Web Detections

Name Data Source Technique Type Analytic Story Date
Access to Vulnerable Ivanti Connect Secure Bookmark Endpoint Suricata Exploit Public-Facing Application TTP CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities 2024-05-14
Adobe ColdFusion Access Control Bypass Suricata Exploit Public-Facing Application TTP Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360 2024-05-29
Adobe ColdFusion Unauthenticated Arbitrary File Read Suricata Exploit Public-Facing Application TTP Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360 2024-05-17
Cisco IOS XE Implant Access Suricata Exploit Public-Facing Application TTP Cisco IOS XE Software Web Management User Interface vulnerability 2024-05-16
Citrix ADC and Gateway Unauthorized Data Disclosure Suricata Exploit Public-Facing Application TTP Citrix NetScaler ADC and NetScaler Gateway CVE-2023-4966 2024-05-11
Citrix ADC Exploitation CVE-2023-3519 Palo Alto Network Threat Exploit Public-Facing Application Hunting CISA AA24-241A, Citrix Netscaler ADC CVE-2023-3519 2024-05-25
Citrix ShareFile Exploitation CVE-2023-24489 Suricata Exploit Public-Facing Application Hunting Citrix ShareFile RCE CVE-2023-24489 2024-05-29
Confluence CVE-2023-22515 Trigger Vulnerability Suricata Exploit Public-Facing Application TTP CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server 2024-05-22
Confluence Data Center and Server Privilege Escalation Nginx Access Exploit Public-Facing Application TTP CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server, Confluence Data Center and Confluence Server Vulnerabilities 2024-05-28
Confluence Pre-Auth RCE via OGNL Injection CVE-2023-22527 Suricata Exploit Public-Facing Application TTP Confluence Data Center and Confluence Server Vulnerabilities 2024-05-28
Confluence Unauthenticated Remote Code Execution CVE-2022-26134 Palo Alto Network Threat Server Software Component Exploit Public-Facing Application External Remote Services TTP Atlassian Confluence Server and Data Center CVE-2022-26134, Confluence Data Center and Confluence Server Vulnerabilities 2024-05-30
ConnectWise ScreenConnect Authentication Bypass Suricata Exploit Public-Facing Application TTP ConnectWise ScreenConnect Vulnerabilities 2024-05-24
Detect attackers scanning for vulnerable JBoss servers System Information Discovery External Remote Services TTP JBoss Vulnerability, SamSam Ransomware 2024-05-19
Detect F5 TMUI RCE CVE-2020-5902 Exploit Public-Facing Application TTP F5 TMUI RCE CVE-2020-5902 2024-08-16
Detect malicious requests to exploit JBoss servers N/A TTP JBoss Vulnerability, SamSam Ransomware 2024-05-19
Detect Remote Access Software Usage URL Palo Alto Network Threat Remote Access Software Anomaly CISA AA24-241A, Command And Control, Insider Threat, Ransomware 2024-07-09
Exploit Public Facing Application via Apache Commons Text Nginx Access Web Shell Server Software Component Exploit Public-Facing Application External Remote Services Anomaly Text4Shell CVE-2022-42889 2024-05-21
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952 Palo Alto Network Threat Exploit Public-Facing Application External Remote Services TTP Fortinet FortiNAC CVE-2022-39952 2024-05-09
F5 TMUI Authentication Bypass Suricata N/A TTP F5 Authentication Bypass with TMUI 2024-05-24
Fortinet Appliance Auth bypass Palo Alto Network Threat Exploit Public-Facing Application External Remote Services TTP CVE-2022-40684 Fortinet Appliance Auth bypass 2024-05-12
Hunting for Log4Shell Nginx Access Exploit Public-Facing Application External Remote Services Hunting CISA AA22-320A, Log4Shell CVE-2021-44228 2024-08-14
Ivanti Connect Secure Command Injection Attempts Suricata Exploit Public-Facing Application TTP CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities 2024-05-20
Ivanti Connect Secure SSRF in SAML Component Suricata Exploit Public-Facing Application TTP Ivanti Connect Secure VPN Vulnerabilities 2024-05-29
Ivanti Connect Secure System Information Access via Auth Bypass Suricata Exploit Public-Facing Application Anomaly CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities 2024-05-18
Ivanti EPM SQL Injection Remote Code Execution Suricata Exploit Public-Facing Application TTP Ivanti EPM Vulnerabilities 2024-06-18
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35078 Suricata Exploit Public-Facing Application External Remote Services TTP Ivanti EPMM Remote Unauthenticated Access 2024-05-18
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35082 Suricata Exploit Public-Facing Application External Remote Services TTP Ivanti EPMM Remote Unauthenticated Access 2024-05-28
Ivanti Sentry Authentication Bypass Suricata Exploit Public-Facing Application TTP Ivanti Sentry Authentication Bypass CVE-2023-38035 2024-05-17
Jenkins Arbitrary File Read CVE-2024-23897 Nginx Access Exploit Public-Facing Application TTP Jenkins Server Vulnerabilities 2024-05-24
JetBrains TeamCity Authentication Bypass CVE-2024-27198 Suricata Exploit Public-Facing Application TTP JetBrains TeamCity Vulnerabilities 2024-05-20
JetBrains TeamCity Authentication Bypass Suricata CVE-2024-27198 Suricata Exploit Public-Facing Application TTP JetBrains TeamCity Vulnerabilities 2024-05-16
JetBrains TeamCity Limited Auth Bypass Suricata CVE-2024-27199 Suricata Exploit Public-Facing Application TTP JetBrains TeamCity Vulnerabilities 2024-05-26
JetBrains TeamCity RCE Attempt Suricata Exploit Public-Facing Application TTP CISA AA23-347A, JetBrains TeamCity Unauthenticated RCE, JetBrains TeamCity Vulnerabilities 2024-08-16
Juniper Networks Remote Code Execution Exploit Detection Suricata Exploit Public-Facing Application Ingress Tool Transfer Command and Scripting Interpreter TTP Juniper JunOS Remote Code Execution 2024-05-14
Log4Shell JNDI Payload Injection Attempt Nginx Access Exploit Public-Facing Application External Remote Services Anomaly CISA AA22-257A, CISA AA22-320A, Log4Shell CVE-2021-44228 2024-05-25
Log4Shell JNDI Payload Injection with Outbound Connection Exploit Public-Facing Application External Remote Services Anomaly CISA AA22-320A, Log4Shell CVE-2021-44228 2024-05-16
Microsoft SharePoint Server Elevation of Privilege Suricata Exploitation for Privilege Escalation TTP Microsoft SharePoint Server Elevation of Privilege CVE-2023-29357 2024-05-19
Monitor Web Traffic For Brand Abuse N/A TTP Brand Monitoring 2024-05-20
Nginx ConnectWise ScreenConnect Authentication Bypass Nginx Access Exploit Public-Facing Application TTP ConnectWise ScreenConnect Vulnerabilities 2024-05-16
PaperCut NG Remote Web Access Attempt Suricata Exploit Public-Facing Application External Remote Services TTP PaperCut MF NG Vulnerability 2024-05-23
ProxyShell ProxyNotShell Behavior Detected Exploit Public-Facing Application External Remote Services Correlation BlackByte Ransomware, ProxyNotShell, ProxyShell 2024-05-21
Spring4Shell Payload URL Request Nginx Access Web Shell Server Software Component Exploit Public-Facing Application External Remote Services TTP Spring4Shell CVE-2022-22965 2024-05-26
SQL Injection with Long URLs Exploit Public-Facing Application TTP SQL Injection 2024-05-12
Supernova Webshell Web Shell External Remote Services TTP NOBELIUM Group 2024-05-26
VMWare Aria Operations Exploit Attempt Palo Alto Network Threat External Remote Services Exploit Public-Facing Application Exploitation of Remote Services Exploitation for Privilege Escalation TTP VMware Aria Operations vRealize CVE-2023-20887 2024-05-19
VMware Server Side Template Injection Hunt Palo Alto Network Threat Exploit Public-Facing Application External Remote Services Hunting VMware Server Side Injection and Privilege Escalation 2024-05-12
VMware Workspace ONE Freemarker Server-side Template Injection Palo Alto Network Threat Exploit Public-Facing Application External Remote Services Anomaly VMware Server Side Injection and Privilege Escalation 2024-05-19
Web JSP Request via URL Nginx Access Web Shell Server Software Component Exploit Public-Facing Application External Remote Services TTP Spring4Shell CVE-2022-22965 2024-05-15
Web Remote ShellServlet Access Nginx Access Exploit Public-Facing Application TTP CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server 2024-05-19
Web Spring4Shell HTTP Request Class Module Splunk Stream HTTP Exploit Public-Facing Application External Remote Services TTP Spring4Shell CVE-2022-22965 2024-05-28
Web Spring Cloud Function FunctionRouter Splunk Stream HTTP Exploit Public-Facing Application External Remote Services TTP Spring4Shell CVE-2022-22965 2024-05-22
Windows Exchange Autodiscover SSRF Abuse Windows IIS Exploit Public-Facing Application External Remote Services TTP BlackByte Ransomware, ProxyNotShell, ProxyShell 2024-05-16
Windows IIS Server PSWA Console Access Exploit Public-Facing Application Hunting CISA AA24-241A 2024-09-30
WordPress Bricks Builder plugin RCE Nginx Access Exploit Public-Facing Application TTP WordPress Vulnerabilities 2024-05-17
WS FTP Remote Code Execution Suricata Exploit Public-Facing Application TTP WS FTP Server Critical Vulnerabilities 2024-08-16
Zscaler Adware Activities Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-05-15
Zscaler Behavior Analysis Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-05-17
Zscaler CryptoMiner Downloaded Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-05-22
Zscaler Employment Search Web Activity Phishing Anomaly Zscaler Browser Proxy Threats 2024-05-11
Zscaler Exploit Threat Blocked Phishing TTP Zscaler Browser Proxy Threats 2024-05-13
Zscaler Legal Liability Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-05-23
Zscaler Malware Activity Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-05-12
Zscaler Phishing Activity Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-05-12
Zscaler Potentially Abused File Download Phishing Anomaly Zscaler Browser Proxy Threats 2024-05-22
Zscaler Privacy Risk Destinations Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-05-24
Zscaler Scam Destinations Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-05-27
Zscaler Virus Download threat blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-05-17