Web Detections

Name	Data Source	Technique	Type	Analytic Story	Date
Access to Vulnerable Ivanti Connect Secure Bookmark Endpoint	Suricata	Exploit Public-Facing Application	TTP	CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities	2024-09-30
Adobe ColdFusion Access Control Bypass	Suricata	Exploit Public-Facing Application	TTP	Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360	2024-09-30
Adobe ColdFusion Unauthenticated Arbitrary File Read	Suricata	Exploit Public-Facing Application	TTP	Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360	2024-09-30
Cisco IOS XE Implant Access	Suricata	Exploit Public-Facing Application	TTP	Cisco IOS XE Software Web Management User Interface vulnerability	2024-09-30
Citrix ADC and Gateway Unauthorized Data Disclosure	Suricata	Exploit Public-Facing Application	TTP	Citrix NetScaler ADC and NetScaler Gateway CVE-2023-4966	2024-09-30
Citrix ADC Exploitation CVE-2023-3519	Palo Alto Network Threat	Exploit Public-Facing Application	Hunting	CISA AA24-241A, Citrix Netscaler ADC CVE-2023-3519	2024-10-17
Citrix ShareFile Exploitation CVE-2023-24489	Suricata	Exploit Public-Facing Application	Hunting	Citrix ShareFile RCE CVE-2023-24489	2024-10-17
Confluence CVE-2023-22515 Trigger Vulnerability	Suricata	Exploit Public-Facing Application	TTP	CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server	2024-09-30
Confluence Data Center and Server Privilege Escalation	Nginx Access	Exploit Public-Facing Application	TTP	CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server, Confluence Data Center and Confluence Server Vulnerabilities	2024-09-30
Confluence Pre-Auth RCE via OGNL Injection CVE-2023-22527	Suricata	Exploit Public-Facing Application	TTP	Confluence Data Center and Confluence Server Vulnerabilities	2024-09-30
Confluence Unauthenticated Remote Code Execution CVE-2022-26134	Palo Alto Network Threat	Server Software Component Exploit Public-Facing Application External Remote Services	TTP	Atlassian Confluence Server and Data Center CVE-2022-26134, Confluence Data Center and Confluence Server Vulnerabilities	2024-09-30
ConnectWise ScreenConnect Authentication Bypass	Suricata	Exploit Public-Facing Application	TTP	ConnectWise ScreenConnect Vulnerabilities	2024-09-30
Detect attackers scanning for vulnerable JBoss servers		System Information Discovery External Remote Services	TTP	JBoss Vulnerability, SamSam Ransomware	2024-10-17
Detect F5 TMUI RCE CVE-2020-5902		Exploit Public-Facing Application	TTP	F5 TMUI RCE CVE-2020-5902	2024-10-17
Detect malicious requests to exploit JBoss servers		N/A	TTP	JBoss Vulnerability, SamSam Ransomware	2024-10-17
Detect Remote Access Software Usage URL	Palo Alto Network Threat	Remote Access Software	Anomaly	CISA AA24-241A, Command And Control, Insider Threat, Ransomware	2024-09-30
Exploit Public Facing Application via Apache Commons Text	Nginx Access	Web Shell Server Software Component Exploit Public-Facing Application External Remote Services	Anomaly	Text4Shell CVE-2022-42889	2024-09-30
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	TTP	Fortinet FortiNAC CVE-2022-39952	2024-09-30
F5 TMUI Authentication Bypass	Suricata	N/A	TTP	F5 Authentication Bypass with TMUI	2024-09-30
Fortinet Appliance Auth bypass	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	TTP	CVE-2022-40684 Fortinet Appliance Auth bypass	2024-09-30
High Volume of Bytes Out to Url	Nginx Access	Exfiltration Over Web Service	Anomaly	Data Exfiltration	2024-09-30
Hunting for Log4Shell	Nginx Access	Exploit Public-Facing Application External Remote Services	Hunting	CISA AA22-320A, Log4Shell CVE-2021-44228	2024-10-17
Ivanti Connect Secure Command Injection Attempts	Suricata	Exploit Public-Facing Application	TTP	CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities	2024-09-30
Ivanti Connect Secure SSRF in SAML Component	Suricata	Exploit Public-Facing Application	TTP	Ivanti Connect Secure VPN Vulnerabilities	2024-09-30
Ivanti Connect Secure System Information Access via Auth Bypass	Suricata	Exploit Public-Facing Application	Anomaly	CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities	2024-09-30
Ivanti EPM SQL Injection Remote Code Execution	Suricata	Exploit Public-Facing Application	TTP	Ivanti EPM Vulnerabilities	2024-09-30
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35078	Suricata	Exploit Public-Facing Application External Remote Services	TTP	Ivanti EPMM Remote Unauthenticated Access	2024-09-30
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35082	Suricata	Exploit Public-Facing Application External Remote Services	TTP	Ivanti EPMM Remote Unauthenticated Access	2024-09-30
Ivanti Sentry Authentication Bypass	Suricata	Exploit Public-Facing Application	TTP	Ivanti Sentry Authentication Bypass CVE-2023-38035	2024-09-30
Java Class File download by Java User Agent	Splunk Stream HTTP	Exploit Public-Facing Application	TTP	Log4Shell CVE-2021-44228	2024-10-16
Jenkins Arbitrary File Read CVE-2024-23897	Nginx Access	Exploit Public-Facing Application	TTP	Jenkins Server Vulnerabilities	2024-09-30
JetBrains TeamCity Authentication Bypass CVE-2024-27198	Suricata	Exploit Public-Facing Application	TTP	JetBrains TeamCity Vulnerabilities	2024-09-30
JetBrains TeamCity Authentication Bypass Suricata CVE-2024-27198	Suricata	Exploit Public-Facing Application	TTP	JetBrains TeamCity Vulnerabilities	2024-09-30
JetBrains TeamCity Limited Auth Bypass Suricata CVE-2024-27199	Suricata	Exploit Public-Facing Application	TTP	JetBrains TeamCity Vulnerabilities	2024-09-30
JetBrains TeamCity RCE Attempt	Suricata	Exploit Public-Facing Application	TTP	CISA AA23-347A, JetBrains TeamCity Unauthenticated RCE, JetBrains TeamCity Vulnerabilities	2024-09-30
Juniper Networks Remote Code Execution Exploit Detection	Suricata	Exploit Public-Facing Application Ingress Tool Transfer Command and Scripting Interpreter	TTP	Juniper JunOS Remote Code Execution	2024-09-30
Log4Shell JNDI Payload Injection Attempt	Nginx Access	Exploit Public-Facing Application External Remote Services	Anomaly	CISA AA22-257A, CISA AA22-320A, Log4Shell CVE-2021-44228	2024-09-30
Log4Shell JNDI Payload Injection with Outbound Connection		Exploit Public-Facing Application External Remote Services	Anomaly	CISA AA22-320A, Log4Shell CVE-2021-44228	2024-09-30
Microsoft SharePoint Server Elevation of Privilege	Suricata	Exploitation for Privilege Escalation	TTP	Microsoft SharePoint Server Elevation of Privilege CVE-2023-29357	2024-09-30
Monitor Web Traffic For Brand Abuse		N/A	TTP	Brand Monitoring	2024-10-17
Multiple Archive Files Http Post Traffic	Splunk Stream HTTP	Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration Over Alternative Protocol	TTP	Command And Control, Data Exfiltration	2024-09-30
Nginx ConnectWise ScreenConnect Authentication Bypass	Nginx Access	Exploit Public-Facing Application	TTP	ConnectWise ScreenConnect Vulnerabilities	2024-09-30
PaperCut NG Remote Web Access Attempt	Suricata	Exploit Public-Facing Application External Remote Services	TTP	PaperCut MF NG Vulnerability	2024-09-30
Plain HTTP POST Exfiltrated Data	Splunk Stream HTTP	Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration Over Alternative Protocol	TTP	Command And Control, Data Exfiltration	2024-09-30
ProxyShell ProxyNotShell Behavior Detected		Exploit Public-Facing Application External Remote Services	Correlation	BlackByte Ransomware, ProxyNotShell, ProxyShell	2024-09-30
Spring4Shell Payload URL Request	Nginx Access	Web Shell Server Software Component Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2024-09-30
SQL Injection with Long URLs		Exploit Public-Facing Application	TTP	SQL Injection	2024-10-17
Supernova Webshell		Web Shell External Remote Services	TTP	NOBELIUM Group	2024-10-17
Unusually Long Content-Type Length		N/A	Anomaly	Apache Struts Vulnerability	2024-10-17
VMWare Aria Operations Exploit Attempt	Palo Alto Network Threat	External Remote Services Exploit Public-Facing Application Exploitation of Remote Services Exploitation for Privilege Escalation	TTP	VMware Aria Operations vRealize CVE-2023-20887	2024-09-30
VMware Server Side Template Injection Hunt	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	Hunting	VMware Server Side Injection and Privilege Escalation	2024-10-17
VMware Workspace ONE Freemarker Server-side Template Injection	Palo Alto Network Threat	Exploit Public-Facing Application External Remote Services	Anomaly	VMware Server Side Injection and Privilege Escalation	2024-09-30
Web JSP Request via URL	Nginx Access	Web Shell Server Software Component Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2024-09-30
Web Remote ShellServlet Access	Nginx Access	Exploit Public-Facing Application	TTP	CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server	2024-09-30
Web Spring4Shell HTTP Request Class Module	Splunk Stream HTTP	Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2024-09-30
Web Spring Cloud Function FunctionRouter	Splunk Stream HTTP	Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2024-09-30
Windows Exchange Autodiscover SSRF Abuse	Windows IIS	Exploit Public-Facing Application External Remote Services	TTP	BlackByte Ransomware, ProxyNotShell, ProxyShell	2024-09-30
Windows IIS Server PSWA Console Access	Windows IIS	Exploit Public-Facing Application	Hunting	CISA AA24-241A	2024-10-17
WordPress Bricks Builder plugin RCE	Nginx Access	Exploit Public-Facing Application	TTP	WordPress Vulnerabilities	2024-09-30
WS FTP Remote Code Execution	Suricata	Exploit Public-Facing Application	TTP	WS FTP Server Critical Vulnerabilities	2024-09-30
Zscaler Adware Activities Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-09-30
Zscaler Behavior Analysis Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-09-30
Zscaler CryptoMiner Downloaded Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-09-30
Zscaler Employment Search Web Activity		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-09-30
Zscaler Exploit Threat Blocked		Phishing	TTP	Zscaler Browser Proxy Threats	2024-09-30
Zscaler Legal Liability Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-09-30
Zscaler Malware Activity Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-09-30
Zscaler Phishing Activity Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-09-30
Zscaler Potentially Abused File Download		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-09-30
Zscaler Privacy Risk Destinations Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-09-30
Zscaler Scam Destinations Threat Blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-09-30
Zscaler Virus Download threat blocked		Phishing	Anomaly	Zscaler Browser Proxy Threats	2024-09-30