request (more info ...)misc-activity    URL
2474NETBIOS SMB-DS ADMIN$ share access (more info ...)protocol-command-decode    
2485BROWSER-PLUGINS Symantec Norton Internet Security 2004 ActiveX clsid access (more info ...)attempted-user 2004-0363 9916  URL
2508OS-WINDOWS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt (more info ...)attempted-admin 2003-0533 10108 12205 URL
2511OS-WINDOWS DCERPC NCADG-IP-UDP lsass DsRolerUpgradeDownlevelServer overflow attempt (more info ...)attempted-admin 2003-0533 10108 12205 URL
2563NETBIOS NS lookup response name overflow attempt (more info ...)attempted-admin 2004-0444 10333  URL
2564NETBIOS NS lookup short response attempt (more info ...)attempted-admin 2004-0444 10335  URL
2589OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (more info ...)attempted-user 2004-0420 9510  URL
2705FILE-IMAGE Microsoft Multiple Products JPEG parser heap overflow attempt (more info ...)attempted-user 2004-0200 11173  URL
2923 (more info ...)unsuccessful-user    
2924 (more info ...)unsuccessful-user    
2927OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (more info ...)attempted-admin 2004-0574   URL
2936OS-WINDOWS DCERPC NCACN-IP-TCP nddeapi NDdeSetTrustedShareW overflow attempt (more info ...)attempted-admin 2004-0206 11372  URL
2942NETBIOS DCERPC NCACN-IP-TCP winreg InitiateSystemShutdown attempt (more info ...)protocol-command-decode    URL
3000 (more info ...)protocol-command-decode 2003-0818 9635 12065 URL
3001OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP andx asn1 overflow attempt (more info ...)protocol-command-decode 2003-0818 9635 12065 URL
3002OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode andx asn1 overflow attempt (more info ...)protocol-command-decode 2003-0818 9635 12065 URL
3003 (more info ...)protocol-command-decode 2003-0818 9635 12065 URL
3004OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP andx asn1 overflow attempt (more info ...)protocol-command-decode 2003-0818 9635 12065 URL
3005OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode andx asn1 overflow attempt (more info ...)protocol-command-decode 2003-0818 9635 12065 URL
3017OS-WINDOWS Microsoft Windows WINS overflow attempt (more info ...)misc-attack 2004-1080 11763  URL
3018 (more info ...)protocol-command-decode 2004-1154   
3019 (more info ...)protocol-command-decode 2004-1154   
3020NETBIOS SMB NT Trans NT CREATE unicode oversized Security Descriptor attempt (more info ...)protocol-command-decode 2004-1154   
3021 (more info ...)protocol-command-decode 2004-1154   
3022NETBIOS SMB-DS NT Trans NT CREATE oversized Security Descriptor attempt (more info ...)protocol-command-decode 2004-1154   
3023 (more info ...)protocol-command-decode 2004-1154   
3024NETBIOS SMB-DS NT Trans NT CREATE unicode oversized Security Descriptor attempt (more info ...)protocol-command-decode 2004-1154   
3025 (more info ...)protocol-command-decode 2004-1154   
3026NETBIOS SMB NT Trans NT CREATE SACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3027NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3028NETBIOS SMB NT Trans NT CREATE unicode SACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3029 (more info ...)protocol-command-decode 2004-1154   
3030NETBIOS SMB-DS NT Trans NT CREATE SACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3031NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3032NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3033 (more info ...)protocol-command-decode 2004-1154   
3034NETBIOS SMB NT Trans NT CREATE DACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3035NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3036NETBIOS SMB NT Trans NT CREATE unicode DACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3037 (more info ...)protocol-command-decode 2004-1154   
3038NETBIOS SMB-DS NT Trans NT CREATE DACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3039NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3040NETBIOS SMB-DS NT Trans NT CREATE unicode DACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3041NETBIOS SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt (more info ...)protocol-command-decode 2004-1154   
3042NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3043NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3044NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3045NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3046NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3047NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3048NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3049NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3050NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3051NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3052NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3053NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3054NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3055NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3056NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3057NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (more info ...)protocol-command-decode    
3078PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (more info ...)attempted-admin 2004-0574   URL
3114OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (more info ...)attempted-admin 2005-0050 12481  URL
3132FILE-IMAGE Microsoft and libpng multiple products PNG large image width overflow attempt (more info ...)attempted-user 2007-5503 11523  URL
3133FILE-IMAGE Microsoft Multiple Products PNG large image height download attempt (more info ...)attempted-user 2007-5503 11523  URL
3134FILE-IMAGE Microsoft PNG large colour depth download attempt (more info ...)attempted-user 2004-1244 11523  URL
3135NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (more info ...)protocol-command-decode    
3136 (more info ...)protocol-command-decode    
3137NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (more info ...)protocol-command-decode    
3138 (more info ...)protocol-command-decode    
3139NETBIOS SMB Trans2 FIND_FIRST2 attempt (more info ...)protocol-command-decode    
3140 (more info ...)protocol-command-decode    
3141NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (more info ...)protocol-command-decode    
3142 (more info ...)protocol-command-decode    
3143OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 command response overflow attempt (more info ...)protocol-command-decode 2005-0045 12484  URL
3144OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 response andx overflow attempt (more info ...)protocol-command-decode 2005-0045 12484  URL
3145 (more info ...)protocol-command-decode 2005-0045 12484  URL
3146OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (more info ...)protocol-command-decode 2005-0045 12484  URL
3148OS-WINDOWS Microsoft Windows HTML Help hhctrl.ocx clsid access attempt (more info ...)attempted-user 2004-1043 5874  URL
3158OS-WINDOWS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile attempt (more info ...)protocol-command-decode 2003-0715   URL
3159OS-WINDOWS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile attempt (more info ...)protocol-command-decode 2003-0715   URL
3171OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (more info ...)attempted-admin 2005-0059   URL
3199OS-WINDOWS Microsoft Windows WINS name query overflow attempt TCP (more info ...)attempted-admin 2003-0825 9624 15912 URL
3200OS-WINDOWS Microsoft Windows WINS name query overflow attempt UDP (more info ...)attempted-admin 2003-0825 9624 15912 URL
3218 (more info ...)attempted-admin 2000-0377 1331  URL
3238OS-WINDOWS DCERPC NCACN-IP-TCP irot IrotIsRunning/Revoke overflow attempt (more info ...)attempted-admin 2002-1561 6005  URL
3239OS-WINDOWS DCERPC NCADG-IP-UDP irot IrotIsRunning/Revoke overflow attempt (more info ...)attempted-admin 2002-1561 6005  URL
3397OS-WINDOWS DCERPC NCACN-IP-TCP ISystemActivator RemoteCreateInstance attempt (more info ...)protocol-command-decode 2003-0715 8205  URL
3398OS-WINDOWS DCERPC NCADG-IP-UDP ISystemActivator RemoteCreateInstance attempt (more info ...)protocol-command-decode 2003-0715 8205  URL
3409OS-WINDOWS DCERPC NCACN-IP-TCP IActivation remoteactivation overflow attempt (more info ...)attempted-admin 2003-0715 8205  URL
3442 (more info ...)attempted-dos 2000-0232 1082  URL