Web Detections

Name Data Source Technique Type Analytic Story Date
Access to Vulnerable Ivanti Connect Secure Bookmark Endpoint Suricata Exploit Public-Facing Application TTP CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities 2024-09-30
Adobe ColdFusion Access Control Bypass Suricata Exploit Public-Facing Application TTP Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360 2024-09-30
Adobe ColdFusion Unauthenticated Arbitrary File Read Suricata Exploit Public-Facing Application TTP Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360 2024-09-30
Cisco IOS XE Implant Access Suricata Exploit Public-Facing Application TTP Cisco IOS XE Software Web Management User Interface vulnerability 2024-09-30
Citrix ADC and Gateway Unauthorized Data Disclosure Suricata Exploit Public-Facing Application TTP Citrix NetScaler ADC and NetScaler Gateway CVE-2023-4966 2024-09-30
Citrix ADC Exploitation CVE-2023-3519 Palo Alto Network Threat Exploit Public-Facing Application Hunting CISA AA24-241A, Citrix Netscaler ADC CVE-2023-3519 2024-10-17
Citrix ShareFile Exploitation CVE-2023-24489 Suricata Exploit Public-Facing Application Hunting Citrix ShareFile RCE CVE-2023-24489 2024-10-17
Confluence CVE-2023-22515 Trigger Vulnerability Suricata Exploit Public-Facing Application TTP CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server 2024-09-30
Confluence Data Center and Server Privilege Escalation Nginx Access Exploit Public-Facing Application TTP CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server, Confluence Data Center and Confluence Server Vulnerabilities 2024-09-30
Confluence Pre-Auth RCE via OGNL Injection CVE-2023-22527 Suricata Exploit Public-Facing Application TTP Confluence Data Center and Confluence Server Vulnerabilities 2024-09-30
Confluence Unauthenticated Remote Code Execution CVE-2022-26134 Palo Alto Network Threat Server Software Component Exploit Public-Facing Application External Remote Services TTP Atlassian Confluence Server and Data Center CVE-2022-26134, Confluence Data Center and Confluence Server Vulnerabilities 2024-09-30
ConnectWise ScreenConnect Authentication Bypass Suricata Exploit Public-Facing Application TTP ConnectWise ScreenConnect Vulnerabilities 2024-09-30
Detect attackers scanning for vulnerable JBoss servers System Information Discovery External Remote Services TTP JBoss Vulnerability, SamSam Ransomware 2024-10-17
Detect F5 TMUI RCE CVE-2020-5902 Exploit Public-Facing Application TTP F5 TMUI RCE CVE-2020-5902 2024-10-17
Detect malicious requests to exploit JBoss servers N/A TTP JBoss Vulnerability, SamSam Ransomware 2024-10-17
Detect Remote Access Software Usage URL Palo Alto Network Threat Remote Access Software Anomaly CISA AA24-241A, Command And Control, Insider Threat, Ransomware 2024-09-30
Exploit Public Facing Application via Apache Commons Text Nginx Access Web Shell Server Software Component Exploit Public-Facing Application External Remote Services Anomaly Text4Shell CVE-2022-42889 2024-09-30
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952 Palo Alto Network Threat Exploit Public-Facing Application External Remote Services TTP Fortinet FortiNAC CVE-2022-39952 2024-09-30
F5 TMUI Authentication Bypass Suricata N/A TTP F5 Authentication Bypass with TMUI 2024-09-30
Fortinet Appliance Auth bypass Palo Alto Network Threat Exploit Public-Facing Application External Remote Services TTP CVE-2022-40684 Fortinet Appliance Auth bypass 2024-09-30
High Volume of Bytes Out to Url Nginx Access Exfiltration Over Web Service Anomaly Data Exfiltration 2024-09-30
Hunting for Log4Shell Nginx Access Exploit Public-Facing Application External Remote Services Hunting CISA AA22-320A, Log4Shell CVE-2021-44228 2024-10-17
Ivanti Connect Secure Command Injection Attempts Suricata Exploit Public-Facing Application TTP CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities 2024-09-30
Ivanti Connect Secure SSRF in SAML Component Suricata Exploit Public-Facing Application TTP Ivanti Connect Secure VPN Vulnerabilities 2024-09-30
Ivanti Connect Secure System Information Access via Auth Bypass Suricata Exploit Public-Facing Application Anomaly CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities 2024-09-30
Ivanti EPM SQL Injection Remote Code Execution Suricata Exploit Public-Facing Application TTP Ivanti EPM Vulnerabilities 2024-09-30
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35078 Suricata Exploit Public-Facing Application External Remote Services TTP Ivanti EPMM Remote Unauthenticated Access 2024-09-30
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35082 Suricata Exploit Public-Facing Application External Remote Services TTP Ivanti EPMM Remote Unauthenticated Access 2024-09-30
Ivanti Sentry Authentication Bypass Suricata Exploit Public-Facing Application TTP Ivanti Sentry Authentication Bypass CVE-2023-38035 2024-09-30
Java Class File download by Java User Agent Splunk Stream HTTP Exploit Public-Facing Application TTP Log4Shell CVE-2021-44228 2024-10-16
Jenkins Arbitrary File Read CVE-2024-23897 Nginx Access Exploit Public-Facing Application TTP Jenkins Server Vulnerabilities 2024-09-30
JetBrains TeamCity Authentication Bypass CVE-2024-27198 Suricata Exploit Public-Facing Application TTP JetBrains TeamCity Vulnerabilities 2024-09-30
JetBrains TeamCity Authentication Bypass Suricata CVE-2024-27198 Suricata Exploit Public-Facing Application TTP JetBrains TeamCity Vulnerabilities 2024-09-30
JetBrains TeamCity Limited Auth Bypass Suricata CVE-2024-27199 Suricata Exploit Public-Facing Application TTP JetBrains TeamCity Vulnerabilities 2024-09-30
JetBrains TeamCity RCE Attempt Suricata Exploit Public-Facing Application TTP CISA AA23-347A, JetBrains TeamCity Unauthenticated RCE, JetBrains TeamCity Vulnerabilities 2024-09-30
Juniper Networks Remote Code Execution Exploit Detection Suricata Exploit Public-Facing Application Ingress Tool Transfer Command and Scripting Interpreter TTP Juniper JunOS Remote Code Execution 2024-09-30
Log4Shell JNDI Payload Injection Attempt Nginx Access Exploit Public-Facing Application External Remote Services Anomaly CISA AA22-257A, CISA AA22-320A, Log4Shell CVE-2021-44228 2024-09-30
Log4Shell JNDI Payload Injection with Outbound Connection Exploit Public-Facing Application External Remote Services Anomaly CISA AA22-320A, Log4Shell CVE-2021-44228 2024-09-30
Microsoft SharePoint Server Elevation of Privilege Suricata Exploitation for Privilege Escalation TTP Microsoft SharePoint Server Elevation of Privilege CVE-2023-29357 2024-09-30
Monitor Web Traffic For Brand Abuse N/A TTP Brand Monitoring 2024-10-17
Multiple Archive Files Http Post Traffic Splunk Stream HTTP Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration Over Alternative Protocol TTP Command And Control, Data Exfiltration 2024-09-30
Nginx ConnectWise ScreenConnect Authentication Bypass Nginx Access Exploit Public-Facing Application TTP ConnectWise ScreenConnect Vulnerabilities 2024-09-30
PaperCut NG Remote Web Access Attempt Suricata Exploit Public-Facing Application External Remote Services TTP PaperCut MF NG Vulnerability 2024-09-30
Plain HTTP POST Exfiltrated Data Splunk Stream HTTP Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration Over Alternative Protocol TTP Command And Control, Data Exfiltration 2024-09-30
ProxyShell ProxyNotShell Behavior Detected Exploit Public-Facing Application External Remote Services Correlation BlackByte Ransomware, ProxyNotShell, ProxyShell 2024-09-30
Spring4Shell Payload URL Request Nginx Access Web Shell Server Software Component Exploit Public-Facing Application External Remote Services TTP Spring4Shell CVE-2022-22965 2024-09-30
SQL Injection with Long URLs Exploit Public-Facing Application TTP SQL Injection 2024-10-17
Supernova Webshell Web Shell External Remote Services TTP NOBELIUM Group 2024-10-17
Unusually Long Content-Type Length N/A Anomaly Apache Struts Vulnerability 2024-10-17
VMWare Aria Operations Exploit Attempt Palo Alto Network Threat External Remote Services Exploit Public-Facing Application Exploitation of Remote Services Exploitation for Privilege Escalation TTP VMware Aria Operations vRealize CVE-2023-20887 2024-09-30
VMware Server Side Template Injection Hunt Palo Alto Network Threat Exploit Public-Facing Application External Remote Services Hunting VMware Server Side Injection and Privilege Escalation 2024-10-17
VMware Workspace ONE Freemarker Server-side Template Injection Palo Alto Network Threat Exploit Public-Facing Application External Remote Services Anomaly VMware Server Side Injection and Privilege Escalation 2024-09-30
Web JSP Request via URL Nginx Access Web Shell Server Software Component Exploit Public-Facing Application External Remote Services TTP Spring4Shell CVE-2022-22965 2024-09-30
Web Remote ShellServlet Access Nginx Access Exploit Public-Facing Application TTP CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server 2024-09-30
Web Spring4Shell HTTP Request Class Module Splunk Stream HTTP Exploit Public-Facing Application External Remote Services TTP Spring4Shell CVE-2022-22965 2024-09-30
Web Spring Cloud Function FunctionRouter Splunk Stream HTTP Exploit Public-Facing Application External Remote Services TTP Spring4Shell CVE-2022-22965 2024-09-30
Windows Exchange Autodiscover SSRF Abuse Windows IIS Exploit Public-Facing Application External Remote Services TTP BlackByte Ransomware, ProxyNotShell, ProxyShell 2024-09-30
Windows IIS Server PSWA Console Access Windows IIS Exploit Public-Facing Application Hunting CISA AA24-241A 2024-10-17
WordPress Bricks Builder plugin RCE Nginx Access Exploit Public-Facing Application TTP WordPress Vulnerabilities 2024-09-30
WS FTP Remote Code Execution Suricata Exploit Public-Facing Application TTP WS FTP Server Critical Vulnerabilities 2024-09-30
Zscaler Adware Activities Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-09-30
Zscaler Behavior Analysis Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-09-30
Zscaler CryptoMiner Downloaded Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-09-30
Zscaler Employment Search Web Activity Phishing Anomaly Zscaler Browser Proxy Threats 2024-09-30
Zscaler Exploit Threat Blocked Phishing TTP Zscaler Browser Proxy Threats 2024-09-30
Zscaler Legal Liability Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-09-30
Zscaler Malware Activity Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-09-30
Zscaler Phishing Activity Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-09-30
Zscaler Potentially Abused File Download Phishing Anomaly Zscaler Browser Proxy Threats 2024-09-30
Zscaler Privacy Risk Destinations Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-09-30
Zscaler Scam Destinations Threat Blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-09-30
Zscaler Virus Download threat blocked Phishing Anomaly Zscaler Browser Proxy Threats 2024-09-30