Detailed List of IPS rules used in the ASG

Last update: Tue Jul 7 08:33:28 2020



Group Name# of attack rules# of warning rulesgoto
 
OS         
OS / Windows  1036    1416    goto rules ...  
OS / Linux  19    159    goto rules ...  
OS / Other  656    520    goto rules ...  
 
Server  2094    2940    goto rules ...  
Server / HTTP         
Server / HTTP / Common  17    81    goto rules ...  
Server / HTTP / Apache  77    125    goto rules ...  
Server / HTTP / Microsoft IIS  2    183    goto rules ...  
Server / HTTP / Other         
Server / HTTP / Coldfusion         
Server / HTTP / Frontpage  0    3    goto rules ...  
Server / HTTP / PHP  284    554    goto rules ...  
Server / HTTP / CGI  156    295    goto rules ...  
Server / Mail         
Server / Mail / Microsoft Exchange  11    44    goto rules ...  
Server / Mail / Sendmail  1    26    goto rules ...  
Server / Mail / POP3  0    3    goto rules ...  
Server / Mail / IMAP  2    64    goto rules ...  
Server / Mail / SMTP  8    128    goto rules ...  
Server / Database         
Server / Database / Microsoft  6    78    goto rules ...  
Server / Database / Oracle  260    834    goto rules ...  
Server / Database / MySQL  9    55    goto rules ...  
Server / Database / Common SQL  319    294    goto rules ...  
Server / Database / Common SQL         
Server / Misc         
Server / Misc / DNS  136    197    goto rules ...  
Server / Misc / FTP  27    250    goto rules ...  
Server / Misc / SSH  0    19    goto rules ...  
Server / Misc / Backup  11    106    goto rules ...  
Server / Misc / TFTP         
Server / Misc / SNMP  2    13    goto rules ...  
Server / Misc / Authentication  10    49    goto rules ...  
Server / Misc / CVS  0    18    goto rules ...  
 
Client  90    948    goto rules ...  
Client / Office  931    1083    goto rules ...  
Client / Browser  2564    3347    goto rules ...  
Client / Email  1    94    goto rules ...  
Client / Multimedia  3156    1429    goto rules ...  
Client / Peer to Peer         
Client / Instant Messenger  0    28    goto rules ...  
 
Protocol Anomaly  208    1016    goto rules ...  
Protocol Anomaly / Invalid Traffic  0    141    goto rules ...  
Protocol Anomaly / ICMP         
Protocol Anomaly / IGMP         
Protocol Anomaly / RPC         
Protocol Anomaly / Misc  15    476    goto rules ...  
 
Malware  2126    7463    goto rules ...  
Malware / Trojans         
Malware / DoS  5    18    goto rules ...  

 goto Top

Group: OS

# of attack rules in this group: 0

# of warning rules in this group: 0

 goto Top

Group: OS / Windows

# of attack rules in this group: 1036

IDMessageClasstypeCVEBugtraqIDNessusIDCustom
2435FILE-IDENTIFY Microsoft emf file download request (more info ...)misc-activity  2007-5746  9707    URL
7209OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt (more info ...)attempted-admin  2006-3439  19409    URL
12972FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (more info ...)misc-activity        
14782OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (more info ...)attempted-admin  2008-4250      URL
15528OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (more info ...)protocol-command-decode  2009-0230      URL
16143FILE-IDENTIFY Microsoft asf file magic detected (more info ...)misc-activity        URL
16395OS-WINDOWS Microsoft Windows SMB COPY command oversized pathname attempt (more info ...)attempted-admin  2010-0020      URL
16417OS-WINDOWS Microsoft Windows SMB Negotiate Protocol Response overflow attempt (more info ...)attempted-admin  2010-0016      URL
16538NETBIOS NT QUERY SECURITY DESC flowbit (more info ...)misc-activity        
16539OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (more info ...)attempted-admin  2010-0269      URL
16540OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (more info ...)attempted-admin  2010-0477      URL
16728NETBIOS Samba SMB1 chain_reply function memory corruption attempt (more info ...)attempted-admin  2010-2063  40884    
17042FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (more info ...)attempted-user  2017-8464      URL
17125OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (more info ...)attempted-admin  2010-2550      URL
17249OS-WINDOWS Microsoft Windows LSASS integer overflow attempt (more info ...)attempted-user  2010-0820      URL
19290FILE-OTHER Microsoft LNK shortcut arbitary dll load attempt (more info ...)attempted-user  2010-2568      URL
20850FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (more info ...)misc-activity        
20851FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (more info ...)misc-activity        
20878OS-WINDOWS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (more info ...)attempted-user  2012-0009      URL
21078FILE-MULTIMEDIA Microsoft Windows DirectShow GraphEdt closed captioning memory corruption (more info ...)attempted-user  2012-0004      URL
21305FILE-EXECUTABLE Microsoft .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (more info ...)attempted-user  2012-0015      URL
21308FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (more info ...)attempted-user  2012-0150      URL
21504OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
21505OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
21506OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
21507OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
21508OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
21570OS-WINDOWS Microsoft Windows RemoteDesktop new session flood attempt (more info ...)attempted-admin  2012-0002      URL
21619OS-WINDOWS Microsoft Windows RemoteDesktop connect-initial pdu remote code execution attempt (more info ...)attempted-admin  2012-0002      URL
21792FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (more info ...)attempted-user  2012-0163      URL
21795FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (more info ...)attempted-user  2012-0151      
22042FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (more info ...)attempted-user  2012-0163      URL
22079OS-WINDOWS Microsoft .NET framework EvidenceBase class remote code execution attempt (more info ...)attempted-user  2012-0160      URL
22087FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (more info ...)attempted-user  2012-0159      URL
22090OS-WINDOWS Microsoft .NET framework malicious XBAP attempt (more info ...)attempted-user  2012-0162      URL
22942FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (more info ...)attempted-user  2012-0151      
23127FILE-EXECUTABLE Microsoft Windows .NET xbap STGMEDIUM.unionmember arbitrary number overwrite attempt (more info ...)attempted-user  2012-1855      URL
23181FILE-EXECUTABLE Microsoft Windows .NET Framework xbap DataObject object pointer attempt (more info ...)attempted-user  2012-1855      URL
23237OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (more info ...)attempted-admin  2010-0477      URL
23703FILE-IDENTIFY Microsoft asf file magic detected (more info ...)misc-activity        URL
23732FILE-IDENTIFY Microsoft Media Player .asf file magic detected (more info ...)misc-activity        
23837OS-WINDOWS Microsoft Windows SMB host announcement format string exploit attempt (more info ...)attempted-admin  2012-1851      URL
23838OS-WINDOWS Microsoft Windows SMB NetServerEnum response host format string exploit attempt (more info ...)attempted-admin  2012-1851      URL
23839OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (more info ...)attempted-dos  2012-1853  54940    URL
23846OS-WINDOWS Microsoft Windows Terminal server RDP freed memory write attempt (more info ...)attempted-admin  2012-2526      URL
24007OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (more info ...)attempted-dos  2012-1853  54940    URL
24089OS-WINDOWS Microsoft WebDAV PROPFIND request (more info ...)misc-activity        
24090OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (more info ...)attempted-user  2012-0175  54307    URL
24500FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (more info ...)attempted-user  2017-8464      URL
24649FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (more info ...)attempted-admin  2012-4786      URL
24650FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (more info ...)attempted-admin  2012-4786      URL
24664FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (more info ...)misc-activity  2012-1895      URL
24665FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (more info ...)misc-activity  2012-1895      URL
24696PROTOCOL-RPC EMC Networker nsrindexd.exe procedure 0x01 buffer overflow attempt (more info ...)attempted-user  2012-0395      
25032FILE-IDENTIFY Microsoft Silverlight application file download request (more info ...)misc-activity        
25033FILE-IDENTIFY Microsoft Silverlight application file attachment detected (more info ...)misc-activity        
25034FILE-IDENTIFY Microsoft Silverlight application file attachment detected (more info ...)misc-activity        
25253FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (more info ...)attempted-user  2012-0015      URL
25357FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (more info ...)attempted-user  2012-0151      
25542PROTOCOL-RPC EMC NetWorker nsrindexd service buffer overflow attempt (more info ...)attempted-admin  2012-4607  57182    
25779FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (more info ...)attempted-user  2012-0151      
25795FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (more info ...)attempted-user  2013-0077      URL
25796FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (more info ...)attempted-user  2013-0077      URL
26066OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
26067OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
26068OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
26069OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (more info ...)attempted-user  2012-0013      URL
26865FILE-IMAGE Microsoft Multiple Products malformed PNG detected tEXt overflow attempt (more info ...)attempted-user  2013-1331  18385    URL
27136OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (more info ...)attempted-admin  2013-3134      URL
27139OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (more info ...)attempted-admin  2013-3134      URL
27576FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (more info ...)attempted-user  2012-0159      URL
27822FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (more info ...)attempted-admin  2013-0810      URL
28487OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt (more info ...)attempted-user  2013-3906      
28488OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt (more info ...)attempted-user  2013-3906      
28507FILE-IDENTIFY Microsoft Write file download file attachment detected (more info ...)misc-activity        
28508FILE-IDENTIFY Microsoft Write file download file attachment detected (more info ...)misc-activity        
29943OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (more info ...)attempted-admin  2010-0477      URL
29944FILE-IMAGE Microsoft Multiple Products potentially malicious PNG detected - large or invalid chunk size (more info ...)attempted-user  2013-1331  18385    URL
29945FILE-IMAGE Microsoft Multiple Products potentially malicious PNG detected - large or invalid chunk size (more info ...)attempted-user  2013-1331  18385    URL
30972EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (more info ...)trojan-activity        
31369EXPLOIT-KIT Rig exploit kit outbound Microsoft Silverlight request (more info ...)trojan-activity        
31427FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (more info ...)attempted-user  2012-0150      URL
31702FILE-IDENTIFY Microsoft Silverlight application file magic detected (more info ...)misc-activity        
31703FILE-IDENTIFY Microsoft Silverlight application file magic detected (more info ...)misc-activity        
32190OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (more info ...)attempted-user  2014-4148      URL
32191OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (more info ...)attempted-user  2014-4148      URL
32361FILE-OTHER Microsoft Windows Briefcase integer overflow (more info ...)attempted-user  2012-1528      URL
32404OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32405OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32406OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32407OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32408OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32409OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32410OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32411OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32412OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32413OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (more info ...)misc-attack  2014-6321      URL
32414OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32415OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32416OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32417OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32422OS-WINDOWS Microsoft Windows DTLSv1.0 handshake cookie buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32423OS-WINDOWS Microsoft Windows DTLSv1.0 hello verify request out of bounds read attempt (more info ...)attempted-admin  2014-6321      URL
32474OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (more info ...)attempted-user  2014-4149      URL
32475OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (more info ...)attempted-user  2014-4149      URL
32501FILE-OTHER Microsoft XML invalid priority in xsl template (more info ...)attempted-user  2014-4118      URL
32502FILE-OTHER Microsoft XML invalid priority in xsl template (more info ...)attempted-user  2014-4118      URL
32730FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (more info ...)attempted-admin  2013-0010      URL
32731OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32732OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
32876EXPLOIT-KIT Nuclear exploit kit outbound Microsoft Silverlight exploit request (more info ...)trojan-activity        
33050PROTOCOL-TELNET Microsoft Telnet Server buffer overflow attempt (more info ...)attempted-user  2015-0014      URL
33451PROTOCOL-TELNET Microsoft Telnet Server buffer overflow attempt (more info ...)attempted-user  2015-0014      URL
33711OS-WINDOWS Type one font out of bounds memory access attempt (more info ...)attempted-user  2015-0090      URL
33712OS-WINDOWS Type one font out of bounds memory access attempt (more info ...)attempted-user  2015-0090      URL
34057OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
34058OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (more info ...)attempted-admin  2014-6321      URL
34178OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (more info ...)attempted-admin        
34179OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (more info ...)attempted-admin        
34331EXPLOIT-KIT Fiesta exploit kit Microsoft SilverLight exploit download (more info ...)trojan-activity        
34371FILE-OTHER Microsoft Journal memory corruption attempt (more info ...)attempted-user  2015-1698      URL
34372FILE-OTHER Microsoft Journal memory corruption attempt (more info ...)attempted-user  2015-1698      URL
34385FILE-OTHER Microsoft Journal memory corruption attempt (more info ...)attempted-user  2015-1697      URL
34386FILE-OTHER Microsoft Journal memory corruption attempt (more info ...)attempted-user  2015-1697      URL
34387FILE-OTHER Microsoft Journal out of bounds write attempt (more info ...)attempted-user  2015-1695      URL
34388FILE-OTHER Microsoft Journal out of bounds write attempt (more info ...)attempted-user  2015-1695      URL
34389FILE-OTHER Microsoft Journal out of bounds read attempt (more info ...)attempted-user  2015-1696      URL
34390FILE-OTHER Microsoft Journal out of bounds read attempt (more info ...)attempted-user  2015-1696      URL
34399FILE-OTHER Microsoft Journal file exploitation attempt (more info ...)attempted-user  2015-1675      URL
34400FILE-OTHER Microsoft Journal file exploitation attempt (more info ...)attempted-user  2015-1675      URL
34401OS-WINDOWS Microsoft Windows Calendar object heap corruption attempt (more info ...)attempted-user  2015-1673      URL
34402OS-WINDOWS Microsoft Windows Calendar object heap corruption attempt (more info ...)attempted-user  2015-1673      URL
34403FILE-OTHER Microsoft Journal out of bounds read attempt (more info ...)attempted-user  2015-1699      URL
34404FILE-OTHER Microsoft Journal out of bounds read attempt (more info ...)attempted-user  2015-1699      URL
34440OS-WINDOWS Microsoft Windows Win32k TrueType Font parsing out of bounds attempt (more info ...)attempted-user  2015-1671      URL
34441OS-WINDOWS Microsoft Windows Win32k TrueType Font parsing out of bounds attempt (more info ...)attempted-user  2015-1671      URL
35151OS-WINDOWS Microsoft Windows RDP server PDU length heap overflow attempt (more info ...)attempted-admin  2015-2373      URL
35304FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (more info ...)attempted-admin  2015-2426      URL
35305FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (more info ...)attempted-admin  2015-2426      URL
35483FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file remote code execution attempt (more info ...)attempted-admin  2015-2432      URL
35484FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file remote code execution attempt (more info ...)attempted-admin  2015-2432      URL
35485FILE-OTHER Microsoft Windows atmfd.dll font driver malformed OTF file remote code execution attempt (more info ...)attempted-admin  2015-2462      URL
35486FILE-OTHER Microsoft Windows atmfd.dll font driver malformed OTF file remote code execution attempt (more info ...)attempted-admin  2015-2462      URL
35489FILE-OTHER Microsoft Windows OTF file parsing error exploitation attempt (more info ...)attempted-user  2015-2458      URL
35490FILE-OTHER Microsoft Windows OTF file parsing error exploitation attempt (more info ...)attempted-user  2015-2458      URL
35491FILE-OTHER Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remote code execution attempt (more info ...)attempted-user  2015-2435      URL
35492FILE-OTHER Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remote code execution attempt (more info ...)attempted-user  2015-2435      URL
35495FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file remote code execution attempt (more info ...)attempted-admin  2015-2459      URL
35496FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file remote code execution attempt (more info ...)attempted-admin  2015-2459      URL
35515OS-WINDOWS Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt (more info ...)attempted-user  2015-2460      URL
35516OS-WINDOWS Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt (more info ...)attempted-user  2015-2460      URL
35517FILE-OTHER Microsoft Windows FontView OpenType Font atmfd.dll invalid memory reference attempt (more info ...)attempted-admin  2015-2461      URL
35518FILE-OTHER Microsoft Windows FontView OpenType Font atmfd.dll invalid memory reference attempt (more info ...)attempted-admin  2015-2461      URL
35519FILE-OTHER Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt (more info ...)attempted-admin  2015-2463      URL
35520FILE-OTHER Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt (more info ...)attempted-admin  2015-2463      URL
35523OS-WINDOWS Microsoft Windows TTF invalid system memory access attempt (more info ...)attempted-admin  2015-2464      URL
35524OS-WINDOWS Microsoft Windows TTF invalid system memory access attempt (more info ...)attempted-admin  2015-2464      URL
35525OS-WINDOWS Microsoft Windows TrueType font parsing integer underflow attempt (more info ...)attempted-admin  2015-2455      URL
35526OS-WINDOWS Microsoft Windows TrueType font parsing integer underflow attempt (more info ...)attempted-admin  2015-2455      URL
35719OS-WINDOWS Microsoft Windows CDD font parsing kernel memory corruption attempt (more info ...)attempted-admin  2015-2506      URL
35720OS-WINDOWS Microsoft Windows CDD font parsing kernel memory corruption attempt (more info ...)attempted-admin  2015-2506      URL
35721OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0008 attack attempt (more info ...)attempted-admin        URL
35722OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0008 attack attempt (more info ...)attempted-admin        URL
35731OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (more info ...)attempted-user  2012-0175  54307    URL
35961FILE-OTHER Microsoft Journal file parsing remote code execution attempt (more info ...)attempted-user  2015-2513      URL
35962FILE-OTHER Microsoft Journal file parsing remote code execution attempt (more info ...)attempted-user  2015-2513      URL
35984OS-WINDOWS Microsoft Windows GDI+ denial of service attempt (more info ...)attempted-user  2015-2510      URL
35985OS-WINDOWS Microsoft Windows GDI+ denial of service attempt (more info ...)attempted-user  2015-2510      URL
36014OS-WINDOWS Microsoft Windows System.DirectoryServices.Protocols.Utility class memory overflow attempt (more info ...)attempted-user  2015-2504      URL
36015OS-WINDOWS Microsoft Windows System.DirectoryServices.Protocols.Utility class memory overflow attempt (more info ...)attempted-user  2015-2504      URL
36210OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (more info ...)attempted-dos        URL
36211OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (more info ...)attempted-dos        URL
36218OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (more info ...)attempted-admin        URL
36219OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (more info ...)attempted-admin        URL
36220OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (more info ...)attempted-admin        URL
36221OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (more info ...)attempted-admin        URL
36222OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (more info ...)attempted-user        URL
36223OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (more info ...)attempted-user        URL
36697FILE-OTHER Microsoft Windows Journal integer overflow attempt (more info ...)attempted-user  2015-6097      URL
36698FILE-OTHER Microsoft Windows Journal integer overflow attempt (more info ...)attempted-user  2015-6097      URL
36703OS-WINDOWS Microsoft Windows DeferWindowPos privilege escalation attempt (more info ...)attempted-admin  2015-6101      URL
36704OS-WINDOWS Microsoft Windows DeferWindowPos privilege escalation attempt (more info ...)attempted-admin  2015-6101      URL
36705OS-WINDOWS Microsoft Windows afd.sys memory corruption attempt (more info ...)attempted-admin  2015-2478      URL
36706OS-WINDOWS Microsoft Windows afd.sys memory corruption attempt (more info ...)attempted-admin  2015-2478      URL
36709OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (more info ...)attempted-admin  2015-6100      URL
36710OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (more info ...)attempted-admin  2015-6100      URL
36711FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (more info ...)misc-activity        
36712OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (more info ...)attempted-user  2015-6096      URL
36713OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (more info ...)attempted-user  2015-6096      URL
36722OS-WINDOWS Microsoft Windows win32k information disclosure attempt (more info ...)attempted-recon  2015-6109      URL
36723OS-WINDOWS Microsoft Windows win32k information disclosure attempt (more info ...)attempted-recon  2015-6109      URL
36736FILE-OTHER Microsoft Windows malformed TrueType file remote code execution attempt (more info ...)attempted-user  2015-6104      URL
36737FILE-OTHER Microsoft Windows malformed TrueType file remote code execution attempt (more info ...)attempted-user  2015-6104      URL
36744OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (more info ...)attempted-admin  2015-6098      URL
36745OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (more info ...)attempted-admin  2015-6098      URL
36749FILE-OTHER Microsoft Windows TrueType font parsing out of bounds write attempt (more info ...)attempted-user  2015-6103      URL
36750FILE-OTHER Microsoft Windows TrueType font parsing out of bounds write attempt (more info ...)attempted-user  2015-6103      URL
36761OS-WINDOWS Microsoft Windows NtSetInformationFile hard link sandbox bypass attempt (more info ...)policy-violation  2015-6113      URL
36762OS-WINDOWS Microsoft Windows NtSetInformationFile hard link sandbox bypass attempt (more info ...)policy-violation  2015-6113      URL
36817FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field integer overflow attempt (more info ...)attempted-user  2010-0028      URL
36818FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field integer overflow attempt (more info ...)attempted-user  2010-0028      URL
36884FILE-IMAGE Microsoft Windows Paint jpeg with malformed SOFx field integer overflow attempt (more info ...)attempted-user  2010-0028      URL
36952FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (more info ...)attempted-user  2015-6130      URL
36953FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (more info ...)attempted-user  2015-6130      URL
36970OS-WINDOWS Microsoft Windows win32k.sys palette double free attempt (more info ...)attempted-admin  2015-6173      URL
36971OS-WINDOWS Microsoft Windows win32k.sys palette double free attempt (more info ...)attempted-admin  2015-6173      URL
36976OS-WINDOWS Microsoft Windows thread lock desynchronization null pointer dereference attempt (more info ...)attempted-admin  2015-6174      URL
36977OS-WINDOWS Microsoft Windows thread lock desynchronization null pointer dereference attempt (more info ...)attempted-admin  2015-6174      URL
36989OS-WINDOWS Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt (more info ...)attempted-admin  2015-6175      URL
36990OS-WINDOWS Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt (more info ...)attempted-admin  2015-6175      URL
36997OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (more info ...)attempted-recon  2015-6114      URL
36998OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (more info ...)attempted-recon  2015-6114      URL
37269OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (more info ...)attempted-user  2016-0007      URL
37270OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (more info ...)attempted-user  2016-0007      URL
37271OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (more info ...)attempted-user  2016-0006      URL
37272OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (more info ...)attempted-user  2016-0006      URL
37275OS-WINDOWS Microsoft Windows feclient.dll dll-load exploit attempt (more info ...)attempted-user  2016-0014      URL
37276OS-WINDOWS Microsoft Windows request for feclient.dll over SMB attempt (more info ...)attempted-user  2016-0014      URL
37277OS-WINDOWS Microsoft Windows devenum.dll device moniker underflow attempt (more info ...)attempted-admin  2016-0015      URL
37278OS-WINDOWS Microsoft Windows devenum.dll device moniker underflow attempt (more info ...)attempted-admin  2016-0015      URL
37565FILE-PDF Microsoft Reader dynamic object stream uninitialized memory corruption attempt (more info ...)attempted-user  2016-0046      URL
37566FILE-PDF Microsoft Reader dynamic object stream uninitialized memory corruption attempt (more info ...)attempted-user  2016-0046      URL
37567OS-WINDOWS Microsoft Windows WmipReceiveNotifications out of bounds write attempt (more info ...)attempted-admin  2016-0040      URL
37568OS-WINDOWS Microsoft Windows WmipReceiveNotifications out of bounds write attempt (more info ...)attempted-admin  2016-0040      URL
37569OS-WINDOWS Microsoft Windows WmipReceiveNotifications out of bounds write attempt (more info ...)attempted-admin  2016-0040      URL
37570OS-WINDOWS Microsoft Windows WmipReceiveNotifications out of bounds write attempt (more info ...)attempted-admin  2016-0040      URL
37577FILE-OTHER Microsoft Windows Journal CWispTiss use after free attempt (more info ...)attempted-user  2016-0038      URL
37578FILE-OTHER Microsoft Windows Journal CWispTiss use after free attempt (more info ...)attempted-user  2016-0038      URL
37584OS-WINDOWS Microsoft Windows wind32kfull.sys out of bounds write attempt (more info ...)attempted-admin  2016-0048      URL
37585OS-WINDOWS Microsoft Windows wind32kfull.sys out of bounds write attempt (more info ...)attempted-admin  2016-0048      URL
37586OS-WINDOWS Microsoft Windows WebDAV mini redirector driver privilege escalation attempt (more info ...)attempted-admin  2016-0051      URL
37587OS-WINDOWS Microsoft Windows WebDAV mini redirector driver privilege escalation attempt (more info ...)attempted-admin  2016-0051      URL
37594FILE-PDF Microsoft Windows PDF Library invalid JPX image heap corruption attempt (more info ...)attempted-user  2016-0058      URL
37595FILE-PDF Microsoft Windows PDF Library invalid JPX image heap corruption attempt (more info ...)attempted-user  2016-0058      URL
37655OS-WINDOWS Microsoft .NET Framework XSLT parser stack exhaustion attempt (more info ...)attempted-dos  2016-0033      URL
37656OS-WINDOWS Microsoft .NET Framework XSLT parser stack exhaustion attempt (more info ...)attempted-dos  2016-0033      URL
37663FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (more info ...)attempted-user  2010-0265      URL
38061OS-WINDOWS Microsoft Windows rpdesk remote code execution attempt (more info ...)attempted-user  2016-0095      URL
38062OS-WINDOWS Microsoft Windows rpdesk remote code execution attempt (more info ...)attempted-user  2016-0095      URL
38063FILE-OTHER Microsoft Windows atmfd.dll font driver malformed OTF file remote code execution attempt (more info ...)attempted-user  2016-0121      URL
38064FILE-OTHER Microsoft Windows atmfd.dll font driver malformed OTF file remote code execution attempt (more info ...)attempted-user  2016-0121      URL
38071OS-WINDOWS Microsoft Windows ValidateParentDepth out of bounds read attempt (more info ...)attempted-admin  2016-0096      URL
38072OS-WINDOWS Microsoft Windows ValidateParentDepth out of bounds read attempt (more info ...)attempted-admin  2016-0096      URL
38083OS-WINDOWS Microsoft Windows GreCreateDisplayDC surface object use after free attempt (more info ...)attempted-admin  2016-0093      URL
38084OS-WINDOWS Microsoft Windows GreCreateDisplayDC surface object use after free attempt (more info ...)attempted-admin  2016-0093      URL
38092OS-WINDOWS Microsoft Windows ObReferenceObjectByHandle function privilege escalation attempt (more info ...)attempted-user  2016-0087      URL
38093OS-WINDOWS Microsoft Windows ObReferenceObjectByHandle function privilege escalation attempt (more info ...)attempted-user  2016-0087      URL
38114OS-WINDOWS Microsoft Windows WebDAV mini redirector driver privilege escalation attempt (more info ...)attempted-admin  2016-0099      URL
38115OS-WINDOWS Microsoft Windows WebDAV mini redirector driver privilege escalation attempt (more info ...)attempted-admin  2016-0099      URL
38119OS-WINDOWS Microsoft Windows EPOINTQF privilege escalation attempt (more info ...)attempted-admin  2016-0094      URL
38120OS-WINDOWS Microsoft Windows EPOINTQF privilege escalation attempt (more info ...)attempted-admin  2016-0094      URL
38124FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap Overflow attempt (more info ...)attempted-user  2016-0101      URL
38125FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap Overflow attempt (more info ...)attempted-user  2016-0101      URL
38458OS-WINDOWS Microsoft Windows LSARPC LsapLookupSids denial of service attempt (more info ...)attempted-dos  2016-0135      URL
38459OS-WINDOWS Microsoft Windows DrawMenuBarTemp memory corruption attempt (more info ...)attempted-admin  2016-0143      URL
38460OS-WINDOWS Microsoft Windows DrawMenuBarTemp memory corruption attempt (more info ...)attempted-admin  2016-0143      URL
38461OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (more info ...)protocol-command-decode        URL
38462OS-WINDOWS DCERPC Bind auth level packet privacy downgrade attempt (more info ...)attempted-recon  2016-0128      URL
38469OS-WINDOWS Microsoft Windows api-ms-win-appmodel-runtime dll-load exploit attempt (more info ...)attempted-user  2016-0160      URL
38470OS-WINDOWS Microsoft Windows api-ms-win-appmodel-runtime dll-load exploit attempt (more info ...)attempted-user  2016-0160      URL
38475OS-WINDOWS Microsoft Windows anonymous user token impersonation attempt (more info ...)attempted-admin  2016-0151      URL
38476OS-WINDOWS Microsoft Windows anonymous user token impersonation attempt (more info ...)attempted-admin  2016-0151      URL
38487OS-WINDOWS Microsoft Windows win32k.sys PathToRegion buffer overflow attempt (more info ...)attempted-admin  2016-0165      URL
38488OS-WINDOWS Microsoft Windows win32k.sys PathToRegion buffer overflow attempt (more info ...)attempted-admin  2016-0165      URL
38491OS-WINDOWS Microsoft Windows CreatePopupMenu win32k.sys use after free attempt (more info ...)attempted-user  2016-0167      URL
38492OS-WINDOWS Microsoft Windows CreatePopupMenu win32k.sys use after free attempt (more info ...)attempted-user  2016-0167      URL
38493FILE-OTHER Microsoft Windows win32k.sys glyph bitmap boundary out of bounds memory access attempt (more info ...)attempted-admin  2016-0145      URL
38494FILE-OTHER Microsoft Windows win32k.sys glyph bitmap boundary out of bounds memory access attempt (more info ...)attempted-admin  2016-0145      URL
38759OS-WINDOWS Microsoft Windows Win32k window handle use after free attempt (more info ...)attempted-admin  2016-0196      URL
38760OS-WINDOWS Microsoft Windows Win32k window handle use after free attempt (more info ...)attempted-admin  2016-0196      URL
38761OS-WINDOWS Microsoft Windows win32kfull.sys font object use after free attempt (more info ...)attempted-admin  2016-0174      URL
38762OS-WINDOWS Microsoft Windows win32kfull.sys font object use after free attempt (more info ...)attempted-admin  2016-0174      URL
38765OS-WINDOWS Microsoft Windows Dxgkrnl.sys RtlMemoryCopy buffer overflow attempt (more info ...)attempted-admin  2016-0167      URL
38766OS-WINDOWS Microsoft Windows Dxgkrnl.sys RtlMemoryCopy buffer overflow attempt (more info ...)attempted-admin  2016-0167      URL
38774OS-WINDOWS Microsoft Windows device content surface bitmap use after free attempt (more info ...)attempted-user  2016-0171      URL
38775OS-WINDOWS Microsoft Windows device content surface bitmap use after free attempt (more info ...)attempted-user  2016-0171      URL
38787OS-WINDOWS Microsoft Windows Device Context bitmap use after free attempt (more info ...)attempted-user  2016-0172      URL
38788OS-WINDOWS Microsoft Windows Device Context bitmap use after free attempt (more info ...)attempted-user  2016-0172      URL
38801OS-WINDOWS Microsoft Windows NtGdiGetEmbUFI kernel information disclosure attempt (more info ...)attempted-user  2016-0175      URL
38802OS-WINDOWS Microsoft Windows NtGdiGetEmbUFI kernel information disclosure attempt (more info ...)attempted-user  2016-0175      URL
38803OS-WINDOWS Microsoft Windows kernel Configuration Manager failure attempt (more info ...)attempted-user  2016-0180      URL
38804OS-WINDOWS Microsoft Windows kernel Configuration Manager failure attempt (more info ...)attempted-user  2016-0180      URL
38808OS-WINDOWS Microsoft Windows win32kfull.sys device context use after free attempt (more info ...)attempted-admin  2016-0173      URL
38809OS-WINDOWS Microsoft Windows win32kfull.sys device context use after free attempt (more info ...)attempted-admin  2016-0173      URL
38817FILE-OTHER Microsoft Windows gdi32 malformed EMF file ExtEscape buffer overflow attempt (more info ...)attempted-user  2016-0170      URL
38839OS-WINDOWS Microsoft Windows RPC NDR64 denial of service attempt (more info ...)attempted-dos  2016-0178      URL
38840OS-WINDOWS Microsoft Windows RPC NDR64 denial of service attempt (more info ...)attempted-dos  2016-0178      URL
38849OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (more info ...)attempted-dos  2016-4304      URL
38850OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (more info ...)attempted-dos  2016-4304      URL
39078OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (more info ...)attempted-dos  2016-4305      URL
39079OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (more info ...)attempted-dos  2016-4305      URL
39193OS-WINDOWS Microsoft Windows Win32k.sys MakeWindowForegroundWithState null pointer dereference attempt (more info ...)attempted-admin  2016-3221      URL
39194OS-WINDOWS Microsoft Windows Win32k.sys MakeWindowForegroundWithState null pointer dereference attempt (more info ...)attempted-admin  2016-3221      URL
39195OS-WINDOWS Microsoft Windows Win32k.sys MakeWindowForegroundWithState null pointer dereference attempt (more info ...)attempted-admin  2016-3221      URL
39196OS-WINDOWS Microsoft Windows Win32k.sys MakeWindowForegroundWithState null pointer dereference attempt (more info ...)attempted-admin  2016-3221      URL
39209OS-WINDOWS Microsoft Windows sandbox ProcessFontDisablePolicy check bypass attempt (more info ...)attempted-user  2016-3219      URL
39210OS-WINDOWS Microsoft Windows sandbox ProcessFontDisablePolicy check bypass attempt (more info ...)attempted-user  2016-3219      URL
39213OS-WINDOWS Microsoft Windows WebDAV NTLM reflection attack attempt (more info ...)attempted-admin  2016-3225      URL
39214OS-WINDOWS Microsoft Windows WebDAV NTLM reflection attack attempt (more info ...)attempted-admin  2016-3225      URL
39215OS-WINDOWS Microsoft Windows WebDAV NTLM reflection attack attempt (more info ...)attempted-admin  2016-3225      URL
39216OS-WINDOWS Microsoft Windows WebDAV NTLM reflection attack attempt (more info ...)attempted-admin  2016-3225      URL
39217OS-WINDOWS Microsoft Windows win32kfull.sys NtGdiExtFloodFill use after free attempt (more info ...)attempted-user  2016-3218      URL
39218OS-WINDOWS Microsoft Windows win32kfull.sys NtGdiExtFloodFill use after free attempt (more info ...)attempted-user  2016-3218      URL
39225OS-WINDOWS Microsoft Windows Diagnostics Hub directory traversal attempt (more info ...)attempted-admin  2016-3231      URL
39226OS-WINDOWS Microsoft Windows Diagnostics Hub directory traversal attempt (more info ...)attempted-admin  2016-3231      URL
39227OS-WINDOWS Microsoft Windows WPAD spoofing attempt (more info ...)attempted-user  2016-3236      URL
39260FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (more info ...)attempted-user  2016-3220      URL
39261FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (more info ...)attempted-admin  2016-3220      URL
39267OS-WINDOWS Microsoft Windows GdiPlus malformed EMF file out of bounds read attempt (more info ...)attempted-user  2016-3216      URL
39478OS-WINDOWS Microsoft Windows NtGdiSelectPen privilege escalation attempt (more info ...)attempted-admin  2016-3252      URL
39479OS-WINDOWS Microsoft Windows NtGdiSelectPen privilege escalation attempt (more info ...)attempted-admin  2016-3252      URL
39480OS-WINDOWS Microsoft Windows win32k out of bound read attempt (more info ...)attempted-admin  2016-3251      URL
39481OS-WINDOWS Microsoft Windows win32k out of bound read attempt (more info ...)attempted-admin  2016-3251      URL
39482OS-WINDOWS Microsoft Windows NtUserDraw privilege escalation attempt (more info ...)attempted-admin  2016-3249      URL
39483OS-WINDOWS Microsoft Windows NtUserDraw privilege escalation attempt (more info ...)attempted-admin  2016-3249      URL
39495OS-WINDOWS Microsoft Windows win32k.sys desktop switch use after free attempt (more info ...)attempted-admin  2016-3250      URL
39496OS-WINDOWS Microsoft Windows win32k.sys desktop switch use after free attempt (more info ...)attempted-admin  2016-3250      URL
39508OS-WINDOWS Microsoft Windows EndDeferWindowPos null page dereference attempt (more info ...)attempted-admin  2016-3254      URL
39509OS-WINDOWS Microsoft Windows EndDeferWindowPos null page dereference attempt (more info ...)attempted-admin  2016-3254      URL
39516OS-WINDOWS Microsoft Windows win32kfull.sys out of bounds read attempt (more info ...)attempted-admin  2016-3286      URL
39517OS-WINDOWS Microsoft Windows win32kfull.sys out of bounds read attempt (more info ...)attempted-admin  2016-3286      URL
39808OS-WINDOWS Microsoft Windows graphics subcomponent local privilege escalation attempt (more info ...)attempted-admin  2016-3310      URL
39809OS-WINDOWS Microsoft Windows graphics subcomponent local privilege escalation attempt (more info ...)attempted-admin  2016-3310      URL
39814OS-WINDOWS Microsoft Windows Win32kfull FloodFillWindow privilege escalation attempt (more info ...)attempted-admin  2016-3311      URL
39815OS-WINDOWS Microsoft Windows Win32kfull FloodFillWindow privilege escalation attempt (more info ...)attempted-admin  2016-3311      URL
39824OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (more info ...)attempted-user  2016-3303      URL
39825OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (more info ...)attempted-user  2016-3303      URL
39841OS-WINDOWS Microsoft Windows win32kbase bOutline out of bounds read attempt (more info ...)attempted-admin  2016-3309      URL
39842OS-WINDOWS Microsoft Windows win32kbase bOutline out of bounds read attempt (more info ...)attempted-admin  2016-3309      URL
39843OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (more info ...)attempted-user  2017-3121      URL
39844OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (more info ...)attempted-user  2017-3121      URL
39873FILE-OTHER Microsoft Windows PDF parsing invalid JPEG2000 SIZ marker attempt (more info ...)attempted-user  2016-3319      URL
40064OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (more info ...)attempted-dos  2013-1281      URL
40065OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (more info ...)attempted-dos  2013-1281      URL
40096OS-WINDOWS Microsoft Windows 7 Win32k ValidateZorder privilege escalation attempt (more info ...)attempted-admin  2016-3348      URL
40097OS-WINDOWS Microsoft Windows 7 Win32k ValidateZorder privilege escalation attempt (more info ...)attempted-admin  2016-3348      URL
40110OS-WINDOWS Microsoft Windows Server Ntoskrnl concurrent login attempt (more info ...)attempted-user  2016-3306      URL
40111OS-WINDOWS Microsoft Windows Server Ntoskrnl concurrent login attempt (more info ...)attempted-user  2016-3306      URL
40112OS-WINDOWS Microsoft Windows 10 GDI privilege escalation attempt (more info ...)attempted-admin  2016-3355      URL
40113OS-WINDOWS Microsoft Windows 10 GDI privilege escalation attempt (more info ...)attempted-admin  2016-3355      URL
40114OS-WINDOWS Microsoft Windows 10 privilege escalation attempt (more info ...)attempted-admin  2016-3373      URL
40115OS-WINDOWS Microsoft Windows 10 privilege escalation attempt (more info ...)attempted-admin  2016-3373      URL
40127OS-WINDOWS Microsoft Windows 10 and 8.1 registry key privilege escalation attempt (more info ...)attempted-user  2016-3371      URL
40128OS-WINDOWS Microsoft Windows 10 and 8.1 registry key privilege escalation attempt (more info ...)attempted-user  2016-3371      URL
40129OS-WINDOWS Microsoft Windows Server lsass.exe memory corruption attempt (more info ...)attempted-admin  2016-3368      URL
40374OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (more info ...)attempted-admin  2016-3387      URL
40375OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (more info ...)attempted-admin  2016-3387      URL
40380OS-WINDOWS Microsoft Windows win32kfull.sys FBitsTouch use after free attempt (more info ...)attempted-user  2016-7211      URL
40381OS-WINDOWS Microsoft Windows win32kfull.sys FBitsTouch use after free attempt (more info ...)attempted-user  2016-7211      URL
40392OS-WINDOWS Microsoft Windows Ntoskrnl privilege escalation attempt (more info ...)attempted-admin  2016-3376      URL
40393OS-WINDOWS Microsoft Windows Ntoskrnl privilege escalation attempt (more info ...)attempted-admin  2016-3376      URL
40394OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (more info ...)attempted-admin  2017-0103      URL
40395OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (more info ...)attempted-admin  2017-0103      URL
40396OS-WINDOWS Microsoft Windows Edge DACL privilege escalation attempt (more info ...)attempted-admin  2016-3388      URL
40397OS-WINDOWS Microsoft Windows Edge DACL privilege escalation attempt (more info ...)attempted-admin  2016-3388      URL
40398OS-WINDOWS Microsoft Windows Diagnostics Hub dll load from stream attempt (more info ...)attempted-admin  2016-7188      URL
40399OS-WINDOWS Microsoft Windows Diagnostics Hub dll load from stream attempt (more info ...)attempted-admin  2016-7188      URL
40400OS-WINDOWS Microsoft Windows 10 arbitrary registry key access privelege escalation attempt (more info ...)attempted-admin  2016-0075      URL
40401OS-WINDOWS Microsoft Windows 10 arbitrary registry key access privelege escalation attempt (more info ...)attempted-admin  2016-0075      URL
40402OS-WINDOWS Microsoft Windows user hive impersonation privelege escalation attempt (more info ...)attempted-admin  2016-0073      URL
40403OS-WINDOWS Microsoft Windows user hive impersonation privelege escalation attempt (more info ...)attempted-admin  2016-0073      URL
40408FILE-OTHER Microsoft Windows malformed TrueType file RCVT out of bounds read attempt (more info ...)attempted-user  2016-3209      URL
40409FILE-OTHER Microsoft Windows malformed TrueType file RCVT out of bounds read attempt (more info ...)attempted-user  2016-3209      URL
40410OS-WINDOWS Microsoft Windows win32k.sys ExtTextOut memory corruption attempt (more info ...)attempted-admin  2016-3270      URL
40411OS-WINDOWS Microsoft Windows win32k.sys ExtTextOut memory corruption attempt (more info ...)attempted-admin  2016-3270      URL
40412OS-WINDOWS Microsoft Windows registry hive privilege escalation attempt (more info ...)attempted-admin  2016-0079      URL
40413OS-WINDOWS Microsoft Windows registry hive privilege escalation attempt (more info ...)attempted-admin  2016-0079      URL
40418OS-WINDOWS Microsoft Windows DFS client driver privilege escalation attempt (more info ...)attempted-user  2016-7185      URL
40419OS-WINDOWS Microsoft Windows DFS client driver privilege escalation attempt (more info ...)attempted-user  2016-7185      URL
40425OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (more info ...)attempted-user  2016-3263      URL
40426OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (more info ...)attempted-user  2016-3263      URL
40427OS-WINDOWS Microsoft Windows Win32k.sys sbit_Embolden use after free attempt (more info ...)attempted-admin  2016-7182      URL
40428OS-WINDOWS Microsoft Windows Win32k.sys sbit_Embolden use after free attempt (more info ...)attempted-admin  2016-7182      URL
40555OS-WINDOWS Microsoft Windows AHCACHE.SYS remote denial of service attempt (more info ...)attempted-dos  2016-3369      URL
40556OS-WINDOWS Microsoft Windows AHCACHE.SYS remote denial of service attempt (more info ...)attempted-dos  2016-3369      URL
40645FILE-IMAGE Microsoft Windows asycfilt.dll malformed jpeg buffer overread attempt (more info ...)attempted-user  2016-7212      URL
40646FILE-IMAGE Microsoft Windows asycfilt.dll malformed jpeg buffer overread attempt (more info ...)attempted-user  2016-7212      URL
40657OS-WINDOWS Microsoft Windows clfs.sys local privilege escalation attempt (more info ...)attempted-admin  2016-3343      URL
40658OS-WINDOWS Microsoft Windows clfs.sys local privilege escalation attempt (more info ...)attempted-admin  2016-3343      URL
40663OS-WINDOWS Microsoft Windows NtGdiSetBitmapAttributes privilege escalation attempt (more info ...)attempted-admin  2016-7215      URL
40664OS-WINDOWS Microsoft Windows NtGdiSetBitmapAttributes privilege escalation attempt (more info ...)attempted-admin  2016-7215      URL
40665OS-WINDOWS Microsoft Windows keybd_event type confusion code execution attempt (more info ...)attempted-admin  2016-7255      URL
40666OS-WINDOWS Microsoft Windows keybd_event type confusion code execution attempt (more info ...)attempted-admin  2016-7255      URL
40671OS-WINDOWS Microsoft windows InProcServer32 privilege escalation attempt (more info ...)attempted-user  2016-7221      URL
40672OS-WINDOWS Microsoft windows InProcServer32 privilege escalation attempt (more info ...)attempted-user  2016-7221      URL
40677OS-WINDOWS Microsoft Windows Task Scheduler SystemLocal NTLM remote path authentication challenge attempt (more info ...)attempted-admin  2016-7222      URL
40678OS-WINDOWS Microsoft Windows Task Scheduler SystemLocal NTLM remote path authentication challenge attempt (more info ...)attempted-admin  2016-7222      URL
40685OS-WINDOWS Microsoft Windows win32kfull.sys MegSetLensContextInformation use after free attempt (more info ...)attempted-user  2016-7246      URL
40686OS-WINDOWS Microsoft Windows win32kfull.sys MegSetLensContextInformation use after free attempt (more info ...)attempted-user  2016-7246      URL
40687OS-WINDOWS Microsoft Windows win32k.sys GetDIBits out of bounds read attempt (more info ...)attempted-user  2016-7214      URL
40688OS-WINDOWS Microsoft Windows win32k.sys GetDIBits out of bounds read attempt (more info ...)attempted-user  2016-7214      URL
40689FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt (more info ...)attempted-user  2016-7184      URL
40690FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt (more info ...)attempted-user  2016-7184      URL
40691FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt (more info ...)attempted-user  2018-0846      URL
40692FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt (more info ...)attempted-user  2018-0846      URL
40693OS-WINDOWS Microsoft Windows VHDMP generic privilege escalation attempt (more info ...)attempted-user  2016-7226      URL
40694OS-WINDOWS Microsoft Windows VHDMP generic privilege escalation attempt (more info ...)attempted-user  2016-7226      URL
40705FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (more info ...)attempted-admin  2016-7210      URL
40706FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (more info ...)attempted-admin  2016-7210      URL
40729FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (more info ...)attempted-admin  2016-7256      URL
40730FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (more info ...)attempted-admin  2016-7256      URL
40759OS-WINDOWS Microsoft Windows LSASS GSS-API DER decoding null pointer dereference attempt (more info ...)attempted-dos  2017-0004      URL
40886OS-WINDOWS Microsoft Windows keybd_event type confusion code execution attempt (more info ...)attempted-admin  2016-7255      URL
40887OS-WINDOWS Microsoft Windows keybd_event type confusion code execution attempt (more info ...)attempted-admin  2016-7255      URL
40936FILE-EXECUTABLE Microsoft CLFS.sys information leak attempt (more info ...)attempted-recon  2016-7295      URL
40937FILE-EXECUTABLE Microsoft CLFS.sys information leak attempt (more info ...)attempted-recon  2016-7295      URL
40942FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (more info ...)attempted-user  2016-7274      URL
40943FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (more info ...)attempted-user  2016-7274      URL
40947OS-WINDOWS Microsoft Windows StripSolidHorizontal out of bounds memory access attempt (more info ...)attempted-admin  2016-7260      URL
40948OS-WINDOWS Microsoft Windows StripSolidHorizontal out of bounds memory access attempt (more info ...)attempted-admin  2016-7260      URL
40953OS-WINDOWS Microsoft Windows ksecdd.sys kernel information disclosure attempt (more info ...)attempted-user  2016-7219      URL
40954OS-WINDOWS Microsoft Windows ksecdd.sys kernel information disclosure attempt (more info ...)attempted-user  2016-7219      URL
40955OS-WINDOWS Microsoft Windows ksecdd.sys kernel information disclosure attempt (more info ...)attempted-user  2016-7219      URL
40956OS-WINDOWS Microsoft Windows ksecdd.sys kernel information disclosure attempt (more info ...)attempted-user  2016-7219      URL
40984OS-WINDOWS Microsoft Windows MSIEXEC privilege escalation attempt (more info ...)attempted-admin  2016-7292      URL
40985OS-WINDOWS Microsoft Windows MSIEXEC privilege escalation attempt (more info ...)attempted-admin  2016-7292      URL
41567OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0007      URL
41568OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0007      URL
41569OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0007      URL
41570OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0007      URL
41571OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0007      URL
41572OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0007      URL
41579OS-WINDOWS Microsoft Windows DirectComposition double free attempt (more info ...)attempted-admin  2017-0026      URL
41580OS-WINDOWS Microsoft Windows DirectComposition double free attempt (more info ...)attempted-admin  2017-0026      URL
41591OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (more info ...)attempted-admin  2017-0047      URL
41592OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (more info ...)attempted-admin  2017-0047      URL
41595OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (more info ...)attempted-recon  2017-0038      URL
41596OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (more info ...)attempted-recon  2017-0038      URL
41601FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (more info ...)attempted-user  2017-0023      URL
41602FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (more info ...)attempted-user  2017-0023      URL
41607OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (more info ...)attempted-user  2017-0050      URL
41608OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (more info ...)attempted-user  2017-0050      URL
41609OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (more info ...)attempted-user  2017-0050      URL
41610OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (more info ...)attempted-user  2017-0050      URL
41710INDICATOR-COMPROMISE Binary file download request from internationalized domain name using Microsoft BITS (more info ...)trojan-activity        
41926OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (more info ...)attempted-admin  2017-0056      URL
41927OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (more info ...)attempted-admin  2017-0056      URL
41928OS-WINDOWS Microsoft Win32k DDI use after free attempt (more info ...)attempted-admin  2017-0079      URL
41929OS-WINDOWS Microsoft Win32k DDI use after free attempt (more info ...)attempted-admin  2017-0079      URL
41930OS-WINDOWS Microsoft Win32k DDI use after free attempt (more info ...)attempted-admin  2017-0082      URL
41931OS-WINDOWS Microsoft Win32k DDI use after free attempt (more info ...)attempted-admin  2017-0082      URL
41932FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (more info ...)attempted-admin  2017-0108      URL
41933FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (more info ...)attempted-admin  2017-0108      URL
41934FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (more info ...)attempted-admin  2017-0086      URL
41935FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (more info ...)attempted-admin  2017-0086      URL
41940OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (more info ...)attempted-user  2017-0088      URL
41941OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (more info ...)attempted-user  2017-0088      URL
41960OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (more info ...)attempted-user  2017-0089      URL
41961OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (more info ...)attempted-user  2017-0089      URL
41966OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (more info ...)attempted-user  2017-0087      URL
41967OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (more info ...)attempted-user  2017-0087      URL
41972OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (more info ...)attempted-user  2017-0072      URL
41973OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (more info ...)attempted-user  2017-0072      URL
41974OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (more info ...)attempted-user  2017-0090      URL
41975OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (more info ...)attempted-user  2017-0090      URL
41978OS-WINDOWS Microsoft Windows SMB remote code execution attempt (more info ...)attempted-admin  2017-0146      URL
41984OS-WINDOWS Microsoft Windows SMBv1 identical MID and FID type confusion attempt (more info ...)attempted-admin  2017-0143      URL
41985OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (more info ...)attempted-user  2017-0121      URL
41986OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (more info ...)attempted-user  2017-0121      URL
41991FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (more info ...)attempted-admin  2017-0083      URL
41992FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (more info ...)attempted-admin  2017-0083      URL
41994OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (more info ...)attempted-user  2017-0073      URL
41995OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (more info ...)attempted-admin  2017-0080      URL
41996OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (more info ...)attempted-admin  2017-0080      URL
41998OS-WINDOWS Microsoft GDI+ privilege escalation attempt (more info ...)attempted-admin  2017-0188      URL
42148FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (more info ...)attempted-user  2017-0192      
42149FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (more info ...)attempted-user  2017-0192      
42150FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (more info ...)attempted-user  2017-0192      
42151FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (more info ...)attempted-user  2017-0192      
42154OS-WINDOWS Microsoft Windows win32k information disclosure attempt (more info ...)attempted-admin  2017-0167      
42155OS-WINDOWS Microsoft Windows win32k information disclosure attempt (more info ...)attempted-admin  2017-0167      
42158OS-WINDOWS Microsoft Win32k privilege escalation attempt (more info ...)attempted-admin  2017-0189      
42159OS-WINDOWS Microsoft Win32k privilege escalation attempt (more info ...)attempted-admin  2017-0189      
42173OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (more info ...)attempted-user  2017-0155      
42174OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (more info ...)attempted-user  2017-0155      
42185OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (more info ...)attempted-user  2017-0160      URL
42186OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (more info ...)attempted-user  2017-0160      URL
42187OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (more info ...)attempted-user  2017-0165      
42188OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (more info ...)attempted-user  2017-0165      
42199OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (more info ...)attempted-admin  2017-0156      
42200OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (more info ...)attempted-admin  2017-0156      
42208OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (more info ...)attempted-user  2017-0211      
42209OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (more info ...)attempted-user  2017-0211      
42255OS-WINDOWS Microsoft Windows empty RDP cookie negotiation attempt (more info ...)policy-violation  2017-9073      URL
42294OS-WINDOWS Microsoft Windows SMBv1 WriteAndX and TransSecondaryRequest TotalDataCount out of bounds write attempt (more info ...)attempted-admin  2017-0145      URL
42338OS-WINDOWS Microsoft Windows SMB large NT RENAME transaction request memory leak attempt (more info ...)attempted-recon        URL
42339OS-WINDOWS Microsoft Windows SMB possible leak of kernel heap memory (more info ...)attempted-recon  2017-0147      URL
42443OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (more info ...)attempted-user  2005-0944  12960    
42751OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (more info ...)attempted-admin  2017-0220      
42752OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (more info ...)attempted-admin  2017-0220      
42757OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (more info ...)attempted-admin  2017-0077      
42758OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (more info ...)attempted-admin  2017-0077      
42759OS-WINDOWS Microsoft Windows COM privilege escalation attempt (more info ...)attempted-admin  2017-0214      
42760OS-WINDOWS Microsoft Windows COM privilege escalation attempt (more info ...)attempted-admin  2017-0214      
42763OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (more info ...)attempted-recon  2017-0259      
42764OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (more info ...)attempted-recon  2017-0259      
42765OS-WINDOWS Microsoft win32k privilege escalation attempt (more info ...)attempted-admin  2017-0263      
42766OS-WINDOWS Microsoft win32k privilege escalation attempt (more info ...)attempted-admin  2017-0263      
42767OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (more info ...)attempted-admin        URL
42768OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (more info ...)attempted-admin        URL
42769OS-WINDOWS Microsoft Win32k kernel memory leak attempt (more info ...)attempted-user  2017-0245      
42770OS-WINDOWS Microsoft Win32k kernel memory leak attempt (more info ...)attempted-user  2017-0245      
42771OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (more info ...)attempted-admin  2017-0246      
42772OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (more info ...)attempted-admin  2017-0246      
42783OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (more info ...)attempted-admin  2017-0258      
42784OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (more info ...)attempted-admin  2017-0258      
42820OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (more info ...)attempted-admin  2017-0290      URL
42821OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (more info ...)attempted-admin  2017-0290      URL
42944OS-WINDOWS Microsoft Windows SMB remote code execution attempt (more info ...)attempted-admin  2017-0146      URL
43002PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (more info ...)misc-activity        URL
43003PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (more info ...)misc-activity        URL
43114FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (more info ...)attempted-admin  2016-7256      URL
43115FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (more info ...)attempted-admin  2016-7256      URL
43157OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0215      
43158OS-WINDOWS Microsoft Windows Device Guard code execution attempt (more info ...)attempted-user  2017-0215      
43173OS-WINDOWS Microsoft Windows 10 RS2 x64 linked cursor double free attempt (more info ...)attempted-user  2017-8468      
43174OS-WINDOWS Microsoft Windows 10 RS2 x64 linked cursor double free attempt (more info ...)attempted-user  2017-8468      
43175OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (more info ...)attempted-admin  2017-8543      
43176OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (more info ...)attempted-admin  2017-8543      
43188PROTOCOL-RPC Linux kernel NFSv2 malformed WRITE arbitrary memory read attempt (more info ...)attempted-user  2017-7895      
43189PROTOCOL-RPC Linux kernel NFSv3 malformed WRITE arbitrary memory read attempt (more info ...)attempted-user  2017-7895      
43380OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (more info ...)attempted-admin  2017-8558      
43381OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (more info ...)attempted-admin  2017-8558      
43473OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (more info ...)attempted-admin  2017-8578      
43474OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (more info ...)attempted-admin  2017-8578      
43490OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (more info ...)attempted-admin  2017-8577      
43491OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (more info ...)attempted-admin  2017-8577      
43851FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (more info ...)attempted-user  2017-8625      
43852FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (more info ...)attempted-user  2017-8625      
44335OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt (more info ...)attempted-admin  2017-8682      
44336OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt (more info ...)attempted-admin  2017-8682      
44514OS-WINDOWS Microsoft Windows Win32kfull.sys privilege escalation attempt (more info ...)attempted-admin  2017-8694      URL
44515OS-WINDOWS Microsoft Windows Win32kfull.sys privilege escalation attempt (more info ...)attempted-admin  2017-8694      URL
44516OS-WINDOWS Microsoft Windows CreateMenu use after free attempt (more info ...)attempted-admin  2017-8689      URL
44517OS-WINDOWS Microsoft Windows CreateMenu use after free attempt (more info ...)attempted-admin  2017-8689      URL
44528FILE-OTHER Microsoft Graphics remote code execution attempt (more info ...)attempted-admin  2017-11763      URL
44529FILE-OTHER Microsoft Graphics remote code execution attempt (more info ...)attempted-admin  2017-11763      URL
44637PROTOCOL-RPC Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt (more info ...)attempted-dos  2017-8797  99298    URL
44638PROTOCOL-RPC Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt (more info ...)attempted-dos  2017-8797  99298    URL
44833OS-WINDOWS Microsoft Windows win32k.sys use after free attempt (more info ...)attempted-user  2017-11847      URL
44834OS-WINDOWS Microsoft Windows win32k.sys use after free attempt (more info ...)attempted-user  2017-11847      URL
45130OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (more info ...)attempted-user  2017-11885      URL
45131OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (more info ...)attempted-user  2017-11885      URL
45515NETBIOS SMB SESSION_SETUP subcommand detected (more info ...)protocol-command-decode        URL
45554FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (more info ...)attempted-user  2010-0265      URL
45624OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (more info ...)attempted-user  2018-0825      URL
45625OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (more info ...)attempted-user  2018-0825      URL
45632OS-WINDOWS Microsoft Windows use after free win32kbase.sys privilege escalation attempt (more info ...)attempted-admin  2019-0814      URL
45633OS-WINDOWS Microsoft Windows use after free win32kbase.sys privilege escalation attempt (more info ...)attempted-admin  2018-0756      URL
45634OS-WINDOWS Microsoft Windows use after free win32kbase.sys privilege escalation attempt (more info ...)attempted-admin  2018-0756      URL
45635OS-WINDOWS Microsoft Windows use after free win32kbase.sys privilege escalation attempt (more info ...)attempted-admin  2019-0814      URL
45649OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt (more info ...)attempted-user  2018-0742      URL
45650OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt (more info ...)attempted-user  2018-0742      URL
45656OS-WINDOWS Microsoft Windows HIDPARSE.sys memory corruption attempt (more info ...)attempted-user  2018-0842      URL
45657OS-WINDOWS Microsoft Windows HIDPARSE.sys memory corruption attempt (more info ...)attempted-user  2018-0842      URL
45807OS-WINDOWS Microsoft Windows GetThreadContext kernel memory leak attempt (more info ...)attempted-recon  2018-0832      URL
45808OS-WINDOWS Microsoft Windows GetThreadContext kernel memory leak attempt (more info ...)attempted-recon  2018-0832      URL
45854OS-WINDOWS Microsoft Windows SMBv3 null pointer dereference attempt (more info ...)denial-of-service  2018-0833      URL
45873OS-WINDOWS Microsoft Windows SetProcessDeviceMap arbitrary file read attempt (more info ...)attempted-admin  2018-0877      URL
45874OS-WINDOWS Microsoft Windows SetProcessDeviceMap arbitrary file read attempt (more info ...)attempted-admin  2018-0877      URL
45881OS-WINDOWS Microsoft Windows 10 gdi32 library integer overflow attempt (more info ...)attempted-admin  2018-0817      URL
45882OS-WINDOWS Microsoft Windows 10 gdi32 library integer overflow attempt (more info ...)attempted-admin  2018-0817      URL
45900OS-WINDOWS Microsoft Windows Desktop Bridge privilege escalation attempt (more info ...)attempted-admin  2018-0882      URL
45901OS-WINDOWS Microsoft Windows Desktop Bridge privilege escalation attempt (more info ...)attempted-admin  2018-0882      URL
45902OS-WINDOWS Microsoft Windows Desktop Bridge privilege escalation attempt (more info ...)attempted-admin  2018-0880      URL
45903OS-WINDOWS Microsoft Windows Desktop Bridge privilege escalation attempt (more info ...)attempted-admin  2018-0880      URL
45977OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (more info ...)attempted-recon  2017-0147      URL
45978OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (more info ...)attempted-recon  2017-0147      URL
46055FILE-OTHER Microsoft wimgapi LoadIntegrityInfo heap buffer overflow attempt (more info ...)attempted-user  2018-8210      URL
46056FILE-OTHER Microsoft wimgapi LoadIntegrityInfo heap buffer overflow attempt (more info ...)attempted-user  2018-8210      URL
46058FILE-OTHER Microsoft wimgapi LoadIntegrityInfo heap buffer overflow attempt (more info ...)attempted-user  2018-8210      URL
46059FILE-OTHER Microsoft wimgapi LoadIntegrityInfo heap buffer overflow attempt (more info ...)attempted-user  2018-8210      URL
46076NETBIOS MikroTik RouterOS buffer overflow attempt (more info ...)attempted-user  2018-7445  103427    
46163FILE-OTHER Microsoft Windows Defender malformed RAR memory corruption attempt (more info ...)attempted-user  2018-0986      URL
46164FILE-OTHER Microsoft Windows Defender malformed RAR memory corruption attempt (more info ...)attempted-user  2018-0986      URL
46188FILE-OTHER Microsoft Windows malformed TTF integer overflow attempt (more info ...)attempted-admin  2018-1013      URL
46189FILE-OTHER Microsoft Windows malformed TTF integer overflow attempt (more info ...)attempted-admin  2018-1013      URL
46200OS-WINDOWS Microsoft Windows TrueType font heap overflow attempt (more info ...)attempted-user  2018-1010      URL
46201OS-WINDOWS Microsoft Windows TrueType font heap overflow attempt (more info ...)attempted-user  2018-1010      URL
46214OS-WINDOWS Microsoft Windows TrueType font heap overflow attempt (more info ...)attempted-user  2018-1015      URL
46215OS-WINDOWS Microsoft Windows TrueType font heap overflow attempt (more info ...)attempted-user  2018-1015      URL
46226FILE-PDF Microsoft Edge pdf parsing information disclosure attempt (more info ...)attempted-recon  2018-0998      URL
46227FILE-PDF Microsoft Edge pdf parsing information disclosure attempt (more info ...)attempted-recon  2018-0998      URL
46230OS-WINDOWS Microsoft Windows malformed TTF integer overflow attempt (more info ...)attempted-admin  2018-1012      URL
46231OS-WINDOWS Microsoft Windows malformed TTF integer overflow attempt (more info ...)attempted-admin  2018-1012      URL
46429OS-WINDOWS Total Meltdown side-channel information leak attempt (more info ...)attempted-admin  2018-1038      URL
46430OS-WINDOWS Total Meltdown side-channel information leak attempt (more info ...)attempted-admin  2018-1038      URL
46431OS-WINDOWS Total Meltdown side-channel information leak attempt (more info ...)attempted-admin  2018-1038      URL
46432OS-WINDOWS Total Meltdown side-channel information leak attempt (more info ...)attempted-admin  2018-1038      URL
46466OS-WINDOWS Windows NTFS NtfsFindExistingLcb denial of service attempt (more info ...)denial-of-service        
46467OS-WINDOWS Windows NTFS NtfsFindExistingLcb denial of service attempt (more info ...)denial-of-service        
46538OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt (more info ...)attempted-admin  2018-8124      URL
46539OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt (more info ...)attempted-admin  2018-8124      URL
46546OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (more info ...)attempted-admin  2018-8120      URL
46547OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (more info ...)attempted-admin  2018-8120      URL
46562OS-WINDOWS Microsoft Win32k privilege escalation attempt (more info ...)attempted-admin  2018-8164      URL
46563OS-WINDOWS Microsoft Win32k privilege escalation attempt (more info ...)attempted-admin  2018-8164      URL
46564OS-WINDOWS Microsoft Win32k privilege escalation attempt (more info ...)attempted-admin  2018-8166      URL
46565OS-WINDOWS Microsoft Win32k privilege escalation attempt (more info ...)attempted-admin  2018-8166      URL
46596OS-WINDOWS dxgkrnl.sys privilege escalation attempt (more info ...)attempted-admin  2018-8165      URL
46597OS-WINDOWS dxgkrnl.sys privilege escalation attempt (more info ...)attempted-admin  2018-8165      URL
46603OS-WINDOWS Microsoft Windows clfs.sys out of bounds local privilege escalation attempt (more info ...)attempted-admin  2018-8167      URL
46604OS-WINDOWS Microsoft Windows clfs.sys out of bounds local privilege escalation attempt (more info ...)attempted-admin  2018-8167      URL
46754OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (more info ...)attempted-admin  2018-8120      URL
46755OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (more info ...)attempted-admin  2018-8120      URL
46793OS-WINDOWS Malicious zip download attempt (more info ...)attempted-user        
46794OS-WINDOWS Malicious vbscript download attempt (more info ...)attempted-user        
46811FILE-OTHER Microsoft Windows Host Compute Service Shim remote code execution attempt (more info ...)attempted-user  2018-8115      URL
46830OS-WINDOWS Microsoft Windows kernel privilege escalation attempt (more info ...)attempted-admin  2018-8897      URL
46831OS-WINDOWS Microsoft Windows kernel privilege escalation attempt (more info ...)attempted-admin  2018-8897      URL
46832OS-WINDOWS Microsoft Windows ROP gadget locate attempt (more info ...)attempted-admin  2018-8897      
46833OS-WINDOWS Microsoft Windows ROP gadget locate attempt (more info ...)attempted-admin  2018-8897      
46834OS-WINDOWS Microsoft Windows kernel privilege escalation attempt (more info ...)attempted-admin  2018-8897      URL
46835OS-WINDOWS Microsoft Windows kernel privilege escalation attempt (more info ...)attempted-admin  2018-8897      URL
46938OS-WINDOWS Microsoft Win32k privilege escalation attempt (more info ...)attempted-admin  2018-8233      URL
46939OS-WINDOWS Microsoft Win32k privilege escalation attempt (more info ...)attempted-admin  2018-8233      URL
46943FILE-OTHER Microsoft Windows .lnk shortcut file executing system32 executable attempt (more info ...)attempted-user  2018-0978      URL
46955OS-WINDOWS Windows 10 access control privilege escalation attempt (more info ...)attempted-admin  2018-1036      URL
46956OS-WINDOWS Windows 10 access control privilege escalation attempt (more info ...)attempted-admin  2018-1036      URL
46961OS-WINDOWS Windows Desktop Bridge privilege escalation attempt (more info ...)attempted-admin  2018-8214      URL
46962OS-WINDOWS Windows Desktop Bridge privilege escalation attempt (more info ...)attempted-admin  2018-8214      URL
47096OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (more info ...)attempted-admin  2018-8282      URL
47097OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (more info ...)attempted-admin  2018-8282      URL
47219FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (more info ...)attempted-admin  2016-7256      URL
47220FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (more info ...)attempted-admin  2016-7256      URL
47477FILE-OTHER Microsoft LNK remote code execution attempt (more info ...)attempted-admin  2018-8345      URL
47503FILE-EXECUTABLE Microsoft Windows Win32k privilege escalation attempt (more info ...)attempted-user  2018-8404      URL
47504FILE-EXECUTABLE Microsoft Windows Win32k privilege escalation attempt (more info ...)attempted-user  2018-8404      URL
47512OS-WINDOWS Microsoft Windows D3D memory corruption attempt (more info ...)attempted-user  2018-8406      URL
47513OS-WINDOWS Microsoft Windows D3D memory corruption attempt (more info ...)attempted-user  2018-8406      URL
47515OS-WINDOWS Microsoft Windows D3D memory corruption attempt (more info ...)attempted-user  2018-8405      URL
47516OS-WINDOWS Microsoft Windows D3D memory corruption attempt (more info ...)attempted-user  2018-8405      URL
47517OS-WINDOWS Microsoft Windows D3D memory corruption attempt (more info ...)attempted-user  2018-8401      URL
47518OS-WINDOWS Microsoft Windows D3D memory corruption attempt (more info ...)attempted-user  2018-8401      URL
47519FILE-OTHER Microsoft Graphics remote code execution attempt (more info ...)attempted-user  2018-8344      URL
47520FILE-OTHER Microsoft Graphics remote code execution attempt (more info ...)attempted-user  2018-8344      URL
47702OS-WINDOWS Microsoft Windows ALPC task scheduler local privilege escalation attempt (more info ...)attempted-admin  2018-8440      URL
47703OS-WINDOWS Microsoft Windows ALPC task scheduler local privilege escalation attempt (more info ...)attempted-admin  2018-8440      URL
47717OS-WINDOWS Microsoft Windows kernel information disclosure attempt (more info ...)attempted-user  2018-8442      URL
47718OS-WINDOWS Microsoft Windows kernel information disclosure attempt (more info ...)attempted-user  2018-8442      URL
47740OS-WINDOWS Microsoft Windows Device Guard bypass attempt (more info ...)attempted-user  2018-8449      URL
47741OS-WINDOWS Microsoft Windows Device Guard bypass attempt (more info ...)attempted-user  2018-8449      URL
47745OS-WINDOWS Microsoft Windows predefined registry keys double free attempt (more info ...)attempted-user  2018-8410      URL
47764FILE-IMAGE Microsoft Windows malformed TIFF remote code execution attempt (more info ...)attempted-user  2018-8475      URL
47765FILE-IMAGE Microsoft Windows malformed TIFF remote code execution attempt (more info ...)attempted-user  2018-8475      URL
47850OS-WINDOWS Microsoft Windows SystemCollector privilege escalation attempt (more info ...)attempted-admin  2018-0952      URL
47851OS-WINDOWS Microsoft Windows SystemCollector privilege escalation attempt (more info ...)attempted-admin  2018-0952      URL
48047OS-WINDOWS Microsoft Windows dxgkrnl.sys kernel memory information leak attempt (more info ...)attempted-admin  2018-8486      URL
48048OS-WINDOWS Microsoft Windows dxgkrnl.sys kernel memory information leak attempt (more info ...)attempted-admin  2018-8486      URL
48056OS-WINDOWS Microsoft Windows Filter Manager Elevation Of Privilege attempt (more info ...)denial-of-service  2018-8333      URL
48057FILE-EXECUTABLE Microsoft Windows NTFS privilege escalation attempt (more info ...)attempted-user  2018-8411      URL
48058FILE-EXECUTABLE Microsoft Windows NTFS privilege escalation attempt (more info ...)attempted-user  2018-8411      URL
48059FILE-OTHER Microsoft Windows malformed .themepack Theme API remote code execution attempt (more info ...)attempted-user  2018-8413      URL
48060FILE-OTHER Microsoft Windows malformed .themepack Theme API remote code execution attempt (more info ...)attempted-user  2018-8413      URL
48062FILE-OTHER Microsoft Powershell XML instantiation constrained language mode bypass attempt (more info ...)attempted-user  2018-8492      URL
48063FILE-OTHER Microsoft Powershell XML instantiation constrained language mode bypass attempt (more info ...)attempted-user  2018-8492      URL
48072OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt (more info ...)attempted-user  2018-8453      URL
48073OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt (more info ...)attempted-user  2018-8453      URL
48122FILE-OTHER Microsoft .NET Resources file remote code execution attempt (more info ...)attempted-user  2018-8172      URL
48123FILE-OTHER Microsoft .NET Resources file remote code execution attempt (more info ...)attempted-user  2018-8172      URL
48128OS-WINDOWS Microsoft Windows privilege escalation attempt (more info ...)attempted-admin  2018-8468      URL
48129OS-WINDOWS Microsoft Windows privilege escalation attempt (more info ...)attempted-admin  2018-8468      URL
48237OS-WINDOWS Microsoft Data Sharing dssvc.dll arbitrary file deletion attempt (more info ...)attempted-admin  2018-8584      URL
48238OS-WINDOWS Microsoft Data Sharing dssvc.dll arbitrary file deletion attempt (more info ...)attempted-admin  2018-8584      URL
48241NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (more info ...)attempted-admin  2018-15442      URL
48362OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (more info ...)attempted-user  2018-8562      URL
48363OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (more info ...)attempted-user  2018-8562      URL
48364OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (more info ...)attempted-user  2018-8589      URL
48365OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (more info ...)attempted-user  2018-8589      URL
48366OS-WINDOWS Microsoft Windows dxgkrnl.sys elevation of privilege attempt (more info ...)attempted-admin  2018-8554      URL
48367OS-WINDOWS Microsoft Windows dxgkrnl.sys elevation of privilege attempt (more info ...)attempted-admin  2018-8554      URL
48374FILE-IMAGE Microsoft Graphics component WMF code execution attempt (more info ...)attempted-user  2018-8553      URL
48375FILE-IMAGE Microsoft Graphics component WMF code execution attempt (more info ...)attempted-user  2018-8553      URL
48393OS-WINDOWS Microsoft Windows Win32k information disclosure attempt (more info ...)attempted-recon  2018-8565      URL
48394OS-WINDOWS Microsoft Windows Win32k information disclosure attempt (more info ...)attempted-recon  2018-8565      URL
48398OS-WINDOWS Microsoft Windows potential Device Guard evasion via Jscript9 scripting engine attempt (more info ...)attempted-user  2018-8417      URL
48399OS-WINDOWS Microsoft Windows potential Device Guard evasion via Jscript9 scripting engine attempt (more info ...)attempted-user  2018-8417      URL
48409OS-WINDOWS Microsoft Windows kernel ioctlsocket information disclosure attempt (more info ...)attempted-admin  2018-8408      URL
48410OS-WINDOWS Microsoft Windows kernel ioctlsocket information disclosure attempt (more info ...)attempted-admin  2018-8408      URL
48606OS-WINDOWS Microsoft Windows win32k NtGdiCreateDIBitmapInternal memory corruption attempt (more info ...)attempted-user  2018-8639      URL
48607OS-WINDOWS Microsoft Windows win32k NtGdiCreateDIBitmapInternal memory corruption attempt (more info ...)attempted-user  2018-8639      URL
48612FILE-EXECUTABLE Microsoft Windows kernel use-after-free attempt (more info ...)attempted-user  2018-8611      URL
48613FILE-EXECUTABLE Microsoft Windows kernel use-after-free attempt (more info ...)attempted-user  2018-8611      URL
48768FILE-EXECUTABLE Microsoft Windows data sharing service privilege escalation attempt (more info ...)attempted-admin  2019-0574      URL
48769FILE-EXECUTABLE Microsoft Windows data sharing service privilege escalation attempt (more info ...)attempted-admin  2019-0574      URL
48776OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (more info ...)attempted-admin  2019-0572      URL
48777OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (more info ...)attempted-admin  2019-0572      URL
48787OS-WINDOWS Microsoft Windows COM Desktop Broker sandbox escape attempt (more info ...)attempted-user  2019-0552      URL
48788OS-WINDOWS Microsoft Windows COM Desktop Broker sandbox escape attempt (more info ...)attempted-user  2019-0552      URL
48789OS-WINDOWS Microsoft Windows kernel out of bounds read attempt (more info ...)attempted-admin  2019-0569      URL
48790OS-WINDOWS Microsoft Windows kernel out of bounds read attempt (more info ...)attempted-admin  2019-0569      URL
48793OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (more info ...)attempted-user  2019-0573      URL
48794OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (more info ...)attempted-user  2019-0573      URL
48795OS-WINDOWS Microsoft XmlDocument privilege escalation attempt (more info ...)attempted-user  2019-0555      URL
48796OS-WINDOWS Microsoft XmlDocument privilege escalation attempt (more info ...)attempted-user  2019-0555      URL
48797OS-WINDOWS Microsoft XmlDocument privilege escalation attempt (more info ...)attempted-user  2019-0555      URL
48798OS-WINDOWS Microsoft XmlDocument privilege escalation attempt (more info ...)attempted-user  2019-0555      URL
48799OS-WINDOWS Microsoft Windows arbitrary file read attempt (more info ...)attempted-admin  2019-0636      URL
48800OS-WINDOWS Microsoft Windows arbitrary file read attempt (more info ...)attempted-admin  2019-0636      URL
48807OS-WINDOWS Microsoft Windows 10 AcquireCredentialsHandle privilege escalation attempt (more info ...)attempted-admin  2019-0543      URL
48808OS-WINDOWS Microsoft Windows 10 AcquireCredentialsHandle privilege escalation attempt (more info ...)attempted-admin  2019-0543      URL
48809OS-WINDOWS Microsoft Edge session boundary violation attempt (more info ...)attempted-user  2019-0566      URL
48810OS-WINDOWS Microsoft Edge session boundary violation attempt (more info ...)attempted-user  2019-0566      URL
48963OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (more info ...)attempted-user        
48964OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (more info ...)attempted-user        
49038FILE-OTHER Microsoft Windows Contact file email address remote code execution attempt (more info ...)attempted-user        URL
49039FILE-OTHER Microsoft Windows Contact file email address remote code execution attempt (more info ...)attempted-user        URL
49041OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (more info ...)attempted-user        URL
49073FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (more info ...)attempted-user        
49074FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (more info ...)attempted-user        
49075FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (more info ...)attempted-user        
49076FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (more info ...)attempted-user        
49077FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (more info ...)attempted-user        
49078FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (more info ...)attempted-user        
49079FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (more info ...)attempted-user        
49080FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (more info ...)attempted-user        
49146OS-WINDOWS Microsoft Windows SMB named pipe buffer overflow attempt (more info ...)attempted-admin  2019-0630      URL
49159OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (more info ...)attempted-admin  2019-0656      URL
49160OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (more info ...)attempted-admin  2019-0656      URL
49161OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (more info ...)attempted-admin  2019-0661      URL
49162OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (more info ...)attempted-admin  2019-0661      URL
49171OS-WINDOWS NTLM authentication relay attempt (more info ...)attempted-user  2018-8581      URL
49172OS-WINDOWS Microsoft Windows kernel information disclosure attempt (more info ...)attempted-admin  2019-0767      URL
49173OS-WINDOWS Microsoft Windows kernel information disclosure attempt (more info ...)attempted-admin  2019-0767      URL
49174OS-WINDOWS Microsoft Windows SMB remote code execution attempt (more info ...)attempted-user  2019-0633      URL
49175OS-WINDOWS Microsoft Windows SMB remote code execution attempt (more info ...)attempted-user  2019-0633      URL
49176OS-WINDOWS Microsoft Windows SMB remote code execution attempt (more info ...)attempted-user  2019-0633      URL
49177OS-WINDOWS Microsoft Windows SMB remote code execution attempt (more info ...)attempted-user  2019-0633      URL
49180OS-WINDOWS Microsoft Windows Win32k SendMessageTimeout kernel information leak attempt (more info ...)attempted-admin  2019-0628      URL
49181OS-WINDOWS Microsoft Windows Win32k SendMessageTimeout kernel information leak attempt (more info ...)attempted-admin  2019-0628      URL
49199FILE-OTHER Microsoft Windows Contact file arbitrary code execution attempt (more info ...)attempted-user        URL
49200FILE-OTHER Microsoft Windows VCF arbitrary code execution attempt (more info ...)attempted-user        URL
49293NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (more info ...)attempted-admin  2019-1674      URL
49333OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (more info ...)attempted-user  2019-0626      URL
49390OS-WINDOWS Microsoft Windows kernel information disclosure attempt (more info ...)attempted-admin  2019-0775      URL
49391OS-WINDOWS Microsoft Windows kernel information disclosure attempt (more info ...)attempted-admin  2019-0775      URL
49392OS-WINDOWS Microsoft Windows mailslot kernel information leak attempt (more info ...)attempted-admin  2019-0755      URL
49393OS-WINDOWS Microsoft Windows mailslot kernel information leak attempt (more info ...)attempted-admin  2019-0755      URL
49400OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (more info ...)attempted-admin  2019-0797      URL
49401OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (more info ...)attempted-admin  2019-0797      URL
49402OS-WINDOWS Microsoft Windows NT kernel null pointer dereference attempt (more info ...)attempted-admin  2019-0808      URL
49403OS-WINDOWS Microsoft Windows NT kernel null pointer dereference attempt (more info ...)attempted-admin  2019-0808      URL
49628OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (more info ...)attempted-admin  2019-5242      
49629OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (more info ...)attempted-admin  2019-5242      
49630OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (more info ...)attempted-admin  2019-5242      
49631OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (more info ...)attempted-admin  2019-5242      
49688FILE-EXECUTABLE Microsoft Windows kernel user after free attempt (more info ...)attempted-admin  2019-0685      URL
49689FILE-EXECUTABLE Microsoft Windows kernel user after free attempt (more info ...)attempted-admin  2019-0685      URL
49692OS-WINDOWS Microsoft Windows LUAFV driver privilege escalation attempt (more info ...)attempted-admin  2019-0730      URL
49693OS-WINDOWS Microsoft Windows LUAFV driver privilege escalation attempt (more info ...)attempted-admin  2019-0730      URL
49694OS-WINDOWS Windows CSRSS privilege escalation attempt (more info ...)attempted-admin  2019-0735      URL
49695OS-WINDOWS Windows CSRSS privilege escalation attempt (more info ...)attempted-admin  2019-0735      URL
49696OS-WINDOWS Microsoft Windows LUAFV privilege escalation attempt (more info ...)attempted-admin  2019-0731      URL
49697OS-WINDOWS Microsoft Windows LUAFV privilege escalation attempt (more info ...)attempted-admin  2019-0731      URL
49704OS-WINDOWS Microsoft Windows NtSetCachedSigningLevel Device Guard bypass attempt (more info ...)policy-violation  2019-0732      URL
49705OS-WINDOWS Microsoft Windows NtSetCachedSigningLevel Device Guard bypass attempt (more info ...)policy-violation  2019-0732      URL
49712OS-WINDOWS Microsoft Windows GDI component use after free attempt (more info ...)attempted-admin  2019-0803      URL
49713OS-WINDOWS Microsoft Windows GDI component use after free attempt (more info ...)attempted-admin  2019-0803      URL
49718OS-WINDOWS Microsoft windows LUAFV privilege escalation attempt (more info ...)attempted-admin  2019-0796      URL
49719OS-WINDOWS Microsoft windows LUAFV privilege escalation attempt (more info ...)attempted-admin  2019-0796      URL
49720OS-WINDOWS Microsoft Windows LuafvPostReadWrite privilege escalation attempt (more info ...)attempted-admin  2019-0836      URL
49721OS-WINDOWS Microsoft Windows LuafvPostReadWrite privilege escalation attempt (more info ...)attempted-admin  2019-0836      URL
49746OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (more info ...)attempted-admin  2019-0859      URL
49747OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (more info ...)attempted-admin  2019-0859      URL
49748OS-WINDOWS Microsoft Windows LUAFV privilege escalation attempt (more info ...)attempted-admin  2019-0805      URL
49749OS-WINDOWS Microsoft Windows LUAFV privilege escalation attempt (more info ...)attempted-admin  2019-0805      URL
49750OS-WINDOWS Microsoft Windows kernel information disclosure attempt (more info ...)attempted-recon  2019-0840      URL
49751OS-WINDOWS Microsoft Windows kernel information disclosure attempt (more info ...)attempted-recon  2019-0840      URL
49754OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (more info ...)attempted-admin  2019-0844      URL
49755OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (more info ...)attempted-admin  2019-0844      URL
49762OS-WINDOWS Microsoft Windows AppXSVC privilege escalation attempt (more info ...)attempted-admin  2019-0841      URL
49763OS-WINDOWS Microsoft Windows AppXSVC privilege escalation attempt (more info ...)attempted-admin  2019-0841      URL
49764OS-WINDOWS Microsoft Windows AppXSVC privilege escalation attempt (more info ...)attempted-admin  2019-0841      URL
49765OS-WINDOWS Microsoft Windows AppXSVC privilege escalation attempt (more info ...)attempted-admin  2019-0841      URL
49964OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (more info ...)attempted-user  2019-0726      URL
50068OS-WINDOWS Microsoft Windows arbitrary registry access privilege escalation attempt (more info ...)attempted-admin  2019-0931      URL
50069OS-WINDOWS Microsoft Windows arbitrary registry access privilege escalation attempt (more info ...)attempted-admin  2019-0931      URL
50084OS-WINDOWS Windows Kernel Registry Virtualization privilege escalation attempt (more info ...)attempted-admin  2019-0881      URL
50085OS-WINDOWS Windows Kernel Registry Virtualization privilege escalation attempt (more info ...)attempted-admin  2019-0881      URL
50088FILE-IMAGE Microsoft Windows OLE Load Picture remote code execution attempt (more info ...)attempted-user  2019-0885      URL
50089FILE-IMAGE Microsoft Windows OLE Load Picture remote code execution attempt (more info ...)attempted-user  2019-0885      URL
50090OS-WINDOWS Microsoft Windows NDIS elevation of privilege attempt (more info ...)attempted-admin  2019-0707      URL
50091OS-WINDOWS Microsoft Windows NDIS elevation of privilege attempt (more info ...)attempted-admin  2019-0707      URL
50115OS-WINDOWS Microsoft Windows Error Reporting elevation of privilege attempt (more info ...)attempted-admin  2019-0863      URL
50116OS-WINDOWS Microsoft Windows Error Reporting elevation of privilege attempt (more info ...)attempted-admin  2019-0863      URL
50121OS-WINDOWS Microsoft Windows TrueType font parsing integer underflow attempt (more info ...)attempted-admin  2019-0903      URL
50122OS-WINDOWS Microsoft Windows TrueType font parsing integer underflow attempt (more info ...)attempted-admin  2019-0903      URL
50137OS-WINDOWS Microsoft Windows RDP MS_T120 channel bind attempt (more info ...)attempted-admin  2019-0708      URL
50162OS-WINDOWS Microsoft Windows Task Scheduler _SchRpcRegisterTask privilege escalation attempt (more info ...)attempted-admin  2019-1069      URL
50163OS-WINDOWS Microsoft Windows Task Scheduler _SchRpcRegisterTask privilege escalation attempt (more info ...)attempted-admin  2019-1069      URL
50174OS-WINDOWS Microsoft Windows GDI component use after free attempt (more info ...)attempted-admin  2019-0803      URL
50175OS-WINDOWS Microsoft Windows GDI component use after free attempt (more info ...)attempted-admin  2019-0803      URL
50198OS-WINDOWS Windows DACL privilege escalation attempt (more info ...)attempted-user  2019-1129      URL
50199OS-WINDOWS Windows DACL privilege escalation attempt (more info ...)attempted-user  2019-1129      URL
50207OS-WINDOWS Windows Installer bypass privilege escalation attempt (more info ...)attempted-admin        URL
50208OS-WINDOWS Windows Installer bypass privilege escalation attempt (more info ...)attempted-admin        URL
50363OS-WINDOWS Microsoft Windows win32k NtGdiExtFloodFill memory corruption attempt (more info ...)attempted-admin  2019-1017      URL
50364OS-WINDOWS Microsoft Windows win32k NtGdiExtFloodFill memory corruption attempt (more info ...)attempted-admin  2019-1017      URL
50365OS-WINDOWS Microsoft Windows DComposition privilege escalation attempt (more info ...)attempted-admin  2019-1041      URL
50366OS-WINDOWS Microsoft Windows DComposition privilege escalation attempt (more info ...)attempted-admin  2019-1041      URL
50369OS-WINDOWS Microsoft Windows user profile service elevation of privilege attempt (more info ...)attempted-user  2019-0986      URL
50370OS-WINDOWS Microsoft Windows user profile service elevation of privilege attempt (more info ...)attempted-user  2019-0986      URL
50371OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (more info ...)attempted-admin  2019-0959      URL
50372OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (more info ...)attempted-admin  2019-0959      URL
50375OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt (more info ...)attempted-admin  2019-1065      URL
50376OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt (more info ...)attempted-admin  2019-1065      URL
50393FILE-PDF Microsoft Speech API remote code execution attempt (more info ...)attempted-user  2019-0985      URL
50394FILE-PDF Microsoft Speech API remote code execution attempt (more info ...)attempted-user  2019-0985      URL
50411OS-WINDOWS Windows Common Log File System Driver privilege escalation attempt (more info ...)attempted-admin  2019-0984      URL
50412OS-WINDOWS Windows Common Log File System Driver privilege escalation attempt (more info ...)attempted-admin  2019-0984      URL
50413OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (more info ...)attempted-admin  2019-0943      URL
50414OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (more info ...)attempted-admin  2019-0943      URL
50450OS-WINDOWS Microsoft Windows SymCrypt modular inverse algorithm denial of service attempt (more info ...)denial-of-service        URL
50619OS-WINDOWS Executable DICOM 10 file download attempt (more info ...)attempted-user  2019-11687      URL
50620OS-WINDOWS Executable DICOM 10 file download attempt (more info ...)attempted-user  2019-11687      URL
50625OS-WINDOWS Microsoft Windows SMB Transaction heap groom attempt (more info ...)attempted-admin        
50626OS-WINDOWS Microsoft Windows raw WriteAndX InData pointer adjustment attempt (more info ...)attempted-admin        
50627OS-WINDOWS Microsoft SMB Trans secondary out of bounds write attempt (more info ...)attempted-admin        
50664OS-WINDOWS Microsoft Windows COM object privilege escalation attempt (more info ...)attempted-admin  2019-1074      URL
50665OS-WINDOWS Microsoft Windows COM object privilege escalation attempt (more info ...)attempted-admin  2019-1074      URL
50670OS-WINDOWS Microsoft Windows Win32k null pointer dereference attempt (more info ...)attempted-admin  2019-1132      URL
50671OS-WINDOWS Microsoft Windows Win32k null pointer dereference attempt (more info ...)attempted-admin  2019-1132      URL
50672OS-WINDOWS Microsoft Windows splwow64 privilege escalation attempt (more info ...)attempted-admin  2019-0880      URL
50673OS-WINDOWS Microsoft Windows splwow64 privilege escalation attempt (more info ...)attempted-admin  2019-0880      URL
50674OS-WINDOWS Microsoft Windows RPCSS privilege escalation attempt (more info ...)attempted-user  2019-1089      URL
50675OS-WINDOWS Microsoft Windows RPCSS privilege escalation attempt (more info ...)attempted-user  2019-1089      URL
50676OS-WINDOWS Windows Remote Desktop Protocol Client information disclosure attempt (more info ...)attempted-user  2019-1108      URL
50677OS-WINDOWS Windows Remote Desktop Protocol Client information disclosure attempt (more info ...)attempted-user  2019-1108      URL
50678OS-WINDOWS Microsoft Windows win32k use after free attempt (more info ...)attempted-admin  2019-1071      URL
50679OS-WINDOWS Microsoft Windows win32k use after free attempt (more info ...)attempted-user  2019-1071      URL
50682OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt (more info ...)attempted-user  2019-1073      URL
50683OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt (more info ...)attempted-admin  2019-1073      URL
50777OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (more info ...)attempted-admin  2019-1014      URL
50778OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (more info ...)attempted-admin  2019-1014      URL
50936OS-WINDOWS Microsoft Windows shell privilege escalation attempt (more info ...)attempted-admin  2019-1170      URL
50937OS-WINDOWS Microsoft Windows shell privilege escalation attempt (more info ...)attempted-admin  2019-1170      URL
50942OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (more info ...)attempted-admin  2019-1164      URL
50943OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (more info ...)attempted-admin  2019-1164      URL
50963OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (more info ...)attempted-admin  2019-1159      URL
50964OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (more info ...)attempted-admin  2019-1159      URL
50966OS-WINDOWS Microsoft Windows CoreShellCOMServerRegistrar privilege escalation attempt (more info ...)attempted-user  2019-1184      URL
50967OS-WINDOWS Microsoft Windows CoreShellCOMServerRegistrar privilege escalation attempt (more info ...)attempted-user  2019-1184      URL
50969OS-WINDOWS Microsoft win32k driver buffer over read attempt (more info ...)attempted-user  2019-1078      URL
50970OS-WINDOWS Microsoft win32k driver buffer over read attempt (more info ...)attempted-user  2019-1078      URL
50971OS-WINDOWS Microsoft win32k driver buffer over read attempt (more info ...)attempted-user  2019-1078      URL
50972OS-WINDOWS Microsoft win32k driver buffer over read attempt (more info ...)attempted-user  2019-1078      URL
50973OS-WINDOWS Microsoft win32k driver buffer over read attempt (more info ...)attempted-user  2019-1078      URL
50974OS-WINDOWS Microsoft win32k driver buffer over read attempt (more info ...)attempted-user  2019-1078      URL
51015OS-WINDOWS Microsoft Windows PsmSrvDisconnect privilege escalation attempt (more info ...)attempted-admin  2019-1175      URL
51016OS-WINDOWS Microsoft Windows PsmSrvDisconnect privilege escalation attempt (more info ...)attempted-admin  2019-1175      URL
51369OS-WINDOWS Microsoft Windows RDP DecompressUnchopper integer overflow attempt (more info ...)attempted-admin  2019-1182      URL
51436OS-WINDOWS Microsoft Windows common log file system driver escalation of privilege attempt (more info ...)attempted-admin  2019-1214      URL
51437OS-WINDOWS Microsoft Windows common log file system driver escalation of privilege attempt (more info ...)attempted-admin  2019-1214      URL
51445OS-WINDOWS Microsoft Windows privilege escalation attempt (more info ...)attempted-admin  2019-1215      URL
51446OS-WINDOWS Microsoft Windows privilege escalation attempt (more info ...)attempted-admin  2019-1215      URL
51449OS-WINDOWS Microsoft Windows DirectX kernel memory information leak attempt (more info ...)attempted-admin  2019-1216      URL
51450OS-WINDOWS Microsoft Windows DirectX kernel memory information leak attempt (more info ...)attempted-admin  2019-1216      URL
51451OS-WINDOWS Microsoft Windows Common Log File information disclosure attempt (more info ...)attempted-recon  2019-1219      URL
51452OS-WINDOWS Microsoft Windows Common Log File information disclosure attempt (more info ...)attempted-recon  2019-1219      URL
51454OS-WINDOWS Microsoft Windows win32k kernel information leak attempt (more info ...)attempted-admin  2019-1285      URL
51455OS-WINDOWS Microsoft Windows win32k kernel information leak attempt (more info ...)attempted-admin  2019-1285      URL
51456OS-WINDOWS Microsoft Windows gdi32 graphics adapter handling null pointer dereference attempt (more info ...)attempted-admin  2019-1284      URL
51457OS-WINDOWS Microsoft Windows gdi32 graphics adapter handling null pointer dereference attempt (more info ...)attempted-admin  2019-1284      URL
51463OS-WINDOWS Microsoft Windows elevation of privilege attempt (more info ...)attempted-admin  2019-1256      URL
51464OS-WINDOWS Microsoft Windows elevation of privilege attempt (more info ...)attempted-admin  2019-1256      URL
51474FILE-OTHER Microsoft SharePoint deserialization attempt (more info ...)attempted-admin  2019-1257      URL
51475FILE-OTHER Microsoft SharePoint deserialization attempt (more info ...)attempted-admin  2019-1257      URL
51479FILE-OTHER Microsoft SharePoint remote code execution attempt (more info ...)attempted-admin  2019-1296      URL
51480FILE-OTHER Microsoft SharePoint remote code execution attempt (more info ...)attempted-admin  2019-1296      URL
51481OS-WINDOWS Microsoft Windows RDP client buffer overflow attempt (more info ...)attempted-user  2019-0787      URL
51482FILE-EXECUTABLE Windows Microsoft Remote Desktop Services remote code execution attempt (more info ...)attempted-user  2019-0788      URL
51483FILE-EXECUTABLE Windows Microsoft Remote Desktop Services remote code execution attempt (more info ...)attempted-user  2019-0788      URL
51649OS-WINDOWS Microsoft Windows Remote Desktop Services license negotiation denial of service attempt (more info ...)attempted-dos  2019-1453      URL
51733OS-WINDOWS Microsoft Windows Win32k font file privilege escalation attempt (more info ...)attempted-admin  2019-1364      URL
51734OS-WINDOWS Microsoft Windows Win32k font file privilege escalation attempt (more info ...)attempted-admin  2019-1364      URL
51739OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (more info ...)attempted-admin  2019-1362      URL
51740OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (more info ...)attempted-admin  2019-1362      URL
51777FILE-OTHER Microsoft Windows dismHost.exe dll-load exploit attempt (more info ...)attempted-admin  2019-1082      URL
51781OS-WINDOWS Microsoft Windows registry key deletion privilege escalation attempt (more info ...)attempted-admin  2019-1341      URL
51782OS-WINDOWS Microsoft Windows registry key deletion privilege escalation attempt (more info ...)attempted-admin  2019-1341      URL
51827OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (more info ...)attempted-admin  2019-1347      URL
51828OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (more info ...)attempted-admin  2019-1347      URL
51829OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (more info ...)attempted-admin  2019-1347      URL
51830OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (more info ...)attempted-admin  2019-1347      URL
51843OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51844OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51845OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51846OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51847OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51848OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51849OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51850OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51851OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51852OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51853OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51854OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51855OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51856OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (more info ...)attempted-admin  2019-1343      URL
51872OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (more info ...)attempted-admin  2019-1345      URL
51873OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (more info ...)attempted-admin  2019-1345      URL
51874OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (more info ...)attempted-admin  2019-1345      URL
51875OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (more info ...)attempted-admin  2019-1345      URL
51876OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (more info ...)attempted-admin  2019-1345      URL
51877OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (more info ...)attempted-admin  2019-1345      URL
51878OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (more info ...)attempted-admin  2019-1345      URL
51879OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (more info ...)attempted-admin  2019-1345      URL
51882OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (more info ...)attempted-admin  2019-1344      URL
51883OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (more info ...)attempted-admin  2019-1344      URL
51884OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (more info ...)attempted-admin  2019-1344      URL
51885OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (more info ...)attempted-admin  2019-1344      URL
51886OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (more info ...)attempted-admin  2019-1344      URL
51887OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (more info ...)attempted-admin  2019-1344      URL
51888OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (more info ...)attempted-admin  2019-1344      URL
51889OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (more info ...)attempted-admin  2019-1344      URL
52205OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (more info ...)attempted-admin  2019-1393      URL
52206OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (more info ...)attempted-admin  2019-1393      URL
52207OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (more info ...)attempted-admin  2019-1393      URL
52208OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (more info ...)attempted-admin  2019-1393      URL
52209OS-WINDOWS Microsoft Windows vMatchAPal privilege escalation attempt (more info ...)attempted-admin  2019-1394      URL
52210OS-WINDOWS Microsoft Windows vMatchAPal privilege escalation attempt (more info ...)attempted-admin  2019-1394      URL
52211OS-WINDOWS Microsoft Windows vMatchAPal privilege escalation attempt (more info ...)attempted-admin  2019-1394      URL
52212OS-WINDOWS Microsoft Windows vMatchAPal privilege escalation attempt (more info ...)attempted-admin  2019-1394      URL
52213OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (more info ...)attempted-admin  2020-1207      URL
52214OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (more info ...)attempted-admin  2020-1207      URL
52215OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (more info ...)attempted-admin  2019-1396      URL
52216OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (more info ...)attempted-admin  2019-1396      URL
52217OS-WINDOWS Microsoft Windows privilege escalation attempt (more info ...)attempted-admin  2019-1395      URL
52218OS-WINDOWS Microsoft Windows privilege escalation attempt (more info ...)attempted-admin  2019-1395      URL
52219OS-WINDOWS Microsoft Windows privilege escalation attempt (more info ...)attempted-admin  2019-1395      URL
52220OS-WINDOWS Microsoft Windows privilege escalation attempt (more info ...)attempted-admin  2019-1395      URL
52221OS-WINDOWS Microsoft Windows NtGdiPlgBlt out-of-bounds write attempt (more info ...)attempted-admin  2019-1438      URL
52222OS-WINDOWS Microsoft Windows NtGdiPlgBlt out-of-bounds write attempt (more info ...)attempted-admin  2019-1438      URL
52223OS-WINDOWS Microsoft Windows CRedirectVisualMarshaler privilege escalation attempt (more info ...)attempted-admin  2019-1437      URL
52224OS-WINDOWS Microsoft Windows CRedirectVisualMarshaler privilege escalation attempt (more info ...)attempted-admin  2019-1437      URL
52225OS-WINDOWS Microsoft Windows Win32k printer driver pallet privilege escalation attempt (more info ...)attempted-admin  2019-1408      URL
52226OS-WINDOWS Microsoft Windows Win32k printer driver pallet privilege escalation attempt (more info ...)attempted-admin  2019-1408      URL
52227OS-WINDOWS Microsoft Windows Win32k printer driver pallet privilege escalation attempt (more info ...)attempted-admin  2019-1408      URL
52228OS-WINDOWS Microsoft Windows Win32k printer driver pallet privilege escalation attempt (more info ...)attempted-admin  2019-1408      URL
52229OS-WINDOWS Microsoft Windows GDI glyph bitmap elevation of privilege attempt (more info ...)attempted-admin  2019-1435      URL
52230OS-WINDOWS Microsoft Windows GDI glyph bitmap elevation of privilege attempt (more info ...)attempted-admin  2019-1435      URL
52231OS-WINDOWS Microsoft Windows GDI glyph bitmap elevation of privilege attempt (more info ...)attempted-admin  2019-1435      URL
52232OS-WINDOWS Microsoft Windows GDI glyph bitmap elevation of privilege attempt (more info ...)attempted-admin  2019-1435      URL
52233OS-WINDOWS Microsoft Windows Win32k kernel information disclosure attempt (more info ...)attempted-user  2019-1436      URL
52234OS-WINDOWS Microsoft Windows Win32k kernel information disclosure attempt (more info ...)attempted-user  2019-1436      URL
52419OS-WINDOWS Microsoft Windows win32k information disclosure attempt (more info ...)attempted-admin  2019-1469      URL
52420OS-WINDOWS Microsoft Windows win32k information disclosure attempt (more info ...)attempted-admin  2019-1469      URL
52432OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (more info ...)attempted-admin        URL
52433OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (more info ...)attempted-admin        URL
52593OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (more info ...)misc-attack  2020-0601      URL
52594OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (more info ...)misc-attack  2020-0601      URL
52595OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (more info ...)misc-attack  2020-0601      URL
52596OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (more info ...)misc-attack  2020-0601      URL
52604OS-WINDOWS Microsoft Windows clfs.sys local privilege escalation attempt (more info ...)attempted-admin  2020-0634      URL
52605OS-WINDOWS Microsoft Windows clfs.sys local privilege escalation attempt (more info ...)attempted-admin  2020-0634      URL
52617OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (more info ...)misc-attack  2020-0601      URL
52618OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (more info ...)misc-attack  2020-0601      URL
52619OS-WINDOWS Microsoft Windows CryptoAPI TLS handshake with spoofed certificate attempt (more info ...)misc-attack  2020-0601      URL
53047OS-WINDOWS Microsoft Win32k SendMinRectMessages use after free attempt (more info ...)attempted-admin  2020-0726      URL
53048OS-WINDOWS Microsoft Win32k SendMinRectMessages use after free attempt (more info ...)attempted-admin  2020-0726      URL
53050OS-WINDOWS Microsoft Windows win32k.sys rectangle region use after free attempt (more info ...)attempted-admin  2020-0745      URL
53051OS-WINDOWS Microsoft Windows win32k.sys rectangle region use after free attempt (more info ...)attempted-admin  2020-0745      URL
53052OS-WINDOWS Microsoft Windows Win32k driver DestroyThreadsTimers use after free attempt (more info ...)attempted-admin  2020-0720      URL
53053OS-WINDOWS Microsoft Windows Win32k driver DestroyThreadsTimers use after free attempt (more info ...)attempted-admin  2020-0720      URL
53054OS-WINDOWS Microsoft Windows Graphics component privilege escalation attempt (more info ...)attempted-admin  2020-0715      URL
53056OS-WINDOWS Microsoft Windows Remote Desktop client DYNVC PDU handling integer overflow attempt (more info ...)attempted-admin  2020-0681      URL
53061OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt (more info ...)attempted-admin  2020-0721      URL
53062OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt (more info ...)attempted-admin  2020-0721      URL
53072OS-WINDOWS Microsoft Windows win32k use after free privilege escalation attempt (more info ...)attempted-admin  2020-0722      URL
53073OS-WINDOWS Microsoft Windows win32k use after free privilege escalation attempt (more info ...)attempted-admin  2020-0722      URL
53079OS-WINDOWS Microsoft Windows Win32k driver tagQ object use after free attempt (more info ...)attempted-admin  2020-0725      URL
53080OS-WINDOWS Microsoft Windows Win32k driver tagQ object use after free attempt (more info ...)attempted-admin  2020-0725      URL
53082OS-WINDOWS Microsoft Windows Remote Desktop client RDPGFX PDU handling integer overflow attempt (more info ...)attempted-admin  2020-0734      URL
53083OS-WINDOWS Microsoft Windows Remote Desktop client RDPGFX PDU handling integer overflow attempt (more info ...)attempted-admin  2020-0734      URL
53084OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (more info ...)attempted-admin  2020-0723      URL
53085OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (more info ...)attempted-admin  2020-0723      URL
53086OS-WINDOWS Microsoft Windows Common Log File System Driver memory corruption attempt (more info ...)attempted-admin  2020-0658      URL
53087OS-WINDOWS Microsoft Windows Common Log File System Driver memory corruption attempt (more info ...)attempted-admin  2020-0658      URL
53088OS-WINDOWS Microsoft Windows Common Log File System Driver memory corruption attempt (more info ...)attempted-admin  2020-0658      URL
53089OS-WINDOWS Microsoft Windows Common Log File System Driver memory corruption attempt (more info ...)attempted-admin  2020-0658      URL
53104OS-WINDOWS Microsoft Windows Remote Desktop client PDU parsing integer overflow attempt (more info ...)attempted-admin  2020-0817      URL
53257OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (more info ...)attempted-recon        URL
53258OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (more info ...)attempted-recon        URL
53406OS-WINDOWS Microsoft Windows DirectComposition elevation of privilege attempt (more info ...)attempted-admin  2020-0898      URL
53407OS-WINDOWS Microsoft Windows DirectComposition elevation of privilege attempt (more info ...)attempted-admin  2020-0898      URL
53414OS-WINDOWS Microsoft Windows DirectX kernel memory leak attempt (more info ...)attempted-admin  2020-0690      URL
53415OS-WINDOWS Microsoft Windows DirectX kernel memory leak attempt (more info ...)attempted-admin  2020-0690      URL
53421OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (more info ...)attempted-admin  2020-0877      URL
53422OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (more info ...)attempted-admin  2020-0877      URL
53423OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (more info ...)attempted-admin  2020-0877      URL
53424OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (more info ...)attempted-admin  2020-0877      URL
53425OS-WINDOWS Microsoft Windows SMB srv2.sys remote code execution attempt (more info ...)attempted-admin  2020-0796      URL
53426OS-WINDOWS Microsoft Windows SMB srv2.sys remote code execution attempt (more info ...)attempted-admin  2020-0796      URL
53427OS-WINDOWS Microsoft Windows SMB srv2.sys remote code execution attempt (more info ...)attempted-admin  2020-0796      URL
53428OS-WINDOWS Microsoft Windows SMB srv2.sys remote code execution attempt (more info ...)attempted-admin  2020-0796      URL
53436OS-WINDOWS Windows RDP Gateway Server denial of service attempt (more info ...)attempted-dos  2020-0609      URL
53447OS-WINDOWS Microsoft Windows SMB srv2.sys remote code execution attempt (more info ...)attempted-admin  2020-0796      URL
53448OS-WINDOWS Microsoft Windows SMB srv2.sys remote code execution attempt (more info ...)attempted-admin  2020-0796      URL
53469POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (more info ...)policy-violation  2018-19911      URL
53489FILE-OTHER Microsoft Windows fontdrvhost SetBlendDesignPositions out of bounds write attempt (more info ...)attempted-user  2020-0938      URL
53490FILE-OTHER Microsoft Windows fontdrvhost SetBlendDesignPositions out of bounds write attempt (more info ...)attempted-user  2020-0938      URL
53491FILE-OTHER Microsoft Windows Type 1 font stack overflow attempt (more info ...)attempted-user  2020-1020      URL
53492FILE-OTHER Microsoft Windows Type 1 font stack overflow attempt (more info ...)attempted-user  2020-1020      URL
53529MALWARE-OTHER Win.Malware.Winspy-7644935-0 download attempt (more info ...)trojan-activity        URL
53530MALWARE-OTHER Win.Malware.Winspy-7644935-0 download attempt (more info ...)trojan-activity        URL
53531OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1033 attack attempt (more info ...)attempted-admin        URL
53532OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1033 attack attempt (more info ...)attempted-admin        URL
53621OS-WINDOWS Microsoft Windows DirectX elevation of privilege attempt (more info ...)attempted-admin  2020-0784      URL
53622OS-WINDOWS Microsoft Windows DirectX elevation of privilege attempt (more info ...)attempted-admin  2020-0784      URL
53627OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (more info ...)attempted-admin  2020-0958      URL
53628OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (more info ...)attempted-admin  2020-0958      URL
53629OS-WINDOWS Microsoft Windows Kernel CSRSS privilege escalation attempt (more info ...)attempted-admin  2020-1027      URL
53630OS-WINDOWS Microsoft Windows Kernel CSRSS privilege escalation attempt (more info ...)attempted-admin  2020-1027      URL
53652OS-WINDOWS Microsoft Windows CF_PALETTE privilege escalation attempt (more info ...)attempted-admin  2020-0956      URL
53653OS-WINDOWS Microsoft Windows CF_PALETTE privilege escalation attempt (more info ...)attempted-admin  2020-0956      URL
53654OS-WINDOWS Microsoft Windows 10 Win32k driver elevation of privileges attempt (more info ...)attempted-admin  2020-0957      URL
53655OS-WINDOWS Microsoft Windows 10 Win32k driver elevation of privileges attempt (more info ...)attempted-admin  2020-0957      URL
53950OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (more info ...)attempted-admin  2020-1153      URL
53951OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (more info ...)attempted-admin  2020-1153      URL
53983OS-WINDOWS Windows print spooler elevation of privilege attempt (more info ...)attempted-admin  2020-1048      URL
53984OS-WINDOWS Windows print spooler elevation of privilege attempt (more info ...)attempted-admin  2020-1048      URL
54215OS-WINDOWS Microsoft Windows win32k type confusion attempt (more info ...)attempted-admin  2020-1253      URL
54216OS-WINDOWS Microsoft Windows win32k type confusion attempt (more info ...)attempted-admin  2020-1253      URL
54217OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (more info ...)attempted-recon  2020-1206      URL
54240OS-WINDOWS Microsoft Windows SMBv1 remote code execution attempt (more info ...)attempted-admin  2020-1301      URL
54241OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (more info ...)attempted-admin  2020-1247      URL
54242OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (more info ...)attempted-admin  2020-1247      URL
54247OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (more info ...)attempted-admin  2020-1251      URL
54248OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (more info ...)attempted-admin  2020-1251      URL
54249OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (more info ...)attempted-admin  2020-1241      URL
54250OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (more info ...)attempted-admin  2020-1241      URL
54270OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (more info ...)denial-of-service  2020-1284      URL
54271OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (more info ...)denial-of-service  2020-1284      URL
54296OS-WINDOWS Microsoft Windows GDI+ printer out of bounds write attempt (more info ...)attempted-user  2020-0986      URL
54297OS-WINDOWS Microsoft Windows GDI+ printer out of bounds write attempt (more info ...)attempted-user  2020-0986      URL
54392OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1098 attack attempt (more info ...)attempted-admin        URL
54393OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1098 attack attempt (more info ...)attempted-admin        URL


# of warning rules in this group: 1416

IDMessageClasstypeCVEBugtraqIDNessusIDCustom
530OS-WINDOWS NT NULL session (more info ...)attempted-recon 2000-0347 1163  
534NETBIOS SMB CD.. (more info ...)attempted-recon    
535NETBIOS SMB CD... (more info ...)attempted-recon    
572PROTOCOL-RPC DOS ttdbserv Solaris (more info ...)attempted-dos 1999-0003 122  
574PROTOCOL-RPC mountd TCP export request (more info ...)attempted-recon    
575PROTOCOL-RPC portmap admind request UDP (more info ...)rpc-portmap-decode    
577PROTOCOL-RPC portmap bootparam request UDP (more info ...)rpc-portmap-decode    
580PROTOCOL-RPC portmap nisd request UDP (more info ...)rpc-portmap-decode 1999-0008   
581PROTOCOL-RPC portmap pcnfsd request UDP (more info ...)rpc-portmap-decode 2002-0910 4816  
582PROTOCOL-RPC portmap rexd request UDP (more info ...)rpc-portmap-decode    
583PROTOCOL-RPC portmap rstatd request UDP (more info ...)rpc-portmap-decode    
584PROTOCOL-RPC portmap rusers request UDP (more info ...)rpc-portmap-decode 1999-0626   
586PROTOCOL-RPC portmap selection_svc request UDP (more info ...)rpc-portmap-decode 1999-0209 8  
587PROTOCOL-RPC portmap status request UDP (more info ...)rpc-portmap-decode    
588PROTOCOL-RPC portmap ttdbserv request UDP (more info ...)rpc-portmap-decode 2001-0717 3382  URL
589PROTOCOL-RPC portmap yppasswd request UDP (more info ...)rpc-portmap-decode    
590PROTOCOL-RPC portmap ypserv request UDP (more info ...)rpc-portmap-decode 2002-1232 6016  
591PROTOCOL-RPC portmap ypupdated request TCP (more info ...)rpc-portmap-decode 1999-0208 1749  
595PROTOCOL-RPC portmap espd request TCP (more info ...)rpc-portmap-decode 2001-0331 2714  
598PROTOCOL-RPC portmap listing TCP 111 (more info ...)rpc-portmap-decode    
599PROTOCOL-RPC portmap listing TCP 32771 (more info ...)rpc-portmap-decode    
612PROTOCOL-RPC rusers query UDP (more info ...)attempted-recon 1999-0626   
1079OS-WINDOWS Microsoft Windows WebDAV propfind access (more info ...)web-application-activity 2003-0718 1656 10505 URL
1239OS-WINDOWS RFParalyze Attempt (more info ...)attempted-recon 2000-0347 1163 10392 
1262PROTOCOL-RPC portmap admind request TCP (more info ...)rpc-portmap-decode    
1263PROTOCOL-RPC portmap amountd request TCP (more info ...)rpc-portmap-decode 1999-0704 614  
1264PROTOCOL-RPC portmap bootparam request TCP (more info ...)rpc-portmap-decode    
1265PROTOCOL-RPC portmap cmsd request TCP (more info ...)rpc-portmap-decode    
1267PROTOCOL-RPC portmap nisd request TCP (more info ...)rpc-portmap-decode    
1268PROTOCOL-RPC portmap pcnfsd request TCP (more info ...)rpc-portmap-decode 2002-0910 4816  
1269PROTOCOL-RPC portmap rexd request TCP (more info ...)rpc-portmap-decode    
1270PROTOCOL-RPC portmap rstatd request TCP (more info ...)rpc-portmap-decode    
1271PROTOCOL-RPC portmap rusers request TCP (more info ...)rpc-portmap-decode 1999-0626   
1272PROTOCOL-RPC portmap sadmind request TCP (more info ...)rpc-portmap-decode    
1273PROTOCOL-RPC portmap selection_svc request TCP (more info ...)rpc-portmap-decode 1999-0209 205  
1274PROTOCOL-RPC portmap ttdbserv request TCP (more info ...)rpc-portmap-decode 2001-0717 3382  URL
1275PROTOCOL-RPC portmap yppasswd request TCP (more info ...)rpc-portmap-decode    
1276PROTOCOL-RPC portmap ypserv request TCP (more info ...)rpc-portmap-decode 2002-1232 6016  
1277PROTOCOL-RPC portmap ypupdated request UDP (more info ...)rpc-portmap-decode 1999-0208 28383  
1280PROTOCOL-RPC portmap listing UDP 111 (more info ...)rpc-portmap-decode    
1281PROTOCOL-RPC portmap listing UDP 32771 (more info ...)rpc-portmap-decode    
1388OS-WINDOWS Microsoft Windows UPnP Location overflow attempt (more info ...)misc-attack 2007-2386 3723 10829 URL
1447POLICY-OTHER Microsoft Windows Terminal server RDP attempt (more info ...)protocol-command-decode 2001-0663 3099 10940 URL
1732PROTOCOL-RPC portmap rwalld request UDP (more info ...)rpc-portmap-decode 1999-0181 205  
1733PROTOCOL-RPC portmap rwalld request TCP (more info ...)rpc-portmap-decode 1999-0181 205  
1746PROTOCOL-RPC portmap cachefsd request UDP (more info ...)rpc-portmap-decode 2002-0084 4674 10951 
1747PROTOCOL-RPC portmap cachefsd request TCP (more info ...)rpc-portmap-decode 2002-0084 4674 10951 
1890PROTOCOL-RPC status GHBN format string attack (more info ...)misc-attack 2000-0666 1480 10544 
1891PROTOCOL-RPC status GHBN format string attack (more info ...)misc-attack 2000-0666 1480 10544 
1905PROTOCOL-RPC AMD UDP amqproc_mount plog overflow attempt (more info ...)misc-attack 1999-0704 614  
1906PROTOCOL-RPC AMD TCP amqproc_mount plog overflow attempt (more info ...)misc-attack 1999-0704 614  
1907PROTOCOL-RPC CMSD UDP CMSD_CREATE buffer overflow attempt (more info ...)attempted-admin 2009-3699 524  
1908PROTOCOL-RPC CMSD TCP CMSD_CREATE buffer overflow attempt (more info ...)attempted-admin 1999-0696 524  
1909PROTOCOL-RPC CMSD TCP CMSD_INSERT buffer overflow attempt (more info ...)misc-attack 1999-0696 524  URL
1910PROTOCOL-RPC CMSD udp CMSD_INSERT buffer overflow attempt (more info ...)misc-attack 1999-0696   URL
1912PROTOCOL-RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (more info ...)attempted-admin 1999-0977 866  
1913PROTOCOL-RPC STATD UDP stat mon_name format string exploit attempt (more info ...)attempted-admin 2000-0666 1480 10544 
1914PROTOCOL-RPC STATD TCP stat mon_name format string exploit attempt (more info ...)attempted-admin 2000-0666 1480 10544 
1915PROTOCOL-RPC STATD UDP monitor mon_name format string exploit attempt (more info ...)attempted-admin 2000-0666 1480 10544 
1916PROTOCOL-RPC STATD TCP monitor mon_name format string exploit attempt (more info ...)attempted-admin 2000-0666 1480 10544 
1922PROTOCOL-RPC portmap proxy attempt TCP (more info ...)rpc-portmap-decode    
1924PROTOCOL-RPC mountd UDP export request (more info ...)attempted-recon    
1925PROTOCOL-RPC mountd TCP exportall request (more info ...)attempted-recon    
1926PROTOCOL-RPC mountd UDP exportall request (more info ...)attempted-recon    
1949PROTOCOL-RPC portmap SET attempt TCP 111 (more info ...)rpc-portmap-decode    
1950PROTOCOL-RPC portmap SET attempt UDP 111 (more info ...)rpc-portmap-decode    
1951PROTOCOL-RPC mountd TCP mount request (more info ...)attempted-recon 1999-0210   
1952PROTOCOL-RPC mountd UDP mount request (more info ...)attempted-recon    
1953PROTOCOL-RPC AMD TCP pid request (more info ...)rpc-portmap-decode    
1954PROTOCOL-RPC AMD UDP pid request (more info ...)rpc-portmap-decode    
1955PROTOCOL-RPC AMD TCP version request (more info ...)rpc-portmap-decode    
1956PROTOCOL-RPC AMD UDP version request (more info ...)rpc-portmap-decode 2000-0696 1554  
1957PROTOCOL-RPC sadmind UDP PING (more info ...)protocol-command-decode 1999-0977 866 10229 
1958PROTOCOL-RPC sadmind TCP PING (more info ...)protocol-command-decode 1999-0977 866 10229 
1959PROTOCOL-RPC portmap NFS request UDP (more info ...)rpc-portmap-decode    
1960PROTOCOL-RPC portmap NFS request TCP (more info ...)rpc-portmap-decode    
1961PROTOCOL-RPC portmap RQUOTA request UDP (more info ...)rpc-portmap-decode    
1962PROTOCOL-RPC portmap RQUOTA request TCP (more info ...)rpc-portmap-decode    
1963PROTOCOL-RPC RQUOTA getquota overflow attempt UDP (more info ...)misc-attack 1999-0974 864  
1964PROTOCOL-RPC tooltalk UDP overflow attempt (more info ...)attempted-admin 1999-0003 122  
1965PROTOCOL-RPC tooltalk TCP overflow attempt (more info ...)attempted-admin 2001-0717 122  
2005PROTOCOL-RPC portmap kcms_server request UDP (more info ...)rpc-portmap-decode 2003-0027 6665  URL
2006PROTOCOL-RPC portmap kcms_server request TCP (more info ...)rpc-portmap-decode 2003-0027 6665  URL
2007PROTOCOL-RPC kcms_server directory traversal attempt (more info ...)misc-attack 2003-0027 6665  URL
2014PROTOCOL-RPC portmap UNSET attempt TCP 111 (more info ...)rpc-portmap-decode  1892  
2015PROTOCOL-RPC portmap UNSET attempt UDP 111 (more info ...)rpc-portmap-decode 2011-0321 1892  
2016PROTOCOL-RPC portmap status request TCP (more info ...)rpc-portmap-decode    
2017PROTOCOL-RPC portmap espd request UDP (more info ...)rpc-portmap-decode 2001-0331 2714  
2018PROTOCOL-RPC mountd TCP dump request (more info ...)attempted-recon    
2019PROTOCOL-RPC mountd UDP dump request (more info ...)attempted-recon    
2020PROTOCOL-RPC mountd TCP unmount request (more info ...)attempted-recon    
2021PROTOCOL-RPC mountd UDP unmount request (more info ...)attempted-recon    
2022PROTOCOL-RPC mountd TCP unmountall request (more info ...)attempted-recon    
2023PROTOCOL-RPC mountd UDP unmountall request (more info ...)attempted-recon    
2024PROTOCOL-RPC RQUOTA getquota overflow attempt TCP (more info ...)misc-attack 1999-0974 864  
2025PROTOCOL-RPC yppasswd username overflow attempt UDP (more info ...)rpc-portmap-decode 2001-0779 2763 10684 
2026PROTOCOL-RPC yppasswd username overflow attempt TCP (more info ...)rpc-portmap-decode 2001-0779 2763 10684 
2031PROTOCOL-RPC yppasswd user update UDP (more info ...)rpc-portmap-decode 2001-0779 2763  
2032PROTOCOL-RPC yppasswd user update TCP (more info ...)rpc-portmap-decode 2001-0779 2763  
2033PROTOCOL-RPC ypserv maplist request UDP (more info ...)rpc-portmap-decode 2002-1232 6016 13976 
2034PROTOCOL-RPC ypserv maplist request TCP (more info ...)rpc-portmap-decode 2002-1232 6016  
2035PROTOCOL-RPC portmap network-status-monitor request UDP (more info ...)rpc-portmap-decode    
2036PROTOCOL-RPC portmap network-status-monitor request TCP (more info ...)rpc-portmap-decode    
2037PROTOCOL-RPC network-status-monitor mon-callback request UDP (more info ...)rpc-portmap-decode    
2038PROTOCOL-RPC network-status-monitor mon-callback request TCP (more info ...)rpc-portmap-decode    
2079PROTOCOL-RPC portmap nlockmgr request UDP (more info ...)rpc-portmap-decode 2000-0508 1372 10220 
2080PROTOCOL-RPC portmap nlockmgr request TCP (more info ...)rpc-portmap-decode 2000-0508 1372 10220 
2081PROTOCOL-RPC portmap rpc.xfsmd request UDP (more info ...)rpc-portmap-decode 2002-0359 5075  
2082PROTOCOL-RPC portmap rpc.xfsmd request TCP (more info ...)rpc-portmap-decode 2002-0359 5075  
2083PROTOCOL-RPC rpc.xfsmd xfs_export attempt UDP (more info ...)rpc-portmap-decode 2002-0359 5075  
2084PROTOCOL-RPC rpc.xfsmd xfs_export attempt TCP (more info ...)rpc-portmap-decode 2002-0359 5075  
2088PROTOCOL-RPC ypupdated arbitrary command attempt UDP (more info ...)misc-attack 1999-0208 28383  
2089PROTOCOL-RPC ypupdated arbitrary command attempt TCP (more info ...)misc-attack 1999-0208 1749  
2092PROTOCOL-RPC portmap proxy integer overflow attempt UDP (more info ...)rpc-portmap-decode 2003-0028 7123 11420 
2093PROTOCOL-RPC portmap proxy integer overflow attempt TCP (more info ...)rpc-portmap-decode 2003-0028 7123 11420 
2094PROTOCOL-RPC CMSD UDP CMSD_CREATE array buffer overflow attempt (more info ...)attempted-admin 2009-3699 5356 11418 
2095PROTOCOL-RPC CMSD TCP CMSD_CREATE array buffer overflow attempt (more info ...)attempted-admin 2002-0391 5356 11418 
2101OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt (more info ...)protocol-command-decode 2002-0724 5556 11110 URL
2103NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (more info ...)protocol-command-decode 2003-0201   
2123INDICATOR-COMPROMISE Microsoft cmd.exe banner (more info ...)successful-admin   11633 
2126OS-WINDOWS Microsoft Windows PPTP Start Control Request buffer overflow attempt (more info ...)attempted-admin 2002-1214 5807 11178 URL
2176OS-WINDOWS Microsoft Windows SMB startup folder access (more info ...)attempted-recon    URL
2177OS-WINDOWS Microsoft Windows SMB startup folder unicode access (more info ...)attempted-recon    URL
2184PROTOCOL-RPC mountd TCP mount path overflow attempt (more info ...)misc-attack 2003-0252 8179 11800 
2185PROTOCOL-RPC mountd UDP mount path overflow attempt (more info ...)misc-attack 2010-4227 8179 11800 
2190NETBIOS DCERPC invalid bind attempt (more info ...)attempted-dos    
2191NETBIOS SMB DCERPC invalid bind attempt (more info ...)attempted-dos    
2252OS-WINDOWS Microsoft Windows SMB-DS DCERPC Remote Activation bind attempt (more info ...)attempted-admin 2003-0715 8458 11835 URL
2255PROTOCOL-RPC sadmind query with root credentials attempt TCP (more info ...)misc-attack    
2256PROTOCOL-RPC sadmind query with root credentials attempt UDP (more info ...)misc-attack    
2257OS-WINDOWS DCERPC Messenger Service buffer overflow attempt (more info ...)attempted-admin 2003-0717 8826 11890 URL
2258OS-WINDOWS Microsoft Windows SMB-DS DCERPC Messenger Service buffer overflow attempt (more info ...)attempted-admin 2003-0717 8826 11890 URL
2382OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP asn1 overflow attempt (more info ...)protocol-command-decode 2003-0818 9635 12065 URL
2383OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP asn1 overflow attempt (more info ...)protocol-command-decode 2003-0818 9635 12065 URL
2401NETBIOS SMB Session Setup andx username overflow attempt (more info ...)protocol-command-decode 2004-0193 9752  URL
2402NETBIOS SMB-DS Session Setup andx username overflow attempt (more info ...)protocol-command-decode 2004-0193 9752  URL
2403NETBIOS SMB Session Setup unicode username overflow attempt (more info ...)protocol-command-decode 2004-0193 9752  URL
2404NETBIOS SMB-DS Session Setup unicode andx username overflow attempt (more info ...)protocol-command-decode 2004-0193 9752  URL
2436FILE-IDENTIFY Microsoft Windows Audio wmf file download request (more info ...)misc-activity    URL
2474NETBIOS SMB-DS ADMIN$ share access (more info ...)protocol-command-decode    
2508OS-WINDOWS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt (more info ...)attempted-admin 2003-0533 10108 12205 URL
2511OS-WINDOWS DCERPC NCADG-IP-UDP lsass DsRolerUpgradeDownlevelServer overflow attempt (more info ...)attempted-admin 2003-0533 10108 12205 URL
2563NETBIOS NS lookup response name overflow attempt (more info ...)attempted-admin 2004-0444 10333  URL
2564NETBIOS NS lookup short response attempt (more info ...)attempted-admin 2004-0444 10335  URL<