1 || 1 || 1 || NOCLASS || 0 || FILEEXT JPG file claimed 1 || 3 || 1 || NOCLASS || 0 || FILEEXT BMP file claimed 1 || 6 || 1 || NOCLASS || 0 || FILESTORE jpg 1 || 8 || 1 || NOCLASS || 0 || FILESTORE pdf 1 || 9 || 1 || NOCLASS || 0 || FILEMAGIC pdf 1 || 10 || 1 || NOCLASS || 0 || FILEMAGIC jpg(1) 1 || 11 || 1 || NOCLASS || 0 || FILEMAGIC jpg(2) 1 || 12 || 1 || NOCLASS || 0 || FILEMAGIC short 1 || 15 || 1 || NOCLASS || 0 || FILE store all 1 || 16 || 1 || NOCLASS || 0 || FILE magic 1 || 17 || 1 || NOCLASS || 0 || FILE magic 1 || 18 || 1 || NOCLASS || 0 || FILE magic -- windows 1 || 19 || 1 || NOCLASS || 0 || FILE tracking PNG (1x1 pixel) (1) 1 || 20 || 1 || NOCLASS || 0 || FILE tracking PNG (1x1 pixel) (2) 1 || 21 || 1 || NOCLASS || 0 || FILE tracking GIF (1x1 pixel) 1 || 22 || 1 || NOCLASS || 0 || FILE pdf claimed, but not pdf 1 || 23 || 2 || NOCLASS || 0 || FILE magic 1 || 648 || 7 || shellcode-detect || 0 || GPL SHELLCODE x86 NOOP || arachnids,181 1 || 653 || 9 || shellcode-detect || 0 || GPL SHELLCODE x86 0x90 unicode NOOP 1 || 1266 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap mountd request TCP || arachnids,13 1 || 1429 || 3 || misc-activity || 0 || GPL DELETED poll.gotomypc.com access || url,www.gotomypc.com/help2.tmpl 1 || 1877 || 9 || web-application-activity || 0 || GPL WEB_SERVER printenv access || bugtraq,1658 || cve,2000-0868 || nessus,10188 || nessus,10503 1 || 2351 || 11 || attempted-admin || 0 || GPL NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2352 || 10 || attempted-admin || 0 || GPL NETBIOS DCERPC ISystemActivator path overflow attempt big endian unicode || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2492 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB DCERPC ISystemActivator bind attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2493 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB DCERPC ISystemActivator unicode bind attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2494 || 8 || misc-attack || 0 || GPL NETBIOS DCEPRC ORPCThis request flood attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2495 || 8 || misc-attack || 0 || GPL NETBIOS SMB DCEPRC ORPCThis request flood attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2873 || 2 || attempted-user || 0 || GPL DELETED sys.dbms_repcat_conf.alter_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2952 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB IPC$ andx share access 1 || 2953 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB IPC$ unicode andx share access 1 || 2972 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB D$ andx share access 1 || 2973 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB D$ unicode andx share access 1 || 2976 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB C$ andx share access 1 || 2977 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB C$ unicode andx share access 1 || 2980 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB ADMIN$ andx share access 1 || 2981 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB ADMIN$ unicode andx share access 1 || 2000005 || 7 || attempted-dos || 0 || ET EXPLOIT Cisco Telnet Buffer Overflow || url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml || url,doc.emergingthreats.net/bin/view/Main/2000005 1 || 2000006 || 13 || attempted-dos || 0 || ET DOS Cisco Router HTTP DoS || url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml 1 || 2000007 || 7 || attempted-dos || 0 || ET EXPLOIT Catalyst SSH protocol mismatch || url,www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml || url,doc.emergingthreats.net/bin/view/Main/2000007 1 || 2000009 || 12 || attempted-dos || 0 || ET DELETED Cisco IOS HTTP DoS || url,www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml || url,doc.emergingthreats.net/bin/view/Main/2000009 1 || 2000010 || 11 || attempted-dos || 0 || ET DOS Cisco 514 UDP flood DoS || url,www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml || url,doc.emergingthreats.net/bin/view/Main/2000010 1 || 2000011 || 8 || attempted-dos || 0 || ET DOS Catalyst memory leak attack || url,www.cisco.com/en/US/products/products_security_advisory09186a00800b138e.shtml || url,doc.emergingthreats.net/bin/view/Main/2000011 1 || 2000012 || 11 || attempted-dos || 0 || ET DELETED Cisco %u IDS evasion || url,doc.emergingthreats.net/bin/view/Main/2000012 1 || 2000013 || 12 || attempted-dos || 0 || ET DELETED Cisco IOS HTTP server DoS || url,doc.emergingthreats.net/bin/view/Main/2000013 1 || 2000015 || 6 || trojan-activity || 0 || ET P2P Phatbot Control Connection || url,www.lurhq.com/phatbot.html || url,doc.emergingthreats.net/bin/view/Main/2000015 1 || 2000016 || 7 || attempted-dos || 0 || ET DOS SSL Bomb DoS Attempt || cve,CAN-2004-0120 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || url,doc.emergingthreats.net/bin/view/Main/2000016 1 || 2000017 || 6 || bad-unknown || 0 || ET NETBIOS NII Microsoft ASN.1 Library Buffer Overflow Exploit || url,www.microsoft.com/technet/security/bulletin/ms04-007.asp || url,doc.emergingthreats.net/bin/view/Main/2000017 1 || 2000024 || 9 || trojan-activity || 0 || ET DELETED rcprograms || url,sarc.com/avcenter/venc/data/adware.rcprograms.html || url,doc.emergingthreats.net/bin/view/Main/2000024 1 || 2000025 || 11 || policy-violation || 0 || ET MALWARE Gator Cookie || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999 || url,doc.emergingthreats.net/bin/view/Main/2000025 1 || 2000026 || 37 || policy-violation || 0 || ET USER_AGENTS Gator Agent Traffic || url,doc.emergingthreats.net/2000026 1 || 2000031 || 5 || attempted-admin || 0 || ET EXPLOIT CVS server heap overflow attempt (target BSD) || url,doc.emergingthreats.net/bin/view/Main/2000031 1 || 2000032 || 9 || misc-activity || 0 || ET NETBIOS LSA exploit || url,www.eeye.com/html/research/advisories/AD20040501.html || url,www.upenn.edu/computing/virus/04/w32.sasser.worm.html || url,doc.emergingthreats.net/bin/view/Main/2000032 1 || 2000033 || 9 || misc-activity || 0 || ET NETBIOS MS04011 Lsasrv.dll RPC exploit (WinXP) || url,doc.emergingthreats.net/bin/view/Main/2000033 || cve,2003-0533 1 || 2000035 || 13 || policy-violation || 0 || ET POLICY Hotmail Inbox Access || url,doc.emergingthreats.net/2000035 1 || 2000036 || 15 || policy-violation || 0 || ET POLICY Hotmail Message Access || url,doc.emergingthreats.net/2000036 1 || 2000037 || 14 || policy-violation || 0 || ET POLICY Hotmail Compose Message Access || url,doc.emergingthreats.net/2000037 1 || 2000038 || 14 || policy-violation || 0 || ET POLICY Hotmail Compose Message Submit || url,doc.emergingthreats.net/2000038 1 || 2000039 || 11 || policy-violation || 0 || ET POLICY Hotmail Compose Message Submit Data || url,doc.emergingthreats.net/2000039 1 || 2000040 || 5 || misc-activity || 0 || ET WORM Sasser FTP Traffic || url,vil.mcafeesecurity.com/vil/content/Print125009.htm || url,doc.emergingthreats.net/2000040 1 || 2000041 || 14 || policy-violation || 0 || ET POLICY Yahoo Mail Inbox View || url,doc.emergingthreats.net/2000041 1 || 2000042 || 14 || policy-violation || 0 || ET POLICY Yahoo Mail Message View || url,doc.emergingthreats.net/2000042 1 || 2000043 || 12 || policy-violation || 0 || ET POLICY Yahoo Mail Message Compose Open || url,doc.emergingthreats.net/2000043 1 || 2000044 || 11 || policy-violation || 0 || ET POLICY Yahoo Mail Message Send || url,doc.emergingthreats.net/2000044 1 || 2000045 || 12 || policy-violation || 0 || ET DELETED Yahoo Mail Message Send Info Capture || url,doc.emergingthreats.net/2000045 1 || 2000046 || 9 || misc-activity || 0 || ET NETBIOS MS04011 Lsasrv.dll RPC exploit (Win2k) || url,doc.emergingthreats.net/bin/view/Main/2000046 || cve,2003-0533 1 || 2000047 || 5 || misc-activity || 0 || ET WORM Sasser Transfer _up.exe || url,vil.mcafeesecurity.com/vil/content/Print125009.htm || url,doc.emergingthreats.net/2000047 1 || 2000048 || 5 || attempted-admin || 0 || ET EXPLOIT CVS server heap overflow attempt (target Linux) || url,doc.emergingthreats.net/bin/view/Main/2000048 1 || 2000049 || 5 || attempted-admin || 0 || ET EXPLOIT CVS server heap overflow attempt (target Solaris) || url,doc.emergingthreats.net/bin/view/Main/2000049 1 || 2000105 || 5 || attempted-user || 0 || ET WEB_SERVER SQL sp_password attempt || url,doc.emergingthreats.net/2000105 1 || 2000106 || 5 || attempted-user || 0 || ET WEB_SERVER SQL sp_delete_alert attempt || url,doc.emergingthreats.net/2000106 1 || 2000306 || 29 || trojan-activity || 0 || ET DELETED Virtumonde Spyware siae3123.exe GET || url,sarc.com/avcenter/venc/data/adware.virtumonde.html || url,doc.emergingthreats.net/bin/view/Main/2000306 1 || 2000307 || 26 || trojan-activity || 0 || ET DELETED Virtumonde Spyware siae3123.exe GET (8081) || url,sarc.com/avcenter/venc/data/adware.virtumonde.html || url,doc.emergingthreats.net/bin/view/Main/2000307 1 || 2000308 || 24 || trojan-activity || 0 || ET DELETED Virtumonde Spyware Information Post || url,sarc.com/avcenter/venc/data/adware.virtumonde.html || url,doc.emergingthreats.net/bin/view/Main/2000308 1 || 2000309 || 8 || policy-violation || 0 || ET DELETED GotoMyPC Polling Client || url,doc.emergingthreats.net/2000309 1 || 2000327 || 10 || trojan-activity || 0 || ET DELETED Spyware 2020 || url,securityresponse.symantec.com/avcenter/venc/data/spyware.2020search.html || url,doc.emergingthreats.net/bin/view/Main/2000327 1 || 2000328 || 12 || misc-activity || 0 || ET POLICY Outbound Multiple Non-SMTP Server Emails || url,doc.emergingthreats.net/2000328 1 || 2000330 || 13 || policy-violation || 0 || ET P2P ed2k connection to server || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf || url,doc.emergingthreats.net/bin/view/Main/2000330 1 || 2000332 || 11 || policy-violation || 0 || ET P2P ed2k request part || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf || url,doc.emergingthreats.net/bin/view/Main/2000332 1 || 2000333 || 11 || policy-violation || 0 || ET P2P ed2k file request answer || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf || url,doc.emergingthreats.net/bin/view/Main/2000333 1 || 2000334 || 12 || policy-violation || 0 || ET P2P BitTorrent peer sync || url,bitconjurer.org/BitTorrent/protocol.html || url,doc.emergingthreats.net/bin/view/Main/2000334 1 || 2000335 || 9 || policy-violation || 0 || ET P2P Overnet (Edonkey) Server Announce || url,www.overnet.com || url,doc.emergingthreats.net/bin/view/Main/2000335 1 || 2000336 || 12 || trojan-activity || 0 || ET DELETED Yesadvertising Banking Spyware RETRIEVE || url,isc.sans.org/presentations/banking_malware.pdf || url,doc.emergingthreats.net/bin/view/Main/2000336 1 || 2000337 || 12 || trojan-activity || 0 || ET DELETED Yesadvertising Banking Spyware INFORMATION SUBMIT || url,isc.sans.org/presentations/banking_malware.pdf || url,doc.emergingthreats.net/bin/view/Main/2000337 1 || 2000338 || 5 || trojan-activity || 0 || ET P2P iroffer IRC Bot help message || url,iroffer.org || url,doc.emergingthreats.net/bin/view/Main/2000338 1 || 2000339 || 5 || trojan-activity || 0 || ET P2P iroffer IRC Bot offered files advertisement || url,iroffer.org || url,doc.emergingthreats.net/bin/view/Main/2000339 1 || 2000340 || 10 || policy-violation || 0 || ET P2P Kaaza Media desktop p2pnetworking.exe Activity || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf || url,doc.emergingthreats.net/bin/view/Main/2000340 1 || 2000341 || 10 || policy-violation || 0 || ET POLICY Yahoo Mail General Page View || url,doc.emergingthreats.net/2000341 1 || 2000342 || 6 || misc-attack || 0 || ET EXPLOIT Squid NTLM Auth Overflow Exploit || url,www.idefense.com/application/poi/display?id=107 || cve,CAN-2004-0541 || url,doc.emergingthreats.net/bin/view/Main/2000342 1 || 2000345 || 15 || trojan-activity || 0 || ET TROJAN IRC Nick change on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000345 1 || 2000346 || 12 || trojan-activity || 0 || ET DELETED IRC Name response on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000346 1 || 2000347 || 13 || trojan-activity || 0 || ET TROJAN IRC Private message on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000347 1 || 2000348 || 12 || trojan-activity || 0 || ET TROJAN IRC Channel JOIN on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000348 1 || 2000349 || 11 || policy-violation || 0 || ET TROJAN IRC DCC file transfer request on non-std port || url,doc.emergingthreats.net/bin/view/Main/2000349 1 || 2000350 || 11 || policy-violation || 0 || ET TROJAN IRC DCC chat request on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000350 1 || 2000351 || 11 || policy-violation || 0 || ET TROJAN IRC Channel join on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000351 1 || 2000352 || 10 || policy-violation || 0 || ET TROJAN IRC DNS request on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000352 1 || 2000355 || 5 || misc-activity || 0 || ET CHAT IRC authorization message || url,doc.emergingthreats.net/2000355 1 || 2000356 || 5 || misc-activity || 0 || ET POLICY IRC connection || url,doc.emergingthreats.net/2000356 1 || 2000357 || 8 || policy-violation || 0 || ET P2P BitTorrent Traffic || url,bitconjurer.org/BitTorrent/protocol.html || url,doc.emergingthreats.net/bin/view/Main/2000357 1 || 2000366 || 14 || trojan-activity || 0 || ET MALWARE Binet (download complete) || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html || url,doc.emergingthreats.net/bin/view/Main/2000366 1 || 2000367 || 11 || trojan-activity || 0 || ET MALWARE Binet (set_pix) || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html || url,doc.emergingthreats.net/bin/view/Main/2000367 1 || 2000369 || 6 || policy-violation || 0 || ET P2P BitTorrent Announce || url,bitconjurer.org/BitTorrent/protocol.html || url,doc.emergingthreats.net/bin/view/Main/2000369 1 || 2000371 || 12 || trojan-activity || 0 || ET MALWARE Binet (randreco.exe) || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html || url,doc.emergingthreats.net/bin/view/Main/2000371 1 || 2000372 || 8 || attempted-user || 0 || ET EXPLOIT MS-SQL SQL Injection running SQL statements line comment || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,doc.emergingthreats.net/bin/view/Main/2000372 1 || 2000373 || 7 || attempted-user || 0 || ET EXPLOIT MS-SQL SQL Injection line comment || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,doc.emergingthreats.net/bin/view/Main/2000373 1 || 2000377 || 7 || attempted-admin || 0 || ET EXPLOIT MS-SQL heap overflow attempt || url,www.nextgenss.com/papers/tp-SQL2000.pdf || url,doc.emergingthreats.net/bin/view/Main/2000377 1 || 2000378 || 8 || attempted-dos || 0 || ET EXPLOIT MS-SQL DOS attempt (08) || url,www.nextgenss.com/papers/tp-SQL2000.pdf || url,doc.emergingthreats.net/bin/view/Main/2000378 1 || 2000379 || 7 || attempted-dos || 0 || ET EXPLOIT MS-SQL DOS attempt (08) 1 byte || url,www.nextgenss.com/papers/tp-SQL2000.pdf || url,doc.emergingthreats.net/bin/view/Main/2000379 1 || 2000380 || 9 || attempted-admin || 0 || ET EXPLOIT MS-SQL Spike buffer overflow || bugtraq,5411 || url,doc.emergingthreats.net/bin/view/Main/2000380 1 || 2000381 || 8 || attempted-dos || 0 || ET EXPLOIT MS-SQL DOS bouncing packets || url,www.nextgenss.com/papers/tp-SQL2000.pdf || url,doc.emergingthreats.net/bin/view/Main/2000381 1 || 2000418 || 11 || policy-violation || 0 || ET POLICY Executable and linking format (ELF) file download || url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm || url,doc.emergingthreats.net/bin/view/Main/2000418 1 || 2000419 || 22 || policy-violation || 0 || ET POLICY PE EXE or DLL Windows file download || url,doc.emergingthreats.net/bin/view/Main/2000419 1 || 2000420 || 11 || misc-activity || 0 || ET POLICY REG files version 4 download || url,www.ss64.com/nt/regedit.html || url,doc.emergingthreats.net/bin/view/Main/2000420 1 || 2000421 || 10 || misc-activity || 0 || ET POLICY REG files version 5 download || url,www.ss64.com/nt/regedit.html || url,doc.emergingthreats.net/bin/view/Main/2000421 1 || 2000422 || 10 || misc-activity || 0 || ET POLICY REG files version 5 Unicode download || url,www.ss64.com/nt/regedit.html || url,doc.emergingthreats.net/bin/view/Main/2000422 1 || 2000423 || 10 || misc-activity || 0 || ET DELETED NE EXE OS2 file download || url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm || url,doc.emergingthreats.net/bin/view/Main/2000423 1 || 2000424 || 9 || misc-activity || 0 || ET DELETED LX EXE OS2 file download || url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm || url,doc.emergingthreats.net/bin/view/Main/2000424 1 || 2000425 || 9 || misc-activity || 0 || ET DELETED NE EXE Windows 3.x file download || url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm || url,doc.emergingthreats.net/bin/view/Main/2000425 1 || 2000426 || 9 || misc-activity || 0 || ET POLICY EXE compressed PKWARE Windows file download || url,www.program-transformation.org/Transform/PcExeFormat || url,doc.emergingthreats.net/bin/view/Main/2000426 1 || 2000427 || 14 || policy-violation || 0 || ET DELETED PE EXE Install Windows file download || url,www.program-transformation.org/Transform/PcExeFormat || url,doc.emergingthreats.net/bin/view/Main/2000427 1 || 2000428 || 10 || misc-activity || 0 || ET POLICY ZIP file download || url,zziplib.sourceforge.net/zzip-parse.print.html || url,doc.emergingthreats.net/bin/view/Main/2000428 1 || 2000429 || 9 || misc-activity || 0 || ET POLICY Download Windows Help File CHM 2 || url,www.speakeasy.org/~russotto/chm/chmformat.html || url,www.securiteam.com/windowsntfocus/6V00N000AU.html || url,doc.emergingthreats.net/bin/view/Main/2000429 1 || 2000466 || 7 || attempted-recon || 0 || ET MALWARE User-Agent (iexplore) || url,doc.emergingthreats.net/2000466 1 || 2000488 || 7 || attempted-user || 0 || ET EXPLOIT MS-SQL SQL Injection closing string plus line comment || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,doc.emergingthreats.net/bin/view/Main/2000488 1 || 2000489 || 9 || misc-activity || 0 || ET POLICY Download Windows Help File CHM || url,www.speakeasy.org/~russotto/chm/chmformat.html || url,www.securiteam.com/windowsntfocus/6V00N000AU.html || url,doc.emergingthreats.net/bin/view/Main/2000489 1 || 2000499 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access COM1 || url,doc.emergingthreats.net/bin/view/Main/2000499 1 || 2000500 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access COM2 || url,doc.emergingthreats.net/bin/view/Main/2000500 1 || 2000501 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access COM3 || url,doc.emergingthreats.net/bin/view/Main/2000501 1 || 2000502 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access COM4 || url,doc.emergingthreats.net/bin/view/Main/2000502 1 || 2000503 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT1 || url,doc.emergingthreats.net/bin/view/Main/2000503 1 || 2000504 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT2 || url,doc.emergingthreats.net/bin/view/Main/2000504 1 || 2000505 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT3 || url,doc.emergingthreats.net/bin/view/Main/2000505 1 || 2000506 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT4 || url,doc.emergingthreats.net/bin/view/Main/2000506 1 || 2000507 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access AUX || url,doc.emergingthreats.net/bin/view/Main/2000507 1 || 2000508 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access NULL || url,doc.emergingthreats.net/bin/view/Main/2000508 1 || 2000514 || 8 || misc-attack || 0 || ET MALWARE IE homepage hijacking || url,www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm || url,doc.emergingthreats.net/bin/view/Main/2000514 1 || 2000519 || 11 || misc-attack || 0 || ET MALWARE shell browser vulnerability W9x/XP || url,www.packetfocus.com/shell_exploit.htm || url,doc.emergingthreats.net/bin/view/Main/2000519 1 || 2000520 || 11 || misc-attack || 0 || ET MALWARE shell browser vulnerability NT/2K || url,www.packetfocus.com/shell_exploit.htm || url,doc.emergingthreats.net/bin/view/Main/2000520 1 || 2000536 || 7 || attempted-recon || 0 || ET SCAN NMAP -sO || url,doc.emergingthreats.net/2000536 1 || 2000537 || 8 || attempted-recon || 0 || ET SCAN NMAP -sS window 2048 || url,doc.emergingthreats.net/2000537 1 || 2000538 || 8 || attempted-recon || 0 || ET SCAN NMAP -sA (1) || url,doc.emergingthreats.net/2000538 1 || 2000540 || 8 || attempted-recon || 0 || ET SCAN NMAP -sA (2) || url,doc.emergingthreats.net/2000540 1 || 2000543 || 7 || attempted-recon || 0 || ET SCAN NMAP -f -sF || url,doc.emergingthreats.net/2000543 1 || 2000544 || 7 || attempted-recon || 0 || ET SCAN NMAP -f -sN || url,doc.emergingthreats.net/2000544 1 || 2000545 || 7 || attempted-recon || 0 || ET SCAN NMAP -f -sS || url,doc.emergingthreats.net/2000545 1 || 2000546 || 7 || attempted-recon || 0 || ET SCAN NMAP -f -sX || url,doc.emergingthreats.net/2000546 1 || 2000559 || 14 || web-application-attack || 0 || ET WEB_SERVER THCIISLame IIS SSL Exploit Attempt || url,www.thc.org/exploits/THCIISSLame.c || url,isc.sans.org/diary.php?date=2004-07-17 || url,doc.emergingthreats.net/2000559 1 || 2000560 || 10 || misc-activity || 0 || ET POLICY HTTP CONNECT Tunnel Attempt Inbound || url,doc.emergingthreats.net/2000560 1 || 2000562 || 12 || suspicious-filename-detect || 0 || ET TROJAN OUTBOUND Suspicious Email Attachment || url,doc.emergingthreats.net/2000562 1 || 2000563 || 11 || misc-attack || 0 || ET EXPLOIT Pwdump3e Password Hash Retrieval port 445 || url,doc.emergingthreats.net/bin/view/Main/2000563 1 || 2000564 || 9 || misc-attack || 0 || ET EXPLOIT Pwdump3e pwservice.exe Access port 445 || url,doc.emergingthreats.net/bin/view/Main/2000564 1 || 2000565 || 8 || suspicious-login || 0 || ET EXPLOIT Pwdump3e Session Established Reg-Entry port 139 || url,doc.emergingthreats.net/bin/view/Main/2000565 1 || 2000566 || 8 || suspicious-login || 0 || ET EXPLOIT Pwdump3e Session Established Reg-Entry port 445 || url,doc.emergingthreats.net/bin/view/Main/2000566 1 || 2000567 || 8 || misc-attack || 0 || ET EXPLOIT Pwdump3e pwservice.exe Access port 139 || url,doc.emergingthreats.net/bin/view/Main/2000567 1 || 2000568 || 10 || misc-attack || 0 || ET EXPLOIT Pwdump3e Password Hash Retrieval port 139 || url,doc.emergingthreats.net/bin/view/Main/2000568 1 || 2000569 || 6 || policy-violation || 0 || ET DELETED KitCo Kcast Ticker (agtray) || url,doc.emergingthreats.net/2000569 1 || 2000570 || 6 || policy-violation || 0 || ET DELETED KitCo Kcast Ticker (autray) || url,doc.emergingthreats.net/2000570 1 || 2000571 || 8 || policy-violation || 0 || ET POLICY AOL Webmail Message Send || url,doc.emergingthreats.net/bin/view/Main/2000571 1 || 2000572 || 7 || policy-violation || 0 || ET POLICY AOL Webmail Login || url,doc.emergingthreats.net/bin/view/Main/2000572 1 || 2000574 || 11 || trojan-activity || 0 || ET MALWARE Bargain Buddy || url,www.doxdesk.com/parasite/BargainBuddy.html || url,doc.emergingthreats.net/bin/view/Main/2000574 1 || 2000575 || 7 || misc-activity || 0 || ET SCAN ICMP PING IPTools || url,www.ks-soft.net/ip-tools.eng || url,www.ks-soft.net/ip-tools.eng/index.htm || url,doc.emergingthreats.net/2000575 1 || 2000577 || 10 || policy-violation || 0 || ET DELETED Popuptraffic.com Bot Reporting || url,popuptraffic.com || url,doc.emergingthreats.net/bin/view/Main/2000577 1 || 2000580 || 9 || policy-violation || 0 || ET MALWARE Shop At Home Select.com Install Attempt || url,www.spywareguide.com/product_show.php?id=700 || url,www.shopathomeselect.com || url,doc.emergingthreats.net/bin/view/Main/2000580 1 || 2000581 || 10 || policy-violation || 0 || ET MALWARE Shop At Home Select.com Install Download || url,www.spywareguide.com/product_show.php?id=700 || url,www.shopathomeselect.com || url,doc.emergingthreats.net/bin/view/Main/2000581 1 || 2000582 || 9 || trojan-activity || 0 || ET MALWARE F1Organizer Reporting || url,doc.emergingthreats.net/bin/view/Main/2000582 1 || 2000583 || 9 || trojan-activity || 0 || ET MALWARE Mindset Interactive Install (1) || url,www.mindsetinteractive.com || url,doc.emergingthreats.net/bin/view/Main/2000583 1 || 2000584 || 9 || trojan-activity || 0 || ET MALWARE Mindset Interactive Install (2) || url,www.mindsetinteractive.com || url,doc.emergingthreats.net/bin/view/Main/2000584 1 || 2000585 || 9 || trojan-activity || 0 || ET MALWARE F1Organizer Install Attempt || url,doc.emergingthreats.net/bin/view/Main/2000585 1 || 2000586 || 32 || trojan-activity || 0 || ET MALWARE Ezula Related User-Agent (mez) || url,www.ezula.com || url,www.spyany.com/program/article_spw_rm_eZuLa.html || url,doc.emergingthreats.net/2000586 1 || 2000587 || 12 || trojan-activity || 0 || ET MALWARE SpywareLabs VirtualBouncer Seeking Instructions || url,securityresponse.symantec.com/avcenter/venc/data/adware.virtualbouncer.html || url,doc.emergingthreats.net/bin/view/Main/2000587 1 || 2000588 || 11 || trojan-activity || 0 || ET MALWARE TopMoxie Reporting Data to External Host || url,www.topmoxie.com || url,doc.emergingthreats.net/bin/view/Main/2000588 1 || 2000589 || 9 || trojan-activity || 0 || ET MALWARE TopMoxie Retrieving Data (downloads) || url,www.topmoxie.com || url,doc.emergingthreats.net/bin/view/Main/2000589 1 || 2000590 || 9 || trojan-activity || 0 || ET MALWARE TopMoxie Retrieving Data (common) || url,www.topmoxie.com || url,doc.emergingthreats.net/bin/view/Main/2000590 1 || 2000593 || 9 || trojan-activity || 0 || ET MALWARE Binet Ad Retrieval || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html || url,doc.emergingthreats.net/bin/view/Main/2000593 1 || 2000594 || 7 || trojan-activity || 0 || ET MALWARE Mindset Interactive Ad Retrieval || url,www.mindsetinteractive.com || url,doc.emergingthreats.net/bin/view/Main/2000594 1 || 2000595 || 11 || policy-violation || 0 || ET DELETED Gator Checkin || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999 || url,doc.emergingthreats.net/bin/view/Main/2000595 1 || 2000596 || 14 || policy-violation || 0 || ET MALWARE Gator/Claria Data Submission || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999 || url,doc.emergingthreats.net/bin/view/Main/2000596 1 || 2000597 || 9 || policy-violation || 0 || ET MALWARE Gator New Code Download || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999 || url,doc.emergingthreats.net/bin/view/Main/2000597 1 || 2000598 || 9 || policy-violation || 0 || ET DELETED Altnet PeerPoints Manager Data Submission || url,securityresponse.symantec.com/avcenter/venc/data/adware.topsearch.html || url,doc.emergingthreats.net/bin/view/Main/2000598 1 || 2000599 || 8 || policy-violation || 0 || ET MALWARE Fun Web Products Install || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2000599 1 || 2000600 || 13 || trojan-activity || 0 || ET MALWARE MyWebSearch Toolbar Receiving Configuration || url,doc.emergingthreats.net/bin/view/Main/2000600 1 || 2000601 || 7 || trojan-activity || 0 || ET MALWARE Salongas Infection || url,doc.emergingthreats.net/bin/view/Main/2000601 1 || 2000900 || 8 || trojan-activity || 0 || ET MALWARE JoltID Agent Probing or Announcing UDP || url,www.joltid.com || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,doc.emergingthreats.net/bin/view/Main/2000900 1 || 2000901 || 9 || trojan-activity || 0 || ET MALWARE JoltID Agent Communicating TCP || url,www.joltid.com || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,doc.emergingthreats.net/bin/view/Main/2000901 1 || 2000902 || 9 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Configuration Access || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2000902 1 || 2000903 || 8 || trojan-activity || 0 || ET MALWARE Avres Agent Receiving Instructions || url,www.avres.net || url,ar.avres.net/ie/updatenew/ || url,doc.emergingthreats.net/bin/view/Main/2000903 1 || 2000905 || 9 || trojan-activity || 0 || ET MALWARE FlashPoint Agent Retrieving New Code || url,www.flashpoint.bm || url,doc.emergingthreats.net/bin/view/Main/2000905 1 || 2000906 || 9 || policy-violation || 0 || ET DELETED Altnet PeerPoints Manager Start || url,securityresponse.symantec.com/avcenter/venc/data/adware.topsearch.html || url,doc.emergingthreats.net/bin/view/Main/2000906 1 || 2000907 || 10 || policy-violation || 0 || ET DELETED Altnet PeerPoints Manager Settings Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.topsearch.html || url,doc.emergingthreats.net/bin/view/Main/2000907 1 || 2000908 || 12 || policy-violation || 0 || ET MALWARE WhenUClick.com App and Search Bar Install (1) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000908 1 || 2000909 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com App and Search Bar Install (2) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000909 1 || 2000910 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com Clock Sync App Checkin || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000910 1 || 2000911 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com Weather App Checkin || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000911 1 || 2000912 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com Clock Sync App Checkin (1) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000912 1 || 2000913 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com Clock Sync App Checkin (2) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000913 1 || 2000914 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com Weather App Checkin (1) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000914 1 || 2000915 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com Weather App Checkin (2) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000915 1 || 2000916 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com WhenUSave App Checkin || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000916 1 || 2000917 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com WhenUSave Data Retrieval (offersdata) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000917 1 || 2000918 || 10 || policy-violation || 0 || ET MALWARE WhenUClick.com Desktop Bar Install || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000918 1 || 2000919 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com WhenUSave Data Retrieval (Searchdb) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000919 1 || 2000920 || 11 || trojan-activity || 0 || ET MALWARE Hotbar Install (1) || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000920 1 || 2000921 || 10 || trojan-activity || 0 || ET MALWARE Hotbar Install (2) || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000921 1 || 2000922 || 10 || trojan-activity || 0 || ET MALWARE Hotbar Install (3) || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000922 1 || 2000923 || 11 || trojan-activity || 0 || ET MALWARE Hotbar Agent Reporting Information || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000923 1 || 2000924 || 10 || trojan-activity || 0 || ET MALWARE Hotbar Agent Upgrading || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000924 1 || 2000925 || 9 || trojan-activity || 0 || ET MALWARE Hotbar Agent Partner Checkin || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000925 1 || 2000927 || 9 || trojan-activity || 0 || ET MALWARE ISearchTech.com XXXPornToolbar Reporting || url,www.isearchtech.com || url,doc.emergingthreats.net/bin/view/Main/2000927 1 || 2000928 || 10 || trojan-activity || 0 || ET MALWARE ISearchTech.com XXXPornToolbar Activity (1) || url,www.isearchtech.com || url,doc.emergingthreats.net/bin/view/Main/2000928 1 || 2000929 || 10 || trojan-activity || 0 || ET MALWARE Hotbar Agent Activity || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000929 1 || 2000930 || 10 || trojan-activity || 0 || ET DELETED 180solutions Update Engine || url,www.safer-networking.org/index.php?page=threats&detail=212 || url,doc.emergingthreats.net/bin/view/Main/2000930 1 || 2000931 || 10 || policy-violation || 0 || ET MALWARE Comet Systems Spyware Traffic || url,doc.emergingthreats.net/bin/view/Main/2000931 1 || 2000932 || 8 || trojan-activity || 0 || ET MALWARE Keenvalue Update Engine || url,www.safer-networking.org/index.php?page=updatehistory&detail=2003-11-24 || url,doc.emergingthreats.net/bin/view/Main/2000932 1 || 2000934 || 10 || trojan-activity || 0 || ET DELETED 2020search Update Engine || url,www.safer-networking.org/index.php?page=updatehistory&detail=2004-03-04 || url,doc.emergingthreats.net/bin/view/Main/2000934 1 || 2000936 || 9 || trojan-activity || 0 || ET MALWARE FlashTrack Agent Retrieving New App Code || url,www.flashpoint.bm || url,doc.emergingthreats.net/bin/view/Main/2000936 1 || 2001013 || 9 || policy-violation || 0 || ET MALWARE Fun Web Products SmileyCentral || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2001013 1 || 2001015 || 9 || trojan-activity || 0 || ET MALWARE JoltID Agent Keep-Alive || url,www.joltid.com || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,doc.emergingthreats.net/bin/view/Main/2001015 1 || 2001016 || 10 || policy-violation || 0 || ET MALWARE SideStep Bar Install || url,www.sidestep.com || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,doc.emergingthreats.net/bin/view/Main/2001016 1 || 2001017 || 10 || policy-violation || 0 || ET MALWARE SideStep Bar Reporting Data || url,www.sidestep.com || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,doc.emergingthreats.net/bin/view/Main/2001017 1 || 2001022 || 5 || bad-unknown || 0 || ET EXPLOIT Invalid non-fragmented packet with fragment offset>0 || url,doc.emergingthreats.net/bin/view/Main/2001022 1 || 2001023 || 5 || bad-unknown || 0 || ET EXPLOIT Invalid fragment - ACK reset || url,doc.emergingthreats.net/bin/view/Main/2001023 1 || 2001024 || 5 || bad-unknown || 0 || ET EXPLOIT Invalid fragment - illegal flags || url,doc.emergingthreats.net/bin/view/Main/2001024 1 || 2001031 || 9 || trojan-activity || 0 || ET MALWARE Casino on Net Reporting Data || url,www.888casino.net || url,doc.emergingthreats.net/bin/view/Main/2001031 1 || 2001032 || 9 || trojan-activity || 0 || ET MALWARE Casino on Net Ping Hit || url,www.888casino.net || url,doc.emergingthreats.net/bin/view/Main/2001032 1 || 2001033 || 9 || trojan-activity || 0 || ET MALWARE Casino on Net Data Download || url,www.888casino.net || url,doc.emergingthreats.net/bin/view/Main/2001033 1 || 2001034 || 23 || policy-violation || 0 || ET DELETED Fun Web Products Adware Agent Traffic || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2001034 1 || 2001035 || 8 || policy-violation || 0 || ET P2P Morpheus Install || url,www.morpheus.com || url,doc.emergingthreats.net/bin/view/Main/2001035 1 || 2001036 || 8 || policy-violation || 0 || ET P2P Morpheus Install ini Download || url,www.morpheus.com || url,doc.emergingthreats.net/bin/view/Main/2001036 1 || 2001037 || 8 || policy-violation || 0 || ET P2P Morpheus Update Request || url,www.morpheus.com || url,doc.emergingthreats.net/bin/view/Main/2001037 1 || 2001038 || 9 || policy-violation || 0 || ET MALWARE Ebates Install || url,www.pestpatrol.com/PestInfo/e/ebates_moneymaker.asp || url,doc.emergingthreats.net/bin/view/Main/2001038 1 || 2001040 || 10 || trojan-activity || 0 || ET MALWARE My Search Bar Install || url,www.2-spyware.com/parasite-my-search-bar.html || url,doc.emergingthreats.net/bin/view/Main/2001040 1 || 2001041 || 9 || trojan-activity || 0 || ET MALWARE Casino on Net Install || url,www.888casino.net || url,doc.emergingthreats.net/bin/view/Main/2001041 1 || 2001043 || 12 || policy-violation || 0 || ET DELETED Fun Web Products MyWay Agent Traffic || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2001043 1 || 2001044 || 8 || policy-violation || 0 || ET POLICY Yahoo Briefcase Upload || url,doc.emergingthreats.net/2001044 1 || 2001046 || 13 || misc-activity || 0 || ET TROJAN UPX compressed file download possible malware || url,doc.emergingthreats.net/2001046 1 || 2001047 || 13 || misc-activity || 0 || ET MALWARE UPX encrypted file download possible malware || url,doc.emergingthreats.net/2001047 1 || 2001048 || 9 || misc-activity || 0 || ET WEB_CLIENT IE process injection iexplore.exe executable download || url,doc.emergingthreats.net/bin/view/Main/2001048 1 || 2001050 || 9 || policy-violation || 0 || ET MALWARE CometSystems Spyware || url,doc.emergingthreats.net/bin/view/Main/2001050 1 || 2001052 || 8 || misc-activity || 0 || ET EXPLOIT NTDump Session Established Reg-Entry port 139 || url,doc.emergingthreats.net/bin/view/Main/2001052 1 || 2001053 || 7 || misc-activity || 0 || ET EXPLOIT NTDump.exe Service Started port 139 || url,doc.emergingthreats.net/bin/view/Main/2001053 1 || 2001055 || 6 || attempted-admin || 0 || ET MISC HP Web JetAdmin ExecuteFile admin access || bugtraq,10224 || url,doc.emergingthreats.net/2001055 1 || 2001056 || 7 || misc-activity || 0 || ET WORM W32/Sasser.worm.b || url,securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html || url,doc.emergingthreats.net/2001056 1 || 2001057 || 7 || misc-activity || 0 || ET WORM W32/Sasser.worm.a || url,securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html || url,doc.emergingthreats.net/2001057 1 || 2001058 || 8 || attempted-admin || 0 || ET EXPLOIT libpng tRNS overflow attempt || cve,CAN-2004-0597 || url,doc.emergingthreats.net/bin/view/Main/2001058 1 || 2001059 || 9 || policy-violation || 0 || ET P2P Ares traffic || url,www.aresgalaxy.org || url,doc.emergingthreats.net/bin/view/Main/2001059 1 || 2001066 || 8 || misc-activity || 0 || ET TROJAN IE Ilookup Trojan || url,62.131.86.111/analysis.htm || url,doc.emergingthreats.net/2001066 1 || 2001099 || 10 || misc-attack || 0 || ET WEB_CLIENT Attempt to execute VBScript code || url,doc.emergingthreats.net/bin/view/Main/2001099 1 || 2001101 || 13 || misc-attack || 0 || ET WEB_CLIENT Stealth attempt to execute Javascript code || url,doc.emergingthreats.net/bin/view/Main/2001101 1 || 2001102 || 13 || misc-attack || 0 || ET WEB_CLIENT Stealth attempt to execute VBScript code || url,doc.emergingthreats.net/bin/view/Main/2001102 1 || 2001103 || 13 || misc-attack || 0 || ET WEB_CLIENT Stealth attempt to access SHELL#=#= || url,doc.emergingthreats.net/bin/view/Main/2001103 1 || 2001105 || 11 || misc-activity || 0 || ET WEB_CLIENT Javascript execution with expression eval || url,www.securiteam.com/exploits/3D5Q4RFPPK.html || url,doc.emergingthreats.net/bin/view/Main/2001105 1 || 2001106 || 10 || misc-activity || 0 || ET WEB_CLIENT Javascript execution with expression eval hex || url,www.securiteam.com/exploits/3D5Q4RFPPK.html || url,doc.emergingthreats.net/bin/view/Main/2001106 1 || 2001114 || 9 || bad-unknown || 0 || ET POLICY Mozilla XPI install files download || url,doc.emergingthreats.net/2001114 1 || 2001115 || 7 || bad-unknown || 0 || ET POLICY MSI (microsoft installer file) download || url,doc.emergingthreats.net/bin/view/Main/2001115 1 || 2001116 || 6 || not-suspicious || 0 || ET DNS Standard query response, Format error || url,doc.emergingthreats.net/2001116 1 || 2001117 || 6 || not-suspicious || 0 || ET DNS Standard query response, Name Error || url,doc.emergingthreats.net/2001117 1 || 2001118 || 6 || not-suspicious || 0 || ET DNS Standard query response, Not Implemented || url,doc.emergingthreats.net/2001118 1 || 2001119 || 6 || not-suspicious || 0 || ET DNS Standard query response, Refused || url,doc.emergingthreats.net/2001119 1 || 2001181 || 12 || misc-attack || 0 || ET ACTIVEX Internet Explorer Plugin.ocx Heap Overflow || url,www.hnc3k.com/ievulnerabil.htm || url,doc.emergingthreats.net/bin/view/Main/2001181 1 || 2001182 || 11 || misc-attack || 0 || ET WEB_CLIENT IE trojan Ants3set 1.exe - process injection || url,doc.emergingthreats.net/bin/view/Main/2001182 1 || 2001185 || 8 || policy-violation || 0 || ET P2P Soulseek traffic (1) || url,www.slsknet.org || url,doc.emergingthreats.net/bin/view/Main/2001185 1 || 2001186 || 8 || policy-violation || 0 || ET P2P Soulseek traffic (2) || url,www.slsknet.org || url,doc.emergingthreats.net/bin/view/Main/2001186 1 || 2001187 || 6 || policy-violation || 0 || ET P2P Soulseek Filesearch Results || url,www.slsknet.org || url,doc.emergingthreats.net/bin/view/Main/2001187 1 || 2001188 || 8 || policy-violation || 0 || ET P2P Soulseek || url,www.slsknet.org || url,doc.emergingthreats.net/bin/view/Main/2001188 1 || 2001190 || 11 || misc-activity || 0 || ET DELETED libPNG - Possible NULL-pointer crash in png_handle_iCCP || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html || url,doc.emergingthreats.net/bin/view/Main/2001190 1 || 2001191 || 11 || misc-activity || 0 || ET EXPLOIT libPNG - Width exceeds limit || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html || url,doc.emergingthreats.net/bin/view/Main/2001191 1 || 2001192 || 11 || misc-activity || 0 || ET DELETED libPNG - Height exceeds limit || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html || url,doc.emergingthreats.net/bin/view/Main/2001192 1 || 2001195 || 9 || misc-activity || 0 || ET EXPLOIT libPNG - Possible integer overflow in allocation in png_handle_sPLT || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html || url,doc.emergingthreats.net/bin/view/Main/2001195 1 || 2001197 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPNuke SQL injection attempt || url,www.waraxe.us/index.php?modname=sa&id=35 || url,doc.emergingthreats.net/2001197 1 || 2001198 || 8 || trojan-activity || 0 || ET MALWARE Twaintec Download Attempt || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp || url,doc.emergingthreats.net/bin/view/Main/2001198 1 || 2001199 || 8 || trojan-activity || 0 || ET MALWARE Twaintec Ad Retrieval || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp || url,doc.emergingthreats.net/bin/view/Main/2001199 1 || 2001202 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPNuke general SQL injection attempt || url,www.waraxe.us/?modname=sa&id=030 || url,www.waraxe.us/?modname=sa&id=036 || url,doc.emergingthreats.net/2001202 1 || 2001216 || 8 || trojan-activity || 0 || ET MALWARE Twaintec Reporting Data || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp || url,doc.emergingthreats.net/bin/view/Main/2001216 1 || 2001217 || 11 || attempted-admin || 0 || ET EXPLOIT Adobe Acrobat Reader Malicious URL Null Byte || url,idefense.com/application/poi/display?id=126&type=vulnerabilities || url,www.securiteam.com/windowsntfocus/5BP0D20DPW.html || cve,2004-0629 || url,doc.emergingthreats.net/bin/view/Main/2001217 1 || 2001218 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPNuke general XSS attempt || url,www.waraxe.us/?modname=sa&id=030 || url,doc.emergingthreats.net/2001218 1 || 2001219 || 18 || attempted-recon || 0 || ET SCAN Potential SSH Scan || url,en.wikipedia.org/wiki/Brute_force_attack || url,doc.emergingthreats.net/2001219 1 || 2001221 || 8 || trojan-activity || 0 || ET MALWARE F1Organizer Config Download || url,doc.emergingthreats.net/bin/view/Main/2001221 1 || 2001222 || 9 || trojan-activity || 0 || ET DELETED Default-homepage-network.com Access || url,default-homepage-network.com/start.cgi?new-hkcu || url,doc.emergingthreats.net/bin/view/Main/2001222 1 || 2001223 || 9 || trojan-activity || 0 || ET MALWARE Regnow.com Access || url,www.regnow.com || url,doc.emergingthreats.net/bin/view/Main/2001223 1 || 2001224 || 9 || trojan-activity || 0 || ET MALWARE Regnow.com Gamehouse.com Access || url,www.gamehouse.com || url,doc.emergingthreats.net/bin/view/Main/2001224 1 || 2001225 || 11 || policy-violation || 0 || ET DELETED Statblaster Receiving New configuration (update) || url,securityresponse.symantec.com/avcenter/venc/data/adware.statblaster.html || url,doc.emergingthreats.net/bin/view/Main/2001225 1 || 2001228 || 10 || policy-violation || 0 || ET MALWARE Advertising.com Data Post (villains) || url,securityresponse.symantec.com/avcenter/venc/data/adware.fastseek.html || url,doc.emergingthreats.net/bin/view/Main/2001228 1 || 2001230 || 10 || policy-violation || 0 || ET MALWARE Advertising.com Data Post (cakedeal) || url,securityresponse.symantec.com/avcenter/venc/data/adware.fastseek.html || url,doc.emergingthreats.net/bin/view/Main/2001230 1 || 2001233 || 8 || trojan-activity || 0 || ET WORM Possible CIA Trojan download/upload attempt || url,doc.emergingthreats.net/2001233 1 || 2001235 || 13 || misc-activity || 0 || ET DELETED Weatherbug || url,doc.emergingthreats.net/bin/view/Main/2001235 1 || 2001238 || 9 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Possible Xedus Webserver Directory Traversal Attempt || url,www.gulftech.org/?node=research&article_id=00047-08302004 || url,doc.emergingthreats.net/2001238 1 || 2001239 || 9 || not-suspicious || 0 || ET POLICY Cisco Device in Config Mode || url,doc.emergingthreats.net/bin/view/Main/2001239 1 || 2001240 || 9 || not-suspicious || 0 || ET POLICY Cisco Device New Config Built || url,doc.emergingthreats.net/bin/view/Main/2001240 1 || 2001241 || 5 || policy-violation || 0 || ET CHAT MSN file transfer request || url,doc.emergingthreats.net/2001241 1 || 2001242 || 5 || policy-violation || 0 || ET CHAT MSN file transfer accept || url,doc.emergingthreats.net/2001242 1 || 2001243 || 5 || policy-violation || 0 || ET CHAT MSN file transfer reject || url,doc.emergingthreats.net/2001243 1 || 2001253 || 7 || policy-violation || 0 || ET DELETED Yahoo IM successful logon || url,doc.emergingthreats.net/2001253 1 || 2001254 || 5 || policy-violation || 0 || ET CHAT Yahoo IM voicechat || url,doc.emergingthreats.net/2001254 1 || 2001255 || 6 || policy-violation || 0 || ET CHAT Yahoo IM ping || url,doc.emergingthreats.net/2001255 1 || 2001256 || 5 || policy-violation || 0 || ET CHAT Yahoo IM conference invitation || url,doc.emergingthreats.net/2001256 1 || 2001257 || 5 || policy-violation || 0 || ET CHAT Yahoo IM conference logon success || url,doc.emergingthreats.net/2001257 1 || 2001258 || 5 || policy-violation || 0 || ET CHAT Yahoo IM conference message || url,doc.emergingthreats.net/2001258 1 || 2001259 || 6 || policy-violation || 0 || ET CHAT Yahoo IM file transfer request || url,doc.emergingthreats.net/2001259 1 || 2001260 || 6 || policy-violation || 0 || ET CHAT Yahoo IM message || url,doc.emergingthreats.net/2001260 1 || 2001261 || 6 || policy-violation || 0 || ET DELETED Yahoo IM successful chat join || url,doc.emergingthreats.net/2001261 1 || 2001262 || 5 || policy-violation || 0 || ET CHAT Yahoo IM conference offer invitation || url,doc.emergingthreats.net/2001262 1 || 2001263 || 5 || policy-violation || 0 || ET CHAT Yahoo IM conference request || url,doc.emergingthreats.net/2001263 1 || 2001264 || 5 || policy-violation || 0 || ET CHAT Yahoo IM conference watch || url,doc.emergingthreats.net/2001264 1 || 2001266 || 15 || trojan-activity || 0 || ET DELETED Browseraid.com Agent Reporting Data || url,www.browseraid.com || url,doc.emergingthreats.net/bin/view/Main/2001266 1 || 2001267 || 18 || misc-activity || 0 || ET POLICY Weatherbug Activity || url,doc.emergingthreats.net/bin/view/Main/2001267 1 || 2001269 || 16 || trojan-activity || 0 || ET WORM Beagle User Agent Detected || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.i@mm.html || url,doc.emergingthreats.net/2001269 1 || 2001273 || 13 || trojan-activity || 0 || ET WORM Outbound W32.Novarg.A worm || url,securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.a@mm.html || url,doc.emergingthreats.net/2001273 1 || 2001293 || 13 || trojan-activity || 0 || ET DELETED Featured-Results.com Agent Reporting Data || url,www.featured-results.com || url,doc.emergingthreats.net/bin/view/Main/2001293 1 || 2001294 || 5 || successful-admin || 0 || ET POLICY Dameware Remote Control Service Install || url,doc.emergingthreats.net/2001294 1 || 2001295 || 24 || trojan-activity || 0 || ET DELETED Browseraid.com User-Agent (Browser Adv) || url,www.browseraid.com || url,doc.emergingthreats.net/2001295 1 || 2001296 || 9 || policy-violation || 0 || ET P2P eDonkey File Status || url,www.edonkey.com || url,doc.emergingthreats.net/bin/view/Main/2001296 1 || 2001297 || 10 || policy-violation || 0 || ET P2P eDonkey File Status Request || url,www.edonkey.com || url,doc.emergingthreats.net/bin/view/Main/2001297 1 || 2001298 || 9 || policy-violation || 0 || ET P2P eDonkey Server Status Request || url,www.edonkey.com || url,doc.emergingthreats.net/bin/view/Main/2001298 1 || 2001299 || 9 || policy-violation || 0 || ET P2P eDonkey Server Status || url,www.edonkey.com || url,doc.emergingthreats.net/bin/view/Main/2001299 1 || 2001304 || 10 || trojan-activity || 0 || ET DELETED Browseraid.com Agent Updating || url,www.browseraid.com || url,doc.emergingthreats.net/bin/view/Main/2001304 1 || 2001306 || 11 || policy-violation || 0 || ET MALWARE Gator/Clarian Agent || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999 || url,doc.emergingthreats.net/bin/view/Main/2001306 1 || 2001307 || 8 || trojan-activity || 0 || ET MALWARE Wild Tangent Agent Installation || url,www.spyany.com/program/article_spw_rm_WildTangent.html || url,www.wildtangent.com || url,doc.emergingthreats.net/bin/view/Main/2001307 1 || 2001308 || 11 || policy-violation || 0 || ET MALWARE Internet Optomizer Reporting Data || url,securityresponse.symantec.com/avcenter/venc/data/adware.netoptimizer.html || url,doc.emergingthreats.net/bin/view/Main/2001308 1 || 2001309 || 8 || trojan-activity || 0 || ET MALWARE Wild Tangent Agent Checking In || url,www.spyany.com/program/article_spw_rm_WildTangent.html || url,www.wildtangent.com || url,doc.emergingthreats.net/bin/view/Main/2001309 1 || 2001310 || 8 || trojan-activity || 0 || ET MALWARE Wild Tangent Agent Traffic || url,www.spyany.com/program/article_spw_rm_WildTangent.html || url,www.wildtangent.com || url,doc.emergingthreats.net/bin/view/Main/2001310 1 || 2001311 || 7 || trojan-activity || 0 || ET MALWARE Rdxrp.com Traffic || url,doc.emergingthreats.net/bin/view/Main/2001311 1 || 2001312 || 7 || trojan-activity || 0 || ET MALWARE Rdxrp.com Traffic (Generic) || url,doc.emergingthreats.net/bin/view/Main/2001312 1 || 2001313 || 8 || policy-violation || 0 || ET MALWARE Traffic Syndicate Add/Remove || url,doc.emergingthreats.net/bin/view/Main/2001313 1 || 2001314 || 8 || trojan-activity || 0 || ET MALWARE Wild Tangent Agent || url,www.spyany.com/program/article_spw_rm_WildTangent.html || url,www.wildtangent.com || url,doc.emergingthreats.net/bin/view/Main/2001314 1 || 2001315 || 10 || policy-violation || 0 || ET MALWARE Traffic Syndicate Agent Updating (1) || url,doc.emergingthreats.net/bin/view/Main/2001315 1 || 2001316 || 10 || policy-violation || 0 || ET MALWARE Traffic Syndicate Agent Updating (2) || url,doc.emergingthreats.net/bin/view/Main/2001316 1 || 2001317 || 10 || trojan-activity || 0 || ET MALWARE Webhancer Data Upload || url,securityresponse.symantec.com/avcenter/venc/data/spyware.webhancer.html || url,doc.emergingthreats.net/bin/view/Main/2001317 1 || 2001318 || 8 || policy-violation || 0 || ET DELETED Adwave Agent Access || url,www.intermute.com/spyware/HuntBar.html || url,doc.emergingthreats.net/bin/view/Main/2001318 1 || 2001320 || 7 || trojan-activity || 0 || ET DELETED Speedera Agent || url,doc.emergingthreats.net/bin/view/Main/2001320 1 || 2001321 || 7 || trojan-activity || 0 || ET MALWARE Speedera Agent (Specific) || url,doc.emergingthreats.net/bin/view/Main/2001321 1 || 2001322 || 8 || trojan-activity || 0 || ET MALWARE Wild Tangent New Install || url,www.spyany.com/program/article_spw_rm_WildTangent.html || url,www.wildtangent.com || url,doc.emergingthreats.net/bin/view/Main/2001322 1 || 2001325 || 10 || trojan-activity || 0 || ET MALWARE Websearch.com Spyware || mcafee,131461 || url,doc.emergingthreats.net/bin/view/Main/2001325 1 || 2001328 || 13 || policy-violation || 0 || ET POLICY SSN Detected in Clear Text (dashed) || url,doc.emergingthreats.net/2001328 1 || 2001329 || 8 || misc-activity || 0 || ET POLICY RDP connection request || url,doc.emergingthreats.net/2001329 1 || 2001330 || 8 || misc-activity || 0 || ET POLICY RDP connection confirm || url,doc.emergingthreats.net/2001330 1 || 2001331 || 8 || misc-activity || 0 || ET POLICY RDP disconnect request || url,doc.emergingthreats.net/2001331 1 || 2001334 || 8 || trojan-activity || 0 || ET MALWARE Ezula || url,www.ezula.com || url,www.spyany.com/program/article_spw_rm_eZuLa.html || url,doc.emergingthreats.net/bin/view/Main/2001334 1 || 2001335 || 9 || trojan-activity || 0 || ET MALWARE Ezula Installer Download || url,www.ezula.com || url,www.spyany.com/program/article_spw_rm_eZuLa.html || url,doc.emergingthreats.net/bin/view/Main/2001335 1 || 2001337 || 7 || trojan-activity || 0 || ET WORM Korgo.P offering executable || url,www.f-secure.com/v-descs/korgo_p.shtml || url,doc.emergingthreats.net/2001337 1 || 2001338 || 8 || trojan-activity || 0 || ET WORM Korgo.P binary upload || url,www.f-secure.com/v-descs/korgo_p.shtml || url,doc.emergingthreats.net/2001338 1 || 2001339 || 9 || trojan-activity || 0 || ET MALWARE BInet Information Upload || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html || url,doc.emergingthreats.net/bin/view/Main/2001339 1 || 2001340 || 11 || trojan-activity || 0 || ET MALWARE LocalNRD Spyware Checkin || url,www.localnrd.com || url,doc.emergingthreats.net/bin/view/Main/2001340 1 || 2001341 || 11 || policy-violation || 0 || ET MALWARE OfferOptimizer.com Spyware || url,www.offeroptimizer.com || url,doc.emergingthreats.net/bin/view/Main/2001341 1 || 2001342 || 25 || web-application-attack || 0 || ET WEB_SERVER IIS ASP.net Auth Bypass / Canonicalization || url,doc.emergingthreats.net/2001342 || cve,CVE-2004-0847 1 || 2001343 || 22 || web-application-attack || 0 || ET WEB_SERVER IIS ASP.net Auth Bypass / Canonicalization % 5 C || url,doc.emergingthreats.net/2001343 1 || 2001345 || 9 || trojan-activity || 0 || ET MALWARE Bonziportal Traffic || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=59256 || url,doc.emergingthreats.net/bin/view/Main/2001345 1 || 2001346 || 9 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn preteen || url,doc.emergingthreats.net/bin/view/Main/2001346 1 || 2001347 || 9 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn pre-teen || url,doc.emergingthreats.net/bin/view/Main/2001347 1 || 2001348 || 9 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn early teen || url,doc.emergingthreats.net/bin/view/Main/2001348 1 || 2001349 || 9 || policy-violation || 0 || ET INAPPROPRIATE free XXX || url,doc.emergingthreats.net/bin/view/Main/2001349 1 || 2001350 || 9 || policy-violation || 0 || ET INAPPROPRIATE hardcore anal || url,doc.emergingthreats.net/bin/view/Main/2001350 1 || 2001351 || 9 || policy-violation || 0 || ET INAPPROPRIATE masturbation || url,doc.emergingthreats.net/bin/view/Main/2001351 1 || 2001352 || 9 || policy-violation || 0 || ET INAPPROPRIATE ejaculation || url,doc.emergingthreats.net/bin/view/Main/2001352 1 || 2001353 || 9 || policy-violation || 0 || ET INAPPROPRIATE BDSM || url,doc.emergingthreats.net/bin/view/Main/2001353 1 || 2001359 || 9 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Access || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001359 1 || 2001363 || 7 || shellcode-detect || 0 || ET EXPLOIT Possible MS04-032 Windows Metafile (.emf) Heap Overflow Portbind Attempt || url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx || url,doc.emergingthreats.net/bin/view/Main/2001363 1 || 2001364 || 7 || shellcode-detect || 0 || ET EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Connectback Attempt || url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx || url,doc.emergingthreats.net/bin/view/Main/2001364 1 || 2001365 || 12 || web-application-activity || 0 || ET WEB_SERVER Alternate Data Stream source view attempt || url,support.microsoft.com/kb/q188806/ || cve,1999-0278 || url,doc.emergingthreats.net/2001365 1 || 2001366 || 10 || attempted-dos || 0 || ET DOS Possible Microsoft SQL Server Remote Denial Of Service Attempt || bugtraq,11265 || url,doc.emergingthreats.net/bin/view/Main/2001366 1 || 2001369 || 7 || shellcode-detect || 0 || ET EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Exploit || url,www.k-otik.com/exploits/20041020.HOD-ms04032-emf-expl2.c.php || url,doc.emergingthreats.net/bin/view/Main/2001369 1 || 2001374 || 8 || misc-activity || 0 || ET EXPLOIT MS04-032 Bad EMF file || url,www.sygate.com/alerts/SSR20041013-0001.htm || url,doc.emergingthreats.net/bin/view/Main/2001374 1 || 2001375 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (16 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001375 1 || 2001376 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (16 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001376 1 || 2001377 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (16 digit) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001377 1 || 2001378 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (15 digit) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001378 1 || 2001379 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (15 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001379 1 || 2001380 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (15 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001380 1 || 2001381 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (14 digit) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001381 1 || 2001382 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (14 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001382 1 || 2001383 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (14 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001383 1 || 2001384 || 13 || policy-violation || 0 || ET POLICY SSN Detected in Clear Text (spaced) || url,doc.emergingthreats.net/2001384 1 || 2001385 || 6 || shellcode-detect || 0 || ET EXPLOIT Possible ShixxNote buffer-overflow + remote shell attempt || url,aluigi.altervista.org/adv/shixxbof-adv.txt || url,doc.emergingthreats.net/bin/view/Main/2001385 1 || 2001386 || 7 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn pthc || url,doc.emergingthreats.net/bin/view/Main/2001386 1 || 2001387 || 7 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn zeps || url,doc.emergingthreats.net/bin/view/Main/2001387 1 || 2001388 || 7 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn r@ygold || url,doc.emergingthreats.net/bin/view/Main/2001388 1 || 2001389 || 7 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn childlover || url,doc.emergingthreats.net/bin/view/Main/2001389 1 || 2001392 || 11 || policy-violation || 0 || ET INAPPROPRIATE Sextracker Tracking Code Detected (1) || url,doc.emergingthreats.net/bin/view/Main/2001392 1 || 2001393 || 11 || policy-violation || 0 || ET INAPPROPRIATE Sextracker Tracking Code Detected (2) || url,doc.emergingthreats.net/bin/view/Main/2001393 1 || 2001395 || 10 || trojan-activity || 0 || ET MALWARE ISearchTech.com XXXPornToolbar Activity (2) || url,www.isearchtech.com || url,doc.emergingthreats.net/bin/view/Main/2001395 1 || 2001396 || 8 || policy-violation || 0 || ET MALWARE Internet Optimizer Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.netoptimizer.html || url,doc.emergingthreats.net/bin/view/Main/2001396 1 || 2001397 || 12 || trojan-activity || 0 || ET DELETED 180solutions Spyware (tracked event reported) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2001397 1 || 2001398 || 9 || policy-violation || 0 || ET MALWARE Bfast.com Spyware || url,doc.emergingthreats.net/bin/view/Main/2001398 1 || 2001399 || 10 || trojan-activity || 0 || ET DELETED 180solutions Spyware (action url reported) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2001399 1 || 2001400 || 12 || trojan-activity || 0 || ET DELETED 180solutions Spyware Reporting || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2001400 1 || 2001402 || 5 || not-suspicious || 0 || ET POLICY ZIPPED DOC in transit || url,doc.emergingthreats.net/2001402 1 || 2001403 || 5 || not-suspicious || 0 || ET POLICY ZIPPED XLS in transit || url,doc.emergingthreats.net/2001403 1 || 2001404 || 5 || not-suspicious || 0 || ET POLICY ZIPPED EXE in transit || url,doc.emergingthreats.net/2001404 1 || 2001405 || 5 || not-suspicious || 0 || ET POLICY ZIPPED PPT in transit || url,doc.emergingthreats.net/2001405 1 || 2001406 || 10 || suspicious-filename-detect || 0 || ET POLICY Possible hidden zip extension .cpl || url,doc.emergingthreats.net/2001406 1 || 2001407 || 10 || suspicious-filename-detect || 0 || ET POLICY Possible hidden zip extension .pif || url,doc.emergingthreats.net/2001407 1 || 2001408 || 10 || suspicious-filename-detect || 0 || ET POLICY Possible hidden zip extension .scr || url,doc.emergingthreats.net/2001408 1 || 2001415 || 10 || trojan-activity || 0 || ET DELETED E2give Related Downloading IeBHOs.dll || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728 || url,doc.emergingthreats.net/bin/view/Main/2001415 1 || 2001416 || 9 || trojan-activity || 0 || ET MALWARE E2give Related Reporting Install || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728 || url,doc.emergingthreats.net/bin/view/Main/2001416 1 || 2001417 || 10 || trojan-activity || 0 || ET MALWARE E2give Related Receiving Config || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728 || url,doc.emergingthreats.net/bin/view/Main/2001417 1 || 2001418 || 9 || trojan-activity || 0 || ET MALWARE E2give Related Downloading Code || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728 || url,doc.emergingthreats.net/bin/view/Main/2001418 1 || 2001423 || 9 || trojan-activity || 0 || ET MALWARE E2give Related Reporting || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728 || url,doc.emergingthreats.net/bin/view/Main/2001423 1 || 2001424 || 7 || policy-violation || 0 || ET POLICY Gmail Inbox Access || url,doc.emergingthreats.net/2001424 1 || 2001425 || 16 || policy-violation || 0 || ET POLICY Gmail File Send || url,doc.emergingthreats.net/2001425 1 || 2001426 || 9 || policy-violation || 0 || ET POLICY Gmail Message Send || url,doc.emergingthreats.net/2001426 1 || 2001427 || 5 || policy-violation || 0 || ET CHAT Yahoo IM Unavailable Status || url,doc.emergingthreats.net/2001427 1 || 2001430 || 10 || trojan-activity || 0 || ET DELETED Bofra Victim Accessing Reactor Page || url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html || url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631 || url,doc.emergingthreats.net/2001430 1 || 2001440 || 7 || trojan-activity || 0 || ET MALWARE Abox Download || url,doc.emergingthreats.net/bin/view/Main/2001440 1 || 2001441 || 13 || trojan-activity || 0 || ET MALWARE Abox Install Report || url,securityresponse.symantec.com/avcenter/venc/data/adware.adultbox.html || url,doc.emergingthreats.net/bin/view/Main/2001441 1 || 2001442 || 11 || trojan-activity || 0 || ET MALWARE Statblaster.MemoryWatcher Download || url,www.memorywatcher.com/eula.aspx || url,doc.emergingthreats.net/bin/view/Main/2001442 1 || 2001443 || 10 || policy-violation || 0 || ET MALWARE WhenUClick.com Desktop Bar App Checkin || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2001443 1 || 2001444 || 13 || trojan-activity || 0 || ET MALWARE Overpro Spyware Bundle Install || url,www.wildarcade.com || url,doc.emergingthreats.net/bin/view/Main/2001444 1 || 2001445 || 12 || policy-violation || 0 || ET MALWARE PeopleOnPage Install || url,www.peopleonpage.com || url,www.safer-networking.org/en/threats/602.html || url,doc.emergingthreats.net/bin/view/Main/2001445 1 || 2001446 || 12 || policy-violation || 0 || ET DELETED PeopleOnPage Ping || url,www.peopleonpage.com || url,www.safer-networking.org/en/threats/602.html || url,doc.emergingthreats.net/bin/view/Main/2001446 1 || 2001447 || 8 || trojan-activity || 0 || ET MALWARE 2nd-thought (W32.Daqa.C) Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.secondthought.html || url,doc.emergingthreats.net/bin/view/Main/2001447 1 || 2001448 || 12 || trojan-activity || 0 || ET MALWARE MediaTickets Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.winad.html || url,doc.emergingthreats.net/bin/view/Main/2001448 1 || 2001449 || 8 || attempted-user || 0 || ET POLICY Proxy Connection detected || url,doc.emergingthreats.net/2001449 1 || 2001450 || 13 || trojan-activity || 0 || ET MALWARE Wintools Download/Configure || url,www.intermute.com/spyware/HuntBar.html || url,doc.emergingthreats.net/bin/view/Main/2001450 1 || 2001451 || 8 || policy-violation || 0 || ET MALWARE Bundleware Spyware Download || url,doc.emergingthreats.net/bin/view/Main/2001451 1 || 2001452 || 8 || trojan-activity || 0 || ET MALWARE Bundleware Spyware CHM Download || url,doc.emergingthreats.net/bin/view/Main/2001452 1 || 2001453 || 8 || policy-violation || 0 || ET MALWARE Couponage Download || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453090725 || url,doc.emergingthreats.net/bin/view/Main/2001453 1 || 2001454 || 8 || policy-violation || 0 || ET MALWARE Couponage Configure || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453090725 || url,doc.emergingthreats.net/bin/view/Main/2001454 1 || 2001455 || 7 || policy-violation || 0 || ET MALWARE Couponage Reporting || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453090725 || url,doc.emergingthreats.net/bin/view/Main/2001455 1 || 2001456 || 7 || policy-violation || 0 || ET MALWARE ContextPanel Reporting || url,doc.emergingthreats.net/bin/view/Main/2001456 1 || 2001458 || 7 || trojan-activity || 0 || ET MALWARE Bundleware Spyware cab Download || url,doc.emergingthreats.net/bin/view/Main/2001458 1 || 2001459 || 11 || trojan-activity || 0 || ET MALWARE Overpro Spyware Games || url,securityresponse.symantec.com/avcenter/venc/data/adware.overpro.html || url,doc.emergingthreats.net/bin/view/Main/2001459 1 || 2001460 || 10 || trojan-activity || 0 || ET MALWARE Sexmaniack Install Tracking || url,doc.emergingthreats.net/bin/view/Main/2001460 1 || 2001461 || 10 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (1) || url,doc.emergingthreats.net/bin/view/Main/2001461 1 || 2001462 || 9 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs Occuring || url,doc.emergingthreats.net/bin/view/Main/2001462 1 || 2001463 || 11 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (2) || url,doc.emergingthreats.net/bin/view/Main/2001463 1 || 2001464 || 10 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (3) || url,doc.emergingthreats.net/bin/view/Main/2001464 1 || 2001466 || 10 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (4) || url,doc.emergingthreats.net/bin/view/Main/2001466 1 || 2001467 || 10 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (5) || url,doc.emergingthreats.net/bin/view/Main/2001467 1 || 2001468 || 9 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs CHM Exploit || url,doc.emergingthreats.net/bin/view/Main/2001468 1 || 2001469 || 10 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (6) || url,doc.emergingthreats.net/bin/view/Main/2001469 1 || 2001470 || 10 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (7) || url,doc.emergingthreats.net/bin/view/Main/2001470 1 || 2001471 || 9 || trojan-activity || 0 || ET MALWARE Xpire.info Spyware Exploit || url,doc.emergingthreats.net/bin/view/Main/2001471 1 || 2001472 || 9 || trojan-activity || 0 || ET MALWARE Xpire.info Spyware Install Reporting || url,doc.emergingthreats.net/bin/view/Main/2001472 1 || 2001473 || 9 || trojan-activity || 0 || ET DELETED Searchmeup Spyware Install (toolbar) || url,doc.emergingthreats.net/bin/view/Main/2001473 1 || 2001474 || 9 || trojan-activity || 0 || ET MALWARE Searchmeup Spyware Install (prog) || url,doc.emergingthreats.net/bin/view/Main/2001474 1 || 2001475 || 9 || trojan-activity || 0 || ET MALWARE Searchmeup Spyware Receiving Commands || url,doc.emergingthreats.net/bin/view/Main/2001475 1 || 2001479 || 9 || trojan-activity || 0 || ET MALWARE Coolsearch Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2001479 1 || 2001480 || 9 || trojan-activity || 0 || ET MALWARE Searchmeup Spyware Install (systime) || url,doc.emergingthreats.net/bin/view/Main/2001480 1 || 2001481 || 8 || trojan-activity || 0 || ET MALWARE MediaTickets Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.winad.html || url,doc.emergingthreats.net/bin/view/Main/2001481 1 || 2001482 || 8 || trojan-activity || 0 || ET MALWARE thebestsoft4u.com Spyware Install (1) || url,doc.emergingthreats.net/bin/view/Main/2001482 1 || 2001483 || 9 || trojan-activity || 0 || ET MALWARE Searchmeup Spyware Install (mstask) || url,doc.emergingthreats.net/bin/view/Main/2001483 1 || 2001484 || 9 || trojan-activity || 0 || ET MALWARE Searchmeup Spyware Install (d.exe) || url,doc.emergingthreats.net/bin/view/Main/2001484 1 || 2001485 || 8 || trojan-activity || 0 || ET MALWARE thebestsoft4u.com Spyware Install (2) || url,doc.emergingthreats.net/bin/view/Main/2001485 1 || 2001486 || 9 || trojan-activity || 0 || ET DELETED thebestsoft4u.com Spyware Install (3) || url,doc.emergingthreats.net/bin/view/Main/2001486 1 || 2001488 || 9 || trojan-activity || 0 || ET MALWARE Tibsystems Spyware Download || url,doc.emergingthreats.net/bin/view/Main/2001488 1 || 2001489 || 9 || trojan-activity || 0 || ET MALWARE Spygalaxy.ws Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2001489 1 || 2001490 || 10 || trojan-activity || 0 || ET MALWARE ICQ-Update.biz Reporting Install || url,doc.emergingthreats.net/bin/view/Main/2001490 1 || 2001491 || 11 || trojan-activity || 0 || ET MALWARE Xpire.info Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2001491 1 || 2001492 || 37 || trojan-activity || 0 || ET MALWARE ISearchTech.com XXXPornToolbar Activity (MyApp) || url,www.isearchtech.com || url,doc.emergingthreats.net/2001492 1 || 2001493 || 35 || trojan-activity || 0 || ET USER_AGENTS ISearchTech.com XXXPornToolbar Activity (IST) || url,www.isearchtech.com || url,doc.emergingthreats.net/2001493 1 || 2001494 || 8 || trojan-activity || 0 || ET MALWARE Clickspring.net Spyware Reporting Successful Install || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453082745 || url,doc.emergingthreats.net/bin/view/Main/2001494 1 || 2001495 || 10 || trojan-activity || 0 || ET MALWARE Outerinfo.com Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2001495 1 || 2001496 || 7 || trojan-activity || 0 || ET MALWARE Outerinfo.com Spyware Advertising Campaign Download || url,doc.emergingthreats.net/bin/view/Main/2001496 1 || 2001497 || 8 || trojan-activity || 0 || ET MALWARE Outerinfo.com Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2001497 1 || 2001498 || 30 || trojan-activity || 0 || ET MALWARE Internet Optimizer Activity User-Agent (IOKernel) || url,doc.emergingthreats.net/2001498 1 || 2001499 || 10 || trojan-activity || 0 || ET MALWARE Look2me Spyware Activity (1) || url,securityresponse.symantec.com/avcenter/venc/data/adware.look2me.html || url,doc.emergingthreats.net/bin/view/Main/2001499 1 || 2001500 || 8 || trojan-activity || 0 || ET MALWARE Clickspring.net Spyware Reporting || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453082745 || url,doc.emergingthreats.net/bin/view/Main/2001500 1 || 2001501 || 9 || trojan-activity || 0 || ET MALWARE Clickspring.net Spyware Reporting || url,sarc.com/avcenter/venc/data/adware.bargainbuddy.html || url,doc.emergingthreats.net/bin/view/Main/2001501 1 || 2001503 || 10 || trojan-activity || 0 || ET MALWARE Medialoads.com Spyware Config || url,doc.emergingthreats.net/bin/view/Main/2001503 1 || 2001505 || 10 || trojan-activity || 0 || ET MALWARE Smartpops.com Spyware Install rh.exe || url,securityresponse.symantec.com/avcenter/venc/data/adware.smartpops.html || url,doc.emergingthreats.net/bin/view/Main/2001505 1 || 2001507 || 12 || trojan-activity || 0 || ET MALWARE Medialoads.com Spyware Identifying Country of Origin || url,doc.emergingthreats.net/bin/view/Main/2001507 1 || 2001508 || 12 || trojan-activity || 0 || ET DELETED Medialoads.com Spyware Reporting (download.cgi) || url,doc.emergingthreats.net/bin/view/Main/2001508 1 || 2001509 || 11 || trojan-activity || 0 || ET MALWARE Medialoads.com Spyware Reporting (register.cgi) || url,doc.emergingthreats.net/bin/view/Main/2001509 1 || 2001510 || 9 || trojan-activity || 0 || ET MALWARE SurfAssistant.com Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.sa.html || url,doc.emergingthreats.net/bin/view/Main/2001510 1 || 2001513 || 9 || trojan-activity || 0 || ET MALWARE Smartpops.com Spyware Update || url,securityresponse.symantec.com/avcenter/venc/data/adware.smartpops.html || url,doc.emergingthreats.net/bin/view/Main/2001513 1 || 2001514 || 10 || trojan-activity || 0 || ET MALWARE SurfAssistant.com Spyware Reporting || url,securityresponse.symantec.com/avcenter/venc/data/adware.sa.html || url,doc.emergingthreats.net/bin/view/Main/2001514 1 || 2001516 || 9 || trojan-activity || 0 || ET MALWARE Smartpops.com Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.smartpops.html || url,doc.emergingthreats.net/bin/view/Main/2001516 1 || 2001517 || 9 || trojan-activity || 0 || ET MALWARE Websearch.com Outbound Dialer Retrieval || mcafee,131461 || url,doc.emergingthreats.net/bin/view/Main/2001517 1 || 2001520 || 10 || trojan-activity || 0 || ET MALWARE Spywaremover Activity || url,securityresponse.symantec.com/avcenter/venc/data/adware.topantispyware.html || url,doc.emergingthreats.net/bin/view/Main/2001520 1 || 2001521 || 12 || trojan-activity || 0 || ET MALWARE Spywaremover Activity || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453087903 || url,doc.emergingthreats.net/bin/view/Main/2001521 1 || 2001522 || 14 || trojan-activity || 0 || ET MALWARE SpywareLabs Application Install || url,doc.emergingthreats.net/bin/view/Main/2001522 1 || 2001523 || 9 || policy-violation || 0 || ET MALWARE Statblaster Receiving New configuration (allfiles) || url,securityresponse.symantec.com/avcenter/venc/data/adware.statblaster.html || url,doc.emergingthreats.net/bin/view/Main/2001523 1 || 2001524 || 8 || policy-violation || 0 || ET MALWARE Statblaster Code Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.statblaster.html || url,doc.emergingthreats.net/bin/view/Main/2001524 1 || 2001525 || 9 || trojan-activity || 0 || ET MALWARE Virtumonde Spyware Code Download mmdom.exe || url,sarc.com/avcenter/venc/data/adware.virtumonde.html || url,doc.emergingthreats.net/bin/view/Main/2001525 1 || 2001526 || 23 || trojan-activity || 0 || ET MALWARE Virtumonde Spyware Code Download bkinst.exe || url,www.lurhq.com/iframeads.html || url,doc.emergingthreats.net/bin/view/Main/2001526 1 || 2001529 || 12 || trojan-activity || 0 || ET MALWARE Casalemedia Access, Likely Spyware || url,doc.emergingthreats.net/bin/view/Main/2001529 1 || 2001530 || 10 || trojan-activity || 0 || ET MALWARE ak-networks.com Spyware Code Download || url,doc.emergingthreats.net/bin/view/Main/2001530 1 || 2001531 || 14 || trojan-activity || 0 || ET DELETED C4tdownload.com Access, Likely Spyware || url,sarc.com/avcenter/venc/data/adware.clickdloader.b.html || url,doc.emergingthreats.net/bin/view/Main/2001531 1 || 2001532 || 13 || trojan-activity || 0 || ET DELETED Searchmiracle.com Access, Likely Spyware || url,securityresponse.symantec.com/avcenter/venc/data/trojan.elitebar.html || url,doc.emergingthreats.net/bin/view/Main/2001532 1 || 2001533 || 11 || trojan-activity || 0 || ET MALWARE Searchmiracle.com Spyware Installer silent.exe Download || url,www.searchmiracle.com/silent.exe || url,doc.emergingthreats.net/bin/view/Main/2001533 1 || 2001534 || 13 || trojan-activity || 0 || ET MALWARE Searchmiracle.com Spyware Install (silent_install) || url,www.searchmiracle.com || url,doc.emergingthreats.net/bin/view/Main/2001534 1 || 2001535 || 13 || trojan-activity || 0 || ET MALWARE Searchmiracle.com Spyware Install (protector.exe) || url,www.searchmiracle.com || url,doc.emergingthreats.net/bin/view/Main/2001535 1 || 2001536 || 9 || trojan-activity || 0 || ET MALWARE Spyspotter.com Install || url,doc.emergingthreats.net/bin/view/Main/2001536 1 || 2001537 || 15 || trojan-activity || 0 || ET MALWARE Spyspotter.com Access || url,doc.emergingthreats.net/bin/view/Main/2001537 1 || 2001538 || 8 || trojan-activity || 0 || ET MALWARE Oenji.com Install || url,doc.emergingthreats.net/bin/view/Main/2001538 1 || 2001539 || 11 || trojan-activity || 0 || ET MALWARE Spyspotter.com Access, Likely Spyware || url,doc.emergingthreats.net/bin/view/Main/2001539 1 || 2001540 || 11 || trojan-activity || 0 || ET MALWARE Searchmiracle.com Spyware Install (v3cab) || url,www.searchmiracle.com || url,doc.emergingthreats.net/bin/view/Main/2001540 1 || 2001541 || 12 || trojan-activity || 0 || ET MALWARE Xpire.info Install Report || url,doc.emergingthreats.net/bin/view/Main/2001541 1 || 2001543 || 7 || misc-activity || 0 || ET EXPLOIT NTDump Session Established Reg-Entry port 445 || url,doc.emergingthreats.net/bin/view/Main/2001543 1 || 2001544 || 7 || misc-activity || 0 || ET EXPLOIT NTDump.exe Service Started port 445 || url,doc.emergingthreats.net/bin/view/Main/2001544 1 || 2001547 || 8 || trojan-activity || 0 || ET DELETED Sobig.E-F Trojan Site Download Request || url,securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html || url,doc.emergingthreats.net/2001547 1 || 2001548 || 6 || attempted-admin || 0 || ET WORM Sasser FTP exploit attempt || url,www.lurhq.com/dabber.html || url,doc.emergingthreats.net/2001548 1 || 2001553 || 7 || attempted-dos || 0 || ET SCAN Possible SSL Brute Force attack or Site Crawl || url,doc.emergingthreats.net/2001553 1 || 2001562 || 32 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware User Configuration and Setup Access User-Agent (OSSProxy) || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/2001562 1 || 2001563 || 7 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware SSL Access || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001563 1 || 2001564 || 10 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Proxied Traffic || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001564 1 || 2001569 || 13 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 445 traffic, Potential Scan or Infection || url,doc.emergingthreats.net/2001569 1 || 2001570 || 9 || trojan-activity || 0 || ET MALWARE Spyware Stormer Reporting Data || url,www.spywarestormer.com || url,doc.emergingthreats.net/bin/view/Main/2001570 1 || 2001571 || 9 || trojan-activity || 0 || ET MALWARE Spyware Stormer/Error Guard Activity || url,www.spywarestormer.com || url,doc.emergingthreats.net/bin/view/Main/2001571 1 || 2001576 || 8 || trojan-activity || 0 || ET MALWARE BInet Information Install Report || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html || url,doc.emergingthreats.net/bin/view/Main/2001576 1 || 2001579 || 13 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 139 traffic, Potential Scan or Infection || url,doc.emergingthreats.net/2001579 1 || 2001580 || 13 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 137 traffic, Potential Scan or Infection || url,doc.emergingthreats.net/2001580 1 || 2001581 || 13 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 135 traffic, Potential Scan or Infection || url,doc.emergingthreats.net/2001581 1 || 2001582 || 13 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 1434 traffic, Potential Scan or Infection || url,doc.emergingthreats.net/2001582 1 || 2001583 || 14 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 1433 traffic, Potential Scan or Infection || url,doc.emergingthreats.net/2001583 1 || 2001586 || 9 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Proxied Traffic (mitmproxy agent) || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001586 1 || 2001587 || 7 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Upgrading || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001587 1 || 2001588 || 8 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Activity (1) || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001588 1 || 2001589 || 8 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Activity (2) || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001589 1 || 2001595 || 10 || policy-violation || 0 || ET CHAT Skype VOIP Checking Version (Startup) || url,www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf || url,doc.emergingthreats.net/2001595 1 || 2001596 || 11 || policy-violation || 0 || ET DELETED Skype VOIP Reporting Install || url,www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf || url,doc.emergingthreats.net/2001596 1 || 2001597 || 5 || policy-violation || 0 || ET POLICY Netop Remote Control Usage || url,www.netop.com || url,doc.emergingthreats.net/2001597 1 || 2001608 || 9 || policy-violation || 0 || ET INAPPROPRIATE Likely Porn || url,doc.emergingthreats.net/bin/view/Main/2001608 1 || 2001609 || 12 || misc-activity || 0 || ET SCAN F5 BIG-IP 3DNS TCP Probe 1 || url,www.f5.com/f5products/v9intro/index.html || url,doc.emergingthreats.net/2001609 1 || 2001610 || 12 || misc-activity || 0 || ET SCAN F5 BIG-IP 3DNS TCP Probe 2 || url,www.f5.com/f5products/v9intro/index.html || url,doc.emergingthreats.net/2001610 1 || 2001611 || 12 || misc-activity || 0 || ET SCAN F5 BIG-IP 3DNS TCP Probe 3 || url,www.f5.com/f5products/v9intro/index.html || url,doc.emergingthreats.net/2001611 1 || 2001616 || 13 || trojan-activity || 0 || ET ATTACK_RESPONSE Zone-H.org defacement notification || url,doc.emergingthreats.net/bin/view/Main/2001616 1 || 2001620 || 10 || string-detect || 0 || ET DELETED Likely Botnet Activity || url,doc.emergingthreats.net/bin/view/Main/2001620 1 || 2001621 || 35 || web-application-attack || 0 || ET DELETED Exploit Suspected PHP Injection Attack (name=) || cve,2002-0953 || url,doc.emergingthreats.net/2001621 1 || 2001622 || 15 || web-application-attack || 0 || ET ACTIVEX winhlp32 ActiveX control attack, phase 1 || url,doc.emergingthreats.net/bin/view/Main/2001622 1 || 2001623 || 14 || web-application-attack || 0 || ET ACTIVEX winhlp32 ActiveX control attack, phase 2 || url,doc.emergingthreats.net/bin/view/Main/2001623 1 || 2001624 || 14 || web-application-attack || 0 || ET ACTIVEX winhlp32 ActiveX control attack, phase 3 || url,doc.emergingthreats.net/bin/view/Main/2001624 1 || 2001628 || 9 || web-application-activity || 0 || ET ATTACK_RESPONSE Outbound PHP Connection || url,doc.emergingthreats.net/bin/view/Main/2001628 1 || 2001639 || 30 || trojan-activity || 0 || ET DELETED Wild Tangent Agent User-Agent (WildTangent) || url,doc.emergingthreats.net/2001639 1 || 2001640 || 23 || policy-violation || 0 || ET DELETED Altnet PeerPoints Manager Traffic User-Agent (Peer Points) || url,doc.emergingthreats.net/2001640 1 || 2001641 || 8 || trojan-activity || 0 || ET MALWARE Microgaming.com Spyware Installation (dlhelper) || url,doc.emergingthreats.net/bin/view/Main/2001641 1 || 2001643 || 9 || trojan-activity || 0 || ET MALWARE Microgaming.com Spyware Installation (2) || url,doc.emergingthreats.net/bin/view/Main/2001643 1 || 2001644 || 8 || trojan-activity || 0 || ET MALWARE Microgaming.com Spyware Reporting Installation || url,doc.emergingthreats.net/bin/view/Main/2001644 1 || 2001645 || 7 || trojan-activity || 0 || ET MALWARE Microgaming.com Spyware Casino App Install || url,doc.emergingthreats.net/bin/view/Main/2001645 1 || 2001646 || 8 || trojan-activity || 0 || ET MALWARE Toprebates.com Install (1) || url,securityresponse.symantec.com/avcenter/venc/data/adware.webrebates.html || url,doc.emergingthreats.net/bin/view/Main/2001646 1 || 2001647 || 8 || trojan-activity || 0 || ET MALWARE Toprebates.com Install (2) || url,securityresponse.symantec.com/avcenter/venc/data/adware.webrebates.html || url,doc.emergingthreats.net/bin/view/Main/2001647 1 || 2001648 || 7 || trojan-activity || 0 || ET MALWARE Toprebates.com User Confirming Membership || url,securityresponse.symantec.com/avcenter/venc/data/adware.webrebates.html || url,doc.emergingthreats.net/bin/view/Main/2001648 1 || 2001650 || 9 || policy-violation || 0 || ET MALWARE Search Scout Related Spyware (content) || url,securityresponse.symantec.com/avcenter/venc/data/adware.searchscout.html || url,doc.emergingthreats.net/bin/view/Main/2001650 1 || 2001652 || 34 || trojan-activity || 0 || ET POLICY JoltID Agent New Code Download || url,www.joltid.com || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,doc.emergingthreats.net/2001652 1 || 2001653 || 9 || policy-violation || 0 || ET MALWARE Search Scout Related Spyware (results) || url,securityresponse.symantec.com/avcenter/venc/data/adware.searchscout.html || url,doc.emergingthreats.net/bin/view/Main/2001653 1 || 2001654 || 11 || trojan-activity || 0 || ET MALWARE JoltID Agent Requesting File || url,www.joltid.com || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,doc.emergingthreats.net/bin/view/Main/2001654 1 || 2001655 || 8 || policy-violation || 0 || ET MALWARE Comet Systems Spyware Traffic (context.xml) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453083029 || url,doc.emergingthreats.net/bin/view/Main/2001655 1 || 2001656 || 7 || trojan-activity || 0 || ET MALWARE GlobalPhon.com Dialer || url,doc.emergingthreats.net/bin/view/Main/2001656 1 || 2001657 || 6 || trojan-activity || 0 || ET MALWARE GlobalPhon.com Dialer Download || url,doc.emergingthreats.net/bin/view/Main/2001657 1 || 2001658 || 8 || policy-violation || 0 || ET MALWARE Comet Systems Spyware Reporting || url,doc.emergingthreats.net/bin/view/Main/2001658 1 || 2001659 || 9 || trojan-activity || 0 || ET MALWARE GlobalPhon.com Dialer (no_pop) || url,doc.emergingthreats.net/bin/view/Main/2001659 1 || 2001660 || 8 || trojan-activity || 0 || ET MALWARE GlobalPhon.com Dialer (add_ocx) || url,doc.emergingthreats.net/bin/view/Main/2001660 1 || 2001664 || 7 || policy-violation || 0 || ET P2P Gnutella Connect || url,www.gnutella.com || url,doc.emergingthreats.net/bin/view/Main/2001664 1 || 2001666 || 7 || policy-violation || 0 || ET MALWARE Metarewards Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2001666 1 || 2001668 || 6 || misc-attack || 0 || ET EXPLOIT Exploit MS05-002 Malformed .ANI stack overflow attack || url,doc.emergingthreats.net/bin/view/Main/2001668 1 || 2001669 || 8 || bad-unknown || 0 || ET POLICY Proxy GET Request || url,doc.emergingthreats.net/2001669 1 || 2001670 || 9 || bad-unknown || 0 || ET POLICY Proxy HEAD Request || url,doc.emergingthreats.net/2001670 1 || 2001674 || 8 || bad-unknown || 0 || ET POLICY Proxy POST Request || url,doc.emergingthreats.net/2001674 1 || 2001675 || 9 || bad-unknown || 0 || ET POLICY Proxy CONNECT Request || url,doc.emergingthreats.net/2001675 1 || 2001677 || 13 || trojan-activity || 0 || ET MALWARE Webhancer Data Post || url,securityresponse.symantec.com/avcenter/venc/data/spyware.webhancer.html || url,doc.emergingthreats.net/bin/view/Main/2001677 1 || 2001678 || 13 || trojan-activity || 0 || ET MALWARE Webhancer Agent Activity || url,securityresponse.symantec.com/avcenter/venc/data/spyware.webhancer.html || url,doc.emergingthreats.net/bin/view/Main/2001678 1 || 2001679 || 13 || trojan-activity || 0 || ET MALWARE JoltID Agent P2P via Proxy Server || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,doc.emergingthreats.net/bin/view/Main/2001679 1 || 2001682 || 10 || policy-violation || 0 || ET CHAT MSN IM Poll via HTTP || url,doc.emergingthreats.net/2001682 1 || 2001683 || 17 || trojan-activity || 0 || ET MALWARE Windows executable sent when remote host claims to send an image || url,doc.emergingthreats.net/bin/view/Main/2001683 1 || 2001684 || 14 || trojan-activity || 0 || ET DELETED Windows executable sent when remote host claims to send image, Win32 || url,doc.emergingthreats.net/bin/view/Main/2001684 1 || 2001685 || 9 || trojan-activity || 0 || ET DELETED Possible Windows executable sent when remote host claims to send an image || url,doc.emergingthreats.net/bin/view/Main/2001685 1 || 2001686 || 17 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Awstats Remote Code Execution Attempt || url,www.k-otik.com/exploits/20050124.awexpl.c.php || url,www.k-otik.com/exploits/20050302.awstats_shell.c.php || url,awstats.sourceforge.net || url,www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false || bugtraq,12298 || cve,CAN-2005-0116 || url,doc.emergingthreats.net/2001686 1 || 2001689 || 8 || trojan-activity || 0 || ET WORM Potential MySQL bot scanning for SQL server || url,isc.sans.org/diary.php?date=2005-01-27 || url,doc.emergingthreats.net/2001689 1 || 2001696 || 10 || trojan-activity || 0 || ET MALWARE Search Relevancy Spyware || url,securityresponse.symantec.com/avcenter/venc/data/spyware.relevancy.html || url,doc.emergingthreats.net/bin/view/Main/2001696 1 || 2001697 || 9 || trojan-activity || 0 || ET MALWARE ISearchTech Toolbar Data Submission || url,www.isearchtech.com || url,doc.emergingthreats.net/bin/view/Main/2001697 1 || 2001698 || 7 || trojan-activity || 0 || ET DELETED YourSiteBar Data Submision || url,www.ysbweb.com || url,doc.emergingthreats.net/bin/view/Main/2001698 1 || 2001699 || 261 || trojan-activity || 0 || ET MALWARE YourSiteBar User-Agent (istsvc) || url,www.ysbweb.com || url,doc.emergingthreats.net/2001699 1 || 2001700 || 9 || trojan-activity || 0 || ET MALWARE Windupdates.com Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2001700 1 || 2001701 || 9 || trojan-activity || 0 || ET MALWARE Windupdates.com Spyware Loggin Data || url,doc.emergingthreats.net/bin/view/Main/2001701 1 || 2001702 || 37 || policy-violation || 0 || ET MALWARE Shop at Home Select Spyware User-Agent (Bundle) || url,doc.emergingthreats.net/2001702 1 || 2001703 || 34 || trojan-activity || 0 || ET MALWARE Context Plus Spyware User-Agent (Apropos) || url,doc.emergingthreats.net/2001703 1 || 2001704 || 8 || trojan-activity || 0 || ET MALWARE Context Plus Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2001704 1 || 2001705 || 10 || trojan-activity || 0 || ET MALWARE Flingstone Spyware Install (sportsinteraction) || url,securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html || url,doc.emergingthreats.net/bin/view/Main/2001705 1 || 2001706 || 35 || trojan-activity || 0 || ET MALWARE Context Plus Spyware User-Agent (Envolo) || url,doc.emergingthreats.net/2001706 1 || 2001707 || 33 || policy-violation || 0 || ET MALWARE Shop at Home Select Spyware User-Agent (SAH) || url,doc.emergingthreats.net/2001707 1 || 2001708 || 10 || policy-violation || 0 || ET MALWARE Shop at Home Select Spyware Heartbeat || url,securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html || url,doc.emergingthreats.net/bin/view/Main/2001708 1 || 2001710 || 10 || trojan-activity || 0 || ET MALWARE Flingstone Spyware Install (cxtpls) || url,securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html || url,doc.emergingthreats.net/bin/view/Main/2001710 1 || 2001711 || 9 || trojan-activity || 0 || ET USER_AGENTS Likely Spambot Web-based Control Traffic || url,doc.emergingthreats.net/bin/view/Main/2001711 1 || 2001712 || 6 || policy-violation || 0 || ET POLICY MyWebEx Server Traffic || url,www.mywebexpc.com || url,doc.emergingthreats.net/2001712 1 || 2001713 || 6 || policy-violation || 0 || ET POLICY MyWebEx Installation || url,www.mywebexpc.com || url,doc.emergingthreats.net/2001713 1 || 2001714 || 6 || policy-violation || 0 || ET POLICY MyWebEx Incoming Connection || url,www.mywebexpc.com || url,doc.emergingthreats.net/2001714 1 || 2001726 || 10 || trojan-activity || 0 || ET DELETED Trojan-Spy.Win32.Bancos Download || url,securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.b.html || url,doc.emergingthreats.net/2001726 1 || 2001729 || 7 || trojan-activity || 0 || ET MALWARE Tibsystems Spyware Install (1) || url,doc.emergingthreats.net/bin/view/Main/2001729 1 || 2001730 || 9 || trojan-activity || 0 || ET MALWARE A-d-w-a-r-e.com Activity (popup) || url,www.a-d-w-a-r-e.com || url,doc.emergingthreats.net/bin/view/Main/2001730 1 || 2001731 || 8 || trojan-activity || 0 || ET MALWARE SurfSidekick Activity || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html || url,doc.emergingthreats.net/bin/view/Main/2001731 1 || 2001733 || 8 || trojan-activity || 0 || ET DELETED CrazyWinnings.com Activity || url,doc.emergingthreats.net/bin/view/Main/2001733 1 || 2001734 || 7 || trojan-activity || 0 || ET MALWARE Tibsystems Spyware Install (2) || url,doc.emergingthreats.net/bin/view/Main/2001734 1 || 2001735 || 9 || trojan-activity || 0 || ET MALWARE A-d-w-a-r-e.com Activity (cmd) || url,www.a-d-w-a-r-e.com || url,doc.emergingthreats.net/bin/view/Main/2001735 1 || 2001736 || 271 || trojan-activity || 0 || ET MALWARE UCMore Spyware User-Agent (UCmore) || url,doc.emergingthreats.net/2001736 1 || 2001737 || 8 || trojan-activity || 0 || ET MALWARE ak-networks.com Spyware Code Install || url,doc.emergingthreats.net/bin/view/Main/2001737 1 || 2001742 || 9 || attempted-admin || 0 || ET EXPLOIT Arkeia full remote access without password or authentication || url,metasploit.com/research/vulns/arkeia_agent || url,doc.emergingthreats.net/bin/view/Main/2001742 1 || 2001743 || 8 || trojan-activity || 0 || ET TROJAN HackerDefender Root Kit Remote Connection Attempt Detected || url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html || url,doc.emergingthreats.net/2001743 1 || 2001744 || 13 || trojan-activity || 0 || ET MALWARE Searchmiracle.com Spyware Install (install) || url,www.searchmiracle.com || url,doc.emergingthreats.net/bin/view/Main/2001744 1 || 2001746 || 35 || trojan-activity || 0 || ET MALWARE Enhance My Search Spyware User-Agent (HelperH) || url,doc.emergingthreats.net/2001746 1 || 2001747 || 9 || misc-activity || 0 || ET MALWARE My-Stats.com Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2001747 1 || 2001748 || 7 || trojan-activity || 0 || ET MALWARE Pynix.dll BHO Activity || url,www.pynix.com || url,doc.emergingthreats.net/bin/view/Main/2001748 1 || 2001753 || 4 || suspicious-login || 0 || ET EXPLOIT Pwdump4 Session Established GetHash port 139 || url,doc.emergingthreats.net/bin/view/Main/2001753 1 || 2001754 || 4 || suspicious-login || 0 || ET EXPLOIT Pwdump4 Session Established GetHash port 445 || url,doc.emergingthreats.net/bin/view/Main/2001754 1 || 2001761 || 7 || trojan-activity || 0 || ET MALWARE ABX Toolbar ActiveX Install || url,isc.sans.org/diary.php?date=2005-03-04 || url,doc.emergingthreats.net/bin/view/Main/2001761 1 || 2001762 || 10 || web-application-attack || 0 || ET DELETED phpbb Session Cookie || url,www.waraxe.us/ftopict-555.html || url,doc.emergingthreats.net/2001762 1 || 2001764 || 6 || misc-activity || 0 || ET TROJAN Bugbear@MM virus via SMTP || url,www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html || url,doc.emergingthreats.net/2001764 1 || 2001765 || 7 || misc-activity || 0 || ET DELETED BugBear@MM virus in Network share || url,www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html || url,doc.emergingthreats.net/2001765 1 || 2001766 || 6 || misc-activity || 0 || ET DELETED BugBear@MM Worm Copied to Startup Folder || url,www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html || url,doc.emergingthreats.net/2001766 1 || 2001768 || 11 || web-application-activity || 0 || ET WEB_SERVER MSSQL Server OLEDB asp error || url,www.wiretrip.net/rfp/p/doc.asp/i2/d42.htm || url,doc.emergingthreats.net/2001768 1 || 2001780 || 6 || attempted-admin || 0 || ET EXPLOIT Solaris TTYPROMPT environment variable set || url,online.securityfocus.com/archive/1/293844 || url,doc.emergingthreats.net/bin/view/Main/2001780 1 || 2001783 || 7 || policy-violation || 0 || ET MALWARE Media Pass ActiveX Install || url,www.benedelman.org/news/010205-1.html || url,static.windupdates.com/Release/v19/Info.txt || url,doc.emergingthreats.net/bin/view/Main/2001783 1 || 2001793 || 8 || trojan-activity || 0 || ET MALWARE Incredisearch.com Spyware Ping || url,doc.emergingthreats.net/bin/view/Main/2001793 1 || 2001794 || 9 || trojan-activity || 0 || ET MALWARE Incredisearch.com Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2001794 1 || 2001795 || 9 || denial-of-service || 0 || ET DOS Excessive SMTP MAIL-FROM DDoS || url,doc.emergingthreats.net/bin/view/Main/2001795 1 || 2001796 || 5 || policy-violation || 0 || ET P2P Kazaa over UDP || url,www.kazaa.com/us/index.htm || url,doc.emergingthreats.net/bin/view/Main/2001796 1 || 2001801 || 5 || policy-violation || 0 || ET CHAT ICQ Status Invisible || url,doc.emergingthreats.net/2001801 1 || 2001802 || 6 || policy-violation || 0 || ET CHAT ICQ Status Change (1) || url,doc.emergingthreats.net/2001802 1 || 2001803 || 6 || policy-violation || 0 || ET CHAT ICQ Status Change (2) || url,doc.emergingthreats.net/2001803 1 || 2001804 || 5 || policy-violation || 0 || ET CHAT ICQ Login || url,doc.emergingthreats.net/2001804 1 || 2001805 || 5 || policy-violation || 0 || ET CHAT ICQ Message || url,doc.emergingthreats.net/2001805 1 || 2001807 || 8 || attempted-admin || 0 || ET DELETED CAN-2005-0399 Gif Vuln via http || cve,2005-0399 || url,doc.emergingthreats.net/bin/view/Main/2001807 1 || 2001808 || 8 || policy-violation || 0 || ET P2P LimeWire P2P Traffic || url,www.limewire.com || url,doc.emergingthreats.net/bin/view/Main/2001808 1 || 2001809 || 8 || policy-violation || 0 || ET P2P Limewire P2P UDP Traffic || url,www.limewire.com || url,doc.emergingthreats.net/bin/view/Main/2001809 1 || 2001810 || 28 || attempted-admin || 0 || ET DELETED PHP remote file include exploit attempt || url,doc.emergingthreats.net/2001810 1 || 2001811 || 8 || misc-activity || 0 || ET WEB_CLIENT Encoded javascriptdocument.write - usually hostile || url,doc.emergingthreats.net/2001811 1 || 2001812 || 8 || policy-violation || 0 || ET DELETED KazaaClient P2P Traffic || url,www.kazaa.com/us/index.htm || url,doc.emergingthreats.net/bin/view/Main/2001812 1 || 2001815 || 8 || non-standard-protocol || 0 || ET MALWARE Spambot Suspicious 220 Banner on Local Port || url,doc.emergingthreats.net/bin/view/Main/2001815 1 || 2001841 || 8 || policy-violation || 0 || ET DELETED UDP traffic - Likely Limewire || url,www.limewire.com || url,doc.emergingthreats.net/bin/view/Main/2001841 1 || 2001848 || 7 || misc-activity || 0 || ET EXPLOIT MS05-021 Exchange Link State - Possible Attack (1) || cve,CAN-2005-0560 || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,doc.emergingthreats.net/bin/view/Main/2001848 1 || 2001849 || 7 || misc-activity || 0 || ET EXPLOIT MS05-021 Exchange Link State - Possible Attack (2) || cve,CAN-2005-0560 || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,doc.emergingthreats.net/bin/view/Main/2001849 1 || 2001850 || 11 || trojan-activity || 0 || ET MALWARE Likely Trojan/Spyware Installer Requested (1) || url,doc.emergingthreats.net/bin/view/Main/2001850 1 || 2001852 || 28 || trojan-activity || 0 || ET MALWARE 404Search Spyware User-Agent (404search) || url,doc.emergingthreats.net/2001852 1 || 2001853 || 26 || trojan-activity || 0 || ET MALWARE Easy Search Bar Spyware User-Agent (ESB) || url,doc.emergingthreats.net/2001853 1 || 2001854 || 24 || trojan-activity || 0 || ET MALWARE EZULA Spyware User Agent || url,doc.emergingthreats.net/2001854 1 || 2001855 || 28 || trojan-activity || 0 || ET MALWARE Fun Web Products Spyware User-Agent (FunWebProducts) || url,doc.emergingthreats.net/2001855 1 || 2001858 || 26 || trojan-activity || 0 || ET MALWARE Hotbar Spyware User-Agent (Hotbar) || url,doc.emergingthreats.net/2001858 1 || 2001864 || 8 || trojan-activity || 0 || ET MALWARE Fun Web Products Spyware User-Agent (MyWay) || url,doc.emergingthreats.net/2001864 1 || 2001865 || 25 || trojan-activity || 0 || ET MALWARE MyWebSearch Spyware User-Agent (MyWebSearch) || url,doc.emergingthreats.net/2001865 1 || 2001867 || 27 || trojan-activity || 0 || ET MALWARE Search Engine 2000 Spyware User-Agent (searchengine) || url,doc.emergingthreats.net/2001867 1 || 2001868 || 26 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (sureseeker) || url,doc.emergingthreats.net/2001868 1 || 2001869 || 26 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (Sidesearch) || url,doc.emergingthreats.net/2001869 1 || 2001870 || 25 || trojan-activity || 0 || ET MALWARE Surfplayer Spyware User-Agent (SurferPlugin) || url,doc.emergingthreats.net/2001870 1 || 2001871 || 23 || trojan-activity || 0 || ET MALWARE Target Saver Spyware User-Agent (TSA) || url,doc.emergingthreats.net/2001871 1 || 2001872 || 29 || trojan-activity || 0 || ET MALWARE Visicom Spyware User-Agent (Visicom) || url,doc.emergingthreats.net/2001872 1 || 2001873 || 9 || misc-activity || 0 || ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021) || cve,CAN-2005-0560 || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,doc.emergingthreats.net/bin/view/Main/2001873 1 || 2001874 || 8 || misc-activity || 0 || ET EXPLOIT TCP Reset from MS Exchange after chunked data, probably crashed it (MS05-021) || cve,CAN-2005-0560 || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,doc.emergingthreats.net/bin/view/Main/2001874 1 || 2001882 || 10 || denial-of-service || 0 || ET DOS ICMP Path MTU lowered below acceptable threshold || cve,CAN-2004-1060 || url,www.microsoft.com/technet/security/bulletin/MS05-019.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || url,doc.emergingthreats.net/bin/view/Main/2001882 1 || 2001884 || 5 || trojan-activity || 0 || ET MALWARE DesktopTraffic Toolbar Spyware || url,research.spysweeper.com/threat_library/threat_details.php?threat=desktoptraffic.net_hijack || url,doc.emergingthreats.net/bin/view/Main/2001884 1 || 2001885 || 8 || policy-violation || 0 || ET MALWARE Begin2Search.com Spyware || url,sarc.com/avcenter/venc/data/adware.begin2search.html || url,doc.emergingthreats.net/bin/view/Main/2001885 1 || 2001890 || 9 || trojan-activity || 0 || ET MALWARE ToolbarPartner Spyware Agent Download (1) || url,toolbarpartner.com || url,doc.emergingthreats.net/bin/view/Main/2001890 1 || 2001891 || 16 || trojan-activity || 0 || ET USER_AGENTS Suspicious User Agent (agent) || url,doc.emergingthreats.net/bin/view/Main/2001891 1 || 2001895 || 8 || trojan-activity || 0 || ET MALWARE ToolbarPartner Spyware Spambot Retrieving Target Emails || url,toolbarpartner.com || url,doc.emergingthreats.net/bin/view/Main/2001895 1 || 2001898 || 6 || policy-violation || 0 || ET POLICY eBay Bid Placed || url,doc.emergingthreats.net/2001898 1 || 2001901 || 10 || trojan-activity || 0 || ET TROJAN Possible Bobax trojan infection || url,www.lurhq.com/bobax.html || url,doc.emergingthreats.net/2001901 1 || 2001904 || 6 || misc-activity || 0 || ET SCAN Behavioral Unusually fast inbound Telnet Connections, Potential Scan or Brute Force || url,www.rapid7.com/nexpose-faq-answer2.htm || url,doc.emergingthreats.net/2001904 1 || 2001906 || 6 || protocol-command-decode || 0 || ET SCAN MYSQL 4.0 brute force root login attempt || url,www.redferni.uklinux.net/mysql/MySQL-323.html || url,doc.emergingthreats.net/2001906 1 || 2001907 || 5 || policy-violation || 0 || ET POLICY eBay Placing Item for sale || url,doc.emergingthreats.net/2001907 1 || 2001908 || 7 || policy-violation || 0 || ET POLICY eBay View Item || url,doc.emergingthreats.net/2001908 1 || 2001909 || 7 || policy-violation || 0 || ET POLICY eBay Watch This Item || url,doc.emergingthreats.net/2001909 1 || 2001910 || 5 || trojan-activity || 0 || ET WORM AIM Bot Outbound Control Channel Open and Login || url,doc.emergingthreats.net/2001910 1 || 2001919 || 6 || trojan-activity || 0 || ET DELETED Greeting card gif.exe email incoming SMTP || url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html || url,doc.emergingthreats.net/2001919 1 || 2001920 || 6 || trojan-activity || 0 || ET DELETED Greeting card gif.exe email incoming POP3/IMAP || url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html || url,doc.emergingthreats.net/2001920 1 || 2001921 || 6 || trojan-activity || 0 || ET DELETED Greeting card gif.exe email incoming HTTP || url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html || url,doc.emergingthreats.net/2001921 1 || 2001928 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XSS Possible Arbitrary Scripting Code Attack in phpBB (private message) || url,www.securitytracker.com/alerts/2005/May/1013918.html || url,doc.emergingthreats.net/2001928 1 || 2001929 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XSS Possible Arbitrary Scripting Code Attack in phpBB (signature) || url,www.securitytracker.com/alerts/2005/May/1013918.html || url,doc.emergingthreats.net/2001929 1 || 2001933 || 10 || trojan-activity || 0 || ET TROJAN PWS Banker Trojan Sending Report of Infection || url,securityresponse.symantec.com/avcenter/venc/data/pwsteal.banker.b.html || url,doc.emergingthreats.net/2001933 1 || 2001944 || 7 || attempted-admin || 0 || ET NETBIOS MS04-007 Kill-Bill ASN1 exploit attempt || url,www.phreedom.org/solar/exploits/msasn1-bitstring/ || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx || cve,CAN-2003-0818 || url,doc.emergingthreats.net/bin/view/Main/2001944 1 || 2001947 || 7 || policy-violation || 0 || ET MALWARE Zenotecnico Adware || url,www.zenotecnico.com || url,doc.emergingthreats.net/bin/view/Main/2001947 1 || 2001949 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Athena Web Registration Remote Command Execution Attempt || cve,CAN-2004-1782 || bugtraq,9349 || url,doc.emergingthreats.net/2001949 1 || 2001959 || 8 || trojan-activity || 0 || ET DELETED Hotword Trojan in Transit || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001959 1 || 2001960 || 7 || trojan-activity || 0 || ET DELETED Hotword Trojan inbound via http || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001960 1 || 2001961 || 10 || trojan-activity || 0 || ET DELETED Hotword Trojan - Possible File Upload CHJO || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001961 1 || 2001962 || 10 || trojan-activity || 0 || ET DELETED Hotword Trojan - Possible File Upload CFXP || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001962 1 || 2001963 || 10 || trojan-activity || 0 || ET DELETED Hotword Trojan - Possible FTP File Request pspv.exe || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001963 1 || 2001964 || 10 || trojan-activity || 0 || ET DELETED Hotword Trojan - Possible FTP File Request .tea || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001964 1 || 2001965 || 10 || trojan-activity || 0 || ET DELETED Hotword Trojan - Possible FTP File Status Upload ___ || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001965 1 || 2001966 || 10 || trojan-activity || 0 || ET DELETED Hotword Trojan - Possible FTP File Status Check ___ || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001966 1 || 2001972 || 17 || misc-activity || 0 || ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (Inbound) || url,doc.emergingthreats.net/2001972 1 || 2001973 || 7 || misc-activity || 0 || ET POLICY SSH Server Banner Detected on Expected Port || url,doc.emergingthreats.net/2001973 1 || 2001974 || 7 || misc-activity || 0 || ET POLICY SSH Client Banner Detected on Expected Port || url,doc.emergingthreats.net/2001974 1 || 2001975 || 7 || misc-activity || 0 || ET POLICY SSHv2 Server KEX Detected on Expected Port || url,doc.emergingthreats.net/2001975 1 || 2001976 || 8 || misc-activity || 0 || ET POLICY SSHv2 Client KEX Detected on Expected Port || url,doc.emergingthreats.net/2001976 1 || 2001977 || 8 || misc-activity || 0 || ET POLICY SSHv2 Client New Keys detected on Expected Port || url,doc.emergingthreats.net/2001977 1 || 2001978 || 8 || misc-activity || 0 || ET POLICY SSH session in progress on Expected Port || url,doc.emergingthreats.net/2001978 1 || 2001979 || 7 || misc-activity || 0 || ET POLICY SSH Server Banner Detected on Unusual Port || url,doc.emergingthreats.net/2001979 1 || 2001980 || 9 || misc-activity || 0 || ET POLICY SSH Client Banner Detected on Unusual Port || url,doc.emergingthreats.net/2001980 1 || 2001981 || 7 || misc-activity || 0 || ET POLICY SSHv2 Server KEX Detected on Unusual Port || url,doc.emergingthreats.net/2001981 1 || 2001982 || 8 || misc-activity || 0 || ET POLICY SSHv2 Client KEX Detected on Unusual Port || url,doc.emergingthreats.net/2001982 1 || 2001983 || 8 || misc-activity || 0 || ET POLICY SSHv2 Client New Keys Detected on Unusual Port || url,doc.emergingthreats.net/2001983 1 || 2001984 || 9 || misc-activity || 0 || ET POLICY SSH session in progress on Unusual Port || url,doc.emergingthreats.net/2001984 1 || 2001985 || 8 || trojan-activity || 0 || ET DELETED HTTP RBOT Challenge/Response Authentication || url,isc.sans.org/diary.php?date=2005-06-03 || url,www.phreedom.org/solar/exploits/msasn1-bitstring || url,doc.emergingthreats.net/2001985 1 || 2001988 || 4 || attempted-admin || 0 || ET EXPLOIT MySQL MaxDB Buffer Overflow || url,doc.emergingthreats.net/bin/view/Main/2001988 1 || 2001989 || 5 || policy-violation || 0 || ET DELETED Prospero Chat Session in Progress || url,www.prospero.com/technology.htm || url,doc.emergingthreats.net/2001989 1 || 2001990 || 5 || web-application-attack || 0 || ET EXPLOIT JamMail Jammail.pl Remote Command Execution Attempt || bugtraq,13937 || url,doc.emergingthreats.net/bin/view/Main/2001990 1 || 2001992 || 7 || trojan-activity || 0 || ET MALWARE SurfSidekick Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html || url,doc.emergingthreats.net/bin/view/Main/2001992 1 || 2001994 || 8 || trojan-activity || 0 || ET MALWARE SurfSidekick Activity (ipixel) || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html || url,doc.emergingthreats.net/bin/view/Main/2001994 1 || 2001995 || 7 || trojan-activity || 0 || ET MALWARE UCMore Spyware Reporting || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=58660 || url,doc.emergingthreats.net/bin/view/Main/2001995 1 || 2001996 || 15 || trojan-activity || 0 || ET MALWARE UCMore Spyware User-Agent (EI) || url,doc.emergingthreats.net/2001996 1 || 2001997 || 8 || trojan-activity || 0 || ET MALWARE TargetNetworks.net Spyware Reporting (req) || url,www.targetnetworks.com || url,doc.emergingthreats.net/bin/view/Main/2001997 1 || 2001998 || 7 || trojan-activity || 0 || ET MALWARE UCMore Spyware Downloading Ads || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=58660 || url,doc.emergingthreats.net/bin/view/Main/2001998 1 || 2001999 || 9 || trojan-activity || 0 || ET MALWARE BTGrab.com Spyware Downloading Ads || url,www.btgrab.com || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453090726 || url,doc.emergingthreats.net/bin/view/Main/2001999 1 || 2002000 || 7 || trojan-activity || 0 || ET MALWARE Shopnav Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/spyware.shopnav.html || url,doc.emergingthreats.net/bin/view/Main/2002000 1 || 2002001 || 7 || trojan-activity || 0 || ET MALWARE 180solutions Spyware Keywords Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002001 1 || 2002002 || 30 || trojan-activity || 0 || ET MALWARE Better Internet Spyware User-Agent (thnall) || url,doc.emergingthreats.net/2002002 1 || 2002003 || 7 || trojan-activity || 0 || ET MALWARE 180solutions Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002003 1 || 2002004 || 8 || trojan-activity || 0 || ET MALWARE Topconverting Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002004 1 || 2002005 || 35 || trojan-activity || 0 || ET USER_AGENTS Better Internet Spyware User-Agent (poller) || url,doc.emergingthreats.net/2002005 1 || 2002008 || 10 || trojan-activity || 0 || ET MALWARE Wild Tangent Install || mcafee,122249 || url,doc.emergingthreats.net/bin/view/Main/2002008 1 || 2002009 || 8 || trojan-activity || 0 || ET MALWARE ESyndicate Spyware Install (esyndicateinst.exe) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453094058 || url,doc.emergingthreats.net/bin/view/Main/2002009 1 || 2002010 || 8 || trojan-activity || 0 || ET MALWARE ESyndicate Spyware Install (sepinst.exe) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453094058 || url,doc.emergingthreats.net/bin/view/Main/2002010 1 || 2002012 || 6 || trojan-activity || 0 || ET MALWARE GrandstreetInteractive.com Install || url,doc.emergingthreats.net/bin/view/Main/2002012 1 || 2002013 || 6 || trojan-activity || 0 || ET MALWARE GrandstreetInteractive.com Update || url,doc.emergingthreats.net/bin/view/Main/2002013 1 || 2002015 || 6 || trojan-activity || 0 || ET MALWARE Internet Fuel.com Install || url,doc.emergingthreats.net/bin/view/Main/2002015 1 || 2002016 || 10 || trojan-activity || 0 || ET MALWARE jmnad1.com Spyware Install (2) || url,doc.emergingthreats.net/bin/view/Main/2002016 1 || 2002017 || 9 || trojan-activity || 0 || ET MALWARE Overpro Spyware Install Report || url,securityresponse.symantec.com/avcenter/venc/data/adware.overpro.html || url,doc.emergingthreats.net/bin/view/Main/2002017 1 || 2002019 || 11 || trojan-activity || 0 || ET MALWARE jmnad1.com Spyware Install (1) || url,doc.emergingthreats.net/bin/view/Main/2002019 1 || 2002021 || 28 || trojan-activity || 0 || ET MALWARE Grandstreet Interactive Spyware User-Agent (IEP) || url,doc.emergingthreats.net/2002021 1 || 2002022 || 4 || policy-violation || 0 || ET DELETED GotoMyPC poll.gotomypc.com Server Response to Polling Client OK || url,doc.emergingthreats.net/2002022 1 || 2002023 || 16 || misc-activity || 0 || ET CHAT IRC USER command || url,doc.emergingthreats.net/2002023 1 || 2002024 || 19 || misc-activity || 0 || ET CHAT IRC NICK command || url,doc.emergingthreats.net/2002024 1 || 2002025 || 19 || misc-activity || 0 || ET CHAT IRC JOIN command || url,doc.emergingthreats.net/2002025 1 || 2002026 || 21 || misc-activity || 0 || ET CHAT IRC PRIVMSG command || url,doc.emergingthreats.net/2002026 1 || 2002027 || 16 || misc-activity || 0 || ET CHAT IRC PING command || url,doc.emergingthreats.net/2002027 1 || 2002028 || 19 || misc-activity || 0 || ET CHAT IRC PONG response || url,doc.emergingthreats.net/2002028 1 || 2002029 || 11 || trojan-activity || 0 || ET TROJAN IRC Channel topic scan/exploit command || url,doc.emergingthreats.net/2002029 1 || 2002030 || 16 || trojan-activity || 0 || ET TROJAN IRC Potential bot scan/exploit command || url,doc.emergingthreats.net/2002030 1 || 2002031 || 19 || trojan-activity || 0 || ET TROJAN IRC Potential bot update/download via http command || url,doc.emergingthreats.net/2002031 1 || 2002032 || 22 || trojan-activity || 0 || ET TROJAN IRC Potential DDoS command 1 || url,doc.emergingthreats.net/2002032 1 || 2002033 || 17 || trojan-activity || 0 || ET TROJAN IRC Potential bot command response || url,doc.emergingthreats.net/2002033 1 || 2002034 || 10 || misc-activity || 0 || ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (linux style) || url,doc.emergingthreats.net/bin/view/Main/2002034 1 || 2002036 || 7 || trojan-activity || 0 || ET MALWARE Weird on the Web /180 Solutions Checkin || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002036 1 || 2002037 || 7 || policy-violation || 0 || ET MALWARE Shop at Home Select Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html || url,doc.emergingthreats.net/bin/view/Main/2002037 1 || 2002038 || 249 || trojan-activity || 0 || ET MALWARE Shopathomeselect.com Spyware User-Agent (WebDownloader) || url,doc.emergingthreats.net/2002038 1 || 2002040 || 7 || trojan-activity || 0 || ET MALWARE Topconverting Spyware Reporting || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002040 1 || 2002041 || 8 || trojan-activity || 0 || ET DELETED Weird on the Web /180 Solutions Update || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002041 1 || 2002044 || 6 || trojan-activity || 0 || ET MALWARE OutBlaze.com Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2002044 1 || 2002046 || 8 || trojan-activity || 0 || ET MALWARE TargetNetworks.net Spyware Reporting (tn) || url,www.targetnetworks.com || url,doc.emergingthreats.net/bin/view/Main/2002046 1 || 2002048 || 6 || trojan-activity || 0 || ET MALWARE 180solutions Spyware Defs Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002048 1 || 2002061 || 4 || attempted-admin || 0 || ET EXPLOIT Possible BackupExec Metasploit Exploit (inbound) || url,isc.sans.org/diary.php?date=2005-06-27 || url,www.metasploit.org/projects/Framework/modules/exploits/backupexec_agent.pm || url,doc.emergingthreats.net/bin/view/Main/2002061 1 || 2002062 || 4 || attempted-admin || 0 || ET EXPLOIT Possible BackupExec Metasploit Exploit (outbound) || url,isc.sans.org/diary.php?date=2005-06-27 || url,www.metasploit.org/projects/Framework/modules/exploits/backupexec_agent.pm || url,doc.emergingthreats.net/bin/view/Main/2002062 1 || 2002064 || 7 || attempted-admin || 0 || ET NETBIOS ms05-011 exploit || bugtraq,12484 || url,www.frsirt.com/exploits/20050623.mssmb_poc.c.php || url,doc.emergingthreats.net/bin/view/Main/2002064 1 || 2002065 || 7 || misc-attack || 0 || ET EXPLOIT Veritas backupexec_agent exploit || url,isc.sans.org/diary.php?date=2005-06-27 || url,doc.emergingthreats.net/bin/view/Main/2002065 1 || 2002066 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CSV-DB CSV_DB.CGI Remote Command Execution Attempt || bugtraq,14059 || url,doc.emergingthreats.net/2002066 1 || 2002067 || 8 || web-application-attack || 0 || ET DELETED Community Link Pro Login.CGI Remote Command Execution Attempt || bugtraq,14097 || url,doc.emergingthreats.net/2002067 1 || 2002068 || 8 || attempted-recon || 0 || ET EXPLOIT NDMP Notify Connect - Possible Backup Exec Remote Agent Recon || url,www.ndmp.org/download/sdk_v4/draft-skardal-ndmp4-04.txt || url,doc.emergingthreats.net/bin/view/Main/2002068 1 || 2002069 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blog Spam Insert Attempt || url,spamhuntress.com/2005/05/14/new-block-for-bulgarians/ || url,lists.geeklog.net/pipermail/geeklog-spam/2005-June/000020.html || url,www.webmasterworld.com/forum92/3683.htm || url,doc.emergingthreats.net/2002069 1 || 2002070 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB Remote Code Execution Attempt || url,secunia.com/advisories/15845/ || bugtraq,14086 || url,www.securiteam.com/unixfocus/6Z00R2ABPY.html || url,doc.emergingthreats.net/2002070 1 || 2002071 || 16 || trojan-activity || 0 || ET MALWARE XupiterToolbar Spyware User-Agent (XupiterToolbar) || url,castlecops.com/tk781-Xupitertoolbar_dll_t_dll.html || url,doc.emergingthreats.net/2002071 1 || 2002078 || 29 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (SideStep) || url,doc.emergingthreats.net/2002078 1 || 2002079 || 18 || trojan-activity || 0 || ET USER_AGENTS MyWaySearch Products Spyware User Agent || url,doc.emergingthreats.net/2002079 || url,www.funwebproducts.com 1 || 2002080 || 22 || trojan-activity || 0 || ET MALWARE MySearch Products Spyware User-Agent (MySearch) || url,doc.emergingthreats.net/2002080 1 || 2002083 || 6 || trojan-activity || 0 || ET MALWARE Pacimedia Spyware 1 || url,doc.emergingthreats.net/bin/view/Main/2002083 1 || 2002087 || 10 || misc-activity || 0 || ET POLICY Inbound Frequent Emails - Possible Spambot Inbound || url,doc.emergingthreats.net/2002087 1 || 2002088 || 7 || trojan-activity || 0 || ET MALWARE C4tdownload.com Spyware Activity || url,sarc.com/avcenter/venc/data/adware.clickdloader.b.html || url,doc.emergingthreats.net/bin/view/Main/2002088 1 || 2002089 || 9 || trojan-activity || 0 || ET MALWARE CWS qck.cc Spyware Installer (in.php) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035 || url,doc.emergingthreats.net/bin/view/Main/2002089 1 || 2002090 || 7 || trojan-activity || 0 || ET MALWARE IEHelp.net Spyware Installer || url,securityresponse.symantec.com/avcenter/venc/data/trojan.domcom.html || url,doc.emergingthreats.net/bin/view/Main/2002090 1 || 2002091 || 7 || trojan-activity || 0 || ET MALWARE Searchmiracle.com Spyware Install - silent.exe || url,www.searchmiracle.com || url,doc.emergingthreats.net/bin/view/Main/2002091 1 || 2002092 || 8 || trojan-activity || 0 || ET MALWARE yupsearch.com Spyware Install - protector.exe || url,www.yupsearch.com || url,doc.emergingthreats.net/bin/view/Main/2002092 1 || 2002093 || 8 || trojan-activity || 0 || ET MALWARE Likely Trojan/Spyware Installer Requested (2) || url,doc.emergingthreats.net/bin/view/Main/2002093 1 || 2002094 || 5 || trojan-activity || 0 || ET DELETED MSUpdater.net Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2002094 1 || 2002095 || 7 || trojan-activity || 0 || ET MALWARE CWS qck.cc Spyware Installer (web.php) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035 || url,doc.emergingthreats.net/bin/view/Main/2002095 1 || 2002096 || 8 || trojan-activity || 0 || ET MALWARE IEHelp.net Spyware checkin || url,securityresponse.symantec.com/avcenter/venc/data/trojan.domcom.html || url,doc.emergingthreats.net/bin/view/Main/2002096 1 || 2002098 || 8 || trojan-activity || 0 || ET MALWARE yupsearch.com Spyware Install - sideb.exe || url,www.yupsearch.com || url,doc.emergingthreats.net/bin/view/Main/2002098 1 || 2002099 || 5 || trojan-activity || 0 || ET MALWARE 180solutions Spyware config Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002099 1 || 2002100 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WPS wps_shop.cgi Remote Command Execution Attempt || bugtraq,14245 || url,doc.emergingthreats.net/2002100 1 || 2002101 || 6 || policy-violation || 0 || ET GAMES Battle.net Starcraft login || url,doc.emergingthreats.net/bin/view/Main/2002101 1 || 2002102 || 6 || policy-violation || 0 || ET GAMES Battle.net Brood War login || url,doc.emergingthreats.net/bin/view/Main/2002102 1 || 2002103 || 6 || policy-violation || 0 || ET GAMES Battle.net Diablo login || url,doc.emergingthreats.net/bin/view/Main/2002103 1 || 2002104 || 6 || policy-violation || 0 || ET GAMES Battle.net Diablo 2 login || url,doc.emergingthreats.net/bin/view/Main/2002104 1 || 2002105 || 6 || policy-violation || 0 || ET GAMES Battle.net Diablo 2 Lord of Destruction login || url,doc.emergingthreats.net/bin/view/Main/2002105 1 || 2002106 || 6 || policy-violation || 0 || ET GAMES Battle.net Warcraft 2 login || url,doc.emergingthreats.net/bin/view/Main/2002106 1 || 2002107 || 6 || policy-violation || 0 || ET GAMES Battle.net Warcraft 3 login || url,doc.emergingthreats.net/bin/view/Main/2002107 1 || 2002108 || 7 || policy-violation || 0 || ET GAMES Battle.net Warcraft 3 The Frozen throne login || url,doc.emergingthreats.net/bin/view/Main/2002108 1 || 2002109 || 6 || policy-violation || 0 || ET GAMES Battle.net old game version || url,doc.emergingthreats.net/bin/view/Main/2002109 1 || 2002110 || 5 || policy-violation || 0 || ET GAMES Battle.net invalid version || url,doc.emergingthreats.net/bin/view/Main/2002110 1 || 2002111 || 5 || policy-violation || 0 || ET GAMES Battle.net invalid cdkey || url,doc.emergingthreats.net/bin/view/Main/2002111 1 || 2002112 || 6 || policy-violation || 0 || ET GAMES Battle.net cdkey in use || url,doc.emergingthreats.net/bin/view/Main/2002112 1 || 2002113 || 5 || policy-violation || 0 || ET GAMES Battle.net banned key || url,doc.emergingthreats.net/bin/view/Main/2002113 1 || 2002114 || 5 || policy-violation || 0 || ET GAMES Battle.net wrong product || url,doc.emergingthreats.net/bin/view/Main/2002114 1 || 2002115 || 6 || policy-violation || 0 || ET GAMES Battle.net failed account login (OLS) wrong password || url,doc.emergingthreats.net/bin/view/Main/2002115 1 || 2002116 || 6 || policy-violation || 0 || ET GAMES Battle.net failed account login (NLS) wrong password || url,doc.emergingthreats.net/bin/view/Main/2002116 1 || 2002117 || 6 || policy-violation || 0 || ET GAMES Battle.net connection reset (possible IP-Ban) || url,doc.emergingthreats.net/bin/view/Main/2002117 1 || 2002118 || 6 || policy-violation || 0 || ET GAMES Battle.net user in channel || url,doc.emergingthreats.net/bin/view/Main/2002118 1 || 2002119 || 6 || policy-violation || 0 || ET GAMES Battle.net outgoing chat message || url,doc.emergingthreats.net/bin/view/Main/2002119 1 || 2002129 || 13 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Cacti Input Validation Attack || url,www.cacti.net || url,www.idefense.com/application/poi/display?id=265&type=vulnerabilities || url,www.idefense.com/application/poi/display?id=266&type=vulnerabilities || url,doc.emergingthreats.net/2002129 1 || 2002131 || 10 || web-application-activity || 0 || ET WEB_SERVER Oracle Reports XML Information Disclosure || url,www.oracle.com/technology/products/reports/index.html || url,www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html || url,doc.emergingthreats.net/2002131 1 || 2002132 || 10 || web-application-activity || 0 || ET WEB_SERVER Oracle Reports DESFORMAT Information Disclosure || url,www.oracle.com/technology/products/reports/index.html || url,www.red-database-security.com/advisory/oracle_reports_read_any_file.html || url,doc.emergingthreats.net/2002132 1 || 2002133 || 10 || web-application-activity || 0 || ET WEB_SERVER Oracle Reports OS Command Injection Attempt || url,www.oracle.com/technology/products/reports/index.html || url,www.red-database-security.com/advisory/oracle_reports_run_any_os_command.html || url,doc.emergingthreats.net/2002133 1 || 2002138 || 9 || policy-violation || 0 || ET GAMES World of Warcraft connection || url,doc.emergingthreats.net/bin/view/Main/2002138 1 || 2002139 || 5 || policy-violation || 0 || ET GAMES World of Warcraft failed logon || url,doc.emergingthreats.net/bin/view/Main/2002139 1 || 2002140 || 5 || policy-violation || 0 || ET GAMES Battle.net user joined channel || url,doc.emergingthreats.net/bin/view/Main/2002140 1 || 2002141 || 5 || policy-violation || 0 || ET GAMES Battle.net user left channel || url,doc.emergingthreats.net/bin/view/Main/2002141 1 || 2002142 || 5 || policy-violation || 0 || ET GAMES Battle.net received whisper message || url,doc.emergingthreats.net/bin/view/Main/2002142 1 || 2002143 || 5 || policy-violation || 0 || ET GAMES Battle.net received server broadcast || url,doc.emergingthreats.net/bin/view/Main/2002143 1 || 2002144 || 5 || policy-violation || 0 || ET GAMES Battle.net joined channel || url,doc.emergingthreats.net/bin/view/Main/2002144 1 || 2002145 || 5 || policy-violation || 0 || ET GAMES Battle.net user had a flags update || url,doc.emergingthreats.net/bin/view/Main/2002145 1 || 2002146 || 5 || policy-violation || 0 || ET GAMES Battle.net sent a whisper || url,doc.emergingthreats.net/bin/view/Main/2002146 1 || 2002147 || 5 || policy-violation || 0 || ET GAMES Battle.net channel full || url,doc.emergingthreats.net/bin/view/Main/2002147 1 || 2002148 || 5 || policy-violation || 0 || ET GAMES Battle.net channel doesn't exist || url,doc.emergingthreats.net/bin/view/Main/2002148 1 || 2002149 || 5 || policy-violation || 0 || ET GAMES Battle.net channel is restricted || url,doc.emergingthreats.net/bin/view/Main/2002149 1 || 2002150 || 5 || policy-violation || 0 || ET GAMES Battle.net informational message || url,doc.emergingthreats.net/bin/view/Main/2002150 1 || 2002151 || 5 || policy-violation || 0 || ET GAMES Battle.net error message || url,doc.emergingthreats.net/bin/view/Main/2002151 1 || 2002152 || 5 || policy-violation || 0 || ET GAMES Battle.net 'emote' message || url,doc.emergingthreats.net/bin/view/Main/2002152 1 || 2002154 || 5 || policy-violation || 0 || ET GAMES Guild Wars connection || url,doc.emergingthreats.net/bin/view/Main/2002154 1 || 2002155 || 4 || policy-violation || 0 || ET GAMES Steam connection || url,doc.emergingthreats.net/bin/view/Main/2002155 1 || 2002157 || 11 || policy-violation || 0 || ET CHAT Skype User-Agent detected || url,doc.emergingthreats.net/2002157 1 || 2002158 || 14 || web-application-attack || 0 || ET WEB_SERVER XML-RPC for PHP Remote Code Injection || url,www.securityfocus.com/bid/14088/exploit || cve,2005-1921 || url,doc.emergingthreats.net/bin/view/Main/2002158 1 || 2002160 || 17 || trojan-activity || 0 || ET MALWARE CoolWebSearch Spyware (Feat) || url,www.spywareguide.com/product_show.php?id=599 || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || url,www.doxdesk.com/parasite/CoolWebSearch.html || url,doc.emergingthreats.net/2002160 1 || 2002164 || 13 || trojan-activity || 0 || ET MALWARE Hotbar Spyware User-Agent (host) || url,www.doxdesk.com/parasite/Hotbar.html || url,www.pchell.com/support/hotbar.shtml || url,doc.emergingthreats.net/2002164 1 || 2002166 || 16 || trojan-activity || 0 || ET MALWARE Alexa Search Toolbar User-Agent (Alexa Toolbar) || url,www.spywareguide.com/product_show.php?id=418 || url,doc.emergingthreats.net/2002166 1 || 2002167 || 18 || trojan-activity || 0 || ET POLICY Software Install Reporting via HTTP - Wise User Agent (Wise) Sometimes Malware Related || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771 || url,doc.emergingthreats.net/2002167 1 || 2002169 || 14 || trojan-activity || 0 || ET MALWARE iWon Spyware (iWonSearchAssistant) || url,www.spywareguide.com/product_show.php?id=461 || url,doc.emergingthreats.net/2002169 1 || 2002170 || 5 || policy-violation || 0 || ET GAMES Battle.net incoming chat message || url,doc.emergingthreats.net/bin/view/Main/2002170 1 || 2002171 || 11 || web-application-attack || 0 || ET DELETED COM Object Instantiation Memory Corruption Vulnerability (group 1) || cve,2005-1990 || url,www.microsoft.com/technet/security/Bulletin/MS05-038.mspx || url,doc.emergingthreats.net/2002171 1 || 2002172 || 10 || web-application-attack || 0 || ET DELETED COM Object Instantiation Memory Corruption Vulnerability (group 2) || cve,2005-1990 || url,www.microsoft.com/technet/security/Bulletin/MS05-038.mspx || url,doc.emergingthreats.net/2002172 1 || 2002173 || 13 || web-application-attack || 0 || ET DELETED COM Object Instantiation Memory Corruption Vulnerability (group 3) || cve,2005-1990 || url,www.microsoft.com/technet/security/Bulletin/MS05-038.mspx || url,doc.emergingthreats.net/2002173 1 || 2002175 || 5 || trojan-activity || 0 || ET TROJAN Srv.SSA-KeyLogger Checkin Traffic || url,doc.emergingthreats.net/2002175 1 || 2002181 || 5 || default-login-attempt || 0 || ET EXPLOIT Backup Exec Windows Agent Remote File Access - Attempt || url,www.frsirt.com/english/advisories/2005/1387 || url,www.frsirt.com/exploits/20050811.backupexec_dump.pm.php || url,doc.emergingthreats.net/bin/view/Main/2002181 1 || 2002182 || 5 || misc-attack || 0 || ET EXPLOIT Backup Exec Windows Agent Remote File Access - Vulnerable || url,www.frsirt.com/english/advisories/2005/1387 || url,www.frsirt.com/exploits/20050811.backupexec_dump.pm.php || url,doc.emergingthreats.net/bin/view/Main/2002182 1 || 2002186 || 4 || attempted-admin || 0 || ET NETBIOS SMB-DS Microsoft Windows 2000 Plug and Play Vulnerability || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || url,isc.sans.org/diary.php?date=2005-08-14 || url,doc.emergingthreats.net/bin/view/Main/2002186 1 || 2002187 || 6 || attempted-admin || 0 || ET DELETED NETBIOS SMB Microsoft Windows 2000 PNP Vuln || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || url,isc.sans.org/diary.php?date=2005-08-14 || url,doc.emergingthreats.net/bin/view/Main/2002187 1 || 2002188 || 6 || attempted-admin || 0 || ET DELETED NETBIOS SMB-DS Microsoft Windows 2000 PNP Vuln || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || url,isc.sans.org/diary.php?date=2005-08-14 || url,doc.emergingthreats.net/bin/view/Main/2002188 1 || 2002192 || 4 || policy-violation || 0 || ET CHAT MSN status change || url,doc.emergingthreats.net/2002192 1 || 2002194 || 7 || policy-violation || 0 || ET DELETED Pacimedia Spyware 2 || url,doc.emergingthreats.net/bin/view/Main/2002194 1 || 2002196 || 4 || trojan-activity || 0 || ET MALWARE Casalemedia Spyware Reporting URL Visited 2 || url,doc.emergingthreats.net/bin/view/Main/2002196 1 || 2002199 || 4 || protocol-command-decode || 0 || ET NETBIOS SMB-DS DCERPC PnP HOD bind attempt || url,doc.emergingthreats.net/bin/view/Main/2002199 1 || 2002200 || 4 || protocol-command-decode || 0 || ET NETBIOS SMB-DS DCERPC PnP bind attempt || url,doc.emergingthreats.net/bin/view/Main/2002200 1 || 2002201 || 4 || attempted-admin || 0 || ET NETBIOS SMB-DS DCERPC PnP QueryResConfList exploit attempt || cve,CAN-2005-1983 || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || url,doc.emergingthreats.net/bin/view/Main/2002201 1 || 2002202 || 4 || protocol-command-decode || 0 || ET NETBIOS SMB DCERPC PnP bind attempt || url,doc.emergingthreats.net/bin/view/Main/2002202 1 || 2002203 || 4 || attempted-admin || 0 || ET NETBIOS SMB DCERPC PnP QueryResConfList exploit attempt || cve,CAN-2005-1983 || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || url,doc.emergingthreats.net/bin/view/Main/2002203 1 || 2002296 || 8 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 1 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002296 1 || 2002297 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 2 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002297 1 || 2002298 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 3 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002298 1 || 2002299 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 4 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002299 1 || 2002300 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 5 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002300 1 || 2002301 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 6 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002301 1 || 2002302 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 7 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002302 1 || 2002303 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 8 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002303 1 || 2002304 || 8 || policy-violation || 0 || ET DELETED Advertising.com Reporting Data || url,securityresponse.symantec.com/avcenter/venc/data/adware.fastseek.html || url,doc.emergingthreats.net/bin/view/Main/2002304 1 || 2002305 || 8 || policy-violation || 0 || ET MALWARE Fun Web Products Smileychooser Spyware || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2002305 1 || 2002306 || 6 || policy-violation || 0 || ET MALWARE Fun Web Products Cursorchooser Spyware || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2002306 1 || 2002307 || 8 || policy-violation || 0 || ET DELETED Fun Web Products Stampchooser Spyware || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2002307 1 || 2002308 || 49 || web-application-attack || 0 || ET DELETED Internet Explorer Vulnerable CLSID (Msdds.dll) || url,www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php || url,doc.emergingthreats.net/2002308 1 || 2002309 || 7 || policy-violation || 0 || ET DELETED Metarewards Disclaimer Access || url,doc.emergingthreats.net/bin/view/Main/2002309 1 || 2002310 || 8 || policy-violation || 0 || ET MALWARE Fun Web Products Smileychooser Spyware || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2002310 1 || 2002312 || 4 || policy-violation || 0 || ET DELETED MSN Game Loading || url,doc.emergingthreats.net/2002312 1 || 2002313 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti graph_image.php Remote Command Execution Attempt || cve,CAN-2005-1524 || bugtraq,14129 || bugtraq,14042 || url,doc.emergingthreats.net/2002313 1 || 2002314 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPOutsourcing Zorum prod.php Remote Command Execution Attempt || bugtraq,14601 || url,doc.emergingthreats.net/2002314 1 || 2002315 || 7 || misc-attack || 0 || ET EXPLOIT Incoming Electronic Mail for UNIX Expires Header Buffer Overflow Exploit || url,www.frsirt.com/exploits/20050822.elmexploit.c.php || url,www.instinct.org/elm/ || url,doc.emergingthreats.net/bin/view/Main/2002315 1 || 2002316 || 7 || misc-attack || 0 || ET EXPLOIT Outgoing Electronic Mail for UNIX Expires Header Buffer Overflow Exploit || url,www.frsirt.com/exploits/20050822.elmexploit.c.php || url,www.instinct.org/elm/ || url,doc.emergingthreats.net/bin/view/Main/2002316 1 || 2002317 || 5 || trojan-activity || 0 || ET MALWARE EZSearch Spyware Reporting Search Strings || url,doc.emergingthreats.net/bin/view/Main/2002317 1 || 2002318 || 5 || trojan-activity || 0 || ET MALWARE EZSearch Spyware Reporting Search Category || url,doc.emergingthreats.net/bin/view/Main/2002318 1 || 2002319 || 5 || trojan-activity || 0 || ET MALWARE EZSearch Spyware Reporting 2 || url,doc.emergingthreats.net/bin/view/Main/2002319 1 || 2002320 || 5 || trojan-activity || 0 || ET MALWARE Transponder Spyware Activity || url,www.doxdesk.com/parasite/Transponder.html || url,doc.emergingthreats.net/bin/view/Main/2002320 1 || 2002322 || 3 || misc-activity || 0 || ET WORM Possible MSN Worm Exploit php || url,doc.emergingthreats.net/2002322 1 || 2002323 || 3 || misc-activity || 0 || ET WORM Possible MSN Worm Exploit exe || url,doc.emergingthreats.net/2002323 1 || 2002324 || 3 || misc-activity || 0 || ET WORM Possible MSN Worm Exploit pif || url,doc.emergingthreats.net/2002324 1 || 2002325 || 3 || misc-activity || 0 || ET WORM W32.kelvir.HI || url,securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.hi.html || url,doc.emergingthreats.net/2002325 1 || 2002327 || 4 || policy-violation || 0 || ET CHAT Google Talk (Jabber) Client Login || url,talk.google.com || url,www.xmpp.org || url,doc.emergingthreats.net/2002327 1 || 2002330 || 4 || policy-violation || 0 || ET POLICY Google Talk TLS Client Traffic || url,talk.google.com || url,www.xmpp.org || url,doc.emergingthreats.net/2002330 1 || 2002331 || 5 || attempted-recon || 0 || ET WEB_SPECIFIC_APPS Piranha default passwd attempt || bugtraq,1148 || cve,2000-0248 || nessus,10381 || url,doc.emergingthreats.net/2002331 1 || 2002332 || 6 || policy-violation || 0 || ET POLICY Google IM traffic Windows client user sign-on || url,www.google.com/talk || url,doc.emergingthreats.net/2002332 1 || 2002333 || 6 || policy-violation || 0 || ET POLICY Google IM traffic friend invited || url,www.google.com/talk || url,doc.emergingthreats.net/2002333 1 || 2002334 || 5 || policy-violation || 0 || ET CHAT Google IM traffic Jabber client sign-on || url,www.google.com/talk || url,doc.emergingthreats.net/2002334 1 || 2002348 || 5 || trojan-activity || 0 || ET MALWARE VPP Technologies Spyware || url,doc.emergingthreats.net/bin/view/Main/2002348 1 || 2002349 || 7 || trojan-activity || 0 || ET MALWARE Alexa Spyware Reporting URL || url,doc.emergingthreats.net/bin/view/Main/2002349 1 || 2002350 || 5 || trojan-activity || 0 || ET MALWARE VPP Technologies Spyware Reporting URL || url,doc.emergingthreats.net/bin/view/Main/2002350 1 || 2002351 || 5 || policy-violation || 0 || ET MALWARE Comet Systems Spyware Update Download || url,doc.emergingthreats.net/bin/view/Main/2002351 1 || 2002352 || 5 || policy-violation || 0 || ET MALWARE Comet Systems Spyware Context Report || url,doc.emergingthreats.net/bin/view/Main/2002352 1 || 2002353 || 6 || trojan-activity || 0 || ET DELETED AdultfriendFinder.com Spyware Iframe Download || url,doc.emergingthreats.net/bin/view/Main/2002353 1 || 2002354 || 5 || trojan-activity || 0 || ET MALWARE 180solutions Spyware versionconfig POST || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002354 1 || 2002362 || 6 || web-application-attack || 0 || ET WEB_SERVER Barracuda Spam Firewall img.pl Remote Command Execution Attempt || bugtraq,14712 || url,doc.emergingthreats.net/2002362 1 || 2002363 || 15 || trojan-activity || 0 || ET TROJAN IRC potential reptile commands || url,doc.emergingthreats.net/2002363 1 || 2002364 || 7 || misc-activity || 0 || ET DELETED Weatherbug Wxbug Capture || url,doc.emergingthreats.net/bin/view/Main/2002364 1 || 2002365 || 9 || web-application-attack || 0 || ET WEB_SERVER HP OpenView Network Node Manager Remote Command Execution Attempt || bugtraq,14662 || url,doc.emergingthreats.net/2002365 1 || 2002371 || 6 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Miva Merchant Cross Site Scripting Attack || bugtraq,14828 || url,smallbusiness.miva.com/products/mia/ || url,www.frsirt.com/english/advisories/2005/1758 || url,doc.emergingthreats.net/2002371 1 || 2002376 || 10 || web-application-attack || 0 || ET WEB_SERVER IBM Lotus Domino BaseTarget XSS attempt || bugtraq,14845 || url,doc.emergingthreats.net/2002376 1 || 2002377 || 9 || web-application-attack || 0 || ET WEB_SERVER IBM Lotus Domino Src XSS attempt || bugtraq,14846 || url,doc.emergingthreats.net/2002377 1 || 2002381 || 10 || web-application-attack || 0 || ET WEB_CLIENT RealPlayer/Helix Player Format String Exploit || url,milw0rm.com/id.php?id=1232 || bugtraq,14945 || cve,2005-2710 || url,doc.emergingthreats.net/bin/view/Main/2002381 1 || 2002383 || 11 || unsuccessful-user || 0 || ET SCAN Potential FTP Brute-Force attempt || url,doc.emergingthreats.net/2002383 1 || 2002384 || 17 || trojan-activity || 0 || ET TROJAN IRC potential bot commands || url,doc.emergingthreats.net/2002384 1 || 2002385 || 14 || trojan-activity || 0 || ET TROJAN IRC channel topic reptile commands || url,doc.emergingthreats.net/2002385 1 || 2002386 || 12 || trojan-activity || 0 || ET TROJAN IRC channel topic misc bot commands || url,doc.emergingthreats.net/2002386 1 || 2002387 || 10 || trojan-activity || 0 || ET DELETED Mitglieder Proxy Bot Checking In || url,isc.sans.org/diary.php?storyid=722 || url,doc.emergingthreats.net/2002387 1 || 2002389 || 4 || successful-recon-limited || 0 || ET EXPLOIT Vulnerable Mercury 4.01a IMAP Banner || url,www.pmail.com/whatsnew/m32401.htm || bugtraq,11775 || url,doc.emergingthreats.net/bin/view/Main/2002389 1 || 2002390 || 4 || misc-attack || 0 || ET EXPLOIT Mercury v4.01a IMAP RENAME Buffer Overflow || url,www.pmail.com/whatsnew/m32401.htm || url,metasploit.com/projects/Framework/exploits.html#mercury_imap || bugtraq,11775 || url,doc.emergingthreats.net/bin/view/Main/2002390 1 || 2002394 || 12 || trojan-activity || 0 || ET MALWARE Adwave/MarketScore User-Agent (WTA) || url,www.adwave.com/our_mission.aspx || url,www.marketscore.com || url,doc.emergingthreats.net/2002394 1 || 2002395 || 13 || trojan-activity || 0 || ET MALWARE Miva User-Agent (TPSystem) || url,www.miva.com || url,www.findwhat.com || url,doc.emergingthreats.net/2002395 1 || 2002396 || 12 || trojan-activity || 0 || ET MALWARE Miva Spyware User-Agent (Travel Update) || url,www.miva.com || url,doc.emergingthreats.net/2002396 1 || 2002400 || 29 || trojan-activity || 0 || ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) || url,doc.emergingthreats.net/bin/view/Main/2002400 1 || 2002402 || 17 || trojan-activity || 0 || ET MALWARE Spyware Related User-Agent (UtilMind HTTPGet) || url,www.websearch.com || url,doc.emergingthreats.net/bin/view/Main/2002402 1 || 2002403 || 12 || trojan-activity || 0 || ET MALWARE Context Plus User-Agent (PTS) || url,www.contextplus.net || url,doc.emergingthreats.net/2002403 1 || 2002404 || 11 || trojan-activity || 0 || ET MALWARE Movies-etc User-Agent (IOInstall) || url,www.movies-etc.com || url,doc.emergingthreats.net/2002404 1 || 2002405 || 11 || trojan-activity || 0 || ET MALWARE Internet Optimizer User-Agent (ROGUE) || url,www.internet-optimizer.com || url,doc.emergingthreats.net/2002405 1 || 2002406 || 4 || attempted-recon || 0 || ET EXPLOIT TAC Attack Directory Traversal || cve,2005-3040 || url,secunia.com/advisories/16854 || url,cirt.dk/advisories/cirt-37-advisory.pdf || url,doc.emergingthreats.net/bin/view/Main/2002406 1 || 2002407 || 8 || policy-violation || 0 || ET DELETED WebshotsNetClient || url,www.webshots.com || url,doc.emergingthreats.net/2002407 1 || 2002410 || 4 || policy-violation || 0 || ET DELETED SMTP Non-US Restricted Outbound || url,doc.emergingthreats.net/bin/view/Main/2002410 1 || 2002411 || 4 || policy-violation || 0 || ET DELETED SMTP Non-US Confidential Outbound || url,doc.emergingthreats.net/bin/view/Main/2002411 1 || 2002412 || 4 || policy-violation || 0 || ET DELETED SMTP Non-US Top Secret Outbound || url,doc.emergingthreats.net/bin/view/Main/2002412 1 || 2002413 || 4 || policy-violation || 0 || ET DELETED SMTP Non-US Secret || url,doc.emergingthreats.net/bin/view/Main/2002413 1 || 2002414 || 5 || policy-violation || 0 || ET DELETED SMTP NATO Restricted || url,doc.emergingthreats.net/bin/view/Main/2002414 1 || 2002415 || 4 || policy-violation || 0 || ET DELETED SMTP NATO Confidential Atomal || url,doc.emergingthreats.net/bin/view/Main/2002415 1 || 2002416 || 4 || policy-violation || 0 || ET DELETED SMTP NATO Confidential || url,doc.emergingthreats.net/bin/view/Main/2002416 1 || 2002417 || 4 || policy-violation || 0 || ET DELETED SMTP NATO COSMIC Top Secret Atomal || url,doc.emergingthreats.net/bin/view/Main/2002417 1 || 2002418 || 4 || policy-violation || 0 || ET DELETED SMTP NATO Secret Atomal || url,doc.emergingthreats.net/bin/view/Main/2002418 1 || 2002419 || 4 || policy-violation || 0 || ET DELETED SMTP NATO Secret || url,doc.emergingthreats.net/bin/view/Main/2002419 1 || 2002420 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002420 1 || 2002421 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002421 1 || 2002422 || 5 || policy-violation || 0 || ET DELETED SMTP US Secret, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002422 1 || 2002423 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential REL TO || url,doc.emergingthreats.net/bin/view/Main/2002423 1 || 2002424 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret REL TO || url,doc.emergingthreats.net/bin/view/Main/2002424 1 || 2002425 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret REL TO || url,doc.emergingthreats.net/bin/view/Main/2002425 1 || 2002426 || 3 || policy-violation || 0 || ET DELETED SMTP US Confidential COMINT || url,doc.emergingthreats.net/bin/view/Main/2002426 1 || 2002427 || 3 || policy-violation || 0 || ET DELETED SMTP US Top Secret COMINT || url,doc.emergingthreats.net/bin/view/Main/2002427 1 || 2002428 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret COMINT || url,doc.emergingthreats.net/bin/view/Main/2002428 1 || 2002429 || 4 || policy-violation || 0 || ET DELETED SMTP US Unclassified COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002429 1 || 2002430 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002430 1 || 2002431 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002431 1 || 2002432 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002432 1 || 2002433 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret IMCON || url,doc.emergingthreats.net/bin/view/Main/2002433 1 || 2002434 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret CNWDI || url,doc.emergingthreats.net/bin/view/Main/2002434 1 || 2002435 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret CNWDI || url,doc.emergingthreats.net/bin/view/Main/2002435 1 || 2002436 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret TK || url,doc.emergingthreats.net/bin/view/Main/2002436 1 || 2002437 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret TK || url,doc.emergingthreats.net/bin/view/Main/2002437 1 || 2002438 || 4 || policy-violation || 0 || ET DELETED SMTP US FGI || url,doc.emergingthreats.net/bin/view/Main/2002438 1 || 2002439 || 4 || policy-violation || 0 || ET DELETED SMTP US FOUO || url,doc.emergingthreats.net/bin/view/Main/2002439 1 || 2002440 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002440 1 || 2002441 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002441 1 || 2002442 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002442 1 || 2002443 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential ORCON || url,doc.emergingthreats.net/bin/view/Main/2002443 1 || 2002444 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret ORCON || url,doc.emergingthreats.net/bin/view/Main/2002444 1 || 2002445 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret ORCON || url,doc.emergingthreats.net/bin/view/Main/2002445 1 || 2002446 || 4 || policy-violation || 0 || ET DELETED SMTP US Unclassified PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002446 1 || 2002447 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002447 1 || 2002448 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002448 1 || 2002449 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002449 1 || 2002450 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential RD || url,doc.emergingthreats.net/bin/view/Main/2002450 1 || 2002451 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret RD || url,doc.emergingthreats.net/bin/view/Main/2002451 1 || 2002452 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret RD || url,doc.emergingthreats.net/bin/view/Main/2002452 1 || 2002453 || 4 || policy-violation || 0 || ET DELETED SMTP US SAMI || url,doc.emergingthreats.net/bin/view/Main/2002453 1 || 2002454 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002454 1 || 2002455 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002455 1 || 2002456 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002456 1 || 2002457 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret STOP || url,doc.emergingthreats.net/bin/view/Main/2002457 1 || 2002458 || 4 || policy-violation || 0 || ET DELETED SMTP Private || url,doc.emergingthreats.net/bin/view/Main/2002458 1 || 2002459 || 4 || policy-violation || 0 || ET DELETED SMTP Restricted || url,doc.emergingthreats.net/bin/view/Main/2002459 1 || 2002461 || 4 || policy-violation || 0 || ET DELETED SMTP Secret || url,doc.emergingthreats.net/bin/view/Main/2002461 1 || 2002462 || 4 || policy-violation || 0 || ET DELETED SMTP Top Secret || url,doc.emergingthreats.net/bin/view/Main/2002462 1 || 2002463 || 4 || policy-violation || 0 || ET DELETED SMTP Sealed || url,doc.emergingthreats.net/bin/view/Main/2002463 1 || 2002464 || 4 || policy-violation || 0 || ET DELETED SMTP Sensitive || url,doc.emergingthreats.net/bin/view/Main/2002464 1 || 2002465 || 5 || policy-violation || 0 || ET DELETED SMTP Proprietary || url,doc.emergingthreats.net/bin/view/Main/2002465 1 || 2002466 || 4 || policy-violation || 0 || ET DELETED SMTP Protected || url,doc.emergingthreats.net/bin/view/Main/2002466 1 || 2002467 || 4 || policy-violation || 0 || ET DELETED SMTP Law Enorcement Sensitive || url,doc.emergingthreats.net/bin/view/Main/2002467 1 || 2002468 || 5 || policy-violation || 0 || ET DELETED SMTP Internal Use Only || url,doc.emergingthreats.net/bin/view/Main/2002468 1 || 2002469 || 4 || policy-violation || 0 || ET DELETED SMTP Date of Birth || url,doc.emergingthreats.net/bin/view/Main/2002469 1 || 2002470 || 4 || policy-violation || 0 || ET DELETED SMTP HCPCS Code || url,doc.emergingthreats.net/bin/view/Main/2002470 1 || 2002471 || 4 || policy-violation || 0 || ET DELETED SMTP ICD-10 Code || url,doc.emergingthreats.net/bin/view/Main/2002471 1 || 2002472 || 4 || policy-violation || 0 || ET DELETED SMTP FDA NDC Code || url,doc.emergingthreats.net/bin/view/Main/2002472 1 || 2002473 || 4 || policy-violation || 0 || ET DELETED SMTP ADA Procedure Code || url,doc.emergingthreats.net/bin/view/Main/2002473 1 || 2002474 || 6 || policy-violation || 0 || ET DELETED SMTP DSM-IV Code || url,doc.emergingthreats.net/bin/view/Main/2002474 1 || 2002475 || 4 || policy-violation || 0 || ET DELETED SMTP AMA CPT Code || url,doc.emergingthreats.net/bin/view/Main/2002475 1 || 2002477 || 4 || policy-violation || 0 || ET DELETED SMTP Credit Card, JCB || url,doc.emergingthreats.net/bin/view/Main/2002477 1 || 2002483 || 4 || policy-violation || 0 || ET DELETED SMTP Password || url,doc.emergingthreats.net/bin/view/Main/2002483 1 || 2002484 || 4 || policy-violation || 0 || ET DELETED SMTP Appraisal || url,doc.emergingthreats.net/bin/view/Main/2002484 1 || 2002485 || 4 || policy-violation || 0 || ET DELETED SMTP Account Balance || url,doc.emergingthreats.net/bin/view/Main/2002485 1 || 2002486 || 5 || policy-violation || 0 || ET DELETED SMTP Payment History || url,doc.emergingthreats.net/bin/view/Main/2002486 1 || 2002487 || 5 || policy-violation || 0 || ET DELETED SMTP Annual Income || url,doc.emergingthreats.net/bin/view/Main/2002487 1 || 2002488 || 4 || policy-violation || 0 || ET DELETED SMTP Credit History || url,doc.emergingthreats.net/bin/view/Main/2002488 1 || 2002489 || 4 || policy-violation || 0 || ET DELETED SMTP Transaction History || url,doc.emergingthreats.net/bin/view/Main/2002489 1 || 2002490 || 4 || policy-violation || 0 || ET DELETED SMTP Customer List || url,doc.emergingthreats.net/bin/view/Main/2002490 1 || 2002491 || 12 || web-application-attack || 0 || ET DELETED COM Object MS05-052 (group 1) || cve,2005-2127 || url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx || url,doc.emergingthreats.net/2002491 1 || 2002492 || 13 || web-application-attack || 0 || ET DELETED COM Object MS05-052 (group 2) || cve,2005-2127 || url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx || url,doc.emergingthreats.net/2002492 1 || 2002493 || 81 || web-application-attack || 0 || ET DELETED COM Object MS05-052 (group 3) || cve,2005-2127 || url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx || url,doc.emergingthreats.net/2002493 1 || 2002494 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Versatile Bulletin Board SQL Injection Attack || bugtraq,15068 || url,doc.emergingthreats.net/2002494 1 || 2002495 || 5 || policy-violation || 0 || ET DELETED HTTP Non-US Restricted || url,doc.emergingthreats.net/bin/view/Main/2002495 1 || 2002496 || 5 || policy-violation || 0 || ET DELETED HTTP - Non-US Confidential || url,doc.emergingthreats.net/bin/view/Main/2002496 1 || 2002497 || 5 || policy-violation || 0 || ET DELETED HTTP - Non-US Top Secret || url,doc.emergingthreats.net/bin/view/Main/2002497 1 || 2002498 || 5 || policy-violation || 0 || ET DELETED HTTP - Non-US Secret || url,doc.emergingthreats.net/bin/view/Main/2002498 1 || 2002499 || 6 || policy-violation || 0 || ET DELETED HTTP - NATO Restricted || url,doc.emergingthreats.net/bin/view/Main/2002499 1 || 2002500 || 5 || policy-violation || 0 || ET DELETED HTTP - NATO Confidential Atomal || url,doc.emergingthreats.net/bin/view/Main/2002500 1 || 2002501 || 5 || policy-violation || 0 || ET DELETED HTTP - NATO Confidential || url,doc.emergingthreats.net/bin/view/Main/2002501 1 || 2002502 || 5 || policy-violation || 0 || ET DELETED HTTP - NATO COSMIC Top Secret Atomal || url,doc.emergingthreats.net/bin/view/Main/2002502 1 || 2002503 || 5 || policy-violation || 0 || ET DELETED HTTP - NATO Secret Atomal || url,doc.emergingthreats.net/bin/view/Main/2002503 1 || 2002504 || 5 || policy-violation || 0 || ET DELETED HTTP - NATO Secret || url,doc.emergingthreats.net/bin/view/Main/2002504 1 || 2002505 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002505 1 || 2002506 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002506 1 || 2002507 || 5 || policy-violation || 0 || ET DELETED HTTP - US Secret, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002507 1 || 2002508 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential REL TO || url,doc.emergingthreats.net/bin/view/Main/2002508 1 || 2002509 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret REL TO || url,doc.emergingthreats.net/bin/view/Main/2002509 1 || 2002510 || 4 || policy-violation || 0 || ET DELETED HTTP - US Secret REL TO || url,doc.emergingthreats.net/bin/view/Main/2002510 1 || 2002511 || 4 || policy-violation || 0 || ET DELETED HTTP - US Confidential COMINT || url,doc.emergingthreats.net/bin/view/Main/2002511 1 || 2002512 || 4 || policy-violation || 0 || ET DELETED HTTP - US Top Secret COMINT || url,doc.emergingthreats.net/bin/view/Main/2002512 1 || 2002513 || 4 || policy-violation || 0 || ET DELETED HTTP - US Secret COMINT || url,doc.emergingthreats.net/bin/view/Main/2002513 1 || 2002514 || 5 || policy-violation || 0 || ET DELETED HTTP - US Unclassified COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002514 1 || 2002515 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002515 1 || 2002516 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002516 1 || 2002517 || 4 || policy-violation || 0 || ET DELETED HTTP - US Secret COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002517 1 || 2002519 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret CNWDI || url,doc.emergingthreats.net/bin/view/Main/2002519 1 || 2002521 || 6 || policy-violation || 0 || ET DELETED HTTP - US Top Secret TK || url,doc.emergingthreats.net/bin/view/Main/2002521 1 || 2002523 || 5 || policy-violation || 0 || ET DELETED HTTP - US FGI || url,doc.emergingthreats.net/bin/view/Main/2002523 1 || 2002524 || 7 || policy-violation || 0 || ET DELETED HTTP - US FOUO || url,doc.emergingthreats.net/bin/view/Main/2002524 1 || 2002525 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002525 1 || 2002526 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002526 1 || 2002528 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret ORCON || url,doc.emergingthreats.net/bin/view/Main/2002528 1 || 2002530 || 5 || policy-violation || 0 || ET DELETED HTTP - US Unclassified PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002530 1 || 2002531 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002531 1 || 2002532 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002532 1 || 2002534 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential RD || url,doc.emergingthreats.net/bin/view/Main/2002534 1 || 2002535 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret RD || url,doc.emergingthreats.net/bin/view/Main/2002535 1 || 2002537 || 5 || policy-violation || 0 || ET DELETED HTTP - US SAMI || url,doc.emergingthreats.net/bin/view/Main/2002537 1 || 2002538 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002538 1 || 2002539 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002539 1 || 2002541 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret STOP || url,doc.emergingthreats.net/bin/view/Main/2002541 1 || 2002542 || 5 || policy-violation || 0 || ET DELETED HTTP - Private || url,doc.emergingthreats.net/bin/view/Main/2002542 1 || 2002543 || 5 || policy-violation || 0 || ET DELETED HTTP - Restricted || url,doc.emergingthreats.net/bin/view/Main/2002543 1 || 2002544 || 5 || policy-violation || 0 || ET DELETED HTTP - Confidential || url,doc.emergingthreats.net/bin/view/Main/2002544 1 || 2002546 || 5 || policy-violation || 0 || ET DELETED HTTP - Top Secret || url,doc.emergingthreats.net/bin/view/Main/2002546 1 || 2002547 || 5 || policy-violation || 0 || ET DELETED HTTP - Sealed || url,doc.emergingthreats.net/bin/view/Main/2002547 1 || 2002548 || 5 || policy-violation || 0 || ET DELETED HTTP - Sensitive || url,doc.emergingthreats.net/bin/view/Main/2002548 1 || 2002549 || 5 || policy-violation || 0 || ET DELETED HTTP - Proprietary || url,doc.emergingthreats.net/bin/view/Main/2002549 1 || 2002550 || 5 || policy-violation || 0 || ET DELETED HTTP - Protected || url,doc.emergingthreats.net/bin/view/Main/2002550 1 || 2002551 || 5 || policy-violation || 0 || ET DELETED HTTP - Law Enorcement Sensitive || url,doc.emergingthreats.net/bin/view/Main/2002551 1 || 2002552 || 5 || policy-violation || 0 || ET DELETED HTTP - Internal Use Only || url,doc.emergingthreats.net/bin/view/Main/2002552 1 || 2002553 || 5 || policy-violation || 0 || ET DELETED HTTP - Date of Birth || url,doc.emergingthreats.net/bin/view/Main/2002553 1 || 2002554 || 5 || policy-violation || 0 || ET DELETED HTTP - HCPCS Code || url,doc.emergingthreats.net/bin/view/Main/2002554 1 || 2002555 || 5 || policy-violation || 0 || ET DELETED HTTP - ICD-10 Code || url,doc.emergingthreats.net/bin/view/Main/2002555 1 || 2002556 || 5 || policy-violation || 0 || ET DELETED HTTP - FDA NDC Code || url,doc.emergingthreats.net/bin/view/Main/2002556 1 || 2002557 || 5 || policy-violation || 0 || ET DELETED HTTP - ADA Procedure Code || url,doc.emergingthreats.net/bin/view/Main/2002557 1 || 2002558 || 7 || policy-violation || 0 || ET DELETED HTTP - DSM-IV Code || url,doc.emergingthreats.net/bin/view/Main/2002558 1 || 2002559 || 5 || policy-violation || 0 || ET DELETED HTTP - AMA CPT Code || url,doc.emergingthreats.net/bin/view/Main/2002559 1 || 2002561 || 5 || policy-violation || 0 || ET DELETED HTTP - Credit Card, JCB || url,doc.emergingthreats.net/bin/view/Main/2002561 1 || 2002567 || 5 || policy-violation || 0 || ET DELETED HTTP - Password || url,doc.emergingthreats.net/bin/view/Main/2002567 1 || 2002568 || 5 || policy-violation || 0 || ET DELETED HTTP - Appraisal || url,doc.emergingthreats.net/bin/view/Main/2002568 1 || 2002569 || 5 || policy-violation || 0 || ET DELETED HTTP - Account Balance || url,doc.emergingthreats.net/bin/view/Main/2002569 1 || 2002570 || 5 || policy-violation || 0 || ET DELETED HTTP - Payment History || url,doc.emergingthreats.net/bin/view/Main/2002570 1 || 2002571 || 5 || policy-violation || 0 || ET DELETED HTTP - Annual Income || url,doc.emergingthreats.net/bin/view/Main/2002571 1 || 2002572 || 5 || policy-violation || 0 || ET DELETED HTTP - Credit History || url,doc.emergingthreats.net/bin/view/Main/2002572 1 || 2002573 || 5 || policy-violation || 0 || ET DELETED HTTP - Transaction History || url,doc.emergingthreats.net/bin/view/Main/2002573 1 || 2002574 || 5 || policy-violation || 0 || ET DELETED HTTP - Customer List || url,doc.emergingthreats.net/bin/view/Main/2002574 1 || 2002575 || 5 || policy-violation || 0 || ET DELETED High Ports - Non-US Restricted || url,doc.emergingthreats.net/bin/view/Main/2002575 1 || 2002576 || 5 || policy-violation || 0 || ET DELETED High Ports - Non-US Confidential || url,doc.emergingthreats.net/bin/view/Main/2002576 1 || 2002577 || 5 || policy-violation || 0 || ET DELETED High Ports - Non-US Top Secret || url,doc.emergingthreats.net/bin/view/Main/2002577 1 || 2002578 || 5 || policy-violation || 0 || ET DELETED High Ports - Non-US Secret || url,doc.emergingthreats.net/bin/view/Main/2002578 1 || 2002579 || 5 || policy-violation || 0 || ET DELETED High Ports - NATO Restricted || url,doc.emergingthreats.net/bin/view/Main/2002579 1 || 2002580 || 5 || policy-violation || 0 || ET DELETED High Ports - NATO Confidential Atomal || url,doc.emergingthreats.net/bin/view/Main/2002580 1 || 2002581 || 5 || policy-violation || 0 || ET DELETED High Ports - NATO Confidential || url,doc.emergingthreats.net/bin/view/Main/2002581 1 || 2002582 || 5 || policy-violation || 0 || ET DELETED High Ports - NATO COSMIC Top Secret Atomal || url,doc.emergingthreats.net/bin/view/Main/2002582 1 || 2002583 || 5 || policy-violation || 0 || ET DELETED High Ports - NATO Secret Atomal || url,doc.emergingthreats.net/bin/view/Main/2002583 1 || 2002584 || 5 || policy-violation || 0 || ET DELETED High Ports - NATO Secret || url,doc.emergingthreats.net/bin/view/Main/2002584 1 || 2002585 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002585 1 || 2002586 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002586 1 || 2002587 || 5 || policy-violation || 0 || ET DELETED High Ports - US Secret, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002587 1 || 2002588 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential REL TO || url,doc.emergingthreats.net/bin/view/Main/2002588 1 || 2002589 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret REL TO || url,doc.emergingthreats.net/bin/view/Main/2002589 1 || 2002591 || 4 || policy-violation || 0 || ET DELETED High Ports - US Confidential COMINT || url,doc.emergingthreats.net/bin/view/Main/2002591 1 || 2002592 || 4 || policy-violation || 0 || ET DELETED High Ports - US Top Secret COMINT || url,doc.emergingthreats.net/bin/view/Main/2002592 1 || 2002593 || 4 || policy-violation || 0 || ET DELETED High Ports - US Secret COMINT || url,doc.emergingthreats.net/bin/view/Main/2002593 1 || 2002594 || 5 || policy-violation || 0 || ET DELETED High Ports - US Unclassified COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002594 1 || 2002595 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002595 1 || 2002596 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002596 1 || 2002599 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret CNWDI || url,doc.emergingthreats.net/bin/view/Main/2002599 1 || 2002601 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret TK || url,doc.emergingthreats.net/bin/view/Main/2002601 1 || 2002602 || 4 || policy-violation || 0 || ET DELETED High Ports - US Secret TK || url,doc.emergingthreats.net/bin/view/Main/2002602 1 || 2002603 || 5 || policy-violation || 0 || ET DELETED High Ports - US FGI || url,doc.emergingthreats.net/bin/view/Main/2002603 1 || 2002604 || 5 || policy-violation || 0 || ET DELETED High Ports - US FOUO || url,doc.emergingthreats.net/bin/view/Main/2002604 1 || 2002605 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002605 1 || 2002606 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002606 1 || 2002607 || 4 || policy-violation || 0 || ET DELETED High Ports - US Secret NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002607 1 || 2002608 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential ORCON || url,doc.emergingthreats.net/bin/view/Main/2002608 1 || 2002609 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret ORCON || url,doc.emergingthreats.net/bin/view/Main/2002609 1 || 2002610 || 4 || policy-violation || 0 || ET DELETED High Ports - US Secret ORCON || url,doc.emergingthreats.net/bin/view/Main/2002610 1 || 2002611 || 5 || policy-violation || 0 || ET DELETED High Ports - US Unclassified PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002611 1 || 2002612 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002612 1 || 2002613 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002613 1 || 2002615 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential RD || url,doc.emergingthreats.net/bin/view/Main/2002615 1 || 2002616 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret RD || url,doc.emergingthreats.net/bin/view/Main/2002616 1 || 2002618 || 5 || policy-violation || 0 || ET DELETED High Ports - US SAMI || url,doc.emergingthreats.net/bin/view/Main/2002618 1 || 2002619 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002619 1 || 2002620 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002620 1 || 2002621 || 4 || policy-violation || 0 || ET DELETED High Ports - US Secret SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002621 1 || 2002622 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret STOP || url,doc.emergingthreats.net/2002622 1 || 2002623 || 5 || policy-violation || 0 || ET DELETED High Ports - Private || url,doc.emergingthreats.net/2002623 1 || 2002624 || 5 || policy-violation || 0 || ET DELETED High Ports - Restricted || url,doc.emergingthreats.net/2002624 1 || 2002625 || 5 || policy-violation || 0 || ET DELETED High Ports - Confidential || url,doc.emergingthreats.net/2002625 1 || 2002626 || 4 || policy-violation || 0 || ET DELETED High Ports - Secret || url,doc.emergingthreats.net/2002626 1 || 2002627 || 5 || policy-violation || 0 || ET DELETED High Ports - Top Secret || url,doc.emergingthreats.net/2002627 1 || 2002628 || 5 || policy-violation || 0 || ET DELETED High Ports - Sealed || url,doc.emergingthreats.net/2002628 1 || 2002629 || 5 || policy-violation || 0 || ET DELETED High Ports - Sensitive || url,doc.emergingthreats.net/2002629 1 || 2002630 || 6 || policy-violation || 0 || ET DELETED High Ports - Proprietary || url,doc.emergingthreats.net/2002630 1 || 2002631 || 6 || policy-violation || 0 || ET DELETED High Ports - Protected || url,doc.emergingthreats.net/2002631 1 || 2002632 || 6 || policy-violation || 0 || ET DELETED High Ports - Law Enorcement Sensitive || url,doc.emergingthreats.net/2002632 1 || 2002633 || 6 || policy-violation || 0 || ET DELETED High Ports - Internal Use Only || url,doc.emergingthreats.net/2002633 1 || 2002634 || 6 || policy-violation || 0 || ET DELETED High Ports - Date of Birth || url,doc.emergingthreats.net/2002634 1 || 2002635 || 6 || policy-violation || 0 || ET DELETED High Ports - HCPCS Code || url,doc.emergingthreats.net/2002635 1 || 2002636 || 6 || policy-violation || 0 || ET DELETED High Ports - ICD-10 Code || url,doc.emergingthreats.net/2002636 1 || 2002637 || 6 || policy-violation || 0 || ET DELETED High Ports - FDA NDC Code || url,doc.emergingthreats.net/2002637 1 || 2002638 || 6 || policy-violation || 0 || ET DELETED High Ports - ADA Procedure Code || url,doc.emergingthreats.net/2002638 1 || 2002639 || 8 || policy-violation || 0 || ET DELETED High Ports - DSM-IV Code || url,doc.emergingthreats.net/2002639 1 || 2002640 || 6 || policy-violation || 0 || ET DELETED High Ports - AMA CPT Code || url,doc.emergingthreats.net/2002640 1 || 2002642 || 6 || policy-violation || 0 || ET DELETED High Ports - Credit Card, JCB || url,doc.emergingthreats.net/2002642 1 || 2002648 || 6 || policy-violation || 0 || ET DELETED High Ports - Password || url,doc.emergingthreats.net/2002648 1 || 2002649 || 6 || policy-violation || 0 || ET DELETED High Ports - Appraisal || url,doc.emergingthreats.net/2002649 1 || 2002650 || 6 || policy-violation || 0 || ET DELETED High Ports - Account Balance || url,doc.emergingthreats.net/2002650 1 || 2002651 || 6 || policy-violation || 0 || ET DELETED High Ports - Payment History || url,doc.emergingthreats.net/2002651 1 || 2002652 || 7 || policy-violation || 0 || ET DELETED High Ports - Annual Income || url,doc.emergingthreats.net/2002652 1 || 2002653 || 6 || policy-violation || 0 || ET DELETED High Ports - Credit History || url,doc.emergingthreats.net/2002653 1 || 2002654 || 6 || policy-violation || 0 || ET DELETED High Ports - Transaction History || url,doc.emergingthreats.net/2002654 1 || 2002655 || 6 || policy-violation || 0 || ET DELETED High Ports - Customer List || url,doc.emergingthreats.net/2002655 1 || 2002656 || 4 || attempted-dos || 0 || ET EXPLOIT malformed Sack - Snort DoS-by-$um$id || url,doc.emergingthreats.net/bin/view/Main/2002656 1 || 2002658 || 4 || policy-violation || 0 || ET POLICY EIN in the clear (US-IRS Employer ID Number) || url,policy.ssa.gov/poms.nsf/lnx/0101001004 || url,policy.ssa.gov/poms.nsf/lnx/0101001001?opendocument || url,doc.emergingthreats.net/2002658 1 || 2002659 || 5 || policy-violation || 0 || ET CHAT Yahoo IM Client Install || url,doc.emergingthreats.net/2002659 1 || 2002660 || 10 || web-application-activity || 0 || ET DELETED RSA Web Auth Exploit Attempt - Long URL || url,secunia.com/advisories/17281 || url,www.metasploit.com/projects/Framework/modules/exploits/rsa_iiswebagent_redirect.pm || url,doc.emergingthreats.net/2002660 || url,doc.emergingthreats.net/2002660 1 || 2002662 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TWiki INCLUDE remote command execution attempt || bugtraq,14960 || url,doc.emergingthreats.net/2002662 1 || 2002663 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 resetcore.php SQL Injection attempt || bugtraq,15125 || url,doc.emergingthreats.net/2002663 1 || 2002664 || 10 || attempted-recon || 0 || ET SCAN Nessus User Agent || url,www.nessus.org || url,doc.emergingthreats.net/2002664 1 || 2002667 || 38 || attempted-recon || 0 || ET WEB_SERVER sumthin scan || url,www.webmasterworld.com/forum11/2100.htm || url,doc.emergingthreats.net/2002667 1 || 2002668 || 10 || misc-activity || 0 || ET WEB_SPECIFIC_APPS CutePHP CuteNews directory traversal vulnerability - show_news || bugtraq,15295 || url,doc.emergingthreats.net/2002668 1 || 2002671 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Galerie ShowGallery.php SQL Injection attempt || bugtraq,15313 || url,doc.emergingthreats.net/2002671 1 || 2002673 || 9 || policy-violation || 0 || ET P2P MS Foldershare Login Detected || url,www.foldershare.com || url,doc.emergingthreats.net/bin/view/Main/2002673 1 || 2002676 || 3 || bad-unknown || 0 || ET POLICY nstx DNS Tunnel Outbound || url,savannah.nongnu.org/projects/nstx/ || url,nstx.dereference.de/nstx || url,doc.emergingthreats.net/2002676 1 || 2002677 || 12 || web-application-attack || 0 || ET SCAN Nikto Web App Scan in Progress || url,www.cirt.net/code/nikto.shtml || url,doc.emergingthreats.net/2002677 1 || 2002678 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cyphor show.php SQL injection attempt || bugtraq,15418 || url,doc.emergingthreats.net/2002678 1 || 2002681 || 12 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Exploit || url,seclists.org/lists/fulldisclosure/2005/Nov/0528.html || url,isc.sans.org/diary.php?storyid=869 || url,www.us-cert.gov/cas/bulletins/SB07-106.html || url,doc.emergingthreats.net/2002681 1 || 2002683 || 6 || trojan-activity || 0 || ET WORM shell bot perl code download || url,doc.emergingthreats.net/2002683 1 || 2002684 || 5 || trojan-activity || 0 || ET WORM Shell Bot Code Download || url,doc.emergingthreats.net/2002684 1 || 2002685 || 6 || web-application-attack || 0 || ET WEB_SERVER Barracuda Spam Firewall img.pl Remote Directory Traversal Attempt || bugtraq,14710 || url,doc.emergingthreats.net/2002685 1 || 2002695 || 9 || trojan-activity || 0 || ET DELETED Generic Downloader Outbound HTTP connection - Downloading Code || url,doc.emergingthreats.net/2002695 1 || 2002697 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CVSTrac filediff Arbitrary Remote Code Execution || bugtraq,10878 || cve,2004-1456 || url,doc.emergingthreats.net/bin/view/Main/2002697 1 || 2002702 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSTicket Remote Code Execution Attempt || url,secunia.com/advisories/15216 || url,www.gulftech.org/?node=research&article_id=00071-05022005 || cve,CAN-2005-1438 || cve,CAN-2005-1439 || url,doc.emergingthreats.net/bin/view/Main/2002702 1 || 2002703 || 4 || web-application-attack || 0 || ET EXPLOIT GuppY error.php Arbitrary Remote Code Execution || bugtraq,15609 || url,doc.emergingthreats.net/bin/view/Main/2002703 1 || 2002704 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential ORCON || url,doc.emergingthreats.net/bin/view/Main/2002704 1 || 2002707 || 9 || trojan-activity || 0 || ET DELETED iframebiz - adv***.php || url,iframecash.biz || url,isc.sans.org/diary.php?storyid=868 || url,doc.emergingthreats.net/bin/view/Main/2002707 1 || 2002708 || 8 || trojan-activity || 0 || ET MALWARE iframebiz - sploit.anr || url,iframecash.biz || url,isc.sans.org/diary.php?storyid=868 || url,doc.emergingthreats.net/bin/view/Main/2002708 1 || 2002709 || 8 || trojan-activity || 0 || ET MALWARE iframebiz - loaderadv***.jar || url,iframecash.biz || url,isc.sans.org/diary.php?storyid=868 || url,doc.emergingthreats.net/bin/view/Main/2002709 1 || 2002710 || 8 || trojan-activity || 0 || ET MALWARE iframebiz - loadadv***.exe || url,iframecash.biz || url,isc.sans.org/diary.php?storyid=868 || url,doc.emergingthreats.net/bin/view/Main/2002710 1 || 2002721 || 6 || web-application-attack || 0 || ET WEB_SERVER Cisco IOS HTTP set enable password attack || cve,2005-3921 || bugtraq,15602 || url,www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html || url,doc.emergingthreats.net/2002721 1 || 2002722 || 4 || policy-violation || 0 || ET POLICY MP3 File Transfer Outbound || url,filext.com/detaillist.php?extdetail=mp3&Search=Search || url,doc.emergingthreats.net/2002722 1 || 2002723 || 4 || policy-violation || 0 || ET POLICY MP3 File Transfer Inbound || url,filext.com/detaillist.php?extdetail=mp3&Search=Search || url,doc.emergingthreats.net/2002723 1 || 2002724 || 11 || web-application-attack || 0 || ET ACTIVEX MciWndx ActiveX Control || url,www.microsoft.com/technet/security/bulletin/ms05-054.mspx || url,doc.emergingthreats.net/2002724 1 || 2002725 || 13 || web-application-attack || 0 || ET ACTIVEX COM Object Instantiation Memory Corruption Vulnerability MS05-054 || cve,2005-2831 || url,www.microsoft.com/technet/security/bulletin/ms05-054.mspx || url,doc.emergingthreats.net/2002725 1 || 2002728 || 6 || trojan-activity || 0 || ET DELETED Ranky or variant backdoor communication ping || url,www.sophos.com/virusinfo/analyses/trojranckcx.html || url,www.iss.net/threats/W32.Trojan.Ranky.FV.html 1 || 2002729 || 4 || policy-violation || 0 || ET POLICY Outbound Hamachi VPN Connection Attempt || url,www.hamachi.cc || url,doc.emergingthreats.net/2002729 1 || 2002731 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Generic phpbb arbitrary command attempt || url,cve.mitre.org/cgi-bin/cvekey.cgi?keyword=phpbb_root_path || url,doc.emergingthreats.net/2002731 1 || 2002734 || 5 || attempted-user || 0 || ET EXPLOIT WMF Exploit || url,www.frsirt.com/exploits/20051228.ie_xp_pfv_metafile.pm.php || url,doc.emergingthreats.net/bin/view/Main/2002734 1 || 2002735 || 6 || policy-violation || 0 || ET MALWARE Zenotecnico Adware 2 || url,www.zenotecnico.com || url,doc.emergingthreats.net/bin/view/Main/2002735 1 || 2002736 || 5 || policy-violation || 0 || ET MALWARE Trafficsector.com Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2002736 1 || 2002737 || 6 || policy-violation || 0 || ET MALWARE Zenotecnico Spyware Install Report || url,www.zenotecnico.com || url,doc.emergingthreats.net/bin/view/Main/2002737 1 || 2002738 || 5 || trojan-activity || 0 || ET MALWARE SurfSidekick Activity (rinfo) || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html || url,doc.emergingthreats.net/bin/view/Main/2002738 1 || 2002739 || 12 || trojan-activity || 0 || ET MALWARE iDownloadAgent Spyware User-Agent (iDownloadAgent) || url,doc.emergingthreats.net/2002739 1 || 2002740 || 5 || policy-violation || 0 || ET MALWARE adservs.com Spyware || url,doc.emergingthreats.net/bin/view/Main/2002740 1 || 2002741 || 11 || unknown || 0 || ET EXPLOIT WMF Escape Record Exploit - Web Only - version 3 || url,www.frsirt.com/english/advisories/2005/3086 || url,doc.emergingthreats.net/bin/view/Main/2002741 1 || 2002742 || 9 || attempted-user || 0 || ET EXPLOIT WMF Escape Record Exploit - Version 3 || url,www.frsirt.com/english/advisories/2005/3086 || url,doc.emergingthreats.net/bin/view/Main/2002742 1 || 2002743 || 8 || unknown || 0 || ET EXPLOIT WMF Escape Record Exploit - Web Only - all versions || url,www.frsirt.com/english/advisories/2005/3086 || url,doc.emergingthreats.net/bin/view/Main/2002743 1 || 2002749 || 14 || bad-unknown || 0 || ET POLICY Unallocated IP Space Traffic - Bogon Nets || url,www.cymru.com/Documents/bogon-list.html || url,doc.emergingthreats.net/bin/view/Main/2002749 1 || 2002750 || 27 || bad-unknown || 0 || ET DELETED Reserved IP Space Traffic - Bogon Nets 2 || url,www.cymru.com/Documents/bogon-list.html || url,doc.emergingthreats.net/bin/view/Main/2002750 1 || 2002751 || 8 || bad-unknown || 0 || ET DELETED Reserved IP Space Traffic - Bogon Nets 3 || url,www.cymru.com/Documents/bogon-list.html || url,doc.emergingthreats.net/bin/view/Main/2002751 1 || 2002752 || 4 || bad-unknown || 0 || ET POLICY Reserved Internal IP Traffic || url,www.cymru.com/Documents/bogon-list.html || url,doc.emergingthreats.net/bin/view/Main/2002752 1 || 2002757 || 5 || unknown || 0 || ET EXPLOIT WMF Escape Record Exploit - Web Only - version 1 || url,www.frsirt.com/english/advisories/2005/3086 || url,doc.emergingthreats.net/bin/view/Main/2002757 1 || 2002758 || 6 || attempted-user || 0 || ET EXPLOIT WMF Escape Record Exploit - Version 1 || url,www.frsirt.com/english/advisories/2005/3086 || url,doc.emergingthreats.net/bin/view/Main/2002758 1 || 2002760 || 3 || policy-violation || 0 || ET P2P GnucDNA UDP Ultrapeer Traffic || url,doc.emergingthreats.net/bin/view/Main/2002760 1 || 2002761 || 6 || policy-violation || 0 || ET P2P Gnutella TCP Ultrapeer Traffic || url,doc.emergingthreats.net/bin/view/Main/2002761 1 || 2002762 || 6 || trojan-activity || 0 || ET TROJAN Torpig Reporting User Activity (x25) || url,www.sophos.com/virusinfo/analyses/trojtorpigr.html || url,doc.emergingthreats.net/2002762 1 || 2002763 || 7 || trojan-activity || 0 || ET TROJAN Dumador Reporting User Activity || url,www.norman.com/Virus/Virus_descriptions/24279/ || url,doc.emergingthreats.net/2002763 1 || 2002765 || 7 || trojan-activity || 0 || ET DELETED Corpsespyware.net BlackListed Malicious Domain - google.vc || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002765 1 || 2002766 || 7 || trojan-activity || 0 || ET MALWARE Corpsespyware.net BlackList - pcpeek || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002766 1 || 2002767 || 8 || trojan-activity || 0 || ET MALWARE Corpsespyware.net Distribution - bos.biz || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002767 1 || 2002768 || 7 || trojan-activity || 0 || ET MALWARE Corpsespyware.net Distribution - fesexy || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002768 1 || 2002769 || 8 || trojan-activity || 0 || ET MALWARE Corpsespyware.net Distribution - studiolacase || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002769 1 || 2002770 || 5 || trojan-activity || 0 || ET MALWARE Corpsespyware.net - msits.exe access || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002770 1 || 2002771 || 5 || trojan-activity || 0 || ET MALWARE Corpsespyware.net - msys.exe access || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002771 1 || 2002773 || 8 || trojan-activity || 0 || ET TROJAN FSG Packed Binary via HTTP Inbound || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/2002773 1 || 2002774 || 6 || trojan-activity || 0 || ET DELETED Corpsespyware.net Blind Data Upload || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002774 1 || 2002775 || 8 || trojan-activity || 0 || ET TROJAN Goldun Reporting User Activity || url,www.avira.com/en/threats/TR_Spy_Goldun_de_1_details.html || url,doc.emergingthreats.net/2002775 1 || 2002776 || 7 || trojan-activity || 0 || ET TROJAN SickleBot Reporting User Activity || url,doc.emergingthreats.net/2002776 1 || 2002777 || 7 || web-application-attack || 0 || ET WEB_SERVER Light Weight Calendar 'date' Arbitrary Remote Code Execution || url,doc.emergingthreats.net/2002777 1 || 2002780 || 7 || trojan-activity || 0 || ET TROJAN Goldun Reporting User Activity 2 || url,www.avira.com/en/threats/TR_Spy_Goldun_de_1_details.html || url,doc.emergingthreats.net/2002780 1 || 2002781 || 6 || trojan-activity || 0 || ET TROJAN w32agent.dsi Posting Info || url,doc.emergingthreats.net/2002781 1 || 2002782 || 6 || trojan-activity || 0 || ET TROJAN w32agent.dsi Domain Update || url,doc.emergingthreats.net/2002782 1 || 2002783 || 4 || trojan-activity || 0 || ET EXPLOIT Java runtime.exec() call || url,www.mullingsecurity.com || url,doc.emergingthreats.net/bin/view/Main/2002783 1 || 2002784 || 4 || trojan-activity || 0 || ET EXPLOIT Java private function call sun.misc.unsafe || url,www.mullingsecurity.com || url,doc.emergingthreats.net/bin/view/Main/2002784 1 || 2002785 || 4 || trojan-activity || 0 || ET EXPLOIT Java field reflector call java.lang.reflect.field || url,www.mullingsecurity.com || url,doc.emergingthreats.net/bin/view/Main/2002785 1 || 2002786 || 4 || trojan-activity || 0 || ET EXPLOIT Javascript unsafe applet call || url,www.mullingsecurity.com || url,doc.emergingthreats.net/bin/view/Main/2002786 1 || 2002787 || 4 || trojan-activity || 0 || ET EXPLOIT Javascript Securitymanager class applet call || url,www.mullingsecurity.com || url,doc.emergingthreats.net/bin/view/Main/2002787 1 || 2002790 || 9 || trojan-activity || 0 || ET TROJAN Haxdoor Reporting User Activity || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HAXDOOR.DI || url,doc.emergingthreats.net/2002790 || url,www.symantec.com/security_response/writeup.jsp?docid=2003-113016-1420-99&tabid=2 || url,www.threatexpert.com/report.aspx?md5=e787c4437ff67061983cd08458f71c94 || url,www.threatexpert.com/report.aspx?md5=d86b9eaf9682d60cb8b928dc6ac40954 || url,www.threatexpert.com/report.aspx?md5=1777f0ffa890ebfcc7587957f2d08dca 1 || 2002791 || 5 || web-application-attack || 0 || ET DELETED MISC Computer Associates Negative Content-Length Buffer Overflow || bugtraq,16354 || cve,2005-3653 || url,doc.emergingthreats.net/bin/view/Main/2002791 1 || 2002796 || 4 || policy-violation || 0 || ET POLICY X-Box Live Connecting || url,www.microsoft.com/xbox/ || url,doc.emergingthreats.net/2002796 1 || 2002800 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP PHPNuke Remote File Inclusion Attempt || url,www.zone-h.org/en/advisories/read/id=8694/ || url,doc.emergingthreats.net/2002800 1 || 2002801 || 14 || policy-violation || 0 || ET POLICY Google Desktop User-Agent Detected || url,news.com.com/2100-1032_3-6038197.html || url,doc.emergingthreats.net/2002801 1 || 2002802 || 8 || attempted-user || 0 || ET EXPLOIT Windows Media Player parsing BMP file with 0 size offset to start of image || url,www.milw0rm.com/id.php?id=1500 || url,www.microsoft.com/technet/security/Bulletin/MS06-005.mspx || cve,2006-0006 || bugtraq,16633 || url,doc.emergingthreats.net/bin/view/Main/2002802 1 || 2002803 || 10 || attempted-user || 0 || ET EXPLOIT BMP with invalid bfOffBits || url,www.microsoft.com/technet/security/Bulletin/ms06-005.mspx || cve,2006-0006 || bugtraq,16633 || url,doc.emergingthreats.net/bin/view/Main/2002803 1 || 2002804 || 6 || trojan-activity || 0 || ET MALWARE Spyaxe Spyware DB Update || url,doc.emergingthreats.net/bin/view/Main/2002804 1 || 2002805 || 6 || trojan-activity || 0 || ET MALWARE Spyaxe Spyware DB Version Check || url,doc.emergingthreats.net/bin/view/Main/2002805 1 || 2002806 || 6 || trojan-activity || 0 || ET MALWARE Spyaxe Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2002806 1 || 2002807 || 11 || trojan-activity || 0 || ET DELETED Spyaxe Spyware User-Agent (spyaxe) || url,doc.emergingthreats.net/2002807 1 || 2002808 || 12 || trojan-activity || 0 || ET MALWARE Spyaxe Spyware User-Agent (spywareaxe) || url,doc.emergingthreats.net/2002808 1 || 2002809 || 5 || trojan-activity || 0 || ET ATTACK_RESPONSE Hostile FTP Server Banner (StnyFtpd) || url,doc.emergingthreats.net/bin/view/Main/2002809 1 || 2002810 || 4 || trojan-activity || 0 || ET ATTACK_RESPONSE Hostile FTP Server Banner (Reptile) || url,doc.emergingthreats.net/bin/view/Main/2002810 1 || 2002811 || 5 || trojan-activity || 0 || ET ATTACK_RESPONSE Hostile FTP Server Banner (Bot Server) || url,doc.emergingthreats.net/bin/view/Main/2002811 1 || 2002812 || 6 || trojan-activity || 0 || ET DELETED PWS-LDPinch Reporting User Activity || url,doc.emergingthreats.net/2002812 1 || 2002814 || 5 || policy-violation || 0 || ET P2P Direct Connect Traffic (client-server) || url,en.wikipedia.org/wiki/Direct_connect_file-sharing_application || url,doc.emergingthreats.net/bin/view/Main/2002814 1 || 2002815 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Plume CMS prepend.php Remote File Inclusion attempt || cve,CVE-2006-0725 || bugtraq,16662 || nessus,20972 || url,doc.emergingthreats.net/2002815 1 || 2002816 || 5 || trojan-activity || 0 || ET MALWARE DelFin Project Spyware (payload) || url,doc.emergingthreats.net/bin/view/Main/2002816 1 || 2002817 || 5 || trojan-activity || 0 || ET MALWARE DelFin Project Spyware (setup) || url,doc.emergingthreats.net/bin/view/Main/2002817 1 || 2002820 || 5 || trojan-activity || 0 || ET MALWARE Hotbar Agent Subscription POST || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2002820 1 || 2002821 || 7 || policy-violation || 0 || ET MALWARE SideStep Bar Reporting Data (sbstart) || url,www.sidestep.com || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,doc.emergingthreats.net/bin/view/Main/2002821 1 || 2002822 || 9 || attempted-recon || 0 || ET POLICY Wget User Agent || url,www.gnu.org/software/wget || url,doc.emergingthreats.net/2002822 1 || 2002823 || 11 || attempted-recon || 0 || ET POLICY POSSIBLE Web Crawl using Wget || url,www.gnu.org/software/wget/ || url,doc.emergingthreats.net/2002823 1 || 2002824 || 10 || attempted-recon || 0 || ET POLICY CURL User Agent || url,curl.haxx.se || url,doc.emergingthreats.net/2002824 1 || 2002825 || 8 || attempted-recon || 0 || ET POLICY POSSIBLE Web Crawl using Curl || url,curl.haxx.se || url,doc.emergingthreats.net/2002825 1 || 2002826 || 10 || attempted-recon || 0 || ET POLICY fetch User Agent || url,gobsd.com/code/freebsd/lib/libfetch || url,doc.emergingthreats.net/2002826 1 || 2002827 || 11 || attempted-recon || 0 || ET POLICY POSSIBLE Crawl using Fetch || url,gobsd.com/code/freebsd/lib/libfetch || url,doc.emergingthreats.net/2002827 1 || 2002828 || 9 || not-suspicious || 0 || ET POLICY Googlebot User Agent || url,www.google.com/webmasters/bot.html || url,doc.emergingthreats.net/2002828 1 || 2002829 || 9 || attempted-recon || 0 || ET POLICY Googlebot Crawl || url,www.google.com/webmasters/bot.html || url,doc.emergingthreats.net/2002829 1 || 2002830 || 8 || not-suspicious || 0 || ET POLICY Msnbot User Agent || url,search.msn.com/msnbot.htm || url,doc.emergingthreats.net/2002830 1 || 2002831 || 9 || attempted-recon || 0 || ET POLICY Msnbot Crawl || url,search.msn.com/msnbot.htm || url,doc.emergingthreats.net/2002831 1 || 2002832 || 9 || not-suspicious || 0 || ET POLICY Yahoo Crawler User Agent || url,mms-mmcrawler-support@yahoo-inc.com || url,doc.emergingthreats.net/2002832 1 || 2002833 || 7 || attempted-recon || 0 || ET POLICY Yahoo Crawler Crawl || url,mms-mmcrawler-support@yahoo-inc.com || url,doc.emergingthreats.net/2002833 1 || 2002836 || 8 || trojan-activity || 0 || ET MALWARE MyWebSearch Toolbar Traffic (bar config download) || url,doc.emergingthreats.net/bin/view/Main/2002836 1 || 2002837 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PmWiki Globals Variables Overwrite Attempt || cve,CVE-2006-0479 || bugtraq,16421 || nessus,20891 || url,doc.emergingthreats.net/2002837 1 || 2002838 || 9 || web-application-activity || 0 || ET POLICY Google Search Appliance browsing the Internet || url,www.google.com/enterprise/gsa/index.html || url,doc.emergingthreats.net/2002838 1 || 2002839 || 6 || trojan-activity || 0 || ET MALWARE My Search Spyware Config Download || url,doc.emergingthreats.net/bin/view/Main/2002839 1 || 2002840 || 6 || policy-violation || 0 || ET MALWARE Freeze.com Spyware/Adware (Install) || url,doc.emergingthreats.net/bin/view/Main/2002840 1 || 2002841 || 7 || policy-violation || 0 || ET MALWARE Freeze.com Spyware/Adware (Install Registration) || url,doc.emergingthreats.net/bin/view/Main/2002841 1 || 2002842 || 4 || protocol-command-decode || 0 || ET SCAN MYSQL 4.1 brute force root login attempt || url,www.redferni.uklinux.net/mysql/MySQL-Protocol.html || url,doc.emergingthreats.net/2002842 1 || 2002843 || 4 || attempted-dos || 0 || ET DOS Microsoft Streaming Server Malformed Request || bugtraq,1282 || url,www.microsoft.com/technet/security/bulletin/ms00-038.mspx || url,doc.emergingthreats.net/bin/view/Main/2002843 1 || 2002844 || 7 || web-application-attack || 0 || ET WEB_SERVER WebDAV search overflow || cve,2003-0109 || url,doc.emergingthreats.net/2002844 1 || 2002845 || 5 || attempted-admin || 0 || ET EXPLOIT MSSQL Hello Overflow Attempt || cve,2002-1123 || bugtraq,5411 || url,doc.emergingthreats.net/bin/view/Main/2002845 1 || 2002848 || 7 || attempted-user || 0 || ET VOIP SIP UDP Softphone INVITE overflow || bugtraq,16213 || cve,2006-0189 || url,doc.emergingthreats.net/bin/view/Main/2002848 1 || 2002849 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Google Appliance External Proxy Stylesheet || bugtraq,15509 || cve,2005-3758 || url,doc.emergingthreats.net/2002849 1 || 2002850 || 5 || not-suspicious || 0 || ET FTP USER login flowbit || url,doc.emergingthreats.net/bin/view/Main/2002850 1 || 2002851 || 5 || attempted-recon || 0 || ET FTP HP-UX LIST command without login || cve,2005-3296 || bugtraq,15138 || url,doc.emergingthreats.net/bin/view/Main/2002851 1 || 2002852 || 5 || attempted-user || 0 || ET EXPLOIT HP-UX Printer LPD Command Insertion || cve,2005-3277 || bugtraq,15136 || url,doc.emergingthreats.net/bin/view/Main/2002852 1 || 2002853 || 5 || attempted-dos || 0 || ET DOS FreeBSD NFS RPC Kernel Panic || cve,2006-0900 || bugtraq,19017 || url,doc.emergingthreats.net/bin/view/Main/2002853 1 || 2002855 || 7 || policy-violation || 0 || ET GAMES Blizzard Downloader || url,www.worldofwarcraft.com/info/faq/blizzarddownloader.html || url,doc.emergingthreats.net/bin/view/Main/2002855 1 || 2002856 || 9 || unknown || 0 || ET DELETED Suspicious POST to ROBOTS.TXT || url,doc.emergingthreats.net/bin/view/Main/2002856 1 || 2002857 || 5 || trojan-activity || 0 || ET TROJAN Win32.VB.aie Reporting User Activity || url,doc.emergingthreats.net/2002857 1 || 2002858 || 5 || policy-violation || 0 || ET MALWARE Fun Web Products StationaryChooser Spyware || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2002858 1 || 2002859 || 7 || trojan-activity || 0 || ET TROJAN PassSickle Reporting User Activity || url,doc.emergingthreats.net/2002859 1 || 2002861 || 11 || web-application-attack || 0 || ET ACTIVEX Danim.dll and Dxtmsft.dll COM Objects || cve,2006-1186 || url,www.microsoft.com/technet/security/bulletin/ms06-013.mspx || url,doc.emergingthreats.net/2002861 1 || 2002863 || 8 || attempted-recon || 0 || ET DELETED osCommerce vulnerable web application extras update.php exists || url,retrogod.altervista.org/oscommerce_22_adv.html || url,doc.emergingthreats.net/2002863 1 || 2002864 || 6 || attempted-recon || 0 || ET WEB_SERVER osCommerce extras/update.php disclosure || url,retrogod.altervista.org/oscommerce_22_adv.html || url,doc.emergingthreats.net/2002864 1 || 2002865 || 6 || attempted-user || 0 || ET WEB_SERVER Novell GroupWise Messenger Accept Language Buffer Overflow || cve,2006-0992 || bugtraq,17503 || url,doc.emergingthreats.net/2002865 1 || 2002866 || 6 || policy-violation || 0 || ET POLICY Winpcap Installation in Progress || url,www.winpcap.org || url,doc.emergingthreats.net/2002866 1 || 2002867 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde 3.0.9-3.1.0 Help Viewer Remote PHP Exploit || url,www.milw0rm.com/exploits/1660 || cve,2006-1491 || bugtraq,17292 || url,doc.emergingthreats.net/2002867 1 || 2002868 || 10 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Horde Web Mail Help Access || cve,2006-1491 || bugtraq,17292 || url,doc.emergingthreats.net/2002868 1 || 2002869 || 8 || web-application-attack || 0 || ET WEB_SERVER WebAttacker kit (exploit1 ie0601) || url,doc.emergingthreats.net/2002869 1 || 2002870 || 8 || web-application-attack || 0 || ET WEB_SERVER WebAttacker kit (exploit ie0604) || url,doc.emergingthreats.net/2002870 1 || 2002871 || 7 || web-application-attack || 0 || ET WEB_SERVER WebAttacker kit (bug ie0604) || url,doc.emergingthreats.net/2002871 1 || 2002872 || 6 || policy-violation || 0 || ET POLICY Myspace Login Attempt || url,doc.emergingthreats.net/2002872 1 || 2002874 || 14 || trojan-activity || 0 || ET TROJAN Metafisher/Goldun User-Agent (z) || url,doc.emergingthreats.net/2002874 1 || 2002877 || 14 || trojan-activity || 0 || ET TROJAN TROJAN BankSnif/Nethelper User-Agent (nethelper) || url,doc.emergingthreats.net/2002877 1 || 2002878 || 8 || policy-violation || 0 || ET POLICY iTunes User Agent || url,hcsoftware.sourceforge.net/jason-rohrer/itms4all/ || url,doc.emergingthreats.net/2002878 1 || 2002879 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP phpMyAgenda rootagenda Remote File Include Attempt || cve,2006-2009 || bugtraq,17670 || url,doc.emergingthreats.net/2002879 1 || 2002880 || 8 || attempted-dos || 0 || ET SNMP Cisco Non-Trap PDU request on SNMPv1 trap port || cve,2004-0714 || bugtraq,10186 || url,doc.emergingthreats.net/bin/view/Main/2002880 1 || 2002881 || 8 || attempted-dos || 0 || ET SNMP Cisco Non-Trap PDU request on SNMPv2 trap port || cve,2004-0714 || bugtraq,10186 || url,doc.emergingthreats.net/bin/view/Main/2002881 1 || 2002882 || 7 || attempted-dos || 0 || ET SNMP Cisco Non-Trap PDU request on SNMPv3 trap port || cve,2004-0714 || bugtraq,10186 || url,doc.emergingthreats.net/bin/view/Main/2002882 1 || 2002886 || 3 || attempted-admin || 0 || ET EXPLOIT SYS get_domain_index_metadata Privilege Escalation Attempt || bugtraq,17699 || url,doc.emergingthreats.net/bin/view/Main/2002886 1 || 2002887 || 4 || attempted-admin || 0 || ET EXPLOIT SYS get_domain_index_tables Access || bugtraq,17699 || url,doc.emergingthreats.net/bin/view/Main/2002887 1 || 2002888 || 4 || attempted-admin || 0 || ET EXPLOIT SYS get_v2_domain_index_tables Privilege Escalation Attempt || bugtraq,17699 || url,doc.emergingthreats.net/bin/view/Main/2002888 1 || 2002889 || 8 || attempted-user || 0 || ET ACTIVEX JuniperSetup Control Buffer Overflow || url,www.eeye.com/html/research/advisories/AD20060424.html || url,doc.emergingthreats.net/2002889 1 || 2002892 || 4 || trojan-activity || 0 || ET DELETED Mytob.X clam SMTP Inbound || url,www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=42326 || url,doc.emergingthreats.net/2002892 1 || 2002893 || 4 || trojan-activity || 0 || ET DELETED Mytob.X clam SMTP Outbound || url,www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=42326 || url,doc.emergingthreats.net/2002893 1 || 2002894 || 4 || trojan-activity || 0 || ET DELETED W32.Nugache SMTP Inbound || url,www.symantec.com/avcenter/venc/data/w32.nugache.a@mm.html || url,doc.emergingthreats.net/2002894 1 || 2002895 || 4 || trojan-activity || 0 || ET DELETED W32.Nugache SMTP Outbound || url,www.symantec.com/avcenter/venc/data/w32.nugache.a@mm.html || url,doc.emergingthreats.net/2002895 1 || 2002896 || 6 || attempted-recon || 0 || ET EXPLOIT Symantec Scan Engine Request Password Hash || cve,2006-0230 || bugtraq,17637 || url,doc.emergingthreats.net/bin/view/Main/2002896 1 || 2002897 || 10 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Horde README access probe || cve,CVE-2006-1491 || url,csirt.terradon.com/postarchive.php?month=4&year=2006#article28 || url,doc.emergingthreats.net/2002897 1 || 2002898 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Web Calendar Remote File Inclusion Attempt || bugtraq,14651 || cve,2005-2717 || url,doc.emergingthreats.net/2002898 1 || 2002899 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP VWar Remote File Inclusion get_header.php || url,www.milw0rm.com/exploits/1632 || cve,2006-1636 || bugtraq,17358 || url,doc.emergingthreats.net/2002899 1 || 2002900 || 6 || web-application-attack || 0 || ET WEB_SERVER CGI AWstats Migrate Command Attempt || bugtraq,17844 || url,doc.emergingthreats.net/2002900 1 || 2002901 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Aardvark Topsites PHP CONFIG PATH Remote File Include Attempt || cve,CVE-2006-2149 || url,www.osvdb.org/25158 || url,doc.emergingthreats.net/2002901 1 || 2002902 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP VWar Remote File Inclusion functions_install.php || cve,2006-1503 || bugtraq,17290 || url,doc.emergingthreats.net/2002902 1 || 2002903 || 5 || shellcode-detect || 0 || ET SHELLCODE x86 PexFnstenvMov/Sub Encoder || url,doc.emergingthreats.net/bin/view/Main/2002903 1 || 2002904 || 5 || shellcode-detect || 0 || ET SHELLCODE x86 Alpha2 GetEIPs Encoder || url,doc.emergingthreats.net/bin/view/Main/2002904 1 || 2002905 || 5 || shellcode-detect || 0 || ET SHELLCODE x86 Countdown Encoder || url,doc.emergingthreats.net/bin/view/Main/2002905 1 || 2002906 || 5 || shellcode-detect || 0 || ET SHELLCODE x86 PexAlphaNum Encoder || url,doc.emergingthreats.net/bin/view/Main/2002906 1 || 2002907 || 5 || shellcode-detect || 0 || ET SHELLCODE x86 PexCall Encoder || url,doc.emergingthreats.net/bin/view/Main/2002907 1 || 2002908 || 5 || shellcode-detect || 0 || ET SHELLCODE x86 JmpCallAdditive Encoder || url,doc.emergingthreats.net/bin/view/Main/2002908 1 || 2002910 || 4 || attempted-recon || 0 || ET SCAN Potential VNC Scan 5800-5820 || url,doc.emergingthreats.net/2002910 1 || 2002911 || 4 || attempted-recon || 0 || ET SCAN Potential VNC Scan 5900-5920 || url,doc.emergingthreats.net/2002911 1 || 2002912 || 7 || misc-activity || 0 || ET EXPLOIT VNC Possible Vulnerable Server Response || url,www.realvnc.com/docs/rfbproto.pdf || cve,2006-2369 || url,doc.emergingthreats.net/bin/view/Main/2002912 1 || 2002913 || 7 || misc-activity || 0 || ET EXPLOIT VNC Client response || url,www.realvnc.com/docs/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002913 1 || 2002914 || 6 || misc-activity || 0 || ET EXPLOIT VNC Server VNC Auth Offer || url,www.realvnc.com/docs/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002914 1 || 2002915 || 6 || attempted-admin || 0 || ET EXPLOIT VNC Authentication Reply || url,www.realvnc.com/docs/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002915 1 || 2002916 || 6 || attempted-admin || 0 || ET EXPLOIT RealVNC Authentication Bypass Attempt || url,secunia.com/advisories/20107/ || url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html || cve,2006-2369 || url,doc.emergingthreats.net/bin/view/Main/2002916 1 || 2002917 || 6 || successful-admin || 0 || ET EXPLOIT RealVNC Server Authentication Bypass Successful || url,secunia.com/advisories/20107/ || url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html || cve,2006-2369 || url,doc.emergingthreats.net/bin/view/Main/2002917 1 || 2002918 || 6 || misc-activity || 0 || ET EXPLOIT VNC Server VNC Auth Offer - No Challenge string || url,www.realvnc.com/docs/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002918 1 || 2002919 || 7 || attempted-admin || 0 || ET EXPLOIT VNC Good Authentication Reply || url,www.realvnc.com/docs/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002919 1 || 2002920 || 5 || attempted-admin || 0 || ET POLICY VNC Authentication Failure || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002920 1 || 2002921 || 6 || attempted-admin || 0 || ET EXPLOIT VNC Multiple Authentication Failures || url,www.realvnc.com/docs/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002921 1 || 2002922 || 5 || not-suspicious || 0 || ET POLICY VNC Authentication Successful || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002922 1 || 2002923 || 6 || misc-activity || 0 || ET EXPLOIT VNC Server Not Requiring Authentication (case 2) || url,www.realvnc.com/docs/rfbproto.pdf || cve,2006-2369 || url,doc.emergingthreats.net/bin/view/Main/2002923 1 || 2002924 || 7 || misc-activity || 0 || ET EXPLOIT VNC Server Not Requiring Authentication || url,www.realvnc.com/docs/rfbproto.pdf || cve,2006-2369 || url,doc.emergingthreats.net/bin/view/Main/2002924 1 || 2002925 || 5 || policy-violation || 0 || ET INAPPROPRIATE Google Image Search, Safe Mode Off || url,doc.emergingthreats.net/bin/view/Main/2002925 1 || 2002926 || 7 || attempted-dos || 0 || ET SNMP Cisco Non-Trap PDU request on SNMPv1 random port || cve,2004-0714 || bugtraq,10186 || url,doc.emergingthreats.net/bin/view/Main/2002926 1 || 2002927 || 7 || attempted-dos || 0 || ET SNMP Cisco Non-Trap PDU request on SNMPv2 random port || cve,2004-0714 || bugtraq,10186 || url,doc.emergingthreats.net/bin/view/Main/2002927 1 || 2002928 || 7 || attempted-dos || 0 || ET SNMP Cisco Non-Trap PDU request on SNMPv3 random port || cve,2004-0714 || bugtraq,10186 || url,doc.emergingthreats.net/bin/view/Main/2002928 1 || 2002929 || 7 || trojan-activity || 0 || ET TROJAN Haxdoor Reporting User Activity 2 || url,doc.emergingthreats.net/2002929 || url,www.symantec.com/security_response/writeup.jsp?docid=2003-113016-1420-99&tabid=2 || url,www.threatexpert.com/report.aspx?md5=e787c4437ff67061983cd08458f71c94 || url,www.threatexpert.com/report.aspx?md5=d86b9eaf9682d60cb8b928dc6ac40954 || url,www.threatexpert.com/report.aspx?md5=1777f0ffa890ebfcc7587957f2d08dca || md5,0995ecb8bb78f510ae995a50be0c351a 1 || 2002931 || 5 || trojan-activity || 0 || ET MALWARE CWS Trafcool.biz Related Installer || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035 || url,doc.emergingthreats.net/bin/view/Main/2002931 1 || 2002932 || 5 || trojan-activity || 0 || ET MALWARE CWS Related Installer || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035 || url,doc.emergingthreats.net/bin/view/Main/2002932 1 || 2002933 || 5 || trojan-activity || 0 || ET MALWARE CWS Spy-Sheriff.com Infeced Buy Page Request || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035 || url,doc.emergingthreats.net/bin/view/Main/2002933 1 || 2002934 || 9 || attempted-recon || 0 || ET POLICY libwww-perl User Agent || url,www.linpro.no/lwp/ || url,doc.emergingthreats.net/2002934 1 || 2002935 || 9 || attempted-recon || 0 || ET POLICY Possible Web Crawl - libwww-perl User Agent || url,www.linpro.no/lwp/ || url,doc.emergingthreats.net/2002935 1 || 2002937 || 7 || web-application-attack || 0 || ET WEB_SERVER WebAttacker kit (ie0606) || url,doc.emergingthreats.net/2002937 1 || 2002938 || 5 || trojan-activity || 0 || ET TROJAN elitekeylogger v1.0 reporting - Inbound || url,doc.emergingthreats.net/2002938 1 || 2002940 || 4 || trojan-activity || 0 || ET TROJAN XP keylogger v2.1 mail report - Inbound || url,doc.emergingthreats.net/2002940 1 || 2002941 || 5 || trojan-activity || 0 || ET TROJAN elitekeylogger v1.0 reporting - Outbound || url,doc.emergingthreats.net/2002941 1 || 2002942 || 4 || trojan-activity || 0 || ET TROJAN XP keylogger v2.1 mail report - Outbound || url,doc.emergingthreats.net/2002942 1 || 2002943 || 9 || attempted-recon || 0 || ET POLICY python.urllib User Agent Web Crawl || url,docs.python.org/lib/module-urllib.html || url,doc.emergingthreats.net/2002943 1 || 2002944 || 8 || attempted-recon || 0 || ET POLICY python.urllib User Agent || url,docs.python.org/lib/module-urllib.html || url,doc.emergingthreats.net/2002944 1 || 2002945 || 12 || attempted-recon || 0 || ET POLICY Java Url Lib User Agent Web Crawl || url,www.mozilla.org/docs/netlib/seealso/netmods.html || url,doc.emergingthreats.net/2002945 1 || 2002946 || 9 || attempted-recon || 0 || ET POLICY Java Url Lib User Agent || url,www.mozilla.org/docs/netlib/seealso/netmods.html || url,doc.emergingthreats.net/2002946 1 || 2002947 || 7 || attempted-admin || 0 || ET GAMES PunkBuster Server webkey Buffer Overflow || url,aluigi.altervista.org/adv/pbwebbof-adv.txt || url,doc.emergingthreats.net/2002947 1 || 2002948 || 10 || policy-violation || 0 || ET POLICY External Windows Update in Progress || url,windowsupdate.microsoft.com || url,doc.emergingthreats.net/2002948 1 || 2002949 || 9 || policy-violation || 0 || ET POLICY Windows Update in Progress || url,windowsupdate.microsoft.com || url,doc.emergingthreats.net/2002949 1 || 2002950 || 6 || policy-violation || 0 || ET P2P TOR 1.0 Server Key Retrieval || url,tor.eff.org || url,doc.emergingthreats.net/2002950 1 || 2002951 || 5 || policy-violation || 0 || ET P2P TOR 1.0 Status Update || url,tor.eff.org || url,doc.emergingthreats.net/2002951 1 || 2002952 || 5 || policy-violation || 0 || ET P2P TOR 1.0 Inbound Circuit Traffic || url,tor.eff.org || url,doc.emergingthreats.net/2002952 1 || 2002953 || 5 || policy-violation || 0 || ET P2P TOR 1.0 Outbound Circuit Traffic || url,tor.eff.org || url,doc.emergingthreats.net/2002953 1 || 2002954 || 6 || trojan-activity || 0 || ET MALWARE Bravesentry.com Fake Antispyware Download || url,www.bravesentry.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=BraveSentry&threatid=44152 || url,doc.emergingthreats.net/bin/view/Main/2002954 1 || 2002955 || 7 || trojan-activity || 0 || ET MALWARE Win32/Tibs Checkin || md5,65448c8678f03253ef380c375d6670ce 1 || 2002956 || 5 || trojan-activity || 0 || ET MALWARE Bestcount.net Spyware Downloading vxgame || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain || url,doc.emergingthreats.net/bin/view/Main/2002956 1 || 2002957 || 5 || trojan-activity || 0 || ET MALWARE Bestcount.net Spyware Initial Infection Download || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain || url,doc.emergingthreats.net/bin/view/Main/2002957 1 || 2002959 || 6 || trojan-activity || 0 || ET TROJAN Tibs Checkin || url,doc.emergingthreats.net/2002959 1 || 2002960 || 7 || trojan-activity || 0 || ET DELETED Tibs Download || url,doc.emergingthreats.net/2002960 1 || 2002961 || 5 || trojan-activity || 0 || ET TROJAN Tibs Checkin 2 || url,doc.emergingthreats.net/2002961 1 || 2002962 || 7 || trojan-activity || 0 || ET DELETED Tibs Code Download || url,doc.emergingthreats.net/2002962 1 || 2002963 || 8 || trojan-activity || 0 || ET TROJAN Generic Spambot-Spyware Access || url,doc.emergingthreats.net/2002963 1 || 2002964 || 5 || trojan-activity || 0 || ET TROJAN Generic Spyware Update Download || url,doc.emergingthreats.net/2002964 1 || 2002965 || 7 || trojan-activity || 0 || ET DELETED Generic Spambot Spam Download || url,doc.emergingthreats.net/2002965 1 || 2002966 || 5 || trojan-activity || 0 || ET MALWARE Elitemediagroup.net Spyware Config Download || url,elitemediagroup.net || url,doc.emergingthreats.net/bin/view/Main/2002966 1 || 2002967 || 5 || trojan-activity || 0 || ET MALWARE Dollarrevenue.com Spyware Code Download || url,dollarrevenue.com || url,doc.emergingthreats.net/bin/view/Main/2002967 1 || 2002971 || 5 || attempted-user || 0 || ET ACTIVEX Wmm2fxa.dll COM Object Instantiation Memory Corruption CLSID 1 Access Attempt || cve,2006-1303 || bugtraq,18328 || url,www.microsoft.com/technet/security/bulletin/ms06-021.mspx || url,doc.emergingthreats.net/2002971 1 || 2002973 || 4 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor || url,doc.emergingthreats.net/2002973 1 || 2002974 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Hupigon Possible Control Connection Being Established || url,www.avira.com/en/threats/section/fulldetails/id_vir/1051/bds_hupigon.bo.html || url,doc.emergingthreats.net/2002974 1 || 2002975 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Hupigon INFECTION - Reporting Host Type || url,www.avira.com/en/threats/section/fulldetails/id_vir/1051/bds_hupigon.bo.html || url,doc.emergingthreats.net/2002975 1 || 2002976 || 8 || trojan-activity || 0 || ET TROJAN Banker.Delf Infection - Sending Initial Email to Owner || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2002976 1 || 2002977 || 4 || trojan-activity || 0 || ET TROJAN Banload Downloader Infection - Sending initial email to owner || url,www.viruslist.com/en/viruses/encyclopedia?virusid=95586 || url,doc.emergingthreats.net/2002977 1 || 2002978 || 6 || trojan-activity || 0 || ET TROJAN Banker.Delf Infection variant 2 - Sending Initial Email to Owner || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2002978 1 || 2002979 || 4 || trojan-activity || 0 || ET TROJAN SC-KeyLog Keylogger Installed - Sending Initial Email Report || url,www.soft-central.net/keylog.php || url,doc.emergingthreats.net/2002979 1 || 2002980 || 4 || trojan-activity || 0 || ET TROJAN Banker.Delf Infection variant 3 - Sending Initial Email to Owner || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2002980 1 || 2002981 || 4 || trojan-activity || 0 || ET TROJAN Banker.Delf Infection variant 4 - Sending Initial Email to Owner || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2002981 1 || 2002982 || 6 || trojan-activity || 0 || ET TROJAN GENERAL Possible Trojan Sending Initial Email to Owner - INFECTADO || url,doc.emergingthreats.net/2002982 1 || 2002983 || 3 || trojan-activity || 0 || ET TROJAN GENERAL Possible Trojan Sending Initial Email to Owner - SUCCESSO || url,doc.emergingthreats.net/2002983 1 || 2002984 || 6 || trojan-activity || 0 || ET MALWARE SpySherriff Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2002984 1 || 2002987 || 6 || trojan-activity || 0 || ET MALWARE Jupitersatellites.biz Spyware Download || url,doc.emergingthreats.net/bin/view/Main/2002987 1 || 2002988 || 9 || trojan-activity || 0 || ET MALWARE Possible Spambot Checking in to Spam || url,doc.emergingthreats.net/bin/view/Main/2002988 1 || 2002989 || 8 || trojan-activity || 0 || ET DELETED Possible Spambot getting new exe url || url,doc.emergingthreats.net/bin/view/Main/2002989 1 || 2002990 || 9 || trojan-activity || 0 || ET MALWARE Possible Spambot Pulling IP List to Spam || url,doc.emergingthreats.net/bin/view/Main/2002990 1 || 2002991 || 6 || trojan-activity || 0 || ET MALWARE Possible Spambot getting new exe || url,doc.emergingthreats.net/bin/view/Main/2002991 1 || 2002992 || 6 || misc-activity || 0 || ET SCAN Rapid POP3 Connections - Possible Brute Force Attack || url,doc.emergingthreats.net/2002992 1 || 2002993 || 6 || misc-activity || 0 || ET SCAN Rapid POP3S Connections - Possible Brute Force Attack || url,doc.emergingthreats.net/2002993 1 || 2002994 || 6 || misc-activity || 0 || ET SCAN Rapid IMAP Connections - Possible Brute Force Attack || url,doc.emergingthreats.net/2002994 1 || 2002995 || 9 || misc-activity || 0 || ET SCAN Rapid IMAPS Connections - Possible Brute Force Attack || url,doc.emergingthreats.net/2002995 1 || 2002996 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GeekLog Remote File Include Vulnerability || url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html || url,doc.emergingthreats.net/2002996 1 || 2002997 || 11 || web-application-attack || 0 || ET WEB_SERVER PHP Remote File Inclusion (monster list http) || url,www.sans.org/top20/ || url,doc.emergingthreats.net/2002997 1 || 2002998 || 7 || attempted-dos || 0 || ET DELETED HELO Non-Displayable Characters MailEnable Denial of Service || cve,2006-3277 || bugtraq,18630 || url,doc.emergingthreats.net/bin/view/Main/2002998 1 || 2002999 || 5 || trojan-activity || 0 || ET MALWARE /jk/exp.wmf Exploit Code Load Attempt || url,doc.emergingthreats.net/bin/view/Main/2002999 1 || 2003000 || 6 || trojan-activity || 0 || ET MALWARE PopupSh.ocx Access Attempt || url,doc.emergingthreats.net/bin/view/Main/2003000 1 || 2003002 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Hello on Unusual Port TLS || url,doc.emergingthreats.net/2003002 1 || 2003003 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Hello on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003003 1 || 2003004 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Hello on Unusual Port Case 2 || url,doc.emergingthreats.net/2003004 1 || 2003005 || 9 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Hello on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003005 1 || 2003006 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Key Exchange on Unusual Port || url,doc.emergingthreats.net/2003006 1 || 2003007 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Key Exchange on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003007 1 || 2003008 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Cipher Set on Unusual Port || url,doc.emergingthreats.net/2003008 1 || 2003009 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Cipher Set on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003009 1 || 2003010 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Hello on Unusual Port || url,doc.emergingthreats.net/2003010 1 || 2003011 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Hello on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003011 1 || 2003012 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Certificate Exchange on Unusual Port || url,doc.emergingthreats.net/2003012 1 || 2003013 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Certificate Exchange on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003013 1 || 2003014 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Key Exchange on Unusual Port || url,doc.emergingthreats.net/2003014 1 || 2003015 || 6 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Key Exchange on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003015 1 || 2003016 || 7 || unusual-client-port-connection || 0 || ET DELETED TLS/SSL Server Hello Done on Unusual Port || url,doc.emergingthreats.net/2003016 1 || 2003017 || 6 || unusual-client-port-connection || 0 || ET DELETED TLS/SSL Server Hello Done on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003017 1 || 2003018 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Cipher Set on Unusual Port || url,doc.emergingthreats.net/2003018 1 || 2003019 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Cipher Set on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003019 1 || 2003020 || 9 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Encrypted Application Data on Unusual Port || url,doc.emergingthreats.net/2003020 1 || 2003021 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Encrypted Application Data on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003021 1 || 2003022 || 4 || policy-violation || 0 || ET CHAT Skype Bootstrap Node (udp) || url,www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf || url,doc.emergingthreats.net/2003022 1 || 2003023 || 9 || web-application-activity || 0 || ET WEB_CLIENT IE StructuredGraphicsControl SourceURL Bug MoBB#6 || url,browserfun.blogspot.com/2006/07/mobb-6-structuredgraphicscontrol.html || cve,2006-3427 || url,doc.emergingthreats.net/bin/view/Main/2003023 1 || 2003025 || 6 || trojan-activity || 0 || ET DELETED Unknown Web Bot Controller Accessed || url,doc.emergingthreats.net/bin/view/Main/2003025 1 || 2003026 || 5 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 443 being excluded from SSL Alerts || url,doc.emergingthreats.net/2003026 1 || 2003027 || 5 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8000 being excluded from SSL Alerts || url,doc.emergingthreats.net/2003027 1 || 2003028 || 5 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8080 being excluded from SSL Alerts || url,doc.emergingthreats.net/2003028 1 || 2003029 || 5 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8200 being excluded from SSL Alerts || url,doc.emergingthreats.net/2003029 1 || 2003030 || 5 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8443 being excluded from SSL Alerts || url,doc.emergingthreats.net/2003030 1 || 2003031 || 5 || not-suspicious || 0 || ET CHAT Known SSL traffic on port 5222 (Jabber) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003031 1 || 2003032 || 5 || not-suspicious || 0 || ET CHAT Known SSL traffic on port 5223 (Jabber) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003032 1 || 2003033 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 2967 (Symantec) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003033 1 || 2003034 || 4 || trojan-activity || 0 || ET DELETED Trojan.Downloader.Time2Pay.AQ || url,research.sunbelt-software.com || url,doc.emergingthreats.net/bin/view/Main/2003034 1 || 2003035 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 3128 (proxy) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003035 1 || 2003036 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8080 (proxy) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003036 1 || 2003037 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8292 (Bloomberg) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003037 1 || 2003038 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8294 (Bloomberg) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003038 1 || 2003039 || 4 || attempted-user || 0 || ET EXPLOIT UPnP DLink M-Search Overflow Attempt || url,www.eeye.com/html/research/advisories/AD20060714.html || url,doc.emergingthreats.net/bin/view/Main/2003039 1 || 2003040 || 4 || policy-violation || 0 || ET DELETED PCMesh Anonymous Proxy client connect || url,doc.emergingthreats.net/2003040 1 || 2003041 || 7 || trojan-activity || 0 || ET DELETED Win32.SMTP-Mailer SMTP Outbound || url,research.sunbelt-software.com/threatdisplay.aspx?name=Win32.SMTP-Mailer&threatid=48095 || url,www.hauri.net/virus/virusinfo_read.php?code=TRW3000774&start=1 || url,doc.emergingthreats.net/2003041 1 || 2003045 || 4 || policy-violation || 0 || ET DELETED Real.com Game Arcade Install (User agent) || url,doc.emergingthreats.net/2003045 1 || 2003046 || 3 || policy-violation || 0 || ET DELETED Real.com Game Arcade Install || url,doc.emergingthreats.net/2003046 1 || 2003047 || 4 || policy-violation || 0 || ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi) || url,doc.emergingthreats.net/2003047 1 || 2003048 || 4 || policy-violation || 0 || ET POLICY Proxy Judge Discovery/Evasion (proxyjudge.cgi) || url,doc.emergingthreats.net/2003048 1 || 2003055 || 12 || non-standard-protocol || 0 || ET MALWARE Suspicious FTP 220 Banner on Local Port (-) || url,doc.emergingthreats.net/bin/view/Main/2003055 1 || 2003056 || 5 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS EiQNetworks Security Analyzer Buffer Overflow || cve,2006-3838 || url,secunia.com/advisories/21211/ || url,doc.emergingthreats.net/2003056 1 || 2003057 || 5 || trojan-activity || 0 || ET MALWARE 180solutions Spyware Actionlibs Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003057 1 || 2003058 || 5 || trojan-activity || 0 || ET MALWARE 180solutions (Zango) Spyware Installer Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003058 1 || 2003059 || 5 || trojan-activity || 0 || ET MALWARE 180solutions (Zango) Spyware TB Installer Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003059 1 || 2003060 || 5 || trojan-activity || 0 || ET MALWARE 180solutions (Zango) Spyware Local Stats Post || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003060 1 || 2003061 || 4 || trojan-activity || 0 || ET MALWARE 180solutions (Zango) Spyware Event Activity Post || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003061 1 || 2003062 || 11 || trojan-activity || 0 || ET USER_AGENTS 180 Solutions (Zango Installer) User Agent || url,doc.emergingthreats.net/2003062 1 || 2003063 || 7 || web-application-attack || 0 || ET WEB_SERVER WebAttacker RootLauncher || url,doc.emergingthreats.net/2003063 1 || 2003064 || 7 || attempted-admin || 0 || ET DELETED Cisco-MARS/JBoss jmx-console POST || bugtraq,19071 || url,doc.emergingthreats.net/bin/view/Main/2003064 1 || 2003065 || 7 || attempted-admin || 0 || ET DELETED Cisco-MARS/JBoss Remote Command Execution || bugtraq,19071 || url,doc.emergingthreats.net/bin/view/Main/2003065 1 || 2003066 || 4 || trojan-activity || 0 || ET TROJAN Torpig Reporting User Activity (wur8) || url,www.sophos.com/virusinfo/analyses/trojtorpigr.html || url,doc.emergingthreats.net/2003066 1 || 2003067 || 5 || attempted-dos || 0 || ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT || url,www.milw0rm.com/exploits/2057 || url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx || url,doc.emergingthreats.net/bin/view/Main/2003067 1 || 2003068 || 6 || attempted-recon || 0 || ET SCAN Potential SSH Scan OUTBOUND || url,en.wikipedia.org/wiki/Brute_force_attack || url,doc.emergingthreats.net/2003068 1 || 2003069 || 4 || policy-violation || 0 || ET DELETED Anonymous Proxy Traffic from Inside || url,doc.emergingthreats.net/2003069 1 || 2003070 || 6 || trojan-activity || 0 || ET WORM Korgo.U Reporting || url,www.f-secure.com/v-descs/korgo_u.shtml || url,doc.emergingthreats.net/2003070 1 || 2003071 || 7 || misc-activity || 0 || ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (BSD style) || url,doc.emergingthreats.net/bin/view/Main/2003071 1 || 2003072 || 5 || attempted-admin || 0 || ET EXPLOIT Linksys WRT54g Authentication Bypass Attempt || url,secunia.com/advisories/21372/ || url,doc.emergingthreats.net/bin/view/Main/2003072 1 || 2003073 || 4 || trojan-activity || 0 || ET DELETED ICMP Banking Trojan sending encrypted stolen data || url,www.websensesecuritylabs.com/alerts/alert.php?AlertID=570 || url,doc.emergingthreats.net/2003073 1 || 2003074 || 5 || trojan-activity || 0 || ET MALWARE Content-loader.com Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2003074 1 || 2003075 || 5 || trojan-activity || 0 || ET MALWARE Content-loader.com Spyware Install 2 || url,doc.emergingthreats.net/bin/view/Main/2003075 1 || 2003076 || 5 || trojan-activity || 0 || ET MALWARE Content-loader.com (ownusa.info) Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2003076 1 || 2003081 || 5 || misc-attack || 0 || ET NETBIOS NETBIOS SMB DCERPC NetrpPathCanonicalize request (possible MS06-040) || url,www.microsoft.com/technet/security/bulletin/MS06-040.mspx || url,doc.emergingthreats.net/bin/view/Main/2003081 1 || 2003082 || 5 || misc-attack || 0 || ET NETBIOS NETBIOS SMB-DS DCERPC NetrpPathCanonicalize request (possible MS06-040) || url,www.microsoft.com/technet/security/bulletin/MS06-040.mspx || url,doc.emergingthreats.net/bin/view/Main/2003082 1 || 2003083 || 6 || trojan-activity || 0 || ET TROJAN Dialer || url,isc.sans.org/diary.php?storyid=1388 || url,doc.emergingthreats.net/2003083 1 || 2003084 || 5 || trojan-activity || 0 || ET MALWARE TROJAN_VB Microjoin || url,de.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?VName=TROJ_VB.AWW || url,doc.emergingthreats.net/bin/view/Main/2003084 1 || 2003085 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TWiki Configure Script TYPEOF Remote Command Execution Attempt || cve,CVE-2006-3819 || bugtraq,19188 || url,doc.emergingthreats.net/2003085 1 || 2003086 || 6 || web-application-attack || 0 || ET WEB_SERVER Barracuda Spam Firewall preview_email.cgi Remote Command Execution || bugtraq,19276 || url,doc.emergingthreats.net/2003086 1 || 2003087 || 7 || web-application-attack || 0 || ET WEB_SERVER Barracuda Spam Firewall preview_email.cgi Remote Directory Traversal Attempt || bugtraq,19276 || url,doc.emergingthreats.net/2003087 1 || 2003089 || 4 || policy-violation || 0 || ET GAMES STEAM Connection (v2) || url,doc.emergingthreats.net/bin/view/Main/2003089 1 || 2003092 || 3 || policy-violation || 0 || ET DELETED Gmail gtalk || url,doc.emergingthreats.net/2003092 1 || 2003094 || 3 || trojan-activity || 0 || ET TROJAN VMM Detecting Torpig/Anserin/Sinowal Trojan || url,doc.emergingthreats.net/2003094 1 || 2003095 || 3 || trojan-activity || 0 || ET TROJAN (UPX) VMM Detecting Torpig/Anserin/Sinowal Trojan || url,doc.emergingthreats.net/2003095 1 || 2003096 || 4 || misc-activity || 0 || ET DELETED Possible Image Spam Inbound (simple rule) || url,doc.emergingthreats.net/2003096 1 || 2003097 || 4 || misc-activity || 0 || ET DELETED Possible Image Spam Inbound (complex rule) || url,doc.emergingthreats.net/2003097 1 || 2003099 || 7 || web-application-activity || 0 || ET WEB_SERVER Poison Null Byte || cve,2006-4542 || cve,2006-4458 || cve,2006-3602 || url,www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf || url,doc.emergingthreats.net/2003099 1 || 2003102 || 12 || attempted-user || 0 || ET ACTIVEX Microsoft Multimedia Controls - ActiveX control's spline function call CLSID || url,www.osvdb.org/displayvuln.php?osvdb_id=28841 || cve,2006-4446 || url,doc.emergingthreats.net/2003102 1 || 2003103 || 10 || attempted-user || 0 || ET ACTIVEX Microsoft Multimedia Controls - ActiveX control's spline function call Object || url, www.osvdb.org/displayvuln.php?osvdb_id=28841 || cve,2006-4446 || url,doc.emergingthreats.net/2003103 1 || 2003104 || 11 || attempted-user || 0 || ET DELETED Microsoft Multimedia Controls - ActiveX control's KeyFrame function call CSLID || url,www.osvdb.org/displayvuln.php?osvdb_id=28842 || cve,2006-4777 || url,doc.emergingthreats.net/2003104 1 || 2003105 || 10 || attempted-user || 0 || ET ACTIVEX Microsoft Multimedia Controls - ActiveX control's KeyFrame function call Object || url,www.osvdb.org/displayvuln.php?osvdb_id=28842 || cve,2006-4777 || url,doc.emergingthreats.net/2003105 1 || 2003110 || 7 || attempted-user || 0 || ET WEB_CLIENT MSIE WebViewFolderIcon setSlice invalid memory copy || url, riosec.com/msie-setslice-vuln || url,osvdb.org/27110 || cve,2006-3730 || url,doc.emergingthreats.net/bin/view/Main/2003110 1 || 2003115 || 7 || trojan-activity || 0 || ET TROJAN - Trojan.Proxy.PPAgent.t (updatea) || url,original.avira.com/en/threats/vdf_history.html?id_vdf=2738 || url,doc.emergingthreats.net/2003115 1 || 2003116 || 7 || trojan-activity || 0 || ET TROJAN - Trojan.Proxy.PPAgent.t (updateb) || url,original.avira.com/en/threats/vdf_history.html?id_vdf=2738 || url,doc.emergingthreats.net/2003116 1 || 2003117 || 4 || shellcode-detect || 0 || ET DELETED SHELLCODE CLET polymorphic payload || url,toorcon.org/2006/conference.html?id=29 || url,doc.emergingthreats.net/2003117 1 || 2003118 || 4 || shellcode-detect || 0 || ET DELETED SHELLCODE Shikata Ga Nai polymorphic payload || url,toorcon.org/2006/conference.html?id=29 || url,doc.emergingthreats.net/2003118 1 || 2003119 || 4 || shellcode-detect || 0 || ET DELETED SHELLCODE ADMutate polymorphic payload || url,toorcon.org/2006/conference.html?id=29 || url,doc.emergingthreats.net/2003119 1 || 2003120 || 4 || misc-activity || 0 || ET DELETED Possible Image Spam Inbound (3) || url,doc.emergingthreats.net/2003120 1 || 2003121 || 6 || policy-violation || 0 || ET POLICY docs.google.com Activity || url,docs.google.com || url,doc.emergingthreats.net/2003121 1 || 2003122 || 6 || policy-violation || 0 || ET DELETED Possible docs.google.com Activity || url,docs.google.com || url,doc.emergingthreats.net/2003122 1 || 2003132 || 7 || trojan-activity || 0 || ET TROJAN BOT - potential DDoS command (2) || url,doc.emergingthreats.net/2003132 1 || 2003138 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan peer exchange || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003138 1 || 2003139 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan SMTP test successful || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003139 1 || 2003140 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan update request || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003140 1 || 2003141 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan AV DLL request || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003141 1 || 2003142 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan spam template request || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003142 1 || 2003143 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan spam run report || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003143 1 || 2003144 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan AV scan report || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003144 1 || 2003145 || 5 || web-application-attack || 0 || ET EXPLOIT Novell HttpStk Remote Code Execution Attempt /nds || url,doc.emergingthreats.net/bin/view/Main/2003145 1 || 2003146 || 5 || web-application-attack || 0 || ET EXPLOIT Novell HttpStk Remote Code Execution Attempt /dhost || url,doc.emergingthreats.net/bin/view/Main/2003146 1 || 2003147 || 5 || web-application-attack || 0 || ET EXPLOIT Novell HttpStk Remote Code Execution Attempt /dhost (linewrap) || url,doc.emergingthreats.net/bin/view/Main/2003147 1 || 2003148 || 5 || web-application-attack || 0 || ET EXPLOIT Novell HttpStk Remote Code Execution Attempt /nds (linewrap) || url,doc.emergingthreats.net/bin/view/Main/2003148 1 || 2003149 || 5 || misc-activity || 0 || ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style) || url,doc.emergingthreats.net/bin/view/Main/2003149 1 || 2003150 || 5 || misc-activity || 0 || ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (BSD style) || url,doc.emergingthreats.net/bin/view/Main/2003150 1 || 2003151 || 5 || trojan-activity || 0 || ET MALWARE Fun Web Products SmileyCentral IEsp2 Install || url,www.myfuncards.com || url,doc.emergingthreats.net/bin/view/Main/2003151 1 || 2003152 || 7 || misc-activity || 0 || ET WEB_SPECIFIC_APPS CutePHP CuteNews directory traversal vulnerability - show_archives || bugtraq,15295 || url,doc.emergingthreats.net/2003152 1 || 2003153 || 5 || trojan-activity || 0 || ET MALWARE Bestcount.net Spyware Exploit Download || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain || url,doc.emergingthreats.net/bin/view/Main/2003153 1 || 2003154 || 8 || trojan-activity || 0 || ET MALWARE Bestcount.net Spyware Data Upload || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain || url,doc.emergingthreats.net/bin/view/Main/2003154 1 || 2003155 || 4 || misc-activity || 0 || ET POLICY Microsoft TEREDO IPv6 tunneling || url,doc.emergingthreats.net/2003155 1 || 2003156 || 6 || attempted-recon || 0 || ET DELETED Crewbox Proxy Scan || url,doc.emergingthreats.net/2003156 1 || 2003157 || 10 || trojan-activity || 0 || ET TROJAN Agobot-SDBot Commands || url,doc.emergingthreats.net/2003157 1 || 2003158 || 11 || attempted-user || 0 || ET ACTIVEX Microsoft WMIScriptUtils.WMIObjectBroker object call CSLID || url,www.securityfocus.com/bid/20843 || url,secunia.com/advisories/22603 || cve,2006-4704 || url,www.microsoft.com/technet/security/bulletin/ms06-073.mspx || url,doc.emergingthreats.net/2003158 1 || 2003159 || 10 || attempted-user || 0 || ET ACTIVEX Microsoft VsmIDE.DTE object call CSLID || url,doc.emergingthreats.net/2003159 1 || 2003160 || 10 || attempted-user || 0 || ET ACTIVEX Microsoft DExplore.AppObj.8.0 object call CSLID || url,doc.emergingthreats.net/2003160 1 || 2003161 || 10 || attempted-user || 0 || ET ACTIVEX Microsoft VisualStudio.DTE.8.0 object call CSLID || url,doc.emergingthreats.net/2003161 1 || 2003162 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft Microsoft.DbgClr.DTE.8.0 object call CSLID || url,doc.emergingthreats.net/2003162 1 || 2003163 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft VsaIDE.DTE object call CSLID || url,doc.emergingthreats.net/2003163 1 || 2003164 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft Business Object Factory object call CSLID || url,doc.emergingthreats.net/2003164 1 || 2003165 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft Outlook Data Object object call CSLID || url,doc.emergingthreats.net/2003165 1 || 2003166 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft Outlook.Application object call CSLID || url,doc.emergingthreats.net/2003166 1 || 2003167 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS tikiwiki featured link XSS attempt || url,www.securityfocus.com/archive/1/450268/30/0 || url,doc.emergingthreats.net/2003167 1 || 2003168 || 7 || policy-violation || 0 || ET POLICY Winamp Streaming User Agent || url,doc.emergingthreats.net/2003168 1 || 2003170 || 4 || trojan-activity || 0 || ET DELETED Zango Spyware Activity || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003170 1 || 2003171 || 7 || attempted-recon || 0 || ET SCAN IBM NSA User Agent || url,ftp.inf.utfsm.cl/pub/Docs/IBM/Tivoli/pdfs/sg246021.pdf || url,doc.emergingthreats.net/2003171 1 || 2003173 || 7 || trojan-activity || 0 || ET SHELLCODE Possible UTF-8 encoded Shellcode Detected || url,doc.emergingthreats.net/bin/view/Main/2003173 1 || 2003174 || 8 || trojan-activity || 0 || ET SHELLCODE Possible UTF-16 encoded Shellcode Detected || url,doc.emergingthreats.net/bin/view/Main/2003174 1 || 2003175 || 5 || not-suspicious || 0 || ET TROJAN Warezov/Stration Challenge || url,www.sophos.com/security/analyses/w32strationbo.html || url,doc.emergingthreats.net/2003175 1 || 2003176 || 5 || trojan-activity || 0 || ET TROJAN Warezov/Stration Challenge Response || url,www.sophos.com/security/analyses/w32strationbo.html || url,doc.emergingthreats.net/2003176 1 || 2003179 || 10 || policy-violation || 0 || ET POLICY exe download without User Agent || url,doc.emergingthreats.net/2003179 1 || 2003180 || 11 || trojan-activity || 0 || ET TROJAN Possible Warezov/Stration Data Post to Controller || url,www.sophos.com/security/analyses/w32strationbo.html || url,doc.emergingthreats.net/2003180 1 || 2003182 || 11 || trojan-activity || 0 || ET DELETED Prg Trojan v0.1-v0.3 Data Upload || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2003182 1 || 2003183 || 5 || trojan-activity || 0 || ET TROJAN Prg Trojan Server Reply || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2003183 1 || 2003184 || 5 || trojan-activity || 0 || ET DELETED Prg Trojan v0.1 Binary In Transit || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2003184 1 || 2003185 || 5 || trojan-activity || 0 || ET DELETED Prg Trojan v0.2 Binary In Transit || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2003185 1 || 2003186 || 5 || trojan-activity || 0 || ET DELETED Prg Trojan v0.3 Binary In Transit || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2003186 1 || 2003187 || 5 || trojan-activity || 0 || ET TROJAN Win32.Lager Trojan Initial Checkin || url,www.viruslist.com/en/viruses/encyclopedia?virusid=87732 || url,doc.emergingthreats.net/2003187 1 || 2003188 || 5 || trojan-activity || 0 || ET TROJAN Win32.Lager Trojan Reporting || url,www.viruslist.com/en/viruses/encyclopedia?virusid=87732 || url,doc.emergingthreats.net/2003188 1 || 2003189 || 6 || trojan-activity || 0 || ET TROJAN Win32.Lager Trojan Reporting (gcu) || url,www.viruslist.com/en/viruses/encyclopedia?virusid=87732 || url,doc.emergingthreats.net/2003189 1 || 2003190 || 9 || trojan-activity || 0 || ET TROJAN Win32.Lager Trojan Reporting Spam || url,www.viruslist.com/en/viruses/encyclopedia?virusid=87732 || url,doc.emergingthreats.net/2003190 1 || 2003192 || 4 || attempted-dos || 0 || ET VOIP INVITE Message Flood TCP || url,doc.emergingthreats.net/2003192 1 || 2003193 || 5 || attempted-dos || 0 || ET VOIP REGISTER Message Flood TCP || url,doc.emergingthreats.net/2003193 1 || 2003194 || 6 || attempted-dos || 0 || ET VOIP Multiple Unauthorized SIP Responses TCP || url,doc.emergingthreats.net/2003194 1 || 2003195 || 5 || bad-unknown || 0 || ET POLICY Unusual number of DNS No Such Name Responses || url,doc.emergingthreats.net/2003195 1 || 2003196 || 7 || misc-attack || 0 || ET EXPLOIT FTP .message file write || url,www.milw0rm.com/exploits/2856 || url,doc.emergingthreats.net/bin/view/Main/2003196 1 || 2003197 || 6 || misc-attack || 0 || ET EXPLOIT ProFTPD .message file overflow attempt || url,www.milw0rm.com/exploits/2856 || url,doc.emergingthreats.net/bin/view/Main/2003197 1 || 2003198 || 4 || non-standard-protocol || 0 || ET EXPLOIT TFTP Invalid Mode in file Get || url,doc.emergingthreats.net/bin/view/Main/2003198 1 || 2003199 || 4 || non-standard-protocol || 0 || ET EXPLOIT TFTP Invalid Mode in file Put || url,doc.emergingthreats.net/bin/view/Main/2003199 1 || 2003200 || 10 || trojan-activity || 0 || ET DELETED User-Agent (MSIE XPSP2) || url,doc.emergingthreats.net/2003200 1 || 2003201 || 5 || trojan-activity || 0 || ET MALWARE Thespyguard.com Spyware Install || url,www.thespyguard.com || url,www.kliksoftware.com || url,doc.emergingthreats.net/bin/view/Main/2003201 1 || 2003202 || 7 || trojan-activity || 0 || ET MALWARE Thespyguard.com Spyware Update Check || url,www.kliksoftware.com || url,www.thespyguard.com || url,doc.emergingthreats.net/bin/view/Main/2003202 1 || 2003203 || 5 || trojan-activity || 0 || ET MALWARE Hitvirus Fake AV Install || url,www.kliksoftware.com || url,doc.emergingthreats.net/bin/view/Main/2003203 1 || 2003204 || 6 || trojan-activity || 0 || ET MALWARE Thespyguard.com Spyware Updating || url,www.kliksoftware.com || url,www.thespyguard.com || url,doc.emergingthreats.net/bin/view/Main/2003204 1 || 2003205 || 9 || trojan-activity || 0 || ET MALWARE User-Agent (Informer from RBC) || url,www.kliksoftware.com || url,doc.emergingthreats.net/bin/view/Main/2003205 1 || 2003208 || 13 || trojan-activity || 0 || ET TROJAN IRC pBot PHP Bot Commands || url,doc.emergingthreats.net/2003208 1 || 2003209 || 6 || trojan-activity || 0 || ET MALWARE Best-targeted-traffic.com Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2003209 1 || 2003210 || 6 || trojan-activity || 0 || ET MALWARE Best-targeted-traffic.com Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2003210 1 || 2003211 || 6 || trojan-activity || 0 || ET MALWARE Best-targeted-traffic.com Spyware Ping || url,doc.emergingthreats.net/bin/view/Main/2003211 1 || 2003214 || 5 || attempted-recon || 0 || ET POLICY Pingdom.com Monitoring detected || url,royal.pingdom.com/?p=46 || url,doc.emergingthreats.net/2003214 1 || 2003215 || 5 || attempted-recon || 0 || ET POLICY Pingdom.com Monitoring Node Active || url,royal.pingdom.com/?p=46 || url,doc.emergingthreats.net/2003215 1 || 2003217 || 8 || trojan-activity || 0 || ET MALWARE 180solutions (Zango) Spyware Installer Config 2 || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003217 1 || 2003218 || 6 || trojan-activity || 0 || ET MALWARE Conduit Connect Toolbar Message Download(Many report to be benign) || url,www.conduit.com || url,doc.emergingthreats.net/bin/view/Main/2003218 1 || 2003219 || 5 || trojan-activity || 0 || ET MALWARE Alexa Spyware Reporting || url,doc.emergingthreats.net/bin/view/Main/2003219 1 || 2003221 || 6 || trojan-activity || 0 || ET MALWARE MySearchNow.com Spyware || url,www.mysearchnow.com || url,doc.emergingthreats.net/bin/view/Main/2003221 1 || 2003222 || 7 || trojan-activity || 0 || ET MALWARE MyWebSearch Toolbar Receiving Config 2 || url,doc.emergingthreats.net/bin/view/Main/2003222 1 || 2003223 || 10 || trojan-activity || 0 || ET DELETED Zango-Hotbar User-Agent (zb-hb) || url,doc.emergingthreats.net/2003223 1 || 2003224 || 10 || trojan-activity || 0 || ET MALWARE Megaupload Spyware User-Agent (Megaupload) || url,www.budsinc.com || url,doc.emergingthreats.net/2003224 1 || 2003230 || 7 || attempted-user || 0 || ET WEB_CLIENT Microsoft IE FTP URL Arbitrary Command Injection || url,osvdb.org/12299 || cve,2004-1166 || url,doc.emergingthreats.net/bin/view/Main/2003230 1 || 2003231 || 10 || attempted-user || 0 || ET ACTIVEX ACTIVEX Possible Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution || url, osvdb.org/10705 || cve,2004-0216 || url,doc.emergingthreats.net/2003231 1 || 2003232 || 59 || attempted-user || 0 || ET ACTIVEX Possible Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution (2) || url, osvdb.org/10705 || cve,2004-0216 || url,doc.emergingthreats.net/2003232 1 || 2003233 || 9 || attempted-user || 0 || ET ACTIVEX Possible Microsoft IE Shell.Application ActiveX Arbitrary Command Execution || url, osvdb.org/7913 || cve,2004-2291 || url,doc.emergingthreats.net/2003233 1 || 2003234 || 9 || attempted-user || 0 || ET ACTIVEX ACTIVEX Possible Microsoft IE Shell.Application ActiveX Arbitrary Command Execution (2) || url, osvdb.org/7913 || cve,2004-2291 || url,doc.emergingthreats.net/2003234 1 || 2003236 || 4 || attempted-dos || 0 || ET DOS NetrWkstaUserEnum Request with large Preferred Max Len || cve,2006-6723 || url,doc.emergingthreats.net/bin/view/Main/2003236 1 || 2003237 || 8 || attempted-user || 0 || ET VOIP MultiTech SIP UDP Overflow || cve,2005-4050 || url,doc.emergingthreats.net/2003237 1 || 2003238 || 8 || trojan-activity || 0 || ET TROJAN W32.Downloader Tibs.jy Reporting to C&C || url,doc.emergingthreats.net/2003238 1 || 2003239 || 5 || trojan-activity || 0 || ET TROJAN W32.Downloader Tibs.jy Reporting to C&C (2) || url,doc.emergingthreats.net/2003239 1 || 2003240 || 5 || trojan-activity || 0 || ET MALWARE New.net Spyware updating || url,www.new.net || url,doc.emergingthreats.net/bin/view/Main/2003240 1 || 2003241 || 6 || trojan-activity || 0 || ET MALWARE New.net Spyware Checkin || url,www.new.net || url,doc.emergingthreats.net/bin/view/Main/2003241 1 || 2003242 || 10 || trojan-activity || 0 || ET DELETED Websearch.com Cab Download || mcafee,131461 || url,doc.emergingthreats.net/bin/view/Main/2003242 1 || 2003243 || 12 || trojan-activity || 0 || ET MALWARE User-Agent (Download Agent) Possibly Related to TrinityAcquisitions.com || url,doc.emergingthreats.net/bin/view/Main/2003243 1 || 2003244 || 3 || trojan-activity || 0 || ET TROJAN HackerDefender.HE Root Kit Control Connection || url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html || url,doc.emergingthreats.net/2003244 1 || 2003245 || 3 || trojan-activity || 0 || ET TROJAN HackerDefender.HE Root Kit Control Connection Reply || url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html || url,doc.emergingthreats.net/2003245 1 || 2003250 || 4 || attempted-admin || 0 || ET EXPLOIT Symantec Remote Management RTVScan Exploit || cve,2006-3455 || url,research.eeye.com/html/advisories/published/AD20060612.html || url,doc.emergingthreats.net/bin/view/Main/2003250 1 || 2003251 || 7 || trojan-activity || 0 || ET MALWARE SpySheriff Intial Phone Home || url,vil.nai.com/vil/content/v_135033.htm || url,doc.emergingthreats.net/bin/view/Main/2003251 1 || 2003253 || 5 || policy-violation || 0 || ET MALWARE MarketScore Spyware Uploading Data || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2003253 1 || 2003254 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 25 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003254 1 || 2003255 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 25 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003255 1 || 2003256 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 25 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003256 1 || 2003257 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 25 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003257 1 || 2003258 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 DNS Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003258 1 || 2003259 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 DNS Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003259 1 || 2003260 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 HTTP Proxy Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003260 1 || 2003261 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 HTTP Proxy Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003261 1 || 2003262 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 HTTP Proxy Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003262 1 || 2003263 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 HTTP Proxy Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003263 1 || 2003266 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 443 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003266 1 || 2003267 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 443 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003267 1 || 2003268 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 443 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003268 1 || 2003269 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 443 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003269 1 || 2003270 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 5190 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003270 1 || 2003271 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 5190 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003271 1 || 2003272 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 5190 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003272 1 || 2003273 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 5190 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003273 1 || 2003274 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 1863 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003274 1 || 2003275 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 1863 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003275 1 || 2003276 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 1863 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003276 1 || 2003277 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 1863 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003277 1 || 2003278 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 5050 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003278 1 || 2003279 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 5050 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003279 1 || 2003280 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 5050 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003280 1 || 2003281 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 5050 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003281 1 || 2003284 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 IPv6 Inbound Connect Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003284 1 || 2003285 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 IPv6 Inbound Connect Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003285 1 || 2003286 || 7 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 UDP Proxy Inbound Connect Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003286 1 || 2003287 || 6 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 UDP Proxy Inbound Connect Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003287 1 || 2003288 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Bind Inbound (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003288 1 || 2003289 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Bind Inbound (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003289 1 || 2003290 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Bind Inbound (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003290 1 || 2003291 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Bind Inbound (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003291 1 || 2003292 || 7 || trojan-activity || 0 || ET WORM Allaple ICMP Sweep Ping Outbound || url,www.sophos.com/virusinfo/analyses/w32allapleb.html || url,isc.sans.org/diary.html?storyid=2451 || url,doc.emergingthreats.net/2003292 1 || 2003293 || 9 || trojan-activity || 0 || ET WORM Allaple ICMP Sweep Reply Inbound || url,www.sophos.com/virusinfo/analyses/w32allapleb.html || url,isc.sans.org/diary.html?storyid=2451 || url,doc.emergingthreats.net/2003293 1 || 2003294 || 6 || trojan-activity || 0 || ET WORM Allaple ICMP Sweep Ping Inbound || url,www.sophos.com/virusinfo/analyses/w32allapleb.html || url,isc.sans.org/diary.html?storyid=2451 || url,doc.emergingthreats.net/2003294 1 || 2003295 || 8 || trojan-activity || 0 || ET WORM Allaple ICMP Sweep Reply Outbound || url,www.sophos.com/virusinfo/analyses/w32allapleb.html || url,isc.sans.org/diary.html?storyid=2451 || url,doc.emergingthreats.net/2003295 1 || 2003296 || 6 || trojan-activity || 0 || ET TROJAN Possible Web-based DDoS-command being issued || url,doc.emergingthreats.net/2003296 1 || 2003297 || 5 || trojan-activity || 0 || ET MALWARE Travel Update Spyware || url,doc.emergingthreats.net/bin/view/Main/2003297 1 || 2003298 || 5 || trojan-activity || 0 || ET MALWARE KMIP.net Spyware || url,www.kmip.net || url,doc.emergingthreats.net/bin/view/Main/2003298 1 || 2003302 || 8 || misc-activity || 0 || ET TROJAN psyBNC IRC Server Connection || url,en.wikipedia.org/wiki/PsyBNC || url,doc.emergingthreats.net/2003302 1 || 2003303 || 3 || misc-activity || 0 || ET POLICY FTP Login Attempt (non-anonymous) || url,doc.emergingthreats.net/2003303 1 || 2003304 || 5 || trojan-activity || 0 || ET MALWARE Effectivebrands.com Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2003304 1 || 2003305 || 10 || trojan-activity || 0 || ET DELETED Zango-Hotbar User-Agent (zbu-hb-) || url,doc.emergingthreats.net/2003305 1 || 2003306 || 8 || trojan-activity || 0 || ET MALWARE 180solutions Spyware (tracked event 2 reporting) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003306 1 || 2003307 || 5 || policy-violation || 0 || ET MALWARE Comet Systems Spyware Cursor DL || url,doc.emergingthreats.net/bin/view/Main/2003307 1 || 2003308 || 4 || policy-violation || 0 || ET P2P Edonkey IP Request || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003308 1 || 2003309 || 4 || policy-violation || 0 || ET P2P Edonkey IP Reply || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003309 1 || 2003310 || 3 || policy-violation || 0 || ET P2P Edonkey Publicize File || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003310 1 || 2003311 || 3 || policy-violation || 0 || ET P2P Edonkey Publicize File ACK || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003311 1 || 2003312 || 3 || policy-violation || 0 || ET P2P Edonkey Connect Request || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003312 1 || 2003313 || 3 || policy-violation || 0 || ET P2P Edonkey Connect Reply and Server List || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003313 1 || 2003314 || 3 || policy-violation || 0 || ET P2P Edonkey Search Request (by file hash) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003314 1 || 2003315 || 3 || policy-violation || 0 || ET P2P Edonkey Search Reply || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003315 1 || 2003316 || 3 || policy-violation || 0 || ET P2P Edonkey IP Query End || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003316 1 || 2003317 || 3 || policy-violation || 0 || ET P2P Edonkey Search Request (any type file) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003317 1 || 2003318 || 3 || policy-violation || 0 || ET P2P Edonkey Get Sources Request (by hash) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003318 1 || 2003319 || 3 || policy-violation || 0 || ET P2P Edonkey Search Request (search by name) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003319 1 || 2003320 || 3 || policy-violation || 0 || ET P2P Edonkey Search Results || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003320 1 || 2003321 || 5 || policy-violation || 0 || ET P2P Edonkey Server Message || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003321 1 || 2003322 || 4 || policy-violation || 0 || ET P2P Edonkey Server List || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003322 1 || 2003323 || 4 || policy-violation || 0 || ET P2P Edonkey Client to Server Hello || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003323 1 || 2003324 || 3 || policy-violation || 0 || ET P2P Edonkey Server Status || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003324 1 || 2003325 || 4 || policy-violation || 0 || ET POLICY SMTP Executable attachment || url,doc.emergingthreats.net/2003325 1 || 2003326 || 7 || attempted-admin || 0 || ET WEB_CLIENT Apple Quicktime RTSP Overflow (1) || cve,2007-0015 || bugtraq,21829 || url,doc.emergingthreats.net/2003326 1 || 2003327 || 7 || attempted-admin || 0 || ET WEB_CLIENT Apple Quicktime RTSP Overflow (2) || cve,2007-0015 || bugtraq,21829 || url,doc.emergingthreats.net/2003327 1 || 2003328 || 9 || web-application-attack || 0 || ET ACTIVEX NCTAudioFile2 ActiveX SetFormatLikeSample() Buffer Overflow || cve,2007-0018 || url,secunia.com/advisories/23475/ || url,doc.emergingthreats.net/2003328 1 || 2003329 || 6 || attempted-user || 0 || ET VOIP Centrality IP Phone (PA-168 Chipset) Session Hijacking || url,www.milw0rm.com/exploits/3189 || url,doc.emergingthreats.net/bin/view/Main/2003329 || cve,2007-0528 1 || 2003330 || 6 || bad-unknown || 0 || ET POLICY Possible Spambot Host DNS MX Query High Count || url,doc.emergingthreats.net/2003330 1 || 2003331 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Generic membreManager.php remote file include || bugtraq,22287 || url,doc.emergingthreats.net/2003331 1 || 2003332 || 5 || web-application-attack || 0 || ET EXPLOIT GuppY error.php POST Arbitrary Remote Code Execution || bugtraq,15609 || url,doc.emergingthreats.net/bin/view/Main/2003332 1 || 2003333 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Gnopaster Common.php remote file include || bugtraq,18180 || url,doc.emergingthreats.net/2003333 1 || 2003334 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti cmd.php Remote Arbitrary SQL Command Execution Attempt || cve,CVE-2006-6799 || bugtraq,21799 || url,doc.emergingthreats.net/2003334 1 || 2003335 || 10 || trojan-activity || 0 || ET USER_AGENTS 2search.org User Agent (2search) || url,doc.emergingthreats.net/2003335 1 || 2003336 || 14 || trojan-activity || 0 || ET MALWARE AntiVermins.com Fake Antispyware Package User-Agent (AntiVerminser) || url,doc.emergingthreats.net/2003336 1 || 2003337 || 14 || trojan-activity || 0 || ET MALWARE Suspicious User Agent (Autoupdate) || url,doc.emergingthreats.net/bin/view/Main/2003337 1 || 2003340 || 5 || policy-violation || 0 || ET MALWARE Baidu.com Spyware Bar Reporting || url,www.pctools.com/mrc/infections/id/BaiDu/ || url,doc.emergingthreats.net/bin/view/Main/2003340 1 || 2003341 || 5 || policy-violation || 0 || ET MALWARE Baidu.com Spyware Bar Pulling Content || url,www.pctools.com/mrc/infections/id/BaiDu/ || url,doc.emergingthreats.net/bin/view/Main/2003341 1 || 2003344 || 5 || trojan-activity || 0 || ET MALWARE Trinityacquisitions.com and Maximumexperience.com Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2003344 1 || 2003345 || 10 || trojan-activity || 0 || ET MALWARE User-Agent (Download UBAgent) - lop.com and other spyware || url,www.spywareinfo.com/articles/lop/ || url,doc.emergingthreats.net/2003345 1 || 2003346 || 10 || trojan-activity || 0 || ET MALWARE Errorsafe.com Fake antispyware User-Agent (ErrorSafe Updater) || url,doc.emergingthreats.net/2003346 1 || 2003347 || 10 || trojan-activity || 0 || ET MALWARE Gamehouse.com User-Agent (GAMEHOUSE.NET.URL) || url,doc.emergingthreats.net/2003347 1 || 2003348 || 5 || trojan-activity || 0 || ET MALWARE Gamehouse.com Activity || url,www.gamehouse.com || url,doc.emergingthreats.net/bin/view/Main/2003348 1 || 2003351 || 6 || trojan-activity || 0 || ET MALWARE MyGlobalSearch Spyware bar update || url,doc.emergingthreats.net/bin/view/Main/2003351 1 || 2003352 || 6 || trojan-activity || 0 || ET MALWARE MyGlobalSearch Spyware bar update 2 || url,doc.emergingthreats.net/bin/view/Main/2003352 1 || 2003353 || 5 || trojan-activity || 0 || ET MALWARE Winferno Registry Fix Spyware Download || url,doc.emergingthreats.net/bin/view/Main/2003353 1 || 2003354 || 5 || trojan-activity || 0 || ET MALWARE Yourscreen.com Spyware Download || url,doc.emergingthreats.net/bin/view/Main/2003354 1 || 2003355 || 10 || trojan-activity || 0 || ET MALWARE Yourscreen.com Spyware User-Agent (FreezeInet) || url,doc.emergingthreats.net/2003355 1 || 2003356 || 5 || trojan-activity || 0 || ET MALWARE Freeze.com Spyware Download || url,doc.emergingthreats.net/bin/view/Main/2003356 1 || 2003358 || 5 || trojan-activity || 0 || ET MALWARE Catchonlife.com Spyware || url,doc.emergingthreats.net/bin/view/Main/2003358 1 || 2003360 || 5 || trojan-activity || 0 || ET MALWARE Effectivebrands.com Spyware Checkin 2 || url,doc.emergingthreats.net/bin/view/Main/2003360 1 || 2003362 || 5 || policy-violation || 0 || ET MALWARE Freeze.com Spyware/Adware (Pulling Ads) || url,doc.emergingthreats.net/bin/view/Main/2003362 1 || 2003363 || 10 || trojan-activity || 0 || ET DELETED Spamblockerutility.com-Hotbar User Agent (sbu-hb-) || url,doc.emergingthreats.net/2003363 1 || 2003364 || 5 || trojan-activity || 0 || ET MALWARE Hotbar Agent Adopt/Zango || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2003364 1 || 2003365 || 10 || trojan-activity || 0 || ET MALWARE Hotbar Zango Toolbar Spyware User Agent (ZangoToolbar ) || url,doc.emergingthreats.net/2003365 1 || 2003369 || 3 || attempted-admin || 0 || ET EXPLOIT CA BrightStor ARCserve Mobile Backup LGSERVER.EXE Heap Corruption || cve,2007-0449 || url,doc.emergingthreats.net/bin/view/Main/2003369 1 || 2003370 || 3 || attempted-dos || 0 || ET EXPLOIT Computer Associates Brightstor ARCServer Backup RPC Server (Catirpc.dll) DoS || url,www.milw0rm.com/exploits/3248 || url,doc.emergingthreats.net/bin/view/Main/2003370 1 || 2003371 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Portail Includes.php remote file include || bugtraq,22361 || url,doc.emergingthreats.net/2003371 1 || 2003372 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEventMan remote file include || bugtraq,22358 || url,doc.emergingthreats.net/2003372 1 || 2003375 || 5 || trojan-activity || 0 || ET MALWARE Spy-Not.com Spyware Pulling Fake Sigs || url,doc.emergingthreats.net/bin/view/Main/2003375 1 || 2003376 || 5 || trojan-activity || 0 || ET MALWARE Instafinder.com spyware || url,doc.emergingthreats.net/bin/view/Main/2003376 1 || 2003377 || 5 || trojan-activity || 0 || ET MALWARE Spy-Not.com Spyware Updating || url,doc.emergingthreats.net/bin/view/Main/2003377 1 || 2003378 || 3 || attempted-admin || 0 || ET EXPLOIT Computer Associates Mobile Backup Service LGSERVER.EXE Stack Overflow || url,www.milw0rm.com/exploits/3244 || url,doc.emergingthreats.net/bin/view/Main/2003378 1 || 2003379 || 3 || attempted-dos || 0 || ET EXPLOIT Computer Associates BrightStor ARCserve Backup for Laptops LGServer.exe DoS || url,www.securityfocus.com/archive/1/archive/1/458650/100/0/threaded || url,doc.emergingthreats.net/bin/view/Main/2003379 1 || 2003380 || 10 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (ver18/ver19, etc) || url,doc.emergingthreats.net/2003380 1 || 2003381 || 6 || not-suspicious || 0 || ET POLICY McAfee Update User Agent (McAfee AutoUpdate) || url,doc.emergingthreats.net/2003381 1 || 2003383 || 12 || trojan-activity || 0 || ET MALWARE Hotbar Tools Spyware User-Agent (hbtools) || url,doc.emergingthreats.net/2003383 1 || 2003384 || 10 || trojan-activity || 0 || ET MALWARE SpamBlockerUtility Fake Anti-Spyware User-Agent (SpamBlockerUtility x.x.x) || url,doc.emergingthreats.net/2003384 1 || 2003385 || 11 || trojan-activity || 0 || ET USER_AGENTS sgrunt Dialer User Agent (sgrunt) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453096347 || url,doc.emergingthreats.net/2003385 1 || 2003387 || 11 || trojan-activity || 0 || ET MALWARE dialno Dialer User-Agent (dialno) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453096347 || url,doc.emergingthreats.net/2003387 1 || 2003388 || 5 || trojan-activity || 0 || ET MALWARE Hotbar Keywords Download || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2003388 1 || 2003389 || 6 || policy-violation || 0 || ET MALWARE WhenUClick.com Application Version Check || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2003389 1 || 2003390 || 5 || trojan-activity || 0 || ET MALWARE SurfAccuracy.com Spyware Updating || url,www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99 || url,doc.emergingthreats.net/bin/view/Main/2003390 1 || 2003391 || 5 || trojan-activity || 0 || ET MALWARE SurfAccuracy.com Spyware Pulling Ads || url,www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99 || url,doc.emergingthreats.net/bin/view/Main/2003391 1 || 2003394 || 8 || trojan-activity || 0 || ET USER_AGENTS User Agent Containing http Suspicious - Likely Spyware/Trojan || url,doc.emergingthreats.net/bin/view/Main/2003394 1 || 2003396 || 12 || trojan-activity || 0 || ET MALWARE Mysearch.com/Morpheus Bar Spyware User-Agent (Morpheus) || url,doc.emergingthreats.net/2003396 1 || 2003397 || 12 || trojan-activity || 0 || ET MALWARE Zango Seekmo Bar Spyware User-Agent (Seekmo Toolbar) 1 || 2003398 || 11 || trojan-activity || 0 || ET MALWARE Morpheus Spyware Install User-Agent (SmartInstaller) || url,doc.emergingthreats.net/2003398 1 || 2003399 || 9 || trojan-activity || 0 || ET MALWARE Spyhealer Fake Anti-Spyware Install User-Agent (SpyHealer) || url,doc.emergingthreats.net/2003399 1 || 2003400 || 4 || web-application-attack || 0 || ET EXPLOIT US-ASCII Obfuscated script || url,www.internetdefence.net/2007/02/06/Javascript-payload || cve,2006-3227 || url,www.securityfocus.com/archive/1/437948/30/0/threaded || url,doc.emergingthreats.net/bin/view/Main/2003400 1 || 2003401 || 5 || web-application-attack || 0 || ET EXPLOIT US-ASCII Obfuscated VBScript download file || url,www.internetdefence.net/2007/02/06/Javascript-payload || cve,2006-3227 || url,www.securityfocus.com/archive/1/437948/30/0/threaded || url,doc.emergingthreats.net/bin/view/Main/2003401 1 || 2003402 || 5 || web-application-attack || 0 || ET EXPLOIT US-ASCII Obfuscated VBScript execute command || url,www.internetdefence.net/2007/02/06/Javascript-payload || cve,2006-3227 || url,www.securityfocus.com/archive/1/437948/30/0/threaded || url,doc.emergingthreats.net/bin/view/Main/2003402 1 || 2003403 || 4 || web-application-attack || 0 || ET EXPLOIT US-ASCII Obfuscated VBScript || url,www.internetdefence.net/2007/02/06/Javascript-payload || cve,2006-3227 || url,www.securityfocus.com/archive/1/437948/30/0/threaded || url,doc.emergingthreats.net/bin/view/Main/2003403 1 || 2003404 || 6 || policy-violation || 0 || ET MALWARE WhenUClick.com WhenUSave Data Retrieval (DataChunksGZ) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2003404 1 || 2003405 || 10 || trojan-activity || 0 || ET MALWARE Freeze.com Spyware User-Agent (YourScreen123) || url,doc.emergingthreats.net/2003405 1 || 2003406 || 10 || trojan-activity || 0 || ET MALWARE Mysearch.com Spyware User-Agent (iMeshBar) || url,doc.emergingthreats.net/2003406 1 || 2003407 || 9 || trojan-activity || 0 || ET MALWARE searchenginebar.com Spyware User-Agent (RX Bar) || url,doc.emergingthreats.net/2003407 1 || 2003408 || 7 || trojan-activity || 0 || ET DELETED Zhelatin Variant Checkin || url,doc.emergingthreats.net/2003408 1 || 2003409 || 5 || trojan-activity || 0 || ET DELETED Majestic-12 Spider Bot User-Agent (MJ12bot) || url,www.majestic12.co.uk/ || url,doc.emergingthreats.net/2003409 1 || 2003410 || 9 || misc-activity || 0 || ET POLICY FTP Login Successful || url,doc.emergingthreats.net/2003410 1 || 2003411 || 8 || attempted-user || 0 || ET EXPLOIT Solaris telnet USER environment vuln Attack inbound || url,riosec.com/solaris-telnet-0-day || url,isc.sans.org/diary.html?n&storyid=2220 || url,doc.emergingthreats.net/bin/view/Main/2003411 || cve,2007-0882 1 || 2003412 || 4 || attempted-user || 0 || ET EXPLOIT Solaris telnet USER environment vuln Attack outbound || url,riosec.com/solaris-telnet-0-day || url,isc.sans.org/diary.html?n&storyid=2220 || url,doc.emergingthreats.net/bin/view/Main/2003412 || cve,2007-0882 1 || 2003414 || 5 || trojan-activity || 0 || ET MALWARE Epilot.com Spyware Reporting || url,www.intermute.com/spysubtract/researchcenter/ClientMan.html || url,doc.emergingthreats.net/bin/view/Main/2003414 1 || 2003416 || 5 || trojan-activity || 0 || ET MALWARE Epilot.com Spyware Reporting Clicks || url,www.intermute.com/spysubtract/researchcenter/ClientMan.html || url,doc.emergingthreats.net/bin/view/Main/2003416 1 || 2003417 || 5 || trojan-activity || 0 || ET MALWARE CNSMIN (3721.com) Spyware Activity || url,www.spyany.com/program/article_spy_rm_CnsMin.html || url,doc.emergingthreats.net/bin/view/Main/2003417 1 || 2003418 || 5 || trojan-activity || 0 || ET MALWARE CNSMIN (3721.com) Spyware Activity 2 || url,www.spyany.com/program/article_spy_rm_CnsMin.html || url,doc.emergingthreats.net/bin/view/Main/2003418 1 || 2003419 || 5 || trojan-activity || 0 || ET MALWARE CNSMIN (3721.com) Spyware Activity 3 || url,www.spyany.com/program/article_spy_rm_CnsMin.html || url,doc.emergingthreats.net/bin/view/Main/2003419 1 || 2003420 || 5 || trojan-activity || 0 || ET POLICY Weatherbug Activity || url,doc.emergingthreats.net/bin/view/Main/2003420 1 || 2003421 || 5 || trojan-activity || 0 || ET DELETED Weatherbug Design60 Upload Activity || url,doc.emergingthreats.net/bin/view/Main/2003421 1 || 2003422 || 5 || trojan-activity || 0 || ET POLICY Weatherbug Command Activity || url,doc.emergingthreats.net/bin/view/Main/2003422 1 || 2003423 || 4 || trojan-activity || 0 || ET DELETED Weatherbug Design60 Upload Activity || url,doc.emergingthreats.net/bin/view/Main/2003423 1 || 2003424 || 5 || trojan-activity || 0 || ET DELETED Sality Trojan Web Update || url,www.sophos.com/security/analyses/w32salityu.html || url,doc.emergingthreats.net/2003424 1 || 2003425 || 11 || trojan-activity || 0 || ET MALWARE clickspring.com Spyware Install User-Agent (CS Fingerprint Module) || url,doc.emergingthreats.net/2003425 1 || 2003426 || 5 || trojan-activity || 0 || ET MALWARE Outerinfo.com Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2003426 1 || 2003428 || 11 || trojan-activity || 0 || ET MALWARE Surfaccuracy.com Spyware Install User-Agent (SF Installer) || url,doc.emergingthreats.net/2003428 1 || 2003429 || 12 || trojan-activity || 0 || ET MALWARE xxxtoolbar.com Spyware Install User-Agent || url,doc.emergingthreats.net/2003429 1 || 2003431 || 6 || trojan-activity || 0 || ET TROJAN Unnamed Generic.Malware http get || url,doc.emergingthreats.net/2003431 1 || 2003432 || 5 || trojan-activity || 0 || ET DELETED Nukebot related infection - Unique HTTP get request || url,www.websense.com/securitylabs/alerts/alert.php?AlertID=743 || url,doc.emergingthreats.net/2003432 1 || 2003433 || 5 || trojan-activity || 0 || ET DELETED Nukebot Checkin || url,www.websense.com/securitylabs/alerts/alert.php?AlertID=743 || url,doc.emergingthreats.net/2003433 1 || 2003434 || 3 || attempted-admin || 0 || ET EXPLOIT Trend Micro Web Interface Auth Bypass Vulnerable Cookie Attempt || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=477 || url,www.trendmicro.com/download/product.asp?productid=20 || url,doc.emergingthreats.net/bin/view/Main/2003434 1 || 2003435 || 4 || trojan-activity || 0 || ET TROJAN Stormy Variant HTTP Request || url,doc.emergingthreats.net/2003435 1 || 2003436 || 5 || trojan-activity || 0 || ET TROJAN Warezov/Stration Communicating with Controller 2 || url,www.sophos.com/security/analyses/w32strationbo.html || url,www.avira.com/en/threats/section/fulldetails/id_vir/3242/tr_dldr.warezov.df.html || url,doc.emergingthreats.net/2003436 1 || 2003437 || 7 || policy-violation || 0 || ET P2P Ares over UDP || url,doc.emergingthreats.net/bin/view/Main/2003437 1 || 2003438 || 5 || trojan-activity || 0 || ET MALWARE Abcsearch.com Spyware Reporting || url,doc.emergingthreats.net/bin/view/Main/2003438 1 || 2003439 || 10 || trojan-activity || 0 || ET MALWARE Dropspam.com Spyware Install User-Agent (DSInstall) || url,doc.emergingthreats.net/2003439 1 || 2003440 || 5 || trojan-activity || 0 || ET MALWARE Dropspam.com Spyware Reporting || url,doc.emergingthreats.net/bin/view/Main/2003440 1 || 2003441 || 10 || trojan-activity || 0 || ET MALWARE Webbuying.net Spyware Install User-Agent (wbi_v0.90) || url,doc.emergingthreats.net/2003441 1 || 2003442 || 5 || trojan-activity || 0 || ET MALWARE Webbuying.net Spyware Installing || url,doc.emergingthreats.net/bin/view/Main/2003442 1 || 2003444 || 5 || policy-violation || 0 || ET MALWARE Deskwizz.com Spyware Install Code Download || url,doc.emergingthreats.net/bin/view/Main/2003444 1 || 2003445 || 5 || policy-violation || 0 || ET MALWARE Deskwizz.com Spyware Install INI Download || url,doc.emergingthreats.net/bin/view/Main/2003445 1 || 2003446 || 8 || policy-violation || 0 || ET MALWARE Adware Command Client Checkin || url,www.nuker.com/container/details/adware_command.php || url,doc.emergingthreats.net/bin/view/Main/2003446 1 || 2003449 || 10 || trojan-activity || 0 || ET USER_AGENTS Webbuying.net Spyware Install User-Agent 2 (wb v1.6.4) || url,doc.emergingthreats.net/2003449 1 || 2003450 || 5 || policy-violation || 0 || ET MALWARE Specificclick.net Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2003450 1 || 2003451 || 5 || policy-violation || 0 || ET MALWARE K8l.info Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2003451 1 || 2003453 || 6 || policy-violation || 0 || ET DELETED Netvacy.com Anonymizing Proxy Access || url,doc.emergingthreats.net/2003453 1 || 2003454 || 5 || policy-violation || 0 || ET POLICY Yahoo 360 Social Site Access || url,doc.emergingthreats.net/2003454 1 || 2003455 || 4 || policy-violation || 0 || ET POLICY Hi5.com Social Site Access || url,doc.emergingthreats.net/2003455 1 || 2003457 || 5 || policy-violation || 0 || ET POLICY Metacafe.com Social Site Access || url,doc.emergingthreats.net/2003457 1 || 2003458 || 4 || policy-violation || 0 || ET POLICY Orkut.com Social Site Access || url,doc.emergingthreats.net/2003458 1 || 2003462 || 5 || trojan-activity || 0 || ET MALWARE CoolDeskAlert Spyware Activity || url,cooldeskalert.com || url,www.benedelman.org/spyware/images/bannerfarms-ad_w_a_r_e-globalstore-log-061006.html || url,doc.emergingthreats.net/bin/view/Main/2003462 1 || 2003463 || 17 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (Toolbar) Possibly Malware/Spyware || url,doc.emergingthreats.net/bin/view/Main/2003463 1 || 2003464 || 5 || trojan-activity || 0 || ET ATTACK_RESPONSE Unusual FTP Server Banner (warFTPd) || url,www.warftp.org || url,doc.emergingthreats.net/bin/view/Main/2003464 1 || 2003465 || 5 || trojan-activity || 0 || ET ATTACK_RESPONSE Unusual FTP Server Banner (freeFTPd) || url,www.freeftp.com || url,doc.emergingthreats.net/bin/view/Main/2003465 1 || 2003466 || 13 || web-application-attack || 0 || ET WEB_SERVER PHP Attack Tool Morfeus F Scanner || url,www.webmasterworld.com/search_engine_spiders/3227720.htm || url,doc.emergingthreats.net/2003466 1 || 2003468 || 11 || trojan-activity || 0 || ET MALWARE Oemji Spyware User-Agent (Oemji) || url,doc.emergingthreats.net/2003468 1 || 2003469 || 7 || policy-violation || 0 || ET POLICY AOL Toolbar User-Agent (AOLToolbar) || url,doc.emergingthreats.net/bin/view/Main/2003469 1 || 2003470 || 10 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (Updater) || url,doc.emergingthreats.net/2003470 1 || 2003471 || 7 || trojan-activity || 0 || ET DELETED Winsoftware.com Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2003471 1 || 2003472 || 5 || trojan-activity || 0 || ET MALWARE DelFin Project Spyware (setup-alt) || url,doc.emergingthreats.net/bin/view/Main/2003472 1 || 2003473 || 5 || trojan-activity || 0 || ET MALWARE DelFin Project Spyware (payload-alt) || url,doc.emergingthreats.net/bin/view/Main/2003473 1 || 2003474 || 6 || attempted-dos || 0 || ET VOIP Asterisk Register with no URI or Version DOS Attempt || url,labs.musecurity.com/advisories/MU-200703-01.txt || url,tools.ietf.org/html/rfc3261 || url,doc.emergingthreats.net/2003474 1 || 2003475 || 8 || trojan-activity || 0 || ET P2P ABC Torrent User-Agent (ABC/ABC-3.1.0) || url,pingpong-abc.sourceforge.net || url,doc.emergingthreats.net/bin/view/Main/2003475 1 || 2003476 || 9 || trojan-activity || 0 || ET MALWARE Virusblast.com Fake AV/Anti-Spyware User-Agent (ad-protect) || url,spywarewarrior.com/rogue_anti-spyware.htm || url,www.virusblast.com || url,doc.emergingthreats.net/2003476 1 || 2003477 || 9 || trojan-activity || 0 || ET MALWARE Terminexor.com Spyware User-Agent (DInstaller2) || url,www.terminexor.com || url,netrn.net/spywareblog/archives/2004/12/23/more-rip-off-ware-terminexor || url,doc.emergingthreats.net/2003477 1 || 2003478 || 9 || trojan-activity || 0 || ET MALWARE Errornuker.com Fake Anti-Spyware User-Agent (ERRORNUKER) || url,www.spywarewarrior.com/rogue_anti-spyware.htm || url,www.errornuker.com || url,doc.emergingthreats.net/2003478 1 || 2003479 || 4 || not-suspicious || 0 || ET POLICY Radmin Remote Control Session Setup Initiate || url,www.radmin.com || url,doc.emergingthreats.net/2003479 1 || 2003480 || 4 || not-suspicious || 0 || ET POLICY Radmin Remote Control Session Setup Response || url,www.radmin.com || url,doc.emergingthreats.net/2003480 1 || 2003481 || 4 || not-suspicious || 0 || ET POLICY Radmin Remote Control Session Authentication Initiate || url,www.radmin.com || url,doc.emergingthreats.net/2003481 1 || 2003482 || 4 || not-suspicious || 0 || ET POLICY Radmin Remote Control Session Authentication Response || url,www.radmin.com || url,doc.emergingthreats.net/2003482 1 || 2003484 || 9 || trojan-activity || 0 || ET WORM Allaple Unique HTTP Request - Possibly part of DDOS || url,doc.emergingthreats.net/2003484 || url,isc.sans.org/diary.html?storyid=2451 1 || 2003486 || 10 || trojan-activity || 0 || ET USER_AGENTS Drivecleaner.com Spyware User-Agent (DriveCleaner Updater) || url,www.drivecleaner.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=DriveCleaner&threatid=44533 || url,doc.emergingthreats.net/2003486 1 || 2003489 || 11 || trojan-activity || 0 || ET MALWARE malwarewipeupdate.com Spyware User-Agent (MalwareWipe) || url,www.malwarewipeupdate.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=MalwareWipe&threatid=43086 || url,doc.emergingthreats.net/2003489 1 || 2003490 || 8 || trojan-activity || 0 || ET MALWARE Mirar Spyware User-Agent (Mirar_KeywordContent) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453078818 || url,doc.emergingthreats.net/2003490 1 || 2003492 || 14 || trojan-activity || 0 || ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) || url,doc.emergingthreats.net/2003492 1 || 2003493 || 10 || trojan-activity || 0 || ET MALWARE AskSearch Spyware User-Agent (AskSearchAssistant) || url,doc.emergingthreats.net/2003493 1 || 2003494 || 15 || policy-violation || 0 || ET DELETED AskSearch Toolbar Spyware User-Agent (AskTBar) || url,doc.emergingthreats.net/2003494 1 || 2003495 || 11 || trojan-activity || 0 || ET DELETED HSN.com Toolbar Spyware User-Agent (HSN) || url,doc.emergingthreats.net/2003495 1 || 2003496 || 12 || trojan-activity || 0 || ET MALWARE AskSearch Toolbar Spyware User-Agent (AskBar) || url,doc.emergingthreats.net/2003496 1 || 2003497 || 13 || trojan-activity || 0 || ET MALWARE User-Agent (ms) || url,doc.emergingthreats.net/bin/view/Main/2003497 1 || 2003498 || 9 || trojan-activity || 0 || ET MALWARE Gamehouse.com Related Spyware User-Agent (Sprout Game) || url,doc.emergingthreats.net/2003498 1 || 2003499 || 9 || trojan-activity || 0 || ET MALWARE SpyDawn.com Fake Anti-Spyware User-Agent (SpyDawn) || url,www.spywareguide.com/spydet_3366_spydawn.html || url,doc.emergingthreats.net/2003499 1 || 2003500 || 9 || trojan-activity || 0 || ET MALWARE Adwave.com Related Spyware User-Agent (STBHOGet) || url,doc.emergingthreats.net/2003500 1 || 2003501 || 10 || trojan-activity || 0 || ET MALWARE Bestoffersnetwork.com Related Spyware User-Agent (TBONAS) || url,research.sunbelt-software.com/threatdisplay.aspx?name=BestOffersNetworks&threatid=43670 || url,doc.emergingthreats.net/2003501 1 || 2003504 || 5 || trojan-activity || 0 || ET MALWARE E2give Spyware Reporting (check url) || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728 || url,doc.emergingthreats.net/bin/view/Main/2003504 1 || 2003505 || 10 || trojan-activity || 0 || ET MALWARE Toplist.cz Related Spyware Checkin 1 || 2003506 || 10 || trojan-activity || 0 || ET MALWARE Alawar Toolbar Spyware User-Agent (Alawar Toolbar) || url,www.bleepingcomputer.com/uninstall/68/Alawar-Toolbar.html || url,doc.emergingthreats.net/2003506 1 || 2003508 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress wp-login.php redirect_to credentials stealing attempt || url,www.inliniac.net/blog/?p=71 || url,doc.emergingthreats.net/2003508 1 || 2003513 || 11 || trojan-activity || 0 || ET DELETED Suspicious Mozilla User-Agent typo (MOzilla/4.0) || url,doc.emergingthreats.net/2003513 1 || 2003514 || 8 || attempted-user || 0 || ET ACTIVEX Possible Microsoft Internet Explorer ADODB.Redcordset Double Free Memory Exploit - MS07-009 || url,www.milw0rm.com/exploits/3577 || url,www.microsoft.com/technet/security/Bulletin/MS07-009.mspx || url,doc.emergingthreats.net/2003514 1 || 2003515 || 6 || trojan-activity || 0 || ET TROJAN Snatch Reporting User Activity || url,doc.emergingthreats.net/2003515 1 || 2003516 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops Articles modules print.php SQL injection attempt || bugtraq,23160 || url,doc.emergingthreats.net/2003516 1 || 2003517 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iPhotoAlbum header.php remote file include || bugtraq,23189 || url,doc.emergingthreats.net/2003517 1 || 2003518 || 5 || attempted-admin || 0 || ET EXPLOIT Computer Associates Brightstor ARCServe Backup Mediasvr.exe Remote Exploit || url,www.milw0rm.com/exploits/3604 || url,doc.emergingthreats.net/bin/view/Main/2003518 1 || 2003519 || 8 || attempted-admin || 0 || ET EXPLOIT MS ANI exploit || url,doc.emergingthreats.net/bin/view/Main/2003519 1 || 2003520 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webCalendar Remote File include || url,www.securityfocus.com/archive/1/462957 || url,doc.emergingthreats.net/2003520 1 || 2003525 || 5 || trojan-activity || 0 || ET MALWARE Supergames.aavalue.com Spyware || url,research.sunbelt-software.com/threatdisplay.aspx?name=EZ-Tracks%20Toolbar&threatid=41189 || url,doc.emergingthreats.net/bin/view/Main/2003525 1 || 2003526 || 5 || trojan-activity || 0 || ET MALWARE KMIP.net Spyware 2 || url,www.kmip.net || url,doc.emergingthreats.net/bin/view/Main/2003526 1 || 2003527 || 9 || trojan-activity || 0 || ET MALWARE WinSoftware.com Spyware User-Agent (WinSoftware) || url,research.sunbelt-software.com/threatdisplay.aspx?name=WinSoftware%20Corporation%2c%20Inc.%20(v)&threatid=90037 || url,doc.emergingthreats.net/2003527 1 || 2003528 || 8 || trojan-activity || 0 || ET MALWARE WinSoftware.com Spyware User-Agent (NetInstaller) || url,research.sunbelt-software.com/threatdisplay.aspx?name=WinSoftware%20Corporation,%20Inc.%20(v)&threatid=90037 || url,doc.emergingthreats.net/2003528 1 || 2003529 || 8 || trojan-activity || 0 || ET MALWARE Msgplus.net Spyware/Adware User-Agent (MsgPlus3) || url,research.sunbelt-software.com/threatdisplay.aspx?name=Messenger%20Plus!&threatid=14931 || url,doc.emergingthreats.net/2003529 1 || 2003530 || 13 || trojan-activity || 0 || ET MALWARE Suspicious Mozilla User-Agent Separator - likely Fake (Mozilla/4.0+(compatible +MSIE+) || url,doc.emergingthreats.net/2003530 1 || 2003531 || 8 || trojan-activity || 0 || ET MALWARE Antivermins.com Spyware/Adware User-Agent (AntiVermeans) || url,www.bleepingcomputer.com/forums/topic69886.htm || url,doc.emergingthreats.net/2003531 1 || 2003532 || 9 || trojan-activity || 0 || ET MALWARE CommonName.com Spyware/Adware User-Agent (CommonName Agent) || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453078618 || url,doc.emergingthreats.net/2003532 1 || 2003533 || 6 || trojan-activity || 0 || ET MALWARE Sytes.net Related Spyware Reporting || url,www.sophos.com/security/analyses/w32forbotdv.html || url,doc.emergingthreats.net/bin/view/Main/2003533 1 || 2003534 || 5 || trojan-activity || 0 || ET DELETED Weatherbug Vista Gadget Activity || url,doc.emergingthreats.net/bin/view/Main/2003534 1 || 2003535 || 7 || web-application-activity || 0 || ET ATTACK_RESPONSE r57 phpshell footer detected || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755 || url,doc.emergingthreats.net/bin/view/Main/2003535 1 || 2003536 || 9 || web-application-activity || 0 || ET ATTACK_RESPONSE r57 phpshell source being uploaded || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755 || url,doc.emergingthreats.net/bin/view/Main/2003536 1 || 2003537 || 6 || trojan-activity || 0 || ET TROJAN Trojan.Duntek establishing remote connection || url,www.symantec.com/security_response/writeup.jsp?docid=2006-102514-0554-99 || url,doc.emergingthreats.net/2003537 1 || 2003538 || 5 || trojan-activity || 0 || ET TROJAN Klom.A Connecting to Controller || url,www.bitdefender.com/VIRUS-1000126-en--Trojan.Klom.A.html || url,doc.emergingthreats.net/2003538 1 || 2003541 || 6 || trojan-activity || 0 || ET MALWARE Bravesentry.com Fake Antispyware Updating || url,www.bravesentry.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=BraveSentry&threatid=44152 || url,doc.emergingthreats.net/bin/view/Main/2003541 1 || 2003542 || 6 || trojan-activity || 0 || ET MALWARE Bravesentry.com/Protectwin.com Fake Antispyware Reporting || url,www.bravesentry.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=BraveSentry&threatid=44152 || url,doc.emergingthreats.net/bin/view/Main/2003542 1 || 2003543 || 6 || trojan-activity || 0 || ET MALWARE Winfixmaster.com Fake Anti-Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2003543 1 || 2003544 || 8 || trojan-activity || 0 || ET MALWARE Winfixmaster.com Fake Anti-Spyware User-Agent (WinFixMaster) || url,doc.emergingthreats.net/2003544 1 || 2003545 || 8 || trojan-activity || 0 || ET USER_AGENTS Winfixmaster.com Fake Anti-Spyware User-Agent 2 (WinFix Master) || url,doc.emergingthreats.net/2003545 1 || 2003546 || 11 || trojan-activity || 0 || ET DELETED Suspicious User-Agent (downloader) - Used by Winfixmaster.com Fake Anti-Spyware and Others || url,doc.emergingthreats.net/bin/view/Main/2003546 1 || 2003547 || 5 || trojan-activity || 0 || ET MALWARE Privacyprotector.com Fake Anti-Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2003547 1 || 2003548 || 5 || trojan-activity || 0 || ET MALWARE Privacyprotector.com Fake Anti-Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2003548 1 || 2003549 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.2 Initial Connection and Report || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003550 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.2 Get Processes || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003551 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.2 Kill Process Command || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003552 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.2 Reporting Socks Proxy Active || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003553 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.2 Reporting Socks Proxy Off || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003554 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.2 Client Ping Reply || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003555 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Initial Connection and Report || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003556 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Keepalive Send || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003557 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Keepalive Reply || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003558 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Create Registry Key Command Send || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003559 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Create Directory Command Send || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003560 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Window List Command Send || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003561 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Window List Reply || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003562 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Get Processes Command Send || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003563 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Start Socks5 Proxy Command Send || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003564 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Socks5 Proxy Start Command Reply || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003565 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Get Processes Command Reply || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook 1 || 2003566 || 12 || trojan-activity || 0 || ET MALWARE User-Agent (DIALER) || url,doc.emergingthreats.net/2003566 1 || 2003567 || 9 || trojan-activity || 0 || ET MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor) || url,doc.emergingthreats.net/2003567 1 || 2003568 || 4 || trojan-activity || 0 || ET DELETED Evidencenuker.com Fake AV Updating || url,www.evidencenuker.com || url,doc.emergingthreats.net/bin/view/Main/2003568 1 || 2003569 || 10 || trojan-activity || 0 || ET MALWARE Evidencenuker.com Fake AV/Anti-Spyware User-Agent (EVNUKER) || url,doc.emergingthreats.net/2003567 1 || 2003570 || 9 || trojan-activity || 0 || ET MALWARE CoolWebSearch Spyware User-Agent (iefeatsl) || url,www.applicationsignatures.com/backend/index.php || url,doc.emergingthreats.net/2003570 1 || 2003575 || 7 || trojan-activity || 0 || ET DELETED Gator/Clarian Spyware Posting Data || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999 || url,doc.emergingthreats.net/bin/view/Main/2003575 1 || 2003576 || 5 || trojan-activity || 0 || ET MALWARE Security-updater.com Spyware Posting Data || url,doc.emergingthreats.net/bin/view/Main/2003576 1 || 2003577 || 5 || trojan-activity || 0 || ET MALWARE Mirarsearch.com Spyware Posting Data || url,doc.emergingthreats.net/bin/view/Main/2003577 1 || 2003578 || 8 || trojan-activity || 0 || ET MALWARE Baidu.com Spyware Bar Pulling Data || url,www.pctools.com/mrc/infections/id/BaiDu/ || url,doc.emergingthreats.net/bin/view/Main/2003578 1 || 2003579 || 5 || trojan-activity || 0 || ET MALWARE Findwhat.com Spyware (clickthrough) || url,doc.emergingthreats.net/bin/view/Main/2003579 1 || 2003580 || 6 || trojan-activity || 0 || ET DELETED Findwhat.com Spyware (sendtracker) || url,doc.emergingthreats.net/bin/view/Main/2003580 1 || 2003581 || 5 || trojan-activity || 0 || ET MALWARE Findwhat.com Spyware (sendmedia) || url,doc.emergingthreats.net/bin/view/Main/2003581 1 || 2003582 || 9 || trojan-activity || 0 || ET MALWARE MalwareWiped.com Spyware User-Agent (MalwareWiped) || url,doc.emergingthreats.net/2003582 1 || 2003583 || 11 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (update) || url,doc.emergingthreats.net/2003583 1 || 2003584 || 9 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent (Updater) || url,doc.emergingthreats.net/2003584 1 || 2003585 || 12 || trojan-activity || 0 || ET MALWARE Trojan User-Agent (Windows Updates Manager) || url,doc.emergingthreats.net/2003585 1 || 2003586 || 12 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (WinXP Pro Service Pack 2) || url,doc.emergingthreats.net/2003586 1 || 2003588 || 10 || trojan-activity || 0 || ET MALWARE Worm.Pyks HTTP C&C Traffic User-Agent (skw00001) || url,doc.emergingthreats.net/2003588 1 || 2003590 || 8 || trojan-activity || 0 || ET TROJAN Downloader-5265/Torpig/Anserin/Sinowal Unique UA (MSID) || url,doc.emergingthreats.net/2003590 1 || 2003595 || 6 || policy-violation || 0 || ET POLICY exe download via HTTP - Informational || url,doc.emergingthreats.net/2003595 1 || 2003597 || 4 || policy-violation || 0 || ET POLICY Google Calendar in Use || url,www.computerworld.com.au/index.php?id=1687889918&eid=-255 || url,doc.emergingthreats.net/2003597 1 || 2003598 || 7 || trojan-activity || 0 || ET TROJAN Diazom Trojan User-Agent in Use (cv_v2.0.1) || url,ww.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-032316-0426-99&tabid=2 || url,doc.emergingthreats.net/2003598 1 || 2003603 || 5 || trojan-activity || 0 || ET TROJAN W32.Virut.A joining an IRC Channel || url,www.bitcrank.net || url,doc.emergingthreats.net/2003603 1 || 2003604 || 8 || trojan-activity || 0 || ET POLICY Baidu.com Agent User-Agent (Desktop Web System) || url,doc.emergingthreats.net/2003604 1 || 2003605 || 5 || trojan-activity || 0 || ET MALWARE Baidu.com Spyware Bar Activity || url,www.pctools.com/mrc/infections/id/BaiDu/ || url,doc.emergingthreats.net/bin/view/Main/2003605 1 || 2003606 || 5 || trojan-activity || 0 || ET MALWARE Alexa Spyware Reporting URL Visited || url,doc.emergingthreats.net/bin/view/Main/2003606 1 || 2003607 || 10 || trojan-activity || 0 || ET DELETED Cnzz.com/Baidu Related Spyware Stat Reporting || url,vil.nai.com/vil/content/v_140364.htm || url,doc.emergingthreats.net/bin/view/Main/2003607 1 || 2003608 || 12 || trojan-activity || 0 || ET POLICY Baidu.com Related Agent User-Agent (iexp) || url,doc.emergingthreats.net/2003608 1 || 2003610 || 4 || trojan-activity || 0 || ET MALWARE Zango Spyware (tbrequest data post) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003610 1 || 2003611 || 7 || trojan-activity || 0 || ET MALWARE Malwarealarm.com Fake AV/AntiSpyware Updating || url,sunbeltblog.blogspot.com/2007/04/another-fake-security-scam-site_9466.html || url,doc.emergingthreats.net/bin/view/Main/2003611 1 || 2003612 || 6 || trojan-activity || 0 || ET MALWARE Malwarealarm.com Fake AV/AntiSpyware Download || url,sunbeltblog.blogspot.com/2007/04/another-fake-security-scam-site_9466.html || url,doc.emergingthreats.net/bin/view/Main/2003612 1 || 2003613 || 10 || trojan-activity || 0 || ET MALWARE EELoader Malware Packages User-Agent (EELoader) || url,doc.emergingthreats.net/2003613 1 || 2003614 || 5 || bad-unknown || 0 || ET INFO WinUpack Modified PE Header Inbound || url,doc.emergingthreats.net/bin/view/Main/WinPEHeaders 1 || 2003615 || 6 || bad-unknown || 0 || ET INFO WinUpack Modified PE Header Outbound || url,doc.emergingthreats.net/bin/view/Main/WinPEHeaders 1 || 2003616 || 38 || web-application-activity || 0 || ET WEB_SERVER DataCha0s Web Scanner/Robot || url,www.internetofficer.com/web-robot/datacha0s.html || url,doc.emergingthreats.net/2003616 1 || 2003617 || 7 || trojan-activity || 0 || ET MALWARE MyWebSearch Toolbar Posting Activity Report || url,doc.emergingthreats.net/bin/view/Main/2003617 1 || 2003619 || 6 || trojan-activity || 0 || ET MALWARE Alexa Spyware Redirecting User || url,doc.emergingthreats.net/bin/view/Main/2003619 1 || 2003620 || 4 || trojan-activity || 0 || ET MALWARE 51yes.com Spyware Reporting User Activity || url,doc.emergingthreats.net/bin/view/Main/2003620 1 || 2003621 || 7 || trojan-activity || 0 || ET MALWARE MyWay Spyware Posting Activity Report - Dell Related || url,doc.emergingthreats.net/bin/view/Main/2003621 1 || 2003622 || 12 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent outbound (bot) || url,doc.emergingthreats.net/bin/view/Main/2003622 1 || 2003623 || 5 || policy-violation || 0 || ET POLICY Centralops.net Domain Dossier Utility Probe || url,centralops.net || url,doc.emergingthreats.net/bin/view/Main/2003623 1 || 2003625 || 9 || trojan-activity || 0 || ET MALWARE dns-look-up.com Spyware User-Agent (KRSystem) || url,doc.emergingthreats.net/2003625 1 || 2003626 || 10 || trojan-activity || 0 || ET MALWARE Double User-Agent (User-Agent User-Agent) || url,doc.emergingthreats.net/bin/view/Main/2003626 1 || 2003627 || 9 || trojan-activity || 0 || ET MALWARE Internet-optimizer.com Related Spyware User-Agent (SexTrackerWSI) || url,doc.emergingthreats.net/2003627 1 || 2003630 || 5 || trojan-activity || 0 || ET MALWARE Baidu.com Spyware Sobar Bar Activity || url,www.pctools.com/mrc/infections/id/BaiDu/ || url,doc.emergingthreats.net/bin/view/Main/2003630 1 || 2003631 || 6 || policy-violation || 0 || ET POLICY Centralops.net Probe || url,centralops.net || url,doc.emergingthreats.net/bin/view/Main/2003631 1 || 2003632 || 8 || trojan-activity || 0 || ET TROJAN Zlob User Agent - updating (internetsecurity) || url,secubox.aldria.com/topic-post1618.html#post1618 || url,doc.emergingthreats.net/2003632 1 || 2003634 || 8 || attempted-admin || 0 || ET SCAN Suspicious User-Agent - get-minimal - Possible Vuln Scan || url,doc.emergingthreats.net/2003634 1 || 2003635 || 6 || trojan-activity || 0 || ET TROJAN Generic Password Stealer User Agent Detected (RookIE) || url,doc.emergingthreats.net/2003635 1 || 2003636 || 9 || trojan-activity || 0 || ET MALWARE Sality Virus User Agent Detected (KUKU) || url,doc.emergingthreats.net/2003636 1 || 2003637 || 6 || trojan-activity || 0 || ET TROJAN Inject.BV Trojan User Agent Detected (faserx) || url,doc.emergingthreats.net/2003637 1 || 2003638 || 6 || trojan-activity || 0 || ET DELETED AV-Killer.Win32 User Agent Detected (p4r4z1t3v3.one14.J) || url,doc.emergingthreats.net/2003638 1 || 2003639 || 8 || trojan-activity || 0 || ET MALWARE Adload.Generic Spyware User-Agent (ProxyDown) || url,doc.emergingthreats.net/2003639 1 || 2003640 || 11 || trojan-activity || 0 || ET MALWARE Adload.Generic Spyware User-Agent (91castInstallKernel) || url,doc.emergingthreats.net/2003640 1 || 2003641 || 7 || trojan-activity || 0 || ET TROJAN Downloader.Small 5ser Agent Detected (NetScafe) || url,doc.emergingthreats.net/2003641 1 || 2003644 || 9 || trojan-activity || 0 || ET MALWARE Generic.Malware.dld User-Agent (Sickloader) || url,doc.emergingthreats.net/2003644 1 || 2003645 || 6 || trojan-activity || 0 || ET TROJAN Generic.Malware.SFL User-Agent (Rescue/9.11) || url,doc.emergingthreats.net/2003645 1 || 2003646 || 9 || trojan-activity || 0 || ET TROJAN Downloader.VB.TX/Backdoor.Win32.DSSdoor!IK Checkin || url,doc.emergingthreats.net/2003646 1 || 2003647 || 7 || trojan-activity || 0 || ET TROJAN Backdoor.Irc.MFV User Agent Detected (IRC-U) || url,doc.emergingthreats.net/2003647 1 || 2003648 || 8 || trojan-activity || 0 || ET TROJAN Clicker.BC User Agent Detected (linkrunner) || url,doc.emergingthreats.net/2003648 1 || 2003649 || 8 || trojan-activity || 0 || ET TROJAN Hupigon User Agent Detected (SykO) || url,doc.emergingthreats.net/2003649 1 || 2003650 || 6 || trojan-activity || 0 || ET TROJAN Dialer-715 Install Checkin || url,doc.emergingthreats.net/2003650 1 || 2003651 || 6 || trojan-activity || 0 || ET DELETED Sality Virus User Agent Detected (SPM_ID=) || url,doc.emergingthreats.net/2003651 1 || 2003652 || 9 || trojan-activity || 0 || ET MALWARE CoolStreaming Toolbar (Conduit related) User-Agent (Coolstreaming Tool-Bar) || url,doc.emergingthreats.net/2003652 1 || 2003653 || 7 || trojan-activity || 0 || ET POLICY Boitho.com Distributed Crawler in use - User-Agent (boitho.com-dc) || url,doc.emergingthreats.net/bin/view/Main/2003653 1 || 2003654 || 9 || trojan-activity || 0 || ET MALWARE Effectivebrands.com Spyware User-Agent (GTBank) || url,doc.emergingthreats.net/2003654 1 || 2003655 || 9 || trojan-activity || 0 || ET MALWARE Trafficadvance.net Spyware User-Agent (Internet 1.0) || url,doc.emergingthreats.net/2003655 1 || 2003656 || 10 || trojan-activity || 0 || ET MALWARE debelizombi.com (Rizo) related Spyware User-Agent (mc_v1.2.6) || url,www.f-secure.com/v-descs/rizo.shtml || url,doc.emergingthreats.net/2003656 1 || 2003657 || 15 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (MSIE) || url,doc.emergingthreats.net/bin/view/Main/2003657 1 || 2003658 || 8 || trojan-activity || 0 || ET MALWARE qq.com related Spyware User-Agent (QQGame) || url,doc.emergingthreats.net/2003658 1 || 2003660 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt - Headerfile.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003660 1 || 2003661 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- latest_files.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003661 1 || 2003662 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- latest_posts.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003662 1 || 2003663 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- groups_headerfile.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003663 1 || 2003664 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- filters_headerfile.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003664 1 || 2003665 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- links.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003665 1 || 2003666 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- menu_headerfile.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003666 1 || 2003667 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- latest_news.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003667 1 || 2003668 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- settings_headerfile.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003668 1 || 2003669 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TopTree Remote Inclusion Attempt -- tpl_message.php right_file || cve,CVE-2007-2544 || url,www.milw0rm.com/exploits/3854 || url,doc.emergingthreats.net/2003669 1 || 2003670 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Workbench Survival Guide Remote Inclusion Attempt -- headerfile.php path || cve,CVE-2007-2542 || url,www.milw0rm.com/exploits/3848 || url,doc.emergingthreats.net/2003670 1 || 2003671 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Versado CMS Remote Inclusion Attempt -- ajax_listado.php urlModulo || cve,CVE-2007-2541 || url,www.milw0rm.com/exploits/3847 || url,doc.emergingthreats.net/2003671 1 || 2003672 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt -- mod_image_index.php config pathMod || cve,CVE-2007-2540 || url,www.milw0rm.com/exploits/3852 || url,doc.emergingthreats.net/2003672 1 || 2003673 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt -- mod_liens_index.php config pathMod || cve,CVE-2007-2540 || url,www.milw0rm.com/exploits/3852 || url,doc.emergingthreats.net/2003673 1 || 2003674 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt -- mod_liste_index.php config pathMod || cve,CVE-2007-2540 || url,www.milw0rm.com/exploits/3852 || url,doc.emergingthreats.net/2003674 1 || 2003675 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt -- mod_special_index.php config pathMod || cve,CVE-2007-2540 || url,www.milw0rm.com/exploits/3852 || url,doc.emergingthreats.net/2003675 1 || 2003676 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt -- mod_texte_index.php config pathMod || cve,CVE-2007-2540 || url,www.milw0rm.com/exploits/3852 || url,doc.emergingthreats.net/2003676 1 || 2003677 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Berylium2 Remote Inclusion Attempt -- berylium-classes.php beryliumroot || cve,CVE-2007-2531 || url,www.milw0rm.com/exploits/3869 || url,doc.emergingthreats.net/2003677 1 || 2003678 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tropicalm Remote Inclusion Attempt -- dosearch.php RESPATH || cve,CVE-2007-2530 || url,www.milw0rm.com/exploits/3865 || url,doc.emergingthreats.net/2003678 1 || 2003679 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DynamicPAD Remote Inclusion Attempt -- dp_logs.php HomeDir || cve,CVE-2007-2527 || url,milw0rm.com/exploits/3868 || url,doc.emergingthreats.net/2003679 1 || 2003680 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DynamicPAD Remote Inclusion Attempt -- index.php HomeDir || cve,CVE-2007-2527 || url,milw0rm.com/exploits/3868 || url,doc.emergingthreats.net/2003680 1 || 2003681 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- users_headerfile.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003681 1 || 2003682 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Gads Remote Inclusion Attempt -- common.php locale || cve,CVE-2007-2521 || url,www.milw0rm.com/exploits/3846 || url,doc.emergingthreats.net/2003682 1 || 2003683 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Turbulence Remote Inclusion Attempt -- turbulence.php GLOBALS tcore || cve,CVE-2007-2504 || url,www.securityfocus.com/bid/23580 || url,doc.emergingthreats.net/2003683 1 || 2003684 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MXBB Remote Inclusion Attempt -- faq.php module_root_path || cve,CVE-2007-2493 || url,www.milw0rm.com/exploits/3833 || url,doc.emergingthreats.net/2003684 1 || 2003685 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Remote Inclusion Attempt -- wptable-button.php wpPATH || cve,CVE-2007-2484 || url,www.milw0rm.com/exploits/3824 || url,doc.emergingthreats.net/2003685 1 || 2003686 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Remote Inclusion Attempt -- wordtube-button.php wpPATH || cve,CVE-2007-2481 || url,www.milw0rm.com/exploits/3825 || url,doc.emergingthreats.net/2003686 1 || 2003687 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TurnKeyWebTools Remote Inclusion Attempt -- payflow_pro.php abs_path || cve,CVE-2007-2474 || url,www.securityfocus.com/bid/23662 || url,doc.emergingthreats.net/2003687 1 || 2003688 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TurnKeyWebTools Remote Inclusion Attempt -- global.php abs_path || cve,CVE-2007-2474 || url,www.securityfocus.com/bid/23662 || url,doc.emergingthreats.net/2003688 1 || 2003689 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TurnKeyWebTools Remote Inclusion Attempt -- libsecure.php abs_path || cve,CVE-2007-2474 || url,www.securityfocus.com/bid/23662 || url,doc.emergingthreats.net/2003689 1 || 2003690 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Firefly Remote Inclusion Attempt -- config.php DOCUMENT_ROOT || cve,CVE-2007-2460 || url,www.frsirt.com/english/advisories/2007/1554 || url,doc.emergingthreats.net/2003690 1 || 2003691 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pixaria Gallery Remote Inclusion Attempt -- psg.smarty.lib.php cfg sys base_path || cve,CVE-2007-2458 || url,www.frsirt.com/english/advisories/2007/1390 || url,doc.emergingthreats.net/2003691 1 || 2003692 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VM Watermark Remote Inclusion Attempt -- watermark.php GALLERY_BASEDIR || cve,CVE-2007-2575 || url,www.milw0rm.com/exploits/3857 || url,doc.emergingthreats.net/2003692 1 || 2003693 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPtree Remote Inclusion Attempt -- cms2.php s_dir || cve,CVE-2007-2573 || url,www.milw0rm.com/exploits/3860 || url,doc.emergingthreats.net/2003693 1 || 2003694 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NoAH Remote Inclusion Attempt -- mfa_theme.php tpls || cve,CVE-2007-2572 || url,www.milw0rm.com/exploits/3861 || url,doc.emergingthreats.net/2003694 1 || 2003696 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wikivi5 Remote Inclusion Attempt -- show.php sous_rep || cve,CVE-2007-2570 || url,www.milw0rm.com/exploits/3863 || url,doc.emergingthreats.net/2003696 1 || 2003698 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfa CMS Remote Inclusion index.php abs_path || cve,CVE-2007-2559 || url,www.securityfocus.com/archive/1/archive/1/467840/100/0/threaded || url,doc.emergingthreats.net/2003698 1 || 2003699 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfa CMS Remote Inclusion checkout.php abs_path || cve,CVE-2007-2559 || url,www.securityfocus.com/archive/1/archive/1/467840/100/0/threaded || url,doc.emergingthreats.net/2003699 1 || 2003700 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfa CMS Remote Inclusion libsecure.php abs_path || cve,CVE-2007-2559 || url,www.securityfocus.com/archive/1/archive/1/467840/100/0/threaded || url,doc.emergingthreats.net/2003700 1 || 2003701 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfa CMS Remote Inclusion index.php repinc || cve,CVE-2007-2558 || url,www.securityfocus.com/archive/1/archive/1/467827/100/0/threaded || url,doc.emergingthreats.net/2003701 1 || 2003702 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pixaria Gallery Remote Inclusion class.Smarty.php cfg sys base_path || cve,CVE-2007-2457 || url,www.milw0rm.com/exploits/3733 || url,doc.emergingthreats.net/2003702 1 || 2003703 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMyPortal Remote Inclusion Attempt -- articles.inc.php GLOBALS CHEMINMODULES || cve,CVE-2007-2594 || url,www.milw0rm.com/exploits/3879 || url,doc.emergingthreats.net/2003703 1 || 2003704 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AForum Remote Inclusion func.php CommonAbsDir || cve,CVE-2007-2596 || url,www.milw0rm.com/exploits/3884 || url,doc.emergingthreats.net/2003704 1 || 2003705 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion site_conf.php ordnertiefe || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003705 1 || 2003706 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion class.csv.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003706 1 || 2003707 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion produkte_nach_serie.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003707 1 || 2003708 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion ref_kd_rubrik.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003708 1 || 2003709 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion hg_referenz_jobgalerie.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003709 1 || 2003710 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion surfer_anmeldung_NWL.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003710 1 || 2003711 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion produkte_nach_serie_alle.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003711 1 || 2003712 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion surfer_aendern.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003712 1 || 2003713 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion referenz.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003713 1 || 2003714 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion lay.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003714 1 || 2003715 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion ref_kd_rubrik.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003715 1 || 2003716 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LaVague Remote Inclusion Attempt -- printbar.php views_path || cve,CVE-2007-2607 || url,www.exploit-db.com/exploits/3870/ || url,doc.emergingthreats.net/2003716 1 || 2003717 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS miplex2 Remote Inclusion SmartyFU.class.php system || cve,CVE-2007-2608 || url,www.milw0rm.com/exploits/3878 || url,doc.emergingthreats.net/2003717 1 || 2003718 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- lom.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003718 1 || 2003719 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- lom_update.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003719 1 || 2003720 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- check-lom.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003720 1 || 2003721 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- weigh_keywords.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003721 1 || 2003722 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- logout.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003722 1 || 2003723 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- help.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003723 1 || 2003724 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- index.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003724 1 || 2003725 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- login.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003725 1 || 2003726 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CGX Remote Inclusion Attempt -- mtdialogo.php pathCGX || cve,CVE-2007-2611 || url,www.milw0rm.com/exploits/3874 || url,doc.emergingthreats.net/2003726 1 || 2003727 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CGX Remote Inclusion Attempt -- ltdialogo.php pathCGX || cve,CVE-2007-2611 || url,www.milw0rm.com/exploits/3874 || url,doc.emergingthreats.net/2003727 1 || 2003728 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CGX Remote Inclusion Attempt -- logingecon.php pathCGX || cve,CVE-2007-2611 || url,www.milw0rm.com/exploits/3874 || url,doc.emergingthreats.net/2003728 1 || 2003729 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CGX Remote Inclusion Attempt -- login.php pathCGX || cve,CVE-2007-2611 || url,www.milw0rm.com/exploits/3874 || url,doc.emergingthreats.net/2003729 1 || 2003730 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPHtmlLib Remote Inclusion Attempt -- widget8.php phphtmllib || cve,CVE-2007-2614 || url,www.securityfocus.com/archive/1/archive/1/467837/100/0/threaded || url,doc.emergingthreats.net/2003730 1 || 2003731 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPLojaFacil Remote Inclusion Attempt -- ftp.php path_local || cve,CVE-2007-2615 || url,www.milw0rm.com/exploits/3875 || url,doc.emergingthreats.net/2003731 1 || 2003732 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPLojaFacil Remote Inclusion Attempt -- db.php path_local || cve,CVE-2007-2615 || url,www.milw0rm.com/exploits/3875 || url,doc.emergingthreats.net/2003732 1 || 2003733 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPLojaFacil Remote Inclusion Attempt -- libs_ftp.php path_local || cve,CVE-2007-2615 || url,www.milw0rm.com/exploits/3875 || url,doc.emergingthreats.net/2003733 1 || 2003735 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPSecurityAdmin Remote Inclusion Attempt -- logout.php PSA_PATH || cve,CVE-2007-2628 || url,www.securityfocus.com/bid/23801 || url,doc.emergingthreats.net/2003735 1 || 2003736 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AForum Remote Inclusion Attempt -- errormsg.php header || cve,CVE-2007-2634 || url,secunia.com/advisories/25224 || url,doc.emergingthreats.net/2003736 1 || 2003737 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CJG Explorer Remote Inclusion Attempt -- pcltrace.lib.php g_pcltar_lib_dir || cve,CVE-2007-2660 || url,www.milw0rm.com/exploits/3915 || url,doc.emergingthreats.net/2003737 1 || 2003738 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Beacon Remote Inclusion Attempt -- splash.lang.php languagePath || cve,CVE-2007-2663 || url,www.milw0rm.com/exploits/3909 || url,doc.emergingthreats.net/2003738 1 || 2003739 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Yaap Remote Inclusion Attempt -- common.php root_path || cve,CVE-2007-2664 || url,www.milw0rm.com/exploits/3908 || url,doc.emergingthreats.net/2003739 1 || 2003740 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPFirstPost Remote Inclusion Attempt block.php Include || cve,CVE-2007-2665 || url,www.milw0rm.com/exploits/3906 || url,doc.emergingthreats.net/2003740 1 || 2003741 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Open Translation Engine Remote Inclusion Attempt -- header.php ote_home || cve,CVE-2007-2676 || url,www.milw0rm.com/exploits/3838 || url,doc.emergingthreats.net/2003741 1 || 2003742 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPChess Remote Inclusion Attempt -- language.php config || cve,CVE-2007-2677 || url,www.milw0rm.com/exploits/3837 || url,doc.emergingthreats.net/2003742 1 || 2003743 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPChess Remote Inclusion Attempt -- layout_admin_cfg.php Root_Path || cve,CVE-2007-2677 || url,www.milw0rm.com/exploits/3837 || url,doc.emergingthreats.net/2003743 1 || 2003744 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPChess Remote Inclusion Attempt -- layout_cfg.php Root_Path || cve,CVE-2007-2677 || url,www.milw0rm.com/exploits/3837 || url,doc.emergingthreats.net/2003744 1 || 2003745 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPChess Remote Inclusion Attempt -- layout_t_top.php Root_Path || cve,CVE-2007-2677 || url,www.milw0rm.com/exploits/3837 || url,doc.emergingthreats.net/2003745 1 || 2003746 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Script Gallery Remote Inclusion index.php gallery || cve,CVE-2007-2679 || url,www.securityfocus.com/bid/23534 || url,doc.emergingthreats.net/2003746 1 || 2003747 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- lom.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003747 1 || 2003749 || 8 || trojan-activity || 0 || ET USER_AGENTS QQHelper related Spyware User-Agent (H) || url,doc.emergingthreats.net/2003749 1 || 2003750 || 4 || attempted-dos || 0 || ET EXPLOIT CA Brightstor ARCServe caloggerd DoS || url,www.milw0rm.com/exploits/3939 || url,doc.emergingthreats.net/bin/view/Main/2003750 1 || 2003751 || 4 || attempted-dos || 0 || ET EXPLOIT CA Brightstor ARCServe Mediasvr DoS || url, www.milw0rm.com/exploits/3940 || url,doc.emergingthreats.net/bin/view/Main/2003751 1 || 2003752 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id SELECT || cve,CVE-2007-2342 || url,www.milw0rm.com/exploits/3767 || url,doc.emergingthreats.net/2003752 1 || 2003753 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id UNION SELECT || cve,CVE-2007-2342 || url,www.milw0rm.com/exploits/3767 || url,doc.emergingthreats.net/2003753 1 || 2003754 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id INSERT || cve,CVE-2007-2342 || url,www.milw0rm.com/exploits/3767 || url,doc.emergingthreats.net/2003754 1 || 2003755 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id DELETE || cve,CVE-2007-2342 || url,www.milw0rm.com/exploits/3767 || url,doc.emergingthreats.net/2003755 1 || 2003756 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id ASCII || cve,CVE-2007-2342 || url,www.milw0rm.com/exploits/3767 || url,doc.emergingthreats.net/2003756 1 || 2003757 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id UPDATE || cve,CVE-2007-2342 || url,www.milw0rm.com/exploits/3767 || url,doc.emergingthreats.net/2003757 1 || 2003758 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt -- index.php cid SELECT || cve,CVE-2007-2370 || url,www.milw0rm.com/exploits/3672 || url,doc.emergingthreats.net/2003758 1 || 2003759 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt -- index.php cid UNION SELECT || cve,CVE-2007-2370 || url,www.milw0rm.com/exploits/3672 || url,doc.emergingthreats.net/2003759 1 || 2003760 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt -- index.php cid INSERT || cve,CVE-2007-2370 || url,www.milw0rm.com/exploits/3672 || url,doc.emergingthreats.net/2003760 1 || 2003761 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt -- index.php cid DELETE || cve,CVE-2007-2370 || url,www.milw0rm.com/exploits/3672 || url,doc.emergingthreats.net/2003761 1 || 2003762 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt -- index.php cid ASCII || cve,CVE-2007-2370 || url,www.milw0rm.com/exploits/3672 || url,doc.emergingthreats.net/2003762 1 || 2003763 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt -- index.php cid UPDATE || cve,CVE-2007-2370 || url,www.milw0rm.com/exploits/3672 || url,doc.emergingthreats.net/2003763 1 || 2003764 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid SELECT || cve,CVE-2007-2373 || url,www.milw0rm.com/exploits/3670 || url,doc.emergingthreats.net/2003764 1 || 2003765 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid UNION SELECT || cve,CVE-2007-2373 || url,www.milw0rm.com/exploits/3670 || url,doc.emergingthreats.net/2003765 1 || 2003766 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid INSERT || cve,CVE-2007-2373 || url,www.milw0rm.com/exploits/3670 || url,doc.emergingthreats.net/2003766 1 || 2003767 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid DELETE || cve,CVE-2007-2373 || url,www.milw0rm.com/exploits/3670 || url,doc.emergingthreats.net/2003767 1 || 2003768 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid ASCII || cve,CVE-2007-2373 || url,www.milw0rm.com/exploits/3670 || url,doc.emergingthreats.net/2003768 1 || 2003769 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid UPDATE || cve,CVE-2007-2373 || url,www.milw0rm.com/exploits/3670 || url,doc.emergingthreats.net/2003769 1 || 2003770 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt -- home.php a SELECT || cve,CVE-2007-2416 || url,www.securityfocus.com/bid/23727 || url,doc.emergingthreats.net/2003770 1 || 2003771 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt -- home.php a UNION SELECT || cve,CVE-2007-2416 || url,www.securityfocus.com/bid/23727 || url,doc.emergingthreats.net/2003771 1 || 2003772 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt -- home.php a INSERT || cve,CVE-2007-2416 || url,www.securityfocus.com/bid/23727 || url,doc.emergingthreats.net/2003772 1 || 2003773 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt -- home.php a DELETE || cve,CVE-2007-2416 || url,www.securityfocus.com/bid/23727 || url,doc.emergingthreats.net/2003773 1 || 2003774 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt -- home.php a ASCII || cve,CVE-2007-2416 || url,www.securityfocus.com/bid/23727 || url,doc.emergingthreats.net/2003774 1 || 2003775 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt -- home.php a UPDATE || cve,CVE-2007-2416 || url,www.securityfocus.com/bid/23727 || url,doc.emergingthreats.net/2003775 1 || 2003776 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id SELECT || cve,CVE-2007-2420 || url,www.securityfocus.com/bid/23678 || url,doc.emergingthreats.net/2003776 1 || 2003777 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id UNION SELECT || cve,CVE-2007-2420 || url,www.securityfocus.com/bid/23678 || url,doc.emergingthreats.net/2003777 1 || 2003778 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id INSERT || cve,CVE-2007-2420 || url,www.securityfocus.com/bid/23678 || url,doc.emergingthreats.net/2003778 1 || 2003779 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id DELETE || cve,CVE-2007-2420 || url,www.securityfocus.com/bid/23678 || url,doc.emergingthreats.net/2003779 1 || 2003780 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id ASCII || cve,CVE-2007-2420 || url,www.securityfocus.com/bid/23678 || url,doc.emergingthreats.net/2003780 1 || 2003781 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id UPDATE || cve,CVE-2007-2420 || url,www.securityfocus.com/bid/23678 || url,doc.emergingthreats.net/2003781 1 || 2003782 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pnFlashGames SQL Injection Attempt -- index.php cid SELECT || cve,CVE-2007-2427 || url,www.milw0rm.com/exploits/3813 || url,doc.emergingthreats.net/2003782 1 || 2003783 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pnFlashGames SQL Injection Attempt -- index.php cid UNION SELECT || cve,CVE-2007-2427 || url,www.milw0rm.com/exploits/3813 || url,doc.emergingthreats.net/2003783 1 || 2003784 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pnFlashGames SQL Injection Attempt -- index.php cid INSERT || cve,CVE-2007-2427 || url,www.milw0rm.com/exploits/3813 || url,doc.emergingthreats.net/2003784 1 || 2003785 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pnFlashGames SQL Injection Attempt -- index.php cid DELETE || cve,CVE-2007-2427 || url,www.milw0rm.com/exploits/3813 || url,doc.emergingthreats.net/2003785 1 || 2003786 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pnFlashGames SQL Injection Attempt -- index.php cid ASCII || cve,CVE-2007-2427 || url,www.milw0rm.com/exploits/3813 || url,doc.emergingthreats.net/2003786 1 || 2003787 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pnFlashGames SQL Injection Attempt -- index.php cid UPDATE || cve,CVE-2007-2427 || url,www.milw0rm.com/exploits/3813 || url,doc.emergingthreats.net/2003787 1 || 2003788 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt -- index.php fid SELECT || cve,CVE-2007-2469 || url,www.securityfocus.com/bid/23752 || url,doc.emergingthreats.net/2003788 1 || 2003789 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt -- index.php fid UNION SELECT || cve,CVE-2007-2469 || url,www.securityfocus.com/bid/23752 || url,doc.emergingthreats.net/2003789 1 || 2003790 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt -- index.php fid INSERT || cve,CVE-2007-2469 || url,www.securityfocus.com/bid/23752 || url,doc.emergingthreats.net/2003790 1 || 2003791 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt -- index.php fid DELETE || cve,CVE-2007-2469 || url,www.securityfocus.com/bid/23752 || url,doc.emergingthreats.net/2003791 1 || 2003792 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt -- index.php fid ASCII || cve,CVE-2007-2469 || url,www.securityfocus.com/bid/23752 || url,doc.emergingthreats.net/2003792 1 || 2003793 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt -- index.php fid UPDATE || cve,CVE-2007-2469 || url,www.securityfocus.com/bid/23752 || url,doc.emergingthreats.net/2003793 1 || 2003794 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid SELECT || cve,CVE-2007-2473 || url,www.securityfocus.com/bid/23753 || url,doc.emergingthreats.net/2003794 1 || 2003795 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid UNION SELECT || cve,CVE-2007-2473 || url,www.securityfocus.com/bid/23753 || url,doc.emergingthreats.net/2003795 1 || 2003796 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid INSERT || cve,CVE-2007-2473 || url,www.securityfocus.com/bid/23753 || url,doc.emergingthreats.net/2003796 1 || 2003797 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid ASCII || cve,CVE-2007-2473 || url,www.securityfocus.com/bid/23753 || url,doc.emergingthreats.net/2003797 1 || 2003798 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid UPDATE || cve,CVE-2007-2473 || url,www.securityfocus.com/bid/23753 || url,doc.emergingthreats.net/2003798 1 || 2003805 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER SELECT || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003805 1 || 2003806 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER UNION SELECT || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003806 1 || 2003807 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER INSERT || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003807 1 || 2003808 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER DELETE || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003808 1 || 2003809 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER ASCII || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003809 1 || 2003810 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER UPDATE || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003810 1 || 2003811 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS SELECT || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003811 1 || 2003812 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS UNION SELECT || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003812 1 || 2003813 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS INSERT || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003813 1 || 2003814 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS DELETE || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003814 1 || 2003815 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS ASCII || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003815 1 || 2003816 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS UPDATE || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003816 1 || 2003817 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunCms SQL Injection Attempt -- debug_show.php executed_queries SELECT || cve,CVE-2007-2538 || url,www.milw0rm.com/exploits/3850 || url,doc.emergingthreats.net/2003817 1 || 2003818 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunCms SQL Injection Attempt -- debug_show.php executed_queries UNION SELECT || cve,CVE-2007-2538 || url,www.milw0rm.com/exploits/3850 || url,doc.emergingthreats.net/2003818 1 || 2003819 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunCms SQL Injection Attempt -- debug_show.php executed_queries INSERT || cve,CVE-2007-2538 || url,www.milw0rm.com/exploits/3850 || url,doc.emergingthreats.net/2003819 1 || 2003820 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunCms SQL Injection Attempt -- debug_show.php executed_queries DELETE || cve,CVE-2007-2538 || url,www.milw0rm.com/exploits/3850 || url,doc.emergingthreats.net/2003820 1 || 2003821 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunCms SQL Injection Attempt -- debug_show.php executed_queries ASCII || cve,CVE-2007-2538 || url,www.milw0rm.com/exploits/3850 || url,doc.emergingthreats.net/2003821 1 || 2003822 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunCms SQL Injection Attempt -- debug_show.php executed_queries UPDATE || cve,CVE-2007-2538 || url,www.milw0rm.com/exploits/3850 || url,doc.emergingthreats.net/2003822 1 || 2003823 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt -- game.php lid SELECT || cve,CVE-2007-2543 || url,www.milw0rm.com/exploits/3849 || url,doc.emergingthreats.net/2003823 1 || 2003824 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt -- game.php lid UNION SELECT || cve,CVE-2007-2543 || url,www.milw0rm.com/exploits/3849 || url,doc.emergingthreats.net/2003824 1 || 2003825 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt -- game.php lid INSERT || cve,CVE-2007-2543 || url,www.milw0rm.com/exploits/3849 || url,doc.emergingthreats.net/2003825 1 || 2003826 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt -- game.php lid DELETE || cve,CVE-2007-2543 || url,www.milw0rm.com/exploits/3849 || url,doc.emergingthreats.net/2003826 1 || 2003827 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt -- game.php lid ASCII || cve,CVE-2007-2543 || url,www.milw0rm.com/exploits/3849 || url,doc.emergingthreats.net/2003827 1 || 2003828 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt -- game.php lid UPDATE || cve,CVE-2007-2543 || url,www.milw0rm.com/exploits/3849 || url,doc.emergingthreats.net/2003828 1 || 2003829 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ResManager SQL Injection Attempt -- edit_day.php id_reserv SELECT || cve,CVE-2007-2735 || url,www.milw0rm.com/exploits/3931 || url,doc.emergingthreats.net/2003829 1 || 2003830 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ResManager SQL Injection Attempt -- edit_day.php id_reserv UNION SELECT || cve,CVE-2007-2735 || url,www.milw0rm.com/exploits/3931 || url,doc.emergingthreats.net/2003830 1 || 2003831 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ResManager SQL Injection Attempt -- edit_day.php id_reserv INSERT || cve,CVE-2007-2735 || url,www.milw0rm.com/exploits/3931 || url,doc.emergingthreats.net/2003831 1 || 2003832 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ResManager SQL Injection Attempt -- edit_day.php id_reserv DELETE || cve,CVE-2007-2735 || url,www.milw0rm.com/exploits/3931 || url,doc.emergingthreats.net/2003832 1 || 2003833 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ResManager SQL Injection Attempt -- edit_day.php id_reserv ASCII || cve,CVE-2007-2735 || url,www.milw0rm.com/exploits/3931 || url,doc.emergingthreats.net/2003833 1 || 2003834 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ResManager SQL Injection Attempt -- edit_day.php id_reserv UPDATE || cve,CVE-2007-2735 || url,www.milw0rm.com/exploits/3931 || url,doc.emergingthreats.net/2003834 1 || 2003835 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt -- index.php cid SELECT || cve,CVE-2007-2737 || url,www.frsirt.com/english/advisories/2007/1830 || url,doc.emergingthreats.net/2003835 1 || 2003836 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt -- index.php cid UNION SELECT || cve,CVE-2007-2737 || url,www.frsirt.com/english/advisories/2007/1830 || url,doc.emergingthreats.net/2003836 1 || 2003837 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt -- index.php cid INSERT || cve,CVE-2007-2737 || url,www.frsirt.com/english/advisories/2007/1830 || url,doc.emergingthreats.net/2003837 1 || 2003838 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt -- index.php cid DELETE || cve,CVE-2007-2737 || url,www.frsirt.com/english/advisories/2007/1830 || url,doc.emergingthreats.net/2003838 1 || 2003839 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt -- index.php cid ASCII || cve,CVE-2007-2737 || url,www.frsirt.com/english/advisories/2007/1830 || url,doc.emergingthreats.net/2003839 1 || 2003840 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt -- index.php cid UPDATE || cve,CVE-2007-2737 || url,www.frsirt.com/english/advisories/2007/1830 || url,doc.emergingthreats.net/2003840 1 || 2003841 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt -- glossaire-p-f.php sid UNION SELECT || cve,CVE-2007-2738 || url,www.milw0rm.com/exploits/3932 || url,doc.emergingthreats.net/2003841 1 || 2003842 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt -- glossaire-p-f.php sid INSERT || cve,CVE-2007-2738 || url,www.milw0rm.com/exploits/3932 || url,doc.emergingthreats.net/2003842 1 || 2003843 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt -- glossaire-p-f.php sid DELETE || cve,CVE-2007-2738 || url,www.milw0rm.com/exploits/3932 || url,doc.emergingthreats.net/2003843 1 || 2003844 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt -- glossaire-p-f.php sid ASCII || cve,CVE-2007-2738 || url,www.milw0rm.com/exploits/3932 || url,doc.emergingthreats.net/2003844 1 || 2003845 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt -- glossaire-p-f.php sid UPDATE || cve,CVE-2007-2738 || url,www.milw0rm.com/exploits/3932 || url,doc.emergingthreats.net/2003845 1 || 2003846 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt -- question.php questionref SELECT || cve,CVE-2007-2749 || url,www.milw0rm.com/exploits/3943 || url,doc.emergingthreats.net/2003846 1 || 2003847 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt -- question.php questionref UNION SELECT || cve,CVE-2007-2749 || url,www.milw0rm.com/exploits/3943 || url,doc.emergingthreats.net/2003847 1 || 2003848 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt -- question.php questionref INSERT || cve,CVE-2007-2749 || url,www.milw0rm.com/exploits/3943 || url,doc.emergingthreats.net/2003848 1 || 2003849 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt -- question.php questionref DELETE || cve,CVE-2007-2749 || url,www.milw0rm.com/exploits/3943 || url,doc.emergingthreats.net/2003849 1 || 2003850 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt -- question.php questionref ASCII || cve,CVE-2007-2749 || url,www.milw0rm.com/exploits/3943 || url,doc.emergingthreats.net/2003850 1 || 2003851 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt -- question.php questionref UPDATE || cve,CVE-2007-2749 || url,www.milw0rm.com/exploits/3943 || url,doc.emergingthreats.net/2003851 1 || 2003852 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpNews SQL Injection Attempt -- print.php newsnr SELECT || cve,CVE-2007-2750 || url,www.milw0rm.com/exploits/3942 || url,doc.emergingthreats.net/2003852 1 || 2003853 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpNews SQL Injection Attempt -- print.php newsnr UNION SELECT || cve,CVE-2007-2750 || url,www.milw0rm.com/exploits/3942 || url,doc.emergingthreats.net/2003853 1 || 2003854 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpNews SQL Injection Attempt -- print.php newsnr INSERT || cve,CVE-2007-2750 || url,www.milw0rm.com/exploits/3942 || url,doc.emergingthreats.net/2003854 1 || 2003855 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpNews SQL Injection Attempt -- print.php newsnr DELETE || cve,CVE-2007-2750 || url,www.milw0rm.com/exploits/3942 || url,doc.emergingthreats.net/2003855 1 || 2003856 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpNews SQL Injection Attempt -- print.php newsnr ASCII || cve,CVE-2007-2750 || url,www.milw0rm.com/exploits/3942 || url,doc.emergingthreats.net/2003856 1 || 2003857 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpNews SQL Injection Attempt -- print.php newsnr UPDATE || cve,CVE-2007-2750 || url,www.milw0rm.com/exploits/3942 || url,doc.emergingthreats.net/2003857 1 || 2003858 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id SELECT || cve,CVE-2007-2752 || url,www.milw0rm.com/exploits/3936 || url,doc.emergingthreats.net/2003858 1 || 2003859 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id UNION SELECT || cve,CVE-2007-2752 || url,www.milw0rm.com/exploits/3936 || url,doc.emergingthreats.net/2003859 1 || 2003860 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id INSERT || cve,CVE-2007-2752 || url,www.milw0rm.com/exploits/3936 || url,doc.emergingthreats.net/2003860 1 || 2003861 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id DELETE || cve,CVE-2007-2752 || url,www.milw0rm.com/exploits/3936 || url,doc.emergingthreats.net/2003861 1 || 2003862 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id ASCII || cve,CVE-2007-2752 || url,www.milw0rm.com/exploits/3936 || url,doc.emergingthreats.net/2003862 1 || 2003863 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id UPDATE || cve,CVE-2007-2752 || url,www.milw0rm.com/exploits/3936 || url,doc.emergingthreats.net/2003863 1 || 2003864 || 4 || misc-activity || 0 || ET POLICY Outbound SMTP on port 587 || url,doc.emergingthreats.net/2003864 1 || 2003865 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid DELETE || cve,CVE-2007-2473 || url,www.securityfocus.com/bid/23753 || url,doc.emergingthreats.net/2003865 1 || 2003866 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt -- glossaire-p-f.php sid SELECT || cve,CVE-2007-2738 || url,www.milw0rm.com/exploits/3932 || url,doc.emergingthreats.net/2003866 1 || 2003867 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion 3_lay.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003867 1 || 2003869 || 7 || misc-attack || 0 || ET SCAN ProxyReconBot CONNECT method to Mail || url,doc.emergingthreats.net/2003869 1 || 2003870 || 7 || misc-attack || 0 || ET SCAN ProxyReconBot POST method to Mail || url,doc.emergingthreats.net/2003870 1 || 2003871 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ripe Website Manager XSS Attempt -- index.php ripeformpost || cve,CVE-2007-2206 || url,www.securityfocus.com/bid/23597 || url,doc.emergingthreats.net/2003871 1 || 2003872 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Redoable XSS Attempt -- searchloop.php s || cve,CVE-2007-2757 || url,www.securityfocus.com/archive/1/archive/1/468892/100/0/threaded || url,doc.emergingthreats.net/2003872 1 || 2003873 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Redoable XSS Attempt -- header.php s || cve,CVE-2007-2757 || url,www.securityfocus.com/archive/1/archive/1/468892/100/0/threaded || url,doc.emergingthreats.net/2003873 1 || 2003874 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vDesk Webmail XSS Attempt -- printcal.pl || cve,CVE-2007-2745 || url,www.securityfocus.com/bid/24022 || url,doc.emergingthreats.net/2003874 1 || 2003875 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fotolog XSS Attempt -- all_photos.html user || cve,CVE-2007-2724 || url,www.securityfocus.com/archive/1/archive/1/468316/100/0/threaded || url,doc.emergingthreats.net/2003875 1 || 2003876 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp XSS Attempt -- listmembers.php show || cve,CVE-2007-2716 || url,www.securityfocus.com/bid/23951 || url,doc.emergingthreats.net/2003876 1 || 2003877 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp XSS Attempt -- stats.php show || cve,CVE-2007-2716 || url,www.securityfocus.com/bid/23951 || url,doc.emergingthreats.net/2003877 1 || 2003878 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Open Translation Engine (OTE) XSS Attempt -- header.php ote_home || cve,CVE-2007-2676 || url,www.milw0rm.com/exploits/3838 || url,doc.emergingthreats.net/2003878 1 || 2003879 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPChain XSS Attempt -- settings.php catid || cve,CVE-2007-2670 || url,www.securityfocus.com/bid/23761 || url,doc.emergingthreats.net/2003879 1 || 2003880 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPChain XSS Attempt -- cat.php catid || cve,CVE-2007-2670 || url,www.securityfocus.com/bid/23761 || url,doc.emergingthreats.net/2003880 1 || 2003881 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SonicBB XSS Attempt -- search.php part || cve,CVE-2007-1903 || url,www.netvigilance.com/advisory0020 || url,doc.emergingthreats.net/2003881 1 || 2003882 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Multi User Randomizer (phpMUR) XSS Attempt -- configure_plugin.tpl.php edit_plugin || cve,CVE-2007-2632 || url,www.securityfocus.com/bid/23917 || url,doc.emergingthreats.net/2003882 1 || 2003883 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php 1 || cve,CVE-2007-2632 || url,www.securityfocus.com/bid/23917 || url,doc.emergingthreats.net/2003883 1 || 2003884 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php a || cve,CVE-2007-2632 || url,www.securityfocus.com/bid/23917 || url,doc.emergingthreats.net/2003884 1 || 2003885 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress XSS Attempt -- sidebar.php || cve,CVE-2007-2627 || url,www.securityfocus.com/archive/1/archive/1/467360/100/0/threaded || url,doc.emergingthreats.net/2003885 1 || 2003886 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) XSS Attempt -- cp_authorization.php || cve,CVE-2007-2625 || url,www.frsirt.com/english/advisories/2007/1637 || url,doc.emergingthreats.net/2003886 1 || 2003887 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) XSS Attempt -- cp_config.php || cve,CVE-2007-2624 || url,www.securityfocus.com/bid/23790 || url,doc.emergingthreats.net/2003887 1 || 2003888 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt -- browseCat.php catFile || cve,CVE-2007-2600 || url,www.milw0rm.com/exploits/3887 || url,doc.emergingthreats.net/2003888 1 || 2003889 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt -- browseSubCat.php catFile || cve,CVE-2007-2600 || url,www.milw0rm.com/exploits/3887 || url,doc.emergingthreats.net/2003889 1 || 2003890 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt -- openTutorial.php id || cve,CVE-2007-2600 || url,www.milw0rm.com/exploits/3887 || url,doc.emergingthreats.net/2003890 1 || 2003891 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt -- topFrame.php id || cve,CVE-2007-2600 || url,www.milw0rm.com/exploits/3887 || url,doc.emergingthreats.net/2003891 1 || 2003892 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt -- editListing.php id || cve,CVE-2007-2600 || url,www.milw0rm.com/exploits/3887 || url,doc.emergingthreats.net/2003892 1 || 2003893 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt -- search.php search || cve,CVE-2007-2600 || url,www.milw0rm.com/exploits/3887 || url,doc.emergingthreats.net/2003893 1 || 2003894 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nokia Intellisync Mobile Suite XSS Attempt -- dev_logon.asp username || cve,CVE-2007-2592 || url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || url,doc.emergingthreats.net/2003894 1 || 2003895 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nokia Intellisync Mobile Suite XSS Attempt -- registerAccount.asp || cve,CVE-2007-2592 || url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || url,doc.emergingthreats.net/2003895 1 || 2003896 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nokia Intellisync Mobile Suite XSS Attempt -- create_account.asp || cve,CVE-2007-2592 || url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || url,doc.emergingthreats.net/2003896 1 || 2003897 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt whstart.js || cve,CVE-2007-1280 || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || url,doc.emergingthreats.net/2003897 1 || 2003898 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt whcsh_home.htm || cve,CVE-2007-1280 || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || url,doc.emergingthreats.net/2003898 1 || 2003899 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt wf_startpage.js || cve,CVE-2007-1280 || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || url,doc.emergingthreats.net/2003899 1 || 2003900 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt wf_startqs.htm || cve,CVE-2007-1280 || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || url,doc.emergingthreats.net/2003900 1 || 2003901 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt WindowManager.dll || cve,CVE-2007-1280 || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || url,doc.emergingthreats.net/2003901 1 || 2003902 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Tomcat XSS Attempt -- implicit-objects.jsp || cve,CVE-2006-7195 || url,www.frsirt.com/english/advisories/2007/1729 || url,doc.emergingthreats.net/2003902 1 || 2003903 || 8 || web-application-attack || 0 || ET WEB_SERVER Microsoft SharePoint XSS Attempt default.aspx || cve,CVE-2007-2581 || url,www.securityfocus.com/bid/23832 || url,doc.emergingthreats.net/2003903 1 || 2003904 || 8 || web-application-attack || 0 || ET WEB_SERVER Microsoft SharePoint XSS Attempt index.php form mail || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003904 1 || 2003905 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form mods || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003905 1 || 2003906 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003906 1 || 2003907 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- download.php id || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003907 1 || 2003908 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form cat || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003908 1 || 2003909 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form cat || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003909 1 || 2003910 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form name || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003910 1 || 2003911 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form message || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003911 1 || 2003912 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form mail || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003912 1 || 2003913 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kayako eSupport XSS Attempt -- index.php _m || cve,CVE-2007-2562 || url,www.securityfocus.com/archive/1/archive/1/467832/100/0/threaded || url,doc.emergingthreats.net/2003913 1 || 2003914 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Podium CMS XSS Attempt -- Default.aspx id || cve,CVE-2007-2555 || url,www.securityfocus.com/archive/1/archive/1/467823/100/0/threaded || url,doc.emergingthreats.net/2003914 1 || 2003915 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Advanced Guestbook XSS Attempt -- picture.php picture || cve,CVE-2007-0605 || url,www.securityfocus.com/bid/23873 || url,doc.emergingthreats.net/2003915 1 || 2003916 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WikkaWiki (Wikka Wiki) XSS Attempt -- usersettings.php name || cve,CVE-2007-2551 || url,www.securityfocus.com/bid/23894 || url,doc.emergingthreats.net/2003916 1 || 2003917 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TurnkeyWebTools SunShop Shopping Cart XSS Attempt -- index.php l || cve,CVE-2007-2547 || url,www.securityfocus.com/bid/23856 || url,doc.emergingthreats.net/2003917 1 || 2003918 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minh Nguyen Duong Obie Website Mini Web Shop XSS Attempt -- sendmail.php || cve,CVE-2007-2532 || url,www.securityfocus.com/bid/23847 || url,doc.emergingthreats.net/2003918 1 || 2003919 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minh Nguyen Duong Obie Website Mini Web Shop XSS Attempt -- order_form.php || cve,CVE-2007-2532 || url,www.securityfocus.com/bid/23847 || url,doc.emergingthreats.net/2003919 1 || 2003920 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVDdb XSS Attempt -- loan.php movieid || cve,CVE-2007-2499 || url,www.securityfocus.com/bid/23764 || url,doc.emergingthreats.net/2003920 1 || 2003921 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVDdb XSS Attempt -- listmovies.php s || cve,CVE-2007-2499 || url,www.securityfocus.com/bid/23764 || url,doc.emergingthreats.net/2003921 1 || 2003922 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sendcard XSS Attempt -- sendcard.php form || cve,CVE-2007-2472 || url,www.secunia.com/advisories/25085 || url,doc.emergingthreats.net/2003922 1 || 2003924 || 8 || trojan-activity || 0 || ET SCAN WebHack Control Center User-Agent Inbound (WHCC/) || url,www.governmentsecurity.org/forum/index.php?showtopic=5112&pid=28561&mode=threaded&start= || url,doc.emergingthreats.net/2003924 1 || 2003925 || 7 || trojan-activity || 0 || ET USER_AGENTS WebHack Control Center User-Agent Outbound (WHCC/) || url,www.governmentsecurity.org/forum/index.php?showtopic=5112&pid=28561&mode=threaded&start= || url,doc.emergingthreats.net/2003925 1 || 2003926 || 8 || trojan-activity || 0 || ET MALWARE Personalweb Spyware User-Agent (PWMI/1.0) || url,doc.emergingthreats.net/2003926 1 || 2003927 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (HTTPTEST) - Seen used by downloaders || url,doc.emergingthreats.net/bin/view/Main/2003927 1 || 2003928 || 9 || trojan-activity || 0 || ET MALWARE Mirar Bar Spyware User-Agent (Mbar) || url,doc.emergingthreats.net/2003928 1 || 2003929 || 8 || trojan-activity || 0 || ET MALWARE Mirar Bar Spyware User-Agent (Mirar_Toolbar) || url,doc.emergingthreats.net/2003929 1 || 2003930 || 11 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Snatch-System) || url,doc.emergingthreats.net/bin/view/Main/2003930 1 || 2003931 || 7 || trojan-activity || 0 || ET TROJAN Banker.Delf User-Agent (Varlok_11000) || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2003931 1 || 2003932 || 8 || trojan-activity || 0 || ET TROJAN Hupigon User Agent Detected (IE_7.0) || url,doc.emergingthreats.net/2003932 1 || 2003933 || 9 || trojan-activity || 0 || ET TROJAN Banker.Delf User-Agent (Ms) || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2003933 1 || 2003934 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 1521 (Oracle) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003934 1 || 2003936 || 4 || trojan-activity || 0 || ET TROJAN Bandok phoning home (xor by 0xe9 to decode) || url,www.dshield.org/diary.html?date=2007-03-28 || url,www.secureworks.com/research/threats/bbbphish/?threat=bbbphish || url,doc.emergingthreats.net/2003936 1 || 2003937 || 11 || trojan-activity || 0 || ET TROJAN Bandook iwebho/BBB-phish trojan leaking user data || url,www.secureworks.com/research/threats/bbbphish || url,doc.emergingthreats.net/2003937 1 || 2003939 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- main_page.php SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003939 1 || 2003940 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- main_page.php UNION SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003940 1 || 2003941 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- main_page.php INSERT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003941 1 || 2003942 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- main_page.php DELETE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003942 1 || 2003943 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- main_page.php ASCII || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003943 1 || 2003944 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- main_page.php UPDATE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003944 1 || 2003945 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- open_tree.php SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003945 1 || 2003946 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- open_tree.php UNION SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003946 1 || 2003947 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- open_tree.php INSERT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003947 1 || 2003948 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- open_tree.php DELETE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003948 1 || 2003949 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- open_tree.php ASCII || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003949 1 || 2003950 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- open_tree.php UPDATE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003950 1 || 2003951 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- outputs.php SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003951 1 || 2003952 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- outputs.php UNION SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003952 1 || 2003953 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- outputs.php INSERT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003953 1 || 2003954 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- outputs.php DELETE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003954 1 || 2003955 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- outputs.php ASCII || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003955 1 || 2003956 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- outputs.php UPDATE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003956 1 || 2003957 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php view SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003957 1 || 2003958 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php view UNION SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003958 1 || 2003959 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php view INSERT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003959 1 || 2003960 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php view DELETE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003960 1 || 2003961 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php view ASCII || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003961 1 || 2003962 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php view UPDATE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003962 1 || 2003963 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- opentree.php id SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003963 1 || 2003964 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- opentree.php id UNION SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003964 1 || 2003965 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- opentree.php id INSERT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003965 1 || 2003966 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- opentree.php id DELETE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003966 1 || 2003967 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- opentree.php id ASCII || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003967 1 || 2003968 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- opentree.php id UPDATE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003968 1 || 2003969 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php login SELECT || cve,CVE-2007-2685 || url,www.netvigilance.com/advisory0028 || url,doc.emergingthreats.net/2003969 1 || 2003970 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php login UNION SELECT || cve,CVE-2007-2685 || url,www.netvigilance.com/advisory0028 || url,doc.emergingthreats.net/2003970 1 || 2003971 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php login INSERT || cve,CVE-2007-2685 || url,www.netvigilance.com/advisory0028 || url,doc.emergingthreats.net/2003971 1 || 2003972 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php login DELETE || cve,CVE-2007-2685 || url,www.netvigilance.com/advisory0028 || url,doc.emergingthreats.net/2003972 1 || 2003973 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php login ASCII || cve,CVE-2007-2685 || url,www.netvigilance.com/advisory0028 || url,doc.emergingthreats.net/2003973 1 || 2003974 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php login UPDATE || cve,CVE-2007-2685 || url,www.netvigilance.com/advisory0028 || url,doc.emergingthreats.net/2003974 1 || 2003981 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zomplog SQL Injection Attempt -- mp3playlist.php speler SELECT || cve,CVE-2007-2773 || url,www.milw0rm.com/exploits/3955 || url,doc.emergingthreats.net/2003981 1 || 2003982 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zomplog SQL Injection Attempt -- mp3playlist.php speler UNION SELECT || cve,CVE-2007-2773 || url,www.milw0rm.com/exploits/3955 || url,doc.emergingthreats.net/2003982 1 || 2003983 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zomplog SQL Injection Attempt -- mp3playlist.php speler INSERT || cve,CVE-2007-2773 || url,www.milw0rm.com/exploits/3955 || url,doc.emergingthreats.net/2003983 1 || 2003984 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zomplog SQL Injection Attempt -- mp3playlist.php speler DELETE || cve,CVE-2007-2773 || url,www.milw0rm.com/exploits/3955 || url,doc.emergingthreats.net/2003984 1 || 2003985 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zomplog SQL Injection Attempt -- mp3playlist.php speler ASCII || cve,CVE-2007-2773 || url,www.milw0rm.com/exploits/3955 || url,doc.emergingthreats.net/2003985 1 || 2003986 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zomplog SQL Injection Attempt -- mp3playlist.php speler UPDATE || cve,CVE-2007-2773 || url,www.milw0rm.com/exploits/3955 || url,doc.emergingthreats.net/2003986 1 || 2003987 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- index.php listid SELECT || cve,CVE-2007-2792 || url,www.exploit-db.com/exploits/3944/ || url,doc.emergingthreats.net/2003987 1 || 2003988 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- index.php listid UNION SELECT || cve,CVE-2007-2792 || url,www.exploit-db.com/exploits/3944/ || url,doc.emergingthreats.net/2003988 1 || 2003989 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- index.php listid INSERT || cve,CVE-2007-2792 || url,www.exploit-db.com/exploits/3944/ || url,doc.emergingthreats.net/2003989 1 || 2003990 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- index.php listid DELETE || cve,CVE-2007-2792 || url,www.exploit-db.com/exploits/3944/ || url,doc.emergingthreats.net/2003990 1 || 2003991 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- index.php listid ASCII || cve,CVE-2007-2792 || url,www.exploit-db.com/exploits/3944/ || url,doc.emergingthreats.net/2003991 1 || 2003992 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- index.php listid UPDATE || cve,CVE-2007-2792 || url,www.exploit-db.com/exploits/3944/ || url,doc.emergingthreats.net/2003992 1 || 2003993 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id SELECT || cve,CVE-2007-2803 || url,www.secunia.com/advisories/25348 || url,doc.emergingthreats.net/2003993 1 || 2003994 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id UNION SELECT || cve,CVE-2007-2803 || url,www.secunia.com/advisories/25348 || url,doc.emergingthreats.net/2003994 1 || 2003995 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id INSERT || cve,CVE-2007-2803 || url,www.secunia.com/advisories/25348 || url,doc.emergingthreats.net/2003995 1 || 2003996 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id DELETE || cve,CVE-2007-2803 || url,www.secunia.com/advisories/25348 || url,doc.emergingthreats.net/2003996 1 || 2003997 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id ASCII || cve,CVE-2007-2803 || url,www.secunia.com/advisories/25348 || url,doc.emergingthreats.net/2003997 1 || 2003998 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id UPDATE || cve,CVE-2007-2803 || url,www.secunia.com/advisories/25348 || url,doc.emergingthreats.net/2003998 1 || 2003999 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id SELECT || cve,CVE-2007-2810 || url,www.securityfocus.com/bid/23714 || url,doc.emergingthreats.net/2003999 1 || 2004000 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id UNION SELECT || cve,CVE-2007-2810 || url,www.securityfocus.com/bid/23714 || url,doc.emergingthreats.net/2004000 1 || 2004001 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id INSERT || cve,CVE-2007-2810 || url,www.securityfocus.com/bid/23714 || url,doc.emergingthreats.net/2004001 1 || 2004002 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id DELETE || cve,CVE-2007-2810 || url,www.securityfocus.com/bid/23714 || url,doc.emergingthreats.net/2004002 1 || 2004003 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id ASCII || cve,CVE-2007-2810 || url,www.securityfocus.com/bid/23714 || url,doc.emergingthreats.net/2004003 1 || 2004004 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id UPDATE || cve,CVE-2007-2810 || url,www.securityfocus.com/bid/23714 || url,doc.emergingthreats.net/2004004 1 || 2004005 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id SELECT || cve,CVE-2007-2817 || url,www.milw0rm.com/exploits/3964 || url,doc.emergingthreats.net/2004005 1 || 2004006 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id UNION SELECT || cve,CVE-2007-2817 || url,www.milw0rm.com/exploits/3964 || url,doc.emergingthreats.net/2004006 1 || 2004007 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id INSERT || cve,CVE-2007-2817 || url,www.milw0rm.com/exploits/3964 || url,doc.emergingthreats.net/2004007 1 || 2004008 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id DELETE || cve,CVE-2007-2817 || url,www.milw0rm.com/exploits/3964 || url,doc.emergingthreats.net/2004008 1 || 2004009 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id ASCII || cve,CVE-2007-2817 || url,www.milw0rm.com/exploits/3964 || url,doc.emergingthreats.net/2004009 1 || 2004010 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id UPDATE || cve,CVE-2007-2817 || url,www.milw0rm.com/exploits/3964 || url,doc.emergingthreats.net/2004010 1 || 2004011 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie SELECT || cve,CVE-2007-2821 || url,www.securityfocus.com/bid/24076 || url,doc.emergingthreats.net/2004011 1 || 2004012 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UNION SELECT || cve,CVE-2007-2821 || url,www.securityfocus.com/bid/24076 || url,doc.emergingthreats.net/2004012 1 || 2004013 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie INSERT || cve,CVE-2007-2821 || url,www.securityfocus.com/bid/24076 || url,doc.emergingthreats.net/2004013 1 || 2004014 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie DELETE || cve,CVE-2007-2821 || url,www.securityfocus.com/bid/24076 || url,doc.emergingthreats.net/2004014 1 || 2004015 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie ASCII || cve,CVE-2007-2821 || url,www.securityfocus.com/bid/24076 || url,doc.emergingthreats.net/2004015 1 || 2004016 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UPDATE || cve,CVE-2007-2821 || url,www.securityfocus.com/bid/24076 || url,doc.emergingthreats.net/2004016 1 || 2004022 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AlstraSoft E-Friends SQL Injection Attempt -- index.php pack UPDATE || cve,CVE-2007-2824 || url,www.milw0rm.com/exploits/3956 || url,doc.emergingthreats.net/2004022 1 || 2004023 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style SELECT || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004023 1 || 2004024 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style UNION SELECT || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004024 1 || 2004025 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style INSERT || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004025 1 || 2004026 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style DELETE || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004026 1 || 2004027 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style ASCII || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004027 1 || 2004028 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style UPDATE || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004028 1 || 2004029 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue SELECT || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004029 1 || 2004030 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue UNION SELECT || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004030 1 || 2004031 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue INSERT || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004031 1 || 2004032 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue DELETE || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004032 1 || 2004033 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue ASCII || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004033 1 || 2004034 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue UPDATE || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004034 1 || 2004035 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php SELECT || cve,CVE-2007-2862 || url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded || url,doc.emergingthreats.net/2004035 1 || 2004036 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UNION SELECT || cve,CVE-2007-2862 || url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded || url,doc.emergingthreats.net/2004036 1 || 2004037 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php INSERT || cve,CVE-2007-2862 || url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded || url,doc.emergingthreats.net/2004037 1 || 2004038 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php DELETE || cve,CVE-2007-2862 || url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded || url,doc.emergingthreats.net/2004038 1 || 2004039 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php ASCII || cve,CVE-2007-2862 || url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded || url,doc.emergingthreats.net/2004039 1 || 2004040 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UPDATE || cve,CVE-2007-2862 || url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded || url,doc.emergingthreats.net/2004040 1 || 2004041 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id SELECT || cve,CVE-2007-2866 || url,www.frsirt.com/english/advisories/2007/1937 || url,doc.emergingthreats.net/2004041 1 || 2004042 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id UNION SELECT || cve,CVE-2007-2866 || url,www.frsirt.com/english/advisories/2007/1937 || url,doc.emergingthreats.net/2004042 1 || 2004043 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id INSERT || cve,CVE-2007-2866 || url,www.frsirt.com/english/advisories/2007/1937 || url,doc.emergingthreats.net/2004043 1 || 2004044 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id DELETE || cve,CVE-2007-2866 || url,www.frsirt.com/english/advisories/2007/1937 || url,doc.emergingthreats.net/2004044 1 || 2004045 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id ASCII || cve,CVE-2007-2866 || url,www.frsirt.com/english/advisories/2007/1937 || url,doc.emergingthreats.net/2004045 1 || 2004046 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id UPDATE || cve,CVE-2007-2866 || url,www.frsirt.com/english/advisories/2007/1937 || url,doc.emergingthreats.net/2004046 1 || 2004047 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- courseLog.php scormcontopen SELECT || cve,CVE-2007-2889 || url,www.milw0rm.com/exploits/3980 || url,doc.emergingthreats.net/2004047 1 || 2004048 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- courseLog.php scormcontopen UNION SELECT || cve,CVE-2007-2889 || url,www.milw0rm.com/exploits/3980 || url,doc.emergingthreats.net/2004048 1 || 2004049 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- courseLog.php scormcontopen INSERT || cve,CVE-2007-2889 || url,www.milw0rm.com/exploits/3980 || url,doc.emergingthreats.net/2004049 1 || 2004050 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- courseLog.php scormcontopen DELETE || cve,CVE-2007-2889 || url,www.milw0rm.com/exploits/3980 || url,doc.emergingthreats.net/2004050 1 || 2004051 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- courseLog.php scormcontopen ASCII || cve,CVE-2007-2889 || url,www.milw0rm.com/exploits/3980 || url,doc.emergingthreats.net/2004051 1 || 2004052 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- courseLog.php scormcontopen UPDATE || cve,CVE-2007-2889 || url,www.milw0rm.com/exploits/3980 || url,doc.emergingthreats.net/2004052 1 || 2004053 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- category.php id_category SELECT || cve,CVE-2007-2890 || url,www.milw0rm.com/exploits/3981 || url,doc.emergingthreats.net/2004053 1 || 2004054 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- category.php id_category UNION SELECT || cve,CVE-2007-2890 || url,www.milw0rm.com/exploits/3981 || url,doc.emergingthreats.net/2004054 1 || 2004055 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- category.php id_category INSERT || cve,CVE-2007-2890 || url,www.milw0rm.com/exploits/3981 || url,doc.emergingthreats.net/2004055 1 || 2004056 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- category.php id_category DELETE || cve,CVE-2007-2890 || url,www.milw0rm.com/exploits/3981 || url,doc.emergingthreats.net/2004056 1 || 2004057 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- category.php id_category ASCII || cve,CVE-2007-2890 || url,www.milw0rm.com/exploits/3981 || url,doc.emergingthreats.net/2004057 1 || 2004058 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- category.php id_category UPDATE || cve,CVE-2007-2890 || url,www.milw0rm.com/exploits/3981 || url,doc.emergingthreats.net/2004058 1 || 2004059 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php rating SELECT || cve,CVE-2007-2898 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004059 1 || 2004060 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php rating UNION SELECT || cve,CVE-2007-2898 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004060 1 || 2004061 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php rating INSERT || cve,CVE-2007-2898 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004061 1 || 2004062 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php rating DELETE || cve,CVE-2007-2898 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004062 1 || 2004063 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php rating ASCII || cve,CVE-2007-2898 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004063 1 || 2004064 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php rating UPDATE || cve,CVE-2007-2898 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004064 1 || 2004065 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- my_progress.php course SELECT || cve,CVE-2007-2902 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004065 1 || 2004066 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- my_progress.php course UNION SELECT || cve,CVE-2007-2902 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004066 1 || 2004067 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- my_progress.php course INSERT || cve,CVE-2007-2902 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004067 1 || 2004068 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- my_progress.php course DELETE || cve,CVE-2007-2902 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004068 1 || 2004069 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- my_progress.php course ASCII || cve,CVE-2007-2902 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004069 1 || 2004070 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- my_progress.php course UPDATE || cve,CVE-2007-2902 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004070 1 || 2004071 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php post_id SELECT || cve,CVE-2007-2905 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004071 1 || 2004072 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php post_id UNION SELECT || cve,CVE-2007-2905 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004072 1 || 2004073 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php post_id INSERT || cve,CVE-2007-2905 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004073 1 || 2004074 || 12 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php post_id DELETE || cve,CVE-2007-2905 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004074 1 || 2004075 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php post_id ASCII || cve,CVE-2007-2905 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004075 1 || 2004076 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php post_id UPDATE || cve,CVE-2007-2905 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004076 1 || 2004077 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php SELECT || cve,CVE-2007-2911 || url,www.vbulletin.com/forum/project.php?issueid=21615 || url,doc.emergingthreats.net/2004077 1 || 2004078 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UNION SELECT || cve,CVE-2007-2911 || url,www.vbulletin.com/forum/project.php?issueid=21615 || url,doc.emergingthreats.net/2004078 1 || 2004079 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php INSERT || cve,CVE-2007-2911 || url,www.vbulletin.com/forum/project.php?issueid=21615 || url,doc.emergingthreats.net/2004079 1 || 2004080 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php DELETE || cve,CVE-2007-2911 || url,www.vbulletin.com/forum/project.php?issueid=21615 || url,doc.emergingthreats.net/2004080 1 || 2004081 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php ASCII || cve,CVE-2007-2911 || url,www.vbulletin.com/forum/project.php?issueid=21615 || url,doc.emergingthreats.net/2004081 1 || 2004082 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UPDATE || cve,CVE-2007-2911 || url,www.vbulletin.com/forum/project.php?issueid=21615 || url,doc.emergingthreats.net/2004082 1 || 2004083 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php catid SELECT || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004083 1 || 2004084 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php catid UNION SELECT || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004084 1 || 2004085 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php catid INSERT || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004085 1 || 2004086 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php catid DELETE || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004086 1 || 2004087 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php catid ASCII || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004087 1 || 2004088 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php catid UPDATE || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004088 1 || 2004089 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id SELECT || cve,CVE-2007-2933 || url,www.milw0rm.com/exploits/4003 || url,doc.emergingthreats.net/2004089 1 || 2004090 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id UNION SELECT || cve,CVE-2007-2933 || url,www.milw0rm.com/exploits/4003 || url,doc.emergingthreats.net/2004090 1 || 2004091 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id INSERT || cve,CVE-2007-2933 || url,www.milw0rm.com/exploits/4003 || url,doc.emergingthreats.net/2004091 1 || 2004092 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id DELETE || cve,CVE-2007-2933 || url,www.milw0rm.com/exploits/4003 || url,doc.emergingthreats.net/2004092 1 || 2004093 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id ASCII || cve,CVE-2007-2933 || url,www.milw0rm.com/exploits/4003 || url,doc.emergingthreats.net/2004093 1 || 2004094 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id UPDATE || cve,CVE-2007-2933 || url,www.milw0rm.com/exploits/4003 || url,doc.emergingthreats.net/2004094 1 || 2004095 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Little Forum SQL Injection Attempt -- user.php id SELECT || cve,CVE-2007-2942 || url,www.exploit-db.com/exploits/3989/ || url,doc.emergingthreats.net/2004095 1 || 2004096 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Little Forum SQL Injection Attempt -- user.php id UNION SELECT || cve,CVE-2007-2942 || url,www.exploit-db.com/exploits/3989/ || url,doc.emergingthreats.net/2004096 1 || 2004097 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Little Forum SQL Injection Attempt -- user.php id INSERT || cve,CVE-2007-2942 || url,www.exploit-db.com/exploits/3989/ || url,doc.emergingthreats.net/2004097 1 || 2004098 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Little Forum SQL Injection Attempt -- user.php id DELETE || cve,CVE-2007-2942 || url,www.exploit-db.com/exploits/3989/ || url,doc.emergingthreats.net/2004098 1 || 2004099 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Little Forum SQL Injection Attempt -- user.php id ASCII || cve,CVE-2007-2942 || url,www.exploit-db.com/exploits/3989/ || url,doc.emergingthreats.net/2004099 1 || 2004100 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Little Forum SQL Injection Attempt -- user.php id UPDATE || cve,CVE-2007-2942 || url,www.exploit-db.com/exploits/3989/ || url,doc.emergingthreats.net/2004100 1 || 2004101 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer SELECT || cve,CVE-2007-2959 || url,www.securityfocus.com/bid/24223 || url,doc.emergingthreats.net/2004101 1 || 2004102 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer UNION SELECT || cve,CVE-2007-2959 || url,www.securityfocus.com/bid/24223 || url,doc.emergingthreats.net/2004102 1 || 2004103 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer INSERT || cve,CVE-2007-2959 || url,www.securityfocus.com/bid/24223 || url,doc.emergingthreats.net/2004103 1 || 2004104 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer DELETE || cve,CVE-2007-2959 || url,www.securityfocus.com/bid/24223 || url,doc.emergingthreats.net/2004104 1 || 2004105 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer ASCII || cve,CVE-2007-2959 || url,www.securityfocus.com/bid/24223 || url,doc.emergingthreats.net/2004105 1 || 2004106 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer UPDATE || cve,CVE-2007-2959 || url,www.securityfocus.com/bid/24223 || url,doc.emergingthreats.net/2004106 1 || 2004108 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid SELECT || cve,CVE-2007-2971 || url,www.milw0rm.com/exploits/3988 || url,doc.emergingthreats.net/2004108 1 || 2004109 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid UNION SELECT || cve,CVE-2007-2971 || url,www.milw0rm.com/exploits/3988 || url,doc.emergingthreats.net/2004109 1 || 2004110 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid INSERT || cve,CVE-2007-2971 || url,www.milw0rm.com/exploits/3988 || url,doc.emergingthreats.net/2004110 1 || 2004111 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid DELETE || cve,CVE-2007-2971 || url,www.milw0rm.com/exploits/3988 || url,doc.emergingthreats.net/2004111 1 || 2004112 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid ASCII || cve,CVE-2007-2971 || url,www.milw0rm.com/exploits/3988 || url,doc.emergingthreats.net/2004112 1 || 2004113 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid UPDATE || cve,CVE-2007-2971 || url,www.milw0rm.com/exploits/3988 || url,doc.emergingthreats.net/2004113 1 || 2004114 || 7 || trojan-activity || 0 || ET USER_AGENTS Bancos User-Agent Detected vb wininet || url,doc.emergingthreats.net/2004114 1 || 2004116 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid SELECT || cve,CVE-2007-1615 || url,www.milw0rm.com/exploits/3509 || url,doc.emergingthreats.net/2004116 1 || 2004117 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid UNION SELECT || cve,CVE-2007-1615 || url,www.milw0rm.com/exploits/3509 || url,doc.emergingthreats.net/2004117 1 || 2004118 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid INSERT || cve,CVE-2007-1615 || url,www.milw0rm.com/exploits/3509 || url,doc.emergingthreats.net/2004118 1 || 2004119 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid DELETE || cve,CVE-2007-1615 || url,www.milw0rm.com/exploits/3509 || url,doc.emergingthreats.net/2004119 1 || 2004120 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid ASCII || cve,CVE-2007-1615 || url,www.milw0rm.com/exploits/3509 || url,doc.emergingthreats.net/2004120 1 || 2004121 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid UPDATE || cve,CVE-2007-1615 || url,www.milw0rm.com/exploits/3509 || url,doc.emergingthreats.net/2004121 1 || 2004122 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna SELECT || cve,CVE-2007-1612 || url,www.exploit-db.com/exploits/3513/ || url,doc.emergingthreats.net/2004122 1 || 2004123 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna UNION SELECT || cve,CVE-2007-1612 || url,www.exploit-db.com/exploits/3513/ || url,doc.emergingthreats.net/2004123 1 || 2004124 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna INSERT || cve,CVE-2007-1612 || url,www.exploit-db.com/exploits/3513/ || url,doc.emergingthreats.net/2004124 1 || 2004125 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna DELETE || cve,CVE-2007-1612 || url,www.exploit-db.com/exploits/3513/ || url,doc.emergingthreats.net/2004125 1 || 2004126 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna ASCII || cve,CVE-2007-1612 || url,www.exploit-db.com/exploits/3513/ || url,doc.emergingthreats.net/2004126 1 || 2004127 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna UPDATE || cve,CVE-2007-1612 || url,www.exploit-db.com/exploits/3513/ || url,doc.emergingthreats.net/2004127 1 || 2004128 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum SELECT || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004128 1 || 2004129 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UNION SELECT || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004129 1 || 2004130 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum INSERT || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004130 1 || 2004131 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum DELETE || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004131 1 || 2004132 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum ASCII || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004132 1 || 2004133 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UPDATE || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004133 1 || 2004134 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user SELECT || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004134 1 || 2004135 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UNION SELECT || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004135 1 || 2004136 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user INSERT || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004136 1 || 2004137 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user DELETE || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004137 1 || 2004138 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user ASCII || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004138 1 || 2004139 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UPDATE || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004139 1 || 2004140 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order SELECT || cve,CVE-2007-1602 || url,www.securityfocus.com/archive/1/archive/1/462702/100/100/threaded || url,doc.emergingthreats.net/2004140 1 || 2004141 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order UNION SELECT || cve,CVE-2007-1602 || url,www.securityfocus.com/archive/1/archive/1/462702/100/100/threaded || url,doc.emergingthreats.net/2004141 1 || 2004142 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order INSERT || cve,CVE-2007-1602 || url,www.securityfocus.com/archive/1/archive/1/462702/100/100/threaded || url,doc.emergingthreats.net/2004142 1 || 2004143 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order DELETE || cve,CVE-2007-1602 || url,www.securityfocus.com/archive/1/archive/1/462702/100/100/threaded || url,doc.emergingthreats.net/2004143 1 || 2004144 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order ASCII || cve,CVE-2007-1602 || url,www.securityfocus.com/archive/1/archive/1/462702/100/100/threaded || url,doc.emergingthreats.net/2004144 1 || 2004145 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order UPDATE || cve,CVE-2007-1602 || url,www.securityfocus.com/archive/1/archive/1/462702/100/100/threaded || url,doc.emergingthreats.net/2004145 1 || 2004146 || 8 || web-application-attack || 0 || ET DELETED Jelsoft vBulletin SQL Injection Attempt -- attachment.php SELECT || cve,CVE-2007-1573 || url,www.secunia.com/advisories/24503 || url,doc.emergingthreats.net/2004146 1 || 2004147 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UNION SELECT || cve,CVE-2007-1573 || url,www.secunia.com/advisories/24503 || url,doc.emergingthreats.net/2004147 1 || 2004148 || 8 || web-application-attack || 0 || ET DELETED Jelsoft vBulletin SQL Injection Attempt -- attachment.php INSERT || cve,CVE-2007-1573 || url,www.secunia.com/advisories/24503 || url,doc.emergingthreats.net/2004148 1 || 2004149 || 8 || web-application-attack || 0 || ET DELETED Jelsoft vBulletin SQL Injection Attempt -- attachment.php DELETE || cve,CVE-2007-1573 || url,www.secunia.com/advisories/24503 || url,doc.emergingthreats.net/2004149 1 || 2004150 || 8 || web-application-attack || 0 || ET DELETED Jelsoft vBulletin SQL Injection Attempt -- attachment.php ASCII || cve,CVE-2007-1573 || url,www.secunia.com/advisories/24503 || url,doc.emergingthreats.net/2004150 1 || 2004151 || 8 || web-application-attack || 0 || ET DELETED Jelsoft vBulletin SQL Injection Attempt -- attachment.php UPDATE || cve,CVE-2007-1573 || url,www.secunia.com/advisories/24503 || url,doc.emergingthreats.net/2004151 1 || 2004152 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp title SELECT || cve,CVE-2007-1572 || url,www.frsirt.com/english/advisories/2007/0940 || url,doc.emergingthreats.net/2004152 1 || 2004153 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp title UNION SELECT || cve,CVE-2007-1572 || url,www.frsirt.com/english/advisories/2007/0940 || url,doc.emergingthreats.net/2004153 1 || 2004154 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp title INSERT || cve,CVE-2007-1572 || url,www.frsirt.com/english/advisories/2007/0940 || url,doc.emergingthreats.net/2004154 1 || 2004155 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp title DELETE || cve,CVE-2007-1572 || url,www.frsirt.com/english/advisories/2007/0940 || url,doc.emergingthreats.net/2004155 1 || 2004156 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp title ASCII || cve,CVE-2007-1572 || url,www.frsirt.com/english/advisories/2007/0940 || url,doc.emergingthreats.net/2004156 1 || 2004157 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp title UPDATE || cve,CVE-2007-1572 || url,www.frsirt.com/english/advisories/2007/0940 || url,doc.emergingthreats.net/2004157 1 || 2004158 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetVIOS Portal SQL Injection Attempt -- page.asp NewsID SELECT || cve,CVE-2007-1566 || url,www.exploit-db.com/exploits/3520/ || url,doc.emergingthreats.net/2004158 1 || 2004159 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetVIOS Portal SQL Injection Attempt -- page.asp NewsID UNION SELECT || cve,CVE-2007-1566 || url,www.exploit-db.com/exploits/3520/ || url,doc.emergingthreats.net/2004159 1 || 2004160 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetVIOS Portal SQL Injection Attempt -- page.asp NewsID INSERT || cve,CVE-2007-1566 || url,www.exploit-db.com/exploits/3520/ || url,doc.emergingthreats.net/2004160 1 || 2004161 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetVIOS Portal SQL Injection Attempt -- page.asp NewsID DELETE || cve,CVE-2007-1566 || url,www.exploit-db.com/exploits/3520/ || url,doc.emergingthreats.net/2004161 1 || 2004162 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetVIOS Portal SQL Injection Attempt -- page.asp NewsID ASCII || cve,CVE-2007-1566 || url,www.exploit-db.com/exploits/3520/ || url,doc.emergingthreats.net/2004162 1 || 2004163 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetVIOS Portal SQL Injection Attempt -- page.asp NewsID UPDATE || cve,CVE-2007-1566 || url,www.exploit-db.com/exploits/3520/ || url,doc.emergingthreats.net/2004163 1 || 2004164 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c SELECT || cve,CVE-2007-1555 || url,www.milw0rm.com/exploits/3519 || url,doc.emergingthreats.net/2004164 1 || 2004165 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c UNION SELECT || cve,CVE-2007-1555 || url,www.milw0rm.com/exploits/3519 || url,doc.emergingthreats.net/2004165 1 || 2004166 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c INSERT || cve,CVE-2007-1555 || url,www.milw0rm.com/exploits/3519 || url,doc.emergingthreats.net/2004166 1 || 2004167 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c DELETE || cve,CVE-2007-1555 || url,www.milw0rm.com/exploits/3519 || url,doc.emergingthreats.net/2004167 1 || 2004168 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c ASCII || cve,CVE-2007-1555 || url,www.milw0rm.com/exploits/3519 || url,doc.emergingthreats.net/2004168 1 || 2004169 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c UPDATE || cve,CVE-2007-1555 || url,www.milw0rm.com/exploits/3519 || url,doc.emergingthreats.net/2004169 1 || 2004170 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php image_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004170 1 || 2004171 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php image_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004171 1 || 2004172 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php image_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004172 1 || 2004173 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php image_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004173 1 || 2004174 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php image_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004174 1 || 2004175 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php image_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004175 1 || 2004176 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php cat_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004176 1 || 2004177 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php cat_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004177 1 || 2004178 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php cat_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004178 1 || 2004179 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php cat_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004179 1 || 2004180 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php cat_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004180 1 || 2004181 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php cat_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004181 1 || 2004182 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004182 1 || 2004183 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004183 1 || 2004184 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004184 1 || 2004185 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004185 1 || 2004186 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004186 1 || 2004187 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004187 1 || 2004188 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- print.php news_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004188 1 || 2004189 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- print.php news_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004189 1 || 2004190 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- print.php news_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004190 1 || 2004191 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- print.php news_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004191 1 || 2004192 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- print.php news_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004192 1 || 2004193 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- print.php news_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004193 1 || 2004194 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_cat_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004194 1 || 2004195 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_cat_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004195 1 || 2004196 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_cat_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004196 1 || 2004197 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_cat_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004197 1 || 2004198 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_cat_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004198 1 || 2004199 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_cat_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004199 1 || 2004200 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php cat_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004200 1 || 2004201 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php cat_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004201 1 || 2004202 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php cat_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004202 1 || 2004203 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php cat_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004203 1 || 2004204 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php cat_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004204 1 || 2004205 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php cat_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004205 1 || 2004206 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php topic_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004206 1 || 2004207 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php topic_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004207 1 || 2004208 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php topic_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004208 1 || 2004209 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php topic_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004209 1 || 2004210 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php topic_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004210 1 || 2004211 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php topic_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004211 1 || 2004212 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php post_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004212 1 || 2004213 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php post_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004213 1 || 2004214 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php post_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004214 1 || 2004215 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php post_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004215 1 || 2004216 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php post_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004216 1 || 2004217 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php post_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004217 1 || 2004218 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- users.php user_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004218 1 || 2004219 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- users.php user_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004219 1 || 2004220 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- users.php user_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004220 1 || 2004221 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- users.php user_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004221 1 || 2004222 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- users.php user_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004222 1 || 2004223 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- users.php user_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004223 1 || 2004224 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- functions_filters.asp SELECT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004224 1 || 2004225 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- functions_filters.asp UNION SELECT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004225 1 || 2004226 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- functions_filters.asp INSERT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004226 1 || 2004227 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- functions_filters.asp DELETE || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004227 1 || 2004228 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- functions_filters.asp ASCII || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004228 1 || 2004229 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- functions_filters.asp UPDATE || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004229 1 || 2004230 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name SELECT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004230 1 || 2004231 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name UNION SELECT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004231 1 || 2004232 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name INSERT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004232 1 || 2004233 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name DELETE || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004233 1 || 2004234 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name UPDATE || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004234 1 || 2004235 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID SELECT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004235 1 || 2004236 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID UNION SELECT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004236 1 || 2004237 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID INSERT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004237 1 || 2004238 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID DELETE || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004238 1 || 2004239 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID ASCII || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004239 1 || 2004240 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID UPDATE || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004240 1 || 2004241 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip SELECT || cve,CVE-2006-7172 || url,www.milw0rm.com/exploits/3497 || url,doc.emergingthreats.net/2004241 1 || 2004242 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip UNION SELECT || cve,CVE-2006-7172 || url,www.milw0rm.com/exploits/3497 || url,doc.emergingthreats.net/2004242 1 || 2004243 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip INSERT || cve,CVE-2006-7172 || url,www.milw0rm.com/exploits/3497 || url,doc.emergingthreats.net/2004243 1 || 2004244 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip DELETE || cve,CVE-2006-7172 || url,www.milw0rm.com/exploits/3497 || url,doc.emergingthreats.net/2004244 1 || 2004245 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip ASCII || cve,CVE-2006-7172 || url,www.milw0rm.com/exploits/3497 || url,doc.emergingthreats.net/2004245 1 || 2004246 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip UPDATE || cve,CVE-2006-7172 || url,www.milw0rm.com/exploits/3497 || url,doc.emergingthreats.net/2004246 1 || 2004247 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board SQL Injection Attempt -- usergroups.php SELECT || cve,CVE-2007-1518 || url,www.securityfocus.com/bid/22970 || url,doc.emergingthreats.net/2004247 1 || 2004248 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board SQL Injection Attempt -- usergroups.php UNION SELECT || cve,CVE-2007-1518 || url,www.securityfocus.com/bid/22970 || url,doc.emergingthreats.net/2004248 1 || 2004249 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board SQL Injection Attempt -- usergroups.php INSERT || cve,CVE-2007-1518 || url,www.securityfocus.com/bid/22970 || url,doc.emergingthreats.net/2004249 1 || 2004250 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board SQL Injection Attempt -- usergroups.php DELETE || cve,CVE-2007-1518 || url,www.securityfocus.com/bid/22970 || url,doc.emergingthreats.net/2004250 1 || 2004251 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board SQL Injection Attempt -- usergroups.php ASCII || cve,CVE-2007-1518 || url,www.securityfocus.com/bid/22970 || url,doc.emergingthreats.net/2004251 1 || 2004252 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board SQL Injection Attempt -- usergroups.php UPDATE || cve,CVE-2007-1518 || url,www.securityfocus.com/bid/22970 || url,doc.emergingthreats.net/2004252 1 || 2004253 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id SELECT || cve,CVE-2007-1517 || url,www.milw0rm.com/exploits/3477 || url,doc.emergingthreats.net/2004253 1 || 2004254 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UNION SELECT || cve,CVE-2007-1517 || url,www.milw0rm.com/exploits/3477 || url,doc.emergingthreats.net/2004254 1 || 2004255 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id INSERT || cve,CVE-2007-1517 || url,www.milw0rm.com/exploits/3477 || url,doc.emergingthreats.net/2004255 1 || 2004256 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id DELETE || cve,CVE-2007-1517 || url,www.milw0rm.com/exploits/3477 || url,doc.emergingthreats.net/2004256 1 || 2004257 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id ASCII || cve,CVE-2007-1517 || url,www.milw0rm.com/exploits/3477 || url,doc.emergingthreats.net/2004257 1 || 2004258 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UPDATE || cve,CVE-2007-1517 || url,www.milw0rm.com/exploits/3477 || url,doc.emergingthreats.net/2004258 1 || 2004259 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- post.php postid SELECT || cve,CVE-2007-1510 || url,www.milw0rm.com/exploits/3500 || url,doc.emergingthreats.net/2004259 1 || 2004260 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- post.php postid UNION SELECT || cve,CVE-2007-1510 || url,www.milw0rm.com/exploits/3500 || url,doc.emergingthreats.net/2004260 1 || 2004261 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- post.php postid INSERT || cve,CVE-2007-1510 || url,www.milw0rm.com/exploits/3500 || url,doc.emergingthreats.net/2004261 1 || 2004262 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- post.php postid DELETE || cve,CVE-2007-1510 || url,www.milw0rm.com/exploits/3500 || url,doc.emergingthreats.net/2004262 1 || 2004263 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- post.php postid ASCII || cve,CVE-2007-1510 || url,www.milw0rm.com/exploits/3500 || url,doc.emergingthreats.net/2004263 1 || 2004264 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- post.php postid UPDATE || cve,CVE-2007-1510 || url,www.milw0rm.com/exploits/3500 || url,doc.emergingthreats.net/2004264 1 || 2004265 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x SELECT || cve,CVE-2006-7171 || url,xforce.iss.net/xforce/xfdb/30215 || url,doc.emergingthreats.net/2004265 1 || 2004266 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x UNION SELECT || cve,CVE-2006-7171 || url,xforce.iss.net/xforce/xfdb/30215 || url,doc.emergingthreats.net/2004266 1 || 2004267 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x INSERT || cve,CVE-2006-7171 || url,xforce.iss.net/xforce/xfdb/30215 || url,doc.emergingthreats.net/2004267 1 || 2004268 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x DELETE || cve,CVE-2006-7171 || url,xforce.iss.net/xforce/xfdb/30215 || url,doc.emergingthreats.net/2004268 1 || 2004269 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ASCII || cve,CVE-2006-7171 || url,xforce.iss.net/xforce/xfdb/30215 || url,doc.emergingthreats.net/2004269 1 || 2004270 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x UPDATE || cve,CVE-2006-7171 || url,xforce.iss.net/xforce/xfdb/30215 || url,doc.emergingthreats.net/2004270 1 || 2004271 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php t SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004271 1 || 2004272 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php t UNION SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004272 1 || 2004273 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php t INSERT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004273 1 || 2004274 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php t DELETE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004274 1 || 2004275 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php t ASCII || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004275 1 || 2004276 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php t UPDATE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004276 1 || 2004277 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004277 1 || 2004278 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId UNION SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004278 1 || 2004279 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId INSERT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004279 1 || 2004280 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId DELETE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004280 1 || 2004281 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId ASCII || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004281 1 || 2004282 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId UPDATE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004282 1 || 2004283 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004283 1 || 2004284 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk UNION SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004284 1 || 2004285 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk INSERT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004285 1 || 2004286 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk DELETE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004286 1 || 2004287 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk ASCII || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004287 1 || 2004288 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk UPDATE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004288 1 || 2004289 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004289 1 || 2004290 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x UNION SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004290 1 || 2004291 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x INSERT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004291 1 || 2004292 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x DELETE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004292 1 || 2004293 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ASCII || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004293 1 || 2004294 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x UPDATE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004294 1 || 2004295 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php so SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004295 1 || 2004296 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php so UNION SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004296 1 || 2004297 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php so INSERT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004297 1 || 2004298 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php so DELETE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004298 1 || 2004299 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php so ASCII || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004299 1 || 2004300 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php so UPDATE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004300 1 || 2004301 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004301 1 || 2004302 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo UNION SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004302 1 || 2004303 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo INSERT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004303 1 || 2004304 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo DELETE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004304 1 || 2004305 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo ASCII || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004305 1 || 2004306 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo UPDATE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004306 1 || 2004307 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php SELECT || cve,CVE-2007-1493 || url,www.securityfocus.com/archive/1/archive/1/462453/100/0/threaded || url,doc.emergingthreats.net/2004307 1 || 2004308 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php UNION SELECT || cve,CVE-2007-1493 || url,www.securityfocus.com/archive/1/archive/1/462453/100/0/threaded || url,doc.emergingthreats.net/2004308 1 || 2004309 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php INSERT || cve,CVE-2007-1493 || url,www.securityfocus.com/archive/1/archive/1/462453/100/0/threaded || url,doc.emergingthreats.net/2004309 1 || 2004310 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php DELETE || cve,CVE-2007-1493 || url,www.securityfocus.com/archive/1/archive/1/462453/100/0/threaded || url,doc.emergingthreats.net/2004310 1 || 2004311 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php ASCII || cve,CVE-2007-1493 || url,www.securityfocus.com/archive/1/archive/1/462453/100/0/threaded || url,doc.emergingthreats.net/2004311 1 || 2004312 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php UPDATE || cve,CVE-2007-1493 || url,www.securityfocus.com/archive/1/archive/1/462453/100/0/threaded || url,doc.emergingthreats.net/2004312 1 || 2004313 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt -- index.php e_id SELECT || cve,CVE-2007-1481 || url,www.milw0rm.com/exploits/3490 || url,doc.emergingthreats.net/2004313 1 || 2004314 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt -- index.php e_id UNION SELECT || cve,CVE-2007-1481 || url,www.milw0rm.com/exploits/3490 || url,doc.emergingthreats.net/2004314 1 || 2004315 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt -- index.php e_id INSERT || cve,CVE-2007-1481 || url,www.milw0rm.com/exploits/3490 || url,doc.emergingthreats.net/2004315 1 || 2004316 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt -- index.php e_id DELETE || cve,CVE-2007-1481 || url,www.milw0rm.com/exploits/3490 || url,doc.emergingthreats.net/2004316 1 || 2004317 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt -- index.php e_id UPDATE || cve,CVE-2007-1481 || url,www.milw0rm.com/exploits/3490 || url,doc.emergingthreats.net/2004317 1 || 2004318 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt -- index.php e_id ASCII || cve,CVE-2007-1481 || url,www.milw0rm.com/exploits/3490 || url,doc.emergingthreats.net/2004318 1 || 2004319 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid SELECT || cve,CVE-2007-1469 || url,www.securityfocus.com/bid/22988 || url,doc.emergingthreats.net/2004319 1 || 2004320 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid UNION SELECT || cve,CVE-2007-1469 || url,www.securityfocus.com/bid/22988 || url,doc.emergingthreats.net/2004320 1 || 2004321 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid INSERT || cve,CVE-2007-1469 || url,www.securityfocus.com/bid/22988 || url,doc.emergingthreats.net/2004321 1 || 2004322 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid DELETE || cve,CVE-2007-1469 || url,www.securityfocus.com/bid/22988 || url,doc.emergingthreats.net/2004322 1 || 2004323 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid ASCII || cve,CVE-2007-1469 || url,www.securityfocus.com/bid/22988 || url,doc.emergingthreats.net/2004323 1 || 2004324 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid UPDATE || cve,CVE-2007-1469 || url,www.securityfocus.com/bid/22988 || url,doc.emergingthreats.net/2004324 1 || 2004325 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang SELECT || cve,CVE-2007-1450 || url,www.securityfocus.com/bid/22909 || url,doc.emergingthreats.net/2004325 1 || 2004326 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang UNION SELECT || cve,CVE-2007-1450 || url,www.securityfocus.com/bid/22909 || url,doc.emergingthreats.net/2004326 1 || 2004327 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang INSERT || cve,CVE-2007-1450 || url,www.securityfocus.com/bid/22909 || url,doc.emergingthreats.net/2004327 1 || 2004328 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang DELETE || cve,CVE-2007-1450 || url,www.securityfocus.com/bid/22909 || url,doc.emergingthreats.net/2004328 1 || 2004329 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang ASCII || cve,CVE-2007-1450 || url,www.securityfocus.com/bid/22909 || url,doc.emergingthreats.net/2004329 1 || 2004330 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang UPDATE || cve,CVE-2007-1450 || url,www.securityfocus.com/bid/22909 || url,doc.emergingthreats.net/2004330 1 || 2004331 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout SELECT || cve,CVE-2007-1445 || url,www.milw0rm.com/exploits/3466 || url,doc.emergingthreats.net/2004331 1 || 2004332 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout UNION SELECT || cve,CVE-2007-1445 || url,www.milw0rm.com/exploits/3466 || url,doc.emergingthreats.net/2004332 1 || 2004333 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout INSERT || cve,CVE-2007-1445 || url,www.milw0rm.com/exploits/3466 || url,doc.emergingthreats.net/2004333 1 || 2004334 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout DELETE || cve,CVE-2007-1445 || url,www.milw0rm.com/exploits/3466 || url,doc.emergingthreats.net/2004334 1 || 2004335 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout ASCII || cve,CVE-2007-1445 || url,www.milw0rm.com/exploits/3466 || url,doc.emergingthreats.net/2004335 1 || 2004336 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout UPDATE || cve,CVE-2007-1445 || url,www.milw0rm.com/exploits/3466 || url,doc.emergingthreats.net/2004336 1 || 2004337 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author SELECT || cve,CVE-2007-1440 || url,www.milw0rm.com/exploits/3470 || url,doc.emergingthreats.net/2004337 1 || 2004338 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author UNION SELECT || cve,CVE-2007-1440 || url,www.milw0rm.com/exploits/3470 || url,doc.emergingthreats.net/2004338 1 || 2004339 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author INSERT || cve,CVE-2007-1440 || url,www.milw0rm.com/exploits/3470 || url,doc.emergingthreats.net/2004339 1 || 2004340 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author DELETE || cve,CVE-2007-1440 || url,www.milw0rm.com/exploits/3470 || url,doc.emergingthreats.net/2004340 1 || 2004341 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author ASCII || cve,CVE-2007-1440 || url,www.milw0rm.com/exploits/3470 || url,doc.emergingthreats.net/2004341 1 || 2004342 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author UPDATE || cve,CVE-2007-1440 || url,www.milw0rm.com/exploits/3470 || url,doc.emergingthreats.net/2004342 1 || 2004343 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id SELECT || cve,CVE-2007-1438 || url,www.milw0rm.com/exploits/3469 || url,doc.emergingthreats.net/2004343 1 || 2004344 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id UNION SELECT || cve,CVE-2007-1438 || url,www.milw0rm.com/exploits/3469 || url,doc.emergingthreats.net/2004344 1 || 2004345 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id INSERT || cve,CVE-2007-1438 || url,www.milw0rm.com/exploits/3469 || url,doc.emergingthreats.net/2004345 1 || 2004346 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id DELETE || cve,CVE-2007-1438 || url,www.milw0rm.com/exploits/3469 || url,doc.emergingthreats.net/2004346 1 || 2004347 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id ASCII || cve,CVE-2007-1438 || url,www.milw0rm.com/exploits/3469 || url,doc.emergingthreats.net/2004347 1 || 2004348 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id UPDATE || cve,CVE-2007-1438 || url,www.milw0rm.com/exploits/3469 || url,doc.emergingthreats.net/2004348 1 || 2004349 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004349 1 || 2004350 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id UNION SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004350 1 || 2004351 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id INSERT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004351 1 || 2004352 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id DELETE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004352 1 || 2004353 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id ASCII || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004353 1 || 2004354 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id UPDATE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004354 1 || 2004355 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004355 1 || 2004356 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id UNION SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004356 1 || 2004357 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id INSERT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004357 1 || 2004358 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id DELETE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004358 1 || 2004359 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id ASCII || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004359 1 || 2004360 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id UPDATE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004360 1 || 2004361 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004361 1 || 2004362 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id UNION SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004362 1 || 2004363 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id INSERT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004363 1 || 2004364 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id DELETE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004364 1 || 2004365 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id ASCII || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004365 1 || 2004366 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id UPDATE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004366 1 || 2004367 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004367 1 || 2004368 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url UNION SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004368 1 || 2004369 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url INSERT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004369 1 || 2004370 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url DELETE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004370 1 || 2004371 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url ASCII || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004371 1 || 2004372 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url UPDATE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004372 1 || 2004373 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary SELECT || cve,CVE-2007-1428 || url,www.exploit-db.com/exploits/3455/ || url,doc.emergingthreats.net/2004373 1 || 2004374 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary UNION SELECT || cve,CVE-2007-1428 || url,www.exploit-db.com/exploits/3455/ || url,doc.emergingthreats.net/2004374 1 || 2004375 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary INSERT || cve,CVE-2007-1428 || url,www.exploit-db.com/exploits/3455/ || url,doc.emergingthreats.net/2004375 1 || 2004376 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary DELETE || cve,CVE-2007-1428 || url,www.exploit-db.com/exploits/3455/ || url,doc.emergingthreats.net/2004376 1 || 2004377 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary ASCII || cve,CVE-2007-1428 || url,www.exploit-db.com/exploits/3455/ || url,doc.emergingthreats.net/2004377 1 || 2004378 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary UPDATE || cve,CVE-2007-1428 || url,www.exploit-db.com/exploits/3455/ || url,doc.emergingthreats.net/2004378 1 || 2004379 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Triexa SonicMailer Pro SQL Injection Attempt -- index.php list SELECT || cve,CVE-2007-1425 || url,www.milw0rm.com/exploits/3457 || url,doc.emergingthreats.net/2004379 1 || 2004380 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Triexa SonicMailer Pro SQL Injection Attempt -- index.php list UNION SELECT || cve,CVE-2007-1425 || url,www.milw0rm.com/exploits/3457 || url,doc.emergingthreats.net/2004380 1 || 2004381 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Triexa SonicMailer Pro SQL Injection Attempt -- index.php list INSERT || cve,CVE-2007-1425 || url,www.milw0rm.com/exploits/3457 || url,doc.emergingthreats.net/2004381 1 || 2004382 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Triexa SonicMailer Pro SQL Injection Attempt -- index.php list DELETE || cve,CVE-2007-1425 || url,www.milw0rm.com/exploits/3457 || url,doc.emergingthreats.net/2004382 1 || 2004383 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Triexa SonicMailer Pro SQL Injection Attempt -- index.php list ASCII || cve,CVE-2007-1425 || url,www.milw0rm.com/exploits/3457 || url,doc.emergingthreats.net/2004383 1 || 2004384 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Triexa SonicMailer Pro SQL Injection Attempt -- index.php list UPDATE || cve,CVE-2007-1425 || url,www.milw0rm.com/exploits/3457 || url,doc.emergingthreats.net/2004384 1 || 2004385 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id SELECT || cve,CVE-2007-1422 || url,www.securityfocus.com/bid/22910 || url,doc.emergingthreats.net/2004385 1 || 2004386 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id UNION SELECT || cve,CVE-2007-1422 || url,www.securityfocus.com/bid/22910 || url,doc.emergingthreats.net/2004386 1 || 2004387 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id INSERT || cve,CVE-2007-1422 || url,www.securityfocus.com/bid/22910 || url,doc.emergingthreats.net/2004387 1 || 2004388 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id DELETE || cve,CVE-2007-1422 || url,www.securityfocus.com/bid/22910 || url,doc.emergingthreats.net/2004388 1 || 2004389 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id ASCII || cve,CVE-2007-1422 || url,www.securityfocus.com/bid/22910 || url,doc.emergingthreats.net/2004389 1 || 2004390 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id UPDATE || cve,CVE-2007-1422 || url,www.securityfocus.com/bid/22910 || url,doc.emergingthreats.net/2004390 1 || 2004397 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori SELECT || cve,CVE-2007-1410 || url,www.milw0rm.com/exploits/3437 || url,doc.emergingthreats.net/2004397 1 || 2004398 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori UNION SELECT || cve,CVE-2007-1410 || url,www.milw0rm.com/exploits/3437 || url,doc.emergingthreats.net/2004398 1 || 2004399 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori INSERT || cve,CVE-2007-1410 || url,www.milw0rm.com/exploits/3437 || url,doc.emergingthreats.net/2004399 1 || 2004400 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori DELETE || cve,CVE-2007-1410 || url,www.milw0rm.com/exploits/3437 || url,doc.emergingthreats.net/2004400 1 || 2004401 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori ASCII || cve,CVE-2007-1410 || url,www.milw0rm.com/exploits/3437 || url,doc.emergingthreats.net/2004401 1 || 2004402 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori UPDATE || cve,CVE-2007-1410 || url,www.milw0rm.com/exploits/3437 || url,doc.emergingthreats.net/2004402 1 || 2004403 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php SELECT || cve,CVE-2007-1409 || url,www.secunia.com/advisories/24566 || url,doc.emergingthreats.net/2004403 1 || 2004404 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php UNION SELECT || cve,CVE-2007-1409 || url,www.secunia.com/advisories/24566 || url,doc.emergingthreats.net/2004404 1 || 2004405 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php INSERT || cve,CVE-2007-1409 || url,www.secunia.com/advisories/24566 || url,doc.emergingthreats.net/2004405 1 || 2004406 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php DELETE || cve,CVE-2007-1409 || url,www.secunia.com/advisories/24566 || url,doc.emergingthreats.net/2004406 1 || 2004407 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php ASCII || cve,CVE-2007-1409 || url,www.secunia.com/advisories/24566 || url,doc.emergingthreats.net/2004407 1 || 2004408 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php UPDATE || cve,CVE-2007-1409 || url,www.secunia.com/advisories/24566 || url,doc.emergingthreats.net/2004408 1 || 2004409 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt SELECT || cve,CVE-2007-1339 || url,www.exploit-db.com/exploits/3416/ || url,doc.emergingthreats.net/2004409 1 || 2004410 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt UNION SELECT || cve,CVE-2007-1339 || url,www.exploit-db.com/exploits/3416/ || url,doc.emergingthreats.net/2004410 1 || 2004411 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt INSERT || cve,CVE-2007-1339 || url,www.exploit-db.com/exploits/3416/ || url,doc.emergingthreats.net/2004411 1 || 2004412 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt DELETE || cve,CVE-2007-1339 || url,www.exploit-db.com/exploits/3416/ || url,doc.emergingthreats.net/2004412 1 || 2004413 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt ASCII || cve,CVE-2007-1339 || url,www.exploit-db.com/exploits/3416/ || url,doc.emergingthreats.net/2004413 1 || 2004414 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt UPDATE || cve,CVE-2007-1339 || url,www.exploit-db.com/exploits/3416/ || url,doc.emergingthreats.net/2004414 1 || 2004415 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Serendipity SQL Injection Attempt -- index.php serendipity SELECT || cve,CVE-2007-1326 || url,www.securityfocus.com/archive/1/archive/1/461671/100/0/threaded || url,doc.emergingthreats.net/2004415 1 || 2004416 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Serendipity SQL Injection Attempt -- index.php serendipity UNION SELECT || cve,CVE-2007-1326 || url,www.securityfocus.com/archive/1/archive/1/461671/100/0/threaded || url,doc.emergingthreats.net/2004416 1 || 2004417 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Serendipity SQL Injection Attempt -- index.php serendipity INSERT || cve,CVE-2007-1326 || url,www.securityfocus.com/archive/1/archive/1/461671/100/0/threaded || url,doc.emergingthreats.net/2004417 1 || 2004418 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Serendipity SQL Injection Attempt -- index.php serendipity DELETE || cve,CVE-2007-1326 || url,www.securityfocus.com/archive/1/archive/1/461671/100/0/threaded || url,doc.emergingthreats.net/2004418 1 || 2004419 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Serendipity SQL Injection Attempt -- index.php serendipity ASCII || cve,CVE-2007-1326 || url,www.securityfocus.com/archive/1/archive/1/461671/100/0/threaded || url,doc.emergingthreats.net/2004419 1 || 2004420 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Serendipity SQL Injection Attempt -- index.php serendipity UPDATE || cve,CVE-2007-1326 || url,www.securityfocus.com/archive/1/archive/1/461671/100/0/threaded || url,doc.emergingthreats.net/2004420 1 || 2004421 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hazir Site SQL Injection Attempt -- giris_yap.asp sifre SELECT || cve,CVE-2006-7161 || url,www.securityfocus.com/bid/20375 || url,doc.emergingthreats.net/2004421 1 || 2004422 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hazir Site SQL Injection Attempt -- giris_yap.asp sifre UNION SELECT || cve,CVE-2006-7161 || url,www.securityfocus.com/bid/20375 || url,doc.emergingthreats.net/2004422 1 || 2004423 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hazir Site SQL Injection Attempt -- giris_yap.asp sifre INSERT || cve,CVE-2006-7161 || url,www.securityfocus.com/bid/20375 || url,doc.emergingthreats.net/2004423 1 || 2004424 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hazir Site SQL Injection Attempt -- giris_yap.asp sifre DELETE || cve,CVE-2006-7161 || url,www.securityfocus.com/bid/20375 || url,doc.emergingthreats.net/2004424 1 || 2004425 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hazir Site SQL Injection Attempt -- giris_yap.asp sifre ASCII || cve,CVE-2006-7161 || url,www.securityfocus.com/bid/20375 || url,doc.emergingthreats.net/2004425 1 || 2004426 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hazir Site SQL Injection Attempt -- giris_yap.asp sifre UPDATE || cve,CVE-2006-7161 || url,www.securityfocus.com/bid/20375 || url,doc.emergingthreats.net/2004426 1 || 2004427 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname SELECT || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004427 1 || 2004428 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname UNION SELECT || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004428 1 || 2004429 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname INSERT || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004429 1 || 2004430 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname DELETE || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004430 1 || 2004431 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname ASCII || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004431 1 || 2004432 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname UPDATE || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004432 1 || 2004433 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- com_comment.php mcname SELECT || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004433 1 || 2004434 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- com_comment.php mcname UNION SELECT || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004434 1 || 2004435 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- com_comment.php mcname INSERT || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004435 1 || 2004436 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- com_comment.php mcname DELETE || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004436 1 || 2004437 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- com_comment.php mcname ASCII || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004437 1 || 2004438 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- com_comment.php mcname UPDATE || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004438 1 || 2004439 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name ASCII || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004439 1 || 2004440 || 7 || trojan-activity || 0 || ET TROJAN Banload User-Agent Detected (ExampleDL) || url,doc.emergingthreats.net/2004440 1 || 2004442 || 8 || trojan-activity || 0 || ET TROJAN Banker.Delf User-Agent (hhh) || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2004442 1 || 2004443 || 9 || trojan-activity || 0 || ET TROJAN KKtone Suspicious User-Agent (KKTone) || url,doc.emergingthreats.net/bin/view/Main/2004443 1 || 2004449 || 6 || denial-of-service || 0 || ET DELETED PacketShaper DoS attempt || url,doc.emergingthreats.net/2004449 1 || 2004450 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp SELECT || cve,CVE-2007-2992 || url,www.securityfocus.com/bid/24275 || url,doc.emergingthreats.net/2004450 1 || 2004451 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp UNION SELECT || cve,CVE-2007-2992 || url,www.securityfocus.com/bid/24275 || url,doc.emergingthreats.net/2004451 1 || 2004452 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp INSERT || cve,CVE-2007-2992 || url,www.securityfocus.com/bid/24275 || url,doc.emergingthreats.net/2004452 1 || 2004453 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp DELETE || cve,CVE-2007-2992 || url,www.securityfocus.com/bid/24275 || url,doc.emergingthreats.net/2004453 1 || 2004454 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp ASCII || cve,CVE-2007-2992 || url,www.securityfocus.com/bid/24275 || url,doc.emergingthreats.net/2004454 1 || 2004455 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp UPDATE || cve,CVE-2007-2992 || url,www.securityfocus.com/bid/24275 || url,doc.emergingthreats.net/2004455 1 || 2004456 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid SELECT || cve,CVE-2007-2994 || url,www.securityfocus.com/bid/24212 || url,doc.emergingthreats.net/2004456 1 || 2004457 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid UNION SELECT || cve,CVE-2007-2994 || url,www.securityfocus.com/bid/24212 || url,doc.emergingthreats.net/2004457 1 || 2004458 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid INSERT || cve,CVE-2007-2994 || url,www.securityfocus.com/bid/24212 || url,doc.emergingthreats.net/2004458 1 || 2004459 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid DELETE || cve,CVE-2007-2994 || url,www.securityfocus.com/bid/24212 || url,doc.emergingthreats.net/2004459 1 || 2004460 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid ASCII || cve,CVE-2007-2994 || url,www.securityfocus.com/bid/24212 || url,doc.emergingthreats.net/2004460 1 || 2004461 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid UPDATE || cve,CVE-2007-2994 || url,www.securityfocus.com/bid/24212 || url,doc.emergingthreats.net/2004461 1 || 2004463 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp SELECT || cve,CVE-2007-2997 || url,www.securityfocus.com/bid/24226 || url,doc.emergingthreats.net/2004463 1 || 2004464 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp UNION SELECT || cve,CVE-2007-2997 || url,www.securityfocus.com/bid/24226 || url,doc.emergingthreats.net/2004464 1 || 2004465 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp INSERT || cve,CVE-2007-2997 || url,www.securityfocus.com/bid/24226 || url,doc.emergingthreats.net/2004465 1 || 2004466 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp DELETE || cve,CVE-2007-2997 || url,www.securityfocus.com/bid/24226 || url,doc.emergingthreats.net/2004466 1 || 2004467 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp ASCII || cve,CVE-2007-2997 || url,www.securityfocus.com/bid/24226 || url,doc.emergingthreats.net/2004467 1 || 2004468 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp UPDATE || cve,CVE-2007-2997 || url,www.securityfocus.com/bid/24226 || url,doc.emergingthreats.net/2004468 1 || 2004469 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php cat_id UNION SELECT || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004469 1 || 2004470 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php cat_id INSERT || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004470 1 || 2004471 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php cat_id DELETE || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004471 1 || 2004472 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php cat_id ASCII || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004472 1 || 2004473 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php cat_id UPDATE || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004473 1 || 2004474 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php year SELECT || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004474 1 || 2004475 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php year UNION SELECT || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004475 1 || 2004476 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php year INSERT || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004476 1 || 2004477 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php year DELETE || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004477 1 || 2004478 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php year ASCII || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004478 1 || 2004479 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php year UPDATE || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004479 1 || 2004480 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq SELECT || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004480 1 || 2004481 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UNION SELECT || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004481 1 || 2004482 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq INSERT || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004482 1 || 2004483 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq DELETE || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004483 1 || 2004484 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq ASCII || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004484 1 || 2004485 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UPDATE || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004485 1 || 2004486 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID SELECT || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004486 1 || 2004487 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID UNION SELECT || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004487 1 || 2004488 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID INSERT || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004488 1 || 2004489 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID DELETE || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004489 1 || 2004490 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID ASCII || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004490 1 || 2004491 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID UPDATE || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004491 1 || 2004492 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php cat_id SELECT || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004492 1 || 2004493 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004493 1 || 2004494 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name UNION SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004494 1 || 2004495 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name INSERT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004495 1 || 2004496 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name DELETE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004496 1 || 2004497 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name ASCII || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004497 1 || 2004498 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name UPDATE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004498 1 || 2004499 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php country SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004499 1 || 2004500 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php country UNION SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004500 1 || 2004501 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php country INSERT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004501 1 || 2004502 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php country DELETE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004502 1 || 2004503 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php country ASCII || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004503 1 || 2004504 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php country UPDATE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004504 1 || 2004505 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php email SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004505 1 || 2004506 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php email UNION SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004506 1 || 2004507 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php email INSERT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004507 1 || 2004508 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php email DELETE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004508 1 || 2004509 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php email ASCII || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004509 1 || 2004510 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php email UPDATE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004510 1 || 2004511 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004511 1 || 2004512 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website UNION SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004512 1 || 2004513 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website INSERT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004513 1 || 2004514 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website DELETE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004514 1 || 2004515 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website ASCII || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004515 1 || 2004516 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website UPDATE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004516 1 || 2004517 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004517 1 || 2004518 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message UNION SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004518 1 || 2004519 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message INSERT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004519 1 || 2004520 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message DELETE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004520 1 || 2004521 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message ASCII || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004521 1 || 2004522 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message UPDATE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004522 1 || 2004523 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country SELECT || cve,CVE-2007-1302 || url,www.securityfocus.com/bid/22821 || url,doc.emergingthreats.net/2004523 1 || 2004524 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country UNION SELECT || cve,CVE-2007-1302 || url,www.securityfocus.com/bid/22821 || url,doc.emergingthreats.net/2004524 1 || 2004525 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country INSERT || cve,CVE-2007-1302 || url,www.securityfocus.com/bid/22821 || url,doc.emergingthreats.net/2004525 1 || 2004526 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country DELETE || cve,CVE-2007-1302 || url,www.securityfocus.com/bid/22821 || url,doc.emergingthreats.net/2004526 1 || 2004527 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country ASCII || cve,CVE-2007-1302 || url,www.securityfocus.com/bid/22821 || url,doc.emergingthreats.net/2004527 1 || 2004528 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country UPDATE || cve,CVE-2007-1302 || url,www.securityfocus.com/bid/22821 || url,doc.emergingthreats.net/2004528 1 || 2004529 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id SELECT || cve,CVE-2007-1298 || url,www.milw0rm.com/exploits/3408 || url,doc.emergingthreats.net/2004529 1 || 2004530 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id UNION SELECT || cve,CVE-2007-1298 || url,www.milw0rm.com/exploits/3408 || url,doc.emergingthreats.net/2004530 1 || 2004531 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id INSERT || cve,CVE-2007-1298 || url,www.milw0rm.com/exploits/3408 || url,doc.emergingthreats.net/2004531 1 || 2004532 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id DELETE || cve,CVE-2007-1298 || url,www.milw0rm.com/exploits/3408 || url,doc.emergingthreats.net/2004532 1 || 2004533 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id ASCII || cve,CVE-2007-1298 || url,www.milw0rm.com/exploits/3408 || url,doc.emergingthreats.net/2004533 1 || 2004534 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id UPDATE || cve,CVE-2007-1298 || url,www.milw0rm.com/exploits/3408 || url,doc.emergingthreats.net/2004534 1 || 2004535 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id SELECT || cve,CVE-2007-1297 || url,www.milw0rm.com/exploits/3409 || url,doc.emergingthreats.net/2004535 1 || 2004536 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id UNION SELECT || cve,CVE-2007-1297 || url,www.milw0rm.com/exploits/3409 || url,doc.emergingthreats.net/2004536 1 || 2004537 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id INSERT || cve,CVE-2007-1297 || url,www.milw0rm.com/exploits/3409 || url,doc.emergingthreats.net/2004537 1 || 2004538 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id DELETE || cve,CVE-2007-1297 || url,www.milw0rm.com/exploits/3409 || url,doc.emergingthreats.net/2004538 1 || 2004539 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id ASCII || cve,CVE-2007-1297 || url,www.milw0rm.com/exploits/3409 || url,doc.emergingthreats.net/2004539 1 || 2004540 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id UPDATE || cve,CVE-2007-1297 || url,www.milw0rm.com/exploits/3409 || url,doc.emergingthreats.net/2004540 1 || 2004541 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid SELECT || cve,CVE-2007-1296 || url,www.milw0rm.com/exploits/3410 || url,doc.emergingthreats.net/2004541 1 || 2004542 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UNION SELECT || cve,CVE-2007-1296 || url,www.milw0rm.com/exploits/3410 || url,doc.emergingthreats.net/2004542 1 || 2004543 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid INSERT || cve,CVE-2007-1296 || url,www.milw0rm.com/exploits/3410 || url,doc.emergingthreats.net/2004543 1 || 2004544 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid DELETE || cve,CVE-2007-1296 || url,www.milw0rm.com/exploits/3410 || url,doc.emergingthreats.net/2004544 1 || 2004545 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ASCII || cve,CVE-2007-1296 || url,www.milw0rm.com/exploits/3410 || url,doc.emergingthreats.net/2004545 1 || 2004546 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UPDATE || cve,CVE-2007-1296 || url,www.milw0rm.com/exploits/3410 || url,doc.emergingthreats.net/2004546 1 || 2004547 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id SELECT || cve,CVE-2007-1295 || url,www.milw0rm.com/exploits/3411 || url,doc.emergingthreats.net/2004547 1 || 2004548 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id INSERT || cve,CVE-2007-1295 || url,www.milw0rm.com/exploits/3411 || url,doc.emergingthreats.net/2004548 1 || 2004549 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id DELETE || cve,CVE-2007-1295 || url,www.milw0rm.com/exploits/3411 || url,doc.emergingthreats.net/2004549 1 || 2004550 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id ASCII || cve,CVE-2007-1295 || url,www.milw0rm.com/exploits/3411 || url,doc.emergingthreats.net/2004550 1 || 2004551 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id UPDATE || cve,CVE-2007-1295 || url,www.milw0rm.com/exploits/3411 || url,doc.emergingthreats.net/2004551 1 || 2004552 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpPgAdmin XSS Attempt -- sqledit.php server || cve,CVE-2007-2865 || url,www.securityfocus.com/bid/24115 || url,doc.emergingthreats.net/2004552 1 || 2004554 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HLstats XSS Attempt -- hlstats.php authusername || cve,CVE-2007-2847 || url,www.securityfocus.com/bid/24102 || url,doc.emergingthreats.net/2004554 1 || 2004555 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HLstats XSS Attempt -- hlstats.php authpassword || cve,CVE-2007-2847 || url,www.securityfocus.com/bid/24102 || url,doc.emergingthreats.net/2004555 1 || 2004556 || 8 || web-application-attack || 0 || ET WEB_SERVER Cisco CallManager XSS Attempt serverlist.asp pattern || cve,CVE-2007-2832 || url,www.secunia.com/advisories/25377 || url,doc.emergingthreats.net/2004556 1 || 2004557 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @Mail XSS Attempt -- ReadMsg.php || cve,CVE-2007-2825 || url,xforce.iss.net/xforce/xfdb/34376 || url,doc.emergingthreats.net/2004557 1 || 2004558 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Track+ XSS Attempt -- reportItem.do projId || cve,CVE-2007-2819 || url,www.securityfocus.com/bid/24060 || url,doc.emergingthreats.net/2004558 1 || 2004559 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CactuSoft Parodia XSS Attempt -- cand_login.asp strJobIDs || cve,CVE-2007-2818 || url,www.securityfocus.com/bid/24078 || url,doc.emergingthreats.net/2004559 1 || 2004560 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HLstats XSS Attempt -- hlstats.php || cve,CVE-2007-2812 || url,www.securityfocus.com/bid/24063 || url,doc.emergingthreats.net/2004560 1 || 2004561 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HLstats XSS Attempt -- hlstats.php action || cve,CVE-2007-2812 || url,www.securityfocus.com/bid/24063 || url,doc.emergingthreats.net/2004561 1 || 2004562 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gnatsweb and Gnats XSS Attempt -- gnatsweb.pl database || cve,CVE-2007-2808 || url,www.secunia.com/advisories/25333 || url,doc.emergingthreats.net/2004562 1 || 2004563 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaliX XSS Attempt -- index.php galix_cat_detail || cve,CVE-2007-2806 || url,www.securityfocus.com/bid/24066 || url,doc.emergingthreats.net/2004563 1 || 2004564 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaliX XSS Attempt -- index.php galix_gal_detail || cve,CVE-2007-2806 || url,www.securityfocus.com/bid/24066 || url,doc.emergingthreats.net/2004564 1 || 2004565 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaliX XSS Attempt -- index.php galix_cat_detail_sort || cve,CVE-2007-2806 || url,www.securityfocus.com/bid/24066 || url,doc.emergingthreats.net/2004565 1 || 2004566 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClientExec (CE) XSS Attempt -- index.php ticketID || cve,CVE-2007-2805 || url,www.securityfocus.com/bid/24061 || url,doc.emergingthreats.net/2004566 1 || 2004567 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClientExec (CE) XSS Attempt -- index.php view || cve,CVE-2007-2805 || url,www.securityfocus.com/bid/24061 || url,doc.emergingthreats.net/2004567 1 || 2004568 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClientExec (CE) XSS Attempt -- index.php fuse || cve,CVE-2007-2805 || url,www.securityfocus.com/bid/24061 || url,doc.emergingthreats.net/2004568 1 || 2004569 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store XSS Attempt -- prodList.asp brand || cve,CVE-2007-2804 || url,www.secunia.com/advisories/25370 || url,doc.emergingthreats.net/2004569 1 || 2004570 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store XSS Attempt -- prodList.asp Msg || cve,CVE-2007-2804 || url,www.secunia.com/advisories/25370 || url,doc.emergingthreats.net/2004570 1 || 2004571 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RM EasyMail Plus XSS Attempt -- Login d || cve,CVE-2007-2802 || url,www.secunia.com/advisories/25326 || url,doc.emergingthreats.net/2004571 1 || 2004572 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS XSS Attempt -- index.php login || cve,CVE-2007-2686 || url,www.osvdb.org/34791 || url,doc.emergingthreats.net/2004572 1 || 2004573 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart XSS Attempt -- shopcontent.asp type || cve,CVE-2007-2790 || url,www.securityfocus.com/archive/1/archive/1/468834/100/0/threaded || url,doc.emergingthreats.net/2004573 1 || 2004574 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WikyBlog XSS Attempt sessionRegister.php || cve,CVE-2007-2781 || url,www.secunia.com/advisories/25308 || url,doc.emergingthreats.net/2004574 1 || 2004575 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tomcat XSS Attempt -- hello.jsp test || cve,CVE-2007-1355 || url,www.securityfocus.com/bid/24058 || url,doc.emergingthreats.net/2004575 1 || 2004576 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt -- module_bbcodeloader.php || cve,CVE-2007-2963 || url,www.securityfocus.com/bid/24244 || url,doc.emergingthreats.net/2004576 1 || 2004577 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt -- module_div.php || cve,CVE-2007-2963 || url,www.securityfocus.com/bid/24244 || url,doc.emergingthreats.net/2004577 1 || 2004578 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt -- module_email.php || cve,CVE-2007-2963 || url,www.securityfocus.com/bid/24244 || url,doc.emergingthreats.net/2004578 1 || 2004579 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt -- module_image.php || cve,CVE-2007-2963 || url,www.securityfocus.com/bid/24244 || url,doc.emergingthreats.net/2004579 1 || 2004580 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt -- module_link.php || cve,CVE-2007-2963 || url,www.securityfocus.com/bid/24244 || url,doc.emergingthreats.net/2004580 1 || 2004581 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt -- module_table.php editorid || cve,CVE-2007-2963 || url,www.securityfocus.com/bid/24244 || url,doc.emergingthreats.net/2004581 1 || 2004582 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Gallery XSS Attempt -- search.php order || cve,CVE-2007-2962 || url,www.securityfocus.com/archive/1/archive/1/469985/100/0/threaded || url,doc.emergingthreats.net/2004582 1 || 2004583 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BoastMachine XSS Attempt -- index.php blog || cve,CVE-2007-2932 || url,www.securityfocus.com/bid/24156 || url,doc.emergingthreats.net/2004583 1 || 2004584 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews XSS Attempt -- footer.php copyright || cve,CVE-2007-0694 || url,www.securityfocus.com/bid/24200 || url,doc.emergingthreats.net/2004584 1 || 2004585 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews XSS Attempt -- news.php catid || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004585 1 || 2004586 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GMTT Music Distro XSS Attempt -- showown.php st || cve,CVE-2007-2916 || url,www.securityfocus.com/archive/1/archive/1/469269/100/0/threaded || url,doc.emergingthreats.net/2004586 1 || 2004587 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PsychoStats XSS Attempt -- awards.php || cve,CVE-2007-2914 || url,www.securityfocus.com/archive/1/archive/1/469260/100/0/threaded || url,doc.emergingthreats.net/2004587 1 || 2004588 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PsychoStats XSS Attempt -- login.php || cve,CVE-2007-2914 || url,www.securityfocus.com/archive/1/archive/1/469260/100/0/threaded || url,doc.emergingthreats.net/2004588 1 || 2004589 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PsychoStats XSS Attempt -- register.php || cve,CVE-2007-2914 || url,www.securityfocus.com/archive/1/archive/1/469260/100/0/threaded || url,doc.emergingthreats.net/2004589 1 || 2004590 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PsychoStats XSS Attempt -- weapons.php || cve,CVE-2007-2914 || url,www.securityfocus.com/archive/1/archive/1/469260/100/0/threaded || url,doc.emergingthreats.net/2004590 1 || 2004591 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClonusWiki XSS Attempt -- index.php query || cve,CVE-2007-2913 || url,www.securityfocus.com/archive/1/archive/1/469230/100/0/threaded || url,doc.emergingthreats.net/2004591 1 || 2004592 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin XSS Attempt -- calendar.php || cve,CVE-2007-2909 || url,www.vbulletin.com/forum/showthread.php?postid=1355012 || url,doc.emergingthreats.net/2004592 1 || 2004593 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos XSS Attempt -- editor.php img || cve,CVE-2007-2901 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004593 1 || 2004594 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP-Nuke XSS Attempt -- news.asp id || cve,CVE-2007-2892 || url,www.securityfocus.com/bid/24135 || url,doc.emergingthreats.net/2004594 1 || 2004595 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez XSS Attempt -- info_book.asp Room_name || cve,CVE-2007-2880 || url,www.securityfocus.com/archive/1/archive/1/469589/100/0/threaded || url,doc.emergingthreats.net/2004595 1 || 2004596 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez XSS Attempt -- week.asp curYear || cve,CVE-2007-2880 || url,www.securityfocus.com/archive/1/archive/1/469589/100/0/threaded || url,doc.emergingthreats.net/2004596 1 || 2004598 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 9001 (aol) being excluded from SSL Alerts || url,doc.emergingthreats.net/2004598 1 || 2004600 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php SELECT || cve,CVE-2007-3051 || url,www.milw0rm.com/exploits/4020 || url,doc.emergingthreats.net/2004600 1 || 2004601 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UNION SELECT || cve,CVE-2007-3051 || url,www.milw0rm.com/exploits/4020 || url,doc.emergingthreats.net/2004601 1 || 2004602 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php INSERT || cve,CVE-2007-3051 || url,www.milw0rm.com/exploits/4020 || url,doc.emergingthreats.net/2004602 1 || 2004603 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php DELETE || cve,CVE-2007-3051 || url,www.milw0rm.com/exploits/4020 || url,doc.emergingthreats.net/2004603 1 || 2004604 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php ASCII || cve,CVE-2007-3051 || url,www.milw0rm.com/exploits/4020 || url,doc.emergingthreats.net/2004604 1 || 2004605 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UPDATE || cve,CVE-2007-3051 || url,www.milw0rm.com/exploits/4020 || url,doc.emergingthreats.net/2004605 1 || 2004606 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c SELECT || cve,CVE-2007-3052 || url,www.milw0rm.com/exploits/4026 || url,doc.emergingthreats.net/2004606 1 || 2004607 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c UNION SELECT || cve,CVE-2007-3052 || url,www.milw0rm.com/exploits/4026 || url,doc.emergingthreats.net/2004607 1 || 2004608 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c INSERT || cve,CVE-2007-3052 || url,www.milw0rm.com/exploits/4026 || url,doc.emergingthreats.net/2004608 1 || 2004609 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c DELETE || cve,CVE-2007-3052 || url,www.milw0rm.com/exploits/4026 || url,doc.emergingthreats.net/2004609 1 || 2004610 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c ASCII || cve,CVE-2007-3052 || url,www.milw0rm.com/exploits/4026 || url,doc.emergingthreats.net/2004610 1 || 2004611 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c UPDATE || cve,CVE-2007-3052 || url,www.milw0rm.com/exploits/4026 || url,doc.emergingthreats.net/2004611 1 || 2004612 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete SELECT || cve,CVE-2007-3063 || url,www.securityfocus.com/archive/1/archive/1/470483/100/0/threaded || url,doc.emergingthreats.net/2004612 1 || 2004613 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete UNION SELECT || cve,CVE-2007-3063 || url,www.securityfocus.com/archive/1/archive/1/470483/100/0/threaded || url,doc.emergingthreats.net/2004613 1 || 2004614 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete INSERT || cve,CVE-2007-3063 || url,www.securityfocus.com/archive/1/archive/1/470483/100/0/threaded || url,doc.emergingthreats.net/2004614 1 || 2004615 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete DELETE || cve,CVE-2007-3063 || url,www.securityfocus.com/archive/1/archive/1/470483/100/0/threaded || url,doc.emergingthreats.net/2004615 1 || 2004616 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete ASCII || cve,CVE-2007-3063 || url,www.securityfocus.com/archive/1/archive/1/470483/100/0/threaded || url,doc.emergingthreats.net/2004616 1 || 2004617 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete UPDATE || cve,CVE-2007-3063 || url,www.securityfocus.com/archive/1/archive/1/470483/100/0/threaded || url,doc.emergingthreats.net/2004617 1 || 2004618 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment SELECT || cve,CVE-2007-3065 || url,www.milw0rm.com/exploits/4019 || url,doc.emergingthreats.net/2004618 1 || 2004619 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment UNION SELECT || cve,CVE-2007-3065 || url,www.milw0rm.com/exploits/4019 || url,doc.emergingthreats.net/2004619 1 || 2004620 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment INSERT || cve,CVE-2007-3065 || url,www.milw0rm.com/exploits/4019 || url,doc.emergingthreats.net/2004620 1 || 2004621 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment DELETE || cve,CVE-2007-3065 || url,www.milw0rm.com/exploits/4019 || url,doc.emergingthreats.net/2004621 1 || 2004622 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment ASCII || cve,CVE-2007-3065 || url,www.milw0rm.com/exploits/4019 || url,doc.emergingthreats.net/2004622 1 || 2004623 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment UPDATE || cve,CVE-2007-3065 || url,www.milw0rm.com/exploits/4019 || url,doc.emergingthreats.net/2004623 1 || 2004624 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank SELECT || cve,CVE-2007-3077 || url,www.milw0rm.com/exploits/4030 || url,doc.emergingthreats.net/2004624 1 || 2004625 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank UNION SELECT || cve,CVE-2007-3077 || url,www.milw0rm.com/exploits/4030 || url,doc.emergingthreats.net/2004625 1 || 2004626 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank INSERT || cve,CVE-2007-3077 || url,www.milw0rm.com/exploits/4030 || url,doc.emergingthreats.net/2004626 1 || 2004627 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank DELETE || cve,CVE-2007-3077 || url,www.milw0rm.com/exploits/4030 || url,doc.emergingthreats.net/2004627 1 || 2004628 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank ASCII || cve,CVE-2007-3077 || url,www.milw0rm.com/exploits/4030 || url,doc.emergingthreats.net/2004628 1 || 2004629 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank UPDATE || cve,CVE-2007-3077 || url,www.milw0rm.com/exploits/4030 || url,doc.emergingthreats.net/2004629 1 || 2004630 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id UNION SELECT || cve,CVE-2007-3080 || url,www.securityfocus.com/bid/24288 || url,doc.emergingthreats.net/2004630 1 || 2004631 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id INSERT || cve,CVE-2007-3080 || url,www.securityfocus.com/bid/24288 || url,doc.emergingthreats.net/2004631 1 || 2004632 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id DELETE || cve,CVE-2007-3080 || url,www.securityfocus.com/bid/24288 || url,doc.emergingthreats.net/2004632 1 || 2004633 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id ASCII || cve,CVE-2007-3080 || url,www.securityfocus.com/bid/24288 || url,doc.emergingthreats.net/2004633 1 || 2004634 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id UPDATE || cve,CVE-2007-3080 || url,www.securityfocus.com/bid/24288 || url,doc.emergingthreats.net/2004634 1 || 2004635 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi SELECT || cve,CVE-2007-3088 || url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded || url,doc.emergingthreats.net/2004635 1 || 2004636 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi UNION SELECT || cve,CVE-2007-3088 || url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded || url,doc.emergingthreats.net/2004636 1 || 2004637 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi INSERT || cve,CVE-2007-3088 || url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded || url,doc.emergingthreats.net/2004637 1 || 2004638 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi DELETE || cve,CVE-2007-3088 || url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded || url,doc.emergingthreats.net/2004638 1 || 2004639 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi ASCII || cve,CVE-2007-3088 || url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded || url,doc.emergingthreats.net/2004639 1 || 2004640 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi UPDATE || cve,CVE-2007-3088 || url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded || url,doc.emergingthreats.net/2004640 1 || 2004641 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id SELECT || cve,CVE-2007-3119 || url,www.exploit-db.com/exploits/4040/ || url,doc.emergingthreats.net/2004641 1 || 2004642 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id UNION SELECT || cve,CVE-2007-3119 || url,www.exploit-db.com/exploits/4040/ || url,doc.emergingthreats.net/2004642 1 || 2004643 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id INSERT || cve,CVE-2007-3119 || url,www.exploit-db.com/exploits/4040/ || url,doc.emergingthreats.net/2004643 1 || 2004644 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id DELETE || cve,CVE-2007-3119 || url,www.exploit-db.com/exploits/4040/ || url,doc.emergingthreats.net/2004644 1 || 2004645 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id ASCII || cve,CVE-2007-3119 || url,www.exploit-db.com/exploits/4040/ || url,doc.emergingthreats.net/2004645 1 || 2004646 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id UPDATE || cve,CVE-2007-3119 || url,www.exploit-db.com/exploits/4040/ || url,doc.emergingthreats.net/2004646 1 || 2004647 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id SELECT || cve,CVE-2007-3133 || url,www.securityfocus.com/bid/24364 || url,doc.emergingthreats.net/2004647 1 || 2004648 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id UNION SELECT || cve,CVE-2007-3133 || url,www.securityfocus.com/bid/24364 || url,doc.emergingthreats.net/2004648 1 || 2004649 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id INSERT || cve,CVE-2007-3133 || url,www.securityfocus.com/bid/24364 || url,doc.emergingthreats.net/2004649 1 || 2004650 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id DELETE || cve,CVE-2007-3133 || url,www.securityfocus.com/bid/24364 || url,doc.emergingthreats.net/2004650 1 || 2004651 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id ASCII || cve,CVE-2007-3133 || url,www.securityfocus.com/bid/24364 || url,doc.emergingthreats.net/2004651 1 || 2004652 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id UPDATE || cve,CVE-2007-3133 || url,www.securityfocus.com/bid/24364 || url,doc.emergingthreats.net/2004652 1 || 2004654 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php SELECT || cve,CVE-2007-3140 || url,www.milw0rm.com/exploits/4039 || url,doc.emergingthreats.net/2004654 1 || 2004655 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php UNION SELECT || cve,CVE-2007-3140 || url,www.milw0rm.com/exploits/4039 || url,doc.emergingthreats.net/2004655 1 || 2004656 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php INSERT || cve,CVE-2007-3140 || url,www.milw0rm.com/exploits/4039 || url,doc.emergingthreats.net/2004656 1 || 2004657 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php DELETE || cve,CVE-2007-3140 || url,www.milw0rm.com/exploits/4039 || url,doc.emergingthreats.net/2004657 1 || 2004658 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ASCII || cve,CVE-2007-3140 || url,www.milw0rm.com/exploits/4039 || url,doc.emergingthreats.net/2004658 1 || 2004659 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php UPDATE || cve,CVE-2007-3140 || url,www.milw0rm.com/exploits/4039 || url,doc.emergingthreats.net/2004659 1 || 2004660 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria SELECT || cve,CVE-2007-1293 || url,www.milw0rm.com/exploits/3403 || url,doc.emergingthreats.net/2004660 1 || 2004661 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria UNION SELECT || cve,CVE-2007-1293 || url,www.milw0rm.com/exploits/3403 || url,doc.emergingthreats.net/2004661 1 || 2004662 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria INSERT || cve,CVE-2007-1293 || url,www.milw0rm.com/exploits/3403 || url,doc.emergingthreats.net/2004662 1 || 2004663 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria DELETE || cve,CVE-2007-1293 || url,www.milw0rm.com/exploits/3403 || url,doc.emergingthreats.net/2004663 1 || 2004664 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria ASCII || cve,CVE-2007-1293 || url,www.milw0rm.com/exploits/3403 || url,doc.emergingthreats.net/2004664 1 || 2004665 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria UPDATE || cve,CVE-2007-1293 || url,www.milw0rm.com/exploits/3403 || url,doc.emergingthreats.net/2004665 1 || 2004666 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids SELECT || cve,CVE-2007-1292 || url,www.milw0rm.com/exploits/3387 || url,doc.emergingthreats.net/2004666 1 || 2004667 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UNION SELECT || cve,CVE-2007-1292 || url,www.milw0rm.com/exploits/3387 || url,doc.emergingthreats.net/2004667 1 || 2004668 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids INSERT || cve,CVE-2007-1292 || url,www.milw0rm.com/exploits/3387 || url,doc.emergingthreats.net/2004668 1 || 2004669 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids DELETE || cve,CVE-2007-1292 || url,www.milw0rm.com/exploits/3387 || url,doc.emergingthreats.net/2004669 1 || 2004670 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ASCII || cve,CVE-2007-1292 || url,www.milw0rm.com/exploits/3387 || url,doc.emergingthreats.net/2004670 1 || 2004671 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UPDATE || cve,CVE-2007-1292 || url,www.milw0rm.com/exploits/3387 || url,doc.emergingthreats.net/2004671 1 || 2004672 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug SELECT || cve,CVE-2007-1290 || url,www.secunia.com/advisories/24385 || url,doc.emergingthreats.net/2004672 1 || 2004673 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug UNION SELECT || cve,CVE-2007-1290 || url,www.secunia.com/advisories/24385 || url,doc.emergingthreats.net/2004673 1 || 2004674 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug INSERT || cve,CVE-2007-1290 || url,www.secunia.com/advisories/24385 || url,doc.emergingthreats.net/2004674 1 || 2004675 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug DELETE || cve,CVE-2007-1290 || url,www.secunia.com/advisories/24385 || url,doc.emergingthreats.net/2004675 1 || 2004676 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug ASCII || cve,CVE-2007-1290 || url,www.secunia.com/advisories/24385 || url,doc.emergingthreats.net/2004676 1 || 2004677 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug UPDATE || cve,CVE-2007-1290 || url,www.secunia.com/advisories/24385 || url,doc.emergingthreats.net/2004677 1 || 2004678 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s SELECT || cve,CVE-2007-1289 || url,www.securityfocus.com/bid/22799 || url,doc.emergingthreats.net/2004678 1 || 2004679 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s INSERT || cve,CVE-2007-1289 || url,www.securityfocus.com/bid/22799 || url,doc.emergingthreats.net/2004679 1 || 2004680 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s DELETE || cve,CVE-2007-1289 || url,www.securityfocus.com/bid/22799 || url,doc.emergingthreats.net/2004680 1 || 2004681 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s ASCII || cve,CVE-2007-1289 || url,www.securityfocus.com/bid/22799 || url,doc.emergingthreats.net/2004681 1 || 2004682 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s UPDATE || cve,CVE-2007-1289 || url,www.securityfocus.com/bid/22799 || url,doc.emergingthreats.net/2004682 1 || 2004683 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid SELECT || cve,CVE-2006-7118 || url,www.securityfocus.com/bid/21064 || url,doc.emergingthreats.net/2004683 1 || 2004684 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid UNION SELECT || cve,CVE-2006-7118 || url,www.securityfocus.com/bid/21064 || url,doc.emergingthreats.net/2004684 1 || 2004685 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid INSERT || cve,CVE-2006-7118 || url,www.securityfocus.com/bid/21064 || url,doc.emergingthreats.net/2004685 1 || 2004686 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid DELETE || cve,CVE-2006-7118 || url,www.securityfocus.com/bid/21064 || url,doc.emergingthreats.net/2004686 1 || 2004687 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid ASCII || cve,CVE-2006-7118 || url,www.securityfocus.com/bid/21064 || url,doc.emergingthreats.net/2004687 1 || 2004688 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid UPDATE || cve,CVE-2006-7118 || url,www.securityfocus.com/bid/21064 || url,doc.emergingthreats.net/2004688 1 || 2004689 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id SELECT || cve,CVE-2006-7116 || url,www.exploit-db.com/exploits/2863/ || url,doc.emergingthreats.net/2004689 1 || 2004690 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id UNION SELECT || cve,CVE-2006-7116 || url,www.exploit-db.com/exploits/2863/ || url,doc.emergingthreats.net/2004690 1 || 2004691 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id INSERT || cve,CVE-2006-7116 || url,www.exploit-db.com/exploits/2863/ || url,doc.emergingthreats.net/2004691 1 || 2004692 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id DELETE || cve,CVE-2006-7116 || url,www.exploit-db.com/exploits/2863/ || url,doc.emergingthreats.net/2004692 1 || 2004693 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id ASCII || cve,CVE-2006-7116 || url,www.exploit-db.com/exploits/2863/ || url,doc.emergingthreats.net/2004693 1 || 2004694 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id UPDATE || cve,CVE-2006-7116 || url,www.exploit-db.com/exploits/2863/ || url,doc.emergingthreats.net/2004694 1 || 2004695 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid SELECT || cve,CVE-2006-7115 || url,www.securityfocus.com/bid/21002 || url,doc.emergingthreats.net/2004695 1 || 2004696 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid UNION SELECT || cve,CVE-2006-7115 || url,www.securityfocus.com/bid/21002 || url,doc.emergingthreats.net/2004696 1 || 2004697 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid INSERT || cve,CVE-2006-7115 || url,www.securityfocus.com/bid/21002 || url,doc.emergingthreats.net/2004697 1 || 2004698 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid DELETE || cve,CVE-2006-7115 || url,www.securityfocus.com/bid/21002 || url,doc.emergingthreats.net/2004698 1 || 2004699 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid ASCII || cve,CVE-2006-7115 || url,www.securityfocus.com/bid/21002 || url,doc.emergingthreats.net/2004699 1 || 2004700 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid UPDATE || cve,CVE-2006-7115 || url,www.securityfocus.com/bid/21002 || url,doc.emergingthreats.net/2004700 1 || 2004701 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php SELECT || cve,CVE-2006-7101 || url,www.milw0rm.com/exploits/2759 || url,doc.emergingthreats.net/2004701 1 || 2004702 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php UNION SELECT || cve,CVE-2006-7101 || url,www.milw0rm.com/exploits/2759 || url,doc.emergingthreats.net/2004702 1 || 2004703 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php DELETE || cve,CVE-2006-7101 || url,www.milw0rm.com/exploits/2759 || url,doc.emergingthreats.net/2004703 1 || 2004704 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php ASCII || cve,CVE-2006-7101 || url,www.milw0rm.com/exploits/2759 || url,doc.emergingthreats.net/2004704 1 || 2004705 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage SELECT || cve,CVE-2007-1255 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004705 1 || 2004706 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage UNION SELECT || cve,CVE-2007-1255 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004706 1 || 2004707 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage INSERT || cve,CVE-2007-1255 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004707 1 || 2004708 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage DELETE || cve,CVE-2007-1255 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004708 1 || 2004709 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage ASCII || cve,CVE-2007-1255 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004709 1 || 2004710 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage UPDATE || cve,CVE-2007-1255 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004710 1 || 2004711 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin SELECT || cve,CVE-2007-1254 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004711 1 || 2004712 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin UNION SELECT || cve,CVE-2007-1254 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004712 1 || 2004713 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin INSERT || cve,CVE-2007-1254 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004713 1 || 2004714 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin DELETE || cve,CVE-2007-1254 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004714 1 || 2004715 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin ASCII || cve,CVE-2007-1254 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004715 1 || 2004716 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin UPDATE || cve,CVE-2007-1254 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004716 1 || 2004717 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id SELECT || cve,CVE-2007-1250 || url,www.milw0rm.com/exploits/3390 || url,doc.emergingthreats.net/2004717 1 || 2004718 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id UNION SELECT || cve,CVE-2007-1250 || url,www.milw0rm.com/exploits/3390 || url,doc.emergingthreats.net/2004718 1 || 2004719 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id INSERT || cve,CVE-2007-1250 || url,www.milw0rm.com/exploits/3390 || url,doc.emergingthreats.net/2004719 1 || 2004720 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id DELETE || cve,CVE-2007-1250 || url,www.milw0rm.com/exploits/3390 || url,doc.emergingthreats.net/2004720 1 || 2004721 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id ASCII || cve,CVE-2007-1250 || url,www.milw0rm.com/exploits/3390 || url,doc.emergingthreats.net/2004721 1 || 2004723 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id UPDATE || cve,CVE-2007-1250 || url,www.milw0rm.com/exploits/3390 || url,doc.emergingthreats.net/2004723 1 || 2004724 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Audins Audiens SQL Injection Attempt -- index.php PHPSESSID SELECT || cve,CVE-2007-1242 || url,www.securityfocus.com/bid/22728 || url,doc.emergingthreats.net/2004724 1 || 2004725 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Audins Audiens SQL Injection Attempt -- index.php PHPSESSID UNION SELECT || cve,CVE-2007-1242 || url,www.securityfocus.com/bid/22728 || url,doc.emergingthreats.net/2004725 1 || 2004726 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Audins Audiens SQL Injection Attempt -- index.php PHPSESSID INSERT || cve,CVE-2007-1242 || url,www.securityfocus.com/bid/22728 || url,doc.emergingthreats.net/2004726 1 || 2004727 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Audins Audiens SQL Injection Attempt -- index.php PHPSESSID DELETE || cve,CVE-2007-1242 || url,www.securityfocus.com/bid/22728 || url,doc.emergingthreats.net/2004727 1 || 2004728 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Audins Audiens SQL Injection Attempt -- index.php PHPSESSID ASCII || cve,CVE-2007-1242 || url,www.securityfocus.com/bid/22728 || url,doc.emergingthreats.net/2004728 1 || 2004729 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Audins Audiens SQL Injection Attempt -- index.php PHPSESSID UPDATE || cve,CVE-2007-1242 || url,www.securityfocus.com/bid/22728 || url,doc.emergingthreats.net/2004729 1 || 2004730 || 6 || web-application-attack || 0 || ET DELETED NukeSentinel SQL Injection Attempt -- nukesentinel.php SELECT || cve,CVE-2007-1172 || url,www.milw0rm.com/exploits/3338 || url,doc.emergingthreats.net/2004730 1 || 2004731 || 6 || web-application-attack || 0 || ET DELETED NukeSentinel SQL Injection Attempt -- nukesentinel.php UNION SELECT || cve,CVE-2007-1172 || url,www.milw0rm.com/exploits/3338 || url,doc.emergingthreats.net/2004731 1 || 2004732 || 6 || web-application-attack || 0 || ET DELETED NukeSentinel SQL Injection Attempt -- nukesentinel.php INSERT || cve,CVE-2007-1172 || url,www.milw0rm.com/exploits/3338 || url,doc.emergingthreats.net/2004732 1 || 2004733 || 6 || web-application-attack || 0 || ET DELETED NukeSentinel SQL Injection Attempt -- nukesentinel.php DELETE || cve,CVE-2007-1172 || url,www.milw0rm.com/exploits/3338 || url,doc.emergingthreats.net/2004733 1 || 2004734 || 6 || web-application-attack || 0 || ET DELETED NukeSentinel SQL Injection Attempt -- nukesentinel.php ASCII || cve,CVE-2007-1172 || url,www.milw0rm.com/exploits/3338 || url,doc.emergingthreats.net/2004734 1 || 2004735 || 6 || web-application-attack || 0 || ET DELETED NukeSentinel SQL Injection Attempt -- nukesentinel.php UPDATE || cve,CVE-2007-1172 || url,www.milw0rm.com/exploits/3338 || url,doc.emergingthreats.net/2004735 1 || 2004736 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php SELECT || cve,CVE-2007-1171 || url,www.milw0rm.com/exploits/3337 || url,doc.emergingthreats.net/2004736 1 || 2004737 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php UNION SELECT || cve,CVE-2007-1171 || url,www.milw0rm.com/exploits/3337 || url,doc.emergingthreats.net/2004737 1 || 2004738 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php INSERT || cve,CVE-2007-1171 || url,www.milw0rm.com/exploits/3337 || url,doc.emergingthreats.net/2004738 1 || 2004739 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php DELETE || cve,CVE-2007-1171 || url,www.milw0rm.com/exploits/3337 || url,doc.emergingthreats.net/2004739 1 || 2004740 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php ASCII || cve,CVE-2007-1171 || url,www.milw0rm.com/exploits/3337 || url,doc.emergingthreats.net/2004740 1 || 2004741 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php UPDATE || cve,CVE-2007-1171 || url,www.milw0rm.com/exploits/3337 || url,doc.emergingthreats.net/2004741 1 || 2004742 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nabopoll SQL Injection Attempt -- result.php surv SELECT || cve,CVE-2007-1166 || url,www.exploit-db.com/exploits/3355/ || url,doc.emergingthreats.net/2004742 1 || 2004743 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nabopoll SQL Injection Attempt -- result.php surv UNION SELECT || cve,CVE-2007-1166 || url,www.exploit-db.com/exploits/3355/ || url,doc.emergingthreats.net/2004743 1 || 2004744 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nabopoll SQL Injection Attempt -- result.php surv INSERT || cve,CVE-2007-1166 || url,www.exploit-db.com/exploits/3355/ || url,doc.emergingthreats.net/2004744 1 || 2004745 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nabopoll SQL Injection Attempt -- result.php surv DELETE || cve,CVE-2007-1166 || url,www.exploit-db.com/exploits/3355/ || url,doc.emergingthreats.net/2004745 1 || 2004746 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nabopoll SQL Injection Attempt -- result.php surv ASCII || cve,CVE-2007-1166 || url,www.exploit-db.com/exploits/3355/ || url,doc.emergingthreats.net/2004746 1 || 2004747 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nabopoll SQL Injection Attempt -- result.php surv UPDATE || cve,CVE-2007-1166 || url,www.exploit-db.com/exploits/3355/ || url,doc.emergingthreats.net/2004747 1 || 2004748 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic SELECT || cve,CVE-2007-1163 || url,www.milw0rm.com/exploits/3351 || url,doc.emergingthreats.net/2004748 1 || 2004749 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic UNION SELECT || cve,CVE-2007-1163 || url,www.milw0rm.com/exploits/3351 || url,doc.emergingthreats.net/2004749 1 || 2004750 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic INSERT || cve,CVE-2007-1163 || url,www.milw0rm.com/exploits/3351 || url,doc.emergingthreats.net/2004750 1 || 2004751 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic DELETE || cve,CVE-2007-1163 || url,www.milw0rm.com/exploits/3351 || url,doc.emergingthreats.net/2004751 1 || 2004752 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic ASCII || cve,CVE-2007-1163 || url,www.milw0rm.com/exploits/3351 || url,doc.emergingthreats.net/2004752 1 || 2004753 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic UPDATE || cve,CVE-2007-1163 || url,www.milw0rm.com/exploits/3351 || url,doc.emergingthreats.net/2004753 1 || 2004754 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- index.php strid SELECT || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004754 1 || 2004755 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- index.php strid UNION SELECT || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004755 1 || 2004756 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- index.php strid INSERT || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004756 1 || 2004757 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- index.php strid DELETE || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004757 1 || 2004758 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- index.php strid ASCII || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004758 1 || 2004759 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- index.php strid UPDATE || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004759 1 || 2004760 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- filecheck.php id SELECT || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004760 1 || 2004761 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- filecheck.php id UNION SELECT || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004761 1 || 2004762 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- filecheck.php id INSERT || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004762 1 || 2004763 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- filecheck.php id DELETE || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004763 1 || 2004764 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- filecheck.php id ASCII || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004764 1 || 2004765 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- filecheck.php id UPDATE || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004765 1 || 2004766 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo LaiThai SQL Injection Attempt -- mambo.php SELECT || cve,CVE-2006-7092 || url,www.securityfocus.com/bid/20413 || url,doc.emergingthreats.net/2004766 1 || 2004767 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo LaiThai SQL Injection Attempt -- mambo.php UNION SELECT || cve,CVE-2006-7092 || url,www.securityfocus.com/bid/20413 || url,doc.emergingthreats.net/2004767 1 || 2004768 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo LaiThai SQL Injection Attempt -- mambo.php INSERT || cve,CVE-2006-7092 || url,www.securityfocus.com/bid/20413 || url,doc.emergingthreats.net/2004768 1 || 2004769 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo LaiThai SQL Injection Attempt -- mambo.php DELETE || cve,CVE-2006-7092 || url,www.securityfocus.com/bid/20413 || url,doc.emergingthreats.net/2004769 1 || 2004770 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo LaiThai SQL Injection Attempt -- mambo.php ASCII || cve,CVE-2006-7092 || url,www.securityfocus.com/bid/20413 || url,doc.emergingthreats.net/2004770 1 || 2004771 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo LaiThai SQL Injection Attempt -- mambo.php UPDATE || cve,CVE-2006-7092 || url,www.securityfocus.com/bid/20413 || url,doc.emergingthreats.net/2004771 1 || 2004772 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ban SQL Injection Attempt -- connexion.php id SELECT || cve,CVE-2006-7089 || url,marc.theaimsgroup.com/?l=bugtraq&m=116205673106780&w=2 || url,doc.emergingthreats.net/2004772 1 || 2004773 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ban SQL Injection Attempt -- connexion.php id UNION SELECT || cve,CVE-2006-7089 || url,marc.theaimsgroup.com/?l=bugtraq&m=116205673106780&w=2 || url,doc.emergingthreats.net/2004773 1 || 2004774 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ban SQL Injection Attempt -- connexion.php id INSERT || cve,CVE-2006-7089 || url,marc.theaimsgroup.com/?l=bugtraq&m=116205673106780&w=2 || url,doc.emergingthreats.net/2004774 1 || 2004775 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ban SQL Injection Attempt -- connexion.php id DELETE || cve,CVE-2006-7089 || url,marc.theaimsgroup.com/?l=bugtraq&m=116205673106780&w=2 || url,doc.emergingthreats.net/2004775 1 || 2004776 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ban SQL Injection Attempt -- connexion.php id ASCII || cve,CVE-2006-7089 || url,marc.theaimsgroup.com/?l=bugtraq&m=116205673106780&w=2 || url,doc.emergingthreats.net/2004776 1 || 2004778 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ban SQL Injection Attempt -- connexion.php id UPDATE || cve,CVE-2006-7089 || url,marc.theaimsgroup.com/?l=bugtraq&m=116205673106780&w=2 || url,doc.emergingthreats.net/2004778 1 || 2004779 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- logon_user.php username SELECT || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004779 1 || 2004780 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- logon_user.php username UNION SELECT || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004780 1 || 2004781 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- logon_user.php username INSERT || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004781 1 || 2004782 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- logon_user.php username DELETE || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004782 1 || 2004783 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- logon_user.php username ASCII || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004783 1 || 2004784 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- logon_user.php username UPDATE || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004784 1 || 2004785 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- update_profile.php username SELECT || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004785 1 || 2004786 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- update_profile.php username UNION SELECT || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004786 1 || 2004787 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- update_profile.php username INSERT || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004787 1 || 2004788 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- update_profile.php username DELETE || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004788 1 || 2004789 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- update_profile.php username ASCII || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004789 1 || 2004790 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- update_profile.php username UPDATE || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004790 1 || 2004797 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP SELECT || cve,CVE-2006-7071 || url,www.milw0rm.com/exploits/2010 || url,doc.emergingthreats.net/2004797 1 || 2004798 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UNION SELECT || cve,CVE-2006-7071 || url,www.milw0rm.com/exploits/2010 || url,doc.emergingthreats.net/2004798 1 || 2004799 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP INSERT || cve,CVE-2006-7071 || url,www.milw0rm.com/exploits/2010 || url,doc.emergingthreats.net/2004799 1 || 2004800 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP DELETE || cve,CVE-2006-7071 || url,www.milw0rm.com/exploits/2010 || url,doc.emergingthreats.net/2004800 1 || 2004801 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ASCII || cve,CVE-2006-7071 || url,www.milw0rm.com/exploits/2010 || url,doc.emergingthreats.net/2004801 1 || 2004802 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UPDATE || cve,CVE-2006-7071 || url,www.milw0rm.com/exploits/2010 || url,doc.emergingthreats.net/2004802 1 || 2004803 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id SELECT || cve,CVE-2007-1122 || url,www.securityfocus.com/bid/22685 || url,doc.emergingthreats.net/2004803 1 || 2004804 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id UNION SELECT || cve,CVE-2007-1122 || url,www.securityfocus.com/bid/22685 || url,doc.emergingthreats.net/2004804 1 || 2004805 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id INSERT || cve,CVE-2007-1122 || url,www.securityfocus.com/bid/22685 || url,doc.emergingthreats.net/2004805 1 || 2004806 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id DELETE || cve,CVE-2007-1122 || url,www.securityfocus.com/bid/22685 || url,doc.emergingthreats.net/2004806 1 || 2004807 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id ASCII || cve,CVE-2007-1122 || url,www.securityfocus.com/bid/22685 || url,doc.emergingthreats.net/2004807 1 || 2004808 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id UPDATE || cve,CVE-2007-1122 || url,www.securityfocus.com/bid/22685 || url,doc.emergingthreats.net/2004808 1 || 2004809 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav SELECT || cve,CVE-2007-1107 || url,www.milw0rm.com/exploits/3371 || url,doc.emergingthreats.net/2004809 1 || 2004810 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav UNION SELECT || cve,CVE-2007-1107 || url,www.milw0rm.com/exploits/3371 || url,doc.emergingthreats.net/2004810 1 || 2004811 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav INSERT || cve,CVE-2007-1107 || url,www.milw0rm.com/exploits/3371 || url,doc.emergingthreats.net/2004811 1 || 2004812 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav DELETE || cve,CVE-2007-1107 || url,www.milw0rm.com/exploits/3371 || url,doc.emergingthreats.net/2004812 1 || 2004813 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav ASCII || cve,CVE-2007-1107 || url,www.milw0rm.com/exploits/3371 || url,doc.emergingthreats.net/2004813 1 || 2004815 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav UPDATE || cve,CVE-2007-1107 || url,www.milw0rm.com/exploits/3371 || url,doc.emergingthreats.net/2004815 1 || 2004816 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category SELECT || cve,CVE-2006-7057 || url,www.secunia.com/advisories/20131 || url,doc.emergingthreats.net/2004816 1 || 2004817 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category UNION SELECT || cve,CVE-2006-7057 || url,www.secunia.com/advisories/20131 || url,doc.emergingthreats.net/2004817 1 || 2004818 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category INSERT || cve,CVE-2006-7057 || url,www.secunia.com/advisories/20131 || url,doc.emergingthreats.net/2004818 1 || 2004819 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category DELETE || cve,CVE-2006-7057 || url,www.secunia.com/advisories/20131 || url,doc.emergingthreats.net/2004819 1 || 2004820 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category ASCII || cve,CVE-2006-7057 || url,www.secunia.com/advisories/20131 || url,doc.emergingthreats.net/2004820 1 || 2004821 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category UPDATE || cve,CVE-2006-7057 || url,www.secunia.com/advisories/20131 || url,doc.emergingthreats.net/2004821 1 || 2004822 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat SELECT || cve,CVE-2006-7034 || url,www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded || url,doc.emergingthreats.net/2004822 1 || 2004823 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat UNION SELECT || cve,CVE-2006-7034 || url,www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded || url,doc.emergingthreats.net/2004823 1 || 2004824 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat INSERT || cve,CVE-2006-7034 || url,www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded || url,doc.emergingthreats.net/2004824 1 || 2004825 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat DELETE || cve,CVE-2006-7034 || url,www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded || url,doc.emergingthreats.net/2004825 1 || 2004826 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat ASCII || cve,CVE-2006-7034 || url,www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded || url,doc.emergingthreats.net/2004826 1 || 2004827 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat UPDATE || cve,CVE-2006-7034 || url,www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded || url,doc.emergingthreats.net/2004827 1 || 2004828 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd SELECT || cve,CVE-2006-7025 || url,www.secunia.com/advisories/19758 || url,doc.emergingthreats.net/2004828 1 || 2004829 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd UNION SELECT || cve,CVE-2006-7025 || url,www.secunia.com/advisories/19758 || url,doc.emergingthreats.net/2004829 1 || 2004830 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd INSERT || cve,CVE-2006-7025 || url,www.secunia.com/advisories/19758 || url,doc.emergingthreats.net/2004830 1 || 2004831 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd DELETE || cve,CVE-2006-7025 || url,www.secunia.com/advisories/19758 || url,doc.emergingthreats.net/2004831 1 || 2004832 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd ASCII || cve,CVE-2006-7025 || url,www.secunia.com/advisories/19758 || url,doc.emergingthreats.net/2004832 1 || 2004833 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd UPDATE || cve,CVE-2006-7025 || url,www.secunia.com/advisories/19758 || url,doc.emergingthreats.net/2004833 1 || 2004834 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id SELECT || cve,CVE-2007-1077 || url,www.securityfocus.com/bid/22636 || url,doc.emergingthreats.net/2004834 1 || 2004835 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id UNION SELECT || cve,CVE-2007-1077 || url,www.securityfocus.com/bid/22636 || url,doc.emergingthreats.net/2004835 1 || 2004836 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id INSERT || cve,CVE-2007-1077 || url,www.securityfocus.com/bid/22636 || url,doc.emergingthreats.net/2004836 1 || 2004837 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id DELETE || cve,CVE-2007-1077 || url,www.securityfocus.com/bid/22636 || url,doc.emergingthreats.net/2004837 1 || 2004838 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id ASCII || cve,CVE-2007-1077 || url,www.securityfocus.com/bid/22636 || url,doc.emergingthreats.net/2004838 1 || 2004839 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id UPDATE || cve,CVE-2007-1077 || url,www.securityfocus.com/bid/22636 || url,doc.emergingthreats.net/2004839 1 || 2004840 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor SELECT || cve,CVE-2007-1073 || url,www.securityfocus.com/archive/1/archive/1/459796/100/200/threaded || url,doc.emergingthreats.net/2004840 1 || 2004841 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor UNION SELECT || cve,CVE-2007-1073 || url,www.securityfocus.com/archive/1/archive/1/459796/100/200/threaded || url,doc.emergingthreats.net/2004841 1 || 2004842 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor INSERT || cve,CVE-2007-1073 || url,www.securityfocus.com/archive/1/archive/1/459796/100/200/threaded || url,doc.emergingthreats.net/2004842 1 || 2004843 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor DELETE || cve,CVE-2007-1073 || url,www.securityfocus.com/archive/1/archive/1/459796/100/200/threaded || url,doc.emergingthreats.net/2004843 1 || 2004844 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor ASCII || cve,CVE-2007-1073 || url,www.securityfocus.com/archive/1/archive/1/459796/100/200/threaded || url,doc.emergingthreats.net/2004844 1 || 2004845 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor UPDATE || cve,CVE-2007-1073 || url,www.securityfocus.com/archive/1/archive/1/459796/100/200/threaded || url,doc.emergingthreats.net/2004845 1 || 2004846 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id UNION SELECT || cve,CVE-2007-1058 || url,www.milw0rm.com/exploits/3339 || url,doc.emergingthreats.net/2004846 1 || 2004847 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id INSERT || cve,CVE-2007-1058 || url,www.milw0rm.com/exploits/3339 || url,doc.emergingthreats.net/2004847 1 || 2004848 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id DELETE || cve,CVE-2007-1058 || url,www.milw0rm.com/exploits/3339 || url,doc.emergingthreats.net/2004848 1 || 2004849 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id ASCII || cve,CVE-2007-1058 || url,www.milw0rm.com/exploits/3339 || url,doc.emergingthreats.net/2004849 1 || 2004850 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id UPDATE || cve,CVE-2007-1058 || url,www.milw0rm.com/exploits/3339 || url,doc.emergingthreats.net/2004850 1 || 2004851 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id SELECT || cve,CVE-2007-1034 || url,www.milw0rm.com/exploits/3334 || url,doc.emergingthreats.net/2004851 1 || 2004852 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UNION SELECT || cve,CVE-2007-1034 || url,www.milw0rm.com/exploits/3334 || url,doc.emergingthreats.net/2004852 1 || 2004853 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id INSERT || cve,CVE-2007-1034 || url,www.milw0rm.com/exploits/3334 || url,doc.emergingthreats.net/2004853 1 || 2004854 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id DELETE || cve,CVE-2007-1034 || url,www.milw0rm.com/exploits/3334 || url,doc.emergingthreats.net/2004854 1 || 2004855 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id ASCII || cve,CVE-2007-1034 || url,www.milw0rm.com/exploits/3334 || url,doc.emergingthreats.net/2004855 1 || 2004856 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UPDATE || cve,CVE-2007-1034 || url,www.milw0rm.com/exploits/3334 || url,doc.emergingthreats.net/2004856 1 || 2004857 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XLAtunes SQL Injection Attempt -- view.php album SELECT || cve,CVE-2007-1026 || url,www.milw0rm.com/exploits/3327 || url,doc.emergingthreats.net/2004857 1 || 2004858 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XLAtunes SQL Injection Attempt -- view.php album UNION SELECT || cve,CVE-2007-1026 || url,www.milw0rm.com/exploits/3327 || url,doc.emergingthreats.net/2004858 1 || 2004859 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XLAtunes SQL Injection Attempt -- view.php album INSERT || cve,CVE-2007-1026 || url,www.milw0rm.com/exploits/3327 || url,doc.emergingthreats.net/2004859 1 || 2004860 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XLAtunes SQL Injection Attempt -- view.php album DELETE || cve,CVE-2007-1026 || url,www.milw0rm.com/exploits/3327 || url,doc.emergingthreats.net/2004860 1 || 2004861 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XLAtunes SQL Injection Attempt -- view.php album ASCII || cve,CVE-2007-1026 || url,www.milw0rm.com/exploits/3327 || url,doc.emergingthreats.net/2004861 1 || 2004862 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XLAtunes SQL Injection Attempt -- view.php album UPDATE || cve,CVE-2007-1026 || url,www.milw0rm.com/exploits/3327 || url,doc.emergingthreats.net/2004862 1 || 2004863 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id SELECT || cve,CVE-2007-1023 || url,www.milw0rm.com/exploits/3321 || url,doc.emergingthreats.net/2004863 1 || 2004864 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UNION SELECT || cve,CVE-2007-1023 || url,www.milw0rm.com/exploits/3321 || url,doc.emergingthreats.net/2004864 1 || 2004865 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id INSERT || cve,CVE-2007-1023 || url,www.milw0rm.com/exploits/3321 || url,doc.emergingthreats.net/2004865 1 || 2004866 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id DELETE || cve,CVE-2007-1023 || url,www.milw0rm.com/exploits/3321 || url,doc.emergingthreats.net/2004866 1 || 2004867 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ASCII || cve,CVE-2007-1023 || url,www.milw0rm.com/exploits/3321 || url,doc.emergingthreats.net/2004867 1 || 2004868 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UPDATE || cve,CVE-2007-1023 || url,www.milw0rm.com/exploits/3321 || url,doc.emergingthreats.net/2004868 1 || 2004869 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turuncu Portal SQL Injection Attempt -- h_goster.asp id SELECT || cve,CVE-2007-1022 || url,www.securityfocus.com/bid/22591 || url,doc.emergingthreats.net/2004869 1 || 2004870 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turuncu Portal SQL Injection Attempt -- h_goster.asp id UNION SELECT || cve,CVE-2007-1022 || url,www.securityfocus.com/bid/22591 || url,doc.emergingthreats.net/2004870 1 || 2004871 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turuncu Portal SQL Injection Attempt -- h_goster.asp id INSERT || cve,CVE-2007-1022 || url,www.securityfocus.com/bid/22591 || url,doc.emergingthreats.net/2004871 1 || 2004872 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turuncu Portal SQL Injection Attempt -- h_goster.asp id DELETE || cve,CVE-2007-1022 || url,www.securityfocus.com/bid/22591 || url,doc.emergingthreats.net/2004872 1 || 2004873 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turuncu Portal SQL Injection Attempt -- h_goster.asp id ASCII || cve,CVE-2007-1022 || url,www.securityfocus.com/bid/22591 || url,doc.emergingthreats.net/2004873 1 || 2004874 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turuncu Portal SQL Injection Attempt -- h_goster.asp id UPDATE || cve,CVE-2007-1022 || url,www.securityfocus.com/bid/22591 || url,doc.emergingthreats.net/2004874 1 || 2004875 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID SELECT || cve,CVE-2007-1021 || url,www.milw0rm.com/exploits/3317 || url,doc.emergingthreats.net/2004875 1 || 2004876 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID UNION SELECT || cve,CVE-2007-1021 || url,www.milw0rm.com/exploits/3317 || url,doc.emergingthreats.net/2004876 1 || 2004877 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID INSERT || cve,CVE-2007-1021 || url,www.milw0rm.com/exploits/3317 || url,doc.emergingthreats.net/2004877 1 || 2004878 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID DELETE || cve,CVE-2007-1021 || url,www.milw0rm.com/exploits/3317 || url,doc.emergingthreats.net/2004878 1 || 2004879 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID ASCII || cve,CVE-2007-1021 || url,www.milw0rm.com/exploits/3317 || url,doc.emergingthreats.net/2004879 1 || 2004880 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID UPDATE || cve,CVE-2007-1021 || url,www.milw0rm.com/exploits/3317 || url,doc.emergingthreats.net/2004880 1 || 2004881 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- index.php showonly SELECT || cve,CVE-2007-1019 || url,www.milw0rm.com/exploits/3325 || url,doc.emergingthreats.net/2004881 1 || 2004882 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- index.php showonly UNION SELECT || cve,CVE-2007-1019 || url,www.milw0rm.com/exploits/3325 || url,doc.emergingthreats.net/2004882 1 || 2004883 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- index.php showonly INSERT || cve,CVE-2007-1019 || url,www.milw0rm.com/exploits/3325 || url,doc.emergingthreats.net/2004883 1 || 2004884 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- index.php showonly DELETE || cve,CVE-2007-1019 || url,www.milw0rm.com/exploits/3325 || url,doc.emergingthreats.net/2004884 1 || 2004885 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- index.php showonly ASCII || cve,CVE-2007-1019 || url,www.milw0rm.com/exploits/3325 || url,doc.emergingthreats.net/2004885 1 || 2004886 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- index.php showonly UPDATE || cve,CVE-2007-1019 || url,www.milw0rm.com/exploits/3325 || url,doc.emergingthreats.net/2004886 1 || 2004887 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id SELECT || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004887 1 || 2004888 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id UNION SELECT || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004888 1 || 2004889 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id INSERT || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004889 1 || 2004890 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id DELETE || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004890 1 || 2004891 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id ASCII || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004891 1 || 2004892 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id UPDATE || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004892 1 || 2004893 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid SELECT || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004893 1 || 2004894 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid UNION SELECT || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004894 1 || 2004895 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid INSERT || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004895 1 || 2004896 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid DELETE || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004896 1 || 2004897 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid ASCII || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004897 1 || 2004898 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid UPDATE || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004898 1 || 2004899 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCC SQL Injection Attempt -- nickpage.php npid SELECT || cve,CVE-2007-0985 || url,www.milw0rm.com/exploits/3299 || url,doc.emergingthreats.net/2004899 1 || 2004900 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCC SQL Injection Attempt -- nickpage.php npid UNION SELECT || cve,CVE-2007-0985 || url,www.milw0rm.com/exploits/3299 || url,doc.emergingthreats.net/2004900 1 || 2004901 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCC SQL Injection Attempt -- nickpage.php npid INSERT || cve,CVE-2007-0985 || url,www.milw0rm.com/exploits/3299 || url,doc.emergingthreats.net/2004901 1 || 2004902 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCC SQL Injection Attempt -- nickpage.php npid DELETE || cve,CVE-2007-0985 || url,www.milw0rm.com/exploits/3299 || url,doc.emergingthreats.net/2004902 1 || 2004903 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCC SQL Injection Attempt -- nickpage.php npid ASCII || cve,CVE-2007-0985 || url,www.milw0rm.com/exploits/3299 || url,doc.emergingthreats.net/2004903 1 || 2004904 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCC SQL Injection Attempt -- nickpage.php npid UPDATE || cve,CVE-2007-0985 || url,www.milw0rm.com/exploits/3299 || url,doc.emergingthreats.net/2004904 1 || 2004905 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PollMentor SQL Injection Attempt -- pollmentorres.asp id SELECT || cve,CVE-2007-0984 || url,www.milw0rm.com/exploits/3301 || url,doc.emergingthreats.net/2004905 1 || 2004906 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PollMentor SQL Injection Attempt -- pollmentorres.asp id UNION SELECT || cve,CVE-2007-0984 || url,www.milw0rm.com/exploits/3301 || url,doc.emergingthreats.net/2004906 1 || 2004907 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PollMentor SQL Injection Attempt -- pollmentorres.asp id INSERT || cve,CVE-2007-0984 || url,www.milw0rm.com/exploits/3301 || url,doc.emergingthreats.net/2004907 1 || 2004908 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PollMentor SQL Injection Attempt -- pollmentorres.asp id DELETE || cve,CVE-2007-0984 || url,www.milw0rm.com/exploits/3301 || url,doc.emergingthreats.net/2004908 1 || 2004909 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PollMentor SQL Injection Attempt -- pollmentorres.asp id ASCII || cve,CVE-2007-0984 || url,www.milw0rm.com/exploits/3301 || url,doc.emergingthreats.net/2004909 1 || 2004910 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PollMentor SQL Injection Attempt -- pollmentorres.asp id UPDATE || cve,CVE-2007-0984 || url,www.milw0rm.com/exploits/3301 || url,doc.emergingthreats.net/2004910 1 || 2004911 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebTester SQL Injection Attempt -- directions.php testID SELECT || cve,CVE-2007-0970 || url,www.securityfocus.com/bid/22559 || url,doc.emergingthreats.net/2004911 1 || 2004912 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebTester SQL Injection Attempt -- directions.php testID UNION SELECT || cve,CVE-2007-0970 || url,www.securityfocus.com/bid/22559 || url,doc.emergingthreats.net/2004912 1 || 2004913 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebTester SQL Injection Attempt -- directions.php testID INSERT || cve,CVE-2007-0970 || url,www.securityfocus.com/bid/22559 || url,doc.emergingthreats.net/2004913 1 || 2004914 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebTester SQL Injection Attempt -- directions.php testID DELETE || cve,CVE-2007-0970 || url,www.securityfocus.com/bid/22559 || url,doc.emergingthreats.net/2004914 1 || 2004915 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebTester SQL Injection Attempt -- directions.php testID ASCII || cve,CVE-2007-0970 || url,www.securityfocus.com/bid/22559 || url,doc.emergingthreats.net/2004915 1 || 2004916 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebTester SQL Injection Attempt -- directions.php testID UPDATE || cve,CVE-2007-0970 || url,www.securityfocus.com/bid/22559 || url,doc.emergingthreats.net/2004916 1 || 2004917 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat SELECT || cve,CVE-2007-0951 || url,www.securityfocus.com/bid/22545 || url,doc.emergingthreats.net/2004917 1 || 2004918 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat UNION SELECT || cve,CVE-2007-0951 || url,www.securityfocus.com/bid/22545 || url,doc.emergingthreats.net/2004918 1 || 2004919 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat INSERT || cve,CVE-2007-0951 || url,www.securityfocus.com/bid/22545 || url,doc.emergingthreats.net/2004919 1 || 2004920 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat DELETE || cve,CVE-2007-0951 || url,www.securityfocus.com/bid/22545 || url,doc.emergingthreats.net/2004920 1 || 2004921 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat ASCII || cve,CVE-2007-0951 || url,www.securityfocus.com/bid/22545 || url,doc.emergingthreats.net/2004921 1 || 2004923 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat UPDATE || cve,CVE-2007-0951 || url,www.securityfocus.com/bid/22545 || url,doc.emergingthreats.net/2004923 1 || 2004924 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Philboard SQL Injection Attempt -- philboard_forum.asp forumid SELECT || cve,CVE-2007-0920 || url,www.milw0rm.com/exploits/3295 || url,doc.emergingthreats.net/2004924 1 || 2004925 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Philboard SQL Injection Attempt -- philboard_forum.asp forumid UNION SELECT || cve,CVE-2007-0920 || url,www.milw0rm.com/exploits/3295 || url,doc.emergingthreats.net/2004925 1 || 2004926 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Philboard SQL Injection Attempt -- philboard_forum.asp forumid INSERT || cve,CVE-2007-0920 || url,www.milw0rm.com/exploits/3295 || url,doc.emergingthreats.net/2004926 1 || 2004927 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Philboard SQL Injection Attempt -- philboard_forum.asp forumid DELETE || cve,CVE-2007-0920 || url,www.milw0rm.com/exploits/3295 || url,doc.emergingthreats.net/2004927 1 || 2004928 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Philboard SQL Injection Attempt -- philboard_forum.asp forumid ASCII || cve,CVE-2007-0920 || url,www.milw0rm.com/exploits/3295 || url,doc.emergingthreats.net/2004928 1 || 2004929 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Philboard SQL Injection Attempt -- philboard_forum.asp forumid UPDATE || cve,CVE-2007-0920 || url,www.milw0rm.com/exploits/3295 || url,doc.emergingthreats.net/2004929 1 || 2004930 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PSY Auction SQL Injection Attempt -- item.php id SELECT || cve,CVE-2006-7005 || url,www.securityfocus.com/bid/17974 || url,doc.emergingthreats.net/2004930 1 || 2004931 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PSY Auction SQL Injection Attempt -- item.php id UNION SELECT || cve,CVE-2006-7005 || url,www.securityfocus.com/bid/17974 || url,doc.emergingthreats.net/2004931 1 || 2004932 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PSY Auction SQL Injection Attempt -- item.php id INSERT || cve,CVE-2006-7005 || url,www.securityfocus.com/bid/17974 || url,doc.emergingthreats.net/2004932 1 || 2004933 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PSY Auction SQL Injection Attempt -- item.php id DELETE || cve,CVE-2006-7005 || url,www.securityfocus.com/bid/17974 || url,doc.emergingthreats.net/2004933 1 || 2004934 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PSY Auction SQL Injection Attempt -- item.php id ASCII || cve,CVE-2006-7005 || url,www.securityfocus.com/bid/17974 || url,doc.emergingthreats.net/2004934 1 || 2004935 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PSY Auction SQL Injection Attempt -- item.php id UPDATE || cve,CVE-2006-7005 || url,www.securityfocus.com/bid/17974 || url,doc.emergingthreats.net/2004935 1 || 2004936 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentname SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004936 1 || 2004937 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentname UNION SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004937 1 || 2004938 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentname INSERT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004938 1 || 2004939 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentname DELETE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004939 1 || 2004940 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentname ASCII || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004940 1 || 2004941 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentname UPDATE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004941 1 || 2004942 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004942 1 || 2004943 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail UNION SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004943 1 || 2004945 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail INSERT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004945 1 || 2004946 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail DELETE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004946 1 || 2004947 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail ASCII || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004947 1 || 2004948 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail UPDATE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004948 1 || 2004949 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004949 1 || 2004950 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite UNION SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004950 1 || 2004951 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite INSERT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004951 1 || 2004952 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite DELETE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004952 1 || 2004953 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite ASCII || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004953 1 || 2004954 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite UPDATE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004954 1 || 2004955 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php comment SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004955 1 || 2004956 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php comment UNION SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004956 1 || 2004957 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php comment INSERT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004957 1 || 2004958 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php comment DELETE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004958 1 || 2004959 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php comment ASCII || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004959 1 || 2004960 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php comment UPDATE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004960 1 || 2004961 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiNews SQL Injection Attempt -- comments.php id SELECT || cve,CVE-2007-0865 || url,www.exploit-db.com/exploits/3287/ || url,doc.emergingthreats.net/2004961 1 || 2004962 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiNews SQL Injection Attempt -- comments.php id UNION SELECT || cve,CVE-2007-0865 || url,www.exploit-db.com/exploits/3287/ || url,doc.emergingthreats.net/2004962 1 || 2004963 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiNews SQL Injection Attempt -- comments.php id INSERT || cve,CVE-2007-0865 || url,www.exploit-db.com/exploits/3287/ || url,doc.emergingthreats.net/2004963 1 || 2004964 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiNews SQL Injection Attempt -- comments.php id DELETE || cve,CVE-2007-0865 || url,www.exploit-db.com/exploits/3287/ || url,doc.emergingthreats.net/2004964 1 || 2004965 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiNews SQL Injection Attempt -- comments.php id ASCII || cve,CVE-2007-0865 || url,www.exploit-db.com/exploits/3287/ || url,doc.emergingthreats.net/2004965 1 || 2004966 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiNews SQL Injection Attempt -- comments.php id UPDATE || cve,CVE-2007-0865 || url,www.exploit-db.com/exploits/3287/ || url,doc.emergingthreats.net/2004966 1 || 2004967 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id SELECT || cve,CVE-2007-0864 || url,www.exploit-db.com/exploits/3288/ || url,doc.emergingthreats.net/2004967 1 || 2004968 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id UNION SELECT || cve,CVE-2007-0864 || url,www.exploit-db.com/exploits/3288/ || url,doc.emergingthreats.net/2004968 1 || 2004969 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id INSERT || cve,CVE-2007-0864 || url,www.exploit-db.com/exploits/3288/ || url,doc.emergingthreats.net/2004969 1 || 2004970 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id DELETE || cve,CVE-2007-0864 || url,www.exploit-db.com/exploits/3288/ || url,doc.emergingthreats.net/2004970 1 || 2004971 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id ASCII || cve,CVE-2007-0864 || url,www.exploit-db.com/exploits/3288/ || url,doc.emergingthreats.net/2004971 1 || 2004972 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id UPDATE || cve,CVE-2007-0864 || url,www.exploit-db.com/exploits/3288/ || url,doc.emergingthreats.net/2004972 1 || 2004979 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid SELECT || cve,CVE-2007-0826 || url,www.exploit-db.com/exploits/3278/ || url,doc.emergingthreats.net/2004979 1 || 2004980 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid UNION SELECT || cve,CVE-2007-0826 || url,www.exploit-db.com/exploits/3278/ || url,doc.emergingthreats.net/2004980 1 || 2004981 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid INSERT || cve,CVE-2007-0826 || url,www.exploit-db.com/exploits/3278/ || url,doc.emergingthreats.net/2004981 1 || 2004982 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid DELETE || cve,CVE-2007-0826 || url,www.exploit-db.com/exploits/3278/ || url,doc.emergingthreats.net/2004982 1 || 2004983 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid ASCII || cve,CVE-2007-0826 || url,www.exploit-db.com/exploits/3278/ || url,doc.emergingthreats.net/2004983 1 || 2004984 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid UPDATE || cve,CVE-2007-0826 || url,www.exploit-db.com/exploits/3278/ || url,doc.emergingthreats.net/2004984 1 || 2004985 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by SELECT || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004985 1 || 2004986 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by UNION SELECT || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004986 1 || 2004987 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by INSERT || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004987 1 || 2004988 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by DELETE || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004988 1 || 2004989 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by ASCII || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004989 1 || 2004990 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by UPDATE || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004990 1 || 2004991 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order SELECT || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004991 1 || 2004992 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order UNION SELECT || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004992 1 || 2004993 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order INSERT || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004993 1 || 2004994 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order DELETE || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004994 1 || 2004995 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order ASCII || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004995 1 || 2004996 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order UPDATE || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004996 1 || 2004997 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid SELECT || cve,CVE-2007-0812 || url,www.milw0rm.com/exploits/3262 || url,doc.emergingthreats.net/2004997 1 || 2004998 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UNION SELECT || cve,CVE-2007-0812 || url,www.milw0rm.com/exploits/3262 || url,doc.emergingthreats.net/2004998 1 || 2004999 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid INSERT || cve,CVE-2007-0812 || url,www.milw0rm.com/exploits/3262 || url,doc.emergingthreats.net/2004999 1 || 2005000 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid DELETE || cve,CVE-2007-0812 || url,www.milw0rm.com/exploits/3262 || url,doc.emergingthreats.net/2005000 1 || 2005001 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid ASCII || cve,CVE-2007-0812 || url,www.milw0rm.com/exploits/3262 || url,doc.emergingthreats.net/2005001 1 || 2005002 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UPDATE || cve,CVE-2007-0812 || url,www.milw0rm.com/exploits/3262 || url,doc.emergingthreats.net/2005002 1 || 2005003 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp SELECT || cve,CVE-2007-0799 || url,www.securityfocus.com/bid/22382 || url,doc.emergingthreats.net/2005003 1 || 2005004 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp UNION SELECT || cve,CVE-2007-0799 || url,www.securityfocus.com/bid/22382 || url,doc.emergingthreats.net/2005004 1 || 2005005 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp INSERT || cve,CVE-2007-0799 || url,www.securityfocus.com/bid/22382 || url,doc.emergingthreats.net/2005005 1 || 2005006 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp DELETE || cve,CVE-2007-0799 || url,www.securityfocus.com/bid/22382 || url,doc.emergingthreats.net/2005006 1 || 2005007 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp ASCII || cve,CVE-2007-0799 || url,www.securityfocus.com/bid/22382 || url,doc.emergingthreats.net/2005007 1 || 2005008 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp UPDATE || cve,CVE-2007-0799 || url,www.securityfocus.com/bid/22382 || url,doc.emergingthreats.net/2005008 1 || 2005009 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user SELECT || cve,CVE-2007-0794 || url,www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded || url,doc.emergingthreats.net/2005009 1 || 2005010 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user UNION SELECT || cve,CVE-2007-0794 || url,www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded || url,doc.emergingthreats.net/2005010 1 || 2005011 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user INSERT || cve,CVE-2007-0794 || url,www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded || url,doc.emergingthreats.net/2005011 1 || 2005012 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user DELETE || cve,CVE-2007-0794 || url,www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded || url,doc.emergingthreats.net/2005012 1 || 2005013 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user ASCII || cve,CVE-2007-0794 || url,www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded || url,doc.emergingthreats.net/2005013 1 || 2005014 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user UPDATE || cve,CVE-2007-0794 || url,www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded || url,doc.emergingthreats.net/2005014 1 || 2005015 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id SELECT || cve,CVE-2007-0786 || url,www.milw0rm.com/exploits/3261 || url,doc.emergingthreats.net/2005015 1 || 2005016 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id UNION SELECT || cve,CVE-2007-0786 || url,www.milw0rm.com/exploits/3261 || url,doc.emergingthreats.net/2005016 1 || 2005017 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id INSERT || cve,CVE-2007-0786 || url,www.milw0rm.com/exploits/3261 || url,doc.emergingthreats.net/2005017 1 || 2005018 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id DELETE || cve,CVE-2007-0786 || url,www.milw0rm.com/exploits/3261 || url,doc.emergingthreats.net/2005018 1 || 2005019 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id ASCII || cve,CVE-2007-0786 || url,www.milw0rm.com/exploits/3261 || url,doc.emergingthreats.net/2005019 1 || 2005020 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id UPDATE || cve,CVE-2007-0786 || url,www.milw0rm.com/exploits/3261 || url,doc.emergingthreats.net/2005020 1 || 2005021 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user SELECT || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005021 1 || 2005022 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user UNION SELECT || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005022 1 || 2005023 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user INSERT || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005023 1 || 2005024 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user DELETE || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005024 1 || 2005025 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user ASCII || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005025 1 || 2005026 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user UPDATE || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005026 1 || 2005027 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp password SELECT || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005027 1 || 2005028 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp password UNION SELECT || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005028 1 || 2005029 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp password INSERT || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005029 1 || 2005030 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp password DELETE || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005030 1 || 2005031 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp password ASCII || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005031 1 || 2005032 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp password UPDATE || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005032 1 || 2005033 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dB Masters Curium CMS SQL Injection Attempt -- news.php c_id SELECT || cve,CVE-2007-0765 || url,www.milw0rm.com/exploits/3256 || url,doc.emergingthreats.net/2005033 1 || 2005034 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dB Masters Curium CMS SQL Injection Attempt -- news.php c_id UNION SELECT || cve,CVE-2007-0765 || url,www.milw0rm.com/exploits/3256 || url,doc.emergingthreats.net/2005034 1 || 2005035 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dB Masters Curium CMS SQL Injection Attempt -- news.php c_id INSERT || cve,CVE-2007-0765 || url,www.milw0rm.com/exploits/3256 || url,doc.emergingthreats.net/2005035 1 || 2005036 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dB Masters Curium CMS SQL Injection Attempt -- news.php c_id DELETE || cve,CVE-2007-0765 || url,www.milw0rm.com/exploits/3256 || url,doc.emergingthreats.net/2005036 1 || 2005037 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dB Masters Curium CMS SQL Injection Attempt -- news.php c_id ASCII || cve,CVE-2007-0765 || url,www.milw0rm.com/exploits/3256 || url,doc.emergingthreats.net/2005037 1 || 2005038 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dB Masters Curium CMS SQL Injection Attempt -- news.php c_id UPDATE || cve,CVE-2007-0765 || url,www.milw0rm.com/exploits/3256 || url,doc.emergingthreats.net/2005038 1 || 2005039 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i SELECT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005039 1 || 2005040 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i UNION SELECT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005040 1 || 2005041 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i INSERT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005041 1 || 2005042 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i DELETE || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005042 1 || 2005043 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i ASCII || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005043 1 || 2005044 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id SELECT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005044 1 || 2005045 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i UPDATE || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005045 1 || 2005046 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id UNION SELECT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005046 1 || 2005047 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id INSERT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005047 1 || 2005048 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id DELETE || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005048 1 || 2005049 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id ASCII || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005049 1 || 2005050 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id UPDATE || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005050 1 || 2005051 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i SELECT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005051 1 || 2005052 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i UNION SELECT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005052 1 || 2005053 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i INSERT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005053 1 || 2005054 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i DELETE || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005054 1 || 2005055 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i ASCII || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005055 1 || 2005056 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i UPDATE || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005056 1 || 2005057 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod SELECT || cve,CVE-2007-0698 || url,www.frsirt.com/english/advisories/2007/0388 || url,doc.emergingthreats.net/2005057 1 || 2005058 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod UNION SELECT || cve,CVE-2007-0698 || url,www.frsirt.com/english/advisories/2007/0388 || url,doc.emergingthreats.net/2005058 1 || 2005059 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod INSERT || cve,CVE-2007-0698 || url,www.frsirt.com/english/advisories/2007/0388 || url,doc.emergingthreats.net/2005059 1 || 2005060 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod DELETE || cve,CVE-2007-0698 || url,www.frsirt.com/english/advisories/2007/0388 || url,doc.emergingthreats.net/2005060 1 || 2005061 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod ASCII || cve,CVE-2007-0698 || url,www.frsirt.com/english/advisories/2007/0388 || url,doc.emergingthreats.net/2005061 1 || 2005062 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod UPDATE || cve,CVE-2007-0698 || url,www.frsirt.com/english/advisories/2007/0388 || url,doc.emergingthreats.net/2005062 1 || 2005063 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id SELECT || cve,CVE-2007-0688 || url,www.milw0rm.com/exploits/3241 || url,doc.emergingthreats.net/2005063 1 || 2005064 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id UNION SELECT || cve,CVE-2007-0688 || url,www.milw0rm.com/exploits/3241 || url,doc.emergingthreats.net/2005064 1 || 2005065 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id INSERT || cve,CVE-2007-0688 || url,www.milw0rm.com/exploits/3241 || url,doc.emergingthreats.net/2005065 1 || 2005066 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id DELETE || cve,CVE-2007-0688 || url,www.milw0rm.com/exploits/3241 || url,doc.emergingthreats.net/2005066 1 || 2005067 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id ASCII || cve,CVE-2007-0688 || url,www.milw0rm.com/exploits/3241 || url,doc.emergingthreats.net/2005067 1 || 2005068 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id UPDATE || cve,CVE-2007-0688 || url,www.milw0rm.com/exploits/3241 || url,doc.emergingthreats.net/2005068 1 || 2005069 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid SELECT || cve,CVE-2007-0687 || url,www.exploit-db.com/exploits/3232/ || url,doc.emergingthreats.net/2005069 1 || 2005070 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid UNION SELECT || cve,CVE-2007-0687 || url,www.exploit-db.com/exploits/3232/ || url,doc.emergingthreats.net/2005070 1 || 2005071 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid INSERT || cve,CVE-2007-0687 || url,www.exploit-db.com/exploits/3232/ || url,doc.emergingthreats.net/2005071 1 || 2005072 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid DELETE || cve,CVE-2007-0687 || url,www.exploit-db.com/exploits/3232/ || url,doc.emergingthreats.net/2005072 1 || 2005073 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid ASCII || cve,CVE-2007-0687 || url,www.exploit-db.com/exploits/3232/ || url,doc.emergingthreats.net/2005073 1 || 2005074 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid UPDATE || cve,CVE-2007-0687 || url,www.exploit-db.com/exploits/3232/ || url,doc.emergingthreats.net/2005074 1 || 2005075 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id SELECT || cve,CVE-2007-0678 || url,www.milw0rm.com/exploits/3233 || url,doc.emergingthreats.net/2005075 1 || 2005076 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id UNION SELECT || cve,CVE-2007-0678 || url,www.milw0rm.com/exploits/3233 || url,doc.emergingthreats.net/2005076 1 || 2005077 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id INSERT || cve,CVE-2007-0678 || url,www.milw0rm.com/exploits/3233 || url,doc.emergingthreats.net/2005077 1 || 2005078 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id DELETE || cve,CVE-2007-0678 || url,www.milw0rm.com/exploits/3233 || url,doc.emergingthreats.net/2005078 1 || 2005079 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id ASCII || cve,CVE-2007-0678 || url,www.milw0rm.com/exploits/3233 || url,doc.emergingthreats.net/2005079 1 || 2005080 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id UPDATE || cve,CVE-2007-0678 || url,www.milw0rm.com/exploits/3233 || url,doc.emergingthreats.net/2005080 1 || 2005081 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExoPHPDesk SQL Injection Attempt -- faq.php id SELECT || cve,CVE-2007-0676 || url,www.milw0rm.com/exploits/3234 || url,doc.emergingthreats.net/2005081 1 || 2005082 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExoPHPDesk SQL Injection Attempt -- faq.php id UNION SELECT || cve,CVE-2007-0676 || url,www.milw0rm.com/exploits/3234 || url,doc.emergingthreats.net/2005082 1 || 2005083 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExoPHPDesk SQL Injection Attempt -- faq.php id INSERT || cve,CVE-2007-0676 || url,www.milw0rm.com/exploits/3234 || url,doc.emergingthreats.net/2005083 1 || 2005084 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExoPHPDesk SQL Injection Attempt -- faq.php id DELETE || cve,CVE-2007-0676 || url,www.milw0rm.com/exploits/3234 || url,doc.emergingthreats.net/2005084 1 || 2005085 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExoPHPDesk SQL Injection Attempt -- faq.php id ASCII || cve,CVE-2007-0676 || url,www.milw0rm.com/exploits/3234 || url,doc.emergingthreats.net/2005085 1 || 2005086 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExoPHPDesk SQL Injection Attempt -- faq.php id UPDATE || cve,CVE-2007-0676 || url,www.milw0rm.com/exploits/3234 || url,doc.emergingthreats.net/2005086 1 || 2005087 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid SELECT || cve,CVE-2007-0663 || url,www.frsirt.com/english/advisories/2007/0424 || url,doc.emergingthreats.net/2005087 1 || 2005088 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid UNION SELECT || cve,CVE-2007-0663 || url,www.frsirt.com/english/advisories/2007/0424 || url,doc.emergingthreats.net/2005088 1 || 2005089 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid INSERT || cve,CVE-2007-0663 || url,www.frsirt.com/english/advisories/2007/0424 || url,doc.emergingthreats.net/2005089 1 || 2005090 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid DELETE || cve,CVE-2007-0663 || url,www.frsirt.com/english/advisories/2007/0424 || url,doc.emergingthreats.net/2005090 1 || 2005091 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid ASCII || cve,CVE-2007-0663 || url,www.frsirt.com/english/advisories/2007/0424 || url,doc.emergingthreats.net/2005091 1 || 2005092 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid UPDATE || cve,CVE-2007-0663 || url,www.frsirt.com/english/advisories/2007/0424 || url,doc.emergingthreats.net/2005092 1 || 2005093 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id SELECT || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005093 1 || 2005094 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id UNION SELECT || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005094 1 || 2005095 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id INSERT || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005095 1 || 2005096 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id DELETE || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005096 1 || 2005097 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id ASCII || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005097 1 || 2005098 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id UPDATE || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005098 1 || 2005099 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass SELECT || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005099 1 || 2005100 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass UNION SELECT || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005100 1 || 2005101 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass INSERT || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005101 1 || 2005102 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass DELETE || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005102 1 || 2005103 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass ASCII || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005103 1 || 2005104 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass UPDATE || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005104 1 || 2005105 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- artreplydelete.asp username SELECT || cve,CVE-2007-0632 || url,www.frsirt.com/english/advisories/2007/0341 || url,doc.emergingthreats.net/2005105 1 || 2005106 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- artreplydelete.asp username UNION SELECT || cve,CVE-2007-0632 || url,www.frsirt.com/english/advisories/2007/0341 || url,doc.emergingthreats.net/2005106 1 || 2005107 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- artreplydelete.asp username INSERT || cve,CVE-2007-0632 || url,www.frsirt.com/english/advisories/2007/0341 || url,doc.emergingthreats.net/2005107 1 || 2005108 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- artreplydelete.asp username DELETE || cve,CVE-2007-0632 || url,www.frsirt.com/english/advisories/2007/0341 || url,doc.emergingthreats.net/2005108 1 || 2005109 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- artreplydelete.asp username ASCII || cve,CVE-2007-0632 || url,www.frsirt.com/english/advisories/2007/0341 || url,doc.emergingthreats.net/2005109 1 || 2005110 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- artreplydelete.asp username UPDATE || cve,CVE-2007-0632 || url,www.frsirt.com/english/advisories/2007/0341 || url,doc.emergingthreats.net/2005110 1 || 2005111 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid SELECT || cve,CVE-2007-0631 || url,www.milw0rm.com/exploits/3227 || url,doc.emergingthreats.net/2005111 1 || 2005112 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid UNION SELECT || cve,CVE-2007-0631 || url,www.milw0rm.com/exploits/3227 || url,doc.emergingthreats.net/2005112 1 || 2005113 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid INSERT || cve,CVE-2007-0631 || url,www.milw0rm.com/exploits/3227 || url,doc.emergingthreats.net/2005113 1 || 2005114 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid DELETE || cve,CVE-2007-0631 || url,www.milw0rm.com/exploits/3227 || url,doc.emergingthreats.net/2005114 1 || 2005115 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid ASCII || cve,CVE-2007-0631 || url,www.milw0rm.com/exploits/3227 || url,doc.emergingthreats.net/2005115 1 || 2005116 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid UPDATE || cve,CVE-2007-0631 || url,www.milw0rm.com/exploits/3227 || url,doc.emergingthreats.net/2005116 1 || 2005117 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id SELECT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005117 1 || 2005118 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id UNION SELECT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005118 1 || 2005119 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id INSERT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005119 1 || 2005120 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id DELETE || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005120 1 || 2005121 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id ASCII || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005121 1 || 2005122 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id UPDATE || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005122 1 || 2005123 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from SELECT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005123 1 || 2005124 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from UNION SELECT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005124 1 || 2005125 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from INSERT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005125 1 || 2005126 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from DELETE || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005126 1 || 2005127 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from ASCII || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005127 1 || 2005128 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from UPDATE || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005128 1 || 2005129 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q SELECT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005129 1 || 2005130 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q UNION SELECT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005130 1 || 2005131 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q INSERT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005131 1 || 2005132 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q DELETE || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005132 1 || 2005133 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q ASCII || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005133 1 || 2005134 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q UPDATE || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005134 1 || 2005135 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow SELECT || cve,CVE-2007-0623 || url,www.securityfocus.com/bid/22293 || url,doc.emergingthreats.net/2005135 1 || 2005136 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow UNION SELECT || cve,CVE-2007-0623 || url,www.securityfocus.com/bid/22293 || url,doc.emergingthreats.net/2005136 1 || 2005137 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow INSERT || cve,CVE-2007-0623 || url,www.securityfocus.com/bid/22293 || url,doc.emergingthreats.net/2005137 1 || 2005138 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow DELETE || cve,CVE-2007-0623 || url,www.securityfocus.com/bid/22293 || url,doc.emergingthreats.net/2005138 1 || 2005139 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow ASCII || cve,CVE-2007-0623 || url,www.securityfocus.com/bid/22293 || url,doc.emergingthreats.net/2005139 1 || 2005140 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow UPDATE || cve,CVE-2007-0623 || url,www.securityfocus.com/bid/22293 || url,doc.emergingthreats.net/2005140 1 || 2005141 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid SELECT || cve,CVE-2007-0600 || url,www.exploit-db.com/exploits/3194/ || url,doc.emergingthreats.net/2005141 1 || 2005142 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid UNION SELECT || cve,CVE-2007-0600 || url,www.exploit-db.com/exploits/3194/ || url,doc.emergingthreats.net/2005142 1 || 2005143 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid INSERT || cve,CVE-2007-0600 || url,www.exploit-db.com/exploits/3194/ || url,doc.emergingthreats.net/2005143 1 || 2005144 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid DELETE || cve,CVE-2007-0600 || url,www.exploit-db.com/exploits/3194/ || url,doc.emergingthreats.net/2005144 1 || 2005145 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid ASCII || cve,CVE-2007-0600 || url,www.exploit-db.com/exploits/3194/ || url,doc.emergingthreats.net/2005145 1 || 2005146 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid UPDATE || cve,CVE-2007-0600 || url,www.exploit-db.com/exploits/3194/ || url,doc.emergingthreats.net/2005146 1 || 2005147 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user UNION SELECT || cve,CVE-2007-0589 || url,www.milw0rm.com/exploits/3197 || url,doc.emergingthreats.net/2005147 1 || 2005148 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user INSERT || cve,CVE-2007-0589 || url,www.milw0rm.com/exploits/3197 || url,doc.emergingthreats.net/2005148 1 || 2005149 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user DELETE || cve,CVE-2007-0589 || url,www.milw0rm.com/exploits/3197 || url,doc.emergingthreats.net/2005149 1 || 2005150 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user ASCII || cve,CVE-2007-0589 || url,www.milw0rm.com/exploits/3197 || url,doc.emergingthreats.net/2005150 1 || 2005151 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user UPDATE || cve,CVE-2007-0589 || url,www.milw0rm.com/exploits/3197 || url,doc.emergingthreats.net/2005151 1 || 2005152 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines SELECT || cve,CVE-2007-0574 || url,www.securityfocus.com/bid/22282 || url,doc.emergingthreats.net/2005152 1 || 2005153 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines UNION SELECT || cve,CVE-2007-0574 || url,www.securityfocus.com/bid/22282 || url,doc.emergingthreats.net/2005153 1 || 2005154 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines DELETE || cve,CVE-2007-0574 || url,www.securityfocus.com/bid/22282 || url,doc.emergingthreats.net/2005154 1 || 2005155 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines INSERT || cve,CVE-2007-0574 || url,www.securityfocus.com/bid/22282 || url,doc.emergingthreats.net/2005155 1 || 2005156 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines ASCII || cve,CVE-2007-0574 || url,www.securityfocus.com/bid/22282 || url,doc.emergingthreats.net/2005156 1 || 2005157 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines UPDATE || cve,CVE-2007-0574 || url,www.securityfocus.com/bid/22282 || url,doc.emergingthreats.net/2005157 1 || 2005158 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS xNews SQL Injection Attempt -- xNews.php id SELECT || cve,CVE-2007-0569 || url,www.milw0rm.com/exploits/3216 || url,doc.emergingthreats.net/2005158 1 || 2005159 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS xNews SQL Injection Attempt -- xNews.php id UNION SELECT || cve,CVE-2007-0569 || url,www.milw0rm.com/exploits/3216 || url,doc.emergingthreats.net/2005159 1 || 2005160 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS xNews SQL Injection Attempt -- xNews.php id INSERT || cve,CVE-2007-0569 || url,www.milw0rm.com/exploits/3216 || url,doc.emergingthreats.net/2005160 1 || 2005161 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS xNews SQL Injection Attempt -- xNews.php id DELETE || cve,CVE-2007-0569 || url,www.milw0rm.com/exploits/3216 || url,doc.emergingthreats.net/2005161 1 || 2005162 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS xNews SQL Injection Attempt -- xNews.php id ASCII || cve,CVE-2007-0569 || url,www.milw0rm.com/exploits/3216 || url,doc.emergingthreats.net/2005162 1 || 2005163 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS xNews SQL Injection Attempt -- xNews.php id UPDATE || cve,CVE-2007-0569 || url,www.milw0rm.com/exploits/3216 || url,doc.emergingthreats.net/2005163 1 || 2005164 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP NEWS SQL Injection Attempt -- news_detail.asp id SELECT || cve,CVE-2007-0566 || url,www.milw0rm.com/exploits/3187 || url,doc.emergingthreats.net/2005164 1 || 2005165 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP NEWS SQL Injection Attempt -- news_detail.asp id UNION SELECT || cve,CVE-2007-0566 || url,www.milw0rm.com/exploits/3187 || url,doc.emergingthreats.net/2005165 1 || 2005166 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP NEWS SQL Injection Attempt -- news_detail.asp id INSERT || cve,CVE-2007-0566 || url,www.milw0rm.com/exploits/3187 || url,doc.emergingthreats.net/2005166 1 || 2005167 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP NEWS SQL Injection Attempt -- news_detail.asp id DELETE || cve,CVE-2007-0566 || url,www.milw0rm.com/exploits/3187 || url,doc.emergingthreats.net/2005167 1 || 2005168 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP NEWS SQL Injection Attempt -- news_detail.asp id ASCII || cve,CVE-2007-0566 || url,www.milw0rm.com/exploits/3187 || url,doc.emergingthreats.net/2005168 1 || 2005169 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP NEWS SQL Injection Attempt -- news_detail.asp id UPDATE || cve,CVE-2007-0566 || url,www.milw0rm.com/exploits/3187 || url,doc.emergingthreats.net/2005169 1 || 2005170 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- user.asp user SELECT || cve,CVE-2007-0560 || url,www.milw0rm.com/exploits/3186 || url,doc.emergingthreats.net/2005170 1 || 2005171 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- user.asp user UNION SELECT || cve,CVE-2007-0560 || url,www.milw0rm.com/exploits/3186 || url,doc.emergingthreats.net/2005171 1 || 2005172 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- user.asp user INSERT || cve,CVE-2007-0560 || url,www.milw0rm.com/exploits/3186 || url,doc.emergingthreats.net/2005172 1 || 2005173 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- user.asp user DELETE || cve,CVE-2007-0560 || url,www.milw0rm.com/exploits/3186 || url,doc.emergingthreats.net/2005173 1 || 2005174 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- user.asp user ASCII || cve,CVE-2007-0560 || url,www.milw0rm.com/exploits/3186 || url,doc.emergingthreats.net/2005174 1 || 2005175 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- user.asp user UPDATE || cve,CVE-2007-0560 || url,www.milw0rm.com/exploits/3186 || url,doc.emergingthreats.net/2005175 1 || 2005176 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user SELECT || cve,CVE-2007-0589 || url,www.milw0rm.com/exploits/3197 || url,doc.emergingthreats.net/2005176 1 || 2005177 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id UNION SELECT || cve,CVE-2007-1295 || url,www.milw0rm.com/exploits/3411 || url,doc.emergingthreats.net/2005177 1 || 2005179 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id SELECT || cve,CVE-2007-3080 || url,www.securityfocus.com/bid/24288 || url,doc.emergingthreats.net/2005179 1 || 2005180 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php INSERT || cve,CVE-2006-7101 || url,www.milw0rm.com/exploits/2759 || url,doc.emergingthreats.net/2005180 1 || 2005181 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php UPDATE || cve,CVE-2006-7101 || url,www.milw0rm.com/exploits/2759 || url,doc.emergingthreats.net/2005181 1 || 2005185 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s UNION SELECT || cve,CVE-2007-1289 || url,www.securityfocus.com/bid/22799 || url,doc.emergingthreats.net/2005185 1 || 2005186 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id SELECT || cve,CVE-2007-1058 || url,www.milw0rm.com/exploits/3339 || url,doc.emergingthreats.net/2005186 1 || 2005187 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay UNION SELECT || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005187 1 || 2005188 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay INSERT || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005188 1 || 2005189 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay DELETE || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005189 1 || 2005190 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ASCII || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005190 1 || 2005191 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay UPDATE || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005191 1 || 2005192 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005192 1 || 2005193 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id UNION SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005193 1 || 2005194 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id INSERT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005194 1 || 2005195 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id DELETE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005195 1 || 2005196 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id ASCII || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005196 1 || 2005197 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id UPDATE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005197 1 || 2005198 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005198 1 || 2005199 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass UNION SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005199 1 || 2005200 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass INSERT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005200 1 || 2005201 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass DELETE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005201 1 || 2005202 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass ASCII || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005202 1 || 2005203 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass UPDATE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005203 1 || 2005204 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005204 1 || 2005205 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass UNION SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005205 1 || 2005206 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass INSERT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005206 1 || 2005207 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass DELETE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005207 1 || 2005208 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass ASCII || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005208 1 || 2005209 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass UPDATE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005209 1 || 2005210 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005210 1 || 2005211 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id UNION SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005211 1 || 2005212 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id INSERT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005212 1 || 2005213 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id DELETE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005213 1 || 2005214 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id ASCII || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005214 1 || 2005215 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id UPDATE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005215 1 || 2005216 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- archives.php month SELECT || cve,CVE-2007-3179 || url,www.securityfocus.com/archive/1/archive/1/469984/100/0/threaded || url,doc.emergingthreats.net/2005216 1 || 2005217 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- archives.php month UNION SELECT || cve,CVE-2007-3179 || url,www.securityfocus.com/archive/1/archive/1/469984/100/0/threaded || url,doc.emergingthreats.net/2005217 1 || 2005218 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- archives.php month INSERT || cve,CVE-2007-3179 || url,www.securityfocus.com/archive/1/archive/1/469984/100/0/threaded || url,doc.emergingthreats.net/2005218 1 || 2005219 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- archives.php month DELETE || cve,CVE-2007-3179 || url,www.securityfocus.com/archive/1/archive/1/469984/100/0/threaded || url,doc.emergingthreats.net/2005219 1 || 2005220 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- archives.php month ASCII || cve,CVE-2007-3179 || url,www.securityfocus.com/archive/1/archive/1/469984/100/0/threaded || url,doc.emergingthreats.net/2005220 1 || 2005221 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- archives.php month UPDATE || cve,CVE-2007-3179 || url,www.securityfocus.com/archive/1/archive/1/469984/100/0/threaded || url,doc.emergingthreats.net/2005221 1 || 2005222 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id SELECT || cve,CVE-2007-0554 || url,www.milw0rm.com/exploits/3195 || url,doc.emergingthreats.net/2005222 1 || 2005223 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id UNION SELECT || cve,CVE-2007-0554 || url,www.milw0rm.com/exploits/3195 || url,doc.emergingthreats.net/2005223 1 || 2005224 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id INSERT || cve,CVE-2007-0554 || url,www.milw0rm.com/exploits/3195 || url,doc.emergingthreats.net/2005224 1 || 2005225 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id DELETE || cve,CVE-2007-0554 || url,www.milw0rm.com/exploits/3195 || url,doc.emergingthreats.net/2005225 1 || 2005226 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id UPDATE || cve,CVE-2007-0554 || url,www.milw0rm.com/exploits/3195 || url,doc.emergingthreats.net/2005226 1 || 2005227 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID SELECT || cve,CVE-2007-0527 || url,downloads.securityfocus.com/vulnerabilities/exploits/22176.html || url,doc.emergingthreats.net/2005227 1 || 2005228 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID UNION SELECT || cve,CVE-2007-0527 || url,downloads.securityfocus.com/vulnerabilities/exploits/22176.html || url,doc.emergingthreats.net/2005228 1 || 2005229 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID INSERT || cve,CVE-2007-0527 || url,downloads.securityfocus.com/vulnerabilities/exploits/22176.html || url,doc.emergingthreats.net/2005229 1 || 2005230 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID DELETE || cve,CVE-2007-0527 || url,downloads.securityfocus.com/vulnerabilities/exploits/22176.html || url,doc.emergingthreats.net/2005230 1 || 2005231 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID ASCII || cve,CVE-2007-0527 || url,downloads.securityfocus.com/vulnerabilities/exploits/22176.html || url,doc.emergingthreats.net/2005231 1 || 2005232 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID UPDATE || cve,CVE-2007-0527 || url,downloads.securityfocus.com/vulnerabilities/exploits/22176.html || url,doc.emergingthreats.net/2005232 1 || 2005233 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unique Ads (UDS) SQL Injection Attempt -- banner.php bid SELECT || cve,CVE-2007-0520 || url,www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded || url,doc.emergingthreats.net/2005233 1 || 2005234 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unique Ads (UDS) SQL Injection Attempt -- banner.php bid UNION SELECT || cve,CVE-2007-0520 || url,www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded || url,doc.emergingthreats.net/2005234 1 || 2005235 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unique Ads (UDS) SQL Injection Attempt -- banner.php bid INSERT || cve,CVE-2007-0520 || url,www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded || url,doc.emergingthreats.net/2005235 1 || 2005236 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unique Ads (UDS) SQL Injection Attempt -- banner.php bid DELETE || cve,CVE-2007-0520 || url,www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded || url,doc.emergingthreats.net/2005236 1 || 2005237 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unique Ads (UDS) SQL Injection Attempt -- banner.php bid ASCII || cve,CVE-2007-0520 || url,www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded || url,doc.emergingthreats.net/2005237 1 || 2005238 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unique Ads (UDS) SQL Injection Attempt -- banner.php bid UPDATE || cve,CVE-2007-0520 || url,www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded || url,doc.emergingthreats.net/2005238 1 || 2005239 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php picID SELECT || cve,CVE-2007-0520 || url,www.milw0rm.com/exploits/3172 || url,doc.emergingthreats.net/2005239 1 || 2005240 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php picID UNION SELECT || cve,CVE-2007-0520 || url,www.milw0rm.com/exploits/3172 || url,doc.emergingthreats.net/2005240 1 || 2005241 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php picID INSERT || cve,CVE-2007-0520 || url,www.milw0rm.com/exploits/3172 || url,doc.emergingthreats.net/2005241 1 || 2005242 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php picID DELETE || cve,CVE-2007-0520 || url,www.milw0rm.com/exploits/3172 || url,doc.emergingthreats.net/2005242 1 || 2005243 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php picID ASCII || cve,CVE-2007-0520 || url,www.milw0rm.com/exploits/3172 || url,doc.emergingthreats.net/2005243 1 || 2005244 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php picID UPDATE || cve,CVE-2007-0520 || url,www.milw0rm.com/exploits/3172 || url,doc.emergingthreats.net/2005244 1 || 2005245 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php id SELECT || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005245 1 || 2005246 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php id UNION SELECT || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005246 1 || 2005247 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php id INSERT || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005247 1 || 2005248 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php id DELETE || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005248 1 || 2005249 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php id ASCII || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005249 1 || 2005250 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php id UPDATE || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005250 1 || 2005251 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID SELECT || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005251 1 || 2005252 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID INSERT || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005252 1 || 2005253 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID DELETE || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005253 1 || 2005254 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID ASCII || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005254 1 || 2005255 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID UPDATE || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005255 1 || 2005256 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_owned.php cat SELECT || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005256 1 || 2005257 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_owned.php cat UNION SELECT || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005257 1 || 2005258 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_owned.php cat INSERT || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005258 1 || 2005259 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_owned.php cat DELETE || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005259 1 || 2005260 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_owned.php cat ASCII || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005260 1 || 2005261 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_owned.php cat UPDATE || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005261 1 || 2005262 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_joined.php cat SELECT || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005262 1 || 2005263 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_joined.php cat UNION SELECT || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005263 1 || 2005264 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_joined.php cat INSERT || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005264 1 || 2005265 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_joined.php cat DELETE || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005265 1 || 2005266 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_joined.php cat ASCII || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005266 1 || 2005267 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_joined.php cat UPDATE || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005267 1 || 2005268 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword SELECT || cve,CVE-2007-0403 || url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded || url,doc.emergingthreats.net/2005268 1 || 2005269 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword UNION SELECT || cve,CVE-2007-0403 || url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded || url,doc.emergingthreats.net/2005269 1 || 2005270 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword INSERT || cve,CVE-2007-0403 || url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded || url,doc.emergingthreats.net/2005270 1 || 2005271 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword DELETE || cve,CVE-2007-0403 || url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded || url,doc.emergingthreats.net/2005271 1 || 2005272 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword ASCII || cve,CVE-2007-0403 || url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded || url,doc.emergingthreats.net/2005272 1 || 2005273 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword UPDATE || cve,CVE-2007-0403 || url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded || url,doc.emergingthreats.net/2005273 1 || 2005274 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row SELECT || cve,CVE-2007-0401 || url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded || url,doc.emergingthreats.net/2005274 1 || 2005275 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row UNION SELECT || cve,CVE-2007-0401 || url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded || url,doc.emergingthreats.net/2005275 1 || 2005276 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row INSERT || cve,CVE-2007-0401 || url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded || url,doc.emergingthreats.net/2005276 1 || 2005277 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row DELETE || cve,CVE-2007-0401 || url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded || url,doc.emergingthreats.net/2005277 1 || 2005278 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row ASCII || cve,CVE-2007-0401 || url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded || url,doc.emergingthreats.net/2005278 1 || 2005279 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row UPDATE || cve,CVE-2007-0401 || url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded || url,doc.emergingthreats.net/2005279 1 || 2005280 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids SELECT || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005280 1 || 2005281 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids UNION SELECT || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005281 1 || 2005282 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids INSERT || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005282 1 || 2005283 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids DELETE || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005283 1 || 2005284 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids ASCII || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005284 1 || 2005285 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids UPDATE || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005285 1 || 2005286 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board SELECT || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005286 1 || 2005287 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UNION SELECT || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005287 1 || 2005288 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board INSERT || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005288 1 || 2005289 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board DELETE || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005289 1 || 2005290 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board ASCII || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005290 1 || 2005291 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UPDATE || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005291 1 || 2005292 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid SELECT || cve,CVE-2007-0387 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005292 1 || 2005293 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid UNION SELECT || cve,CVE-2007-0387 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005293 1 || 2005294 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid INSERT || cve,CVE-2007-0387 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005294 1 || 2005295 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid DELETE || cve,CVE-2007-0387 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005295 1 || 2005296 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid ASCII || cve,CVE-2007-0387 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005296 1 || 2005297 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid UPDATE || cve,CVE-2007-0387 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005297 1 || 2005298 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id SELECT || cve,CVE-2007-0382 || url,www.securityfocus.com/bid/22117 || url,doc.emergingthreats.net/2005298 1 || 2005299 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id UNION SELECT || cve,CVE-2007-0382 || url,www.securityfocus.com/bid/22117 || url,doc.emergingthreats.net/2005299 1 || 2005300 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id INSERT || cve,CVE-2007-0382 || url,www.securityfocus.com/bid/22117 || url,doc.emergingthreats.net/2005300 1 || 2005301 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id DELETE || cve,CVE-2007-0382 || url,www.securityfocus.com/bid/22117 || url,doc.emergingthreats.net/2005301 1 || 2005302 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id ASCII || cve,CVE-2007-0382 || url,www.securityfocus.com/bid/22117 || url,doc.emergingthreats.net/2005302 1 || 2005303 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id UPDATE || cve,CVE-2007-0382 || url,www.securityfocus.com/bid/22117 || url,doc.emergingthreats.net/2005303 1 || 2005304 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft SELECT || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005304 1 || 2005305 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft UNION SELECT || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005305 1 || 2005306 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft INSERT || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005306 1 || 2005307 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft DELETE || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005307 1 || 2005308 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft ASCII || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005308 1 || 2005309 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft UPDATE || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005309 1 || 2005310 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay SELECT || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005310 1 || 2005311 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ASCII || cve,CVE-2007-0554 || url,www.milw0rm.com/exploits/3195 || url,doc.emergingthreats.net/2005311 1 || 2005312 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID UNION SELECT || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005312 1 || 2005318 || 8 || trojan-activity || 0 || ET MALWARE Statblaster.com Spyware User-Agent (fetcher) || url,doc.emergingthreats.net/2005318 1 || 2005319 || 5 || trojan-activity || 0 || ET MALWARE Bizconcept.info Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2005319 1 || 2005320 || 10 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (MyAgent) || url,doc.emergingthreats.net/bin/view/Main/2005320 1 || 2005321 || 8 || trojan-activity || 0 || ET MALWARE NavExcel Spyware User-Agent (NavHelper) || url,doc.emergingthreats.net/2005321 1 || 2005322 || 9 || trojan-activity || 0 || ET MALWARE Spylocked Fake Anti-Spyware User-Agent (SpyLocked) 1 || 2005324 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php SELECT || cve,CVE-2007-3244 || url,trac.bbpress.org/ticket/592 || url,doc.emergingthreats.net/2005324 1 || 2005325 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php UNION SELECT || cve,CVE-2007-3244 || url,trac.bbpress.org/ticket/592 || url,doc.emergingthreats.net/2005325 1 || 2005326 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php INSERT || cve,CVE-2007-3244 || url,trac.bbpress.org/ticket/592 || url,doc.emergingthreats.net/2005326 1 || 2005327 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php DELETE || cve,CVE-2007-3244 || url,trac.bbpress.org/ticket/592 || url,doc.emergingthreats.net/2005327 1 || 2005328 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php ASCII || cve,CVE-2007-3244 || url,trac.bbpress.org/ticket/592 || url,doc.emergingthreats.net/2005328 1 || 2005329 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php UPDATE || cve,CVE-2007-3244 || url,trac.bbpress.org/ticket/592 || url,doc.emergingthreats.net/2005329 1 || 2005330 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic SELECT || cve,CVE-2007-3235 || url,www.milw0rm.com/exploits/4062 || url,doc.emergingthreats.net/2005330 1 || 2005331 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic UNION SELECT || cve,CVE-2007-3235 || url,www.milw0rm.com/exploits/4062 || url,doc.emergingthreats.net/2005331 1 || 2005332 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic INSERT || cve,CVE-2007-3235 || url,www.milw0rm.com/exploits/4062 || url,doc.emergingthreats.net/2005332 1 || 2005333 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic DELETE || cve,CVE-2007-3235 || url,www.milw0rm.com/exploits/4062 || url,doc.emergingthreats.net/2005333 1 || 2005334 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic ASCII || cve,CVE-2007-3235 || url,www.milw0rm.com/exploits/4062 || url,doc.emergingthreats.net/2005334 1 || 2005335 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic UPDATE || cve,CVE-2007-3235 || url,www.milw0rm.com/exploits/4062 || url,doc.emergingthreats.net/2005335 1 || 2005336 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template SELECT || cve,CVE-2007-3214 || url,www.milw0rm.com/exploits/4054 || url,doc.emergingthreats.net/2005336 1 || 2005337 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template UNION SELECT || cve,CVE-2007-3214 || url,www.milw0rm.com/exploits/4054 || url,doc.emergingthreats.net/2005337 1 || 2005338 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template INSERT || cve,CVE-2007-3214 || url,www.milw0rm.com/exploits/4054 || url,doc.emergingthreats.net/2005338 1 || 2005339 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template DELETE || cve,CVE-2007-3214 || url,www.milw0rm.com/exploits/4054 || url,doc.emergingthreats.net/2005339 1 || 2005340 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template ASCII || cve,CVE-2007-3214 || url,www.milw0rm.com/exploits/4054 || url,doc.emergingthreats.net/2005340 1 || 2005341 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template UPDATE || cve,CVE-2007-3214 || url,www.milw0rm.com/exploits/4054 || url,doc.emergingthreats.net/2005341 1 || 2005342 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass SELECT || cve,CVE-2007-3204 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005342 1 || 2005343 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass UNION SELECT || cve,CVE-2007-3204 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005343 1 || 2005344 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass INSERT || cve,CVE-2007-3204 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005344 1 || 2005345 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass DELETE || cve,CVE-2007-3204 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005345 1 || 2005346 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ASCII || cve,CVE-2007-3204 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005346 1 || 2005347 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass UPDATE || cve,CVE-2007-3204 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005347 1 || 2005348 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php SELECT || cve,CVE-2007-3197 || url,www.vbulletin.org/forum/showthread.php?t=94023&page=38 || url,doc.emergingthreats.net/2005348 1 || 2005349 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php UNION SELECT || cve,CVE-2007-3197 || url,www.vbulletin.org/forum/showthread.php?t=94023&page=38 || url,doc.emergingthreats.net/2005349 1 || 2005350 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php INSERT || cve,CVE-2007-3197 || url,www.vbulletin.org/forum/showthread.php?t=94023&page=38 || url,doc.emergingthreats.net/2005350 1 || 2005351 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php DELETE || cve,CVE-2007-3197 || url,www.vbulletin.org/forum/showthread.php?t=94023&page=38 || url,doc.emergingthreats.net/2005351 1 || 2005352 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php ASCII || cve,CVE-2007-3197 || url,www.vbulletin.org/forum/showthread.php?t=94023&page=38 || url,doc.emergingthreats.net/2005352 1 || 2005353 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php UPDATE || cve,CVE-2007-3197 || url,www.vbulletin.org/forum/showthread.php?t=94023&page=38 || url,doc.emergingthreats.net/2005353 1 || 2005354 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid SELECT || cve,CVE-2007-3196 || url,www.securityfocus.com/bid/24397 || url,doc.emergingthreats.net/2005354 1 || 2005355 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid UNION SELECT || cve,CVE-2007-3196 || url,www.securityfocus.com/bid/24397 || url,doc.emergingthreats.net/2005355 1 || 2005356 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid INSERT || cve,CVE-2007-3196 || url,www.securityfocus.com/bid/24397 || url,doc.emergingthreats.net/2005356 1 || 2005357 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid DELETE || cve,CVE-2007-3196 || url,www.securityfocus.com/bid/24397 || url,doc.emergingthreats.net/2005357 1 || 2005358 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid ASCII || cve,CVE-2007-3196 || url,www.securityfocus.com/bid/24397 || url,doc.emergingthreats.net/2005358 1 || 2005359 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid UPDATE || cve,CVE-2007-3196 || url,www.securityfocus.com/bid/24397 || url,doc.emergingthreats.net/2005359 1 || 2005360 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user SELECT || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005360 1 || 2005361 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user UNION SELECT || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005361 1 || 2005362 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user INSERT || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005362 1 || 2005363 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user DELETE || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005363 1 || 2005364 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user ASCII || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005364 1 || 2005365 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user UPDATE || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005365 1 || 2005366 || 8 || web-application-attack || 0 || ET DELETED Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass SELECT || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005366 1 || 2005367 || 8 || web-application-attack || 0 || ET DELETED Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass UNION SELECT || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005367 1 || 2005368 || 8 || web-application-attack || 0 || ET DELETED Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass INSERT || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005368 1 || 2005369 || 8 || web-application-attack || 0 || ET DELETED Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass DELETE || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005369 1 || 2005370 || 8 || web-application-attack || 0 || ET DELETED Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ASCII || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005370 1 || 2005371 || 8 || web-application-attack || 0 || ET DELETED Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass UPDATE || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005371 1 || 2005372 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id SELECT || cve,CVE-2007-3188 || url,www.milw0rm.com/exploits/4057 || url,doc.emergingthreats.net/2005372 1 || 2005373 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id UNION SELECT || cve,CVE-2007-3188 || url,www.milw0rm.com/exploits/4057 || url,doc.emergingthreats.net/2005373 1 || 2005374 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id INSERT || cve,CVE-2007-3188 || url,www.milw0rm.com/exploits/4057 || url,doc.emergingthreats.net/2005374 1 || 2005375 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id DELETE || cve,CVE-2007-3188 || url,www.milw0rm.com/exploits/4057 || url,doc.emergingthreats.net/2005375 1 || 2005376 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id ASCII || cve,CVE-2007-3188 || url,www.milw0rm.com/exploits/4057 || url,doc.emergingthreats.net/2005376 1 || 2005377 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id UPDATE || cve,CVE-2007-3188 || url,www.milw0rm.com/exploits/4057 || url,doc.emergingthreats.net/2005377 1 || 2005378 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id SELECT || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005378 1 || 2005379 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id UNION SELECT || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005379 1 || 2005380 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id INSERT || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005380 1 || 2005381 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id DELETE || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005381 1 || 2005382 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id ASCII || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005382 1 || 2005383 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id UPDATE || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005383 1 || 2005384 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid SELECT || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005384 1 || 2005385 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid UNION SELECT || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005385 1 || 2005386 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid INSERT || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005386 1 || 2005387 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid DELETE || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005387 1 || 2005388 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid ASCII || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005388 1 || 2005389 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid UPDATE || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005389 1 || 2005390 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005390 1 || 2005391 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php UNION SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005391 1 || 2005392 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php DELETE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005392 1 || 2005394 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php ASCII || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005394 1 || 2005395 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php UPDATE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005395 1 || 2005396 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005396 1 || 2005397 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php UNION SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005397 1 || 2005398 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php INSERT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005398 1 || 2005399 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php DELETE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005399 1 || 2005400 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php ASCII || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005400 1 || 2005401 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php UPDATE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005401 1 || 2005402 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005402 1 || 2005403 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php UNION SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005403 1 || 2005404 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php INSERT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005404 1 || 2005405 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php DELETE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005405 1 || 2005406 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php ASCII || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005406 1 || 2005407 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php UPDATE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005407 1 || 2005408 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005408 1 || 2005409 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php UNION SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005409 1 || 2005410 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php INSERT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005410 1 || 2005411 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php DELETE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005411 1 || 2005412 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php ASCII || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005412 1 || 2005413 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php UPDATE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005413 1 || 2005414 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005414 1 || 2005415 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php UNION SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005415 1 || 2005416 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php INSERT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005416 1 || 2005417 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php DELETE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005417 1 || 2005418 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php ASCII || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005418 1 || 2005419 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php UPDATE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005419 1 || 2005420 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005420 1 || 2005421 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where UNION SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005421 1 || 2005422 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where INSERT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005422 1 || 2005423 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where DELETE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005423 1 || 2005424 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where ASCII || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005424 1 || 2005425 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where UPDATE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005425 1 || 2005426 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005426 1 || 2005427 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where UNION SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005427 1 || 2005428 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where INSERT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005428 1 || 2005429 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where DELETE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005429 1 || 2005430 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where ASCII || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005430 1 || 2005431 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where UPDATE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005431 1 || 2005432 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005432 1 || 2005433 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text UNION SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005433 1 || 2005434 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text INSERT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005434 1 || 2005435 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text DELETE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005435 1 || 2005436 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text ASCII || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005436 1 || 2005437 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text UPDATE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005437 1 || 2005438 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005438 1 || 2005439 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text UNION SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005439 1 || 2005440 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text INSERT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005440 1 || 2005441 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text DELETE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005441 1 || 2005442 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text ASCII || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005442 1 || 2005443 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text UPDATE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005443 1 || 2005444 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005444 1 || 2005445 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text UNION SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005445 1 || 2005446 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text INSERT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005446 1 || 2005447 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text DELETE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005447 1 || 2005448 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text ASCII || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005448 1 || 2005449 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text UPDATE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005449 1 || 2005450 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005450 1 || 2005451 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email UNION SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005451 1 || 2005452 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email INSERT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005452 1 || 2005453 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email DELETE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005453 1 || 2005454 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email ASCII || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005454 1 || 2005455 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email UPDATE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005455 1 || 2005456 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005456 1 || 2005457 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active UNION SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005457 1 || 2005458 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active INSERT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005458 1 || 2005459 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active DELETE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005459 1 || 2005460 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active ASCII || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005460 1 || 2005461 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active UPDATE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005461 1 || 2005462 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005462 1 || 2005463 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class UNION SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005463 1 || 2005464 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class INSERT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005464 1 || 2005465 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class DELETE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005465 1 || 2005466 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class ASCII || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005466 1 || 2005467 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class UPDATE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005467 1 || 2005468 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005468 1 || 2005469 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl UNION SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005469 1 || 2005470 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl INSERT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005470 1 || 2005471 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl DELETE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005471 1 || 2005472 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl ASCII || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005472 1 || 2005473 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl UPDATE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005473 1 || 2005474 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005474 1 || 2005475 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl UNION SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005475 1 || 2005476 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl INSERT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005476 1 || 2005477 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl DELETE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005477 1 || 2005478 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ASCII || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005478 1 || 2005479 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl UPDATE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005479 1 || 2005480 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005480 1 || 2005481 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code UNION SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005481 1 || 2005482 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code INSERT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005482 1 || 2005483 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code DELETE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005483 1 || 2005484 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code ASCII || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005484 1 || 2005485 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code UPDATE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005485 1 || 2005486 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005486 1 || 2005487 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position UNION SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005487 1 || 2005489 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position INSERT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005489 1 || 2005490 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position DELETE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005490 1 || 2005491 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position ASCII || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005491 1 || 2005492 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position UPDATE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005492 1 || 2005493 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid SELECT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005493 1 || 2005494 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid UNION SELECT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005494 1 || 2005495 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid INSERT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005495 1 || 2005496 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid DELETE || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005496 1 || 2005497 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid ASCII || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005497 1 || 2005498 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid UPDATE || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005498 1 || 2005499 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id SELECT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005499 1 || 2005500 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id UNION SELECT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005500 1 || 2005501 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id INSERT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005501 1 || 2005502 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id DELETE || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005502 1 || 2005503 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id ASCII || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005503 1 || 2005504 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id UPDATE || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005504 1 || 2005505 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id SELECT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005505 1 || 2005506 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id UNION SELECT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005506 1 || 2005507 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id INSERT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005507 1 || 2005508 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id DELETE || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005508 1 || 2005509 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id ASCII || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005509 1 || 2005510 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id UPDATE || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005510 1 || 2005511 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGB OpenSource Guestbook SQL Injection Attempt -- email.php id SELECT || cve,CVE-2007-0354 || url,www.milw0rm.com/exploits/3141 || url,doc.emergingthreats.net/2005511 1 || 2005512 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGB OpenSource Guestbook SQL Injection Attempt -- email.php id UNION SELECT || cve,CVE-2007-0354 || url,www.milw0rm.com/exploits/3141 || url,doc.emergingthreats.net/2005512 1 || 2005514 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGB OpenSource Guestbook SQL Injection Attempt -- email.php id INSERT || cve,CVE-2007-0354 || url,www.milw0rm.com/exploits/3141 || url,doc.emergingthreats.net/2005514 1 || 2005515 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGB OpenSource Guestbook SQL Injection Attempt -- email.php id DELETE || cve,CVE-2007-0354 || url,www.milw0rm.com/exploits/3141 || url,doc.emergingthreats.net/2005515 1 || 2005516 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGB OpenSource Guestbook SQL Injection Attempt -- email.php id ASCII || cve,CVE-2007-0354 || url,www.milw0rm.com/exploits/3141 || url,doc.emergingthreats.net/2005516 1 || 2005517 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGB OpenSource Guestbook SQL Injection Attempt -- email.php id UPDATE || cve,CVE-2007-0354 || url,www.milw0rm.com/exploits/3141 || url,doc.emergingthreats.net/2005517 1 || 2005518 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005518 1 || 2005519 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005519 1 || 2005520 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005520 1 || 2005521 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005521 1 || 2005522 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005522 1 || 2005523 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005523 1 || 2005524 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005524 1 || 2005525 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005525 1 || 2005526 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005526 1 || 2005527 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005527 1 || 2005528 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005528 1 || 2005529 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005529 1 || 2005530 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005530 1 || 2005531 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005531 1 || 2005532 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005532 1 || 2005533 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005533 1 || 2005534 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005534 1 || 2005535 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005535 1 || 2005536 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005536 1 || 2005537 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005537 1 || 2005538 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005538 1 || 2005539 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005539 1 || 2005540 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005540 1 || 2005541 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005541 1 || 2005542 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php code SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005542 1 || 2005543 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php code UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005543 1 || 2005544 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php code INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005544 1 || 2005545 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php code DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005545 1 || 2005546 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php code ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005546 1 || 2005547 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php code UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005547 1 || 2005548 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php f SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005548 1 || 2005549 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php f UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005549 1 || 2005550 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php f INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005550 1 || 2005551 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php f DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005551 1 || 2005552 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php f ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005552 1 || 2005553 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php f UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005553 1 || 2005554 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php us SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005554 1 || 2005555 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php us UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005555 1 || 2005556 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php us INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005556 1 || 2005557 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php us DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005557 1 || 2005558 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php us ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005558 1 || 2005559 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php us UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005559 1 || 2005560 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php ps SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005560 1 || 2005561 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php ps UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005561 1 || 2005562 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php ps INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005562 1 || 2005563 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php ps DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005563 1 || 2005564 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php ps ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005564 1 || 2005566 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php ps UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005566 1 || 2005567 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ThWboard SQL Injection Attempt -- index.php board SELECT || cve,CVE-2007-0340 || url,www.milw0rm.com/exploits/3124 || url,doc.emergingthreats.net/2005567 1 || 2005568 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ThWboard SQL Injection Attempt -- index.php board UNION SELECT || cve,CVE-2007-0340 || url,www.milw0rm.com/exploits/3124 || url,doc.emergingthreats.net/2005568 1 || 2005569 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ThWboard SQL Injection Attempt -- index.php board INSERT || cve,CVE-2007-0340 || url,www.milw0rm.com/exploits/3124 || url,doc.emergingthreats.net/2005569 1 || 2005570 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ThWboard SQL Injection Attempt -- index.php board DELETE || cve,CVE-2007-0340 || url,www.milw0rm.com/exploits/3124 || url,doc.emergingthreats.net/2005570 1 || 2005571 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ThWboard SQL Injection Attempt -- index.php board ASCII || cve,CVE-2007-0340 || url,www.milw0rm.com/exploits/3124 || url,doc.emergingthreats.net/2005571 1 || 2005572 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ThWboard SQL Injection Attempt -- index.php board UPDATE || cve,CVE-2007-0340 || url,www.milw0rm.com/exploits/3124 || url,doc.emergingthreats.net/2005572 1 || 2005573 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name SELECT || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005573 1 || 2005574 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UNION SELECT || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005574 1 || 2005575 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name INSERT || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005575 1 || 2005576 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name DELETE || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005576 1 || 2005577 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ASCII || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005577 1 || 2005578 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UPDATE || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005578 1 || 2005579 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did SELECT || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005579 1 || 2005580 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UNION SELECT || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005580 1 || 2005581 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did INSERT || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005581 1 || 2005582 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did DELETE || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005582 1 || 2005583 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ASCII || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005583 1 || 2005584 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UPDATE || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005584 1 || 2005585 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat SELECT || cve,CVE-2007-0309 || url,www.securityfocus.com/bid/22037 || url,doc.emergingthreats.net/2005585 1 || 2005586 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat UNION SELECT || cve,CVE-2007-0309 || url,www.securityfocus.com/bid/22037 || url,doc.emergingthreats.net/2005586 1 || 2005587 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat INSERT || cve,CVE-2007-0309 || url,www.securityfocus.com/bid/22037 || url,doc.emergingthreats.net/2005587 1 || 2005588 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat DELETE || cve,CVE-2007-0309 || url,www.securityfocus.com/bid/22037 || url,doc.emergingthreats.net/2005588 1 || 2005589 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat ASCII || cve,CVE-2007-0309 || url,www.securityfocus.com/bid/22037 || url,doc.emergingthreats.net/2005589 1 || 2005590 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat UPDATE || cve,CVE-2007-0309 || url,www.securityfocus.com/bid/22037 || url,doc.emergingthreats.net/2005590 1 || 2005591 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id SELECT || cve,CVE-2007-0306 || url,www.milw0rm.com/exploits/3122 || url,doc.emergingthreats.net/2005591 1 || 2005592 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id UNION SELECT || cve,CVE-2007-0306 || url,www.milw0rm.com/exploits/3122 || url,doc.emergingthreats.net/2005592 1 || 2005593 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id INSERT || cve,CVE-2007-0306 || url,www.milw0rm.com/exploits/3122 || url,doc.emergingthreats.net/2005593 1 || 2005594 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id DELETE || cve,CVE-2007-0306 || url,www.milw0rm.com/exploits/3122 || url,doc.emergingthreats.net/2005594 1 || 2005595 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id ASCII || cve,CVE-2007-0306 || url,www.milw0rm.com/exploits/3122 || url,doc.emergingthreats.net/2005595 1 || 2005596 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id UPDATE || cve,CVE-2007-0306 || url,www.milw0rm.com/exploits/3122 || url,doc.emergingthreats.net/2005596 1 || 2005597 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id SELECT || cve,CVE-2007-0305 || url,www.milw0rm.com/exploits/3135 || url,doc.emergingthreats.net/2005597 1 || 2005598 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id UNION SELECT || cve,CVE-2007-0305 || url,www.milw0rm.com/exploits/3135 || url,doc.emergingthreats.net/2005598 1 || 2005599 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id INSERT || cve,CVE-2007-0305 || url,www.milw0rm.com/exploits/3135 || url,doc.emergingthreats.net/2005599 1 || 2005600 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id DELETE || cve,CVE-2007-0305 || url,www.milw0rm.com/exploits/3135 || url,doc.emergingthreats.net/2005600 1 || 2005601 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id ASCII || cve,CVE-2007-0305 || url,www.milw0rm.com/exploits/3135 || url,doc.emergingthreats.net/2005601 1 || 2005602 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id UPDATE || cve,CVE-2007-0305 || url,www.milw0rm.com/exploits/3135 || url,doc.emergingthreats.net/2005602 1 || 2005603 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id SELECT || cve,CVE-2007-0304 || url,www.milw0rm.com/exploits/3120 || url,doc.emergingthreats.net/2005603 1 || 2005604 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id UNION SELECT || cve,CVE-2007-0304 || url,www.milw0rm.com/exploits/3120 || url,doc.emergingthreats.net/2005604 1 || 2005605 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id INSERT || cve,CVE-2007-0304 || url,www.milw0rm.com/exploits/3120 || url,doc.emergingthreats.net/2005605 1 || 2005606 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id DELETE || cve,CVE-2007-0304 || url,www.milw0rm.com/exploits/3120 || url,doc.emergingthreats.net/2005606 1 || 2005607 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id ASCII || cve,CVE-2007-0304 || url,www.milw0rm.com/exploits/3120 || url,doc.emergingthreats.net/2005607 1 || 2005608 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id UPDATE || cve,CVE-2007-0304 || url,www.milw0rm.com/exploits/3120 || url,doc.emergingthreats.net/2005608 1 || 2005609 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder SELECT || cve,CVE-2006-6937 || url,www.securityfocus.com/bid/21138 || url,doc.emergingthreats.net/2005609 1 || 2005610 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder UNION SELECT || cve,CVE-2006-6937 || url,www.securityfocus.com/bid/21138 || url,doc.emergingthreats.net/2005610 1 || 2005611 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder INSERT || cve,CVE-2006-6937 || url,www.securityfocus.com/bid/21138 || url,doc.emergingthreats.net/2005611 1 || 2005612 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder DELETE || cve,CVE-2006-6937 || url,www.securityfocus.com/bid/21138 || url,doc.emergingthreats.net/2005612 1 || 2005613 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder ASCII || cve,CVE-2006-6937 || url,www.securityfocus.com/bid/21138 || url,doc.emergingthreats.net/2005613 1 || 2005614 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder UPDATE || cve,CVE-2006-6937 || url,www.securityfocus.com/bid/21138 || url,doc.emergingthreats.net/2005614 1 || 2005615 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid SELECT || cve,CVE-2007-0266 || url,www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded || url,doc.emergingthreats.net/2005615 1 || 2005616 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid UNION SELECT || cve,CVE-2007-0266 || url,www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded || url,doc.emergingthreats.net/2005616 1 || 2005617 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid INSERT || cve,CVE-2007-0266 || url,www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded || url,doc.emergingthreats.net/2005617 1 || 2005618 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid DELETE || cve,CVE-2007-0266 || url,www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded || url,doc.emergingthreats.net/2005618 1 || 2005619 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid ASCII || cve,CVE-2007-0266 || url,www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded || url,doc.emergingthreats.net/2005619 1 || 2005620 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid UPDATE || cve,CVE-2007-0266 || url,www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded || url,doc.emergingthreats.net/2005620 1 || 2005621 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid SELECT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005621 1 || 2005622 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid UNION SELECT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005622 1 || 2005623 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid INSERT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005623 1 || 2005624 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid DELETE || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005624 1 || 2005625 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid ASCII || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005625 1 || 2005626 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid UPDATE || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005626 1 || 2005627 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid SELECT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005627 1 || 2005628 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid UNION SELECT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005628 1 || 2005629 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid INSERT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005629 1 || 2005630 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid DELETE || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005630 1 || 2005631 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid ASCII || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005631 1 || 2005632 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid UPDATE || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005632 1 || 2005633 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid SELECT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005633 1 || 2005634 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid UNION SELECT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005634 1 || 2005635 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid INSERT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005635 1 || 2005636 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid DELETE || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005636 1 || 2005637 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid ASCII || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005637 1 || 2005638 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid UPDATE || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005638 1 || 2005639 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id SELECT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005639 1 || 2005640 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id UNION SELECT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005640 1 || 2005641 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id INSERT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005641 1 || 2005642 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id DELETE || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005642 1 || 2005643 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id ASCII || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005643 1 || 2005644 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id UPDATE || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005644 1 || 2005645 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order SELECT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005645 1 || 2005646 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order UNION SELECT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005646 1 || 2005647 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order INSERT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005647 1 || 2005648 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order DELETE || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005648 1 || 2005649 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order ASCII || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005649 1 || 2005650 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order UPDATE || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005650 1 || 2005651 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp page SELECT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005651 1 || 2005652 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp page UNION SELECT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005652 1 || 2005653 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp page INSERT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005653 1 || 2005654 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp page DELETE || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005654 1 || 2005655 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp page ASCII || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005655 1 || 2005656 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp page UPDATE || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005656 1 || 2005657 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php SELECT || cve,CVE-2007-0233 || url,www.milw0rm.com/exploits/3109 || url,doc.emergingthreats.net/2005657 1 || 2005658 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php UNION SELECT || cve,CVE-2007-0233 || url,www.milw0rm.com/exploits/3109 || url,doc.emergingthreats.net/2005658 1 || 2005659 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php INSERT || cve,CVE-2007-0233 || url,www.milw0rm.com/exploits/3109 || url,doc.emergingthreats.net/2005659 1 || 2005660 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php DELETE || cve,CVE-2007-0233 || url,www.milw0rm.com/exploits/3109 || url,doc.emergingthreats.net/2005660 1 || 2005661 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php ASCII || cve,CVE-2007-0233 || url,www.milw0rm.com/exploits/3109 || url,doc.emergingthreats.net/2005661 1 || 2005662 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php UPDATE || cve,CVE-2007-0233 || url,www.milw0rm.com/exploits/3109 || url,doc.emergingthreats.net/2005662 1 || 2005663 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx SELECT || cve,CVE-2007-0226 || url,www.milw0rm.com/exploits/3106 || url,doc.emergingthreats.net/2005663 1 || 2005664 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx UNION SELECT || cve,CVE-2007-0226 || url,www.milw0rm.com/exploits/3106 || url,doc.emergingthreats.net/2005664 1 || 2005665 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx INSERT || cve,CVE-2007-0226 || url,www.milw0rm.com/exploits/3106 || url,doc.emergingthreats.net/2005665 1 || 2005666 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx DELETE || cve,CVE-2007-0226 || url,www.milw0rm.com/exploits/3106 || url,doc.emergingthreats.net/2005666 1 || 2005667 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx ASCII || cve,CVE-2007-0226 || url,www.milw0rm.com/exploits/3106 || url,doc.emergingthreats.net/2005667 1 || 2005668 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx UPDATE || cve,CVE-2007-0226 || url,www.milw0rm.com/exploits/3106 || url,doc.emergingthreats.net/2005668 1 || 2005669 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname SELECT || cve,CVE-2007-0224 || url,www.milw0rm.com/exploits/3115 || url,doc.emergingthreats.net/2005669 1 || 2005670 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname UNION SELECT || cve,CVE-2007-0224 || url,www.milw0rm.com/exploits/3115 || url,doc.emergingthreats.net/2005670 1 || 2005671 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname INSERT || cve,CVE-2007-0224 || url,www.milw0rm.com/exploits/3115 || url,doc.emergingthreats.net/2005671 1 || 2005672 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname DELETE || cve,CVE-2007-0224 || url,www.milw0rm.com/exploits/3115 || url,doc.emergingthreats.net/2005672 1 || 2005673 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname ASCII || cve,CVE-2007-0224 || url,www.milw0rm.com/exploits/3115 || url,doc.emergingthreats.net/2005673 1 || 2005674 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname UPDATE || cve,CVE-2007-0224 || url,www.milw0rm.com/exploits/3115 || url,doc.emergingthreats.net/2005674 1 || 2005675 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category SELECT || cve,CVE-2007-0223 || url,www.secunia.com/advisories/23726 || url,doc.emergingthreats.net/2005675 1 || 2005676 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UNION SELECT || cve,CVE-2007-0223 || url,www.secunia.com/advisories/23726 || url,doc.emergingthreats.net/2005676 1 || 2005677 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category INSERT || cve,CVE-2007-0223 || url,www.secunia.com/advisories/23726 || url,doc.emergingthreats.net/2005677 1 || 2005678 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category DELETE || cve,CVE-2007-0223 || url,www.secunia.com/advisories/23726 || url,doc.emergingthreats.net/2005678 1 || 2005679 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ASCII || cve,CVE-2007-0223 || url,www.secunia.com/advisories/23726 || url,doc.emergingthreats.net/2005679 1 || 2005680 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UPDATE || cve,CVE-2007-0223 || url,www.secunia.com/advisories/23726 || url,doc.emergingthreats.net/2005680 1 || 2005681 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rapid Classified SQL Injection Attempt -- viewad.asp id SELECT || cve,CVE-2006-6930 || url,www.securityfocus.com/bid/21197 || url,doc.emergingthreats.net/2005681 1 || 2005682 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rapid Classified SQL Injection Attempt -- viewad.asp id UNION SELECT || cve,CVE-2006-6930 || url,www.securityfocus.com/bid/21197 || url,doc.emergingthreats.net/2005682 1 || 2005683 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rapid Classified SQL Injection Attempt -- viewad.asp id INSERT || cve,CVE-2006-6930 || url,www.securityfocus.com/bid/21197 || url,doc.emergingthreats.net/2005683 1 || 2005684 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rapid Classified SQL Injection Attempt -- viewad.asp id DELETE || cve,CVE-2006-6930 || url,www.securityfocus.com/bid/21197 || url,doc.emergingthreats.net/2005684 1 || 2005685 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rapid Classified SQL Injection Attempt -- viewad.asp id ASCII || cve,CVE-2006-6930 || url,www.securityfocus.com/bid/21197 || url,doc.emergingthreats.net/2005685 1 || 2005686 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rapid Classified SQL Injection Attempt -- viewad.asp id UPDATE || cve,CVE-2006-6930 || url,www.securityfocus.com/bid/21197 || url,doc.emergingthreats.net/2005686 1 || 2005687 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005687 1 || 2005688 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005688 1 || 2005689 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005689 1 || 2005690 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005690 1 || 2005691 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005691 1 || 2005692 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005692 1 || 2005693 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005693 1 || 2005694 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005694 1 || 2005695 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005695 1 || 2005696 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005696 1 || 2005697 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005697 1 || 2005698 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005698 1 || 2005699 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005699 1 || 2005700 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005700 1 || 2005701 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005701 1 || 2005702 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005702 1 || 2005703 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005703 1 || 2005704 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005704 1 || 2005705 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005705 1 || 2005706 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005706 1 || 2005707 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005707 1 || 2005708 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005708 1 || 2005709 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005709 1 || 2005710 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005710 1 || 2005711 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005711 1 || 2005712 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005712 1 || 2005713 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005713 1 || 2005714 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005714 1 || 2005715 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005715 1 || 2005716 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005716 1 || 2005717 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005717 1 || 2005718 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005718 1 || 2005719 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005719 1 || 2005720 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005720 1 || 2005721 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005721 1 || 2005722 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005722 1 || 2005723 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005723 1 || 2005724 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005724 1 || 2005725 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005725 1 || 2005726 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005726 1 || 2005727 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005727 1 || 2005728 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005728 1 || 2005729 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005729 1 || 2005730 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005730 1 || 2005731 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005731 1 || 2005732 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005732 1 || 2005733 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005733 1 || 2005734 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005734 1 || 2005735 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005735 1 || 2005736 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005736 1 || 2005738 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005738 1 || 2005739 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005739 1 || 2005740 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005740 1 || 2005741 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005741 1 || 2005742 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost1 SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005742 1 || 2005743 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost1 UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005743 1 || 2005744 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost1 INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005744 1 || 2005745 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost1 DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005745 1 || 2005746 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost1 ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005746 1 || 2005747 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost1 UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005747 1 || 2005748 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005748 1 || 2005749 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005749 1 || 2005750 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005750 1 || 2005751 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005751 1 || 2005752 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005752 1 || 2005753 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005753 1 || 2005754 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp acreage1 SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005754 1 || 2005755 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp acreage1 UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005755 1 || 2005756 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp acreage1 INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005756 1 || 2005757 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp acreage1 DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005757 1 || 2005758 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp acreage1 ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005758 1 || 2005759 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp acreage1 UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005759 1 || 2005760 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005760 1 || 2005761 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005761 1 || 2005762 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005762 1 || 2005763 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005763 1 || 2005764 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005764 1 || 2005765 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005765 1 || 2005766 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk SELECT || cve,CVE-2006-6923 || url,www.securityfocus.com/bid/20996 || url,doc.emergingthreats.net/2005766 1 || 2005767 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UNION SELECT || cve,CVE-2006-6923 || url,www.securityfocus.com/bid/20996 || url,doc.emergingthreats.net/2005767 1 || 2005768 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk INSERT || cve,CVE-2006-6923 || url,www.securityfocus.com/bid/20996 || url,doc.emergingthreats.net/2005768 1 || 2005769 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk DELETE || cve,CVE-2006-6923 || url,www.securityfocus.com/bid/20996 || url,doc.emergingthreats.net/2005769 1 || 2005770 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk ASCII || cve,CVE-2006-6923 || url,www.securityfocus.com/bid/20996 || url,doc.emergingthreats.net/2005770 1 || 2005771 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UPDATE || cve,CVE-2006-6923 || url,www.securityfocus.com/bid/20996 || url,doc.emergingthreats.net/2005771 1 || 2005772 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang SELECT || cve,CVE-2007-0202 || url,www.milw0rm.com/exploits/3103 || url,doc.emergingthreats.net/2005772 1 || 2005773 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang UNION SELECT || cve,CVE-2007-0202 || url,www.milw0rm.com/exploits/3103 || url,doc.emergingthreats.net/2005773 1 || 2005774 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang INSERT || cve,CVE-2007-0202 || url,www.milw0rm.com/exploits/3103 || url,doc.emergingthreats.net/2005774 1 || 2005775 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang DELETE || cve,CVE-2007-0202 || url,www.milw0rm.com/exploits/3103 || url,doc.emergingthreats.net/2005775 1 || 2005776 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang ASCII || cve,CVE-2007-0202 || url,www.milw0rm.com/exploits/3103 || url,doc.emergingthreats.net/2005776 1 || 2005777 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang UPDATE || cve,CVE-2007-0202 || url,www.milw0rm.com/exploits/3103 || url,doc.emergingthreats.net/2005777 1 || 2005778 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName SELECT || cve,CVE-2007-0196 || url,www.milw0rm.com/exploits/3105 || url,doc.emergingthreats.net/2005778 1 || 2005779 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName UNION SELECT || cve,CVE-2007-0196 || url,www.milw0rm.com/exploits/3105 || url,doc.emergingthreats.net/2005779 1 || 2005780 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName INSERT || cve,CVE-2007-0196 || url,www.milw0rm.com/exploits/3105 || url,doc.emergingthreats.net/2005780 1 || 2005781 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName DELETE || cve,CVE-2007-0196 || url,www.milw0rm.com/exploits/3105 || url,doc.emergingthreats.net/2005781 1 || 2005782 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName ASCII || cve,CVE-2007-0196 || url,www.milw0rm.com/exploits/3105 || url,doc.emergingthreats.net/2005782 1 || 2005783 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName UPDATE || cve,CVE-2007-0196 || url,www.milw0rm.com/exploits/3105 || url,doc.emergingthreats.net/2005783 1 || 2005784 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid SELECT || cve,CVE-2007-0179 || url,www.securityfocus.com/bid/21962 || url,doc.emergingthreats.net/2005784 1 || 2005785 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid UNION SELECT || cve,CVE-2007-0179 || url,www.securityfocus.com/bid/21962 || url,doc.emergingthreats.net/2005785 1 || 2005786 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid INSERT || cve,CVE-2007-0179 || url,www.securityfocus.com/bid/21962 || url,doc.emergingthreats.net/2005786 1 || 2005787 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid DELETE || cve,CVE-2007-0179 || url,www.securityfocus.com/bid/21962 || url,doc.emergingthreats.net/2005787 1 || 2005788 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid ASCII || cve,CVE-2007-0179 || url,www.securityfocus.com/bid/21962 || url,doc.emergingthreats.net/2005788 1 || 2005789 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid UPDATE || cve,CVE-2007-0179 || url,www.securityfocus.com/bid/21962 || url,doc.emergingthreats.net/2005789 1 || 2005790 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID SELECT || cve,CVE-2007-0142 || url,www.securityfocus.com/bid/21905 || url,doc.emergingthreats.net/2005790 1 || 2005791 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID UNION SELECT || cve,CVE-2007-0142 || url,www.securityfocus.com/bid/21905 || url,doc.emergingthreats.net/2005791 1 || 2005792 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID INSERT || cve,CVE-2007-0142 || url,www.securityfocus.com/bid/21905 || url,doc.emergingthreats.net/2005792 1 || 2005793 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID DELETE || cve,CVE-2007-0142 || url,www.securityfocus.com/bid/21905 || url,doc.emergingthreats.net/2005793 1 || 2005794 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID ASCII || cve,CVE-2007-0142 || url,www.securityfocus.com/bid/21905 || url,doc.emergingthreats.net/2005794 1 || 2005795 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID UPDATE || cve,CVE-2007-0142 || url,www.securityfocus.com/bid/21905 || url,doc.emergingthreats.net/2005795 1 || 2005796 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id SELECT || cve,CVE-2007-0140 || url,www.securityfocus.com/bid/21889 || url,doc.emergingthreats.net/2005796 1 || 2005797 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id UNION SELECT || cve,CVE-2007-0140 || url,www.securityfocus.com/bid/21889 || url,doc.emergingthreats.net/2005797 1 || 2005798 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id INSERT || cve,CVE-2007-0140 || url,www.securityfocus.com/bid/21889 || url,doc.emergingthreats.net/2005798 1 || 2005799 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id DELETE || cve,CVE-2007-0140 || url,www.securityfocus.com/bid/21889 || url,doc.emergingthreats.net/2005799 1 || 2005800 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id ASCII || cve,CVE-2007-0140 || url,www.securityfocus.com/bid/21889 || url,doc.emergingthreats.net/2005800 1 || 2005801 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id UPDATE || cve,CVE-2007-0140 || url,www.securityfocus.com/bid/21889 || url,doc.emergingthreats.net/2005801 1 || 2005802 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php INSERT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005802 1 || 2005804 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php id INSERT || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005804 1 || 2005806 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php id DELETE || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005806 1 || 2005807 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php id SELECT || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005807 1 || 2005808 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php id UNION SELECT || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005808 1 || 2005809 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php id ASCII || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005809 1 || 2005810 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php id UPDATE || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005810 1 || 2005811 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie SELECT || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005811 1 || 2005812 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie UNION SELECT || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005812 1 || 2005813 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie INSERT || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005813 1 || 2005814 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie DELETE || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005814 1 || 2005815 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie ASCII || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005815 1 || 2005816 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie UPDATE || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005816 1 || 2005817 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- compare_product.php id SELECT || cve,CVE-2007-0132 || url,www.milw0rm.com/exploits/3083 || url,doc.emergingthreats.net/2005817 1 || 2005818 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- compare_product.php id UNION SELECT || cve,CVE-2007-0132 || url,www.milw0rm.com/exploits/3083 || url,doc.emergingthreats.net/2005818 1 || 2005819 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- compare_product.php id INSERT || cve,CVE-2007-0132 || url,www.milw0rm.com/exploits/3083 || url,doc.emergingthreats.net/2005819 1 || 2005820 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- compare_product.php id DELETE || cve,CVE-2007-0132 || url,www.milw0rm.com/exploits/3083 || url,doc.emergingthreats.net/2005820 1 || 2005821 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- compare_product.php id ASCII || cve,CVE-2007-0132 || url,www.milw0rm.com/exploits/3083 || url,doc.emergingthreats.net/2005821 1 || 2005822 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- compare_product.php id UPDATE || cve,CVE-2007-0132 || url,www.milw0rm.com/exploits/3083 || url,doc.emergingthreats.net/2005822 1 || 2005823 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Calendar SQL Injection Attempt -- user.php id SELECT || cve,CVE-2007-0130 || url,www.milw0rm.com/exploits/3082 || url,doc.emergingthreats.net/2005823 1 || 2005824 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Calendar SQL Injection Attempt -- user.php id UNION SELECT || cve,CVE-2007-0130 || url,www.milw0rm.com/exploits/3082 || url,doc.emergingthreats.net/2005824 1 || 2005825 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Calendar SQL Injection Attempt -- user.php id INSERT || cve,CVE-2007-0130 || url,www.milw0rm.com/exploits/3082 || url,doc.emergingthreats.net/2005825 1 || 2005826 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Calendar SQL Injection Attempt -- user.php id DELETE || cve,CVE-2007-0130 || url,www.milw0rm.com/exploits/3082 || url,doc.emergingthreats.net/2005826 1 || 2005827 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Calendar SQL Injection Attempt -- user.php id ASCII || cve,CVE-2007-0130 || url,www.milw0rm.com/exploits/3082 || url,doc.emergingthreats.net/2005827 1 || 2005828 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Calendar SQL Injection Attempt -- user.php id UPDATE || cve,CVE-2007-0130 || url,www.milw0rm.com/exploits/3082 || url,doc.emergingthreats.net/2005828 1 || 2005829 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LocazoList SQL Injection Attempt -- main.asp subcatID SELECT || cve,CVE-2007-0129 || url,www.exploit-db.com/exploits/3073/ || url,doc.emergingthreats.net/2005829 1 || 2005830 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LocazoList SQL Injection Attempt -- main.asp subcatID UNION SELECT || cve,CVE-2007-0129 || url,www.exploit-db.com/exploits/3073/ || url,doc.emergingthreats.net/2005830 1 || 2005831 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LocazoList SQL Injection Attempt -- main.asp subcatID INSERT || cve,CVE-2007-0129 || url,www.exploit-db.com/exploits/3073/ || url,doc.emergingthreats.net/2005831 1 || 2005832 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LocazoList SQL Injection Attempt -- main.asp subcatID DELETE || cve,CVE-2007-0129 || url,www.exploit-db.com/exploits/3073/ || url,doc.emergingthreats.net/2005832 1 || 2005833 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LocazoList SQL Injection Attempt -- main.asp subcatID ASCII || cve,CVE-2007-0129 || url,www.exploit-db.com/exploits/3073/ || url,doc.emergingthreats.net/2005833 1 || 2005834 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LocazoList SQL Injection Attempt -- main.asp subcatID UPDATE || cve,CVE-2007-0129 || url,www.exploit-db.com/exploits/3073/ || url,doc.emergingthreats.net/2005834 1 || 2005835 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id SELECT || cve,CVE-2007-0128 || url,www.milw0rm.com/exploits/3081 || url,doc.emergingthreats.net/2005835 1 || 2005836 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id UNION SELECT || cve,CVE-2007-0128 || url,www.milw0rm.com/exploits/3081 || url,doc.emergingthreats.net/2005836 1 || 2005837 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id INSERT || cve,CVE-2007-0128 || url,www.milw0rm.com/exploits/3081 || url,doc.emergingthreats.net/2005837 1 || 2005838 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id DELETE || cve,CVE-2007-0128 || url,www.milw0rm.com/exploits/3081 || url,doc.emergingthreats.net/2005838 1 || 2005839 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id ASCII || cve,CVE-2007-0128 || url,www.milw0rm.com/exploits/3081 || url,doc.emergingthreats.net/2005839 1 || 2005840 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id UPDATE || cve,CVE-2007-0128 || url,www.milw0rm.com/exploits/3081 || url,doc.emergingthreats.net/2005840 1 || 2005841 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat SELECT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005841 1 || 2005842 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat UNION SELECT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005842 1 || 2005843 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat INSERT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005843 1 || 2005844 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat DELETE || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005844 1 || 2005845 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat ASCII || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005845 1 || 2005846 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat UPDATE || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005846 1 || 2005847 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid SELECT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005847 1 || 2005848 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid UNION SELECT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005848 1 || 2005849 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid INSERT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005849 1 || 2005850 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid DELETE || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005850 1 || 2005851 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid ASCII || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005851 1 || 2005852 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid UPDATE || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005852 1 || 2005853 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start SELECT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005853 1 || 2005854 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start UNION SELECT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005854 1 || 2005855 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start INSERT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005855 1 || 2005856 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start DELETE || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005856 1 || 2005857 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start ASCII || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005857 1 || 2005858 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start UPDATE || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005858 1 || 2005859 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreateAuction SQL Injection Attempt -- cats.asp catid SELECT || cve,CVE-2007-0112 || url,www.securityfocus.com/bid/21929 || url,doc.emergingthreats.net/2005859 1 || 2005860 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreateAuction SQL Injection Attempt -- cats.asp catid UNION SELECT || cve,CVE-2007-0112 || url,www.securityfocus.com/bid/21929 || url,doc.emergingthreats.net/2005860 1 || 2005861 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreateAuction SQL Injection Attempt -- cats.asp catid INSERT || cve,CVE-2007-0112 || url,www.securityfocus.com/bid/21929 || url,doc.emergingthreats.net/2005861 1 || 2005862 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreateAuction SQL Injection Attempt -- cats.asp catid DELETE || cve,CVE-2007-0112 || url,www.securityfocus.com/bid/21929 || url,doc.emergingthreats.net/2005862 1 || 2005863 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreateAuction SQL Injection Attempt -- cats.asp catid ASCII || cve,CVE-2007-0112 || url,www.securityfocus.com/bid/21929 || url,doc.emergingthreats.net/2005863 1 || 2005864 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreateAuction SQL Injection Attempt -- cats.asp catid UPDATE || cve,CVE-2007-0112 || url,www.securityfocus.com/bid/21929 || url,doc.emergingthreats.net/2005864 1 || 2005865 || 6 || web-application-attack || 0 || ET DELETED WordPress SQL Injection Attempt -- wp-trackback.php SELECT || cve,CVE-2007-0107 || url,www.securityfocus.com/bid/21907 || url,doc.emergingthreats.net/2005865 1 || 2005866 || 6 || web-application-attack || 0 || ET DELETED WordPress SQL Injection Attempt -- wp-trackback.php UNION SELECT || cve,CVE-2007-0107 || url,www.securityfocus.com/bid/21907 || url,doc.emergingthreats.net/2005866 1 || 2005867 || 6 || web-application-attack || 0 || ET DELETED WordPress SQL Injection Attempt -- wp-trackback.php INSERT || cve,CVE-2007-0107 || url,www.securityfocus.com/bid/21907 || url,doc.emergingthreats.net/2005867 1 || 2005868 || 6 || web-application-attack || 0 || ET DELETED WordPress SQL Injection Attempt -- wp-trackback.php DELETE || cve,CVE-2007-0107 || url,www.securityfocus.com/bid/21907 || url,doc.emergingthreats.net/2005868 1 || 2005869 || 6 || web-application-attack || 0 || ET DELETED WordPress SQL Injection Attempt -- wp-trackback.php ASCII || cve,CVE-2007-0107 || url,www.securityfocus.com/bid/21907 || url,doc.emergingthreats.net/2005869 1 || 2005870 || 6 || web-application-attack || 0 || ET DELETED WordPress SQL Injection Attempt -- wp-trackback.php UPDATE || cve,CVE-2007-0107 || url,www.securityfocus.com/bid/21907 || url,doc.emergingthreats.net/2005870 1 || 2005871 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Web Content Management System SQL Injection Attempt -- page.php id SELECT || cve,CVE-2007-0093 || url,www.milw0rm.com/exploits/3076 || url,doc.emergingthreats.net/2005871 1 || 2005872 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Web Content Management System SQL Injection Attempt -- page.php id UNION SELECT || cve,CVE-2007-0093 || url,www.milw0rm.com/exploits/3076 || url,doc.emergingthreats.net/2005872 1 || 2005873 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Web Content Management System SQL Injection Attempt -- page.php id INSERT || cve,CVE-2007-0093 || url,www.milw0rm.com/exploits/3076 || url,doc.emergingthreats.net/2005873 1 || 2005874 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Web Content Management System SQL Injection Attempt -- page.php id DELETE || cve,CVE-2007-0093 || url,www.milw0rm.com/exploits/3076 || url,doc.emergingthreats.net/2005874 1 || 2005875 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Web Content Management System SQL Injection Attempt -- page.php id ASCII || cve,CVE-2007-0093 || url,www.milw0rm.com/exploits/3076 || url,doc.emergingthreats.net/2005875 1 || 2005876 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Web Content Management System SQL Injection Attempt -- page.php id UPDATE || cve,CVE-2007-0093 || url,www.milw0rm.com/exploits/3076 || url,doc.emergingthreats.net/2005876 1 || 2005877 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id SELECT || cve,CVE-2007-0092 || url,www.milw0rm.com/exploits/3074 || url,doc.emergingthreats.net/2005877 1 || 2005878 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id UNION SELECT || cve,CVE-2007-0092 || url,www.milw0rm.com/exploits/3074 || url,doc.emergingthreats.net/2005878 1 || 2005879 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id INSERT || cve,CVE-2007-0092 || url,www.milw0rm.com/exploits/3074 || url,doc.emergingthreats.net/2005879 1 || 2005880 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id DELETE || cve,CVE-2007-0092 || url,www.milw0rm.com/exploits/3074 || url,doc.emergingthreats.net/2005880 1 || 2005881 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id ASCII || cve,CVE-2007-0092 || url,www.milw0rm.com/exploits/3074 || url,doc.emergingthreats.net/2005881 1 || 2005882 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id UPDATE || cve,CVE-2007-0092 || url,www.milw0rm.com/exploits/3074 || url,doc.emergingthreats.net/2005882 1 || 2005883 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro SELECT || cve,CVE-2007-0053 || url,www.milw0rm.com/exploits/3062 || url,doc.emergingthreats.net/2005883 1 || 2005884 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro UNION SELECT || cve,CVE-2007-0053 || url,www.milw0rm.com/exploits/3062 || url,doc.emergingthreats.net/2005884 1 || 2005885 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro INSERT || cve,CVE-2007-0053 || url,www.milw0rm.com/exploits/3062 || url,doc.emergingthreats.net/2005885 1 || 2005886 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro DELETE || cve,CVE-2007-0053 || url,www.milw0rm.com/exploits/3062 || url,doc.emergingthreats.net/2005886 1 || 2005887 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro ASCII || cve,CVE-2007-0053 || url,www.milw0rm.com/exploits/3062 || url,doc.emergingthreats.net/2005887 1 || 2005888 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro UPDATE || cve,CVE-2007-0053 || url,www.milw0rm.com/exploits/3062 || url,doc.emergingthreats.net/2005888 1 || 2005889 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id SELECT || cve,CVE-2007-0052 || url,www.milw0rm.com/exploits/3061 || url,doc.emergingthreats.net/2005889 1 || 2005890 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id UNION SELECT || cve,CVE-2007-0052 || url,www.milw0rm.com/exploits/3061 || url,doc.emergingthreats.net/2005890 1 || 2005891 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id INSERT || cve,CVE-2007-0052 || url,www.milw0rm.com/exploits/3061 || url,doc.emergingthreats.net/2005891 1 || 2005892 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id DELETE || cve,CVE-2007-0052 || url,www.milw0rm.com/exploits/3061 || url,doc.emergingthreats.net/2005892 1 || 2005893 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id ASCII || cve,CVE-2007-0052 || url,www.milw0rm.com/exploits/3061 || url,doc.emergingthreats.net/2005893 1 || 2005894 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id UPDATE || cve,CVE-2007-0052 || url,www.milw0rm.com/exploits/3061 || url,doc.emergingthreats.net/2005894 1 || 2005895 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum SELECT || cve,CVE-2006-6911 || url,www.milw0rm.com/exploits/3089 || url,doc.emergingthreats.net/2005895 1 || 2005896 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum UNION SELECT || cve,CVE-2006-6911 || url,www.milw0rm.com/exploits/3089 || url,doc.emergingthreats.net/2005896 1 || 2005897 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum INSERT || cve,CVE-2006-6911 || url,www.milw0rm.com/exploits/3089 || url,doc.emergingthreats.net/2005897 1 || 2005898 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum DELETE || cve,CVE-2006-6911 || url,www.milw0rm.com/exploits/3089 || url,doc.emergingthreats.net/2005898 1 || 2005899 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum ASCII || cve,CVE-2006-6911 || url,www.milw0rm.com/exploits/3089 || url,doc.emergingthreats.net/2005899 1 || 2005900 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum UPDATE || cve,CVE-2006-6911 || url,www.milw0rm.com/exploits/3089 || url,doc.emergingthreats.net/2005900 1 || 2005901 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005901 1 || 2005902 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage UNION SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005902 1 || 2005903 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage INSERT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005903 1 || 2005904 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage DELETE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005904 1 || 2005905 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage ASCII || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005905 1 || 2005906 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage UPDATE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005906 1 || 2005907 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005907 1 || 2005908 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname UNION SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005908 1 || 2005909 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname INSERT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005909 1 || 2005910 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname DELETE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005910 1 || 2005911 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname ASCII || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005911 1 || 2005912 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname UPDATE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005912 1 || 2005913 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005913 1 || 2005914 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite UNION SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005914 1 || 2005915 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite INSERT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005915 1 || 2005916 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite DELETE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005916 1 || 2005917 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite ASCII || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005917 1 || 2005918 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite UPDATE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005918 1 || 2005919 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005919 1 || 2005920 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail UNION SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005920 1 || 2005921 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail INSERT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005921 1 || 2005922 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail DELETE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005922 1 || 2005923 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail ASCII || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005923 1 || 2005924 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail UPDATE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005924 1 || 2005925 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did SELECT || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005925 1 || 2005926 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did UNION SELECT || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005926 1 || 2005927 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did INSERT || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005927 1 || 2005928 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did DELETE || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005928 1 || 2005929 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did ASCII || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005929 1 || 2005930 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did UPDATE || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005930 1 || 2005931 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid SELECT || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005931 1 || 2005932 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid UNION SELECT || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005932 1 || 2005933 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid INSERT || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005933 1 || 2005934 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid DELETE || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005934 1 || 2005935 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid ASCII || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005935 1 || 2005936 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid UPDATE || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005936 1 || 2005937 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate SELECT || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005937 1 || 2005938 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate UNION SELECT || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005938 1 || 2005939 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate INSERT || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005939 1 || 2005940 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate DELETE || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005940 1 || 2005941 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate ASCII || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005941 1 || 2005942 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate UPDATE || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005942 1 || 2005943 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp SELECT || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005943 1 || 2005944 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp UNION SELECT || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005944 1 || 2005945 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp INSERT || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005945 1 || 2005946 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp DELETE || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005946 1 || 2005947 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp ASCII || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005947 1 || 2005948 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp UPDATE || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005948 1 || 2005949 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key SELECT || cve,CVE-2006-6859 || url,www.securityfocus.com/bid/21824 || url,doc.emergingthreats.net/2005949 1 || 2005950 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key UNION SELECT || cve,CVE-2006-6859 || url,www.securityfocus.com/bid/21824 || url,doc.emergingthreats.net/2005950 1 || 2005951 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key INSERT || cve,CVE-2006-6859 || url,www.securityfocus.com/bid/21824 || url,doc.emergingthreats.net/2005951 1 || 2005952 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key DELETE || cve,CVE-2006-6859 || url,www.securityfocus.com/bid/21824 || url,doc.emergingthreats.net/2005952 1 || 2005953 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key ASCII || cve,CVE-2006-6859 || url,www.securityfocus.com/bid/21824 || url,doc.emergingthreats.net/2005953 1 || 2005954 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key UPDATE || cve,CVE-2006-6859 || url,www.securityfocus.com/bid/21824 || url,doc.emergingthreats.net/2005954 1 || 2005955 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num SELECT || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005955 1 || 2005956 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num UNION SELECT || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005956 1 || 2005957 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num INSERT || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005957 1 || 2005958 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num DELETE || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005958 1 || 2005959 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num ASCII || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005959 1 || 2005960 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num UPDATE || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005960 1 || 2005961 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode SELECT || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005961 1 || 2005962 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode UNION SELECT || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005962 1 || 2005963 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode INSERT || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005963 1 || 2005964 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode DELETE || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005964 1 || 2005965 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode ASCII || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005965 1 || 2005966 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode UPDATE || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005966 1 || 2005967 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id SELECT || cve,CVE-2006-6842 || url,www.milw0rm.com/exploits/3033 || url,doc.emergingthreats.net/2005967 1 || 2005968 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id UNION SELECT || cve,CVE-2006-6842 || url,www.milw0rm.com/exploits/3033 || url,doc.emergingthreats.net/2005968 1 || 2005969 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id INSERT || cve,CVE-2006-6842 || url,www.milw0rm.com/exploits/3033 || url,doc.emergingthreats.net/2005969 1 || 2005970 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id DELETE || cve,CVE-2006-6842 || url,www.milw0rm.com/exploits/3033 || url,doc.emergingthreats.net/2005970 1 || 2005971 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id ASCII || cve,CVE-2006-6842 || url,www.milw0rm.com/exploits/3033 || url,doc.emergingthreats.net/2005971 1 || 2005972 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id UPDATE || cve,CVE-2006-6842 || url,www.milw0rm.com/exploits/3033 || url,doc.emergingthreats.net/2005972 1 || 2005973 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w SELECT || cve,CVE-2006-6835 || url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded || url,doc.emergingthreats.net/2005973 1 || 2005974 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w UNION SELECT || cve,CVE-2006-6835 || url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded || url,doc.emergingthreats.net/2005974 1 || 2005975 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w INSERT || cve,CVE-2006-6835 || url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded || url,doc.emergingthreats.net/2005975 1 || 2005976 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w DELETE || cve,CVE-2006-6835 || url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded || url,doc.emergingthreats.net/2005976 1 || 2005977 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w ASCII || cve,CVE-2006-6835 || url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded || url,doc.emergingthreats.net/2005977 1 || 2005978 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w UPDATE || cve,CVE-2006-6835 || url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded || url,doc.emergingthreats.net/2005978 1 || 2005979 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS aFAQ SQL Injection Attempt -- faqDsp.asp catcode SELECT || cve,CVE-2006-6831 || url,www.milw0rm.com/exploits/3031 || url,doc.emergingthreats.net/2005979 1 || 2005980 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS aFAQ SQL Injection Attempt -- faqDsp.asp catcode UNION SELECT || cve,CVE-2006-6831 || url,www.milw0rm.com/exploits/3031 || url,doc.emergingthreats.net/2005980 1 || 2005981 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS aFAQ SQL Injection Attempt -- faqDsp.asp catcode INSERT || cve,CVE-2006-6831 || url,www.milw0rm.com/exploits/3031 || url,doc.emergingthreats.net/2005981 1 || 2005982 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS aFAQ SQL Injection Attempt -- faqDsp.asp catcode DELETE || cve,CVE-2006-6831 || url,www.milw0rm.com/exploits/3031 || url,doc.emergingthreats.net/2005982 1 || 2005983 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS aFAQ SQL Injection Attempt -- faqDsp.asp catcode ASCII || cve,CVE-2006-6831 || url,www.milw0rm.com/exploits/3031 || url,doc.emergingthreats.net/2005983 1 || 2005984 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS aFAQ SQL Injection Attempt -- faqDsp.asp catcode UPDATE || cve,CVE-2006-6831 || url,www.milw0rm.com/exploits/3031 || url,doc.emergingthreats.net/2005984 1 || 2005985 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp grup SELECT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005985 1 || 2005986 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp grup UNION SELECT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005986 1 || 2005987 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp grup INSERT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005987 1 || 2005988 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp grup DELETE || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005988 1 || 2005989 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp grup ASCII || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005989 1 || 2005990 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp grup UPDATE || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005990 1 || 2005991 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp id SELECT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005991 1 || 2005992 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp id UNION SELECT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005992 1 || 2005993 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp id INSERT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005993 1 || 2005994 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp id DELETE || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005994 1 || 2005995 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp id ASCII || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005995 1 || 2005996 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp id UPDATE || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005996 1 || 2005997 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp id SELECT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005997 1 || 2005998 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp id UNION SELECT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005998 1 || 2005999 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp id INSERT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005999 1 || 2006000 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp id DELETE || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2006000 1 || 2006001 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp id ASCII || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2006001 1 || 2006002 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp id UPDATE || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2006002 1 || 2006003 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php lastname SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006003 1 || 2006004 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php lastname UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006004 1 || 2006005 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php lastname INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006005 1 || 2006006 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php lastname DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006006 1 || 2006007 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php lastname ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006007 1 || 2006008 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php lastname UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006008 1 || 2006009 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php firstname SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006009 1 || 2006010 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php firstname UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006010 1 || 2006011 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php firstname INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006011 1 || 2006012 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php firstname DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006012 1 || 2006013 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php firstname ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006013 1 || 2006014 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php firstname UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006014 1 || 2006015 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordOld SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006015 1 || 2006016 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordOld UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006016 1 || 2006017 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordOld INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006017 1 || 2006018 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordOld DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006018 1 || 2006019 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordOld ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006019 1 || 2006020 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordOld UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006020 1 || 2006021 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordNew SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006021 1 || 2006022 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordNew UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006022 1 || 2006023 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordNew INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006023 1 || 2006024 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordNew DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006024 1 || 2006025 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordNew ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006025 1 || 2006026 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordNew UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006026 1 || 2006027 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php id SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006027 1 || 2006028 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php id UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006028 1 || 2006029 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php id INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006029 1 || 2006030 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php id DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006030 1 || 2006031 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php id ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006031 1 || 2006032 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php id UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006032 1 || 2006033 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php language SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006033 1 || 2006034 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php language UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006034 1 || 2006035 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php language INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006035 1 || 2006036 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php language DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006036 1 || 2006037 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php language ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006037 1 || 2006038 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php language UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006038 1 || 2006039 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php defaultLetter SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006039 1 || 2006040 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php defaultLetter UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006040 1 || 2006041 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php defaultLetter INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006041 1 || 2006042 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php defaultLetter DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006042 1 || 2006043 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php defaultLetter ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006043 1 || 2006044 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php defaultLetter UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006044 1 || 2006045 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserPass SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006045 1 || 2006046 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserPass UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006046 1 || 2006047 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserPass INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006047 1 || 2006048 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserPass DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006048 1 || 2006049 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserPass ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006049 1 || 2006050 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserPass UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006050 1 || 2006051 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserType SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006051 1 || 2006052 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserType UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006052 1 || 2006053 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserType INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006053 1 || 2006054 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserType DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006054 1 || 2006055 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserType ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006055 1 || 2006056 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserType UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006056 1 || 2006057 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserEmail SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006057 1 || 2006058 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserEmail UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006058 1 || 2006059 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserEmail INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006059 1 || 2006060 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserEmail DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006060 1 || 2006061 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserEmail ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006061 1 || 2006062 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserEmail UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006062 1 || 2006063 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php goTo SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006063 1 || 2006064 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php goTo UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006064 1 || 2006065 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php goTo INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006065 1 || 2006066 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php goTo DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006066 1 || 2006067 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php goTo ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006067 1 || 2006068 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php goTo UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006068 1 || 2006069 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php search SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006069 1 || 2006070 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php search UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006070 1 || 2006071 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php search INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006071 1 || 2006072 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php search DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006072 1 || 2006073 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php search ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006073 1 || 2006074 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php search UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006074 1 || 2006075 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- save.php groupAddName SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006075 1 || 2006076 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- save.php groupAddName UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006076 1 || 2006077 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- save.php groupAddName INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006077 1 || 2006078 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- save.php groupAddName DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006078 1 || 2006079 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- save.php groupAddName ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006079 1 || 2006080 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- save.php groupAddName UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006080 1 || 2006081 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006081 1 || 2006082 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006082 1 || 2006083 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006083 1 || 2006084 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006084 1 || 2006085 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006085 1 || 2006086 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006086 1 || 2006087 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006087 1 || 2006088 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006088 1 || 2006089 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006089 1 || 2006090 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006090 1 || 2006091 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006091 1 || 2006092 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006092 1 || 2006093 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006093 1 || 2006094 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006094 1 || 2006095 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006095 1 || 2006096 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006096 1 || 2006097 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006097 1 || 2006098 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006098 1 || 2006099 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006099 1 || 2006100 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006100 1 || 2006101 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006101 1 || 2006102 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006102 1 || 2006103 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006103 1 || 2006104 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006104 1 || 2006105 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006105 1 || 2006106 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006106 1 || 2006107 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006107 1 || 2006108 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006108 1 || 2006109 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006109 1 || 2006110 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006110 1 || 2006111 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006111 1 || 2006112 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006112 1 || 2006113 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006113 1 || 2006114 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006114 1 || 2006115 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006115 1 || 2006116 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006116 1 || 2006117 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006117 1 || 2006118 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006118 1 || 2006119 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006119 1 || 2006120 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006120 1 || 2006121 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006121 1 || 2006122 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006122 1 || 2006123 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID SELECT || cve,CVE-2006-6813 || url,www.milw0rm.com/exploits/2997 || url,doc.emergingthreats.net/2006123 1 || 2006124 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID UNION SELECT || cve,CVE-2006-6813 || url,www.milw0rm.com/exploits/2997 || url,doc.emergingthreats.net/2006124 1 || 2006125 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID INSERT || cve,CVE-2006-6813 || url,www.milw0rm.com/exploits/2997 || url,doc.emergingthreats.net/2006125 1 || 2006126 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID DELETE || cve,CVE-2006-6813 || url,www.milw0rm.com/exploits/2997 || url,doc.emergingthreats.net/2006126 1 || 2006127 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID ASCII || cve,CVE-2006-6813 || url,www.milw0rm.com/exploits/2997 || url,doc.emergingthreats.net/2006127 1 || 2006128 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID UPDATE || cve,CVE-2006-6813 || url,www.milw0rm.com/exploits/2997 || url,doc.emergingthreats.net/2006128 1 || 2006129 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent SELECT || cve,CVE-2006-6807 || url,www.milw0rm.com/exploits/3001 || url,doc.emergingthreats.net/2006129 1 || 2006130 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent UNION SELECT || cve,CVE-2006-6807 || url,www.milw0rm.com/exploits/3001 || url,doc.emergingthreats.net/2006130 1 || 2006131 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent INSERT || cve,CVE-2006-6807 || url,www.milw0rm.com/exploits/3001 || url,doc.emergingthreats.net/2006131 1 || 2006132 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent DELETE || cve,CVE-2006-6807 || url,www.milw0rm.com/exploits/3001 || url,doc.emergingthreats.net/2006132 1 || 2006133 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent ASCII || cve,CVE-2006-6807 || url,www.milw0rm.com/exploits/3001 || url,doc.emergingthreats.net/2006133 1 || 2006134 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent UPDATE || cve,CVE-2006-6807 || url,www.milw0rm.com/exploits/3001 || url,doc.emergingthreats.net/2006134 1 || 2006135 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID SELECT || cve,CVE-2006-6806 || url,www.milw0rm.com/exploits/2990 || url,doc.emergingthreats.net/2006135 1 || 2006136 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID UNION SELECT || cve,CVE-2006-6806 || url,www.milw0rm.com/exploits/2990 || url,doc.emergingthreats.net/2006136 1 || 2006137 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID INSERT || cve,CVE-2006-6806 || url,www.milw0rm.com/exploits/2990 || url,doc.emergingthreats.net/2006137 1 || 2006138 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID DELETE || cve,CVE-2006-6806 || url,www.milw0rm.com/exploits/2990 || url,doc.emergingthreats.net/2006138 1 || 2006139 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID ASCII || cve,CVE-2006-6806 || url,www.milw0rm.com/exploits/2990 || url,doc.emergingthreats.net/2006139 1 || 2006140 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID UPDATE || cve,CVE-2006-6806 || url,www.milw0rm.com/exploits/2990 || url,doc.emergingthreats.net/2006140 1 || 2006141 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID SELECT || cve,CVE-2006-6804 || url,www.milw0rm.com/exploits/2992 || url,doc.emergingthreats.net/2006141 1 || 2006142 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID UNION SELECT || cve,CVE-2006-6804 || url,www.milw0rm.com/exploits/2992 || url,doc.emergingthreats.net/2006142 1 || 2006143 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID INSERT || cve,CVE-2006-6804 || url,www.milw0rm.com/exploits/2992 || url,doc.emergingthreats.net/2006143 1 || 2006144 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID DELETE || cve,CVE-2006-6804 || url,www.milw0rm.com/exploits/2992 || url,doc.emergingthreats.net/2006144 1 || 2006145 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID ASCII || cve,CVE-2006-6804 || url,www.milw0rm.com/exploits/2992 || url,doc.emergingthreats.net/2006145 1 || 2006146 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID UPDATE || cve,CVE-2006-6804 || url,www.milw0rm.com/exploits/2992 || url,doc.emergingthreats.net/2006146 1 || 2006147 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id SELECT || cve,CVE-2006-6803 || url,www.milw0rm.com/exploits/2989 || url,doc.emergingthreats.net/2006147 1 || 2006148 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id UNION SELECT || cve,CVE-2006-6803 || url,www.milw0rm.com/exploits/2989 || url,doc.emergingthreats.net/2006148 1 || 2006149 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id INSERT || cve,CVE-2006-6803 || url,www.milw0rm.com/exploits/2989 || url,doc.emergingthreats.net/2006149 1 || 2006150 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id DELETE || cve,CVE-2006-6803 || url,www.milw0rm.com/exploits/2989 || url,doc.emergingthreats.net/2006150 1 || 2006151 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id ASCII || cve,CVE-2006-6803 || url,www.milw0rm.com/exploits/2989 || url,doc.emergingthreats.net/2006151 1 || 2006152 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id UPDATE || cve,CVE-2006-6803 || url,www.milw0rm.com/exploits/2989 || url,doc.emergingthreats.net/2006152 1 || 2006153 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID SELECT || cve,CVE-2006-6802 || url,www.milw0rm.com/exploits/2991 || url,doc.emergingthreats.net/2006153 1 || 2006154 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID UNION SELECT || cve,CVE-2006-6802 || url,www.milw0rm.com/exploits/2991 || url,doc.emergingthreats.net/2006154 1 || 2006155 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID INSERT || cve,CVE-2006-6802 || url,www.milw0rm.com/exploits/2991 || url,doc.emergingthreats.net/2006155 1 || 2006156 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID DELETE || cve,CVE-2006-6802 || url,www.milw0rm.com/exploits/2991 || url,doc.emergingthreats.net/2006156 1 || 2006157 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID ASCII || cve,CVE-2006-6802 || url,www.milw0rm.com/exploits/2991 || url,doc.emergingthreats.net/2006157 1 || 2006158 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID UPDATE || cve,CVE-2006-6802 || url,www.milw0rm.com/exploits/2991 || url,doc.emergingthreats.net/2006158 1 || 2006159 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp grup SELECT || cve,CVE-2006-6794 || url,www.securityfocus.com/bid/21726 || url,doc.emergingthreats.net/2006159 1 || 2006160 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp grup UNION SELECT || cve,CVE-2006-6794 || url,www.securityfocus.com/bid/21726 || url,doc.emergingthreats.net/2006160 1 || 2006161 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp grup INSERT || cve,CVE-2006-6794 || url,www.securityfocus.com/bid/21726 || url,doc.emergingthreats.net/2006161 1 || 2006162 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp grup DELETE || cve,CVE-2006-6794 || url,www.securityfocus.com/bid/21726 || url,doc.emergingthreats.net/2006162 1 || 2006163 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp grup ASCII || cve,CVE-2006-6794 || url,www.securityfocus.com/bid/21726 || url,doc.emergingthreats.net/2006163 1 || 2006164 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp grup UPDATE || cve,CVE-2006-6794 || url,www.securityfocus.com/bid/21726 || url,doc.emergingthreats.net/2006164 1 || 2006165 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID SELECT || cve,CVE-2006-6792 || url,www.milw0rm.com/exploits/2993 || url,doc.emergingthreats.net/2006165 1 || 2006166 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID UNION SELECT || cve,CVE-2006-6792 || url,www.milw0rm.com/exploits/2993 || url,doc.emergingthreats.net/2006166 1 || 2006167 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID INSERT || cve,CVE-2006-6792 || url,www.milw0rm.com/exploits/2993 || url,doc.emergingthreats.net/2006167 1 || 2006168 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID DELETE || cve,CVE-2006-6792 || url,www.milw0rm.com/exploits/2993 || url,doc.emergingthreats.net/2006168 1 || 2006169 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID ASCII || cve,CVE-2006-6792 || url,www.milw0rm.com/exploits/2993 || url,doc.emergingthreats.net/2006169 1 || 2006170 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID UPDATE || cve,CVE-2006-6792 || url,www.milw0rm.com/exploits/2993 || url,doc.emergingthreats.net/2006170 1 || 2006171 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtUse SELECT || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006171 1 || 2006172 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtUse UNION SELECT || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006172 1 || 2006173 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtUse INSERT || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006173 1 || 2006174 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtUse DELETE || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006174 1 || 2006175 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtUse ASCII || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006175 1 || 2006176 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtUse UPDATE || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006176 1 || 2006177 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtPas SELECT || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006177 1 || 2006178 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtPas UNION SELECT || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006178 1 || 2006179 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtPas INSERT || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006179 1 || 2006180 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtPas DELETE || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006180 1 || 2006181 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtPas ASCII || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006181 1 || 2006182 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtPas UPDATE || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006182 1 || 2006183 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID SELECT || cve,CVE-2006-6787 || url,www.milw0rm.com/exploits/2998 || url,doc.emergingthreats.net/2006183 1 || 2006184 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID UNION SELECT || cve,CVE-2006-6787 || url,www.milw0rm.com/exploits/2998 || url,doc.emergingthreats.net/2006184 1 || 2006185 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID INSERT || cve,CVE-2006-6787 || url,www.milw0rm.com/exploits/2998 || url,doc.emergingthreats.net/2006185 1 || 2006186 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID DELETE || cve,CVE-2006-6787 || url,www.milw0rm.com/exploits/2998 || url,doc.emergingthreats.net/2006186 1 || 2006187 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID ASCII || cve,CVE-2006-6787 || url,www.milw0rm.com/exploits/2998 || url,doc.emergingthreats.net/2006187 1 || 2006188 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID UPDATE || cve,CVE-2006-6787 || url,www.milw0rm.com/exploits/2998 || url,doc.emergingthreats.net/2006188 1 || 2006189 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId SELECT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006189 1 || 2006190 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId UNION SELECT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006190 1 || 2006191 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId INSERT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006191 1 || 2006192 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId DELETE || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006192 1 || 2006193 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId ASCII || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006193 1 || 2006194 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId UPDATE || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006194 1 || 2006195 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm categoryid SELECT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006195 1 || 2006196 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm categoryid UNION SELECT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006196 1 || 2006197 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm categoryid INSERT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006197 1 || 2006198 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm categoryid DELETE || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006198 1 || 2006199 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm categoryid ASCII || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006199 1 || 2006200 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm categoryid UPDATE || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006200 1 || 2006201 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm langId SELECT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006201 1 || 2006202 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm langId UNION SELECT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006202 1 || 2006203 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm langId INSERT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006203 1 || 2006204 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm langId DELETE || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006204 1 || 2006205 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm langId ASCII || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006205 1 || 2006206 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm langId UPDATE || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006206 1 || 2006207 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id SELECT || cve,CVE-2006-6754 || url,www.securityfocus.com/bid/21710 || url,doc.emergingthreats.net/2006207 1 || 2006208 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id UNION SELECT || cve,CVE-2006-6754 || url,www.securityfocus.com/bid/21710 || url,doc.emergingthreats.net/2006208 1 || 2006209 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id INSERT || cve,CVE-2006-6754 || url,www.securityfocus.com/bid/21710 || url,doc.emergingthreats.net/2006209 1 || 2006210 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id DELETE || cve,CVE-2006-6754 || url,www.securityfocus.com/bid/21710 || url,doc.emergingthreats.net/2006210 1 || 2006211 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id ASCII || cve,CVE-2006-6754 || url,www.securityfocus.com/bid/21710 || url,doc.emergingthreats.net/2006211 1 || 2006212 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id UPDATE || cve,CVE-2006-6754 || url,www.securityfocus.com/bid/21710 || url,doc.emergingthreats.net/2006212 1 || 2006213 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xt-News SQL Injection Attempt -- show_news.php id_news SELECT || cve,CVE-2006-6747 || url,www.securityfocus.com/bid/21719 || url,doc.emergingthreats.net/2006213 1 || 2006214 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xt-News SQL Injection Attempt -- show_news.php id_news UNION SELECT || cve,CVE-2006-6747 || url,www.securityfocus.com/bid/21719 || url,doc.emergingthreats.net/2006214 1 || 2006215 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xt-News SQL Injection Attempt -- show_news.php id_news INSERT || cve,CVE-2006-6747 || url,www.securityfocus.com/bid/21719 || url,doc.emergingthreats.net/2006215 1 || 2006216 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xt-News SQL Injection Attempt -- show_news.php id_news DELETE || cve,CVE-2006-6747 || url,www.securityfocus.com/bid/21719 || url,doc.emergingthreats.net/2006216 1 || 2006217 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xt-News SQL Injection Attempt -- show_news.php id_news ASCII || cve,CVE-2006-6747 || url,www.securityfocus.com/bid/21719 || url,doc.emergingthreats.net/2006217 1 || 2006218 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xt-News SQL Injection Attempt -- show_news.php id_news UPDATE || cve,CVE-2006-6747 || url,www.securityfocus.com/bid/21719 || url,doc.emergingthreats.net/2006218 1 || 2006219 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user SELECT || cve,CVE-2006-6716 || url,www.milw0rm.com/exploits/2945 || url,doc.emergingthreats.net/2006219 1 || 2006220 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user UNION SELECT || cve,CVE-2006-6716 || url,www.milw0rm.com/exploits/2945 || url,doc.emergingthreats.net/2006220 1 || 2006221 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user INSERT || cve,CVE-2006-6716 || url,www.milw0rm.com/exploits/2945 || url,doc.emergingthreats.net/2006221 1 || 2006222 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user DELETE || cve,CVE-2006-6716 || url,www.milw0rm.com/exploits/2945 || url,doc.emergingthreats.net/2006222 1 || 2006223 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user ASCII || cve,CVE-2006-6716 || url,www.milw0rm.com/exploits/2945 || url,doc.emergingthreats.net/2006223 1 || 2006224 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user UPDATE || cve,CVE-2006-6716 || url,www.milw0rm.com/exploits/2945 || url,doc.emergingthreats.net/2006224 1 || 2006225 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006225 1 || 2006226 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p UNION SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006226 1 || 2006227 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p INSERT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006227 1 || 2006228 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p DELETE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006228 1 || 2006229 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p ASCII || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006229 1 || 2006230 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p UPDATE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006230 1 || 2006231 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006231 1 || 2006232 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l UNION SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006232 1 || 2006233 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l INSERT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006233 1 || 2006234 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l DELETE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006234 1 || 2006235 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l ASCII || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006235 1 || 2006236 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l UPDATE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006236 1 || 2006237 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006237 1 || 2006238 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ UNION SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006238 1 || 2006239 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ INSERT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006239 1 || 2006240 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ DELETE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006240 1 || 2006241 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ ASCII || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006241 1 || 2006242 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ UPDATE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006242 1 || 2006243 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006243 1 || 2006244 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc UNION SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006244 1 || 2006245 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc INSERT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006245 1 || 2006246 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc DELETE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006246 1 || 2006247 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc ASCII || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006247 1 || 2006248 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc UPDATE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006248 1 || 2006249 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006249 1 || 2006250 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid UNION SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006250 1 || 2006251 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid INSERT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006251 1 || 2006252 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid DELETE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006252 1 || 2006253 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid ASCII || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006253 1 || 2006254 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid UPDATE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006254 1 || 2006255 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006255 1 || 2006256 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id UNION SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006256 1 || 2006257 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id INSERT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006257 1 || 2006258 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id DELETE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006258 1 || 2006259 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id ASCII || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006259 1 || 2006260 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id UPDATE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006260 1 || 2006261 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006261 1 || 2006262 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id UNION SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006262 1 || 2006263 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id INSERT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006263 1 || 2006264 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id DELETE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006264 1 || 2006265 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id ASCII || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006265 1 || 2006266 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id UPDATE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006266 1 || 2006267 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006267 1 || 2006268 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid UNION SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006268 1 || 2006269 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid INSERT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006269 1 || 2006270 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid DELETE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006270 1 || 2006271 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid ASCII || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006271 1 || 2006272 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid UPDATE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006272 1 || 2006273 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id SELECT || cve,CVE-2006-6671 || url,www.securityfocus.com/bid/21676 || url,doc.emergingthreats.net/2006273 1 || 2006274 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id UNION SELECT || cve,CVE-2006-6671 || url,www.securityfocus.com/bid/21676 || url,doc.emergingthreats.net/2006274 1 || 2006275 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id INSERT || cve,CVE-2006-6671 || url,www.securityfocus.com/bid/21676 || url,doc.emergingthreats.net/2006275 1 || 2006276 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id DELETE || cve,CVE-2006-6671 || url,www.securityfocus.com/bid/21676 || url,doc.emergingthreats.net/2006276 1 || 2006277 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id ASCII || cve,CVE-2006-6671 || url,www.securityfocus.com/bid/21676 || url,doc.emergingthreats.net/2006277 1 || 2006278 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id UPDATE || cve,CVE-2006-6671 || url,www.securityfocus.com/bid/21676 || url,doc.emergingthreats.net/2006278 1 || 2006279 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006279 1 || 2006280 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod UNION SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006280 1 || 2006281 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod INSERT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006281 1 || 2006282 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod DELETE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006282 1 || 2006283 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod ASCII || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006283 1 || 2006284 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod UPDATE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006284 1 || 2006285 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006285 1 || 2006286 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick UNION SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006286 1 || 2006287 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick INSERT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006287 1 || 2006288 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick DELETE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006288 1 || 2006289 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick ASCII || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006289 1 || 2006290 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick UPDATE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006290 1 || 2006291 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006291 1 || 2006292 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick UNION SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006292 1 || 2006293 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick INSERT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006293 1 || 2006294 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick DELETE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006294 1 || 2006295 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick ASCII || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006295 1 || 2006296 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick UPDATE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006296 1 || 2006297 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006297 1 || 2006298 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod UNION SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006298 1 || 2006299 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod INSERT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006299 1 || 2006300 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod DELETE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006300 1 || 2006301 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod ASCII || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006301 1 || 2006302 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod UPDATE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006302 1 || 2006303 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contra Haber Sistemi SQL Injection Attempt -- haber.asp id SELECT || cve,CVE-2006-6642 || url,www.securityfocus.com/bid/21626 || url,doc.emergingthreats.net/2006303 1 || 2006304 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contra Haber Sistemi SQL Injection Attempt -- haber.asp id UNION SELECT || cve,CVE-2006-6642 || url,www.securityfocus.com/bid/21626 || url,doc.emergingthreats.net/2006304 1 || 2006305 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contra Haber Sistemi SQL Injection Attempt -- haber.asp id INSERT || cve,CVE-2006-6642 || url,www.securityfocus.com/bid/21626 || url,doc.emergingthreats.net/2006305 1 || 2006306 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contra Haber Sistemi SQL Injection Attempt -- haber.asp id DELETE || cve,CVE-2006-6642 || url,www.securityfocus.com/bid/21626 || url,doc.emergingthreats.net/2006306 1 || 2006307 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contra Haber Sistemi SQL Injection Attempt -- haber.asp id ASCII || cve,CVE-2006-6642 || url,www.securityfocus.com/bid/21626 || url,doc.emergingthreats.net/2006307 1 || 2006308 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contra Haber Sistemi SQL Injection Attempt -- haber.asp id UPDATE || cve,CVE-2006-6642 || url,www.securityfocus.com/bid/21626 || url,doc.emergingthreats.net/2006308 1 || 2006309 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid SELECT || cve,CVE-2006-6594 || url,www.secunia.com/advisories/23372 || url,doc.emergingthreats.net/2006309 1 || 2006310 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid UNION SELECT || cve,CVE-2006-6594 || url,www.secunia.com/advisories/23372 || url,doc.emergingthreats.net/2006310 1 || 2006311 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid INSERT || cve,CVE-2006-6594 || url,www.secunia.com/advisories/23372 || url,doc.emergingthreats.net/2006311 1 || 2006312 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid DELETE || cve,CVE-2006-6594 || url,www.secunia.com/advisories/23372 || url,doc.emergingthreats.net/2006312 1 || 2006313 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid ASCII || cve,CVE-2006-6594 || url,www.secunia.com/advisories/23372 || url,doc.emergingthreats.net/2006313 1 || 2006314 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid UPDATE || cve,CVE-2006-6594 || url,www.secunia.com/advisories/23372 || url,doc.emergingthreats.net/2006314 1 || 2006315 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id SELECT || cve,CVE-2006-6577 || url,www.securityfocus.com/bid/21366 || url,doc.emergingthreats.net/2006315 1 || 2006316 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id UNION SELECT || cve,CVE-2006-6577 || url,www.securityfocus.com/bid/21366 || url,doc.emergingthreats.net/2006316 1 || 2006317 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id INSERT || cve,CVE-2006-6577 || url,www.securityfocus.com/bid/21366 || url,doc.emergingthreats.net/2006317 1 || 2006318 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id DELETE || cve,CVE-2006-6577 || url,www.securityfocus.com/bid/21366 || url,doc.emergingthreats.net/2006318 1 || 2006319 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id ASCII || cve,CVE-2006-6577 || url,www.securityfocus.com/bid/21366 || url,doc.emergingthreats.net/2006319 1 || 2006320 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id UPDATE || cve,CVE-2006-6577 || url,www.securityfocus.com/bid/21366 || url,doc.emergingthreats.net/2006320 1 || 2006321 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID SELECT || cve,CVE-2006-6559 || url,www.exploit-db.com/exploits/2908/ || url,doc.emergingthreats.net/2006321 1 || 2006322 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID UNION SELECT || cve,CVE-2006-6559 || url,www.exploit-db.com/exploits/2908/ || url,doc.emergingthreats.net/2006322 1 || 2006323 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID INSERT || cve,CVE-2006-6559 || url,www.exploit-db.com/exploits/2908/ || url,doc.emergingthreats.net/2006323 1 || 2006324 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID DELETE || cve,CVE-2006-6559 || url,www.exploit-db.com/exploits/2908/ || url,doc.emergingthreats.net/2006324 1 || 2006325 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID ASCII || cve,CVE-2006-6559 || url,www.exploit-db.com/exploits/2908/ || url,doc.emergingthreats.net/2006325 1 || 2006326 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID UPDATE || cve,CVE-2006-6559 || url,www.exploit-db.com/exploits/2908/ || url,doc.emergingthreats.net/2006326 1 || 2006327 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id SELECT || cve,CVE-2006-6542 || url,www.milw0rm.com/exploits/2906 || url,doc.emergingthreats.net/2006327 1 || 2006328 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id UNION SELECT || cve,CVE-2006-6542 || url,www.milw0rm.com/exploits/2906 || url,doc.emergingthreats.net/2006328 1 || 2006329 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id INSERT || cve,CVE-2006-6542 || url,www.milw0rm.com/exploits/2906 || url,doc.emergingthreats.net/2006329 1 || 2006330 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id DELETE || cve,CVE-2006-6542 || url,www.milw0rm.com/exploits/2906 || url,doc.emergingthreats.net/2006330 1 || 2006331 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id ASCII || cve,CVE-2006-6542 || url,www.milw0rm.com/exploits/2906 || url,doc.emergingthreats.net/2006331 1 || 2006332 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id UPDATE || cve,CVE-2006-6542 || url,www.milw0rm.com/exploits/2906 || url,doc.emergingthreats.net/2006332 1 || 2006333 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bluetrait SQL Injection Attempt -- bt-trackback.php SELECT || cve,CVE-2006-6540 || url,www.secunia.com/advisories/23316 || url,doc.emergingthreats.net/2006333 1 || 2006334 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bluetrait SQL Injection Attempt -- bt-trackback.php UNION SELECT || cve,CVE-2006-6540 || url,www.secunia.com/advisories/23316 || url,doc.emergingthreats.net/2006334 1 || 2006335 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bluetrait SQL Injection Attempt -- bt-trackback.php INSERT || cve,CVE-2006-6540 || url,www.secunia.com/advisories/23316 || url,doc.emergingthreats.net/2006335 1 || 2006336 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bluetrait SQL Injection Attempt -- bt-trackback.php DELETE || cve,CVE-2006-6540 || url,www.secunia.com/advisories/23316 || url,doc.emergingthreats.net/2006336 1 || 2006337 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bluetrait SQL Injection Attempt -- bt-trackback.php ASCII || cve,CVE-2006-6540 || url,www.secunia.com/advisories/23316 || url,doc.emergingthreats.net/2006337 1 || 2006338 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bluetrait SQL Injection Attempt -- bt-trackback.php UPDATE || cve,CVE-2006-6540 || url,www.secunia.com/advisories/23316 || url,doc.emergingthreats.net/2006338 1 || 2006339 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp SELECT || cve,CVE-2006-6525 || url,www.secunia.com/advisories/23304 || url,doc.emergingthreats.net/2006339 1 || 2006340 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp UNION SELECT || cve,CVE-2006-6525 || url,www.secunia.com/advisories/23304 || url,doc.emergingthreats.net/2006340 1 || 2006341 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp INSERT || cve,CVE-2006-6525 || url,www.secunia.com/advisories/23304 || url,doc.emergingthreats.net/2006341 1 || 2006342 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp DELETE || cve,CVE-2006-6525 || url,www.secunia.com/advisories/23304 || url,doc.emergingthreats.net/2006342 1 || 2006343 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp ASCII || cve,CVE-2006-6525 || url,www.secunia.com/advisories/23304 || url,doc.emergingthreats.net/2006343 1 || 2006344 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp UPDATE || cve,CVE-2006-6525 || url,www.secunia.com/advisories/23304 || url,doc.emergingthreats.net/2006344 1 || 2006345 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa SELECT || cve,CVE-2006-6521 || url,www.securityfocus.com/bid/21513 || url,doc.emergingthreats.net/2006345 1 || 2006346 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa UNION SELECT || cve,CVE-2006-6521 || url,www.securityfocus.com/bid/21513 || url,doc.emergingthreats.net/2006346 1 || 2006347 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa INSERT || cve,CVE-2006-6521 || url,www.securityfocus.com/bid/21513 || url,doc.emergingthreats.net/2006347 1 || 2006348 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa DELETE || cve,CVE-2006-6521 || url,www.securityfocus.com/bid/21513 || url,doc.emergingthreats.net/2006348 1 || 2006349 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa ASCII || cve,CVE-2006-6521 || url,www.securityfocus.com/bid/21513 || url,doc.emergingthreats.net/2006349 1 || 2006350 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa UPDATE || cve,CVE-2006-6521 || url,www.securityfocus.com/bid/21513 || url,doc.emergingthreats.net/2006350 1 || 2006351 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa SELECT || cve,CVE-2006-6519 || url,www.securityfocus.com/bid/21516 || url,doc.emergingthreats.net/2006351 1 || 2006352 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa UNION SELECT || cve,CVE-2006-6519 || url,www.securityfocus.com/bid/21516 || url,doc.emergingthreats.net/2006352 1 || 2006353 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa INSERT || cve,CVE-2006-6519 || url,www.securityfocus.com/bid/21516 || url,doc.emergingthreats.net/2006353 1 || 2006354 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa DELETE || cve,CVE-2006-6519 || url,www.securityfocus.com/bid/21516 || url,doc.emergingthreats.net/2006354 1 || 2006355 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa ASCII || cve,CVE-2006-6519 || url,www.securityfocus.com/bid/21516 || url,doc.emergingthreats.net/2006355 1 || 2006356 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa UPDATE || cve,CVE-2006-6519 || url,www.securityfocus.com/bid/21516 || url,doc.emergingthreats.net/2006356 1 || 2006357 || 9 || trojan-activity || 0 || ET MALWARE User Agent (TEST) - Likely Webhancer Related Spyware || url,doc.emergingthreats.net/bin/view/Main/2006357 1 || 2006361 || 9 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (Huai_Huai) || md5,ee600bdcc45989750dee846b5049f935 || md5,91b9aa25563ae524d3ca4582630eb8eb || md5,1051f7176fe0a50414649d369e752e98 1 || 2006362 || 9 || trojan-activity || 0 || ET MALWARE Qcbar/Adultlinks Spyware User-Agent (IBSBand) || url,doc.emergingthreats.net/2006362 1 || 2006364 || 7 || trojan-activity || 0 || ET TROJAN Dialer-967 User-Agent || url,doc.emergingthreats.net/2006364 1 || 2006365 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (MYURL) || url,doc.emergingthreats.net/bin/view/Main/2006365 1 || 2006366 || 7 || trojan-activity || 0 || ET TROJAN Bot Backdoor Checkin/registration Request || url,doc.emergingthreats.net/2006366 1 || 2006367 || 7 || policy-violation || 0 || ET DELETED Metacafe.com family filter off || url,doc.emergingthreats.net/2006367 1 || 2006368 || 7 || policy-violation || 0 || ET DELETED Rapidshare download unauthd image post || url,en.wikipedia.org/wiki/RapidShare || url,doc.emergingthreats.net/2006368 1 || 2006369 || 6 || policy-violation || 0 || ET POLICY Rapidshare auth cookie download || url,en.wikipedia.org/wiki/RapidShare || url,doc.emergingthreats.net/2006369 1 || 2006370 || 9 || trojan-activity || 0 || ET MALWARE Effectivebrands.com Spyware User-Agent (atsu) || url,doc.emergingthreats.net/2006370 1 || 2006371 || 7 || trojan-activity || 0 || ET P2P BearShare P2P Gnutella Client User-Agent (BearShare 6.x.x.x) || url,doc.emergingthreats.net/bin/view/Main/2006371 1 || 2006372 || 7 || trojan-activity || 0 || ET P2P Bittorrent P2P Client User-Agent (Bittorrent/5.x.x) || url,doc.emergingthreats.net/bin/view/Main/2006372 1 || 2006375 || 5 || trojan-activity || 0 || ET P2P Bittorrent P2P Client HTTP Request || url,doc.emergingthreats.net/bin/view/Main/2006375 1 || 2006377 || 6 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Agent.bwr || url,doc.emergingthreats.net/2006377 1 || 2006379 || 6 || trojan-activity || 0 || ET P2P BearShare P2P Gnutella Client HTTP Request || url,doc.emergingthreats.net/bin/view/Main/2006379 1 || 2006380 || 12 || policy-violation || 0 || ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted || url,doc.emergingthreats.net/bin/view/Main/2006380 1 || 2006381 || 11 || trojan-activity || 0 || ET MALWARE Ask.com Toolbar/Spyware User-Agent (AskPBar) || url,doc.emergingthreats.net/2006381 1 || 2006382 || 9 || trojan-activity || 0 || ET TROJAN Matcash or related downloader User-Agent Detected || url,doc.emergingthreats.net/2006382 1 || 2006384 || 7 || trojan-activity || 0 || ET TROJAN Generic Password Stealer Checkin URL Detected || url,doc.emergingthreats.net/2006384 1 || 2006385 || 10 || trojan-activity || 0 || ET DELETED PWS-LDPinch posting data || url,doc.emergingthreats.net/2006385 1 || 2006386 || 9 || trojan-activity || 0 || ET MALWARE Deepdo.com Toolbar/Spyware User Agent (DeepdoUpdate) || url,doc.emergingthreats.net/2006386 1 || 2006387 || 8 || trojan-activity || 0 || ET TROJAN Downloader User-Agent Detected (Windows Updates Manager|3.12|...) || url,doc.emergingthreats.net/2006387 1 || 2006388 || 8 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (006) || url,doc.emergingthreats.net/bin/view/Main/2006388 1 || 2006391 || 5 || trojan-activity || 0 || ET TROJAN Poebot Related User Agent (SPM_ID=) || url,doc.emergingthreats.net/2006391 1 || 2006392 || 10 || trojan-activity || 0 || ET MALWARE Win-touch.com Spyware User-Agent (WTRecover) || url,doc.emergingthreats.net/2006392 1 || 2006393 || 10 || trojan-activity || 0 || ET MALWARE Win-touch.com Spyware User-Agent (WTInstaller) || url,doc.emergingthreats.net/2006393 1 || 2006394 || 7 || trojan-activity || 0 || ET TROJAN Downloader User-Agent Detected (ld) || url,doc.emergingthreats.net/2006394 1 || 2006395 || 5 || trojan-activity || 0 || ET TROJAN Socks666 Connection Initial Packet || url,doc.emergingthreats.net/2006396 1 || 2006396 || 5 || trojan-activity || 0 || ET TROJAN Socks666 Connect Command Packet || url,doc.emergingthreats.net/2006396 1 || 2006397 || 6 || trojan-activity || 0 || ET TROJAN Socks666 Successful Connect Packet Packet || url,doc.emergingthreats.net/2006396 1 || 2006398 || 6 || trojan-activity || 0 || ET TROJAN Socks666 Checkin Packet || url,doc.emergingthreats.net/2006396 1 || 2006399 || 5 || trojan-activity || 0 || ET TROJAN Socks666 Checkin Success Packet || url,doc.emergingthreats.net/2006396 1 || 2006400 || 6 || trojan-activity || 0 || ET TROJAN Downloader.26001 Url Pattern Detected || url,doc.emergingthreats.net/2006400 1 || 2006401 || 6 || trojan-activity || 0 || ET TROJAN Downloader.26001 Url Pattern Detected (lunch_id) || url,doc.emergingthreats.net/2006401 1 || 2006402 || 10 || policy-violation || 0 || ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted || url,doc.emergingthreats.net/bin/view/Main/2006402 1 || 2006403 || 6 || trojan-activity || 0 || ET TROJAN General Trojan Checkin by MAC chkmac.php 1 || 2006404 || 5 || trojan-activity || 0 || ET TROJAN DownLoader.30525 Checkin || url,doc.emergingthreats.net/bin/view/Main/2006404 1 || 2006405 || 4 || trojan-activity || 0 || ET TROJAN Proxy.Win32.Agent.mx || url,doc.emergingthreats.net/2006405 1 || 2006406 || 5 || trojan-activity || 0 || ET TROJAN Proxy.Win32.Agent.mx (2) || url,doc.emergingthreats.net/2006406 1 || 2006408 || 14 || policy-violation || 0 || ET POLICY HTTP Request on Unusual Port Possibly Hostile || url,doc.emergingthreats.net/2006408 1 || 2006409 || 10 || policy-violation || 0 || ET POLICY HTTP POST on unusual Port Possibly Hostile || url,doc.emergingthreats.net/2006409 1 || 2006410 || 6 || policy-violation || 0 || ET DELETED PHP Anonymizing/Evasion Proxy In Use || url,sourceforge.net/projects/php-proxy/ || url,doc.emergingthreats.net/2006410 1 || 2006411 || 9 || trojan-activity || 0 || ET TROJAN Storm Worm HTTP Request || url,doc.emergingthreats.net/2006411 1 || 2006413 || 8 || trojan-activity || 0 || ET MALWARE Mycashbank.co.kr Spyware User-Agent (pint_agency) || url,doc.emergingthreats.net/2006413 1 || 2006414 || 5 || trojan-activity || 0 || ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi) || url,doc.emergingthreats.net/2006414 1 || 2006417 || 8 || policy-violation || 0 || ET ATTACK_RESPONSE Weak Netbios Lanman Auth Challenge Detected || url,doc.emergingthreats.net/bin/view/Main/2006417 1 || 2006418 || 8 || trojan-activity || 0 || ET USER_AGENTS Vaccineprogram.co.kr Related Spyware User-Agent (Museon) || url,doc.emergingthreats.net/2006418 1 || 2006419 || 8 || trojan-activity || 0 || ET MALWARE Vaccineprogram.co.kr Related Spyware User-Agent (anycleaner) || url,doc.emergingthreats.net/2006419 1 || 2006420 || 7 || trojan-activity || 0 || ET USER_AGENTS Vaccineprogram.co.kr Related Spyware User Agent (pcsafe) || url,doc.emergingthreats.net/2006420 1 || 2006421 || 8 || trojan-activity || 0 || ET MALWARE Doctorvaccine.co.kr Related Spyware User-Agent (DoctorVaccine) || url,doc.emergingthreats.net/2006421 1 || 2006422 || 8 || trojan-activity || 0 || ET MALWARE Platinumreward.co.kr Spyware User-Agent (WT_GET_COMM) || url,doc.emergingthreats.net/2006422 1 || 2006423 || 8 || trojan-activity || 0 || ET MALWARE Doctorpro.co.kr Related Spyware User-Agent (doctorpro1) || url,doc.emergingthreats.net/2006423 1 || 2006425 || 6 || trojan-activity || 0 || ET DELETED Doctorpro.co.kr Related Fake Anti-Spyware Install Checkin || url,doc.emergingthreats.net/bin/view/Main/2006425 1 || 2006426 || 6 || trojan-activity || 0 || ET DELETED Doctorpro.co.kr Related Fake Anti-Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2006426 1 || 2006427 || 6 || trojan-activity || 0 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Mac Check || url,doc.emergingthreats.net/bin/view/Main/2006427 1 || 2006428 || 6 || trojan-activity || 0 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin (open) || url,doc.emergingthreats.net/bin/view/Main/2006428 1 || 2006429 || 9 || trojan-activity || 0 || ET MALWARE Karine.co.kr Related Spyware User Agent (chk Profile) || url,doc.emergingthreats.net/2006429 1 || 2006430 || 9 || trojan-activity || 0 || ET MALWARE Karine.co.kr Related Spyware User-Agent (Access down) || url,doc.emergingthreats.net/2006430 1 || 2006431 || 6 || trojan-activity || 0 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post || url,doc.emergingthreats.net/bin/view/Main/2006431 1 || 2006432 || 6 || trojan-activity || 0 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin (ret) || url,doc.emergingthreats.net/bin/view/Main/2006432 1 || 2006433 || 6 || trojan-activity || 0 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post (api_result) || url,doc.emergingthreats.net/bin/view/Main/2006433 1 || 2006434 || 8 || trojan-activity || 0 || ET POLICY Possible Ecard Trojan download || url,doc.emergingthreats.net/2006434 1 || 2006435 || 8 || misc-activity || 0 || ET SCAN LibSSH Based SSH Connection - Often used as a BruteForce Tool || url,doc.emergingthreats.net/2006435 1 || 2006441 || 7 || trojan-activity || 0 || ET TROJAN Zlob User Agent - updating (Winlogon) || url,doc.emergingthreats.net/2006441 1 || 2006443 || 10 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection Attempt DELETE FROM || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2006443 1 || 2006444 || 10 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection Attempt INSERT INTO || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2006444 1 || 2006445 || 10 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection Attempt SELECT FROM || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2006445 1 || 2006446 || 11 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection Attempt UNION SELECT || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2006446 1 || 2006447 || 12 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection Attempt UPDATE SET || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2006447 1 || 2006448 || 4 || trojan-activity || 0 || ET TROJAN Win32.Agent.ajx Trojan Reporting to Server || url,doc.emergingthreats.net/2006448 1 || 2006449 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Elxis CMS SQL Injection Attempt -- mod_banners.php SELECT || cve,CVE-2007-3250 || url,www.securityfocus.com/bid/24478 || url,doc.emergingthreats.net/2006449 1 || 2006450 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Elxis CMS SQL Injection Attempt -- mod_banners.php UNION SELECT || cve,CVE-2007-3250 || url,www.securityfocus.com/bid/24478 || url,doc.emergingthreats.net/2006450 1 || 2006451 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Elxis CMS SQL Injection Attempt -- mod_banners.php INSERT || cve,CVE-2007-3250 || url,www.securityfocus.com/bid/24478 || url,doc.emergingthreats.net/2006451 1 || 2006452 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Elxis CMS SQL Injection Attempt -- mod_banners.php DELETE || cve,CVE-2007-3250 || url,www.securityfocus.com/bid/24478 || url,doc.emergingthreats.net/2006452 1 || 2006453 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Elxis CMS SQL Injection Attempt -- mod_banners.php ASCII || cve,CVE-2007-3250 || url,www.securityfocus.com/bid/24478 || url,doc.emergingthreats.net/2006453 1 || 2006454 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Elxis CMS SQL Injection Attempt -- mod_banners.php UPDATE || cve,CVE-2007-3250 || url,www.securityfocus.com/bid/24478 || url,doc.emergingthreats.net/2006454 1 || 2006455 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page SELECT || cve,CVE-2007-3128 || url,www.osvdb.org/34164 || url,doc.emergingthreats.net/2006455 1 || 2006456 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page UNION SELECT || cve,CVE-2007-3128 || url,www.osvdb.org/34164 || url,doc.emergingthreats.net/2006456 1 || 2006457 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page INSERT || cve,CVE-2007-3128 || url,www.osvdb.org/34164 || url,doc.emergingthreats.net/2006457 1 || 2006458 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page DELETE || cve,CVE-2007-3128 || url,www.osvdb.org/34164 || url,doc.emergingthreats.net/2006458 1 || 2006459 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page ASCII || cve,CVE-2007-3128 || url,www.osvdb.org/34164 || url,doc.emergingthreats.net/2006459 1 || 2006460 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page UPDATE || cve,CVE-2007-3128 || url,www.osvdb.org/34164 || url,doc.emergingthreats.net/2006460 1 || 2006461 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm SELECT || cve,CVE-2007-3273 || url,www.securityfocus.com/bid/24498 || url,doc.emergingthreats.net/2006461 1 || 2006462 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm UNION SELECT || cve,CVE-2007-3273 || url,www.securityfocus.com/bid/24498 || url,doc.emergingthreats.net/2006462 1 || 2006463 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm INSERT || cve,CVE-2007-3273 || url,www.securityfocus.com/bid/24498 || url,doc.emergingthreats.net/2006463 1 || 2006464 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm DELETE || cve,CVE-2007-3273 || url,www.securityfocus.com/bid/24498 || url,doc.emergingthreats.net/2006464 1 || 2006465 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm ASCII || cve,CVE-2007-3273 || url,www.securityfocus.com/bid/24498 || url,doc.emergingthreats.net/2006465 1 || 2006466 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm UPDATE || cve,CVE-2007-3273 || url,www.securityfocus.com/bid/24498 || url,doc.emergingthreats.net/2006466 1 || 2006467 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- autherror.cfm errorcode SELECT || cve,CVE-2007-3301 || url,www.securityfocus.com/bid/24528 || url,doc.emergingthreats.net/2006467 1 || 2006468 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- autherror.cfm errorcode UNION SELECT || cve,CVE-2007-3301 || url,www.securityfocus.com/bid/24528 || url,doc.emergingthreats.net/2006468 1 || 2006469 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- autherror.cfm errorcode INSERT || cve,CVE-2007-3301 || url,www.securityfocus.com/bid/24528 || url,doc.emergingthreats.net/2006469 1 || 2006470 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- autherror.cfm errorcode DELETE || cve,CVE-2007-3301 || url,www.securityfocus.com/bid/24528 || url,doc.emergingthreats.net/2006470 1 || 2006471 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- autherror.cfm errorcode ASCII || cve,CVE-2007-3301 || url,www.securityfocus.com/bid/24528 || url,doc.emergingthreats.net/2006471 1 || 2006472 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- autherror.cfm errorcode UPDATE || cve,CVE-2007-3301 || url,www.securityfocus.com/bid/24528 || url,doc.emergingthreats.net/2006472 1 || 2006473 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid SELECT || cve,CVE-2007-3293 || url,www.exploit-db.com/exploits/4082/ || url,doc.emergingthreats.net/2006473 1 || 2006474 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid UNION SELECT || cve,CVE-2007-3293 || url,www.exploit-db.com/exploits/4082/ || url,doc.emergingthreats.net/2006474 1 || 2006475 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid INSERT || cve,CVE-2007-3293 || url,www.exploit-db.com/exploits/4082/ || url,doc.emergingthreats.net/2006475 1 || 2006476 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid DELETE || cve,CVE-2007-3293 || url,www.exploit-db.com/exploits/4082/ || url,doc.emergingthreats.net/2006476 1 || 2006477 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid ASCII || cve,CVE-2007-3293 || url,www.exploit-db.com/exploits/4082/ || url,doc.emergingthreats.net/2006477 1 || 2006478 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid UPDATE || cve,CVE-2007-3293 || url,www.exploit-db.com/exploits/4082/ || url,doc.emergingthreats.net/2006478 1 || 2006479 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php SELECT || cve,CVE-2007-3307 || url,www.milw0rm.com/exploits/4078 || url,doc.emergingthreats.net/2006479 1 || 2006480 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php UNION SELECT || cve,CVE-2007-3307 || url,www.milw0rm.com/exploits/4078 || url,doc.emergingthreats.net/2006480 1 || 2006481 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php INSERT || cve,CVE-2007-3307 || url,www.milw0rm.com/exploits/4078 || url,doc.emergingthreats.net/2006481 1 || 2006482 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php DELETE || cve,CVE-2007-3307 || url,www.milw0rm.com/exploits/4078 || url,doc.emergingthreats.net/2006482 1 || 2006484 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php ASCII || cve,CVE-2007-3307 || url,www.milw0rm.com/exploits/4078 || url,doc.emergingthreats.net/2006484 1 || 2006485 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php UPDATE || cve,CVE-2007-3307 || url,www.milw0rm.com/exploits/4078 || url,doc.emergingthreats.net/2006485 1 || 2006486 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- print.php id SELECT || cve,CVE-2007-3311 || url,www.milw0rm.com/exploits/3588 || url,doc.emergingthreats.net/2006486 1 || 2006487 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- print.php id UNION SELECT || cve,CVE-2007-3311 || url,www.milw0rm.com/exploits/3588 || url,doc.emergingthreats.net/2006487 1 || 2006488 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- print.php id INSERT || cve,CVE-2007-3311 || url,www.milw0rm.com/exploits/3588 || url,doc.emergingthreats.net/2006488 1 || 2006489 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- print.php id DELETE || cve,CVE-2007-3311 || url,www.milw0rm.com/exploits/3588 || url,doc.emergingthreats.net/2006489 1 || 2006490 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- print.php id ASCII || cve,CVE-2007-3311 || url,www.milw0rm.com/exploits/3588 || url,doc.emergingthreats.net/2006490 1 || 2006491 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- print.php id UPDATE || cve,CVE-2007-3311 || url,www.milw0rm.com/exploits/3588 || url,doc.emergingthreats.net/2006491 1 || 2006492 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username SELECT || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006492 1 || 2006493 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username UNION SELECT || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006493 1 || 2006494 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username INSERT || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006494 1 || 2006495 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username DELETE || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006495 1 || 2006496 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username ASCII || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006496 1 || 2006497 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username UPDATE || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006497 1 || 2006498 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item SELECT || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006498 1 || 2006499 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item UNION SELECT || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006499 1 || 2006500 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item INSERT || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006500 1 || 2006501 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item DELETE || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006501 1 || 2006502 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item ASCII || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006502 1 || 2006503 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item UPDATE || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006503 1 || 2006504 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct SELECT || cve,CVE-2007-3323 || url,www.securityfocus.com/bid/24562 || url,doc.emergingthreats.net/2006504 1 || 2006505 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UNION SELECT || cve,CVE-2007-3323 || url,www.securityfocus.com/bid/24562 || url,doc.emergingthreats.net/2006505 1 || 2006506 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct INSERT || cve,CVE-2007-3323 || url,www.securityfocus.com/bid/24562 || url,doc.emergingthreats.net/2006506 1 || 2006507 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct DELETE || cve,CVE-2007-3323 || url,www.securityfocus.com/bid/24562 || url,doc.emergingthreats.net/2006507 1 || 2006508 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ASCII || cve,CVE-2007-3323 || url,www.securityfocus.com/bid/24562 || url,doc.emergingthreats.net/2006508 1 || 2006509 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UPDATE || cve,CVE-2007-3323 || url,www.securityfocus.com/bid/24562 || url,doc.emergingthreats.net/2006509 1 || 2006510 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006510 1 || 2006511 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UNION SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006511 1 || 2006512 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID INSERT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006512 1 || 2006513 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID DELETE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006513 1 || 2006514 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ASCII || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006514 1 || 2006515 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UPDATE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006515 1 || 2006516 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006516 1 || 2006517 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UNION SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006517 1 || 2006518 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID INSERT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006518 1 || 2006519 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID DELETE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006519 1 || 2006520 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ASCII || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006520 1 || 2006521 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UPDATE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006521 1 || 2006522 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006522 1 || 2006523 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID UNION SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006523 1 || 2006524 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID INSERT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006524 1 || 2006525 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID DELETE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006525 1 || 2006526 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID ASCII || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006526 1 || 2006527 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID UPDATE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006527 1 || 2006528 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006528 1 || 2006529 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID UNION SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006529 1 || 2006530 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID INSERT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006530 1 || 2006531 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID DELETE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006531 1 || 2006532 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID ASCII || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006532 1 || 2006533 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID UPDATE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006533 1 || 2006534 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006534 1 || 2006535 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UNION SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006535 1 || 2006536 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID INSERT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006536 1 || 2006537 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID DELETE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006537 1 || 2006538 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ASCII || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006538 1 || 2006539 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UPDATE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006539 1 || 2006540 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006540 1 || 2006541 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UNION SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006541 1 || 2006542 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID INSERT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006542 1 || 2006543 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID DELETE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006543 1 || 2006544 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ASCII || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006544 1 || 2006545 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UPDATE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006545 1 || 2006546 || 7 || attempted-admin || 0 || ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack! || url,doc.emergingthreats.net/2006546 1 || 2006547 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id SELECT || cve,CVE-2007-3354 || url,www.securityfocus.com/bid/24584 || url,doc.emergingthreats.net/2006547 1 || 2006548 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UNION SELECT || cve,CVE-2007-3354 || url,www.securityfocus.com/bid/24584 || url,doc.emergingthreats.net/2006548 1 || 2006549 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id INSERT || cve,CVE-2007-3354 || url,www.securityfocus.com/bid/24584 || url,doc.emergingthreats.net/2006549 1 || 2006550 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id DELETE || cve,CVE-2007-3354 || url,www.securityfocus.com/bid/24584 || url,doc.emergingthreats.net/2006550 1 || 2006551 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ASCII || cve,CVE-2007-3354 || url,www.securityfocus.com/bid/24584 || url,doc.emergingthreats.net/2006551 1 || 2006552 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UPDATE || cve,CVE-2007-3354 || url,www.securityfocus.com/bid/24584 || url,doc.emergingthreats.net/2006552 1 || 2006553 || 9 || trojan-activity || 0 || ET MALWARE Cpushpop.com Spyware User-Agent (CPUSH_UPDATER) || url,doc.emergingthreats.net/2006553 1 || 2006554 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyPage SQL Injection Attempt -- default.aspx docId SELECT || cve,CVE-2006-6486 || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || url,doc.emergingthreats.net/2006554 1 || 2006555 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyPage SQL Injection Attempt -- default.aspx docId UNION SELECT || cve,CVE-2006-6486 || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || url,doc.emergingthreats.net/2006555 1 || 2006556 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyPage SQL Injection Attempt -- default.aspx docId INSERT || cve,CVE-2006-6486 || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || url,doc.emergingthreats.net/2006556 1 || 2006557 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyPage SQL Injection Attempt -- default.aspx docId DELETE || cve,CVE-2006-6486 || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || url,doc.emergingthreats.net/2006557 1 || 2006558 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyPage SQL Injection Attempt -- default.aspx docId ASCII || cve,CVE-2006-6486 || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || url,doc.emergingthreats.net/2006558 1 || 2006559 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyPage SQL Injection Attempt -- default.aspx docId UPDATE || cve,CVE-2006-6486 || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || url,doc.emergingthreats.net/2006559 1 || 2006560 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- email.php id SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006560 1 || 2006561 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- email.php id UNION SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006561 1 || 2006562 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- email.php id INSERT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006562 1 || 2006564 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- email.php id DELETE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006564 1 || 2006565 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- email.php id ASCII || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006565 1 || 2006566 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- email.php id UPDATE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006566 1 || 2006567 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006567 1 || 2006568 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no UNION SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006568 1 || 2006569 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no INSERT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006569 1 || 2006570 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no DELETE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006570 1 || 2006571 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no ASCII || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006571 1 || 2006572 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no UPDATE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006572 1 || 2006573 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006573 1 || 2006574 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre UNION SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006574 1 || 2006575 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre INSERT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006575 1 || 2006576 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre DELETE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006576 1 || 2006577 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre ASCII || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006577 1 || 2006578 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre UPDATE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006578 1 || 2006579 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006579 1 || 2006580 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce UNION SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006580 1 || 2006581 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce INSERT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006581 1 || 2006582 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce DELETE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006582 1 || 2006583 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce ASCII || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006583 1 || 2006584 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce UPDATE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006584 1 || 2006585 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006585 1 || 2006586 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce UNION SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006586 1 || 2006587 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce INSERT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006587 1 || 2006588 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce DELETE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006588 1 || 2006589 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce ASCII || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006589 1 || 2006590 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce UPDATE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006590 1 || 2006591 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid SELECT || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006591 1 || 2006592 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid UNION SELECT || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006592 1 || 2006593 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid INSERT || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006593 1 || 2006594 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid DELETE || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006594 1 || 2006595 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid ASCII || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006595 1 || 2006596 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid UPDATE || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006596 1 || 2006597 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass SELECT || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006597 1 || 2006598 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass UNION SELECT || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006598 1 || 2006599 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass INSERT || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006599 1 || 2006600 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass DELETE || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006600 1 || 2006601 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass ASCII || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006601 1 || 2006602 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass UPDATE || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006602 1 || 2006603 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user SELECT || cve,CVE-2006-6448 || url,www.frsirt.com/english/advisories/2006/4850 || url,doc.emergingthreats.net/2006603 1 || 2006604 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UNION SELECT || cve,CVE-2006-6448 || url,www.frsirt.com/english/advisories/2006/4850 || url,doc.emergingthreats.net/2006604 1 || 2006605 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user INSERT || cve,CVE-2006-6448 || url,www.frsirt.com/english/advisories/2006/4850 || url,doc.emergingthreats.net/2006605 1 || 2006606 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user DELETE || cve,CVE-2006-6448 || url,www.frsirt.com/english/advisories/2006/4850 || url,doc.emergingthreats.net/2006606 1 || 2006607 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ASCII || cve,CVE-2006-6448 || url,www.frsirt.com/english/advisories/2006/4850 || url,doc.emergingthreats.net/2006607 1 || 2006608 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UPDATE || cve,CVE-2006-6448 || url,www.frsirt.com/english/advisories/2006/4850 || url,doc.emergingthreats.net/2006608 1 || 2006609 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D SELECT || cve,CVE-2006-6446 || url,www.securityfocus.com/bid/21467 || url,doc.emergingthreats.net/2006609 1 || 2006610 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D UNION SELECT || cve,CVE-2006-6446 || url,www.securityfocus.com/bid/21467 || url,doc.emergingthreats.net/2006610 1 || 2006611 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D INSERT || cve,CVE-2006-6446 || url,www.securityfocus.com/bid/21467 || url,doc.emergingthreats.net/2006611 1 || 2006612 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D DELETE || cve,CVE-2006-6446 || url,www.securityfocus.com/bid/21467 || url,doc.emergingthreats.net/2006612 1 || 2006613 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D ASCII || cve,CVE-2006-6446 || url,www.securityfocus.com/bid/21467 || url,doc.emergingthreats.net/2006613 1 || 2006614 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D UPDATE || cve,CVE-2006-6446 || url,www.securityfocus.com/bid/21467 || url,doc.emergingthreats.net/2006614 1 || 2006615 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_doc SELECT || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006615 1 || 2006616 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_doc UNION SELECT || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006616 1 || 2006617 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_doc INSERT || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006617 1 || 2006618 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_doc DELETE || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006618 1 || 2006619 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_doc ASCII || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006619 1 || 2006620 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_doc UPDATE || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006620 1 || 2006621 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_aut SELECT || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006621 1 || 2006622 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_aut UNION SELECT || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006622 1 || 2006623 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_aut INSERT || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006623 1 || 2006624 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_aut DELETE || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006624 1 || 2006625 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_aut ASCII || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006625 1 || 2006626 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_aut UPDATE || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006626 1 || 2006627 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details SELECT || cve,CVE-2006-6403 || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || url,doc.emergingthreats.net/2006627 1 || 2006628 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details UNION SELECT || cve,CVE-2006-6403 || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || url,doc.emergingthreats.net/2006628 1 || 2006629 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details INSERT || cve,CVE-2006-6403 || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || url,doc.emergingthreats.net/2006629 1 || 2006630 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details DELETE || cve,CVE-2006-6403 || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || url,doc.emergingthreats.net/2006630 1 || 2006631 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details ASCII || cve,CVE-2006-6403 || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || url,doc.emergingthreats.net/2006631 1 || 2006632 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details UPDATE || cve,CVE-2006-6403 || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || url,doc.emergingthreats.net/2006632 1 || 2006633 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006633 1 || 2006634 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp UNION SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006634 1 || 2006635 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp INSERT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006635 1 || 2006636 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp DELETE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006636 1 || 2006637 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp ASCII || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006637 1 || 2006638 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp UPDATE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006638 1 || 2006639 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006639 1 || 2006640 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp UNION SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006640 1 || 2006641 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp INSERT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006641 1 || 2006642 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp DELETE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006642 1 || 2006643 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp ASCII || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006643 1 || 2006644 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp UPDATE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006644 1 || 2006645 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006645 1 || 2006646 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID UNION SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006646 1 || 2006647 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID INSERT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006647 1 || 2006648 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID DELETE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006648 1 || 2006649 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID ASCII || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006649 1 || 2006650 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID UPDATE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006650 1 || 2006651 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006651 1 || 2006652 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID UNION SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006652 1 || 2006653 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID INSERT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006653 1 || 2006654 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID DELETE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006654 1 || 2006655 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID ASCII || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006655 1 || 2006656 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID UPDATE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006656 1 || 2006657 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni SELECT || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006657 1 || 2006658 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni UNION SELECT || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006658 1 || 2006659 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni INSERT || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006659 1 || 2006660 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni DELETE || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006660 1 || 2006661 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni ASCII || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006661 1 || 2006662 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni UPDATE || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006662 1 || 2006663 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci SELECT || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006663 1 || 2006664 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci UNION SELECT || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006664 1 || 2006665 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci INSERT || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006665 1 || 2006666 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci DELETE || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006666 1 || 2006667 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci ASCII || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006667 1 || 2006668 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci UPDATE || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006668 1 || 2006669 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- post.php img SELECT || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006669 1 || 2006670 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- post.php img UNION SELECT || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006670 1 || 2006671 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- post.php img INSERT || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006671 1 || 2006672 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- post.php img DELETE || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006672 1 || 2006673 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- post.php img ASCII || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006673 1 || 2006674 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- post.php img UPDATE || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006674 1 || 2006675 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img SELECT || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006675 1 || 2006676 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img UNION SELECT || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006676 1 || 2006677 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img INSERT || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006677 1 || 2006678 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img DELETE || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006678 1 || 2006679 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img ASCII || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006679 1 || 2006680 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img UPDATE || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006680 1 || 2006681 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid SELECT || cve,CVE-2006-6369 || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || url,doc.emergingthreats.net/2006681 1 || 2006682 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid UNION SELECT || cve,CVE-2006-6369 || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || url,doc.emergingthreats.net/2006682 1 || 2006683 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid INSERT || cve,CVE-2006-6369 || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || url,doc.emergingthreats.net/2006683 1 || 2006684 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid DELETE || cve,CVE-2006-6369 || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || url,doc.emergingthreats.net/2006684 1 || 2006685 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid ASCII || cve,CVE-2006-6369 || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || url,doc.emergingthreats.net/2006685 1 || 2006686 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid UPDATE || cve,CVE-2006-6369 || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || url,doc.emergingthreats.net/2006686 1 || 2006687 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp iFile SELECT || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006687 1 || 2006688 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp iFile UNION SELECT || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006688 1 || 2006689 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp iFile INSERT || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006689 1 || 2006690 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp iFile DELETE || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006690 1 || 2006691 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp iFile ASCII || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006691 1 || 2006692 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp iFile UPDATE || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006692 1 || 2006694 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action SELECT || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006694 1 || 2006695 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action UNION SELECT || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006695 1 || 2006696 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action INSERT || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006696 1 || 2006697 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action DELETE || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006697 1 || 2006698 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action ASCII || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006698 1 || 2006699 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action UPDATE || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006699 1 || 2006700 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUpaypal SQL Injection Attempt -- detail.asp iType SELECT || cve,CVE-2006-6365 || url,www.securityfocus.com/bid/14034 || url,doc.emergingthreats.net/2006700 1 || 2006701 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUpaypal SQL Injection Attempt -- detail.asp iType UNION SELECT || cve,CVE-2006-6365 || url,www.securityfocus.com/bid/14034 || url,doc.emergingthreats.net/2006701 1 || 2006702 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUpaypal SQL Injection Attempt -- detail.asp iType INSERT || cve,CVE-2006-6365 || url,www.securityfocus.com/bid/14034 || url,doc.emergingthreats.net/2006702 1 || 2006703 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUpaypal SQL Injection Attempt -- detail.asp iType DELETE || cve,CVE-2006-6365 || url,www.securityfocus.com/bid/14034 || url,doc.emergingthreats.net/2006703 1 || 2006704 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUpaypal SQL Injection Attempt -- detail.asp iType ASCII || cve,CVE-2006-6365 || url,www.securityfocus.com/bid/14034 || url,doc.emergingthreats.net/2006704 1 || 2006705 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUpaypal SQL Injection Attempt -- detail.asp iType UPDATE || cve,CVE-2006-6365 || url,www.securityfocus.com/bid/14034 || url,doc.emergingthreats.net/2006705 1 || 2006706 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuClassmate SQL Injection Attempt -- default.asp iCity SELECT || cve,CVE-2006-6355 || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || url,doc.emergingthreats.net/2006706 1 || 2006707 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuClassmate SQL Injection Attempt -- default.asp iCity UNION SELECT || cve,CVE-2006-6355 || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || url,doc.emergingthreats.net/2006707 1 || 2006708 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuClassmate SQL Injection Attempt -- default.asp iCity INSERT || cve,CVE-2006-6355 || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || url,doc.emergingthreats.net/2006708 1 || 2006709 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuClassmate SQL Injection Attempt -- default.asp iCity DELETE || cve,CVE-2006-6355 || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || url,doc.emergingthreats.net/2006709 1 || 2006710 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuClassmate SQL Injection Attempt -- default.asp iCity ASCII || cve,CVE-2006-6355 || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || url,doc.emergingthreats.net/2006710 1 || 2006711 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuClassmate SQL Injection Attempt -- default.asp iCity UPDATE || cve,CVE-2006-6355 || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || url,doc.emergingthreats.net/2006711 1 || 2006712 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews SELECT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006712 1 || 2006713 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews UNION SELECT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006713 1 || 2006714 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews INSERT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006714 1 || 2006715 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews DELETE || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006715 1 || 2006716 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews ASCII || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006716 1 || 2006717 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews UPDATE || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006717 1 || 2006718 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp iType SELECT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006718 1 || 2006719 || 7 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp iType UNION SELECT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006719 1 || 2006720 || 7 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp iType INSERT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006720 1 || 2006721 || 7 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp iType DELETE || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006721 1 || 2006722 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp iType ASCII || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006722 1 || 2006723 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp iType UPDATE || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006723 1 || 2006724 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp Action SELECT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006724 1 || 2006725 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp Action UNION SELECT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006725 1 || 2006726 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp Action INSERT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006726 1 || 2006727 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp Action DELETE || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006727 1 || 2006728 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp Action ASCII || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006728 1 || 2006729 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp Action UPDATE || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006729 1 || 2006730 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main SELECT || cve,CVE-2006-6349 || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || url,doc.emergingthreats.net/2006730 1 || 2006731 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UNION SELECT || cve,CVE-2006-6349 || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || url,doc.emergingthreats.net/2006731 1 || 2006732 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main INSERT || cve,CVE-2006-6349 || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || url,doc.emergingthreats.net/2006732 1 || 2006733 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main DELETE || cve,CVE-2006-6349 || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || url,doc.emergingthreats.net/2006733 1 || 2006734 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ASCII || cve,CVE-2006-6349 || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || url,doc.emergingthreats.net/2006734 1 || 2006735 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UPDATE || cve,CVE-2006-6349 || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || url,doc.emergingthreats.net/2006735 1 || 2006736 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006736 1 || 2006737 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php UNION SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006737 1 || 2006738 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php INSERT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006738 1 || 2006739 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php DELETE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006739 1 || 2006740 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php ASCII || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006740 1 || 2006741 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php UPDATE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006741 1 || 2006742 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006742 1 || 2006743 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php UNION SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006743 1 || 2006744 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php INSERT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006744 1 || 2006745 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php DELETE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006745 1 || 2006746 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php ASCII || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006746 1 || 2006747 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php UPDATE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006747 1 || 2006748 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006748 1 || 2006749 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php UNION SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006749 1 || 2006750 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php INSERT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006750 1 || 2006751 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php DELETE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006751 1 || 2006752 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php ASCII || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006752 1 || 2006753 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php UPDATE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006753 1 || 2006754 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- polls.php id SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006754 1 || 2006755 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- polls.php id UNION SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006755 1 || 2006756 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- polls.php id INSERT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006756 1 || 2006757 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- polls.php id DELETE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006757 1 || 2006758 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- polls.php id ASCII || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006758 1 || 2006759 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- polls.php id UPDATE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006759 1 || 2006760 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category SELECT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006760 1 || 2006761 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UNION SELECT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006761 1 || 2006762 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category INSERT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006762 1 || 2006763 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category DELETE || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006763 1 || 2006764 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ASCII || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006764 1 || 2006765 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UPDATE || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006765 1 || 2006766 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent SELECT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006766 1 || 2006767 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UNION SELECT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006767 1 || 2006768 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent INSERT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006768 1 || 2006769 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent DELETE || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006769 1 || 2006770 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ASCII || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006770 1 || 2006771 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UPDATE || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006771 1 || 2006772 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id SELECT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006772 1 || 2006773 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UNION SELECT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006773 1 || 2006774 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id INSERT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006774 1 || 2006775 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id DELETE || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006775 1 || 2006776 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ASCII || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006776 1 || 2006777 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UPDATE || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006777 1 || 2006778 || 9 || trojan-activity || 0 || ET MALWARE Debelizombi.com Spyware User-Agent (blahrx) || url,doc.emergingthreats.net/2006778 1 || 2006779 || 7 || not-suspicious || 0 || ET POLICY Nagios HTTP Monitoring Connection || url,doc.emergingthreats.net/2006779 1 || 2006780 || 8 || trojan-activity || 0 || ET MALWARE Zango Cash Spyware User-Agent (ZC-Bridgev26) || url,doc.emergingthreats.net/2006780 1 || 2006781 || 39 || trojan-activity || 0 || ET MALWARE Zango Cash Spyware User-Agent (ZC XML-RPC C++ Client) || url,doc.emergingthreats.net/2006781 1 || 2006782 || 9 || trojan-activity || 0 || ET MALWARE Mirage.ru Related Spyware User-Agent (szNotifyIdent) || url,doc.emergingthreats.net/2006782 1 || 2006783 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici SELECT || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006783 1 || 2006784 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici UNION SELECT || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006784 1 || 2006785 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici INSERT || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006785 1 || 2006786 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici DELETE || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006786 1 || 2006787 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici ASCII || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006787 1 || 2006788 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici UPDATE || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006788 1 || 2006789 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola SELECT || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006789 1 || 2006790 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola UNION SELECT || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006790 1 || 2006791 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola INSERT || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006791 1 || 2006792 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola DELETE || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006792 1 || 2006793 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola ASCII || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006793 1 || 2006794 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola UPDATE || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006794 1 || 2006795 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi SELECT || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006795 1 || 2006796 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi UNION SELECT || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006796 1 || 2006797 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi INSERT || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006797 1 || 2006798 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi DELETE || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006798 1 || 2006799 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi ASCII || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006799 1 || 2006800 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi UPDATE || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006800 1 || 2006801 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre SELECT || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006801 1 || 2006802 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre UNION SELECT || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006802 1 || 2006803 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre INSERT || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006803 1 || 2006804 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre DELETE || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006804 1 || 2006805 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre ASCII || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006805 1 || 2006806 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre UPDATE || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006806 1 || 2006807 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid SELECT || cve,CVE-2006-6280 || url,www.securityfocus.com/bid/21172 || url,doc.emergingthreats.net/2006807 1 || 2006808 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid UNION SELECT || cve,CVE-2006-6280 || url,www.securityfocus.com/bid/21172 || url,doc.emergingthreats.net/2006808 1 || 2006809 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid INSERT || cve,CVE-2006-6280 || url,www.securityfocus.com/bid/21172 || url,doc.emergingthreats.net/2006809 1 || 2006810 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid DELETE || cve,CVE-2006-6280 || url,www.securityfocus.com/bid/21172 || url,doc.emergingthreats.net/2006810 1 || 2006811 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid ASCII || cve,CVE-2006-6280 || url,www.securityfocus.com/bid/21172 || url,doc.emergingthreats.net/2006811 1 || 2006812 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid UPDATE || cve,CVE-2006-6280 || url,www.securityfocus.com/bid/21172 || url,doc.emergingthreats.net/2006812 1 || 2006813 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Expinion.net iNews SQL Injection Attempt -- articles.asp ex SELECT || cve,CVE-2006-6274 || url,www.securityfocus.com/bid/21296 || url,doc.emergingthreats.net/2006813 1 || 2006814 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Expinion.net iNews SQL Injection Attempt -- articles.asp ex UNION SELECT || cve,CVE-2006-6274 || url,www.securityfocus.com/bid/21296 || url,doc.emergingthreats.net/2006814 1 || 2006815 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Expinion.net iNews SQL Injection Attempt -- articles.asp ex INSERT || cve,CVE-2006-6274 || url,www.securityfocus.com/bid/21296 || url,doc.emergingthreats.net/2006815 1 || 2006816 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Expinion.net iNews SQL Injection Attempt -- articles.asp ex DELETE || cve,CVE-2006-6274 || url,www.securityfocus.com/bid/21296 || url,doc.emergingthreats.net/2006816 1 || 2006817 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Expinion.net iNews SQL Injection Attempt -- articles.asp ex ASCII || cve,CVE-2006-6274 || url,www.securityfocus.com/bid/21296 || url,doc.emergingthreats.net/2006817 1 || 2006818 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Expinion.net iNews SQL Injection Attempt -- articles.asp ex UPDATE || cve,CVE-2006-6274 || url,www.securityfocus.com/bid/21296 || url,doc.emergingthreats.net/2006818 1 || 2006819 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum2.asp soruid SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006819 1 || 2006820 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum2.asp soruid UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006820 1 || 2006821 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum2.asp soruid INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006821 1 || 2006822 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum2.asp soruid DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006822 1 || 2006823 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum2.asp soruid ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006823 1 || 2006824 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum2.asp soruid UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006824 1 || 2006825 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006825 1 || 2006826 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006826 1 || 2006827 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006827 1 || 2006828 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006828 1 || 2006829 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006829 1 || 2006830 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006830 1 || 2006831 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006831 1 || 2006832 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006832 1 || 2006833 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006833 1 || 2006834 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006834 1 || 2006835 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006835 1 || 2006836 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006836 1 || 2006837 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006837 1 || 2006838 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006838 1 || 2006839 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006839 1 || 2006840 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006840 1 || 2006841 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006841 1 || 2006842 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006842 1 || 2006843 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006843 1 || 2006844 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006844 1 || 2006845 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006845 1 || 2006846 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006846 1 || 2006847 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006847 1 || 2006848 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006848 1 || 2006849 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006849 1 || 2006850 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006850 1 || 2006851 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006851 1 || 2006852 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006852 1 || 2006853 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006853 1 || 2006854 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006854 1 || 2006855 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum.asp baslik SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006855 1 || 2006856 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum.asp baslik UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006856 1 || 2006857 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum.asp baslik INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006857 1 || 2006858 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum.asp baslik DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006858 1 || 2006859 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum.asp baslik ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006859 1 || 2006860 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum.asp baslik UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006860 1 || 2006862 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id SELECT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006862 1 || 2006863 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id UNION SELECT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006863 1 || 2006864 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id INSERT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006864 1 || 2006865 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id DELETE || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006865 1 || 2006866 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id ASCII || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006866 1 || 2006867 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id UPDATE || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006867 1 || 2006868 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid SELECT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006868 1 || 2006869 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid UNION SELECT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006869 1 || 2006870 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid INSERT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006870 1 || 2006871 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid DELETE || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006871 1 || 2006872 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid ASCII || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006872 1 || 2006873 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid UPDATE || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006873 1 || 2006874 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid SELECT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006874 1 || 2006875 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid UNION SELECT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006875 1 || 2006876 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid INSERT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006876 1 || 2006877 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid DELETE || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006877 1 || 2006878 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid ASCII || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006878 1 || 2006879 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid UPDATE || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006879 1 || 2006880 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id SELECT || cve,CVE-2006-6268 || url,www.securityfocus.com/bid/21227 || url,doc.emergingthreats.net/2006880 1 || 2006881 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id UNION SELECT || cve,CVE-2006-6268 || url,www.securityfocus.com/bid/21227 || url,doc.emergingthreats.net/2006881 1 || 2006882 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id INSERT || cve,CVE-2006-6268 || url,www.securityfocus.com/bid/21227 || url,doc.emergingthreats.net/2006882 1 || 2006883 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id DELETE || cve,CVE-2006-6268 || url,www.securityfocus.com/bid/21227 || url,doc.emergingthreats.net/2006883 1 || 2006884 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id ASCII || cve,CVE-2006-6268 || url,www.securityfocus.com/bid/21227 || url,doc.emergingthreats.net/2006884 1 || 2006885 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id UPDATE || cve,CVE-2006-6268 || url,www.securityfocus.com/bid/21227 || url,doc.emergingthreats.net/2006885 1 || 2006886 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci SELECT || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006886 1 || 2006887 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci UNION SELECT || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006887 1 || 2006888 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci INSERT || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006888 1 || 2006889 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci DELETE || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006889 1 || 2006890 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci ASCII || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006890 1 || 2006891 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci UPDATE || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006891 1 || 2006892 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci SELECT || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006892 1 || 2006893 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci UNION SELECT || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006893 1 || 2006894 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci INSERT || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006894 1 || 2006895 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci DELETE || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006895 1 || 2006896 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci ASCII || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006896 1 || 2006897 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci UPDATE || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006897 1 || 2006898 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp cat SELECT || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006898 1 || 2006899 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp cat UNION SELECT || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006899 1 || 2006900 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp cat INSERT || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006900 1 || 2006901 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp cat DELETE || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006901 1 || 2006902 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp cat ASCII || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006902 1 || 2006903 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp cat UPDATE || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006903 1 || 2006904 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp did SELECT || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006904 1 || 2006905 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp did UNION SELECT || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006905 1 || 2006906 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp did INSERT || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006906 1 || 2006907 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp did DELETE || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006907 1 || 2006908 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp did ASCII || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006908 1 || 2006909 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp did UPDATE || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006909 1 || 2006910 || 7 || trojan-activity || 0 || ET DELETED perlb0t/w0rmb0t Response (Case 1) || url,doc.emergingthreats.net/2006910 1 || 2006911 || 8 || trojan-activity || 0 || ET TROJAN perlb0t/w0rmb0t Response 2 || url,doc.emergingthreats.net/2006911 1 || 2006912 || 10 || trojan-activity || 0 || ET DELETED perlb0t/w0rmb0t Response (Case 3) || url,doc.emergingthreats.net/2006912 1 || 2006921 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit SELECT || cve,CVE-2006-6237 || url,www.milw0rm.com/exploits/2841 || url,doc.emergingthreats.net/2006921 1 || 2006922 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit UNION SELECT || cve,CVE-2006-6237 || url,www.milw0rm.com/exploits/2841 || url,doc.emergingthreats.net/2006922 1 || 2006923 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit INSERT || cve,CVE-2006-6237 || url,www.milw0rm.com/exploits/2841 || url,doc.emergingthreats.net/2006923 1 || 2006924 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit DELETE || cve,CVE-2006-6237 || url,www.milw0rm.com/exploits/2841 || url,doc.emergingthreats.net/2006924 1 || 2006925 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit ASCII || cve,CVE-2006-6237 || url,www.milw0rm.com/exploits/2841 || url,doc.emergingthreats.net/2006925 1 || 2006926 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit UPDATE || cve,CVE-2006-6237 || url,www.milw0rm.com/exploits/2841 || url,doc.emergingthreats.net/2006926 1 || 2006927 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid SELECT || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006927 1 || 2006928 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid UNION SELECT || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006928 1 || 2006929 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid INSERT || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006929 1 || 2006930 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid DELETE || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006930 1 || 2006931 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid ASCII || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006931 1 || 2006932 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid UPDATE || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006932 1 || 2006933 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php pid SELECT || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006933 1 || 2006934 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php pid UNION SELECT || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006934 1 || 2006935 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php pid INSERT || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006935 1 || 2006936 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php pid DELETE || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006936 1 || 2006937 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php pid ASCII || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006937 1 || 2006938 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php pid UPDATE || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006938 1 || 2006939 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid SELECT || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006939 1 || 2006940 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid UNION SELECT || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006940 1 || 2006941 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid INSERT || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006941 1 || 2006942 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid DELETE || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006942 1 || 2006943 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid ASCII || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006943 1 || 2006944 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid UPDATE || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006944 1 || 2006945 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- list.php categoryid SELECT || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006945 1 || 2006946 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- list.php categoryid UNION SELECT || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006946 1 || 2006947 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- list.php categoryid INSERT || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006947 1 || 2006948 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- list.php categoryid DELETE || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006948 1 || 2006949 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- list.php categoryid ASCII || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006949 1 || 2006950 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- list.php categoryid UPDATE || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006950 1 || 2006951 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php seite_id SELECT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006951 1 || 2006952 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php seite_id UNION SELECT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006952 1 || 2006953 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php seite_id INSERT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006953 1 || 2006954 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php seite_id DELETE || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006954 1 || 2006955 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php seite_id ASCII || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006955 1 || 2006956 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php seite_id UPDATE || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006956 1 || 2006957 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php gruppe_id SELECT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006957 1 || 2006958 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php gruppe_id UNION SELECT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006958 1 || 2006959 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php gruppe_id INSERT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006959 1 || 2006960 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php gruppe_id DELETE || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006960 1 || 2006961 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php gruppe_id ASCII || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006961 1 || 2006962 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php gruppe_id UPDATE || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006962 1 || 2006963 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php go_target SELECT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006963 1 || 2006964 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php go_target UNION SELECT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006964 1 || 2006965 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php go_target INSERT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006965 1 || 2006966 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php go_target DELETE || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006966 1 || 2006967 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php go_target ASCII || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006967 1 || 2006968 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php go_target UPDATE || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006968 1 || 2006969 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id SELECT || cve,CVE-2006-6216 || url,www.milw0rm.com/exploits/2851 || url,doc.emergingthreats.net/2006969 1 || 2006970 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id UNION SELECT || cve,CVE-2006-6216 || url,www.milw0rm.com/exploits/2851 || url,doc.emergingthreats.net/2006970 1 || 2006971 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id INSERT || cve,CVE-2006-6216 || url,www.milw0rm.com/exploits/2851 || url,doc.emergingthreats.net/2006971 1 || 2006972 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id DELETE || cve,CVE-2006-6216 || url,www.milw0rm.com/exploits/2851 || url,doc.emergingthreats.net/2006972 1 || 2006973 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id ASCII || cve,CVE-2006-6216 || url,www.milw0rm.com/exploits/2851 || url,doc.emergingthreats.net/2006973 1 || 2006974 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id UPDATE || cve,CVE-2006-6216 || url,www.milw0rm.com/exploits/2851 || url,doc.emergingthreats.net/2006974 1 || 2006975 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login SELECT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006975 1 || 2006976 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login UNION SELECT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006976 1 || 2006977 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login INSERT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006977 1 || 2006978 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login DELETE || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006978 1 || 2006979 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login ASCII || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006979 1 || 2006980 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login UPDATE || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006980 1 || 2006981 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password SELECT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006981 1 || 2006982 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UNION SELECT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006982 1 || 2006983 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password INSERT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006983 1 || 2006984 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password DELETE || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006984 1 || 2006985 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password ASCII || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006985 1 || 2006986 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UPDATE || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006986 1 || 2006987 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid SELECT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006987 1 || 2006988 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid UNION SELECT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006988 1 || 2006989 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid INSERT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006989 1 || 2006990 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid DELETE || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006990 1 || 2006991 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid ASCII || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006991 1 || 2006992 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid UPDATE || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006992 1 || 2006993 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid SELECT || cve,CVE-2006-6214 || url,www.milw0rm.com/exploits/2835 || url,doc.emergingthreats.net/2006993 1 || 2006994 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid UNION SELECT || cve,CVE-2006-6214 || url,www.milw0rm.com/exploits/2835 || url,doc.emergingthreats.net/2006994 1 || 2006995 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid INSERT || cve,CVE-2006-6214 || url,www.milw0rm.com/exploits/2835 || url,doc.emergingthreats.net/2006995 1 || 2006996 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid DELETE || cve,CVE-2006-6214 || url,www.milw0rm.com/exploits/2835 || url,doc.emergingthreats.net/2006996 1 || 2006997 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid ASCII || cve,CVE-2006-6214 || url,www.milw0rm.com/exploits/2835 || url,doc.emergingthreats.net/2006997 1 || 2006998 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid UPDATE || cve,CVE-2006-6214 || url,www.milw0rm.com/exploits/2835 || url,doc.emergingthreats.net/2006998 1 || 2006999 || 8 || trojan-activity || 0 || ET TROJAN Brontok User-Agent Detected (Brontok.A3 Browser) || url,doc.emergingthreats.net/2006999 1 || 2007000 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP ListPics SQL Injection Attempt -- listpics.asp ID SELECT || cve,CVE-2006-6210 || url,www.securityfocus.com/bid/21279 || url,doc.emergingthreats.net/2007000 1 || 2007001 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP ListPics SQL Injection Attempt -- listpics.asp ID UNION SELECT || cve,CVE-2006-6210 || url,www.securityfocus.com/bid/21279 || url,doc.emergingthreats.net/2007001 1 || 2007002 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP ListPics SQL Injection Attempt -- listpics.asp ID INSERT || cve,CVE-2006-6210 || url,www.securityfocus.com/bid/21279 || url,doc.emergingthreats.net/2007002 1 || 2007003 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP ListPics SQL Injection Attempt -- listpics.asp ID DELETE || cve,CVE-2006-6210 || url,www.securityfocus.com/bid/21279 || url,doc.emergingthreats.net/2007003 1 || 2007004 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP ListPics SQL Injection Attempt -- listpics.asp ID ASCII || cve,CVE-2006-6210 || url,www.securityfocus.com/bid/21279 || url,doc.emergingthreats.net/2007004 1 || 2007005 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP ListPics SQL Injection Attempt -- listpics.asp ID UPDATE || cve,CVE-2006-6210 || url,www.securityfocus.com/bid/21279 || url,doc.emergingthreats.net/2007005 1 || 2007006 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant SELECT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007006 1 || 2007007 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant UNION SELECT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007007 1 || 2007008 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant INSERT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007008 1 || 2007009 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant DELETE || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007009 1 || 2007010 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant ASCII || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007010 1 || 2007011 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant UPDATE || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007011 1 || 2007012 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup SELECT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007012 1 || 2007013 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup UNION SELECT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007013 1 || 2007014 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup INSERT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007014 1 || 2007015 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup DELETE || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007015 1 || 2007016 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup ASCII || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007016 1 || 2007017 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup UPDATE || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007017 1 || 2007018 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup SELECT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007018 1 || 2007019 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup UNION SELECT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007019 1 || 2007020 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup INSERT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007020 1 || 2007021 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup DELETE || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007021 1 || 2007022 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup ASCII || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007022 1 || 2007023 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup UPDATE || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007023 1 || 2007024 || 8 || web-application-attack || 0 || ET DELETED Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007024 1 || 2007025 || 8 || web-application-attack || 0 || ET DELETED Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id UNION SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007025 1 || 2007026 || 8 || web-application-attack || 0 || ET DELETED Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id INSERT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007026 1 || 2007027 || 8 || web-application-attack || 0 || ET DELETED Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id DELETE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007027 1 || 2007028 || 8 || web-application-attack || 0 || ET DELETED Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id ASCII || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007028 1 || 2007029 || 8 || web-application-attack || 0 || ET DELETED Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id UPDATE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007029 1 || 2007030 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007030 1 || 2007031 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid UNION SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007031 1 || 2007032 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid INSERT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007032 1 || 2007033 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid DELETE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007033 1 || 2007034 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid ASCII || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007034 1 || 2007035 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid UPDATE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007035 1 || 2007036 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007036 1 || 2007037 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid UNION SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007037 1 || 2007038 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid INSERT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007038 1 || 2007039 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid DELETE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007039 1 || 2007040 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid ASCII || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007040 1 || 2007041 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid UPDATE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007041 1 || 2007042 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007042 1 || 2007043 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID UNION SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007043 1 || 2007044 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID INSERT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007044 1 || 2007045 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID DELETE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007045 1 || 2007046 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID ASCII || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007046 1 || 2007047 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID UPDATE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007047 1 || 2007048 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007048 1 || 2007049 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id UPDATE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007049 1 || 2007050 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id INSERT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007050 1 || 2007051 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id DELETE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007051 1 || 2007052 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id ASCII || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007052 1 || 2007053 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id UPDATE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007053 1 || 2007054 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007054 1 || 2007055 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id UNION SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007055 1 || 2007056 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id INSERT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007056 1 || 2007057 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id DELETE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007057 1 || 2007058 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id ASCII || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007058 1 || 2007059 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id UNION SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007059 1 || 2007060 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Evolve shopping cart SQL Injection Attempt -- products.asp partno SELECT || cve,CVE-2006-6207 || url,www.securityfocus.com/bid/21323 || url,doc.emergingthreats.net/2007060 1 || 2007061 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Evolve shopping cart SQL Injection Attempt -- products.asp partno UNION SELECT || cve,CVE-2006-6207 || url,www.securityfocus.com/bid/21323 || url,doc.emergingthreats.net/2007061 1 || 2007062 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Evolve shopping cart SQL Injection Attempt -- products.asp partno INSERT || cve,CVE-2006-6207 || url,www.securityfocus.com/bid/21323 || url,doc.emergingthreats.net/2007062 1 || 2007063 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Evolve shopping cart SQL Injection Attempt -- products.asp partno DELETE || cve,CVE-2006-6207 || url,www.securityfocus.com/bid/21323 || url,doc.emergingthreats.net/2007063 1 || 2007064 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Evolve shopping cart SQL Injection Attempt -- products.asp partno ASCII || cve,CVE-2006-6207 || url,www.securityfocus.com/bid/21323 || url,doc.emergingthreats.net/2007064 1 || 2007065 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Evolve shopping cart SQL Injection Attempt -- products.asp partno UPDATE || cve,CVE-2006-6207 || url,www.securityfocus.com/bid/21323 || url,doc.emergingthreats.net/2007065 1 || 2007066 || 4 || policy-violation || 0 || ET DELETED Yahoo Chat Signin Inside Webmail || url,yahoo.com || url,doc.emergingthreats.net/2007066 1 || 2007067 || 4 || policy-violation || 0 || ET DELETED Yahoo Chat Signin Success Inside Webmail || url,yahoo.com || url,doc.emergingthreats.net/2007067 1 || 2007068 || 4 || policy-violation || 0 || ET DELETED Yahoo Chat Activity Inside Webmail || url,yahoo.com || url,doc.emergingthreats.net/2007068 1 || 2007069 || 3 || policy-violation || 0 || ET DELETED Yahoo Chat Activity Inside Webmail (2) || url,yahoo.com || url,doc.emergingthreats.net/2007069 1 || 2007070 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID SELECT || cve,CVE-2006-6206 || url,www.securityfocus.com/bid/21324 || url,doc.emergingthreats.net/2007070 1 || 2007071 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID UNION SELECT || cve,CVE-2006-6206 || url,www.securityfocus.com/bid/21324 || url,doc.emergingthreats.net/2007071 1 || 2007072 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID INSERT || cve,CVE-2006-6206 || url,www.securityfocus.com/bid/21324 || url,doc.emergingthreats.net/2007072 1 || 2007073 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID DELETE || cve,CVE-2006-6206 || url,www.securityfocus.com/bid/21324 || url,doc.emergingthreats.net/2007073 1 || 2007074 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID ASCII || cve,CVE-2006-6206 || url,www.securityfocus.com/bid/21324 || url,doc.emergingthreats.net/2007074 1 || 2007075 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID UPDATE || cve,CVE-2006-6206 || url,www.securityfocus.com/bid/21324 || url,doc.emergingthreats.net/2007075 1 || 2007076 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007076 1 || 2007077 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007077 1 || 2007078 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007078 1 || 2007079 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007079 1 || 2007080 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007080 1 || 2007081 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007081 1 || 2007082 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007082 1 || 2007083 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007083 1 || 2007084 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007084 1 || 2007085 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007085 1 || 2007086 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007086 1 || 2007087 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007087 1 || 2007088 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007088 1 || 2007089 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007089 1 || 2007090 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007090 1 || 2007091 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007091 1 || 2007092 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007092 1 || 2007093 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007093 1 || 2007094 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007094 1 || 2007095 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007095 1 || 2007096 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007096 1 || 2007097 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007097 1 || 2007098 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007098 1 || 2007099 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007099 1 || 2007100 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp cat SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007100 1 || 2007101 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp cat UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007101 1 || 2007102 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp cat INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007102 1 || 2007103 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp cat DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007103 1 || 2007104 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp cat ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007104 1 || 2007105 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp cat UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007105 1 || 2007106 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007106 1 || 2007107 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007107 1 || 2007108 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007108 1 || 2007109 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007109 1 || 2007110 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007110 1 || 2007111 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007111 1 || 2007112 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007112 1 || 2007113 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007113 1 || 2007114 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007114 1 || 2007115 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007115 1 || 2007116 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007116 1 || 2007117 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007117 1 || 2007118 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007118 1 || 2007119 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007119 1 || 2007120 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007120 1 || 2007121 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007121 1 || 2007122 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007122 1 || 2007123 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007123 1 || 2007124 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007124 1 || 2007125 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007125 1 || 2007126 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007126 1 || 2007127 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007127 1 || 2007128 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007128 1 || 2007129 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007129 1 || 2007130 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007130 1 || 2007131 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007131 1 || 2007132 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007132 1 || 2007133 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007133 1 || 2007134 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007134 1 || 2007135 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007135 1 || 2007136 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007136 1 || 2007137 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007137 1 || 2007138 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007138 1 || 2007139 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007139 1 || 2007140 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007140 1 || 2007141 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007141 1 || 2007142 || 4 || trojan-activity || 0 || ET TROJAN Virtumonde Variant Reporting to Controller via HTTP || url,doc.emergingthreats.net/2007142 1 || 2007176 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid SELECT || cve,CVE-2006-6200 || url,www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded || url,doc.emergingthreats.net/2007176 1 || 2007177 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid UNION SELECT || cve,CVE-2006-6200 || url,www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded || url,doc.emergingthreats.net/2007177 1 || 2007178 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid INSERT || cve,CVE-2006-6200 || url,www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded || url,doc.emergingthreats.net/2007178 1 || 2007179 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid DELETE || cve,CVE-2006-6200 || url,www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded || url,doc.emergingthreats.net/2007179 1 || 2007180 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid ASCII || cve,CVE-2006-6200 || url,www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded || url,doc.emergingthreats.net/2007180 1 || 2007181 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid UPDATE || cve,CVE-2006-6200 || url,www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded || url,doc.emergingthreats.net/2007181 1 || 2007182 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id SELECT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007182 1 || 2007183 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id UNION SELECT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007183 1 || 2007184 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id INSERT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007184 1 || 2007185 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id DELETE || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007185 1 || 2007186 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id ASCII || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007186 1 || 2007187 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id UPDATE || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007187 1 || 2007188 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid SELECT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007188 1 || 2007189 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid UNION SELECT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007189 1 || 2007190 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid INSERT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007190 1 || 2007191 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid DELETE || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007191 1 || 2007192 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid ASCII || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007192 1 || 2007193 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid UPDATE || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007193 1 || 2007194 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid SELECT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007194 1 || 2007195 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid UNION SELECT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007195 1 || 2007196 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid INSERT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007196 1 || 2007197 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid DELETE || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007197 1 || 2007198 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid ASCII || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007198 1 || 2007199 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid UPDATE || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007199 1 || 2007200 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp cat UNION SELECT || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007200 1 || 2007201 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp cat INSERT || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007201 1 || 2007202 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp cat DELETE || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007202 1 || 2007203 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp cat ASCII || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007203 1 || 2007204 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp cat UPDATE || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007204 1 || 2007205 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp did SELECT || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007205 1 || 2007206 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp did UNION SELECT || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007206 1 || 2007207 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp did INSERT || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007207 1 || 2007208 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp did DELETE || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007208 1 || 2007209 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp did ASCII || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007209 1 || 2007210 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp did UPDATE || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007210 1 || 2007211 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id SELECT || cve,CVE-2006-6193 || url,www.milw0rm.com/exploits/2848 || url,doc.emergingthreats.net/2007211 1 || 2007212 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id UNION SELECT || cve,CVE-2006-6193 || url,www.milw0rm.com/exploits/2848 || url,doc.emergingthreats.net/2007212 1 || 2007213 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id INSERT || cve,CVE-2006-6193 || url,www.milw0rm.com/exploits/2848 || url,doc.emergingthreats.net/2007213 1 || 2007214 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id DELETE || cve,CVE-2006-6193 || url,www.milw0rm.com/exploits/2848 || url,doc.emergingthreats.net/2007214 1 || 2007215 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id ASCII || cve,CVE-2006-6193 || url,www.milw0rm.com/exploits/2848 || url,doc.emergingthreats.net/2007215 1 || 2007216 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id UPDATE || cve,CVE-2006-6193 || url,www.milw0rm.com/exploits/2848 || url,doc.emergingthreats.net/2007216 1 || 2007217 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id SELECT || cve,CVE-2006-6191 || url,www.milw0rm.com/exploits/2853 || url,doc.emergingthreats.net/2007217 1 || 2007218 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id UNION SELECT || cve,CVE-2006-6191 || url,www.milw0rm.com/exploits/2853 || url,doc.emergingthreats.net/2007218 1 || 2007219 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id INSERT || cve,CVE-2006-6191 || url,www.milw0rm.com/exploits/2853 || url,doc.emergingthreats.net/2007219 1 || 2007220 || 12 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id DELETE || cve,CVE-2006-6191 || url,www.milw0rm.com/exploits/2853 || url,doc.emergingthreats.net/2007220 1 || 2007221 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id ASCII || cve,CVE-2006-6191 || url,www.milw0rm.com/exploits/2853 || url,doc.emergingthreats.net/2007221 1 || 2007222 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id UPDATE || cve,CVE-2006-6191 || url,www.milw0rm.com/exploits/2853 || url,doc.emergingthreats.net/2007222 1 || 2007223 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date SELECT || cve,CVE-2006-6189 || url,www.securityfocus.com/bid/21310 || url,doc.emergingthreats.net/2007223 1 || 2007224 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UNION SELECT || cve,CVE-2006-6189 || url,www.securityfocus.com/bid/21310 || url,doc.emergingthreats.net/2007224 1 || 2007225 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date INSERT || cve,CVE-2006-6189 || url,www.securityfocus.com/bid/21310 || url,doc.emergingthreats.net/2007225 1 || 2007226 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date DELETE || cve,CVE-2006-6189 || url,www.securityfocus.com/bid/21310 || url,doc.emergingthreats.net/2007226 1 || 2007227 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ASCII || cve,CVE-2006-6189 || url,www.securityfocus.com/bid/21310 || url,doc.emergingthreats.net/2007227 1 || 2007228 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UPDATE || cve,CVE-2006-6189 || url,www.securityfocus.com/bid/21310 || url,doc.emergingthreats.net/2007228 1 || 2007229 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007229 1 || 2007230 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage UNION SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007230 1 || 2007231 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage INSERT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007231 1 || 2007232 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage DELETE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007232 1 || 2007233 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage ASCII || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007233 1 || 2007234 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage UPDATE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007234 1 || 2007235 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007235 1 || 2007236 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id UNION SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007236 1 || 2007237 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id INSERT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007237 1 || 2007238 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id DELETE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007238 1 || 2007239 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id ASCII || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007239 1 || 2007240 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id UPDATE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007240 1 || 2007241 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007241 1 || 2007242 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id UNION SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007242 1 || 2007243 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id INSERT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007243 1 || 2007244 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id DELETE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007244 1 || 2007245 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id ASCII || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007245 1 || 2007246 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id UPDATE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007246 1 || 2007247 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007247 1 || 2007248 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage UNION SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007248 1 || 2007249 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage INSERT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007249 1 || 2007250 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage DELETE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007250 1 || 2007251 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage ASCII || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007251 1 || 2007252 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage UPDATE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007252 1 || 2007253 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007253 1 || 2007254 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby UNION SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007254 1 || 2007255 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby INSERT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007255 1 || 2007256 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby DELETE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007256 1 || 2007257 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ASCII || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007257 1 || 2007258 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby UPDATE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007258 1 || 2007259 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007259 1 || 2007260 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage UNION SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007260 1 || 2007261 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage INSERT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007261 1 || 2007262 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage DELETE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007262 1 || 2007263 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage ASCII || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007263 1 || 2007264 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage UPDATE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007264 1 || 2007265 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort SELECT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007265 1 || 2007266 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort UNION SELECT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007266 1 || 2007267 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort INSERT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007267 1 || 2007268 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort DELETE || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007268 1 || 2007269 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort ASCII || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007269 1 || 2007270 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort UPDATE || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007270 1 || 2007271 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp In SELECT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007271 1 || 2007272 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp In UNION SELECT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007272 1 || 2007273 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp In INSERT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007273 1 || 2007274 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp In DELETE || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007274 1 || 2007275 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp In ASCII || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007275 1 || 2007276 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp In UPDATE || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007276 1 || 2007277 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp orderby SELECT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007277 1 || 2007278 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp orderby UNION SELECT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007278 1 || 2007279 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp orderby INSERT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007279 1 || 2007280 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp orderby DELETE || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007280 1 || 2007281 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp orderby ASCII || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007281 1 || 2007282 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp orderby UPDATE || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007282 1 || 2007283 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp cat SELECT || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007283 1 || 2007284 || 6 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Agent.cav Url Pattern Detected (ping) || url,doc.emergingthreats.net/2007284 1 || 2007285 || 4 || trojan-activity || 0 || ET TROJAN Virtumonde Variant Reporting to Controller via HTTP (2) || url,doc.emergingthreats.net/2007285 1 || 2007286 || 6 || trojan-activity || 0 || ET TROJAN Feral Checkin via HTTP || url,doc.emergingthreats.net/2007286 1 || 2007288 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.php id SELECT || cve,CVE-2006-6177 || url,www.securityfocus.com/archive/1/archive/1/452269/100/100/threaded || url,doc.emergingthreats.net/2007288 1 || 2007289 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.php id UNION SELECT || cve,CVE-2006-6177 || url,www.securityfocus.com/archive/1/archive/1/452269/100/100/threaded || url,doc.emergingthreats.net/2007289 1 || 2007290 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.php id INSERT || cve,CVE-2006-6177 || url,www.securityfocus.com/archive/1/archive/1/452269/100/100/threaded || url,doc.emergingthreats.net/2007290 1 || 2007291 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.php id DELETE || cve,CVE-2006-6177 || url,www.securityfocus.com/archive/1/archive/1/452269/100/100/threaded || url,doc.emergingthreats.net/2007291 1 || 2007292 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.php id ASCII || cve,CVE-2006-6177 || url,www.securityfocus.com/archive/1/archive/1/452269/100/100/threaded || url,doc.emergingthreats.net/2007292 1 || 2007293 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.php id UPDATE || cve,CVE-2006-6177 || url,www.securityfocus.com/archive/1/archive/1/452269/100/100/threaded || url,doc.emergingthreats.net/2007293 1 || 2007294 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007294 1 || 2007295 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id UNION SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007295 1 || 2007296 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id INSERT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007296 1 || 2007297 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id DELETE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007297 1 || 2007298 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id ASCII || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007298 1 || 2007299 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id UPDATE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007299 1 || 2007300 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007300 1 || 2007301 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id UNION SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007301 1 || 2007302 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id INSERT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007302 1 || 2007303 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id DELETE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007303 1 || 2007304 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id ASCII || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007304 1 || 2007305 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id UPDATE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007305 1 || 2007306 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007306 1 || 2007307 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id UNION SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007307 1 || 2007308 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id INSERT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007308 1 || 2007309 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id DELETE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007309 1 || 2007310 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id ASCII || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007310 1 || 2007311 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id UPDATE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007311 1 || 2007312 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007312 1 || 2007313 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid UNION SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007313 1 || 2007314 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid INSERT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007314 1 || 2007315 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid DELETE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007315 1 || 2007316 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid ASCII || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007316 1 || 2007317 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid UPDATE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007317 1 || 2007318 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007318 1 || 2007319 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid UNION SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007319 1 || 2007320 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid INSERT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007320 1 || 2007321 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid DELETE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007321 1 || 2007322 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid ASCII || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007322 1 || 2007323 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid UPDATE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007323 1 || 2007324 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007324 1 || 2007325 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid UNION SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007325 1 || 2007326 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid INSERT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007326 1 || 2007327 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid DELETE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007327 1 || 2007328 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid ASCII || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007328 1 || 2007329 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid UPDATE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007329 1 || 2007330 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id SELECT || cve,CVE-2006-6160 || url,www.milw0rm.com/exploits/2846 || url,doc.emergingthreats.net/2007330 1 || 2007331 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id UNION SELECT || cve,CVE-2006-6160 || url,www.milw0rm.com/exploits/2846 || url,doc.emergingthreats.net/2007331 1 || 2007332 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id INSERT || cve,CVE-2006-6160 || url,www.milw0rm.com/exploits/2846 || url,doc.emergingthreats.net/2007332 1 || 2007333 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id DELETE || cve,CVE-2006-6160 || url,www.milw0rm.com/exploits/2846 || url,doc.emergingthreats.net/2007333 1 || 2007334 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id ASCII || cve,CVE-2006-6160 || url,www.milw0rm.com/exploits/2846 || url,doc.emergingthreats.net/2007334 1 || 2007335 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id UPDATE || cve,CVE-2006-6160 || url,www.milw0rm.com/exploits/2846 || url,doc.emergingthreats.net/2007335 1 || 2007336 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ContentNow SQL Injection Attempt -- index.php pageid SELECT || cve,CVE-2006-6157 || url,www.milw0rm.com/exploits/2822 || url,doc.emergingthreats.net/2007336 1 || 2007337 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ContentNow SQL Injection Attempt -- index.php pageid UNION SELECT || cve,CVE-2006-6157 || url,www.milw0rm.com/exploits/2822 || url,doc.emergingthreats.net/2007337 1 || 2007338 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ContentNow SQL Injection Attempt -- index.php pageid INSERT || cve,CVE-2006-6157 || url,www.milw0rm.com/exploits/2822 || url,doc.emergingthreats.net/2007338 1 || 2007339 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ContentNow SQL Injection Attempt -- index.php pageid DELETE || cve,CVE-2006-6157 || url,www.milw0rm.com/exploits/2822 || url,doc.emergingthreats.net/2007339 1 || 2007340 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ContentNow SQL Injection Attempt -- index.php pageid ASCII || cve,CVE-2006-6157 || url,www.milw0rm.com/exploits/2822 || url,doc.emergingthreats.net/2007340 1 || 2007341 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ContentNow SQL Injection Attempt -- index.php pageid UPDATE || cve,CVE-2006-6157 || url,www.milw0rm.com/exploits/2822 || url,doc.emergingthreats.net/2007341 1 || 2007344 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos FAQ Manager SQL Injection Attempt -- index.asp tID SELECT || cve,CVE-2006-6149 || url,www.milw0rm.com/exploits/2836 || url,doc.emergingthreats.net/2007344 1 || 2007345 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos FAQ Manager SQL Injection Attempt -- index.asp tID UNION SELECT || cve,CVE-2006-6149 || url,www.milw0rm.com/exploits/2836 || url,doc.emergingthreats.net/2007345 1 || 2007346 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos FAQ Manager SQL Injection Attempt -- index.asp tID INSERT || cve,CVE-2006-6149 || url,www.milw0rm.com/exploits/2836 || url,doc.emergingthreats.net/2007346 1 || 2007347 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos FAQ Manager SQL Injection Attempt -- index.asp tID DELETE || cve,CVE-2006-6149 || url,www.milw0rm.com/exploits/2836 || url,doc.emergingthreats.net/2007347 1 || 2007348 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos FAQ Manager SQL Injection Attempt -- index.asp tID ASCII || cve,CVE-2006-6149 || url,www.milw0rm.com/exploits/2836 || url,doc.emergingthreats.net/2007348 1 || 2007349 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos FAQ Manager SQL Injection Attempt -- index.asp tID UPDATE || cve,CVE-2006-6149 || url,www.milw0rm.com/exploits/2836 || url,doc.emergingthreats.net/2007349 1 || 2007350 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID SELECT || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007350 1 || 2007351 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID UNION SELECT || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007351 1 || 2007352 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID INSERT || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007352 1 || 2007353 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID DELETE || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007353 1 || 2007354 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID ASCII || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007354 1 || 2007355 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID UPDATE || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007355 1 || 2007356 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID SELECT || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007356 1 || 2007357 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID UNION SELECT || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007357 1 || 2007358 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID INSERT || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007358 1 || 2007359 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID DELETE || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007359 1 || 2007360 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID ASCII || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007360 1 || 2007361 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID UPDATE || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007361 1 || 2007362 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch SELECT || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007362 1 || 2007363 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch INSERT || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007363 1 || 2007364 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch UNION SELECT || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007364 1 || 2007365 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch DELETE || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007365 1 || 2007366 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch ASCII || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007366 1 || 2007367 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch UPDATE || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007367 1 || 2007368 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- search.asp SELECT || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007368 1 || 2007369 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- search.asp UNION SELECT || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007369 1 || 2007370 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- search.asp INSERT || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007370 1 || 2007371 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- search.asp DELETE || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007371 1 || 2007372 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- search.asp ASCII || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007372 1 || 2007373 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- search.asp UPDATE || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007373 1 || 2007374 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which SELECT || cve,CVE-2006-6117 || url,www.milw0rm.com/exploits/2829 || url,doc.emergingthreats.net/2007374 1 || 2007375 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which UNION SELECT || cve,CVE-2006-6117 || url,www.milw0rm.com/exploits/2829 || url,doc.emergingthreats.net/2007375 1 || 2007376 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which INSERT || cve,CVE-2006-6117 || url,www.milw0rm.com/exploits/2829 || url,doc.emergingthreats.net/2007376 1 || 2007377 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which DELETE || cve,CVE-2006-6117 || url,www.milw0rm.com/exploits/2829 || url,doc.emergingthreats.net/2007377 1 || 2007378 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which ASCII || cve,CVE-2006-6117 || url,www.milw0rm.com/exploits/2829 || url,doc.emergingthreats.net/2007378 1 || 2007379 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which UPDATE || cve,CVE-2006-6117 || url,www.milw0rm.com/exploits/2829 || url,doc.emergingthreats.net/2007379 1 || 2007380 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat SELECT || cve,CVE-2006-6116 || url,www.milw0rm.com/exploits/2830 || url,doc.emergingthreats.net/2007380 1 || 2007381 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat UNION SELECT || cve,CVE-2006-6116 || url,www.milw0rm.com/exploits/2830 || url,doc.emergingthreats.net/2007381 1 || 2007382 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat INSERT || cve,CVE-2006-6116 || url,www.milw0rm.com/exploits/2830 || url,doc.emergingthreats.net/2007382 1 || 2007383 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat DELETE || cve,CVE-2006-6116 || url,www.milw0rm.com/exploits/2830 || url,doc.emergingthreats.net/2007383 1 || 2007384 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat ASCII || cve,CVE-2006-6116 || url,www.milw0rm.com/exploits/2830 || url,doc.emergingthreats.net/2007384 1 || 2007385 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat UPDATE || cve,CVE-2006-6116 || url,www.milw0rm.com/exploits/2830 || url,doc.emergingthreats.net/2007385 1 || 2007386 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid SELECT || cve,CVE-2006-6115 || url,www.milw0rm.com/exploits/2828 || url,doc.emergingthreats.net/2007386 1 || 2007387 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid UNION SELECT || cve,CVE-2006-6115 || url,www.milw0rm.com/exploits/2828 || url,doc.emergingthreats.net/2007387 1 || 2007388 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid INSERT || cve,CVE-2006-6115 || url,www.milw0rm.com/exploits/2828 || url,doc.emergingthreats.net/2007388 1 || 2007389 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid DELETE || cve,CVE-2006-6115 || url,www.milw0rm.com/exploits/2828 || url,doc.emergingthreats.net/2007389 1 || 2007390 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid ASCII || cve,CVE-2006-6115 || url,www.milw0rm.com/exploits/2828 || url,doc.emergingthreats.net/2007390 1 || 2007391 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid UPDATE || cve,CVE-2006-6115 || url,www.milw0rm.com/exploits/2828 || url,doc.emergingthreats.net/2007391 1 || 2007392 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid SELECT || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007392 1 || 2007393 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid UNION SELECT || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007393 1 || 2007394 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid INSERT || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007394 1 || 2007395 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid DELETE || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007395 1 || 2007396 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid ASCII || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007396 1 || 2007397 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid UPDATE || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007397 1 || 2007398 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search SELECT || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007398 1 || 2007399 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search UNION SELECT || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007399 1 || 2007400 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search INSERT || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007400 1 || 2007401 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search DELETE || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007401 1 || 2007402 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search ASCII || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007402 1 || 2007403 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search UPDATE || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007403 1 || 2007404 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd SELECT || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007404 1 || 2007405 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd UNION SELECT || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007405 1 || 2007406 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd INSERT || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007406 1 || 2007407 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd DELETE || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007407 1 || 2007408 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd ASCII || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007408 1 || 2007409 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd UPDATE || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007409 1 || 2007410 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url SELECT || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007410 1 || 2007411 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url UNION SELECT || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007411 1 || 2007412 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url INSERT || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007412 1 || 2007413 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url DELETE || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007413 1 || 2007414 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url ASCII || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007414 1 || 2007415 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url UPDATE || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007415 1 || 2007416 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- cat.asp cat SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007416 1 || 2007417 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- cat.asp cat UNION SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007417 1 || 2007418 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- cat.asp cat INSERT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007418 1 || 2007419 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- cat.asp cat DELETE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007419 1 || 2007420 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- cat.asp cat ASCII || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007420 1 || 2007421 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- cat.asp cat UPDATE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007421 1 || 2007422 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp keyword SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007422 1 || 2007423 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp keyword UNION SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007423 1 || 2007424 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp keyword INSERT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007424 1 || 2007425 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp keyword DELETE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007425 1 || 2007426 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp keyword ASCII || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007426 1 || 2007427 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp keyword UPDATE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007427 1 || 2007428 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp order SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007428 1 || 2007429 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp order UNION SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007429 1 || 2007430 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp order INSERT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007430 1 || 2007431 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp order DELETE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007431 1 || 2007432 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp order ASCII || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007432 1 || 2007433 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp order UPDATE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007433 1 || 2007434 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp sort SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007434 1 || 2007435 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp sort UNION SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007435 1 || 2007436 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp sort INSERT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007436 1 || 2007437 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp sort DELETE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007437 1 || 2007438 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp sort ASCII || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007438 1 || 2007439 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp sort UPDATE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007439 1 || 2007440 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007440 1 || 2007441 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect UNION SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007441 1 || 2007442 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect INSERT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007442 1 || 2007443 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect DELETE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007443 1 || 2007444 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect ASCII || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007444 1 || 2007445 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect UPDATE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007445 1 || 2007446 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp state SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007446 1 || 2007447 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp state UNION SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007447 1 || 2007448 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp state INSERT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007448 1 || 2007449 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp state DELETE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007449 1 || 2007450 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp state ASCII || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007450 1 || 2007451 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp state UPDATE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007451 1 || 2007452 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob SELECT || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007452 1 || 2007453 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob UNION SELECT || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007453 1 || 2007454 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob INSERT || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007454 1 || 2007455 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob DELETE || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007455 1 || 2007456 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob ASCII || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007456 1 || 2007457 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob UPDATE || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007457 1 || 2007458 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID SELECT || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007458 1 || 2007459 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID UNION SELECT || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007459 1 || 2007460 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID INSERT || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007460 1 || 2007461 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID DELETE || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007461 1 || 2007462 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID ASCII || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007462 1 || 2007463 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID UPDATE || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007463 1 || 2007464 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- openPolicy.asp policy SELECT || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007464 1 || 2007465 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- openPolicy.asp policy UNION SELECT || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007465 1 || 2007466 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- openPolicy.asp policy INSERT || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007466 1 || 2007467 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- openPolicy.asp policy DELETE || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007467 1 || 2007468 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- openPolicy.asp policy ASCII || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007468 1 || 2007469 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- openPolicy.asp policy UPDATE || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007469 1 || 2007470 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- prodList.asp brand SELECT || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007470 1 || 2007471 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- prodList.asp brand UNION SELECT || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007471 1 || 2007472 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- prodList.asp brand INSERT || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007472 1 || 2007473 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- prodList.asp brand DELETE || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007473 1 || 2007474 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- prodList.asp brand ASCII || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007474 1 || 2007475 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- prodList.asp brand UPDATE || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007475 1 || 2007476 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID SELECT || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007476 1 || 2007477 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID UNION SELECT || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007477 1 || 2007478 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID INSERT || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007478 1 || 2007479 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID DELETE || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007479 1 || 2007480 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID ASCII || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007480 1 || 2007481 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID UPDATE || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007481 1 || 2007482 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- default.asp page SELECT || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007482 1 || 2007483 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- default.asp page UNION SELECT || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007483 1 || 2007484 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- default.asp page DELETE || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007484 1 || 2007485 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- default.asp page ASCII || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007485 1 || 2007486 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- default.asp page UPDATE || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007486 1 || 2007487 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID SELECT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007487 1 || 2007488 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID UNION SELECT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007488 1 || 2007489 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID INSERT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007489 1 || 2007490 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID DELETE || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007490 1 || 2007491 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID ASCII || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007491 1 || 2007492 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID UPDATE || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007492 1 || 2007493 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID SELECT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007493 1 || 2007494 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID UNION SELECT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007494 1 || 2007495 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID INSERT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007495 1 || 2007496 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID DELETE || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007496 1 || 2007497 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID ASCII || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007497 1 || 2007498 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID UPDATE || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007498 1 || 2007499 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query SELECT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007499 1 || 2007500 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query UNION SELECT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007500 1 || 2007501 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query INSERT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007501 1 || 2007502 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query DELETE || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007502 1 || 2007503 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query ASCII || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007503 1 || 2007504 || 9 || web-application-attack || 0 || ET DELETED 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007504 1 || 2007505 || 9 || web-application-attack || 0 || ET DELETED 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007505 1 || 2007506 || 9 || web-application-attack || 0 || ET DELETED 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007506 1 || 2007507 || 9 || web-application-attack || 0 || ET DELETED 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007507 1 || 2007508 || 9 || web-application-attack || 0 || ET DELETED 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007508 1 || 2007509 || 9 || web-application-attack || 0 || ET DELETED 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007509 1 || 2007510 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007510 1 || 2007511 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007511 1 || 2007512 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007512 1 || 2007513 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007513 1 || 2007514 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007514 1 || 2007515 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007515 1 || 2007516 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007516 1 || 2007517 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007517 1 || 2007518 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007518 1 || 2007519 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007519 1 || 2007520 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007520 1 || 2007521 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007521 1 || 2007522 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007522 1 || 2007523 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007523 1 || 2007524 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007524 1 || 2007525 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007525 1 || 2007526 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007526 1 || 2007527 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007527 1 || 2007528 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007528 1 || 2007529 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007529 1 || 2007530 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007530 1 || 2007531 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007531 1 || 2007532 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007532 1 || 2007533 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007533 1 || 2007534 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007534 1 || 2007535 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007535 1 || 2007536 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007536 1 || 2007537 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007537 1 || 2007538 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007538 1 || 2007539 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007539 1 || 2007540 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007540 1 || 2007541 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007541 1 || 2007542 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007542 1 || 2007543 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007543 1 || 2007544 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007544 1 || 2007545 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007545 1 || 2007546 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007546 1 || 2007547 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007547 1 || 2007548 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007548 1 || 2007549 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007549 1 || 2007550 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007550 1 || 2007551 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007551 1 || 2007552 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007552 1 || 2007553 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007553 1 || 2007554 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007554 1 || 2007555 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007555 1 || 2007556 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007556 1 || 2007557 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007557 1 || 2007558 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007558 1 || 2007559 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007559 1 || 2007560 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007560 1 || 2007561 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007561 1 || 2007562 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007562 1 || 2007563 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007563 1 || 2007564 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- default.asp page INSERT || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007564 1 || 2007565 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query UPDATE || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007565 1 || 2007566 || 8 || trojan-activity || 0 || ET TROJAN Downloader.MisleadApp Fake Security Product Install || url,doc.emergingthreats.net/2007566 1 || 2007567 || 10 || trojan-activity || 0 || ET TROJAN Zlob User Agent - updating (unknown) || url,doc.emergingthreats.net/2007567 1 || 2007568 || 5 || trojan-activity || 0 || ET TROJAN Zlob Updating via HTTP || url,doc.emergingthreats.net/2007568 1 || 2007569 || 11 || trojan-activity || 0 || ET DELETED QQPass Related User-Agent Infection Checkin (App4) || url,doc.emergingthreats.net/2007569 1 || 2007570 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Dummy) || url,doc.emergingthreats.net/bin/view/Main/2007570 1 || 2007571 || 6 || policy-violation || 0 || ET POLICY Remote Desktop Connection via non RDP Port || url,doc.emergingthreats.net/2007571 1 || 2007572 || 5 || trojan-activity || 0 || ET DELETED Vundo.dam http Checkin after infection || url,doc.emergingthreats.net/2007572 1 || 2007573 || 4 || trojan-activity || 0 || ET TROJAN Vundo.dam http Update || url,doc.emergingthreats.net/2007573 1 || 2007575 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (AntiSpyware) - Likely 2squared.com related || url,doc.emergingthreats.net/bin/view/Main/2007575 1 || 2007576 || 4 || trojan-activity || 0 || ET POLICY CCProxy in use remotely - Possibly Hostile/Malware || url,www.youngzsoft.net || url,doc.emergingthreats.net/bin/view/Main/2007576 1 || 2007577 || 6 || trojan-activity || 0 || ET TROJAN General Downloader Checkin URL (GUID+) || url,doc.emergingthreats.net/2007577 1 || 2007578 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Qhost C&C Traffic Outbound (case1) || url,/www.viruslist.com/en/viruses/encyclopedia?virusid=142254 || url,doc.emergingthreats.net/2007578 1 || 2007579 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Qhost C&C Traffic Outbound (case2) || url,/www.viruslist.com/en/viruses/encyclopedia?virusid=142254 || url,doc.emergingthreats.net/2007579 1 || 2007580 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Qhost C&C Traffic Inbound (case1) || url,/www.viruslist.com/en/viruses/encyclopedia?virusid=142254 || url,doc.emergingthreats.net/2007580 1 || 2007581 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Qhost C&C Traffic Inbound (case2) || url,/www.viruslist.com/en/viruses/encyclopedia?virusid=142254 || url,doc.emergingthreats.net/2007581 1 || 2007582 || 9 || trojan-activity || 0 || ET MALWARE Vikiller.com Fake Antispyware User-Agent (vikiller ctrl...) || url,doc.emergingthreats.net/2007582 1 || 2007583 || 10 || trojan-activity || 0 || ET TROJAN iebar Spyware User Agent (iebar) || url,doc.emergingthreats.net/2007583 1 || 2007584 || 7 || misc-attack || 0 || ET EXPLOIT TrendMicro ServerProtect Exploit possible worma(little-endian DCERPC Request) || url,isc.sans.org/diary.html?storyid=3310 || url,doc.emergingthreats.net/bin/view/Main/2007584 1 || 2007585 || 4 || trojan-activity || 0 || ET TROJAN Win32.SkSocket C&C Connection || url,doc.emergingthreats.net/2007585 1 || 2007587 || 6 || trojan-activity || 0 || ET TROJAN General Downloader or Virut C&C Ack || url,doc.emergingthreats.net/2007587 1 || 2007592 || 7 || trojan-activity || 0 || ET TROJAN Hupigon URL Infection Checkin Detected || url,doc.emergingthreats.net/2007592 1 || 2007593 || 5 || trojan-activity || 0 || ET MALWARE SpyShredder Fake Anti-Spyware Install Download || url,doc.emergingthreats.net/bin/view/Main/2007593 1 || 2007594 || 9 || trojan-activity || 0 || ET TROJAN Banker.Delf User-Agent (Mz) || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2007594 1 || 2007595 || 6 || trojan-activity || 0 || ET TROJAN Downloader.Dluca HTTP Checkin || url,doc.emergingthreats.net/2007595 1 || 2007597 || 8 || trojan-activity || 0 || ET MALWARE NewWeb/Sudui.com Spyware User-Agent (B Register) || url,doc.emergingthreats.net/2007597 1 || 2007598 || 8 || trojan-activity || 0 || ET MALWARE NewWeb/Sudui.com Spyware User-Agent (updatesodui) || url,doc.emergingthreats.net/2007598 1 || 2007599 || 8 || trojan-activity || 0 || ET MALWARE NewWeb/Sudui.com Spyware User-Agent (aaaabbb) || url,doc.emergingthreats.net/2007599 1 || 2007600 || 8 || trojan-activity || 0 || ET MALWARE TryMedia Spyware User-Agent (TryMedia_DM_2.0.0) || url,doc.emergingthreats.net/2007600 1 || 2007601 || 6 || trojan-activity || 0 || ET MALWARE Advertisementserver.com Spyware Initial Checkin || url,doc.emergingthreats.net/bin/view/Main/2007601 1 || 2007602 || 8 || trojan-activity || 0 || ET MALWARE Advertisementserver.com Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2007602 1 || 2007603 || 4 || trojan-activity || 0 || ET TROJAN Proxy.Win32.Wopla.ag Check-In || url,doc.emergingthreats.net/2007603 1 || 2007604 || 5 || trojan-activity || 0 || ET TROJAN Proxy.Win32.Wopla.ag Server Reply || url,doc.emergingthreats.net/2007604 1 || 2007605 || 3 || trojan-activity || 0 || ET DELETED Singworm MSN message Outbound || url,doc.emergingthreats.net/2007605 1 || 2007606 || 3 || trojan-activity || 0 || ET DELETED Singworm MSN message Inbound || url,doc.emergingthreats.net/2007606 1 || 2007607 || 5 || trojan-activity || 0 || ET MALWARE Zango Spyware Post || url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045 || url,doc.emergingthreats.net/bin/view/Main/2007607 1 || 2007608 || 3 || trojan-activity || 0 || ET TROJAN Win32.Agent.bea C&C connection || url,doc.emergingthreats.net/2007608 1 || 2007609 || 4 || trojan-activity || 0 || ET TROJAN Win32.Small.qh/xSock User-Agent Detected || url,doc.emergingthreats.net/2007609 1 || 2007610 || 6 || trojan-activity || 0 || ET TROJAN Win32.Small.qh/xSock Checkin URL Detected || url,doc.emergingthreats.net/2007610 1 || 2007611 || 8 || trojan-activity || 0 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1 || url,doc.emergingthreats.net/2007611 1 || 2007612 || 8 || trojan-activity || 0 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3 || url,doc.emergingthreats.net/2007612 1 || 2007613 || 7 || trojan-activity || 0 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1 || url,doc.emergingthreats.net/2007613 1 || 2007614 || 7 || trojan-activity || 0 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3 || url,doc.emergingthreats.net/2007614 1 || 2007615 || 8 || trojan-activity || 0 || ET DELETED Unidentified Spyware User Agent (0 0 + 128 chars) || url,doc.emergingthreats.net/2007615 1 || 2007616 || 11 || trojan-activity || 0 || ET USER_AGENTS klm123.com Spyware User Agent || url,doc.emergingthreats.net/2007616 1 || 2007617 || 9 || trojan-activity || 0 || ET MALWARE VirusProtectPro Spyware User-Agent (VirusProtectPro) || url,doc.emergingthreats.net/2007617 1 || 2007618 || 6 || trojan-activity || 0 || ET TROJAN Storm Worm ICMP DDOS Traffic || url,doc.emergingthreats.net/2007618 1 || 2007620 || 6 || trojan-activity || 0 || ET TROJAN Zlob Updating via HTTP (v2) || url,doc.emergingthreats.net/2007620 1 || 2007621 || 5 || trojan-activity || 0 || ET DELETED Kaiten IRCbotnet login || url,en.wikipedia.org/wiki/IRC_bot || url,doc.emergingthreats.net/2007621 1 || 2007622 || 4 || trojan-activity || 0 || ET DELETED Kaiten IRCbotnet Response || url,en.wikipedia.org/wiki/IRC_bot || url,doc.emergingthreats.net/2007622 1 || 2007623 || 5 || trojan-activity || 0 || ET DELETED Kaiten IRCbotnet Commands || url,en.wikipedia.org/wiki/IRC_bot || url,doc.emergingthreats.net/2007623 1 || 2007624 || 5 || trojan-activity || 0 || ET DELETED Pitbull IRCbotnet Response || url,en.wikipedia.org/wiki/IRC_bot || url,doc.emergingthreats.net/2007624 1 || 2007625 || 6 || trojan-activity || 0 || ET DELETED Pitbull IRCbotnet Commands || url,en.wikipedia.org/wiki/IRC_bot || url,doc.emergingthreats.net/2007625 1 || 2007626 || 6 || trojan-activity || 0 || ET DELETED Pitbull IRCbotnet Fetch || url,en.wikipedia.org/wiki/IRC_bot || url,doc.emergingthreats.net/2007626 1 || 2007627 || 5 || policy-violation || 0 || ET POLICY Hyves Login Attempt || url,doc.emergingthreats.net/2007627 1 || 2007628 || 5 || policy-violation || 0 || ET POLICY Hyves Inbox Access || url,doc.emergingthreats.net/2007628 1 || 2007629 || 5 || policy-violation || 0 || ET POLICY Hyves Message Access || url,doc.emergingthreats.net/2007629 1 || 2007630 || 6 || policy-violation || 0 || ET POLICY Hyves Compose Message || url,doc.emergingthreats.net/2007630 1 || 2007631 || 6 || policy-violation || 0 || ET POLICY Hyves Message Submit || url,doc.emergingthreats.net/2007631 1 || 2007633 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Matcash related Trojan Downloader (Ismazo Advanced Loader) || url,doc.emergingthreats.net/2007633 1 || 2007634 || 3 || trojan-activity || 0 || ET TROJAN Storm Worm Encrypted Traffic Outbound - Likely Search by md5 || url,doc.emergingthreats.net/2007634 1 || 2007635 || 3 || trojan-activity || 0 || ET TROJAN Storm Worm Encrypted Traffic Inbound - Likely Connect Ack || url,doc.emergingthreats.net/2007635 1 || 2007636 || 3 || trojan-activity || 0 || ET TROJAN Storm Worm Encrypted Traffic Inbound - Likely Search by md5 || url,doc.emergingthreats.net/2007636 1 || 2007637 || 3 || trojan-activity || 0 || ET TROJAN Storm Worm Encrypted Traffic Outbound - Likely Connect Ack || url,doc.emergingthreats.net/2007637 1 || 2007638 || 4 || policy-violation || 0 || ET POLICY Netflix On-demand User-Agent || url,doc.emergingthreats.net/2007638 1 || 2007639 || 5 || policy-violation || 0 || ET POLICY FOX,ABC On-demand UA || url,doc.emergingthreats.net/2007639 1 || 2007640 || 6 || trojan-activity || 0 || ET DELETED Storm Making initial outbound connection || url,doc.emergingthreats.net/bin/view/Main/StormWorm 1 || 2007641 || 6 || trojan-activity || 0 || ET DELETED Storm Controller Response to Drone via tcp || url,doc.emergingthreats.net/bin/view/Main/StormWorm 1 || 2007642 || 6 || trojan-activity || 0 || ET MALWARE Viruscheck.co.kr Related Fake Anti-Spyware Post (chkvs) || url,doc.emergingthreats.net/bin/view/Main/2007642 1 || 2007643 || 10 || trojan-activity || 0 || ET MALWARE Viruscheck.co.kr Fake Antispyware User-Agent (viruscheck) || url,doc.emergingthreats.net/2007643 1 || 2007644 || 7 || trojan-activity || 0 || ET TROJAN Win32.Agent.cah Checkin Request || url,doc.emergingthreats.net/2007644 1 || 2007645 || 10 || trojan-activity || 0 || ET MALWARE Ufixer.com Fake Antispyware User-Agent (Ultimate Fixer) || url,doc.emergingthreats.net/2007645 1 || 2007646 || 9 || trojan-activity || 0 || ET TROJAN Farfli User Agent Detected || url,doc.emergingthreats.net/2007646 1 || 2007647 || 9 || trojan-activity || 0 || ET DELETED Casalemedia.com Related User Agent (0 0 ...) || url,doc.emergingthreats.net/2007647 1 || 2007648 || 8 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (XXX) || url,doc.emergingthreats.net/bin/view/Main/2007648 1 || 2007649 || 5 || trojan-activity || 0 || ET MALWARE Spylog.ru Related Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2007649 1 || 2007650 || 4 || trojan-activity || 0 || ET TROJAN Mac Trojan HTTP Checkin (accept-language violation) || url,doc.emergingthreats.net/2007650 1 || 2007651 || 6 || web-application-activity || 0 || ET ATTACK_RESPONSE x2300 phpshell detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007651 1 || 2007652 || 5 || web-application-activity || 0 || ET ATTACK_RESPONSE c99shell phpshell detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007652 1 || 2007653 || 6 || web-application-activity || 0 || ET ATTACK_RESPONSE RFI Scanner detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007653 1 || 2007654 || 6 || web-application-activity || 0 || ET ATTACK_RESPONSE C99 Modified phpshell detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007654 1 || 2007655 || 6 || web-application-activity || 0 || ET ATTACK_RESPONSE lila.jpg phpshell detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007655 1 || 2007656 || 6 || web-application-activity || 0 || ET ATTACK_RESPONSE ALBANIA id.php detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007656 1 || 2007657 || 6 || web-application-activity || 0 || ET ATTACK_RESPONSE Mic22 id.php detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007657 1 || 2007659 || 9 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (QdrBi Starter) || url,doc.emergingthreats.net/bin/view/Main/2007659 1 || 2007660 || 11 || trojan-activity || 0 || ET MALWARE Winxpperformance.com Related Spyware User-Agent (Microsoft Internet Browser) || url,doc.emergingthreats.net/2007660 1 || 2007661 || 6 || trojan-activity || 0 || ET TROJAN Hupigon User Agent Detected (RAV1.23) || url,doc.emergingthreats.net/2007661 1 || 2007663 || 4 || trojan-activity || 0 || ET TROJAN Win32.Agent.pt User-Agent Detected || url,doc.emergingthreats.net/2007663 1 || 2007664 || 5 || trojan-activity || 0 || ET MALWARE AVSystemcare.com.com Fake Anti-Virus Product || url,doc.emergingthreats.net/bin/view/Main/2007664 1 || 2007666 || 8 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (install_s) || url,doc.emergingthreats.net/bin/view/Main/2007666 1 || 2007667 || 8 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (count) || url,doc.emergingthreats.net/bin/view/Main/2007667 1 || 2007668 || 17 || trojan-activity || 0 || ET TROJAN Blackenergy Bot Checkin to C&C || url,asert.arbornetworks.com/2007/10/blackenergy-ddos-bot-analysis-available || url,doc.emergingthreats.net/2007668 1 || 2007669 || 11 || trojan-activity || 0 || ET DELETED Nulprot Checkin Response || url,doc.emergingthreats.net/2007669 1 || 2007670 || 9 || not-suspicious || 0 || ET DELETED Likely Binary in HTTP by Type Flowbit || url,doc.emergingthreats.net/2007670 1 || 2007671 || 15 || policy-violation || 0 || ET POLICY Binary Download Smaller than 1 MB Likely Hostile || url,doc.emergingthreats.net/2007671 1 || 2007672 || 7 || misc-activity || 0 || ET DELETED B0tN3t IRCbotnet || url,en.wikipedia.org/wiki/Botnet || url,doc.emergingthreats.net/2007672 1 || 2007673 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity TCP (1) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007674 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity TCP (2) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007675 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity TCP (3) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007676 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity TCP (4) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007677 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity TCP (5) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007678 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity UDP (1) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007679 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity UDP (2) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007680 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity UDP (3) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007681 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity UDP (4) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007682 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity UDP (5) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007683 || 12 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 HTTP Activity 1 || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007684 || 12 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 HTTP Activity 2 || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007685 || 12 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 HTTP Activity 3 || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007686 || 10 || denial-of-service || 0 || ET TROJAN E-Jihad 3.0 DDoS HTTP Activity OUTBOUND || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007687 || 10 || denial-of-service || 0 || ET TROJAN E-Jihad 3.0 DDoS HTTP Activity INBOUND || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool 1 || 2007688 || 10 || trojan-activity || 0 || ET TROJAN Prg Trojan HTTP POST v1 || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2007688 1 || 2007689 || 5 || trojan-activity || 0 || ET TROJAN Hupigon User Agent Detected (??) || url,doc.emergingthreats.net/2007689 1 || 2007690 || 9 || trojan-activity || 0 || ET MALWARE IEDefender (iedefender.com) Fake Antispyware User Agent (IEDefender 2.1) || url,doc.emergingthreats.net/2007690 1 || 2007692 || 7 || trojan-activity || 0 || ET TROJAN Basine Trojan Checkin || url,doc.emergingthreats.net/2007692 1 || 2007693 || 10 || trojan-activity || 0 || ET MALWARE Zredirector.com Related Spyware User-Agent (BndDriveLoader) || url,doc.emergingthreats.net/2007693 1 || 2007694 || 9 || trojan-activity || 0 || ET MALWARE Popads123.com Related Spyware User-Agent (LmaokaazLdr) || url,doc.emergingthreats.net/2007694 1 || 2007695 || 19 || policy-violation || 0 || ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System || url,doc.emergingthreats.net/bin/view/Main/Windows98UA 1 || 2007696 || 5 || trojan-activity || 0 || ET MALWARE Softwarereferral.com Adware Checkin || url,doc.emergingthreats.net/bin/view/Main/2007696 1 || 2007697 || 10 || trojan-activity || 0 || ET MALWARE Antivirgear.com Fake Anti-Spyware User-Agent (AntiVirGear) || url,doc.emergingthreats.net/2007697 1 || 2007698 || 4 || trojan-activity || 0 || ET TROJAN Vanquish Trojan HTTP Checkin || url,doc.emergingthreats.net/2007698 1 || 2007699 || 7 || trojan-activity || 0 || ET TROJAN Banker.Delf User-Agent (WINDOWS_LOADS) || url,doc.emergingthreats.net/2007699 1 || 2007700 || 6 || trojan-activity || 0 || ET TROJAN ExplorerHijack Trojan HTTP Checkin || url,doc.emergingthreats.net/2007700 1 || 2007701 || 5 || trojan-activity || 0 || ET DELETED Storm Worm Encrypted Variant 1 Traffic (1) || url,doc.emergingthreats.net/2007701 1 || 2007702 || 5 || trojan-activity || 0 || ET DELETED Storm Worm Encrypted Variant 1 Traffic (2) || url,doc.emergingthreats.net/2007702 1 || 2007703 || 11 || attempted-user || 0 || ET WEB_CLIENT Apple Quicktime RTSP Content-Type overflow attempt || url,www.kb.cert.org/vuls/id/659761 || url,www.milw0rm.com/exploits/4657 || url,doc.emergingthreats.net/2007703 1 || 2007704 || 6 || attempted-user || 0 || ET WEB_CLIENT Apple Quicktime RTSP Content-Type overflow attempt || url,www.kb.cert.org/vuls/id/659761 || url,www.milw0rm.com/exploits/4657 || url,doc.emergingthreats.net/2007704 1 || 2007711 || 11 || trojan-activity || 0 || ET DELETED Srizbi registering with controller || url,www.secureworks.com/research/threats/ronpaul/ || url,doc.emergingthreats.net/2007711 1 || 2007712 || 8 || trojan-activity || 0 || ET TROJAN Srizbi requesting template || url,www.secureworks.com/research/threats/ronpaul/ || url,doc.emergingthreats.net/2007712 1 || 2007715 || 9 || trojan-activity || 0 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - user || url,doc.emergingthreats.net/bin/view/Main/2007715 1 || 2007717 || 7 || trojan-activity || 0 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - pass || url,doc.emergingthreats.net/bin/view/Main/2007717 1 || 2007723 || 8 || trojan-activity || 0 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - retr || url,doc.emergingthreats.net/bin/view/Main/2007723 1 || 2007724 || 12 || trojan-activity || 0 || ET TROJAN Prg Trojan HTTP POST version 2 || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2007724 1 || 2007725 || 6 || trojan-activity || 0 || ET ATTACK_RESPONSE Unusual FTP Server Banner on High Port (WinFtpd) || url,doc.emergingthreats.net/bin/view/Main/2007725 1 || 2007726 || 6 || trojan-activity || 0 || ET ATTACK_RESPONSE Unusual FTP Server Banner on High Port (StnyFtpd) || url,doc.emergingthreats.net/bin/view/Main/2007726 1 || 2007727 || 5 || policy-violation || 0 || ET P2P possible torrent download || url,doc.emergingthreats.net/bin/view/Main/2007727 1 || 2007728 || 10 || trojan-activity || 0 || ET TROJAN TROJ_PROX.AFV POST || url,trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPROXY%2EAFV&VSect=T || url,doc.emergingthreats.net/2007728 1 || 2007742 || 7 || trojan-activity || 0 || ET TROJAN Storm C&C with typo'd User-Agent (Windoss) || url,doc.emergingthreats.net/2007742 1 || 2007743 || 10 || trojan-activity || 0 || ET TROJAN Nebuler/Dialer.qn HTTP Request - Checkin || url,www.symantec.com/security_response/writeup.jsp?docid=2006-051916-2518-99&tabid=2 || url,www.microsoft.com/security/portal/Entry.aspx?Name=Trojan%3aWin32%2fNebuler.gen!D || url,www.threatexpert.com/report.aspx?md5=e9f1f226ff86e72c558e9a9da32c796d || url,doc.emergingthreats.net/2007743 1 || 2007744 || 8 || trojan-activity || 0 || ET MALWARE Guard-Center.com Fake AntiVirus Post-Install Checkin || url,doc.emergingthreats.net/bin/view/Main/2007744 1 || 2007746 || 5 || policy-violation || 0 || ET GAMES Gold VIP Club Casino Client in Use || url,doc.emergingthreats.net/2007746 1 || 2007747 || 7 || trojan-activity || 0 || ET DELETED MBR Trojan (Sinowal/Mebroot/) Phoning Home || url,doc.emergingthreats.net/2007747 1 || 2007748 || 8 || trojan-activity || 0 || ET DELETED NPRC Malicious POST Request Possible DOJ or DOT Malware || url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835 || url,doc.emergingthreats.net/2007748 1 || 2007749 || 6 || trojan-activity || 0 || ET MALWARE host-domain-lookup.com spyware related Checkin || url,doc.emergingthreats.net/bin/view/Main/2007749 1 || 2007750 || 6 || trojan-activity || 0 || ET MALWARE host-domain-lookup.com spyware related Start Report || url,doc.emergingthreats.net/bin/view/Main/2007750 1 || 2007751 || 3 || trojan-activity || 0 || ET TROJAN Saturn Proxy Initial Outbound Checkin (404.txt) || url,doc.emergingthreats.net/2007751 1 || 2007752 || 5 || trojan-activity || 0 || ET TROJAN Saturn Proxy Checkin Response || url,doc.emergingthreats.net/2007752 1 || 2007753 || 3 || trojan-activity || 0 || ET TROJAN Saturn Proxy C&C Activity || url,doc.emergingthreats.net/2007753 1 || 2007754 || 4 || policy-violation || 0 || ET POLICY Club World Casino Client in Use || url,doc.emergingthreats.net/2007754 1 || 2007755 || 5 || trojan-activity || 0 || ET DELETED Trojan-Downloader.Win32.Small.hkp Checkin via HTTP || url,doc.emergingthreats.net/2007755 1 || 2007756 || 11 || trojan-activity || 0 || ET DELETED PWS-LDPinch posting data (2) || url,doc.emergingthreats.net/2007756 1 || 2007757 || 10 || attempted-recon || 0 || ET SCAN w3af User Agent || url,w3af.sourceforge.net || url,doc.emergingthreats.net/2007757 1 || 2007758 || 8 || trojan-activity || 0 || ET TROJAN Eldorado.BHO User-Agent Detected (netcfg) || url,doc.emergingthreats.net/2007758 1 || 2007759 || 7 || trojan-activity || 0 || ET MALWARE Alfaantivirus.com Fake Anti-Virus User-Agent (IM Download) || url,doc.emergingthreats.net/2007759 1 || 2007762 || 5 || trojan-activity || 0 || ET DELETED Majestic-12 Spider Bot User-Agent Inbound (MJ12bot) || url,www.majestic12.co.uk/ || url,doc.emergingthreats.net/2007762 1 || 2007763 || 6 || policy-violation || 0 || ET POLICY CBS Streaming Video || url,doc.emergingthreats.net/2007763 1 || 2007764 || 5 || policy-violation || 0 || ET POLICY NBC Streaming Video || url,doc.emergingthreats.net/2007764 1 || 2007765 || 9 || policy-violation || 0 || ET POLICY Logmein.com Host List Download || url,doc.emergingthreats.net/2007765 1 || 2007766 || 6 || policy-violation || 0 || ET POLICY Logmein.com Update Activity || url,doc.emergingthreats.net/2007766 1 || 2007767 || 6 || trojan-activity || 0 || ET TROJAN Pakes User-Agent Detected || url,doc.emergingthreats.net/2007767 1 || 2007768 || 6 || trojan-activity || 0 || ET TROJAN Pakes Update Detected || url,doc.emergingthreats.net/2007768 1 || 2007769 || 4 || trojan-activity || 0 || ET TROJAN Zhelatin Update Detected || url,doc.emergingthreats.net/2007769 1 || 2007770 || 6 || trojan-activity || 0 || ET TROJAN Tear Application User-Agent Detected || url,doc.emergingthreats.net/2007770 1 || 2007771 || 10 || trojan-activity || 0 || ET TROJAN Pushdo Update URL Detected || url,doc.emergingthreats.net/2007771 1 || 2007772 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Internet Explorer (compatible)) || url,doc.emergingthreats.net/bin/view/Main/2007772 1 || 2007774 || 9 || trojan-activity || 0 || ET TROJAN Lop.gfr/Swizzor HTTP Update/Checkin || url,doc.emergingthreats.net/2007774 1 || 2007775 || 10 || trojan-activity || 0 || ET DELETED Krunchy/BZub HTTP Checkin/Update || url,doc.emergingthreats.net/2007775 1 || 2007776 || 9 || trojan-activity || 0 || ET TROJAN Krunchy/BZub HTTP POST Update || url,doc.emergingthreats.net/2007776 1 || 2007777 || 4 || trojan-activity || 0 || ET DELETED Browser HiJacker/Infostealer Stat file || url,doc.emergingthreats.net/2007777 1 || 2007778 || 13 || trojan-activity || 0 || ET TROJAN User-agent DownloadNetFile Win32.small.hsh downloader || url,doc.emergingthreats.net/2007778 1 || 2007779 || 5 || trojan-activity || 0 || ET TROJAN Kpang.com Related Trojan User-Agent (kpangupdate) || url,doc.emergingthreats.net/2007779 1 || 2007780 || 3 || trojan-activity || 0 || ET TROJAN Ssppyy.com Surveillance Agent Reporting via Email || url,doc.emergingthreats.net/2007780 1 || 2007781 || 6 || trojan-activity || 0 || ET DELETED Zapchast Bot User-Agent || url,www.majestic12.co.uk/bot.php || url,doc.emergingthreats.net/2007781 1 || 2007786 || 7 || trojan-activity || 0 || ET MALWARE PCDoc.co.kr Fake AV User-Agent (PCDoc11) || url,doc.emergingthreats.net/bin/view/Main/2007786 1 || 2007787 || 4 || trojan-activity || 0 || ET TROJAN Zhelatin npopup Update Detected || url,doc.emergingthreats.net/2007787 1 || 2007788 || 5 || trojan-activity || 0 || ET MALWARE Theinstalls.com Initial Checkin || url,www.theinstalls.com || url,doc.emergingthreats.net/bin/view/Main/2007788 1 || 2007798 || 7 || trojan-activity || 0 || ET DELETED Theinstalls.com Trojan Download || url,www.theinstalls.com || url,doc.emergingthreats.net/bin/view/Main/2007798 1 || 2007799 || 4 || policy-violation || 0 || ET P2P Azureus P2P Client User-Agent || url,doc.emergingthreats.net/bin/view/Main/2007799 1 || 2007800 || 4 || policy-violation || 0 || ET P2P LimeWire P2P Traffic || url,www.limewire.com || url,doc.emergingthreats.net/bin/view/Main/2007800 1 || 2007801 || 4 || policy-violation || 0 || ET P2P Gnutella TCP Traffic || url,doc.emergingthreats.net/bin/view/Main/2007801 1 || 2007802 || 4 || network-scan || 0 || ET SCAN Grim's Ping ftp scanning tool || url,archives.neohapsis.com/archives/snort/2002-04/0448.html || url,grimsping.cjb.net || url,doc.emergingthreats.net/2007802 1 || 2007803 || 4 || trojan-activity || 0 || ET TROJAN Win32.Inject.ql Checkin Post || url,doc.emergingthreats.net/2007803 1 || 2007804 || 6 || trojan-activity || 0 || ET MALWARE PCDoc.co.kr Fake AV User-Agent (mypcdoctor) || url,doc.emergingthreats.net/bin/view/Main/2007804 1 || 2007805 || 4 || trojan-activity || 0 || ET DELETED Blink.com related Backdoor Checkin || url,doc.emergingthreats.net/2007805 1 || 2007806 || 5 || trojan-activity || 0 || ET DELETED Blink.com related Upgrade Command Given || url,doc.emergingthreats.net/2007806 1 || 2007807 || 4 || trojan-activity || 0 || ET TROJAN Rcash.co.kr Bootup Checkin via HTTP || url,doc.emergingthreats.net/2007807 1 || 2007808 || 6 || trojan-activity || 0 || ET TROJAN Cashpoint.com Related checkin User-Agent (inetinst) || url,doc.emergingthreats.net/2007808 1 || 2007809 || 7 || trojan-activity || 0 || ET MALWARE Doctorvaccine.co.kr Related Spyware-User Agent (ers) || url,doc.emergingthreats.net/2007809 1 || 2007810 || 6 || trojan-activity || 0 || ET TROJAN Cashpoint.com Related checkin User-Agent (okcpmgr) || url,doc.emergingthreats.net/2007810 1 || 2007811 || 5 || trojan-activity || 0 || ET TROJAN Metajuan trojan checkin || url,www.symantec.com/security_response/writeup.jsp?docid=2007-030112-0714-99 || url,doc.emergingthreats.net/2007811 1 || 2007820 || 6 || trojan-activity || 0 || ET MALWARE Rabio Spyware/Adware Initial Registration || url,www.spywareguide.com/product_show.php?id=3770 || url,www.rabio.com || url,doc.emergingthreats.net/bin/view/Main/2007820 1 || 2007821 || 6 || trojan-activity || 0 || ET MALWARE Rabio.com Related Adware/Spyware User-Agent (HTTP_CONNECT_2) || url,doc.emergingthreats.net/bin/view/Main/2007821 1 || 2007822 || 5 || trojan-activity || 0 || ET TROJAN Densmail.com Related Trojan Checkin || url,doc.emergingthreats.net/2007822 1 || 2007823 || 8 || trojan-activity || 0 || ET DELETED Banker.OT Checkin || url,doc.emergingthreats.net/2007823 1 || 2007824 || 7 || trojan-activity || 0 || ET TROJAN Banker.anv Generally Suspicious User-Agent (CustomExchangeBrowser) || url,doc.emergingthreats.net/2007824 1 || 2007825 || 4 || trojan-activity || 0 || ET TROJAN Neonaby.com Related Trojan User-Agent (neonabyupdate) || url,doc.emergingthreats.net/2007825 1 || 2007826 || 5 || trojan-activity || 0 || ET TROJAN Suspicious Useragent Used by Several trojans (API-Guide test program) || url,doc.emergingthreats.net/2007826 1 || 2007827 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (ie) - Possible Trojan Downloader || url,doc.emergingthreats.net/2007827 1 || 2007828 || 14 || trojan-activity || 0 || ET DELETED LDPinch Checkin (2) || url,doc.emergingthreats.net/2007828 1 || 2007829 || 9 || trojan-activity || 0 || ET TROJAN Illusion Bot (Lussilon) Checkin || url,doc.emergingthreats.net/2007829 1 || 2007831 || 5 || trojan-activity || 0 || ET TROJAN Downloader General Bot Checking In via HTTP Post (bot_id push) || url,doc.emergingthreats.net/2007831 1 || 2007832 || 3 || trojan-activity || 0 || ET TROJAN Theoreon.com Related Trojan Checkin || url,doc.emergingthreats.net/2007832 1 || 2007833 || 5 || trojan-activity || 0 || ET TROJAN Eldorado.BHO User-Agent Detected (MSIE 5.5) || url,doc.emergingthreats.net/2007833 1 || 2007834 || 4 || trojan-activity || 0 || ET TROJAN Renos/ssd.com HTTP Checkin || url,doc.emergingthreats.net/2007834 1 || 2007836 || 6 || trojan-activity || 0 || ET TROJAN Downloader General Bot Checking In - Possible Win32.Small.htz related || url,doc.emergingthreats.net/2007836 1 || 2007837 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (WinInet) || url,doc.emergingthreats.net/2007837 1 || 2007838 || 5 || trojan-activity || 0 || ET TROJAN Delf HTTP Checkin (1) || url,doc.emergingthreats.net/2007838 1 || 2007839 || 7 || trojan-activity || 0 || ET MALWARE Drpcclean.com Related Spyware User-Agent (DrPCClean Transmit) || url,doc.emergingthreats.net/2007839 1 || 2007840 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Possible Trojan Downloader Shell || url,doc.emergingthreats.net/2007840 || url,www.securelist.com/en/blog/434/The_Chinese_bootkit 1 || 2007842 || 6 || trojan-activity || 0 || ET DELETED Softspydelete.com Fake Anti-Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2007842 1 || 2007843 || 6 || trojan-activity || 0 || ET TROJAN Bzub2 Related RPC/Http Checkin || url,doc.emergingthreats.net/2007843 1 || 2007845 || 9 || trojan-activity || 0 || ET MALWARE Errclean.com Related Spyware User-Agent (Locus NetInstaller) || url,doc.emergingthreats.net/2007845 1 || 2007847 || 3 || web-application-attack || 0 || ET ACTIVEX Sony ImageStation (SonyISUpload.cab 1.0.0.38) ActiveX Buffer Overflow Exploit || url,www.milw0rm.com/exploits/5086 || url,www.milw0rm.com/exploits/5100 || url,doc.emergingthreats.net/bin/view/Main/2007847 1 || 2007849 || 4 || trojan-activity || 0 || ET TROJAN Kpang.com Related Trojan User-Agent (alertup) || url,doc.emergingthreats.net/2007849 1 || 2007851 || 9 || web-application-attack || 0 || ET ACTIVEX Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit || url,www.milw0rm.com/exploits/5106 || bugtraq,21458 || cve,CVE-2006-6334 || url,doc.emergingthreats.net/bin/view/Main/2007851 1 || 2007852 || 9 || web-application-attack || 0 || ET ACTIVEX Gateway Weblaunch2.ocx ActiveX Control Insecure Method Exploit || url,www.milw0rm.com/exploits/4982 || bugtraq,27193 || url,doc.emergingthreats.net/2007852 1 || 2007853 || 7 || web-application-attack || 0 || ET ACTIVEX ImageShack Toolbar ImageShackToolbar.dll ActiveX Control Insecure Method Vulnerability || url,www.milw0rm.com/exploits/4981 || bugtraq,27439 || url,doc.emergingthreats.net/2007853 1 || 2007854 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Mozilla) - Possible Spyware Related || url,doc.emergingthreats.net/bin/view/Main/2007854 1 || 2007855 || 5 || trojan-activity || 0 || ET MALWARE OneStepSearch Host Activity || url,doc.emergingthreats.net/bin/view/Main/2007855 1 || 2007856 || 4 || trojan-activity || 0 || ET MALWARE System-defender.com Fake AV Install Checkin || url,www.system-defender.com || url,doc.emergingthreats.net/bin/view/Main/2007856 1 || 2007858 || 2 || trojan-activity || 0 || ET TROJAN Delf Keylog FTP Upload || url,doc.emergingthreats.net/2007858 1 || 2007859 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (microsoft) - Possible Trojan Downloader || url,doc.emergingthreats.net/bin/view/Main/2007859 1 || 2007860 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (Internet Explorer 6.0) - Possible Trojan Downloader || url,doc.emergingthreats.net/bin/view/Main/2007860 1 || 2007861 || 4 || trojan-activity || 0 || ET MALWARE Softcashier.com Spyware Install Checkin || url,doc.emergingthreats.net/bin/view/Main/2007861 1 || 2007862 || 11 || trojan-activity || 0 || ET TROJAN LDPinch Checkin (3) || url,doc.emergingthreats.net/2007862 1 || 2007863 || 9 || trojan-activity || 0 || ET TROJAN Banload HTTP Checkin || url,doc.emergingthreats.net/2007863 1 || 2007864 || 8 || trojan-activity || 0 || ET TROJAN Banload HTTP Checkin Detected || url,doc.emergingthreats.net/2007864 1 || 2007865 || 4 || trojan-activity || 0 || ET MALWARE Winreanimator.com Fake AV Install Attempt || url,www.winreanimator.com || url,doc.emergingthreats.net/bin/view/Main/2007865 1 || 2007866 || 8 || trojan-activity || 0 || ET CHAT Gadu-Gadu Chat Client Checkin via HTTP || url,doc.emergingthreats.net/2007866 1 || 2007867 || 10 || trojan-activity || 0 || ET DELETED Delf HTTP Post Checkin (1) || url,doc.emergingthreats.net/2007867 1 || 2007868 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Firefox) - Possible Trojan Downloader || url,doc.emergingthreats.net/bin/view/Main/2007868 1 || 2007869 || 7 || trojan-activity || 0 || ET MALWARE Vombanetwork Spyware User-Agent (VombaProductsInstaller) || url,doc.emergingthreats.net/2007869 1 || 2007870 || 4 || trojan-activity || 0 || ET MALWARE Vombanetworks.com Spyware Installer Checkin || url,doc.emergingthreats.net/bin/view/Main/2007870 1 || 2007874 || 6 || web-application-attack || 0 || ET EXPLOIT Now SMS/MMS Gateway HTTP BOF Vulnerability || bugtraq,27896 || url,aluigi.altervista.org/adv/nowsmsz-adv.txt || url,doc.emergingthreats.net/bin/view/Main/2007874 1 || 2007875 || 4 || web-application-attack || 0 || ET EXPLOIT Now SMS/MMS Gateway SMPP BOF Vulnerability || bugtraq,27896 || url,aluigi.altervista.org/adv/nowsmsz-adv.txt || url,doc.emergingthreats.net/bin/view/Main/2007875 1 || 2007876 || 2 || successful-dos || 0 || ET EXPLOIT ExtremeZ-IP File and Print Server Multiple Vulnerabilities - udp || bugtraq,27718 || url,aluigi.altervista.org/adv/ezipirla-adv.txt || cve,CVE-2008-0767 || url,doc.emergingthreats.net/bin/view/Main/2007876 1 || 2007877 || 4 || successful-dos || 0 || ET EXPLOIT ExtremeZ-IP File and Print Server Multiple Vulnerabilities - tcp || bugtraq,27718 || url,aluigi.altervista.org/adv/ezipirla-adv.txt || cve,CVE-2008-0759 || url,doc.emergingthreats.net/bin/view/Main/2007877 1 || 2007878 || 11 || web-application-attack || 0 || ET ACTIVEX Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow || bugtraq,27769 || cve,CVE-2008-0778 || url,www.milw0rm.com/exploits/5110 || url,doc.emergingthreats.net/2007878 1 || 2007880 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (single dash) || url,doc.emergingthreats.net/bin/view/Main/2007880 1 || 2007881 || 7 || trojan-activity || 0 || ET MALWARE Mycomclean.com Spyware User-Agent (HTTP_GET_COMM) || url,doc.emergingthreats.net/2007881 1 || 2007882 || 7 || trojan-activity || 0 || ET MALWARE Mycomclean.com Spyware User-Agent (SHINI) || url,doc.emergingthreats.net/2007882 1 || 2007883 || 7 || trojan-activity || 0 || ET MALWARE Virusheat.com Fake Anti-Spyware User-Agent (VirusHeat 4.3) || url,doc.emergingthreats.net/2007883 1 || 2007884 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (Example) || url,doc.emergingthreats.net/bin/view/Main/2007884 1 || 2007885 || 8 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (downloader) || url,doc.emergingthreats.net/bin/view/Main/2007885 1 || 2007886 || 5 || trojan-activity || 0 || ET DELETED Anti-virus-pro.com Fake AV Checkin || url,doc.emergingthreats.net/bin/view/Main/2007886 1 || 2007889 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list UNION SELECT || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007889 1 || 2007890 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list INSERT || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007890 1 || 2007891 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list DELETE || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007891 1 || 2007892 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list UPDATE || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007892 1 || 2007893 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id SELECT || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007893 1 || 2007894 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id UNION SELECT || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007894 1 || 2007895 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id INSERT || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007895 1 || 2007896 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id DELETE || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007896 1 || 2007897 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id UPDATE || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007897 1 || 2007898 || 5 || trojan-activity || 0 || ET TROJAN Sohanad Checkin via HTTP || url,doc.emergingthreats.net/2007898 1 || 2007899 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (HTTP_CONNECT) || url,doc.emergingthreats.net/bin/view/Main/2007899 1 || 2007900 || 7 || trojan-activity || 0 || ET MALWARE Kpang.com Spyware User-Agent (auctionplusup) || url,doc.emergingthreats.net/2007900 1 || 2007901 || 7 || trojan-activity || 0 || ET TROJAN Banker.OPX HTTP Checkin || url,doc.emergingthreats.net/2007901 1 || 2007903 || 8 || web-application-attack || 0 || ET ACTIVEX 4XEM VatDecoder VatCtrl Class ActiveX Control Url Property Buffer Overflow Vulnerability || bugtraq,28010 || url,www.milw0rm.com/exploits/5193 || url,doc.emergingthreats.net/2007903 1 || 2007904 || 8 || web-application-attack || 0 || ET ACTIVEX RTSP MPEG4 SP Control ActiveX Control Url Property Buffer Overflow Vulnerability || bugtraq,28010 || url,www.milw0rm.com/exploits/5193 || url,doc.emergingthreats.net/2007904 1 || 2007905 || 48 || web-application-attack || 0 || ET ACTIVEX D-Link MPEG4 SHM (Audio) Control ActiveX Control Url Property Buffer Overflow Vulnerability || bugtraq,28010 || url,www.milw0rm.com/exploits/5193 || url,doc.emergingthreats.net/2007905 1 || 2007908 || 7 || trojan-activity || 0 || ET MALWARE Searchspy.co.kr Spyware User-Agent (HTTPGETDATA) || url,doc.emergingthreats.net/2007908 1 || 2007909 || 7 || trojan-activity || 0 || ET MALWARE Searchspy.co.kr Spyware User-Agent (HTTPFILEDOWN) || url,doc.emergingthreats.net/2007909 1 || 2007910 || 8 || trojan-activity || 0 || ET MALWARE Searchspy.co.kr Spyware User-Agent (HTTP_FILEDOWN) || url,doc.emergingthreats.net/2007910 1 || 2007911 || 7 || trojan-activity || 0 || ET TROJAN Delf Download via HTTP || url,doc.emergingthreats.net/2007911 1 || 2007912 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan-Dropper.Win32.Agent.eut (Yhrbg) || url,doc.emergingthreats.net/2007912 1 || 2007913 || 7 || trojan-activity || 0 || ET TROJAN Dialer.MC(vf) HTTP Request - Checkin || url,doc.emergingthreats.net/2007913 1 || 2007914 || 4 || trojan-activity || 0 || ET WORM SDBot HTTP Checkin || url,doc.emergingthreats.net/2007914 1 || 2007917 || 2 || trojan-activity || 0 || ET TROJAN Dropper-497 (Yumato) Initial Checkin || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497 1 || 2007918 || 2 || trojan-activity || 0 || ET TROJAN Dropper-497 (Yumato) System Stats Report || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497 1 || 2007919 || 2 || trojan-activity || 0 || ET TROJAN Dropper-497 Yumato Reply from server || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497 1 || 2007920 || 3 || trojan-activity || 0 || ET TROJAN Dropper-497 (Yumato) Status Reply from server || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497 1 || 2007921 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Explorer) || url,doc.emergingthreats.net/bin/view/Main/2007921 1 || 2007922 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.brg C&C Checkin || url,doc.emergingthreats.net/2007922 1 || 2007923 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (Digital) || url,doc.emergingthreats.net/2007923 1 || 2007924 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (downloaded) || url,doc.emergingthreats.net/2007924 1 || 2007925 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (wnames) || url,doc.emergingthreats.net/2007925 1 || 2007926 || 6 || trojan-activity || 0 || ET DELETED Suspicious User-Agent - Possible Trojan Downloader (cv_v5.0.0) || url,doc.emergingthreats.net/2007926 1 || 2007927 || 7 || trojan-activity || 0 || ET MALWARE Donkeyhote.co.kr Spyware User-Agent (UDonkey) || url,doc.emergingthreats.net/2007927 1 || 2007928 || 7 || trojan-activity || 0 || ET MALWARE Gcashback.co.kr Spyware User-Agent (InvokeAd) || url,doc.emergingthreats.net/2007928 1 || 2007929 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (User-Agent Mozilla/4.0 (compatible )) || url,doc.emergingthreats.net/bin/view/Main/2007929 1 || 2007930 || 4 || trojan-activity || 0 || ET TROJAN Delf/Hupigon C&C Channel Version Report || url,doc.emergingthreats.net/2007930 1 || 2007931 || 7 || web-application-attack || 0 || ET ACTIVEX ACTIVEX IncrediMail IMMenuShellExt ActiveX Control Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/3877 || bugtraq,23674 || cve,CVE-2007-1683 || url,doc.emergingthreats.net/2007931 1 || 2007932 || 8 || web-application-attack || 0 || ET ACTIVEX Symantec BackupExec Calendar Control (PVCalendar.ocx) BoF Vulnerability || url,www.milw0rm.com/exploits/5205 || cve,CVE-2007-6017 || bugtraq,28008 || url,doc.emergingthreats.net/2007932 1 || 2007933 || 8 || misc-attack || 0 || ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability || url,aluigi.altervista.org/adv/zilabzcsx-adv.txt || bugtraq,27940 || url,doc.emergingthreats.net/bin/view/Main/2007933 1 || 2007934 || 7 || misc-attack || 0 || ET EXPLOIT Zilab Chat and Instant Messaging User Info BoF Vulnerability || url,aluigi.altervista.org/adv/zilabzcsx-adv.txt || bugtraq,27940 || url,doc.emergingthreats.net/bin/view/Main/2007934 1 || 2007935 || 7 || trojan-activity || 0 || ET MALWARE Geopia.com Fake Anti-Spyware/AV User-Agent (fs3update) || url,doc.emergingthreats.net/2007935 1 || 2007937 || 4 || successful-dos || 0 || ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow || bugtraq,28084 || url,aluigi.altervista.org/adv/visibroken-adv.txt || url,doc.emergingthreats.net/bin/view/Main/2007937 1 || 2007938 || 7 || trojan-activity || 0 || ET MALWARE Geopia.com Fake Anti-Spyware/AV User-Agent (fian3manager) || url,doc.emergingthreats.net/2007938 1 || 2007939 || 5 || trojan-activity || 0 || ET TROJAN Delf Checkin via HTTP (up) || url,doc.emergingthreats.net/2007939 1 || 2007940 || 5 || trojan-activity || 0 || ET TROJAN Banker.ili HTTP Checkin || url,doc.emergingthreats.net/2007940 1 || 2007942 || 7 || trojan-activity || 0 || ET USER_AGENTS Suspicious User Agent (_) || url,doc.emergingthreats.net/bin/view/Main/2007942 1 || 2007943 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (HTTP) || url,doc.emergingthreats.net/bin/view/Main/2007943 1 || 2007944 || 6 || trojan-activity || 0 || ET MALWARE SysVenFak Fake AV Package User-Agent (gh2008) || url,doc.emergingthreats.net/bin/view/Main/2007944 1 || 2007945 || 4 || trojan-activity || 0 || ET MALWARE SysVenFak Fake AV Package Victim Checkin (victim.php) || url,doc.emergingthreats.net/bin/view/Main/2007945 1 || 2007946 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (popup) || url,doc.emergingthreats.net/bin/view/Main/2007946 1 || 2007947 || 7 || trojan-activity || 0 || ET MALWARE Nguide.co.kr Fake Security Tool User-Agent (nguideup) || url,doc.emergingthreats.net/2007947 1 || 2007948 || 9 || trojan-activity || 0 || ET MALWARE User-Agent (double dashes) || url,doc.emergingthreats.net/bin/view/Main/2007948 1 || 2007949 || 6 || trojan-activity || 0 || ET TROJAN Medbod UDP Phone Home Packet || url,doc.emergingthreats.net/2007949 1 || 2007950 || 4 || trojan-activity || 0 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and Nome do Computador in Body || url,doc.emergingthreats.net/2007950 1 || 2007951 || 5 || trojan-activity || 0 || ET MALWARE Hex Encoded IP HTTP Request - Likely Malware || url,doc.emergingthreats.net/bin/view/Main/2007951 1 || 2007952 || 5 || trojan-activity || 0 || ET TROJAN Downloader.49651 Checkin || url,doc.emergingthreats.net/2007952 1 || 2007953 || 5 || trojan-activity || 0 || ET TROJAN Downloader.49651 Install Report || url,doc.emergingthreats.net/2007953 1 || 2007954 || 5 || trojan-activity || 0 || ET TROJAN Downloader.49651 Online Report || url,doc.emergingthreats.net/2007954 1 || 2007955 || 5 || trojan-activity || 0 || ET TROJAN Cygo Checkin || url,doc.emergingthreats.net/2007955 1 || 2007956 || 7 || trojan-activity || 0 || ET MALWARE Snoopstick.net Related Spyware User-Agent (SnoopStick Updater) || url,doc.emergingthreats.net/bin/view/Main/2007956 1 || 2007957 || 2 || trojan-activity || 0 || ET TROJAN Banker.ike UDP C&C || url,doc.emergingthreats.net/2007957 1 || 2007958 || 7 || trojan-activity || 0 || ET MALWARE Msconfig.co.kr Related User Agent (BACKMAN) || url,doc.emergingthreats.net/2007958 1 || 2007959 || 7 || trojan-activity || 0 || ET MALWARE Msconfig.co.kr Related User-Agent (GLOBALx) || url,doc.emergingthreats.net/2007959 1 || 2007961 || 9 || trojan-activity || 0 || ET MALWARE Fake Wget User-Agent (wget 3.0) - Likely Hostile || url,doc.emergingthreats.net/2007961 1 || 2007962 || 7 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic Checkin || url,doc.emergingthreats.net/2007962 1 || 2007963 || 4 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Status OK || url,doc.emergingthreats.net/2007963 1 || 2007964 || 4 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Server Status OK || url,doc.emergingthreats.net/2007964 1 || 2007965 || 5 || trojan-activity || 0 || ET TROJAN Goldun Reporting Install || url,doc.emergingthreats.net/2007965 1 || 2007966 || 2 || trojan-activity || 0 || ET TROJAN Win32.Inject.zy Checkin Post || url,doc.emergingthreats.net/2007966 1 || 2007967 || 6 || trojan-activity || 0 || ET TROJAN Universal1337 FTP Upload of Compromised Data || url,doc.emergingthreats.net/bin/view/Main/TrojanUniversal1337 || url,www.megasecurity.org/trojans/u/universal1337/Universal1337v2.html 1 || 2007968 || 5 || trojan-activity || 0 || ET TROJAN Universal1337 Email Upload of Compromised Data || url,doc.emergingthreats.net/bin/view/Main/TrojanUniversal1337 || url,www.megasecurity.org/trojans/u/universal1337/Universal1337v2.html 1 || 2007970 || 7 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Checkin (XY) || url,doc.emergingthreats.net/2007970 1 || 2007971 || 3 || policy-violation || 0 || ET POLICY SSN Detected in Clear Text (SSN ) || url,doc.emergingthreats.net/2007971 1 || 2007972 || 3 || policy-violation || 0 || ET POLICY SSN Detected in Clear Text (SSN# ) || url,doc.emergingthreats.net/2007972 1 || 2007973 || 3 || trojan-activity || 0 || ET TROJAN Perfect Keylogger FTP Initial Install Log Upload || url,doc.emergingthreats.net/2007973 1 || 2007974 || 4 || trojan-activity || 0 || ET TROJAN Perfect Keylogger FTP Log Upload || url,doc.emergingthreats.net/2007974 1 || 2007975 || 5 || trojan-activity || 0 || ET TROJAN Common Downloader Trojan Checkin || url,doc.emergingthreats.net/2007975 1 || 2007977 || 7 || trojan-activity || 0 || ET MALWARE Dokterfix.com Fake AV User-Agent (Magic NetInstaller) || url,doc.emergingthreats.net/2007977 1 || 2007978 || 5 || trojan-activity || 0 || ET MALWARE Direct-web.co.kr Related Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2007978 1 || 2007979 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.brg C&C Reporting Version || url,doc.emergingthreats.net/2007979 1 || 2007980 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.brg C&C Kill Command Send || url,doc.emergingthreats.net/2007980 1 || 2007981 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.brg C&C Kill Command Acknowledge || url,doc.emergingthreats.net/2007981 1 || 2007982 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.brg C&C DDoS Outbound || url,doc.emergingthreats.net/2007982 1 || 2007984 || 6 || trojan-activity || 0 || ET TROJAN Banker Trojan (General) HTTP Checkin || url,doc.emergingthreats.net/2007984 1 || 2007986 || 6 || trojan-activity || 0 || ET TROJAN Emogen Reporting via HTTP || url,doc.emergingthreats.net/2007986 1 || 2007987 || 5 || trojan-activity || 0 || ET TROJAN Dropper.Win32.VB.on Keylog/System Info Report via HTTP || url,doc.emergingthreats.net 1 || 2007989 || 3 || trojan-activity || 0 || ET TROJAN Vundo HTTP Pre-Install Checkin || url,doc.emergingthreats.net/2007989 1 || 2007990 || 3 || trojan-activity || 0 || ET TROJAN Vundo HTTP Post-Install Checkin || url,doc.emergingthreats.net/2007990 1 || 2007991 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (Unknown) || url,doc.emergingthreats.net/bin/view/Main/2007991 1 || 2007992 || 3 || trojan-activity || 0 || ET TROJAN Shark Pass Stealer Email Report || url,doc.emergingthreats.net/2007992 1 || 2007993 || 12 || trojan-activity || 0 || ET MALWARE User-Agent (2 spaces) || url,doc.emergingthreats.net/bin/view/Main/2007993 1 || 2007994 || 8 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (1 space) || url,doc.emergingthreats.net/bin/view/Main/2007994 1 || 2007995 || 6 || trojan-activity || 0 || ET MALWARE Vaccine-program.co.kr Related Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2007995 1 || 2007996 || 4 || trojan-activity || 0 || ET MALWARE Sears.com/Kmart.com My SHC Community spyware download || url,community.ca.com/blogs/securityadvisor/archive/2007/12/20/sears-com-join-the-community-get-spyware.aspx || url,www.benedelman.org/news/010108-1.html || url,doc.emergingthreats.net/bin/view/Main/2007996 1 || 2007998 || 9 || web-application-attack || 0 || ET ACTIVEX Rediff Bol Downloader ActiveX Control Remote Code Execution || cve,CVE-2006-6838 || bugtraq,21831 || url,downloads.securityfocus.com/vulnerabilities/exploits/21831.html || url,doc.emergingthreats.net/2007998 1 || 2007999 || 7 || trojan-activity || 0 || ET TROJAN Banker Trojan (General) HTTP Checkin (vit) || url,doc.emergingthreats.net/2007999 1 || 2008000 || 7 || trojan-activity || 0 || ET MALWARE Easydownloadsoft.com Fake Anti-Virus User-Agent (IM Downloader) || url,doc.emergingthreats.net/2008000 1 || 2008003 || 4 || trojan-activity || 0 || ET TROJAN Win32.Agent.cyt (Or variant) HTTP POST Checkin || url,doc.emergingthreats.net/2008003 1 || 2008004 || 4 || trojan-activity || 0 || ET TROJAN Win32.Agent.cyt (Or variant) HTTP POST Checkin (2) || url,doc.emergingthreats.net/2008004 1 || 2008005 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.cfi (related) System Info Upload via FTP || url,doc.emergingthreats.net/2008005 1 || 2008006 || 6 || trojan-activity || 0 || ET TROJAN Delf CnC Channel Packet 1 || url,doc.emergingthreats.net/2008006 1 || 2008007 || 5 || trojan-activity || 0 || ET TROJAN Delf CnC Channel Packet 1 reply || url,doc.emergingthreats.net/2008007 1 || 2008008 || 5 || trojan-activity || 0 || ET TROJAN Delf CnC Channel Checkin Replies || url,doc.emergingthreats.net/2008008 1 || 2008009 || 5 || trojan-activity || 0 || ET TROJAN Delf CnC Channel Keepalive Pong || url,doc.emergingthreats.net/2008009 1 || 2008010 || 6 || trojan-activity || 0 || ET TROJAN Delf CnC Channel Keepalive Ping || url,doc.emergingthreats.net/2008010 1 || 2008012 || 6 || trojan-activity || 0 || ET TROJAN Winquickupdates.com/Mycashloads.com Related Trojan Install Report || url,doc.emergingthreats.net/bin/view/Main/2008012 1 || 2008013 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Internet) || url,doc.emergingthreats.net/bin/view/Main/2008013 1 || 2008015 || 10 || trojan-activity || 0 || ET MALWARE User-Agent (Win95) || url,doc.emergingthreats.net/bin/view/Main/2008015 1 || 2008016 || 4 || trojan-activity || 0 || ET MALWARE Servicepack.kr Fake Patch Software Checkin || url,doc.emergingthreats.net/bin/view/Main/2008016 1 || 2008017 || 3 || trojan-activity || 0 || ET TROJAN Philis.J ICMP Sweep (Payload Hello,World) || url,vil.nai.com/vil/content/v_141203.htm || url,doc.emergingthreats.net/2008017 1 || 2008019 || 6 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (https) || url,doc.emergingthreats.net/2008019 1 || 2008020 || 4 || trojan-activity || 0 || ET WORM Win32.Socks.s HTTP Post Checkin || url,doc.emergingthreats.net/2008020 1 || 2008021 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C Initial Checkin (ams) || url,doc.emergingthreats.net/2008021 1 || 2008022 || 4 || trojan-activity || 0 || ET TROJAN Turkojan C&C Info Command (MINFO) || url,doc.emergingthreats.net/2008022 1 || 2008023 || 5 || trojan-activity || 0 || ET TROJAN Turkojan C&C Info Command Response (MINFO) || url,doc.emergingthreats.net/2008023 1 || 2008024 || 4 || trojan-activity || 0 || ET TROJAN Turkojan C&C Logs Parse Command (LOGS1) || url,doc.emergingthreats.net/2008024 1 || 2008025 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C Logs Parse Response Response (LOGS1) || url,doc.emergingthreats.net/2008025 1 || 2008026 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C Keepalive (BAGLANTI) || url,doc.emergingthreats.net/2008026 1 || 2008027 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C Browse Drive Command (BROWSC) || url,doc.emergingthreats.net/2008027 1 || 2008028 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C Browse Drive Command Response (metin) || url,doc.emergingthreats.net/2008028 1 || 2008029 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C nxt Command (nxt) || url,doc.emergingthreats.net/2008029 1 || 2008030 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C nxt Command Response (nxt) || url,doc.emergingthreats.net/2008030 1 || 2008031 || 3 || trojan-activity || 0 || ET TROJAN Dorf/Win32.Inject.adt C&C Communication Outbound || url,doc.emergingthreats.net/2008031 1 || 2008032 || 3 || trojan-activity || 0 || ET TROJAN Dorf/Win32.Inject.adt C&C Communication Inbound || url,doc.emergingthreats.net/2008032 1 || 2008033 || 5 || trojan-activity || 0 || ET TROJAN Banker.maf SMTP Checkin (Not in the Control...) || url,doc.emergingthreats.net/2008033 1 || 2008034 || 6 || trojan-activity || 0 || ET TROJAN LDPinch SMTP Password Report || url,doc.emergingthreats.net/2008034 1 || 2008035 || 6 || trojan-activity || 0 || ET TROJAN System.Poser HTTP Checkin || url,doc.emergingthreats.net/2008035 1 || 2008036 || 9 || trojan-activity || 0 || ET MALWARE 360safe.com related Fake Security Product Update || url,doc.emergingthreats.net/bin/view/Main/2008036 1 || 2008037 || 8 || policy-violation || 0 || ET POLICY Gteko User-Agent Detected - Dell Remote Access || url,doc.emergingthreats.net/bin/view/Main/Windows98UA 1 || 2008038 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)) || url,doc.emergingthreats.net/bin/view/Main/2008038 1 || 2008039 || 3 || trojan-activity || 0 || ET TROJAN Egspy Infection Report Email || url,research.sunbelt-software.com/threatdisplay.aspx?name=EgySpy&threatid=48410 || url,doc.emergingthreats.net/2008039 1 || 2008040 || 7 || trojan-activity || 0 || ET MALWARE Privacyprotector Related Spyware User-Agent (Ssol NetInstaller) || url,doc.emergingthreats.net/2008040 1 || 2008041 || 4 || trojan-activity || 0 || ET TROJAN Hupigon CnC init (variant abb) || url,doc.emergingthreats.net/2008041 1 || 2008042 || 3 || trojan-activity || 0 || ET TROJAN Hupigon CnC Data Post (variant abb) || url,doc.emergingthreats.net/2008042 1 || 2008043 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (c \windows) || url,doc.emergingthreats.net/bin/view/Main/2008043 1 || 2008044 || 8 || trojan-activity || 0 || ET TROJAN Delf Checkin via HTTP (5) || url,doc.emergingthreats.net/2008044 1 || 2008046 || 7 || trojan-activity || 0 || ET TROJAN Rf-cheats.ru Trojan Related User-Agent (RFRudokop v.1.1 account verification) || url,doc.emergingthreats.net/2008046 1 || 2008047 || 7 || trojan-activity || 0 || ET TROJAN Egspy Infection Report via HTTP || url,research.sunbelt-software.com/threatdisplay.aspx?name=EgySpy&threatid=48410 || url,doc.emergingthreats.net/2008047 1 || 2008048 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Version 1.23) || url,doc.emergingthreats.net/bin/view/Main/2008048 1 || 2008049 || 5 || trojan-activity || 0 || ET TROJAN Yahoo550.com Related Downloader/Trojan Checkin || url,doc.emergingthreats.net/2008049 1 || 2008051 || 4 || not-suspicious || 0 || ET POLICY Dell MyWay Remote control agent || url,doc.emergingthreats.net/2008051 1 || 2008052 || 10 || trojan-activity || 0 || ET MALWARE User-Agent (Internet Explorer) || url,doc.emergingthreats.net/bin/view/Main/2008052 1 || 2008054 || 7 || bad-unknown || 0 || ET DELETED Nginx Server in use - Often Hostile Traffic || url,doc.emergingthreats.net/2008054 1 || 2008055 || 3 || trojan-activity || 0 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC || url,doc.emergingthreats.net/2008055 1 || 2008056 || 4 || trojan-activity || 0 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 || url,doc.emergingthreats.net/2008056 1 || 2008057 || 2 || trojan-activity || 0 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response || url,doc.emergingthreats.net/2008057 1 || 2008058 || 6 || trojan-activity || 0 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443 || url,doc.emergingthreats.net/2008058 1 || 2008059 || 4 || trojan-activity || 0 || ET DELETED Win32.Inject.ajq Initial Checkin to CnC packet 2 port 443 || url,doc.emergingthreats.net/2008059 1 || 2008060 || 2 || trojan-activity || 0 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response port 443 || url,doc.emergingthreats.net/2008060 1 || 2008061 || 5 || trojan-activity || 0 || ET DELETED LDPinch Checkin (4) || url,doc.emergingthreats.net/2008061 1 || 2008062 || 9 || web-application-attack || 0 || ET ACTIVEX Universal HTTP File Upload Remote File Deletetion || url,www.milw0rm.com/exploits/5272 || url,doc.emergingthreats.net/2008062 1 || 2008063 || 3 || successful-user || 0 || ET EXPLOIT MDAEMON (Post Auth) Remote Root IMAP FETCH Command Universal Exploit || url,www.milw0rm.com/exploits/5248 || bugtraq,28245 || url,doc.emergingthreats.net/bin/view/Main/2008063 || cve,2008-1358 1 || 2008064 || 6 || bad-unknown || 0 || ET DELETED Nginx Server with no version string - Often Hostile Traffic || url,doc.emergingthreats.net/2008064 1 || 2008065 || 5 || bad-unknown || 0 || ET POLICY Nginx Server with modified version string - Often Hostile Traffic || url,doc.emergingthreats.net/2008065 1 || 2008066 || 7 || trojan-activity || 0 || ET MALWARE Blank User-Agent (descriptor but no string) || url,doc.emergingthreats.net/bin/view/Main/2008066 1 || 2008067 || 4 || trojan-activity || 0 || ET MALWARE Kwsearchguide.com Related Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2008067 1 || 2008069 || 4 || trojan-activity || 0 || ET MALWARE Kwsearchguide.com Related Spyware Keepalive || url,doc.emergingthreats.net/bin/view/Main/2008069 1 || 2008070 || 8 || policy-violation || 0 || ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System (Win98) || url,doc.emergingthreats.net/bin/view/Main/Windows98UA 1 || 2008071 || 6 || trojan-activity || 0 || ET TROJAN Delf Checkin via HTTP (6) || url,doc.emergingthreats.net/2008071 1 || 2008073 || 13 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (App4) || url,doc.emergingthreats.net/bin/view/Main/2008073 1 || 2008074 || 8 || trojan-activity || 0 || ET TROJAN Banload User-Agent Detected (WebUpdate) || url,doc.emergingthreats.net/2008074 1 || 2008076 || 5 || trojan-activity || 0 || ET TROJAN General Downloader URL Pattern (/loader/setup.php) || url,doc.emergingthreats.net/2008076 1 || 2008081 || 3 || trojan-activity || 0 || ET TROJAN Xorer.ez HTTP Checkin to CnC || url,doc.emergingthreats.net/2008081 1 || 2008082 || 3 || trojan-activity || 0 || ET TROJAN Vundo HTTP Post-Install Checkin (2) || url,doc.emergingthreats.net/2008082 1 || 2008083 || 13 || trojan-activity || 0 || ET DELETED Suspicious User Agent (Zlob Related) (UA00000) || url,doc.emergingthreats.net/2008083 1 || 2008084 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Mozilla-web) || url,doc.emergingthreats.net/bin/view/Main/2008084 1 || 2008085 || 10 || trojan-activity || 0 || ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar) || url,doc.emergingthreats.net/2008085 1 || 2008086 || 5 || trojan-activity || 0 || ET TROJAN Daemonize.ft HTTP Checkin || url,doc.emergingthreats.net/2008086 1 || 2008087 || 5 || trojan-activity || 0 || ET TROJAN Downloader.VB.CEJ HTTP Checkin || url,doc.emergingthreats.net/2008087 1 || 2008090 || 6 || trojan-activity || 0 || ET TROJAN Delf Checkin via HTTP (7) || url,doc.emergingthreats.net/2008090 1 || 2008091 || 5 || trojan-activity || 0 || ET DELETED LDPinch Checkin (8) || url,doc.emergingthreats.net/2008091 1 || 2008092 || 3 || attempted-recon || 0 || ET SCAN Internal to Internal UPnP Request tcp port 2555 || url,www.upnp-hacks.org/upnp.html || url,doc.emergingthreats.net/2008092 1 || 2008093 || 5 || attempted-recon || 0 || ET SCAN External to Internal UPnP Request tcp port 2555 || url,www.upnp-hacks.org/upnp.html || url,doc.emergingthreats.net/2008093 1 || 2008094 || 4 || attempted-recon || 0 || ET SCAN External to Internal UPnP Request udp port 1900 || url,www.upnp-hacks.org/upnp.html || url,doc.emergingthreats.net/2008094 1 || 2008096 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (INSTALLER) || url,doc.emergingthreats.net/bin/view/Main/2008096 1 || 2008097 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (IEMGR) || url,doc.emergingthreats.net/bin/view/Main/2008097 1 || 2008098 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (GOOGLE) || url,doc.emergingthreats.net/bin/view/Main/2008098 1 || 2008099 || 8 || web-application-attack || 0 || ET ACTIVEX ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite || bugtraq,28546 || url,www.milw0rm.com/exploits/5338 || url,doc.emergingthreats.net/2008099 1 || 2008100 || 11 || trojan-activity || 0 || ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download || url,doc.emergingthreats.net/2008100 1 || 2008103 || 4 || trojan-activity || 0 || ET DELETED Bobax/Kraken/Oderoor TCP 447 CnC Channel Initial Packet Outbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor 1 || 2008104 || 3 || trojan-activity || 0 || ET TROJAN Bobax/Kraken/Oderoor UDP 447 CnC Channel Initial Packet Outbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor 1 || 2008105 || 3 || trojan-activity || 0 || ET TROJAN Bobax/Kraken/Oderoor UDP 447 CnC Channel Initial Packet Inbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor 1 || 2008106 || 3 || trojan-activity || 0 || ET TROJAN Bobax/Kraken/Oderoor TCP 447 CnC Channel Initial Packet Inbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor 1 || 2008107 || 4 || trojan-activity || 0 || ET DELETED Possible Bobax/Kraken/Oderoor UDP 447 CnC Channel Inbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor 1 || 2008108 || 4 || trojan-activity || 0 || ET DELETED Possible Bobax/Kraken/Oderoor TCP 447 CnC Channel Inbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor 1 || 2008109 || 3 || trojan-activity || 0 || ET TROJAN Possible Bobax/Kraken/Oderoor UDP 447 CnC Channel Outbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor 1 || 2008110 || 4 || trojan-activity || 0 || ET DELETED Possible Bobax/Kraken/Oderoor TCP 447 CnC Channel Outbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor 1 || 2008113 || 3 || policy-violation || 0 || ET P2P Tor Get Server Request || url,tor.eff.org || url,doc.emergingthreats.net/2008113 1 || 2008115 || 3 || policy-violation || 0 || ET P2P Tor Get Status Request || url,tor.eff.org || url,doc.emergingthreats.net/2008115 1 || 2008116 || 3 || policy-violation || 0 || ET TFTP Outbound TFTP Write Request || url,doc.emergingthreats.net/2008116 1 || 2008117 || 3 || policy-violation || 0 || ET TFTP Outbound TFTP Data Transfer || url,doc.emergingthreats.net/2008117 1 || 2008118 || 3 || policy-violation || 0 || ET TFTP Outbound TFTP ACK || url,doc.emergingthreats.net/2008118 1 || 2008119 || 3 || policy-violation || 0 || ET TFTP Outbound TFTP Error Message || url,doc.emergingthreats.net/2008119 1 || 2008120 || 3 || policy-violation || 0 || ET TFTP Outbound TFTP Read Request || url,doc.emergingthreats.net/2008120 1 || 2008123 || 7 || trojan-activity || 0 || ET TROJAN Likely Bot Username in IRC (XP-..) || url,doc.emergingthreats.net/2008123 1 || 2008124 || 5 || trojan-activity || 0 || ET TROJAN Likely Bot Nick in IRC (USA +..) || url,doc.emergingthreats.net/2008124 1 || 2008126 || 8 || web-application-attack || 0 || ET ACTIVEX IBiz E-Banking Integrator V2 ActiveX Edition Insecure Method || url,www.milw0rm.com/exploits/5416 || url,doc.emergingthreats.net/2008126 1 || 2008127 || 10 || web-application-attack || 0 || ET ACTIVEX Data Dynamics ActiveBar ActiveX Control (Actbar3.ocx 3.2) Multiple Insecure Methods || bugtraq,24959 || cve,CVE-2007-3883 || url,www.exploit-db.com/exploits/5395/ || url,doc.emergingthreats.net/2008127 1 || 2008128 || 9 || web-application-attack || 0 || ET ACTIVEX Tumbleweed SecureTransport FileTransfer ActiveX BOF Exploit || bugtraq,28662 || url,www.milw0rm.com/exploits/5398 || url,doc.emergingthreats.net/2008128 1 || 2008129 || 7 || web-application-attack || 0 || ET ACTIVEX LEADTOOLS Multimedia Toolkit 15 Arbitrary Files Overwrite || url,www.shinnai.altervista.org/xplits/TXT_lyyELAFI8pOPu2p7N6cq.html || bugtraq,28442 || cve,CVE-2008-1605 || url,doc.emergingthreats.net/2008129 1 || 2008130 || 5 || trojan-activity || 0 || ET TROJAN Win32.Lydra.hj HTTP Checkin || url,doc.emergingthreats.net/2008130 1 || 2008132 || 5 || trojan-activity || 0 || ET TROJAN Common Downloader Access Count Tracking URL || url,doc.emergingthreats.net/2008132 1 || 2008133 || 5 || trojan-activity || 0 || ET TROJAN Common Downloader Install Count Tracking URL || url,doc.emergingthreats.net/2008133 1 || 2008134 || 8 || trojan-activity || 0 || ET TROJAN Common Downloader Install Count Tracking URL (partner) || url,doc.emergingthreats.net/2008134 || url,www.threatexpert.com/report.aspx?md5=ea70e0971cc490a15e53d24ad6564403 1 || 2008135 || 4 || trojan-activity || 0 || ET MALWARE Soft-Show.cn Related Fake AV Install || url,doc.emergingthreats.net/bin/view/Main/2008135 1 || 2008136 || 5 || trojan-activity || 0 || ET TROJAN Egspy Install Report via HTTP || url,doc.emergingthreats.net/2008136 1 || 2008139 || 7 || trojan-activity || 0 || ET TROJAN RhiFrem Trojan Activity - cmd || url,www.castlecops.com/U_S_Courts_phish792683.html || url,doc.emergingthreats.net/2008139 1 || 2008140 || 8 || trojan-activity || 0 || ET TROJAN RhiFrem Trojan Activity - log || url,www.castlecops.com/U_S_Courts_phish792683.html || url,doc.emergingthreats.net/2008140 1 || 2008141 || 8 || trojan-activity || 0 || ET MALWARE Win-touch.com Spyware User-Agent (WinTouch) || url,doc.emergingthreats.net/2008141 1 || 2008142 || 4 || trojan-activity || 0 || ET TROJAN Vapsup User-Agent (doshowmeanad loader v2.1) || url,doc.emergingthreats.net/2008142 1 || 2008143 || 5 || trojan-activity || 0 || ET DELETED Downloader Checkin Pattern Used by Several Trojans || url,doc.emergingthreats.net/2008143 1 || 2008144 || 6 || trojan-activity || 0 || ET TROJAN Proxy.Corpes.j Infection Report || url,doc.emergingthreats.net/2008144 1 || 2008145 || 7 || trojan-activity || 0 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRInstaller) || url,doc.emergingthreats.net/2008145 1 || 2008146 || 7 || trojan-activity || 0 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SpeedRunner) || url,doc.emergingthreats.net/2008146 1 || 2008147 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (RBR) || url,doc.emergingthreats.net/bin/view/Main/2008147 1 || 2008148 || 4 || trojan-activity || 0 || ET MALWARE Soft-Show.cn Related Fake AV Install Ad Pull || url,doc.emergingthreats.net/bin/view/Main/2008148 1 || 2008149 || 8 || trojan-activity || 0 || ET MALWARE 360safe.com related Fake Security Product Update (KillerSet) || url,doc.emergingthreats.net/bin/view/Main/2008149 1 || 2008150 || 7 || trojan-activity || 0 || ET MALWARE Avsystemcare.com Fake AV User-Agent (LocusSoftware, NetInstaller) || url,doc.emergingthreats.net/2008150 1 || 2008151 || 7 || trojan-activity || 0 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRRecover) || url,doc.emergingthreats.net/2008151 1 || 2008152 || 6 || trojan-activity || 0 || ET TROJAN Pakes/Cutwail/Kobcka Checkin URL || url,doc.emergingthreats.net/2008152 1 || 2008153 || 5 || trojan-activity || 0 || ET TROJAN Citi-bank.ru Related Trojan Checkin || url,doc.emergingthreats.net/2008153 1 || 2008155 || 4 || trojan-activity || 0 || ET TROJAN Trats.a Post-Infection Checkin || url,doc.emergingthreats.net/2008155 1 || 2008156 || 4 || trojan-activity || 0 || ET TROJAN Hupigon User Agent Detected (VIP2007) || url,doc.emergingthreats.net/2008156 1 || 2008157 || 6 || trojan-activity || 0 || ET MALWARE Sidelinker.com-Upspider.com Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2008157 1 || 2008158 || 5 || trojan-activity || 0 || ET MALWARE Sidelinker.com-Upspider.com Spyware Count || url,doc.emergingthreats.net/bin/view/Main/2008158 1 || 2008159 || 4 || trojan-activity || 0 || ET TROJAN Otwycal User-Agent (Downing) || url,doc.emergingthreats.net/2008159 1 || 2008170 || 8 || web-application-attack || 0 || ET WEB_CLIENT Microsoft Internet Explorer ieframe.dll Script Injection Vulnerability || bugtraq,28581 || url,doc.emergingthreats.net/bin/view/Main/2008170 1 || 2008171 || 7 || web-application-attack || 0 || ET WEB_SERVER HP OpenView Network Node Manager CGI Directory Traversal || bugtraq,28745 || cve,CVE-2008-0068 || url,aluigi.altervista.org/adv/closedviewx-adv.txt || url,doc.emergingthreats.net/2008171 1 || 2008173 || 8 || web-application-attack || 0 || ET ACTIVEX PPStream PowerPlayer.DLL ActiveX Control BoF Vulnerability || bugtraq,25502 || url,doc.emergingthreats.net/2008173 1 || 2008174 || 8 || trojan-activity || 0 || ET DELETED Generic Spambot (often Tibs) Post-Infection Checkin || url,doc.emergingthreats.net/2008174 1 || 2008175 || 5 || attempted-admin || 0 || ET WEB_SERVER Possible SQL Injection (varchar) || url,doc.emergingthreats.net/2008175 1 || 2008176 || 6 || attempted-admin || 0 || ET WEB_SERVER Possible SQL Injection (exec) || url,doc.emergingthreats.net/2008176 1 || 2008177 || 5 || trojan-activity || 0 || ET TROJAN Ceckno Reporting to Controller || url,doc.emergingthreats.net/2008177 1 || 2008178 || 3 || trojan-activity || 0 || ET TROJAN Ceckno Keepalive from Controller || url,doc.emergingthreats.net/2008178 1 || 2008179 || 3 || not-suspicious || 0 || ET SCAN PRO Search Crawler Probe || url,sourceforge.net/project/showfiles.php?group_id=149797 || url,doc.emergingthreats.net/2008179 1 || 2008180 || 6 || trojan-activity || 0 || ET MALWARE V-Clean.com Fake AV Checkin || url,doc.emergingthreats.net/bin/view/Main/2008180 1 || 2008181 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (MS Internet Explorer) || url,doc.emergingthreats.net/bin/view/Main/2008181 1 || 2008182 || 8 || trojan-activity || 0 || ET TROJAN Common Downloader Install Report URL || url,doc.emergingthreats.net/2008182 1 || 2008183 || 7 || trojan-activity || 0 || ET TROJAN Common Downloader Install Report URL (pid - mac) || url,doc.emergingthreats.net/2008183 1 || 2008184 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Installer) || url,doc.emergingthreats.net/bin/view/Main/2008184 1 || 2008185 || 4 || trojan-activity || 0 || ET TROJAN Win32 Cloaker Related Post Infection Checkin || url,doc.emergingthreats.net/2008185 1 || 2008186 || 4 || web-application-attack || 0 || ET SCAN DirBuster Web App Scan in Progress || url,owasp.org || url,doc.emergingthreats.net/2008186 1 || 2008187 || 8 || attempted-recon || 0 || ET SCAN Paros Proxy Scanner Detected || url,www.parosproxy.org || url,doc.emergingthreats.net/2008187 1 || 2008189 || 5 || trojan-activity || 0 || ET TROJAN SpamTool.Win32.Agent.gy/Grum/Tedroo Or Similar HTTP Checkin || url,doc.emergingthreats.net/2008189 || url,www.secureworks.com/research/threats/botnets2009/ || url,securitylabs.websense.com/content/Blogs/2721.aspx 1 || 2008190 || 7 || trojan-activity || 0 || ET MALWARE WinButler User-Agent (WinButler) || url,www.winbutler.com || url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html || url,doc.emergingthreats.net/2008190 1 || 2008192 || 3 || trojan-activity || 0 || ET WORM Korgo.P Reporting || url,www.f-secure.com/v-descs/korgo_p.shtml || url,doc.emergingthreats.net/2008192 1 || 2008194 || 6 || trojan-activity || 0 || ET TROJAN Common Downloader Install Report URL (wmid - ucid) || url,doc.emergingthreats.net/2008194 1 || 2008195 || 5 || trojan-activity || 0 || ET TROJAN Dropper mdodo.com Related Trojan || url,doc.emergingthreats.net/2008195 1 || 2008196 || 5 || trojan-activity || 0 || ET TROJAN Dropper 6dzone.com Related Trojan || url,doc.emergingthreats.net/2008196 1 || 2008197 || 5 || trojan-activity || 0 || ET MALWARE Winxdefender.com Fake AV Package Post Install Checkin || url,doc.emergingthreats.net/bin/view/Main/2008197 1 || 2008198 || 7 || trojan-activity || 0 || ET MALWARE Pcclear.co.kr/Pcclear.com Fake AV User-Agent (PCClearPlus) || url,www.pcclear.com || url,www.pcclear.co.kr || url,doc.emergingthreats.net/2008198 1 || 2008199 || 17 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (QQ) || url,doc.emergingthreats.net/bin/view/Main/2008199 1 || 2008200 || 8 || trojan-activity || 0 || ET MALWARE vaccine-program.co.kr Related Spyware User-Agent (vaccine) || url,doc.emergingthreats.net/2008200 1 || 2008201 || 7 || trojan-activity || 0 || ET MALWARE Sidebar Related Spyware User-Agent (Sidebar Client) || url,doc.emergingthreats.net/2008201 1 || 2008202 || 7 || trojan-activity || 0 || ET MALWARE UbrenQuatroRusDldr Downloader User-Agent (UbrenQuatroRusDldr 096044) || url,doc.emergingthreats.net/2008202 1 || 2008203 || 8 || trojan-activity || 0 || ET MALWARE BndVeano4GetDownldr Downloader User-Agent (BndVeano4GetDownldr) || url,doc.emergingthreats.net/2008203 1 || 2008204 || 7 || trojan-activity || 0 || ET MALWARE yeps.co.kr Related User-Agent (ISecu) || url,doc.emergingthreats.net/2008204 1 || 2008205 || 8 || trojan-activity || 0 || ET MALWARE yeps.co.kr Related User-Agent (ISUpd) || url,doc.emergingthreats.net/2008205 1 || 2008206 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Client Visiting Possibly Compromised Site (HaCKeD By BeLa & BodyguarD) || url,www.incidents.org/diary.html?storyid=4405 || url,doc.emergingthreats.net/bin/view/Main/2008206 1 || 2008207 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Possible File Injection Compromise (HaCKeD By BeLa & BodyguarD) || url,www.incidents.org/diary.html?storyid=4405 || url,doc.emergingthreats.net/bin/view/Main/2008207 1 || 2008208 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (TestAgent) || url,doc.emergingthreats.net/bin/view/Main/2008208 1 || 2008209 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (SERVER2_03) || url,doc.emergingthreats.net/bin/view/Main/2008209 1 || 2008210 || 8 || trojan-activity || 0 || ET MALWARE Misspelled Mozilla User-Agent (Mozila) || url,doc.emergingthreats.net/bin/view/Main/2008210 1 || 2008211 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (WinProxy) || url,doc.emergingthreats.net/bin/view/Main/2008211 1 || 2008212 || 5 || trojan-activity || 0 || ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email || url,en.wikipedia.org/wiki/Optix_Pro 1 || 2008213 || 8 || trojan-activity || 0 || ET DELETED LDPinch Checkin (9) || url,doc.emergingthreats.net/2008213 1 || 2008214 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (sickness29a/0.1) || url,doc.emergingthreats.net/bin/view/Main/2008214 1 || 2008215 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (up2dash updater) || url,doc.emergingthreats.net/bin/view/Main/2008215 1 || 2008216 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (NSIS_DOWNLOAD) || url,doc.emergingthreats.net/bin/view/Main/2008216 1 || 2008218 || 7 || trojan-activity || 0 || ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via HTTP-Email Post || url,en.wikipedia.org/wiki/Optix_Pro || url,doc.emergingthreats.net/2008218 1 || 2008219 || 6 || trojan-activity || 0 || ET TROJAN Looked.P/Gamania/Delf #108/! Style CnC Checkin || url,doc.emergingthreats.net/bin/view/Main/Win32Looked 1 || 2008220 || 5 || trojan-activity || 0 || ET TROJAN Looked.P/Gamania/Delf #109/! Style CnC Checkin Response from Server || url,doc.emergingthreats.net/bin/view/Main/Win32Looked 1 || 2008221 || 4 || trojan-activity || 0 || ET TROJAN Asprox-style Message ID || url,www.secureworks.com/research/threats/danmecasprox || url,doc.emergingthreats.net/2008221 1 || 2008222 || 4 || trojan-activity || 0 || ET TROJAN Asprox phishing email detected || url,www.secureworks.com/research/threats/danmecasprox || url,doc.emergingthreats.net/2008222 1 || 2008223 || 4 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Checkin (FYWL) || url,doc.emergingthreats.net/2008223 1 || 2008224 || 4 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Checkin (XYLL) || url,doc.emergingthreats.net/2008224 1 || 2008225 || 8 || web-application-attack || 0 || ET ACTIVEX Possible Universal HTTP Image/File Upload ActiveX Remote File Deletion Exploit || url,www.milw0rm.com/exploits/5569 || url,doc.emergingthreats.net/2008225 1 || 2008226 || 8 || web-application-attack || 0 || ET ACTIVEX Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit || bugtraq,28820 || url,www.milw0rm.com/exploits/5460 || url,www.milw0rm.com/exploits/5530 || url,doc.emergingthreats.net/2008226 1 || 2008228 || 10 || trojan-activity || 0 || ET SCAN Suspicious User-Agent inbound (bot) || url,doc.emergingthreats.net/bin/view/Main/2008228 1 || 2008230 || 2 || misc-activity || 0 || ET SCAN Behavioral Unusually fast outbound Telnet Connections, Potential Scan or Brute Force || url,www.rapid7.com/nexpose-faq-answer2.htm || url,doc.emergingthreats.net/2008230 1 || 2008231 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Mozilla 1.02.45 biz) || url,doc.emergingthreats.net/bin/view/Main/2008231 1 || 2008232 || 5 || trojan-activity || 0 || ET TROJAN Generic Spambot (often Tibs) Post-Infection Checkin (justcount.net likely) || url,doc.emergingthreats.net/2008232 1 || 2008233 || 12 || trojan-activity || 0 || ET TROJAN Common Downloader Install Report URL (farfly checkin) || url,doc.emergingthreats.net/2008233 1 || 2008236 || 3 || trojan-activity || 0 || ET TROJAN Fake.Googlebar or Softcash.org Related Post-Infection Checkin || url,doc.emergingthreats.net/2008236 1 || 2008237 || 3 || trojan-activity || 0 || ET TROJAN Pass Stealer FTP Upload || url,doc.emergingthreats.net/2008237 1 || 2008238 || 4 || policy-violation || 0 || ET POLICY Hotmail Inbox Access || url,doc.emergingthreats.net/2008238 1 || 2008239 || 4 || policy-violation || 0 || ET POLICY Hotmail Message Access || url,doc.emergingthreats.net/2008239 1 || 2008240 || 4 || policy-violation || 0 || ET POLICY Hotmail Compose Message Access || url,doc.emergingthreats.net/2008240 1 || 2008241 || 5 || policy-violation || 0 || ET DELETED Hotmail Compose Message Submit || url,doc.emergingthreats.net/2008241 1 || 2008242 || 4 || policy-violation || 0 || ET POLICY Hotmail Access Full Mode || url,doc.emergingthreats.net/2008242 1 || 2008243 || 5 || trojan-activity || 0 || ET TROJAN my247eshop.com User-Agent || url,doc.emergingthreats.net/2008243 1 || 2008244 || 5 || trojan-activity || 0 || ET TROJAN ProxyBot Phone Home Traffic || url,doc.emergingthreats.net/2008244 1 || 2008245 || 5 || trojan-activity || 0 || ET DELETED Juicopotomous to Controller || url,doc.emergingthreats.net/2008245 1 || 2008246 || 4 || trojan-activity || 0 || ET DELETED Juicopotomous ack from Controller || url,doc.emergingthreats.net/2008246 1 || 2008247 || 5 || trojan-activity || 0 || ET DELETED Juicopotomous ack to Controller || url,doc.emergingthreats.net/2008247 1 || 2008248 || 5 || trojan-activity || 0 || ET TROJAN Cashout Proxy Bot reg_DST || url,doc.emergingthreats.net/2008248 1 || 2008249 || 4 || trojan-activity || 0 || ET TROJAN Knockbot Proxy Checkin || url,doc.emergingthreats.net/2008249 1 || 2008250 || 3 || trojan-activity || 0 || ET TROJAN Winspywareprotect.com Fake AV/Anti-Spyware Install Checkin || url,doc.emergingthreats.net/2008250 1 || 2008251 || 3 || trojan-activity || 0 || ET TROJAN Winspywareprotect.com Fake AV/Anti-Spyware Secondary Checkin || url,doc.emergingthreats.net/2008251 1 || 2008253 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (chek) || url,doc.emergingthreats.net/bin/view/Main/2008253 1 || 2008254 || 4 || trojan-activity || 0 || ET TROJAN Vipdataend/Ceckno C&C Traffic - Checkin || url,doc.emergingthreats.net/2008254 1 || 2008255 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (IE) || url,doc.emergingthreats.net/bin/view/Main/2008255 1 || 2008256 || 7 || trojan-activity || 0 || ET TROJAN Banload HTTP Checkin Detected (envia.php) || url,doc.emergingthreats.net/2008256 1 || 2008257 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Nimo Software HTTP Retriever 1.0) || url,doc.emergingthreats.net/bin/view/Main/2008257 1 || 2008258 || 3 || trojan-activity || 0 || ET TROJAN Hupigon CnC Communication (variant bysj) || url,doc.emergingthreats.net/2008258 1 || 2008259 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (AutoHotkey) || url,doc.emergingthreats.net/bin/view/Main/2008259 1 || 2008260 || 5 || trojan-activity || 0 || ET TROJAN Pointpack.kr Related Trojan Checkin || url,doc.emergingthreats.net/2008260 1 || 2008261 || 4 || trojan-activity || 0 || ET TROJAN Common Spambot HTTP Checkin || url,doc.emergingthreats.net/2008261 1 || 2008262 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (WebForm 1) || url,doc.emergingthreats.net/bin/view/Main/2008262 1 || 2008263 || 13 || trojan-activity || 0 || ET TROJAN DNS Changer HTTP Post Checkin || url,doc.emergingthreats.net/2008263 1 || 2008264 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (opera) || url,doc.emergingthreats.net/bin/view/Main/2008264 1 || 2008266 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Zilla) || url,doc.emergingthreats.net/bin/view/Main/2008266 1 || 2008267 || 8 || trojan-activity || 0 || ET TROJAN Banker.JU Related HTTP Post-infection Checkin || url,doc.emergingthreats.net/2008267 1 || 2008268 || 9 || trojan-activity || 0 || ET DELETED Delf Checkin via HTTP (8) || url,doc.emergingthreats.net/2008268 1 || 2008269 || 3 || trojan-activity || 0 || ET TROJAN Emogen Infection Checkin Initial Packet || url,doc.emergingthreats.net/2008269 1 || 2008270 || 3 || trojan-activity || 0 || ET TROJAN Emogen Infection Checkin CnC Keepalive || url,doc.emergingthreats.net/2008270 1 || 2008271 || 9 || trojan-activity || 0 || ET TROJAN DMSpammer HTTP Post Checkin || url,doc.emergingthreats.net/2008271 1 || 2008273 || 4 || trojan-activity || 0 || ET TROJAN Bifrose Connect to Controller || url,doc.emergingthreats.net/2008273 1 || 2008274 || 4 || trojan-activity || 0 || ET TROJAN Bifrose Response from Controller || url,doc.emergingthreats.net/2008274 1 || 2008275 || 5 || trojan-activity || 0 || ET TROJAN Hitpop Checkin || url,atlas-public.ec2.arbor.net/docs/Hitpop_DDoS_Malware_Analysis_PUBLIC.pdf || url,doc.emergingthreats.net/2008275 1 || 2008276 || 14 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (contains loader) || url,doc.emergingthreats.net/bin/view/Main/2008276 1 || 2008277 || 7 || trojan-activity || 0 || ET TROJAN Pakes Winifixer.com Related Checkin URL || url,doc.emergingthreats.net/2008277 1 || 2008278 || 3 || trojan-activity || 0 || ET DELETED Generic Raider Obfuscated VBScript || url,bbs.duba.net/viewthread.php?tid=21892104&page=1&extra=page=1 || url,doc.emergingthreats.net/2008278 1 || 2008279 || 9 || trojan-activity || 0 || ET MALWARE ZenoSearch Spyware User-Agent || url,doc.emergingthreats.net/2008279 1 || 2008280 || 6 || trojan-activity || 0 || ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL || url,doc.emergingthreats.net/2008280 1 || 2008282 || 5 || trojan-activity || 0 || ET TROJAN Antispywaremaster.com Fake AV Checkin || url,doc.emergingthreats.net/2008282 1 || 2008283 || 9 || trojan-activity || 0 || ET TROJAN Banload HTTP Checkin Detected (quem=) || url,doc.emergingthreats.net/2008283 1 || 2008284 || 3 || misc-activity || 0 || ET POLICY Inbound HTTP CONNECT Attempt on Off-Port || url,doc.emergingthreats.net/2008284 1 || 2008285 || 2 || trojan-activity || 0 || ET TROJAN RLPacked Binary - Likely Hostile || url,rlpack.jezgra.net || url,www.teamfurry.com/wordpress/2007/04/01/unpacking-rlpack/ || url,doc.emergingthreats.net/2008285 1 || 2008289 || 5 || policy-violation || 0 || ET CHAT Possible MSN Messenger File Transfer || url,www.hypothetic.org/docs/msn/client/file_transfer.php || url,doc.emergingthreats.net/2008289 1 || 2008291 || 3 || trojan-activity || 0 || ET TROJAN Win32.Onlinegames.ajok CnC Packet to Server || url,doc.emergingthreats.net/2008291 1 || 2008292 || 3 || trojan-activity || 0 || ET TROJAN Win32.Onlinegames.ajok CnC Packet from Server || url,doc.emergingthreats.net/2008292 1 || 2008294 || 7 || trojan-activity || 0 || ET MALWARE AntiSpywareMaster.com Fake AV User-Agent (AsmUpdater) || url,doc.emergingthreats.net/2008294 1 || 2008295 || 6 || policy-violation || 0 || ET CHAT Gadu-Gadu IM Login Server Request || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008295 1 || 2008297 || 4 || policy-violation || 0 || ET CHAT GaduGadu Chat Server Welcome Packet || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008297 1 || 2008298 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Client Login Packet || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008298 1 || 2008299 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Server Login OK Packet || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008299 1 || 2008300 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Server Login Failed Packet || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008300 1 || 2008301 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Server Available Status Packet || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008301 1 || 2008302 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Send Message || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008302 1 || 2008303 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Receive Message || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008303 1 || 2008304 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Keepalive PING || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008304 1 || 2008305 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Keepalive PONG || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008305 1 || 2008306 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat File Send Request || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008306 1 || 2008307 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat File Send Details || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008307 1 || 2008308 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat File Send Accept || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008308 1 || 2008309 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat File Send Begin || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008309 1 || 2008310 || 2 || trojan-activity || 0 || ET TROJAN Codesoft PW Stealer Email Report Outbound || url,doc.emergingthreats.net/2008310 1 || 2008311 || 5 || attempted-recon || 0 || ET SCAN Watchfire AppScan Web App Vulnerability Scanner || url,www.watchfire.com/products/appscan/default.aspx || url,doc.emergingthreats.net/2008311 1 || 2008312 || 4 || attempted-recon || 0 || ET SCAN DEBUG Method Request with Command || url,doc.emergingthreats.net/2008312 1 || 2008313 || 7 || web-application-attack || 0 || ET WEB_CLIENT Iframe in Purported Image Download (jpeg) - Likely SQL Injection Attacks Related || url,doc.emergingthreats.net/bin/view/Main/2008313 1 || 2008314 || 7 || web-application-attack || 0 || ET WEB_CLIENT Iframe in Purported Image Download (gif) - Likely SQL Injection Attacks Related || url,doc.emergingthreats.net/bin/view/Main/2008314 1 || 2008315 || 6 || web-application-attack || 0 || ET DELETED Iframe in Purported Image Download (png) - Likely SQL Injection Attacks Related || url,doc.emergingthreats.net/bin/view/Main/2008315 1 || 2008317 || 9 || trojan-activity || 0 || ET TROJAN Hitpop.AG/Pophot.az HTTP Checkin || url,doc.emergingthreats.net/2008317 1 || 2008318 || 5 || trojan-activity || 0 || ET MALWARE Adaware.BarACE Checkin and Update || url,www.symantec.com/security_response/writeup.jsp?docid=2007-021714-2431-99&tabid=2 || url,doc.emergingthreats.net/bin/view/Main/2008318 1 || 2008319 || 6 || trojan-activity || 0 || ET TROJAN Win32.Small.wpx or Related Downloader Posting Data || url,doc.emergingthreats.net/2008319 1 || 2008320 || 2 || trojan-activity || 0 || ET TROJAN Banload Gadu-Gadu CnC Message Detected || url,doc.emergingthreats.net/2008320 1 || 2008321 || 3 || trojan-activity || 0 || ET TROJAN Win32.Small.AB or related Post-infection checkin || url,doc.emergingthreats.net/2008321 1 || 2008322 || 10 || trojan-activity || 0 || ET TROJAN FraudLoad.aww HTTP CnC Post || url,doc.emergingthreats.net/2008322 1 || 2008324 || 6 || trojan-activity || 0 || ET TROJAN Zalupko/Koceg/Mandaph manda.php Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Backdoor%3aWin32%2fKoceg.gen!B || url,www.symantec.com/security_response/writeup.jsp?docid=2008-042816-0445-99&tabid=2 || url,www.threatexpert.com/report.aspx?md5=b2aad8e259cbfdd2ba1fcbf22bcee2e9 || url,doc.emergingthreats.net/2008324 1 || 2008326 || 7 || trojan-activity || 0 || ET TROJAN Banker Infostealer/PRG POST on High Port || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2008326 1 || 2008327 || 2 || trojan-activity || 0 || ET TROJAN Perfect Keylogger FTP Initial Install Log Upload (Null obfuscated) || url,doc.emergingthreats.net/2008327 1 || 2008328 || 7 || trojan-activity || 0 || ET DELETED Banload iLLBrain Trojan Activity || url,doc.emergingthreats.net/2008328 1 || 2008329 || 5 || trojan-activity || 0 || ET TROJAN xpsecuritycenter.com Fake AntiVirus GET-Install Checkin || url,www.symantec.com/security_response/writeup.jsp?docid=2008-051910-0118-99&tabid=1 || url,doc.emergingthreats.net/2008329 1 || 2008330 || 11 || misc-activity || 0 || ET POLICY HTTP CONNECT Tunnel Attempt Outbound || url,doc.emergingthreats.net/2008330 1 || 2008331 || 8 || trojan-activity || 0 || ET TROJAN Banker/Banbra Variant POST via x-www-form-urlencoded || url,doc.emergingthreats.net/2008331 1 || 2008332 || 2 || trojan-activity || 0 || ET TROJAN Steam Pass Stealer FTP Upload || url,doc.emergingthreats.net/2008332 1 || 2008333 || 4 || trojan-activity || 0 || ET TROJAN Lop.gfr/Swizzor HTTP Update/Checkin (usually host-domain-lookup.com related) || url,doc.emergingthreats.net/2008333 1 || 2008334 || 9 || trojan-activity || 0 || ET TROJAN Beizhu/Womble/Vipdataend Checking in with Controller || url,doc.emergingthreats.net/2008334 1 || 2008335 || 7 || trojan-activity || 0 || ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive || url,doc.emergingthreats.net/2008335 1 || 2008336 || 6 || policy-violation || 0 || ET POLICY Eurobarre.us Setup User-Agent || url,doc.emergingthreats.net/2008336 1 || 2008338 || 9 || trojan-activity || 0 || ET TROJAN KLog Nick Keylogger Checkin || url,doc.emergingthreats.net/2008338 1 || 2008339 || 4 || trojan-activity || 0 || ET TROJAN Keypack.co.kr Related Trojan User-Agent Detected || url,doc.emergingthreats.net/2008339 1 || 2008340 || 10 || trojan-activity || 0 || ET TROJAN Lost Door Checkin || url,doc.emergingthreats.net/2008340 1 || 2008341 || 4 || trojan-activity || 0 || ET TROJAN Themida Packed Binary - Likely Hostile || url,www.oreans.com/themida.php || url,cwsandbox.org/?page=samdet&id=164533&password=wnnpi || url,doc.emergingthreats.net/2008341 1 || 2008342 || 11 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ld) || url,doc.emergingthreats.net/bin/view/Main/2008342 1 || 2008343 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (123) || url,doc.emergingthreats.net/bin/view/Main/2008343 1 || 2008344 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (DownloadNetFile) || url,doc.emergingthreats.net/bin/view/Main/2008344 1 || 2008345 || 5 || trojan-activity || 0 || ET TROJAN Dialer.Trojan Activity || url,doc.emergingthreats.net/2008345 1 || 2008346 || 6 || trojan-activity || 0 || ET DELETED Mitglieder Checkin || url,doc.emergingthreats.net/2008346 1 || 2008347 || 8 || successful-recon-limited || 0 || ET TROJAN Swizzor Checkin || url,doc.emergingthreats.net/2008347 1 || 2008348 || 2 || trojan-activity || 0 || ET TROJAN SC-KeyLog Keylogger Installed - Sending Log Email Report || url,www.soft-central.net/keylog.php || url,doc.emergingthreats.net/2008348 1 || 2008349 || 9 || trojan-activity || 0 || ET DELETED Injecter Checkin || url,doc.emergingthreats.net/2008349 1 || 2008350 || 7 || policy-violation || 0 || ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile || url,doc.emergingthreats.net/bin/view/Main/2008350 1 || 2008351 || 4 || policy-violation || 0 || ET POLICY ICP Email Send via HTTP - Often Trojan Install Reports || url,doc.emergingthreats.net/2008351 1 || 2008352 || 9 || trojan-activity || 0 || ET TROJAN CoreFlooder.Q Data Posting || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FCOREFLOOD%2EQ || url,doc.emergingthreats.net/2008352 1 || 2008353 || 8 || trojan-activity || 0 || ET TROJAN CoreFlooder.Q C&C Checkin || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FCOREFLOOD%2EQ || url,doc.emergingthreats.net/2008353 1 || 2008354 || 4 || trojan-activity || 0 || ET DELETED LDPinch Checkin on Port 82 || url,doc.emergingthreats.net/2008354 1 || 2008355 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (angel) || url,doc.emergingthreats.net/bin/view/Main/2008355 1 || 2008356 || 4 || trojan-activity || 0 || ET MALWARE Seekmo.com Spyware Data Upload || url,doc.emergingthreats.net/bin/view/Main/2008356 1 || 2008358 || 5 || trojan-activity || 0 || ET TROJAN Pakes/Cutwail/Kobcka Checkin Detected High Ports || url,doc.emergingthreats.net/2008358 1 || 2008359 || 8 || trojan-activity || 0 || ET TROJAN Unnamed - kuaiche.com related || url,doc.emergingthreats.net/bin/view/Main/2008359 1 || 2008360 || 4 || trojan-activity || 0 || ET TROJAN Steam Steal0r || url,doc.emergingthreats.net/2008360 1 || 2008361 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Accessing) || url,doc.emergingthreats.net/bin/view/Main/2008361 1 || 2008362 || 4 || web-application-activity || 0 || ET SCAN bsqlbf Brute Force SQL Injection || url,code.google.com/p/bsqlbf-v2/ || url,doc.emergingthreats.net/2008362 1 || 2008363 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ISMYIE) || url,doc.emergingthreats.net/bin/view/Main/2008363 1 || 2008364 || 6 || trojan-activity || 0 || ET TROJAN Donkeyp2p Update Detected || url,doc.emergingthreats.net/2008364 1 || 2008365 || 8 || trojan-activity || 0 || ET TROJAN Playtech Downloader Online Gaming Checkin || md5,00740d7d15862efb30629ab1fd7b8242 1 || 2008366 || 4 || trojan-activity || 0 || ET TROJAN LD Pinch Checkin (HTTP POST on port 82) || url,doc.emergingthreats.net/2008366 1 || 2008367 || 8 || trojan-activity || 0 || ET DELETED Possible Windows executable sent when remote host claims to send Javascript || url,doc.emergingthreats.net/bin/view/Main/2008367 1 || 2008368 || 7 || trojan-activity || 0 || ET TROJAN Unknown Keylogger checkin || url,doc.emergingthreats.net/bin/view/Main/2008368 1 || 2008369 || 8 || trojan-activity || 0 || ET TROJAN Keylogger Crack by bahman || url,doc.emergingthreats.net/2008369 1 || 2008370 || 4 || trojan-activity || 0 || ET MALWARE Shopcenter.co.kr Spyware Install Report || url,doc.emergingthreats.net/bin/view/Main/2008370 1 || 2008372 || 10 || trojan-activity || 0 || ET MALWARE Adsincontext.com Related Spyware User-Agent (Connector v1.2) || url,doc.emergingthreats.net/2008372 1 || 2008374 || 15 || trojan-activity || 0 || ET POLICY Suspicious User-Agent (InetURL) || url,doc.emergingthreats.net/bin/view/Main/2008374 1 || 2008375 || 7 || trojan-activity || 0 || ET MALWARE Gooochi Related Spyware Ad pull || url,www.threatexpert.com/reports.aspx?find=ads.gooochi.biz || url,doc.emergingthreats.net/bin/view/Main/2008375 1 || 2008376 || 5 || trojan-activity || 0 || ET TROJAN RegHelper Installation || url,doc.emergingthreats.net/2008376 1 || 2008377 || 5 || trojan-activity || 0 || ET TROJAN Virtumod/Agent.ufv/Virtumonde Get Request || url,doc.emergingthreats.net/2008377 1 || 2008378 || 11 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ErrCode) || url,doc.emergingthreats.net/bin/view/Main/2008378 1 || 2008379 || 5 || trojan-activity || 0 || ET TROJAN Swizzor Checkin (kgen_up) || url,doc.emergingthreats.net/2008379 1 || 2008380 || 2 || trojan-activity || 0 || ET TROJAN Poison Ivy Key Exchange with CnC Init || url,doc.emergingthreats.net/2008380 1 || 2008381 || 2 || trojan-activity || 0 || ET TROJAN Poison Ivy Key Exchange with CnC Response || url,doc.emergingthreats.net/2008381 1 || 2008382 || 6 || trojan-activity || 0 || ET TROJAN Piptea.a Related Trojan Checkin (1) || url,doc.emergingthreats.net/2008382 1 || 2008383 || 6 || trojan-activity || 0 || ET TROJAN Piptea.a Related Trojan Checkin (2) || url,doc.emergingthreats.net/2008383 1 || 2008384 || 6 || trojan-activity || 0 || ET TROJAN Piptea.a Related Trojan Checkin (3) || url,doc.emergingthreats.net/2008384 1 || 2008386 || 4 || trojan-activity || 0 || ET TROJAN Zlob HTTP Checkin || url,doc.emergingthreats.net/2008386 1 || 2008387 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Possible ASPROX Hostile JS Being Served by a Local Webserver (/ngg.js) || url,doc.emergingthreats.net/bin/view/Main/2008387 || url,infosec20.blogspot.com/2008/07/asprox-payload-morphed.html 1 || 2008388 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible ASPROX Hostile JS Being Served by a Local Webserver (/b.js) || url,doc.emergingthreats.net/bin/view/Main/2008388 1 || 2008389 || 2 || trojan-activity || 0 || ET DELETED Likely Hupigon Post to Controller || url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml || url,doc.emergingthreats.net/2008389 1 || 2008390 || 2 || trojan-activity || 0 || ET DELETED Hupigon Response from Controller (YES - ~~@@) || url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml || url,doc.emergingthreats.net/2008390 1 || 2008391 || 11 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (svchost) || url,doc.emergingthreats.net/bin/view/Main/2008391 1 || 2008393 || 3 || trojan-activity || 0 || ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL (2) || url,doc.emergingthreats.net/2008393 1 || 2008395 || 4 || trojan-activity || 0 || ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL (3) || url,doc.emergingthreats.net/2008395 1 || 2008396 || 4 || trojan-activity || 0 || ET TROJAN Zlob Initial Check-in Version 2 (confirm.php?sid=) || url,doc.emergingthreats.net/2008396 1 || 2008397 || 5 || trojan-activity || 0 || ET TROJAN Fullspace.cc or Related Checkin (1) || url,doc.emergingthreats.net/2008397 1 || 2008398 || 5 || trojan-activity || 0 || ET TROJAN Fullspace.cc or Related Checkin (2) || url,doc.emergingthreats.net/2008398 1 || 2008399 || 6 || trojan-activity || 0 || ET TROJAN contacy.info Trojan Checkin (User agent clk_jdfhid) || url,doc.emergingthreats.net/2008399 1 || 2008400 || 10 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ReadFileURL) || url,doc.emergingthreats.net/bin/view/Main/2008400 1 || 2008402 || 3 || trojan-activity || 0 || ET MALWARE Realtimegaming.com Online Casino Spyware Gaming Checkin || url,doc.emergingthreats.net/bin/view/Main/2008402 1 || 2008405 || 5 || trojan-activity || 0 || ET TROJAN Obitel trojan calling home || url,www.abuse.ch/?p=143 || url,doc.emergingthreats.net/2008405 1 || 2008406 || 8 || trojan-activity || 0 || ET POLICY RemoteSpy.com Upload Detect || url,doc.emergingthreats.net/2008406 1 || 2008407 || 5 || web-application-attack || 0 || ET ACTIVEX Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download (1) || bugtraq,30114 || url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html || url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html || url,doc.emergingthreats.net/bin/view/Main/2008407 1 || 2008408 || 5 || web-application-attack || 0 || ET ACTIVEX Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download (2) || bugtraq,30114 || url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html || url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html || url,doc.emergingthreats.net/bin/view/Main/2008408 1 || 2008409 || 4 || web-application-attack || 0 || ET ACTIVEX Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download (3) || bugtraq,30114 || url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html || url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html || url,doc.emergingthreats.net/bin/view/Main/2008409 1 || 2008411 || 5 || trojan-activity || 0 || ET TROJAN LDPinch SMTP Password Report with mail client The Bat! || url,doc.emergingthreats.net/2008411 1 || 2008412 || 5 || trojan-activity || 0 || ET TROJAN Trojan-Dropper.Win32.Small.avu HTTP Checkin || url,doc.emergingthreats.net/2008412 1 || 2008413 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (PcPcUpdater) || url,doc.emergingthreats.net/bin/view/Main/2008413 1 || 2008414 || 2 || attempted-recon || 0 || ET SCAN Cisco Torch TFTP Scan || url,www.hackingexposedcisco.com/?link=tools || url,www.securiteam.com/tools/5EP0F1FEUA.html || url,doc.emergingthreats.net/2008414 1 || 2008415 || 9 || attempted-recon || 0 || ET SCAN Cisco Torch IOS HTTP Scan || url,www.hackingexposedcisco.com/?link=tools || url,www.securiteam.com/tools/5EP0F1FEUA.html || url,doc.emergingthreats.net/2008415 1 || 2008416 || 6 || attempted-recon || 0 || ET SCAN Httprint Web Server Fingerprint Scan || url,www.net-square.com/httprint/ || url,www.net-square.com/httprint/httprint_paper.html || url,doc.emergingthreats.net/2008416 1 || 2008417 || 8 || attempted-recon || 0 || ET SCAN Wapiti Web Server Vulnerability Scan || url,wapiti.sourceforge.net/ || url,doc.emergingthreats.net/2008417 1 || 2008418 || 5 || misc-activity || 0 || ET POLICY Metasploit Framework Update || url,www.metasploit.com/framework/ || url,www.ethicalhacker.net/content/view/29/24/ || url,doc.emergingthreats.net/2008418 1 || 2008419 || 4 || trojan-activity || 0 || ET MALWARE Advert-network.com Related Spyware Updating || url,doc.emergingthreats.net/bin/view/Main/2008419 1 || 2008420 || 3 || trojan-activity || 0 || ET TROJAN HTTP GET Request on port 53 - Very Likely Hostile || url,doc.emergingthreats.net/2008420 1 || 2008422 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Inet_read) || url,doc.emergingthreats.net/bin/view/Main/2008422 1 || 2008423 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (CFS Agent) || url,doc.emergingthreats.net/bin/view/Main/2008423 1 || 2008424 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (CFS_DOWNLOAD) || url,doc.emergingthreats.net/bin/view/Main/2008424 1 || 2008425 || 6 || trojan-activity || 0 || ET MALWARE Advert-network.com Related Spyware Checking for Updates || url,doc.emergingthreats.net/bin/view/Main/2008425 1 || 2008426 || 4 || misc-attack || 0 || ET EXPLOIT SecurityGateway 1.0.1 Remote Buffer Overflow || url,frsirt.com/english/advisories/2008/1717 || url,milw0rm.com/exploits/5718 || url,doc.emergingthreats.net/bin/view/Main/2008426 || cve,2008-4193 1 || 2008427 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (AdiseExplorer) || url,doc.emergingthreats.net/bin/view/Main/2008427 1 || 2008428 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (HTTP Downloader) || url,doc.emergingthreats.net/bin/view/Main/2008428 1 || 2008429 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (HttpDownload) || url,doc.emergingthreats.net/bin/view/Main/2008429 1 || 2008430 || 5 || trojan-activity || 0 || ET TROJAN Win32.Dialer.buv Sending Information Home || url,doc.emergingthreats.net/2008430 1 || 2008431 || 5 || trojan-activity || 0 || ET TROJAN PWS.Gamania Checkin || url,doc.emergingthreats.net/2008431 1 || 2008433 || 8 || trojan-activity || 0 || ET TROJAN Pandex checkin detected || url,doc.emergingthreats.net/2008433 1 || 2008434 || 8 || trojan-activity || 0 || ET TROJAN Coreflood/AFcore Trojan Infection || url,www.secureworks.com/research/threats/coreflood || url,doc.emergingthreats.net/2008434 1 || 2008435 || 2 || trojan-activity || 0 || ET TROJAN Win32.Testlink Trojan Speed Test Start port 8888 || url,doc.emergingthreats.net/2008435 1 || 2008436 || 3 || trojan-activity || 0 || ET TROJAN Win32.Testlink Trojan Speed Test port 8888 || url,doc.emergingthreats.net/2008436 1 || 2008437 || 2 || trojan-activity || 0 || ET TROJAN Win32.Testlink Trojan Checkin port 8888 || url,doc.emergingthreats.net/2008437 1 || 2008438 || 13 || trojan-activity || 0 || ET MALWARE Possible Windows executable sent when remote host claims to send a Text File || url,doc.emergingthreats.net/bin/view/Main/2008438 1 || 2008439 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AlstraSoft Affiliate Network Pro (pgm) Parameter SQL Injection || bugtraq,30259 || url,milw0rm.com/exploits/6087 || url,doc.emergingthreats.net/2008439 1 || 2008440 || 11 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Download App) || url,doc.emergingthreats.net/bin/view/Main/2008440 1 || 2008441 || 8 || trojan-activity || 0 || ET TROJAN Win32 Dialer Variant || url,doc.emergingthreats.net/2008441 1 || 2008442 || 8 || trojan-activity || 0 || ET TROJAN Rootkit.Win32.Clbd.cz Checkin || url,doc.emergingthreats.net/2008442 1 || 2008443 || 9 || trojan-activity || 0 || ET TROJAN Coreflood/AFcore Trojan Infection (2) || url,www.secureworks.com/research/threats/coreflood || url,doc.emergingthreats.net/2008443 1 || 2008444 || 3 || suspicious-filename-detect || 0 || ET EXPLOIT PWDump4 Password dumping exe copied to victim || url,xinn.org/Snort-pwdump4.html || url,doc.emergingthreats.net/bin/view/Main/2008444 1 || 2008445 || 3 || suspicious-filename-detect || 0 || ET EXPLOIT Pwdump6 Session Established test file created on victim || url,xinn.org/Snort-pwdump6.html || url,doc.emergingthreats.net/bin/view/Main/2008445 1 || 2008446 || 9 || bad-unknown || 0 || ET DNS Excessive DNS Responses with 1 or more RR's (100+ in 10 seconds) - possible Cache Poisoning Attempt || url,doc.emergingthreats.net/bin/view/Main/2008446 1 || 2008447 || 7 || bad-unknown || 0 || ET DNS Query Responses with 3 RR's set (50+ in 2 seconds) - possible NS RR Cache Poisoning Attempt || url,infosec20.blogspot.com/2008/07/kaminsky-dns-cache-poisoning-poc.html || url,doc.emergingthreats.net/bin/view/Main/2008447 1 || 2008449 || 2 || trojan-activity || 0 || ET TROJAN Keylogger.ane Checkin || url,doc.emergingthreats.net/2008449 1 || 2008450 || 5 || trojan-activity || 0 || ET TROJAN Donbot Connect to CnC || url,doc.emergingthreats.net/2008450 || url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html || url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/ 1 || 2008451 || 3 || trojan-activity || 0 || ET TROJAN Donbot Report to CnC || url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html || url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/ || url,doc.emergingthreats.net/2008451 1 || 2008452 || 10 || trojan-activity || 0 || ET DELETED Emo/Downloader.uxk checkin || url,doc.emergingthreats.net/2008452 1 || 2008453 || 7 || web-application-attack || 0 || ET SCAN Tomcat Auth Brute Force attempt (admin) || url,doc.emergingthreats.net/2008453 1 || 2008454 || 7 || web-application-attack || 0 || ET SCAN Tomcat Auth Brute Force attempt (tomcat) || url,doc.emergingthreats.net/2008454 1 || 2008455 || 6 || web-application-attack || 0 || ET SCAN Tomcat Auth Brute Force attempt (manager) || url,doc.emergingthreats.net/2008455 1 || 2008456 || 5 || trojan-activity || 0 || ET MALWARE EMO/PCPrivacyCleaner Rougue Secuirty App GET Checkin || url,www.spywaresignatures.com/details/pcprivacycleaner.pdf || url,doc.emergingthreats.net/bin/view/Main/2008456 1 || 2008457 || 9 || trojan-activity || 0 || ET MALWARE Deepdo Toolbar User-Agent (FavUpdate) || url,research.sunbelt-software.com/threatdisplay.aspx?name=Deepdo%20Toolbar&threatid=129378 || url,doc.emergingthreats.net/2008457 1 || 2008458 || 8 || trojan-activity || 0 || ET TROJAN Downloader UserAgent(AutoDL\/1.0) || url,doc.emergingthreats.net/2008458 1 || 2008460 || 10 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (hacker) || url,doc.emergingthreats.net/bin/view/Main/2008460 1 || 2008461 || 6 || trojan-activity || 0 || ET TROJAN Rouge Security Software Win32.BHO.egw || url,research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Win32.BHO.egw&threatid=313636 || url,doc.emergingthreats.net/2008461 1 || 2008463 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ieguideupdate) || url,doc.emergingthreats.net/bin/view/Main/2008463 1 || 2008464 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (adsntD) || url,doc.emergingthreats.net/bin/view/Main/2008464 1 || 2008465 || 2 || trojan-activity || 0 || ET TROJAN Backdoor Possible Backdoor.Cow Varient (Backdoor.Win32.Agent.lam) C&C traffic || url,doc.emergingthreats.net/2008465 1 || 2008467 || 5 || attempted-admin || 0 || ET WEB_SERVER Possible SQL Injection Attempt Danmec related (declare) || url,doc.emergingthreats.net/2008467 1 || 2008468 || 4 || trojan-activity || 0 || ET DELETED LDPinch Checkin Flowbit set || url,doc.emergingthreats.net/2008468 1 || 2008469 || 7 || trojan-activity || 0 || ET DELETED LDPinch Checkin v2 || url,doc.emergingthreats.net/2008469 1 || 2008470 || 6 || bad-unknown || 0 || ET DNS Excessive NXDOMAIN responses - Possible DNS Backscatter or Domain Generation Algorithm Lookups || url,doc.emergingthreats.net/bin/view/Main/2008470 1 || 2008471 || 4 || trojan-activity || 0 || ET TROJAN HotLan.C Spambot C&C download command || url,doc.emergingthreats.net/2008471 1 || 2008472 || 4 || policy-violation || 0 || ET POLICY Netviewer.com Remote Control Proxy Test || url,doc.emergingthreats.net/2008472 1 || 2008473 || 9 || trojan-activity || 0 || ET TROJAN HotLan.C Spambot Trojan Activity || url,doc.emergingthreats.net/2008473 1 || 2008474 || 4 || trojan-activity || 0 || ET MALWARE Adware.Look2Me Activity || url,doc.emergingthreats.net/bin/view/Main/2008474 1 || 2008475 || 4 || bad-unknown || 0 || ET DNS Query Responses with 3 RR's set (50+ in 2 seconds) - possible A RR Cache Poisoning Attempt || url,infosec20.blogspot.com/2008/07/kaminsky-dns-cache-poisoning-poc.html || url,doc.emergingthreats.net/bin/view/Main/2008475 1 || 2008476 || 3 || suspicious-filename-detect || 0 || ET EXPLOIT Foofus.net Password dumping, dll injection || url,xinn.org/Snort-fgdump.html || url,doc.emergingthreats.net/bin/view/Main/2008476 1 || 2008477 || 6 || trojan-activity || 0 || ET TROJAN Banload POST Checkin (dados) || url,doc.emergingthreats.net/2008477 1 || 2008481 || 3 || trojan-activity || 0 || ET TROJAN Trojan-PSW.Win32.Nilage.crg Checkin || url,doc.emergingthreats.net/2008481 1 || 2008482 || 4 || trojan-activity || 0 || ET TROJAN thespybot.com installation download detected || url,doc.emergingthreats.net/2008482 1 || 2008483 || 8 || trojan-activity || 0 || ET TROJAN Win32/Antivirus2008 || url,doc.emergingthreats.net/2008483 1 || 2008484 || 7 || trojan-activity || 0 || ET MALWARE Cleancop.co.kr Fake AV User-Agent (CleancopUpdate) || url,doc.emergingthreats.net/2008484 1 || 2008485 || 7 || trojan-activity || 0 || ET MALWARE Searchtool.co.kr Fake Product User-Agent (searchtoolup) || url,doc.emergingthreats.net/2008485 1 || 2008488 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (NULL) || url,doc.emergingthreats.net/bin/view/Main/2008488 1 || 2008489 || 9 || policy-violation || 0 || ET POLICY Suspicious User-Agent (dwplayer) || url,doc.emergingthreats.net/bin/view/Main/2008489 1 || 2008490 || 7 || trojan-activity || 0 || ET TROJAN Dialer.Win32.E-Group.n Checkin || url,doc.emergingthreats.net/2008490 1 || 2008491 || 3 || trojan-activity || 0 || ET DELETED Banker.OT Checkin (2 packet) || url,doc.emergingthreats.net/2008491 1 || 2008492 || 5 || trojan-activity || 0 || ET TROJAN Win32.Downloader.pgp Checkin || url,doc.emergingthreats.net/2008492 1 || 2008493 || 6 || trojan-activity || 0 || ET TROJAN Pushdo Checkin || url,doc.emergingthreats.net/2008493 1 || 2008494 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ieagent) || url,doc.emergingthreats.net/bin/view/Main/2008494 1 || 2008495 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (antispyprogram) || url,doc.emergingthreats.net/bin/view/Main/2008495 1 || 2008500 || 7 || trojan-activity || 0 || ET MALWARE Sogoul.com Spyware User-Agent (SogouIMEMiniSetup) || url,doc.emergingthreats.net/2008500 1 || 2008502 || 5 || trojan-activity || 0 || ET TROJAN Antispywareexpert.com Fake AS Install Checkin || url,doc.emergingthreats.net/2008502 1 || 2008503 || 8 || policy-violation || 0 || ET MALWARE ZCOM Adware/Spyware User-Agent (ZCOM Software) 1 || 2008504 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (SUiCiDE/1.5) || url,doc.emergingthreats.net/bin/view/Main/2008504 1 || 2008506 || 9 || trojan-activity || 0 || ET TROJAN Trojan-PWS.Win32.VB.tr Checkin Detected || url,doc.emergingthreats.net/2008506 1 || 2008507 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.fdi Bot Reporting to Controller || url,doc.emergingthreats.net/2008507 1 || 2008509 || 3 || trojan-activity || 0 || ET TROJAN VirtualProtect Packed Binary - Likely Hostile || url,bits.packetninjas.org/eblog/?p=3 || url,doc.emergingthreats.net/2008509 1 || 2008510 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (\xa2\xa2HttpClient) || url,doc.emergingthreats.net/bin/view/Main/2008510 1 || 2008511 || 5 || trojan-activity || 0 || ET TROJAN Win32/Antivirus2008 Fake AV Install Report || url,doc.emergingthreats.net/2008511 1 || 2008512 || 13 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (C slash) 1 || 2008513 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (msIE 7.0) || url,doc.emergingthreats.net/bin/view/Main/2008513 1 || 2008514 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (AVP2006IE) || url,doc.emergingthreats.net/bin/view/Main/2008514 1 || 2008515 || 8 || trojan-activity || 0 || ET TROJAN Hupigon.AZG Checkin || url,www.pandasecurity.com/homeusers/security-info/about-malware/encyclopedia/overview.aspx?idvirus=143511&sind=0 || url,vil.nai.com/vil/content/v_145056.htm || url,doc.emergingthreats.net/2008515 1 || 2008516 || 5 || trojan-activity || 0 || ET TROJAN XPantivirus2008 Download || url,www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/page4.html || url,seo.mhvt.net/blog/?p=390 || url,virscan.org/report/a61cd44fc387188da2ee3fbdeda10782.html || url,doc.emergingthreats.net/2008516 1 || 2008517 || 2 || attempted-user || 0 || ET EXPLOIT SQL sp_configure - configuration change || url,msdn.microsoft.com/en-us/library/ms190693.aspx || url,doc.emergingthreats.net/bin/view/Main/2008517 1 || 2008518 || 2 || attempted-user || 0 || ET EXPLOIT SQL sp_configure attempt || url,msdn.microsoft.com/en-us/library/ms190693.aspx || url,doc.emergingthreats.net/bin/view/Main/2008518 1 || 2008519 || 6 || trojan-activity || 0 || ET TROJAN Win32.Agent.zrm/Infostealer.Bancos Checkin || url,doc.emergingthreats.net/2008519 1 || 2008520 || 5 || trojan-activity || 0 || ET DELETED Sinowal/Mebroot/Torpig Client POST || url,doc.emergingthreats.net/2008520 1 || 2008521 || 3 || trojan-activity || 0 || ET TROJAN Keylogger Infection Report via POST || url,doc.emergingthreats.net/2008521 1 || 2008522 || 3 || trojan-activity || 0 || ET TROJAN Stpage Checkin (nomodem) || url,doc.emergingthreats.net/2008522 1 || 2008523 || 8 || trojan-activity || 0 || ET TROJAN Proxy.Win32.Fackemo.g/Katusha/FakeAlert Checkin || md5,29457bd7a95e11bfd0e614a6e237a344 || md5,173a060ed791e620c2ec84d7b360ed60 || url,www.bugbopper.com/NameLookup.asp?Name=Packed_Win32_TDSS_o 1 || 2008524 || 2 || misc-activity || 0 || ET DELETED Milw0rm Exploit Archive Download || url,www.milw0rm.com || url,doc.emergingthreats.net/2008524 1 || 2008525 || 2 || misc-activity || 0 || ET DELETED Packetstormsecurity Exploits Of The Month Download || url,www.packetstormsecurity.org || url,doc.emergingthreats.net/2008525 1 || 2008526 || 5 || attempted-recon || 0 || ET SCAN Smap VOIP Device Scan || url,www.go2linux.org/smap-find-voip-enabled-devices || url,doc.emergingthreats.net/2008526 1 || 2008527 || 5 || trojan-activity || 0 || ET TROJAN Virusremover2008.com Checkin || url,doc.emergingthreats.net/2008527 1 || 2008529 || 6 || web-application-activity || 0 || ET SCAN Core-Project Scanning Bot UA Detected 1 || 2008531 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Infected System Looking up chr.santa-inbox.com CnC Server || url,doc.emergingthreats.net/bin/view/Main/2008531 1 || 2008532 || 3 || trojan-activity || 0 || ET TROJAN Bifrose Connect to Controller (variant 2) || url,doc.emergingthreats.net/2008532 1 || 2008533 || 3 || policy-violation || 0 || ET POLICY Possible External Ultrasurf Anonymizer DNS Query || url,doc.emergingthreats.net/2008533 1 || 2008536 || 6 || attempted-recon || 0 || ET DELETED Halberd Load Balanced Webserver Detection Scan || url,www.halberd.superadditive.com || url,doc.emergingthreats.net/2008536 1 || 2008537 || 6 || attempted-recon || 0 || ET SCAN Hmap Webserver Fingerprint Scan || url,www.ujeni.murkyroc.com/hmap/ || url,doc.emergingthreats.net/2008537 1 || 2008538 || 6 || attempted-recon || 0 || ET SCAN Sqlmap SQL Injection Scan || url,sqlmap.sourceforge.net || url,doc.emergingthreats.net/2008538 1 || 2008540 || 4 || trojan-activity || 0 || ET TROJAN Hupigon.dkxh Checkin to CnC || url,doc.emergingthreats.net/2008540 1 || 2008541 || 7 || trojan-activity || 0 || ET TROJAN Bravix Checkin || url,doc.emergingthreats.net/2008541 1 || 2008542 || 7 || attempted-user || 0 || ET SCADA CitectSCADA ODBC Overflowflow Attempt || cve,2008-2639 || url,www.digitalbond.com/index.php/2008/09/08/ids-signature-for-citect-vuln/ || url,digitalbond.com/tools/quickdraw/vulnerability-rules 1 || 2008543 || 2 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 995 (imaps) being excluded from SSL Alerts || url,doc.emergingthreats.net/2008543 1 || 2008544 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (winlogon) || url,doc.emergingthreats.net/bin/view/Main/2008544 1 || 2008545 || 3 || trojan-activity || 0 || ET TROJAN Social-bos.biz related trojan checkin (trackid=hex) || url,doc.emergingthreats.net/2008545 1 || 2008546 || 6 || trojan-activity || 0 || ET DELETED Emo/Downloader.vr Checkin || url,doc.emergingthreats.net/2008546 || url,www.malwaredomainlist.com/mdl.php?search=emo+&colsearch=All&quantity=50 1 || 2008547 || 3 || trojan-activity || 0 || ET TROJAN PECompact2 Packed Binary - Likely Hostile || url,www.bitsum.com/pecompact.shtml || url,bits.packetninjas.org/eblog/?p=306 || url,doc.emergingthreats.net/2008547 1 || 2008549 || 13 || trojan-activity || 0 || ET MALWARE Systemdoctor.com/Antivir2008 related Fake Anti-Virus User-Agent (AntivirXP) || url,www.wiki-security.com/wiki/Parasite/Antivirus2008 || url,doc.emergingthreats.net/2008549 1 || 2008550 || 5 || trojan-activity || 0 || ET TROJAN General Bot HTTP CnC Pattern || url,doc.emergingthreats.net/2008550 1 || 2008551 || 3 || trojan-activity || 0 || ET TROJAN Banito/Agent.pb Pass Stealer Email Report Outbound || url,doc.emergingthreats.net/2008551 1 || 2008556 || 6 || trojan-activity || 0 || ET ATTACK_RESPONSE FTP CWD to windows system32 - Suspicious || url,doc.emergingthreats.net/bin/view/Main/2008556 1 || 2008557 || 2 || trojan-activity || 0 || ET DELETED Likely EXE Cryptor Packed Binary - Likely Malware || url,bits.packetninjas.org || url,doc.emergingthreats.net/2008557 1 || 2008558 || 7 || trojan-activity || 0 || ET MALWARE iwin.com Games/Spyware User-Agent (iWin GameInfo Installer Helper) || url,doc.emergingthreats.net/2008558 1 || 2008559 || 7 || trojan-activity || 0 || ET ATTACK_RESPONSE Windows LMHosts File Download - Likely DNSChanger Infection || url,doc.emergingthreats.net/bin/view/Main/2008559 1 || 2008560 || 2 || misc-activity || 0 || ET SCAN NNG MS02-039 Exploit False Positive Generator - May Conceal A Genuine Attack || url,packetstormsecurity.nl/filedesc/nng-4.13r-public.rar.html || url,doc.emergingthreats.net/2008560 1 || 2008561 || 3 || misc-activity || 0 || ET POLICY External Unencrypted Connection To Aanval Console || url,www.aanval.com || url,doc.emergingthreats.net/bin/view/Main/2008561 1 || 2008562 || 3 || unknown || 0 || ET TROJAN Suspicious SMTP handshake outbound || url,doc.emergingthreats.net/bin/view/Main/2008562 1 || 2008563 || 3 || unknown || 0 || ET TROJAN Suspicious SMTP handshake reply || url,doc.emergingthreats.net/bin/view/Main/2008563 1 || 2008564 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Internet HTTP Request) || url,doc.emergingthreats.net/bin/view/Main/2008564 1 || 2008567 || 5 || trojan-activity || 0 || ET TROJAN Win32.Crypt.nc Checkin || url,doc.emergingthreats.net/2008567 1 || 2008568 || 3 || attempted-recon || 0 || ET SCAN Voiper Toolkit Torturer Scan || url,sourceforge.net/projects/voiper || url,doc.emergingthreats.net/2008568 1 || 2008569 || 3 || misc-activity || 0 || ET POLICY External Unencrypted Connection to Ossec WUI || url,www.ossec.net || url,doc.emergingthreats.net/2008569 1 || 2008570 || 3 || misc-activity || 0 || ET POLICY External Unencrypted Connection to BASE Console || url,base.secureideas.net || url,doc.emergingthreats.net/bin/view/Main/2008570 1 || 2008571 || 5 || attempted-recon || 0 || ET SCAN Acunetix Version 6 Crawl/Scan Detected || url,www.acunetix.com/ || url,doc.emergingthreats.net/2008571 1 || 2008572 || 3 || trojan-activity || 0 || ET POLICY External MYSQL Server Connection || url,doc.emergingthreats.net/2008572 1 || 2008573 || 3 || trojan-activity || 0 || ET TROJAN Viruscatch.co.kr/Win32.Small.hvd Mysql Command and Control Connection (user viruscatch) || url,doc.emergingthreats.net/2008573 1 || 2008575 || 4 || trojan-activity || 0 || ET POLICY ASProtect/ASPack Packed Binary || url,www.aspack.com/downloads.aspx || url,bits.packetninjas.org/eblog/ || url,doc.emergingthreats.net/2008575 1 || 2008576 || 5 || trojan-activity || 0 || ET DELETED TinyPE Binary - Possibly Hostile || url,www.phreedom.org/solar/code/tinype/ || url,www.packetninjas.net/blog/2008/11/20/ids-signature-for-extremely-small-portable-executable-files.html || url,doc.emergingthreats.net/2008576 1 || 2008577 || 3 || attempted-recon || 0 || ET SCAN Voiper Fuzzing Scan || url,sourceforge.net/projects/voiper || url,doc.emergingthreats.net/2008577 1 || 2008578 || 4 || attempted-recon || 0 || ET SCAN Sipvicious Scan || url,blog.sipvicious.org || url,doc.emergingthreats.net/2008578 1 || 2008579 || 4 || attempted-recon || 0 || ET SCAN Sipp SIP Stress Test Detected || url,sourceforge.net/projects/sipp/ || url,doc.emergingthreats.net/2008579 1 || 2008580 || 5 || trojan-activity || 0 || ET TROJAN Trojan Sinowal/Torpig Phoning Home || url,doc.emergingthreats.net/2008580 1 || 2008581 || 3 || policy-violation || 0 || ET P2P BitTorrent DHT ping request || url,wiki.theory.org/BitTorrentDraftDHTProtocol || url,doc.emergingthreats.net/bin/view/Main/2008581 1 || 2008582 || 7 || policy-violation || 0 || ET P2P BitTorrent DHT find_node request || url,wiki.theory.org/BitTorrentDraftDHTProtocol || url,doc.emergingthreats.net/bin/view/Main/2008582 1 || 2008583 || 4 || policy-violation || 0 || ET P2P BitTorrent DHT nodes reply || url,wiki.theory.org/BitTorrentDraftDHTProtocol || url,doc.emergingthreats.net/bin/view/Main/2008583 1 || 2008584 || 5 || policy-violation || 0 || ET P2P BitTorrent DHT get_peers request || url,wiki.theory.org/BitTorrentDraftDHTProtocol || url,doc.emergingthreats.net/bin/view/Main/2008584 1 || 2008585 || 4 || policy-violation || 0 || ET P2P BitTorrent DHT announce_peers request || url,wiki.theory.org/BitTorrentDraftDHTProtocol || url,doc.emergingthreats.net/bin/view/Main/2008585 1 || 2008586 || 8 || trojan-activity || 0 || ET USER_AGENTS Casino Related Spyware User-Agent Detected (Viper 4.0) || url,doc.emergingthreats.net/2008586 1 || 2008587 || 3 || trojan-activity || 0 || ET TROJAN TroDjan 2.0 Infection Report || url,doc.emergingthreats.net/2008587 1 || 2008588 || 2 || trojan-activity || 0 || ET TROJAN TroDjan 2.0 FTP Channel Open Command || url,doc.emergingthreats.net/2008588 1 || 2008589 || 2 || trojan-activity || 0 || ET POLICY FTP Conversation on Low Port - Likely Hostile (TYPE A) || url,doc.emergingthreats.net/2008589 1 || 2008590 || 2 || trojan-activity || 0 || ET POLICY FTP Conversation on Low Port - Likely Hostile (PASV) || url,doc.emergingthreats.net/2008590 1 || 2008591 || 3 || policy-violation || 0 || ET P2P Ares Server Connection || url,aresgalaxy.sourceforge.net || url,doc.emergingthreats.net/bin/view/Main/2008591 1 || 2008592 || 4 || trojan-activity || 0 || ET TROJAN Nbar.co.kr Related Trojan Checkin || url,doc.emergingthreats.net/2008592 1 || 2008594 || 8 || trojan-activity || 0 || ET MALWARE ezday.co.kr Related Spyware User-Agent (Ezshop) || url,doc.emergingthreats.net/2008594 1 || 2008595 || 8 || policy-violation || 0 || ET P2P SoulSeek P2P Server Connection || url,www.slsknet.org || url,doc.emergingthreats.net/2008595 1 || 2008597 || 3 || attempted-recon || 0 || ET SCAN Cisco Torch SNMP Scan || url,www.hackingexposedcisco.com/?link=tools || url,www.securiteam.com/tools/5EP0F1FEUA.html || url,doc.emergingthreats.net/2008597 1 || 2008598 || 3 || attempted-recon || 0 || ET SCAN Sipsak SIP scan || url,sipsak.org/ || url,doc.emergingthreats.net/2008598 1 || 2008600 || 8 || trojan-activity || 0 || ET DELETED Suspicious User-Agent Detected (Windows+NT) || url,doc.emergingthreats.net/bin/view/Main/2008600 1 || 2008601 || 2 || trojan-activity || 0 || ET TROJAN Visual Shock Keylogger Reporting to Controller || url,research.sunbelt-software.com/threatdisplay.aspx?threatid=42573 || url,doc.emergingthreats.net/2008601 1 || 2008602 || 2 || trojan-activity || 0 || ET TROJAN Visual Shock Keylogger Reporting Idle to Controller || url,research.sunbelt-software.com/threatdisplay.aspx?threatid=42573 || url,doc.emergingthreats.net/2008602 1 || 2008603 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Detected (RLMultySocket) || url,doc.emergingthreats.net/bin/view/Main/2008603 1 || 2008605 || 3 || attempted-recon || 0 || ET SCAN Stompy Web Application Session Scan || url,www.darknet.org.uk/2007/03/stompy-the-web-application-session-analyzer-tool/ || url,doc.emergingthreats.net/2008605 1 || 2008606 || 3 || attempted-recon || 0 || ET SCAN Enumiax Inter-Asterisk Exchange Protocol Username Scan || url,sourceforge.net/projects/enumiax/ || url,doc.emergingthreats.net/2008606 1 || 2008607 || 10 || web-application-attack || 0 || ET ACTIVEX Chilkat IMAP ActiveX File Execution and IE DoS || url,www.milw0rm.com/exploits/6600 || url,doc.emergingthreats.net/2008607 1 || 2008608 || 8 || trojan-activity || 0 || ET TROJAN WinFixer Trojan Related User-Agent (ElectroSun) || url,doc.emergingthreats.net/2008608 1 || 2008609 || 4 || attempted-recon || 0 || ET SCAN Sivus VOIP Vulnerability Scanner SIP Scan || url,www.security-database.com/toolswatch/SiVus-VoIP-Security-Scanner-1-09.html || url,www.vopsecurity.org/ || url,doc.emergingthreats.net/2008609 1 || 2008610 || 3 || attempted-recon || 0 || ET SCAN Sivus VOIP Vulnerability Scanner SIP Components Scan || url,www.security-database.com/toolswatch/SiVus-VoIP-Security-Scanner-1-09.html || url,www.vopsecurity.org/ || url,doc.emergingthreats.net/2008610 1 || 2008611 || 5 || policy-violation || 0 || ET P2P SoulSeek P2P Login Response || url,www.slsknet.org || url,doc.emergingthreats.net/2008611 1 || 2008612 || 9 || web-application-attack || 0 || ET ACTIVEX Autodesk Design Review DWF Viewer ActiveX Control SaveAs Insecure Method || url,retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html || url,secunia.com/Advisories/31989/ || url,doc.emergingthreats.net/2008612 1 || 2008613 || 9 || web-application-attack || 0 || ET ACTIVEX GdPicture Pro ActiveX control SaveAsPDF Insecure Method || url,secunia.com/Advisories/31966/ || url,milw0rm.com/exploits/6638 || url,doc.emergingthreats.net/2008613 1 || 2008614 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Lance show.php catid SQL Injection || url,secunia.com/Advisories/32027/ || url,www.milw0rm.com/exploits/6605 || url,doc.emergingthreats.net/2008614 1 || 2008615 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Real Estate Manager realestate-index.php cat_id SQL Injection || url,secunia.com/Advisories/32049/ || url,www.milw0rm.com/exploits/6599 || url,doc.emergingthreats.net/2008615 1 || 2008616 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pilot Online Training Solution news_read.php id SQL Injection || url,secunia.com/Advisories/31969/ || url,www.milw0rm.com/exploits/6613 || url,doc.emergingthreats.net/2008616 1 || 2008617 || 5 || attempted-recon || 0 || ET SCAN Wikto Scan || url,www.sensepost.com/research/wikto/WiktoDoc1-51.htm || url,doc.emergingthreats.net/2008617 1 || 2008618 || 8 || web-application-attack || 0 || ET ACTIVEX IAS Helper COM Component iashlpr.dll activex remote DOS || url,www.securityfocus.com/archive/1/archive/1/496695/100/0/threaded || cve,2008-2639 || url,securityreason.com/securityalert/4323 || url,doc.emergingthreats.net/2008618 1 || 2008619 || 8 || web-application-attack || 0 || ET ACTIVEX Novell ZENWorks for Desktops Remote Heap-Based Buffer Overflow || bugtraq,31435 || url,securitytracker.com/alerts/2008/Sep/1020951.html || url,doc.emergingthreats.net/2008619 1 || 2008620 || 38 || web-application-attack || 0 || ET ACTIVEX Internet Information Service iisext.dll activex setpassword Insecure Method || cve,2008-4301 || url,www.securityfocus.com/archive/1/archive/1/496694/100/0/threaded || url,doc.emergingthreats.net/2008620 1 || 2008621 || 7 || web-application-attack || 0 || ET ACTIVEX Internet Information Service adsiis.dll activex remote DOS || cve,2008-4300 || url,securityreason.com/securityalert/4325 || url,doc.emergingthreats.net/2008621 1 || 2008623 || 6 || trojan-activity || 0 || ET TROJAN Cinmus.Checkin 1 || url,doc.emergingthreats.net/2008623 1 || 2008624 || 8 || trojan-activity || 0 || ET TROJAN Cinmus.Checkin 2 || url,doc.emergingthreats.net/2008624 1 || 2008625 || 6 || policy-violation || 0 || ET P2P Pando Client User-Agent Detected (Mozilla/4.0 (Windows U) Pando/1.xx) || url,doc.emergingthreats.net/bin/view/Main/2008625 1 || 2008626 || 4 || trojan-activity || 0 || ET TROJAN PlayMP3z.biz Related Spyware/Trojan Install Report || url,doc.emergingthreats.net/2008626 1 || 2008627 || 7 || attempted-recon || 0 || ET SCAN Httprecon Web Server Fingerprint Scan || url,www.computec.ch/projekte/httprecon/ || url,doc.emergingthreats.net/2008627 1 || 2008628 || 6 || attempted-recon || 0 || ET SCAN WSFuzzer Web Application Fuzzing || url,www.owasp.org/index.php/Category%3aOWASP_WSFuzzer_Project || url,doc.emergingthreats.net/2008628 1 || 2008629 || 6 || attempted-recon || 0 || ET SCAN Wikto Backend Data Miner Scan || url,www.sensepost.com/research/wikto/WiktoDoc1-51.htm || url,doc.emergingthreats.net/2008629 1 || 2008639 || 6 || trojan-activity || 0 || ET TROJAN Tibs Trojan Downloader || url,doc.emergingthreats.net/2008639 1 || 2008640 || 5 || attempted-recon || 0 || ET SCAN SIP erase_registrations/add registrations attempt || url,www.hackingvoip.com/sec_tools.html || url,doc.emergingthreats.net/2008640 1 || 2008641 || 4 || attempted-recon || 0 || ET SCAN sipscan probe || url,www.hackingvoip.com/sec_tools.html || url,doc.emergingthreats.net/2008641 1 || 2008642 || 2 || trojan-activity || 0 || ET TROJAN Keylogger PRO GOLD Post || url,doc.emergingthreats.net/2008642 1 || 2008643 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Detected (Downloader1.2) || url,doc.emergingthreats.net/bin/view/Main/2008643 1 || 2008644 || 4 || trojan-activity || 0 || ET TROJAN Spy-Net Trojan Connection || url,doc.emergingthreats.net/2008644 1 || 2008645 || 3 || trojan-activity || 0 || ET TROJAN Spy-Net Trojan Connection (2) || url,doc.emergingthreats.net/2008645 1 || 2008647 || 8 || trojan-activity || 0 || ET MALWARE Internet-antivirus.com Related Fake AV User-Agent (Update Internet Antivirus) || url,doc.emergingthreats.net/2008647 1 || 2008648 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS trac q variable open redirect || cve,CVE-2008-2951 || url,doc.emergingthreats.net/2008648 1 || 2008649 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Realtor v_cat SQL Injection || url,www.milw0rm.com/exploits/6694 || url,secunia.com/advisories/32149/ || url,doc.emergingthreats.net/2008649 1 || 2008650 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Autos catid SQL Injection || url,www.milw0rm.com/exploits/6696 || url,secunia.com/advisories/32139/ || url,doc.emergingthreats.net/2008650 1 || 2008651 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JMweb MP3 src Multiple Local File Inclusion || url,www.exploit-db.com/exploits/6669/ || url,doc.emergingthreats.net/2008651 1 || 2008652 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptsEz Easy Image Downloader id File Disclosure || url,www.milw0rm.com/exploits/6715 || url,secunia.com/Advisories/32210/ || url,doc.emergingthreats.net/2008652 1 || 2008653 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Built2go Real Estate Listings event_id SQL Injection || url,www.milw0rm.com/exploits/6697 || url,secunia.com/Advisories/32129/ || url,doc.emergingthreats.net/2008653 1 || 2008654 || 6 || attempted-recon || 0 || ET SCAN SQLix SQL Injection Vector Scan || url,www.owasp.org/index.php/Category%3aOWASP_SQLiX_Project || url,doc.emergingthreats.net/2008654 1 || 2008656 || 7 || trojan-activity || 0 || ET MALWARE AV2010 Rogue Security Application User-Agent (AV2010) || url,doc.emergingthreats.net/2008656 1 || 2008657 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Detected (Compatible) || url,doc.emergingthreats.net/bin/view/Main/2008657 1 || 2008658 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Detected (GetUrlSize) || url,doc.emergingthreats.net/bin/view/Main/2008658 1 || 2008659 || 7 || trojan-activity || 0 || ET DELETED Suspicious User-Agent Detected (DigitAl56K/6.3) || url,doc.emergingthreats.net/bin/view/Main/2008659 1 || 2008660 || 7 || trojan-activity || 0 || ET TROJAN Torpig Infection Reporting || url,www2.gmer.net/mbr/ || url,www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf || url,doc.emergingthreats.net/2008660 || url,offensivecomputing.net/?q=node/909 1 || 2008661 || 6 || trojan-activity || 0 || ET TROJAN Zbot/Zeus HTTP POST || url,doc.emergingthreats.net/2008661 1 || 2008662 || 3 || trojan-activity || 0 || ET TROJAN Generic PSW Agent server reply || url,doc.emergingthreats.net/2008662 1 || 2008663 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Detected (aguarovex-loader v3.221) || url,doc.emergingthreats.net/bin/view/Main/2008663 1 || 2008664 || 11 || trojan-activity || 0 || ET TROJAN Generic Dropper HTTP Bot grabbing config || url,doc.emergingthreats.net/2008664 1 || 2008665 || 8 || trojan-activity || 0 || ET TROJAN Zbot/Zeus or Related Infection Checkin || url,doc.emergingthreats.net/2008665 1 || 2008666 || 9 || trojan-activity || 0 || ET TROJAN Delf Key Checkin (Clicker.Win32.Delf.afl) || url,doc.emergingthreats.net/2008666 1 || 2008667 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Agent.fvt Checkin || url,doc.emergingthreats.net/2008667 1 || 2008668 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myEvent viewevent.php SQL Injection || bugtraq,31773 || url,www.milw0rm.com/exploits/6760 || url,doc.emergingthreats.net/2008668 1 || 2008669 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AstroSPACES profile.php SQL Injection || bugtraq,31771 || url,www.milw0rm.com/exploits/6758 || url,doc.emergingthreats.net/2008669 1 || 2008672 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My PHP Dating id parameter SQL Injection || url,secunia.com/advisories/32268 || url,www.exploit-db.com/exploits/6754/ || url,doc.emergingthreats.net/2008672 1 || 2008673 || 11 || web-application-attack || 0 || ET ACTIVEX Microsoft PicturePusher ActiveX Cross Site File Upload Attack || url,milw0rm.com/exploits/6699 || url,doc.emergingthreats.net/2008673 1 || 2008674 || 3 || trojan-activity || 0 || ET TROJAN Likely eCard Malware Laden Email Inbound || url,www.sophos.com/blogs/gc/g/2008/10/15/you-have-not-received-an-ecard/ || url,doc.emergingthreats.net/2008674 1 || 2008675 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Start || url,doc.emergingthreats.net/2008675 1 || 2008676 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply || url,doc.emergingthreats.net/2008676 1 || 2008677 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Assasin.20.C Control Channel Client Reply || url,doc.emergingthreats.net/2008677 1 || 2008678 || 9 || web-application-attack || 0 || ET ACTIVEX Hummingbird Deployment Wizard 2008 ActiveX Insecure Methods || url,secunia.com/Advisories/32337/ || url,doc.emergingthreats.net/2008678 1 || 2008679 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CafeEngine id Remote SQL Injection (dish.php) || url,secunia.com/advisories/32308/ || url,milw0rm.com/exploits/6762 || url,doc.emergingthreats.net/2008679 1 || 2008680 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CafeEngine id Remote SQL Injection (menu.php) || url,secunia.com/advisories/32308/ || url,milw0rm.com/exploits/6762 || url,doc.emergingthreats.net/2008680 1 || 2008681 || 6 || trojan-activity || 0 || ET MALWARE iframebiz - /qwertyuiyw12ertyuytre/adv***.php || url,iframecash.biz || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADR.QC&VSect=T || url,doc.emergingthreats.net/bin/view/Main/2008681 1 || 2008682 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Zonebac.D || url,doc.emergingthreats.net/2008682 1 || 2008683 || 9 || web-application-attack || 0 || ET ACTIVEX Dart Communications PowerTCP FTP for ActiveX DartFtp.dll Control Buffer Overflow || bugtraq,31814 || url,www.milw0rm.com/exploits/6793 || url,doc.emergingthreats.net/2008683 1 || 2008684 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Shop Shopping Cart Script search_results.php SQL Injection || bugtraq,30692 || url,doc.emergingthreats.net/2008684 1 || 2008685 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla DS-Syndicate Component feed_id SQL Injection || url,www.secunia.com/advisories/32321 || url,www.exploit-db.com/exploits/6792/ || url,doc.emergingthreats.net/2008685 1 || 2008686 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS zeeproperty adid Parameter Remote SQL Injection || url,secunia.com/Advisories/32333/ || url,milw0rm.com/exploits/6780 || url,doc.emergingthreats.net/2008686 1 || 2008687 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PassWiki site_id Parameter Local File Inclusion || bugtraq,29455 || url,doc.emergingthreats.net/2008687 1 || 2008688 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XOOPS Makale Module id SQL Injection || url,secunia.com/advisories/32347/ || url,www.milw0rm.com/exploits/6795 || url,doc.emergingthreats.net/2008688 1 || 2008689 || 5 || trojan-activity || 0 || ET TROJAN Gimmiv.A.dll Infection || url,www.microsoft.com/security/portal/Entry.aspx?name=TrojanSpy%3aWin32%2fGimmiv.A || url,doc.emergingthreats.net/2008689 1 || 2008690 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (1) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008690 1 || 2008691 || 6 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (2) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008691 1 || 2008692 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (3) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008692 1 || 2008693 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (4) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008693 1 || 2008694 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008694 1 || 2008695 || 5 || attempted-admin || 0 || ET DELETED Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (6) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008695 1 || 2008696 || 6 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (7) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008696 1 || 2008697 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (8) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008697 1 || 2008698 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008698 1 || 2008699 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (10) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008699 1 || 2008700 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008700 1 || 2008701 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008701 1 || 2008702 || 6 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008702 1 || 2008703 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (13) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008703 1 || 2008704 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008704 1 || 2008705 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008705 1 || 2008706 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (16) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008706 1 || 2008707 || 6 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (17) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008707 1 || 2008708 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (18) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008708 1 || 2008709 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (19) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008709 1 || 2008710 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (20) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008710 1 || 2008711 || 5 || attempted-admin || 0 || ET DELETED Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (21) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008711 1 || 2008712 || 6 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008712 1 || 2008713 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008713 1 || 2008714 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (24) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008714 1 || 2008715 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008715 1 || 2008716 || 5 || attempted-admin || 0 || ET DELETED Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (26) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008716 1 || 2008717 || 6 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (27) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008717 1 || 2008718 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (28) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008718 1 || 2008719 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (29) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008719 1 || 2008720 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (30) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008720 1 || 2008721 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008721 1 || 2008722 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Customer contact.php SQL injection || bugtraq,28852 || url,doc.emergingthreats.net/2008722 1 || 2008723 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopMaker product.php id Parameter Remote SQL Injection || url,www.milw0rm.com/exploits/6799 || bugtraq,31854 || url,doc.emergingthreats.net/2008723 1 || 2008724 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bahar Download Script aspkat.asp SQL Injection || bugtraq,31852 || url,doc.emergingthreats.net/2008724 1 || 2008725 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Newsletter Plugin newsletter Parameter SQL Injection || url,milw0rm.com/exploits/6777 || url,secunia.com/advisories/32336 || url,doc.emergingthreats.net/2008725 1 || 2008726 || 3 || trojan-activity || 0 || ET TROJAN Gimmiv Infection Ping Outbound || url,doc.emergingthreats.net/2008726 1 || 2008727 || 3 || trojan-activity || 0 || ET TROJAN Gimmiv Infection Ping Inbound || url,doc.emergingthreats.net/2008727 1 || 2008728 || 6 || trojan-activity || 0 || ET DELETED General Downloader URL - Post Infection || url,doc.emergingthreats.net/2008728 1 || 2008729 || 5 || attempted-recon || 0 || ET SCAN Mini MySqlatOr SQL Injection Scanner || url,www.scrt.ch/pages_en/minimysqlator.html || url,doc.emergingthreats.net/2008729 1 || 2008730 || 3 || trojan-activity || 0 || ET TROJAN Ipbill.com Related Dialer Trojan Checkin || url,doc.emergingthreats.net/2008730 1 || 2008731 || 3 || trojan-activity || 0 || ET TROJAN Ipbill.com Related Dialer Trojan Server Response || url,doc.emergingthreats.net/2008731 1 || 2008732 || 4 || trojan-activity || 0 || ET TROJAN FraudTool.Win32.SysCleaner.a || url,doc.emergingthreats.net/2008732 1 || 2008733 || 2 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Regrun.ro FTP connection detected || url,doc.emergingthreats.net/2008733 1 || 2008734 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Detected (WINS_HTTP_SEND Program/1.0) || url,doc.emergingthreats.net/bin/view/Main/2008734 1 || 2008735 || 8 || trojan-activity || 0 || ET MALWARE Suspicious User Agent (FTP) || url,doc.emergingthreats.net/bin/view/Main/2008735 1 || 2008736 || 5 || bad-unknown || 0 || ET DELETED Borlander Adware Checkin || url,doc.emergingthreats.net/bin/view/Main/2008736 1 || 2008737 || 12 || trojan-activity || 0 || ET TROJAN Conficker/KernelBot/MS08-067 related Trojan Checkin || url,doc.emergingthreats.net/bin/view/Main/2008737 1 || 2008738 || 8 || not-suspicious || 0 || ET TROJAN Suspicious Accept-Language HTTP Header, zh-cn, likely Kernelbot/Conficker Trojan Related || url,doc.emergingthreats.net/bin/view/Main/2008738 1 || 2008739 || 8 || trojan-activity || 0 || ET TROJAN Conficker/MS08-067 Worm Traffic Outbound || url,doc.emergingthreats.net/bin/view/Main/2008739 1 || 2008740 || 6 || trojan-activity || 0 || ET DELETED Ligats/DR.Ilomo Agent Post || url,doc.emergingthreats.net/2008740 1 || 2008742 || 9 || trojan-activity || 0 || ET MALWARE Admoke/Adload.AFB!tr.dldr Checkin || md5,6085f2ff15282611fd82f9429d82912b 1 || 2008743 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (bdsclk) - Possible Admoke Admware || url,doc.emergingthreats.net/bin/view/Main/2008743 1 || 2008744 || 2 || policy-violation || 0 || ET POLICY Possible External FreeGate DNS Query || url,doc.emergingthreats.net/2008744 1 || 2008745 || 2 || policy-violation || 0 || ET POLICY Possible External FreeGate DNS Query || url,doc.emergingthreats.net/2008745 1 || 2008746 || 2 || policy-violation || 0 || ET POLICY Possible External FreeGate DNS Query || url,doc.emergingthreats.net/2008746 1 || 2008747 || 2 || policy-violation || 0 || ET POLICY Possible External FreeGate DNS Query || url,doc.emergingthreats.net/2008747 1 || 2008748 || 3 || policy-violation || 0 || ET POLICY Possible External FreeGate DNS Query || url,doc.emergingthreats.net/2008748 1 || 2008749 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (checkonline) || url,doc.emergingthreats.net/bin/view/Main/2008749 1 || 2008750 || 4 || trojan-activity || 0 || ET DELETED Buzus FTP Log Upload || url,doc.emergingthreats.net/2008750 1 || 2008752 || 3 || trojan-activity || 0 || ET TROJAN AdWare.Win32.Yokbar User-Agent Detected (YOK Agent) || url,doc.emergingthreats.net/2008752 1 || 2008753 || 3 || trojan-activity || 0 || ET TROJAN AdWare.Win32.Yokbar Checkin URL || url,doc.emergingthreats.net/2008753 1 || 2008754 || 6 || trojan-activity || 0 || ET TROJAN Possible Rar'd Malware sent when remote host claims to send an Image || url,doc.emergingthreats.net/bin/view/Main/2008754 1 || 2008755 || 3 || trojan-activity || 0 || ET TROJAN Autorun.qvi Related HTTP Get on Off Port || url,doc.emergingthreats.net/2008755 1 || 2008756 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Kvadrlson 1.0) || url,doc.emergingthreats.net/bin/view/Main/2008756 1 || 2008757 || 5 || trojan-activity || 0 || ET MALWARE Zenosearch Malware Checkin HTTP POST || url,doc.emergingthreats.net/bin/view/Main/2008757 1 || 2008758 || 4 || trojan-activity || 0 || ET TROJAN Mcboo.com/Bundlext.com related Trojan Checkin URL || url,doc.emergingthreats.net/2008758 1 || 2008759 || 7 || trojan-activity || 0 || ET MALWARE Matcash Trojan Related Spyware Code Download || url,doc.emergingthreats.net/bin/view/Main/2008759 1 || 2008760 || 6 || trojan-activity || 0 || ET TROJAN Insidebar.co.kr Related Infection Checkin || url,doc.emergingthreats.net/2008760 1 || 2008765 || 7 || trojan-activity || 0 || ET TROJAN Brontok/Joseray User-Agent Detected (Joseray.A3 Browser) || url,doc.emergingthreats.net/2008765 1 || 2008766 || 5 || trojan-activity || 0 || ET DELETED Generic Downloader Checkin Url Detected || url,doc.emergingthreats.net/2008766 1 || 2008767 || 4 || trojan-activity || 0 || ET TROJAN Kangkio User-Agent (lsosss) || url,doc.emergingthreats.net/2008767 1 || 2008770 || 5 || trojan-activity || 0 || ET P2P Unknown Trojan P2P Data Download || url,www.chinatechnews.com/2008/07/21/7014-baofengcom-shifts-to-internet-video-sector/ || url,doc.emergingthreats.net/2008770 1 || 2008771 || 7 || trojan-activity || 0 || ET P2P Unknown Trojan P2P Download Request || url,www.chinatechnews.com/2008/07/21/7014-baofengcom-shifts-to-internet-video-sector/ || url,doc.emergingthreats.net/2008771 1 || 2008772 || 5 || trojan-activity || 0 || ET P2P Unknown Trojan P2P Request || url,www.chinatechnews.com/2008/07/21/7014-baofengcom-shifts-to-internet-video-sector/ || url,doc.emergingthreats.net/2008772 1 || 2008776 || 3 || web-application-attack || 0 || ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-1 || url,milw0rm.com/exploits/6738 || cve,CVE-2008-4572 || bugtraq,31729 || url,doc.emergingthreats.net/bin/view/Main/2008776 1 || 2008777 || 3 || web-application-attack || 0 || ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-2 || url,milw0rm.com/exploits/6738 || cve,CVE-2008-4572 || bugtraq,31729 || url,doc.emergingthreats.net/bin/view/Main/2008777 1 || 2008779 || 4 || unknown || 0 || ET DELETED Unknown Keepalive out || url,doc.emergingthreats.net/bin/view/Main/2008779 1 || 2008780 || 4 || unknown || 0 || ET DELETED Unknown Keepalive in || url,doc.emergingthreats.net/bin/view/Main/2008780 1 || 2008781 || 6 || trojan-activity || 0 || ET DELETED Set flow on rar file get || url,doc.emergingthreats.net/2008781 1 || 2008782 || 5 || trojan-activity || 0 || ET POLICY Possible Trojan File Download bad rar file header (not a valid rar file) || url,www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162 || url,doc.emergingthreats.net/2008782 1 || 2008783 || 7 || trojan-activity || 0 || ET DELETED Possible Trojan File Download - Rar Requested but not received || url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162 || url,doc.emergingthreats.net/2008783 1 || 2008784 || 6 || trojan-activity || 0 || ET DELETED Lighty Variant or UltimateDefender POST || url,doc.emergingthreats.net/2008784 1 || 2008785 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aj Square RSS Reader url SQL Injection || url,secunia.com/advisories/32413/ || url,milw0rm.com/exploits/6856 || url,doc.emergingthreats.net/2008785 1 || 2008786 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PozScripts Classified Auctions id parameter SQL Injection || url,milw0rm.com/exploits/6839 || url,secunia.com/advisories/32373 || url,doc.emergingthreats.net/2008786 1 || 2008787 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel poll_id parameter SQL Injection || url,milw0rm.com/exploits/6854 || url,secunia.com/advisories/32431 || url,doc.emergingthreats.net/2008787 1 || 2008788 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 BLOG Engine macgurublog.php uid Parameter SQL Injection || bugtraq,29344 || url,milw0rm.com/exploits/6856 || url,doc.emergingthreats.net/2008788 1 || 2008789 || 6 || web-application-attack || 0 || ET ACTIVEX DB Software Laboratory VImpX.ocx ActiveX Control Multiple Insecure Methods || bugtraq,31907 || url,milw0rm.com/exploits/6828 || url,doc.emergingthreats.net/2008789 1 || 2008790 || 5 || web-application-attack || 0 || ET ACTIVEX DjVu DjVu_ActiveX_MSOffice.dll ActiveX Component Heap Buffer Overflow || bugtraq,31987 || url,milw0rm.com/exploits/6878 || url,doc.emergingthreats.net/2008790 1 || 2008791 || 3 || web-application-attack || 0 || ET ACTIVEX Visagesoft eXPert PDF Viewer ActiveX Control Arbitrary File Overwrite || bugtraq,31984 || url,milw0rm.com/exploits/6875 || url,doc.emergingthreats.net/2008791 1 || 2008792 || 48 || web-application-attack || 0 || ET ACTIVEX Microsoft DebugDiag CrashHangExt.dll ActiveX Control Remote Denial of Service || bugtraq,31996 || url,doc.emergingthreats.net/2008792 1 || 2008793 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SFS EZ BIZ PRO track.php id Parameter Remote SQL Injection || url,secunia.com/advisories/32552/ || url,milw0rm.com/exploits/6910 || url,doc.emergingthreats.net/2008793 1 || 2008794 || 3 || misc-activity || 0 || ET POLICY TeamViewer Keep-alive outbound || url,www.teamviewer.com || url,en.wikipedia.org/wiki/TeamViewer || url,doc.emergingthreats.net/2008794 1 || 2008795 || 4 || misc-activity || 0 || ET POLICY TeamViewer Keep-alive inbound || url,www.teamviewer.com || url,en.wikipedia.org/wiki/TeamViewer || url,doc.emergingthreats.net/2008795 1 || 2008797 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (miip) || url,doc.emergingthreats.net/bin/view/Main/2008797 1 || 2008798 || 5 || trojan-activity || 0 || ET MALWARE Zenosearch Malware Checkin HTTP POST (2) || url,doc.emergingthreats.net/bin/view/Main/2008798 1 || 2008802 || 8 || trojan-activity || 0 || ET DELETED Possible Downadup/Conficker-A Worm Activity || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,doc.emergingthreats.net/bin/view/Main/2008802 1 || 2008805 || 3 || trojan-activity || 0 || ET TROJAN DNS Changer.bnm/Downloader.bnm CnC Channel Start || url,doc.emergingthreats.net/2008805 1 || 2008806 || 3 || trojan-activity || 0 || ET TROJAN DNS Changer.bnm/Downloader.bnm CnC Channel Start Response || url,doc.emergingthreats.net/2008806 1 || 2008807 || 4 || trojan-activity || 0 || ET TROJAN DNS Changer.bnm/Downloader.bnm Second CnC Channel Start || url,doc.emergingthreats.net/2008807 1 || 2008808 || 4 || trojan-activity || 0 || ET TROJAN DNS Changer.bnm/Downloader.bnm Second CnC Channel Traffic || url,doc.emergingthreats.net/2008808 1 || 2008809 || 9 || web-application-attack || 0 || ET ACTIVEX MW6 Technologies Barcode ActiveX Barcode.dll Multiple Arbitrary File Overwrite || bugtraq,31979 || url,milw0rm.com/exploits/6871 || url,doc.emergingthreats.net/2008809 1 || 2008810 || 9 || web-application-attack || 0 || ET ACTIVEX MW6 PDF417 MW6PDF417.dll ActiveX Control Multiple Arbitrary File Overwrite || bugtraq,31983 || url,milw0rm.com/exploits/6873 || url,doc.emergingthreats.net/2008810 1 || 2008811 || 9 || web-application-attack || 0 || ET ACTIVEX MW6 DataMatrix DataMatrix.dll ActiveX Control Multiple Arbitrary File Overwrite || bugtraq,31980 || url,milw0rm.com/exploits/6872 || url,doc.emergingthreats.net/2008811 1 || 2008812 || 9 || web-application-attack || 0 || ET ACTIVEX MW6 Aztec ActiveX Aztec.dll ActiveX Control Multiple Arbitrary File Overwrite || bugtraq,31974 || url,milw0rm.com/exploits/6870 || url,doc.emergingthreats.net/2008812 1 || 2008813 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 Plugin lyrics_menu lyrics_song.php l_id Parameter Remote SQL Injection || url,secunia.com/advisories/32477/ || url,milw0rm.com/exploits/6885 || url,doc.emergingthreats.net/2008813 1 || 2008814 || 9 || web-application-attack || 0 || ET ACTIVEX Chilkat Crypt ActiveX Component WriteFile Insecure Method || url,secunia.com/Advisories/32513/ || url,milw0rm.com/exploits/6963 || url,doc.emergingthreats.net/2008814 1 || 2008815 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SFS EZ Hotscripts-like Site showcategory.php cid Parameter SQL Injection || url,secunia.com/advisories/32536/ || url,milw0rm.com/exploits/6903 || url,doc.emergingthreats.net/2008815 1 || 2008816 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SFS EZ Hotscripts-like Site software-description.php id Parameter SQL Injection || url,secunia.com/advisories/32536/ || url,milw0rm.com/exploits/6915 || url,doc.emergingthreats.net/2008816 1 || 2008817 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YourFreeWorld Autoresponder hosting tr.php id Parameter SQL Injection || url,secunia.com/advisories/32504/ || url,milw0rm.com/exploits/6938 || url,doc.emergingthreats.net/2008817 1 || 2008818 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YourFreeWorld Reminder Service tr.php id Parameter SQL Injection || url,secunia.com/advisories/32504/ || url,milw0rm.com/exploits/6943 || url,doc.emergingthreats.net/2008818 1 || 2008819 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YourFreeWorld Classifieds Blaster tr.php id Parameter SQL Injection || url,secunia.com/advisories/32504/ || url,milw0rm.com/exploits/6944 || url,doc.emergingthreats.net/2008819 1 || 2008821 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tours Manager cityview.php cityid Parameter SQL Injection || url,secunia.com/advisories/32503/ || url,milw0rm.com/exploits/6988 || url,doc.emergingthreats.net/2008821 1 || 2008822 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Pro Desk Component include_file Local File Inclusion || url,secunia.com/advisories/32523/ || url,www.exploit-db.com/exploits/6980/ || url,doc.emergingthreats.net/2008822 1 || 2008823 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pre Podcast Portal tour.php id SQL Injection || url,secunia.com/advisories/32563/ || url,milw0rm.com/exploits/6997 || url,doc.emergingthreats.net/2008823 1 || 2008824 || 4 || web-application-attack || 0 || ET DELETED Way Of The Warrior visualizza.php plancia Parameter Local File Inclusion || url,secunia.com/advisories/32515/ || url,milw0rm.com/exploits/6992 || url,doc.emergingthreats.net/2008824 1 || 2008825 || 3 || web-application-attack || 0 || ET DELETED Way Of The Warrior crea.php plancia Parameter Local File Inclusion || url,secunia.com/advisories/32515/ || url,milw0rm.com/exploits/6992 || url,doc.emergingthreats.net/2008825 1 || 2008826 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Way Of The Warrior crea.php plancia Remote File Inclusion || url,secunia.com/advisories/32515/ || url,milw0rm.com/exploits/6992 || url,doc.emergingthreats.net/2008826 1 || 2008827 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TurnkeyForms Business Survey Pro id parameter SQL Injection || url,secunia.com/advisories/32561/ || url,milw0rm.com/exploits/7029 || url,doc.emergingthreats.net/2008827 1 || 2008828 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turnkeyforms Software Directory showcategory.php cid parameter SQL Injection || url,secunia.com/advisories/32568/ || url,milw0rm.com/exploits/7027 || url,doc.emergingthreats.net/2008828 1 || 2008829 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TurnkeyForms Local Classifieds listtest.php r parameter SQL Injection || url,secunia.com/advisories/32591/ || url,milw0rm.com/exploits/7035 || url,doc.emergingthreats.net/2008829 1 || 2008830 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DevelopItEasy Photo Gallery cat_id paramter SQL Injection || url,secunia.com/advisories/32593/ || url,milw0rm.com/exploits/7016 || url,doc.emergingthreats.net/2008830 1 || 2008831 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DevelopItEasy Photo Gallery photo_id paramter SQL Injection || url,secunia.com/advisories/32593/ || url,milw0rm.com/exploits/7016 || url,doc.emergingthreats.net/2008831 1 || 2008832 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast path parameter Local File Inclusion || url,secunia.com/advisories/32628/ || url,bugreport.ir/index_57.htm || url,doc.emergingthreats.net/2008832 1 || 2008833 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast path parameter Remote File Inclusion || url,secunia.com/advisories/32628/ || url,bugreport.ir/index_57.htm || url,doc.emergingthreats.net/2008833 1 || 2008834 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DevelopItEasy News And Article aid parameter SQL Injection || url,milw0rm.com/exploits/7014 || url,secunia.com/Advisories/32595/ || url,doc.emergingthreats.net/2008834 1 || 2008835 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyioSoft EasyBookMarker Parent parameter SQL Injection || url,secunia.com/advisories/32636/ || url,www.exploit-db.com/exploits/7053/ || url,doc.emergingthreats.net/2008835 1 || 2008837 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Maran PHP Shop id Parameter Remote SQL Injection || bugtraq,32043 || url,frsirt.com/english/advisories/2008/2976 || url,doc.emergingthreats.net/2008837 1 || 2008838 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DeltaScripts PHP Classifieds siteid parameter Remote SQL Injection || url,frsirt.com/english/advisories/2008/3079 || bugtraq,32191 || url,doc.emergingthreats.net/2008838 1 || 2008839 || 7 || trojan-activity || 0 || ET MALWARE AdWare.Win32.MWGuide checkin || url,doc.emergingthreats.net/2008839 1 || 2008840 || 6 || trojan-activity || 0 || ET MALWARE AdWare.Win32.MWGuide keepalive || url,doc.emergingthreats.net/2008840 1 || 2008841 || 5 || trojan-activity || 0 || ET TROJAN Trojan-PWS.Win32.Small.gs Passwords leak over FTP || url,doc.emergingthreats.net/2008841 1 || 2008842 || 4 || policy-violation || 0 || ET POLICY Possible HTTP-TUNNEL to External Proxy for Anonymous Access || url,doc.emergingthreats.net/2008842 1 || 2008843 || 4 || policy-violation || 0 || ET POLICY Possible HTTP-TUNNEL to External Proxy for Anonymous Access (server download) || url,doc.emergingthreats.net/2008843 1 || 2008846 || 4 || trojan-activity || 0 || ET DELETED Worm.Win32.Evolmi Checkin || url,doc.emergingthreats.net/2008846 1 || 2008847 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Mozil1a) || url,doc.emergingthreats.net/bin/view/Main/2008847 1 || 2008848 || 7 || trojan-activity || 0 || ET DELETED Worm.Win32.Koobface.C User-Agent || url,doc.emergingthreats.net/2008848 1 || 2008849 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms add3rdparty.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008849 1 || 2008850 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addpolling.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008850 1 || 2008851 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addcontact.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008851 1 || 2008852 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addbrandnews.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008852 1 || 2008853 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addnewsletter.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008853 1 || 2008854 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addgame.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008854 1 || 2008855 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addtour.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008855 1 || 2008856 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addarticles.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008856 1 || 2008857 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addproduct.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008857 1 || 2008858 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addplain.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008858 1 || 2008859 || 5 || trojan-activity || 0 || ET TROJAN Downloader Win32.Small.agoy Checkin || url,www.threatexpert.com/report.aspx?md5=e491d25d82f4928138a0d8b3a6365c39 || url,www.threatexpert.com/reports.aspx?find=%2Fjutr%2F || url,doc.emergingthreats.net/2008859 1 || 2008860 || 3 || misc-activity || 0 || ET TELNET External Telnet Attempt To Cisco Device With No Telnet Password Set (Automatically Dissalowed Until Password Set) || url,articles.techrepublic.com.com/5100-10878_11-5875046.html || url,doc.emergingthreats.net/bin/view/Main/2008860 1 || 2008861 || 4 || misc-activity || 0 || ET TELNET External Telnet Login To Cisco Device || url,articles.techrepublic.com.com/5100-10878_11-5875046.html || url,doc.emergingthreats.net/bin/view/Main/2008861 1 || 2008862 || 3 || misc-activity || 0 || ET POLICY External Access to Cisco Aironet AP Over HTTP (Post Authentication) || url,supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_HTTPS_on_the_AP || url,doc.emergingthreats.net/bin/view/Main/2008862 1 || 2008863 || 4 || trojan-activity || 0 || ET TROJAN Virtumonde Variant Reporting to Controller via HTTP (3) || url,www.threatexpert.com/reports.aspx?find=apstpldr.dll.html || url,doc.emergingthreats.net/2008863 1 || 2008864 || 7 || trojan-activity || 0 || ET TROJAN Koobface Trojan HTTP Post Checkin || url,doc.emergingthreats.net/2008864 1 || 2008865 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PozScripts Business Directory Script cid parameter SQL Injection || url,frsirt.com/english/advisories/2008/3118 || url,milw0rm.com/exploits/7098 || url,doc.emergingthreats.net/2008865 1 || 2008866 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClipShare Pro channel_detail.php chid Parameter SQL Injection || bugtraq,32311 || url,milw0rm.com/exploits/7128 || url,doc.emergingthreats.net/2008866 1 || 2008867 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SlimCMS edit.php pageid Parameter SQL Injection || bugtraq,32300 || url,doc.emergingthreats.net/2008867 1 || 2008869 || 7 || web-application-attack || 0 || ET ACTIVEX VeryDOC PDF Viewer ActiveX Control OpenPDF Buffer Overflow || bugtraq,32313 || url,milw0rm.com/exploits/7126 || url,doc.emergingthreats.net/2008869 1 || 2008870 || 10 || web-application-attack || 0 || ET ACTIVEX Chilkat Socket ACTIVEX Remote Arbitrary File Creation || bugtraq,32333 || url,milw0rm.com/exploits/7142 || url,doc.emergingthreats.net/2008870 1 || 2008871 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpFan init.php Remote File Inclusion || bugtraq,32335 || url,milw0rm.com/exploits/7143 || url,doc.emergingthreats.net/2008871 1 || 2008872 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultrastats serverid parameter SQL Injection || bugtraq,32340 || url,milw0rm.com/exploits/7148 || url,doc.emergingthreats.net/2008872 1 || 2008873 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPStore Wholesales id Parameter SQL Injection || url,secunia.com/advisories/32741/ || url,packetstorm.linuxsecurity.com/0811-exploits/wholesale-sql.txt || url,doc.emergingthreats.net/2008873 1 || 2008874 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPStore Yahoo Answers id parameter SQL Injection || url,secunia.com/advisories/32717/ || url,milw0rm.com/exploits/7131 || url,doc.emergingthreats.net/2008874 1 || 2008875 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vlog System note parameter SQL Injection || url,secunia.com/advisories/32784/ || url,www.milw0rm.com/exploits/7186 || url,doc.emergingthreats.net/2008875 1 || 2008878 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Free Directory Script 1.1.1 API_HOME_DIR Local File Inclusion || url,secunia.com/advisories/32745/ || url,milw0rm.com/exploits/7155 || url,doc.emergingthreats.net/2008878 1 || 2008879 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Free Directory Script 1.1.1 API_HOME_DIR parameter Remote File Inclusion || url,secunia.com/advisories/32745/ || url,milw0rm.com/exploits/7155 || url,doc.emergingthreats.net/2008879 1 || 2008880 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PunBB Functions_navlinks.php pun_user language Parameter Local File Inclusion || bugtraq,32360 || url,milw0rm.com/exploits/7159 || url,doc.emergingthreats.net/2008880 1 || 2008881 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PunBB profile_send.php pun_user language Parameter Local File Inclusion || bugtraq,32360 || url,milw0rm.com/exploits/7159 || url,doc.emergingthreats.net/2008881 1 || 2008882 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PunBB viewtopic_PM-link.php pun_user language Parameter Local File Inclusion || bugtraq,32360 || url,milw0rm.com/exploits/7159 || url,doc.emergingthreats.net/2008882 1 || 2008883 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easyedit CMS page.php intpageID parameter sql injection || url,secunia.com/advisories/32822/ || url,packetstormsecurity.org/0811-exploits/easyeditcms-sql.txt || url,doc.emergingthreats.net/2008883 1 || 2008884 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easyedit CMS subcategory.php intSubCategoryID parameter sql injection || url,secunia.com/advisories/32822/ || url,packetstormsecurity.org/0811-exploits/easyeditcms-sql.txt || url,doc.emergingthreats.net/2008884 1 || 2008885 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easyedit CMS news.php intPageID parameter sql injection || url,secunia.com/advisories/32822/ || url,packetstormsecurity.org/0811-exploits/easyeditcms-sql.txt || url,doc.emergingthreats.net/2008885 1 || 2008886 || 6 || web-application-attack || 0 || ET DELETED Microsoft XML Core Services DTD Cross Domain Information Disclosure object || bugtraq,32155 || url,milw0rm.com/exploits/7196 || url,doc.emergingthreats.net/2008886 1 || 2008887 || 7 || web-application-attack || 0 || ET ACTIVEX Microsoft XML Core Services DTD Cross Domain Information Disclosure clsid || bugtraq,32155 || url,milw0rm.com/exploits/7196 || url,doc.emergingthreats.net/2008887 1 || 2008888 || 5 || trojan-activity || 0 || ET DELETED Gh0st Remote Access Trojan Client Connect || url,doc.emergingthreats.net/2008888 1 || 2008889 || 5 || trojan-activity || 0 || ET DELETED Gh0st Remote Access Trojan Server Response || url,www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081211 || url,doc.emergingthreats.net/2008889 1 || 2008891 || 7 || trojan-activity || 0 || ET TROJAN MEREDROP/micr0s0fts.cn Related Checkin || url,doc.emergingthreats.net/2008891 1 || 2008892 || 7 || trojan-activity || 0 || ET MALWARE Smileware Connection Spyware Related User-Agent (Smileware Connection) || url,doc.emergingthreats.net/2008892 1 || 2008893 || 9 || trojan-activity || 0 || ET TROJAN Perfect Keylogger Install Email Report || url,doc.emergingthreats.net/2008893 1 || 2008894 || 7 || trojan-activity || 0 || ET MALWARE Popupblockade.com Spyware Related User-Agent (PopupBlockade/1.63.0.2/Reg) || url,doc.emergingthreats.net/2008894 1 || 2008895 || 6 || web-application-attack || 0 || ET ACTIVEX Visagesoft eXPert PDF EditorX ActiveX Control Arbitrary File Overwrite || bugtraq,32664 || url,milw0rm.com/exploits/7358 || url,doc.emergingthreats.net/2008895 1 || 2008896 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bandwebsite lyrics.php id parameter Sql Injection || url,www.milw0rm.com/exploits/7215 || bugtraq,32454 || url,doc.emergingthreats.net/2008896 1 || 2008897 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MODx CMS snippet.reflect.php reflect_base Remote File Inclusion || url,www.exploit-db.com/exploits/7204/ || url,secunia.com/advisories/32824/ || url,doc.emergingthreats.net/2008897 1 || 2008898 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MODx CMS snippet.reflect.php reflect_base Local File Inclusion || url,www.exploit-db.com/exploits/7204/ || url,secunia.com/advisories/32824/ || url,doc.emergingthreats.net/2008898 1 || 2008899 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pie RSS module lib parameter remote file inclusion || bugtraq,32465 || url,milw0rm.com/exploits/7225 || url,doc.emergingthreats.net/2008899 1 || 2008900 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ModernBill export_batch.inc.php DIR Parameter Remote File Inclusion || url,secunia.com/advisories/32529/ || url,milw0rm.com/exploits/6916 || url,doc.emergingthreats.net/2008900 1 || 2008901 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ModernBill run_auto_suspend.cron.php DIR Parameter Remote File Inclusion || url,secunia.com/advisories/32529/ || url,milw0rm.com/exploits/6916 || url,doc.emergingthreats.net/2008901 1 || 2008902 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ModernBill send_email_cache.php DIR Parameter Remote File Inclusion || url,secunia.com/advisories/32529/ || url,milw0rm.com/exploits/6916 || url,doc.emergingthreats.net/2008902 1 || 2008903 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ModernBill 2checkout_return.inc.php DIR Parameter Remote File Inclusion || url,secunia.com/advisories/32529/ || url,milw0rm.com/exploits/6916 || url,doc.emergingthreats.net/2008903 1 || 2008904 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ModernBill nettools.popup.php DIR Parameter Remote File Inclusion || url,secunia.com/advisories/32529/ || url,milw0rm.com/exploits/6916 || url,doc.emergingthreats.net/2008904 1 || 2008905 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Delf-5496 Checkin Error || url,doc.emergingthreats.net/2008905 1 || 2008906 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Delf-5496 Egg Request || url,doc.emergingthreats.net/2008906 1 || 2008907 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Delf-5496 File Manager Access Report || url,doc.emergingthreats.net/2008907 1 || 2008908 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Delf-5496 New Infection Report || url,doc.emergingthreats.net/2008908 1 || 2008909 || 2 || attempted-user || 0 || ET SQL MSSQL sp_replwritetovarbin - potential memory overwrite case 1 || url,archives.neohapsis.com/archives/fulldisclosure/2008-12/0239.html || url,doc.emergingthreats.net/bin/view/Main/2008909 1 || 2008910 || 2 || attempted-user || 0 || ET DELETED MSSQL sp_replwritetovarbin - potential memory overwrite case 2 || url,archives.neohapsis.com/archives/fulldisclosure/2008-12/0239.html || url,doc.emergingthreats.net/bin/view/Main/2008910 1 || 2008911 || 3 || trojan-activity || 0 || ET TROJAN Spyguarder.com Fake AV Install Report || url,doc.emergingthreats.net/2008911 1 || 2008912 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Errordigger.com related) || url,doc.emergingthreats.net/bin/view/Main/2008912 1 || 2008913 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Trojan.Hijack.IrcBot.457 related) || url,doc.emergingthreats.net/bin/view/Main/2008913 1 || 2008914 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (xr - Worm.Win32.VB.cj related) || url,doc.emergingthreats.net/bin/view/Main/2008914 1 || 2008915 || 5 || trojan-activity || 0 || ET MALWARE MySideSearch.com Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2008915 1 || 2008916 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Yandesk) || url,doc.emergingthreats.net/bin/view/Main/2008916 1 || 2008917 || 4 || trojan-activity || 0 || ET MALWARE Hotbar.com Related Spyware Install Report || url,doc.emergingthreats.net/bin/view/Main/2008917 1 || 2008918 || 5 || trojan-activity || 0 || ET MALWARE Hotbar.com Related Spyware Activity Report || url,doc.emergingthreats.net/bin/view/Main/2008918 1 || 2008919 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent pricers.info related (section) || url,doc.emergingthreats.net/bin/view/Main/2008919 1 || 2008920 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32/PcClient.ZL Checkin || url,doc.emergingthreats.net/2008920 1 || 2008921 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nitrotech members.php id Parameter SQL Injection || bugtraq,32458 || url,doc.emergingthreats.net/2008921 1 || 2008922 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nitrotech common.php root Parameter Remote File Inclusion || url,xforce.iss.net/xforce/xfdb/29904 || url,milw0rm.com/exploits/7218 || url,doc.emergingthreats.net/2008922 1 || 2008923 || 3 || web-application-attack || 0 || ET DELETED TxtBlog index.php m Parameter Local File Inclusion || bugtraq,32498 || url,milw0rm.com/exploits/7241 || url,doc.emergingthreats.net/2008923 1 || 2008924 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rakhi Software Price Comparison Script product.php subcategory_id SQL Injection || bugtraq,32504 || url,milw0rm.com/exploits/7250 || url,doc.emergingthreats.net/2008924 1 || 2008925 || 8 || web-application-attack || 0 || ET ACTIVEX Microsoft Windows Media Services nskey.dll ActiveX Control Possible Remote Buffer Overflow || bugtraq,30814 || cve,2008-5232 || url,doc.emergingthreats.net/2008925 1 || 2008926 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Venalsur Booking Centre HotelID Parameter SQL Injection || url,www.milw0rm.com/exploits/7253 || bugtraq,32512 || url,doc.emergingthreats.net/2008926 1 || 2008927 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lito Lite CMS cate.php cid parameter Remote SQL Injection || url,www.exploit-db.com/exploits/7294/ || url,secunia.com/advisories/32910/ || url,doc.emergingthreats.net/2008927 1 || 2008928 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS z1exchange edit.php site parameter SQL injection || bugtraq,32556 || url,milw0rm.com/exploits/7311 || url,doc.emergingthreats.net/2008928 1 || 2008929 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bcoos adresses module viewcat.php cid Parameter SQL injection || url,secunia.com/Advisories/32870/ || url,milw0rm.com/exploits/7317 || url,doc.emergingthreats.net/2008929 1 || 2008930 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ParsBlogger blog.asp wr parameter Remote SQL Injection || url,milw0rm.com/exploits/7239 || bugtraq,32488 || url,doc.emergingthreats.net/2008930 1 || 2008931 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Experts answer.php question_id parameter SQL Injection || cve,2008-5267 || url,milw0rm.com/exploits/5776 || bugtraq,29642 || url,doc.emergingthreats.net/2008931 1 || 2008932 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SunByte e-Flower popupproduct.php id Parameter SQL Injection || url,www.milw0rm.com/exploits/7323 || bugtraq,32589 || url,doc.emergingthreats.net/2008932 1 || 2008933 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Check New findoffice.php search parameter Remote SQL Injection || url,www.milw0rm.com/exploits/7328 || bugtraq,32590 || url,doc.emergingthreats.net/2008933 1 || 2008934 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turnkey Arcade Script id parameter SQL injection || url,secunia.com/advisories/32890/ || url,milw0rm.com/exploits/7256 || url,doc.emergingthreats.net/2008934 1 || 2008935 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Werner Hilversum FAQ Manager header.php config_path parameter Remote File Inclusion || bugtraq,32472 || url,milw0rm.com/exploits/7229 || url,doc.emergingthreats.net/2008935 1 || 2008936 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPApps.com Template Creature media_level.asp mcatid parameter SQL Injection || url,www.milw0rm.com/exploits/7339 || bugtraq,32641 || url,doc.emergingthreats.net/2008936 1 || 2008937 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gravity-gtd rpc.php objectname parameter Local File Inclusion || url,www.milw0rm.com/exploits/7344 || url,secunia.com/advisories/32982/ || url,doc.emergingthreats.net/2008937 1 || 2008938 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Multi SEO phpBB pfad parameter local file inclusion || url,secunia.com/advisories/32986/ || url,milw0rm.com/exploits/7335 || url,doc.emergingthreats.net/2008938 1 || 2008939 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wbstreet show.php id parameter Remote SQL Injection || url,www.milw0rm.com/exploits/7337 || bugtraq,32635 || url,doc.emergingthreats.net/2008939 1 || 2008940 || 6 || trojan-activity || 0 || ET TROJAN DNSChanger.AT or related Infection Checkin Post || url,doc.emergingthreats.net/2008940 1 || 2008941 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (HELLO) || url,doc.emergingthreats.net/bin/view/Main/2008941 1 || 2008942 || 7 || attempted-admin || 0 || ET POLICY Dlink Soho Router Config Page Access Attempt || url,doc.emergingthreats.net/2008942 1 || 2008943 || 7 || trojan-activity || 0 || ET TROJAN Lop_com or variant Checkin (9kgen_up) || url,www.threatexpert.com/reports.aspx?find=9kgen_up.int || url,doc.emergingthreats.net/2008943 1 || 2008944 || 4 || trojan-activity || 0 || ET TROJAN TDSServ or Tidserv variant Checkin || url,www.threatexpert.com/reports.aspx?find=%2Fcrcmds%2Fmain || url,doc.emergingthreats.net/2008944 1 || 2008945 || 6 || trojan-activity || 0 || ET TROJAN dlink router access attempt || url,doc.emergingthreats.net/2008945 1 || 2008946 || 4 || trojan-activity || 0 || ET TROJAN UpackbyDwing binary in HTTP Download Possibly Hostile || url,www.packetninjas.net || url,doc.emergingthreats.net/2008946 1 || 2008947 || 5 || trojan-activity || 0 || ET TROJAN UpackbyDwing binary in HTTP (2) Possibly Hostile || url,www.packetninjas.net || url,doc.emergingthreats.net/2008947 1 || 2008949 || 5 || trojan-activity || 0 || ET TROJAN Win32.Small.yml or Related HTTP Checkin || url,doc.emergingthreats.net/2008949 1 || 2008950 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Small.yml client registration || url,doc.emergingthreats.net/2008950 1 || 2008951 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Small.yml client command || url,doc.emergingthreats.net/2008951 1 || 2008952 || 4 || trojan-activity || 0 || ET TROJAN Win32.Small.yml or Related HTTP Command || url,doc.emergingthreats.net/2008952 1 || 2008953 || 9 || successful-admin || 0 || ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system || url,doc.emergingthreats.net/bin/view/Main/2008953 1 || 2008954 || 6 || trojan-activity || 0 || ET DELETED Mac User-Agent Typo Likely Hostile/Trojan Infection || url,doc.emergingthreats.net/2008954 1 || 2008955 || 7 || trojan-activity || 0 || ET TROJAN Mac User-Agent Typo INBOUND Likely Hostile || url,doc.emergingthreats.net/2008955 1 || 2008956 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (IE/1.0) || url,doc.emergingthreats.net/bin/view/Main/2008956 1 || 2008958 || 5 || trojan-activity || 0 || ET TROJAN Waledac Beacon Traffic Detected || url,www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081231 || url,doc.emergingthreats.net/2008958 1 || 2008961 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPmyGallery lang parameter Local File Inclusion || url,milw0rm.com/exploits/7392 || bugtraq,32705 || url,doc.emergingthreats.net/2008961 1 || 2008962 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPmyGallery confdir parameter Remote File Inclusion || url,milw0rm.com/exploits/7392 || bugtraq,32705 || url,doc.emergingthreats.net/2008962 1 || 2008963 || 9 || web-application-attack || 0 || ET ACTIVEX EasyMail Objects emmailstore.dll ActiveX Control Remote Buffer Overflow || bugtraq,32722 || url,milw0rm.com/exploits/7402 || url,doc.emergingthreats.net/2008963 1 || 2008964 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS lcxBBportal Alpha portal_block.php phpbb_root_path parameter Remote File Inclusion || url,milw0rm.com/exploits/7341 || bugtraq,32647 || url,doc.emergingthreats.net/2008964 1 || 2008965 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS lcxBBportal Alpha acp_lcxbbportal.php phpbb_root_path parameter Remote File Inclusion || url,milw0rm.com/exploits/7341 || bugtraq,32647 || url,doc.emergingthreats.net/2008965 1 || 2008966 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ccTiddly index.php cct_base parameter Remote File Inclusion || url,www.milw0rm.com/exploits/7336 || url,secunia.com/Advisories/32995/ || url,doc.emergingthreats.net/2008966 1 || 2008967 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ccTiddly proxy.php cct_base parameter Remote File Inclusion || url,www.milw0rm.com/exploits/7336 || url,secunia.com/Advisories/32995/ || url,doc.emergingthreats.net/2008967 1 || 2008968 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ccTiddly header.php cct_base parameter Remote File Inclusion || url,www.milw0rm.com/exploits/7336 || url,secunia.com/Advisories/32995/ || url,doc.emergingthreats.net/2008968 1 || 2008969 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ccTiddly include.php cct_base parameter Remote File Inclusion || url,www.milw0rm.com/exploits/7336 || url,secunia.com/Advisories/32995/ || url,doc.emergingthreats.net/2008969 1 || 2008970 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ccTiddly workspace.php cct_base parameter Remote File Inclusion || url,www.milw0rm.com/exploits/7336 || url,secunia.com/Advisories/32995/ || url,doc.emergingthreats.net/2008970 1 || 2008972 || 4 || trojan-activity || 0 || ET TROJAN Pointfree.co.kr Trojan/Spyware Infection Checkin || url,doc.emergingthreats.net/2008972 1 || 2008973 || 5 || trojan-activity || 0 || ET TROJAN onmuz.com Infection Activity || url,doc.emergingthreats.net/2008973 1 || 2008974 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Mozilla/4.0 (compatible)) || url,doc.emergingthreats.net/bin/view/Main/2008974 1 || 2008975 || 12 || trojan-activity || 0 || ET TROJAN Suspicious Malformed Double Accept Header || url,doc.emergingthreats.net/2008975 1 || 2008976 || 5 || trojan-activity || 0 || ET TROJAN Vundo Variant reporting to Controller via HTTP (1) || url,doc.emergingthreats.net/2008976 1 || 2008977 || 5 || trojan-activity || 0 || ET TROJAN Vundo Variant reporting to Controller via HTTP (2) || url,doc.emergingthreats.net/2008977 1 || 2008983 || 6 || trojan-activity || 0 || ET USER_AGENTS Suspicious User Agent (BlackSun) || url,www.bitdefender.com/VIRUS-1000328-en--Trojan.Pws.Wow.NCY.html || url,doc.emergingthreats.net/bin/view/Main/2008983 1 || 2008984 || 6 || trojan-activity || 0 || ET TROJAN Trojan-GameThief.Win32.OnLineGames infection report || url,doc.emergingthreats.net/2008984 1 || 2008985 || 3 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via whatismyip.com Automation Page - Possible Infection || url,doc.emergingthreats.net/2008985 1 || 2008986 || 5 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via whatismyip.com - Possible Infection 1 || 2008987 || 4 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via showip.net - Possible Infection || url,doc.emergingthreats.net/2008987 1 || 2008988 || 4 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via cmyip.com - Possible Infection || url,doc.emergingthreats.net/2008988 1 || 2008989 || 4 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via showmyip.com - Possible Infection || url,doc.emergingthreats.net/2008989 1 || 2008992 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpAddEdit editform parameter Local File Inclusion || url,milw0rm.com/exploits/7417 || bugtraq,32774 || url,doc.emergingthreats.net/2008992 1 || 2008993 || 8 || web-application-attack || 0 || ET ACTIVEX Microsoft Visual Basic Common AVI ActiveX Control File Parsing Buffer Overflow || url,www.milw0rm.com/exploits/7431 || bugtraq,32613 || url,doc.emergingthreats.net/2008993 1 || 2008994 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Multiple Membership Script id parameter SQL injection || url,secunia.com/advisories/33019/ || url,milw0rm.com/exploits/7346 || url,doc.emergingthreats.net/2008994 1 || 2008995 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CF_Calendar calid parameter SQL Injection || url,secunia.com/advisories/33074/ || url,milw0rm.com/exploits/7413 || url,doc.emergingthreats.net/2008995 1 || 2008996 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Text-File Login script slogin_path parameter remote file inclusion || bugtraq,32811 || url,milw0rm.com/exploits/7444 || url,doc.emergingthreats.net/2008996 1 || 2008997 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS icash Click&BaneX user_menu.asp ID parameter SQL Injection || url,milw0rm.com/exploits/7484 || bugtraq,32856 || url,doc.emergingthreats.net/2008997 1 || 2008998 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EvimGibi Pro Resim Galerisi kat_id parameter SQL Injection || url,secunia.com/advisories/33199/ || url,packetstorm.linuxsecurity.com/0812-exploits/evimgibi-sql.txt || url,doc.emergingthreats.net/2008998 1 || 2008999 || 8 || web-application-attack || 0 || ET ACTIVEX EvansFTP EvansFTP.ocx Remote Buffer Overflow || bugtraq,32814 || url,www.milw0rm.com/exploits/7460 || url,doc.emergingthreats.net/2008999 1 || 2009000 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RSS Simple News news.php pid parameter Remote SQL Injection || url,www.milw0rm.com/exploits/7541 || bugtraq,32962 || url,doc.emergingthreats.net/2009000 1 || 2009001 || 4 || policy-violation || 0 || ET POLICY Login Credentials Possibly Passed in URI || url,doc.emergingthreats.net/2009001 1 || 2009002 || 8 || web-application-attack || 0 || ET ACTIVEX Phoenician Casino FlashAX ActiveX Control Remote Buffer Overflow || bugtraq,32901 || url,www.milw0rm.com/exploits/7505 || url,doc.emergingthreats.net/2009002 1 || 2009003 || 7 || trojan-activity || 0 || ET TROJAN Win32/Korklic.A || url,doc.emergingthreats.net/2009003 1 || 2009004 || 4 || policy-violation || 0 || ET POLICY Login Credentials Possibly Passed in POST Data || url,doc.emergingthreats.net/2009004 1 || 2009005 || 10 || policy-violation || 0 || ET MALWARE Simbar Spyware User-Agent Detected || url,research.sunbelt-software.com/threatdisplay.aspx?name=AdWare.Win32.Simbar.a&threatid=427805 || url,vil.nai.com/vil/content/v_131206.htm || url,doc.emergingthreats.net/bin/view/Main/2009005 1 || 2009009 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClaSS export.php ftype parameter Information Disclosure || url,secunia.com/advisories/33222 || bugtraq,32929 || url,doc.emergingthreats.net/2009009 1 || 2009010 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Plugin Page Flip Image Gallery getConfig.php book_id parameter Remote File Disclosure || url,www.milw0rm.com/exploits/7543 || bugtraq,32966 || url,doc.emergingthreats.net/2009010 1 || 2009011 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rematic CMS referenzdetail.php id parameter SQL Injection || url,secunia.com/advisories/33208/ || url,milw0rm.com/exploits/7502 || url,doc.emergingthreats.net/2009011 1 || 2009012 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rematic CMS produkte.php id parameter SQL Injection || url,secunia.com/advisories/33208/ || url,milw0rm.com/exploits/7502 || url,doc.emergingthreats.net/2009012 1 || 2009013 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebPhotoPro art.php idm Parameter SQL Injection || bugtraq,32829 || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || url,doc.emergingthreats.net/2009013 1 || 2009014 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebPhotoPro rub.php idr Parameter SQL Injection || bugtraq,32829 || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || url,doc.emergingthreats.net/2009014 1 || 2009015 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebPhotoPro galeri_info.php ida Parameter SQL Injection || bugtraq,32829 || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || url,doc.emergingthreats.net/2009015 1 || 2009016 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebPhotoPro galeri_info.php lang Parameter SQL Injection || bugtraq,32829 || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || url,doc.emergingthreats.net/2009016 1 || 2009017 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebPhotoPro rubrika.php idr Parameter SQL Injection || bugtraq,32829 || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || url,doc.emergingthreats.net/2009017 1 || 2009018 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Text Lines Rearrange Script filename parameter File Disclosure || url,securityfocus.com/bid/32968 || url,milw0rm.com/exploits/7542 || url,doc.emergingthreats.net/2009018 1 || 2009019 || 2 || trojan-activity || 0 || ET TROJAN VMProtect Demo version Packed Binary - Likely Hostile || url,www.vmprotect.ru || url,www.packetninjas.net || url,doc.emergingthreats.net/2009019 1 || 2009020 || 3 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via ipchicken.com - Possible Infection || url,doc.emergingthreats.net/2009020 1 || 2009021 || 9 || trojan-activity || 0 || ET MALWARE User-Agent (IE_6.0) || url,doc.emergingthreats.net/bin/view/Main/2009021 1 || 2009022 || 6 || trojan-activity || 0 || ET TROJAN Zlob User Agent (securityinternet) || url,www.bitdefender.com/VIRUS-1000328-en--Trojan.Pws.Wow.NCY.html || url,doc.emergingthreats.net/2009022 1 || 2009024 || 13 || trojan-activity || 0 || ET TROJAN Downadup/Conficker A or B Worm reporting || url,www.f-secure.com/weblog/archives/00001584.html || url,doc.emergingthreats.net/bin/view/Main/2009024 1 || 2009025 || 3 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic Checkin variant 2 || url,doc.emergingthreats.net/2009025 1 || 2009026 || 3 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Status OK (variant 2) || url,doc.emergingthreats.net/2009026 1 || 2009027 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (FileDownloader) || url,doc.emergingthreats.net/bin/view/Main/2009027 1 || 2009028 || 9 || attempted-admin || 0 || ET MALWARE 404 Response with an EXE Attached - Likely Malware Drop || url,doc.emergingthreats.net/bin/view/Main/2009028 1 || 2009029 || 6 || web-application-attack || 0 || ET WEB_SERVER SQL Injection Attempt (Agent NV32ts) || url,doc.emergingthreats.net/2009029 1 || 2009032 || 9 || trojan-activity || 0 || ET DELETED Armitage Exploit Request || url,doc.emergingthreats.net/2009032 1 || 2009033 || 7 || policy-violation || 0 || ET POLICY Suspicious Executable (Win exe under 128) || url,doc.emergingthreats.net/2009033 1 || 2009034 || 7 || policy-violation || 0 || ET POLICY Suspicious Executable (PE offset 160) || url,doc.emergingthreats.net/2009034 1 || 2009035 || 7 || policy-violation || 0 || ET POLICY Suspicious Executable (PE offset 512) || url,doc.emergingthreats.net/2009035 1 || 2009036 || 8 || trojan-activity || 0 || ET TROJAN Armitage Loader Check-in || url,doc.emergingthreats.net/2009036 1 || 2009037 || 2 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Checkin (variant 3) || url,doc.emergingthreats.net/2009037 1 || 2009038 || 3 || attempted-recon || 0 || ET SCAN SQLNinja MSSQL Version Scan || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009038 1 || 2009039 || 3 || attempted-recon || 0 || ET SCAN SQLNinja MSSQL XPCmdShell Scan || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009039 1 || 2009040 || 4 || attempted-recon || 0 || ET SCAN SQLNinja MSSQL User Scan || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009040 1 || 2009041 || 4 || attempted-recon || 0 || ET SCAN SQLNinja MSSQL Database User Rights Scan || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009041 1 || 2009042 || 5 || attempted-recon || 0 || ET SCAN SQLNinja MSSQL Authentication Mode Scan || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009042 1 || 2009043 || 4 || attempted-admin || 0 || ET SCAN SQLNinja Attempt To Recreate xp_cmdshell Using sp_configure || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009043 1 || 2009044 || 4 || attempted-admin || 0 || ET SCAN SQLNinja Attempt To Create xp_cmdshell Session || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009044 1 || 2009045 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cfagcms right.php title Parameter SQL Injection || bugtraq,32851 || url,milw0rm.com/exploits/7483 || url,doc.emergingthreats.net/2009045 1 || 2009046 || 48 || web-application-attack || 0 || ET ACTIVEX Chilkat Socket Activex Remote Arbitrary File Overwrite 1 || bugtraq,32333 || url,milw0rm.com/exploits/7594 || url,doc.emergingthreats.net/2009046 1 || 2009047 || 8 || web-application-attack || 0 || ET ACTIVEX SaschArt SasCam Webcam Server ActiveX Control Get Method Buffer Overflow || bugtraq,33053 || url,milw0rm.com/exploits/7617 || url,doc.emergingthreats.net/2009047 1 || 2009048 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sepcity Lawyer Portal deptdisplay.asp ID parameter SQL Injection || url,milw0rm.com/exploits/7610 || bugtraq,33040 || url,doc.emergingthreats.net/2009048 1 || 2009049 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RealtyListings type.asp iType Parameter SQL Injection || url,secunia.com/advisories/33167/ || url,milw0rm.com/exploits/7464 || url,doc.emergingthreats.net/2009049 1 || 2009050 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RealtyListings detail.asp iPro Parameter SQL Injection || url,secunia.com/advisories/33167/ || url,milw0rm.com/exploits/7464 || url,doc.emergingthreats.net/2009050 1 || 2009051 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPOF DB_AdoDB.Class.PHP PHPOF_INCLUDE_PATH parameter Remote File Inclusion || bugtraq,25541 || url,doc.emergingthreats.net/2009051 1 || 2009052 || 3 || trojan-activity || 0 || ET TROJAN Hupigon System Stats Report (I-variant) || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497 1 || 2009053 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MODx CMS Thumbnail.php base_path Remote File Inclusion || url,securityvulns.com/Odocument913.html || url,doc.emergingthreats.net/2009053 1 || 2009054 || 8 || trojan-activity || 0 || ET TROJAN Asprox Form Submission to C&C || url,doc.emergingthreats.net/2009054 1 || 2009055 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pligg check_url.php url parameter SQL Injection || url,milw0rm.com/exploits/7544 || bugtraq,32970 || url,doc.emergingthreats.net/2009055 1 || 2009056 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pixel8 Web Photo Album AlbumID SQL Injection || url,secunia.com/advisories/33373/ || url,milw0rm.com/exploits/7627 || url,doc.emergingthreats.net/2009056 1 || 2009057 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PowerNews news.php newsid parameter SQL Injection || url,secunia.com/advisories/33363/ || url,milw0rm.com/exploits/7641 || url,doc.emergingthreats.net/2009057 1 || 2009058 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest search.php search parameter SQL Injection || bugtraq,33097 || url,milw0rm.com/exploits/7659 || url,doc.emergingthreats.net/2009058 1 || 2009059 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Feederator add_tmsp.php mosConfig_absolute_path parameter remote file inclusion || bugtraq,32194 || url,milw0rm.com/exploits/7040 || url,doc.emergingthreats.net/2009059 1 || 2009060 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Feederator edit_tmsp.php mosConfig_absolute_path parameter remote file inclusion || bugtraq,32194 || url,milw0rm.com/exploits/7040 || url,doc.emergingthreats.net/2009060 1 || 2009061 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Feederator subscription.php GLOBALS mosConfig_absolute_path parameter remote file inclusion || bugtraq,32194 || url,milw0rm.com/exploits/7040 || url,doc.emergingthreats.net/2009061 1 || 2009062 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Feederator tmsp.php mosConfig_absolute_path parameter remote file inclusion || bugtraq,32194 || url,milw0rm.com/exploits/7040 || url,doc.emergingthreats.net/2009062 1 || 2009063 || 8 || web-application-attack || 0 || ET ACTIVEX Easy Grid ActiveX Multiple Arbitrary File Overwrite || bugtraq,33272 || url,doc.emergingthreats.net/2009063 1 || 2009064 || 8 || web-application-attack || 0 || ET ACTIVEX Ciansoft PDFBuilderX Control ActiveX Arbitrary File Overwrite || bugtraq,33233 || url,milw0rm.com/exploits/7794 || url,doc.emergingthreats.net/2009064 1 || 2009065 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Daily add_postit.php id Parameter SQL Injection || url,secunia.com/Advisories/32408 || url,milw0rm.com/exploits/6833 || url,doc.emergingthreats.net/2009065 1 || 2009066 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Daily delete.php id Parameter SQL Injection || url,secunia.com/Advisories/32/32408 || url,milw0rm.com/exploits/6833 || url,doc.emergingthreats.net/2009066 1 || 2009067 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion Members CV(job) Module members.php sortby parameter SQL injection || bugtraq,33156 || url,milw0rm.com/exploits/7697 || url,doc.emergingthreats.net/2009067 1 || 2009068 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGaming CMS previews.php browse parameter SQL injection || cve,2008-5841 || bugtraq,31340 || url,milw0rm.com/exploits/6540 || url,doc.emergingthreats.net/2009068 1 || 2009069 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGaming CMS reviews.php browse parameter SQL injection || cve,2008-5841 || bugtraq,31340 || url,milw0rm.com/exploits/6540 || url,doc.emergingthreats.net/2009069 1 || 2009070 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpSkelSite TplSuffix parameter local file inclusion || bugtraq,33092 || url,doc.emergingthreats.net/2009070 1 || 2009071 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpSkelSite theme parameter remote file inclusion || bugtraq,33092 || url,doc.emergingthreats.net/2009071 1 || 2009073 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 admin_words.php ModName parameter Local File inclusion || bugtraq,33103 || url,doc.emergingthreats.net/2009073 1 || 2009074 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 admin_groups_reapir.php ModName parameter Local File inclusion || bugtraq,33103 || url,doc.emergingthreats.net/2009074 1 || 2009075 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 admin_smilies.php ModName parameter Local File inclusion || bugtraq,33103 || url,doc.emergingthreats.net/2009075 1 || 2009076 || 16 || bad-unknown || 0 || ET DELETED Nginx Serving PDF - Possible hostile content (PDF) || url,doc.emergingthreats.net/bin/view/Main/2009076 1 || 2009077 || 3 || trojan-activity || 0 || ET TROJAN TROJ_INJECT.NI Update Request || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_INJECT.NI&VSect=T || url,doc.emergingthreats.net/2009077 1 || 2009078 || 5 || trojan-activity || 0 || ET TROJAN Backdoor Lanfiltrator Checkin || url,research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.LanFiltrator.3b&threatid=51642 || url,doc.emergingthreats.net/2009078 1 || 2009079 || 3 || trojan-activity || 0 || ET TROJAN Delfsnif/Buzus.fte Remote Response || url,www.threatexpert.com/threats/virtool-win32-delfsnif-gen.html || url,doc.emergingthreats.net/2009079 1 || 2009080 || 8 || trojan-activity || 0 || ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile || url,doc.emergingthreats.net/2009080 1 || 2009081 || 10 || trojan-activity || 0 || ET TROJAN Password Stealer - User-Agent (Ucheck) || url,doc.emergingthreats.net/2009081 1 || 2009082 || 6 || trojan-activity || 0 || ET DELETED Password Stealer Reporting - ?a=%NN&b= || url,doc.emergingthreats.net/2009082 1 || 2009083 || 6 || not-suspicious || 0 || ET DELETED Set flow on bmp file get || url,doc.emergingthreats.net/2009083 1 || 2009084 || 9 || trojan-activity || 0 || ET DELETED Possible Trojan File Download - BMP Requested but not received || url,doc.emergingthreats.net/2009084 1 || 2009085 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS playSMS init.php apps_path plug parameter local file inclusion || url,secunia.com/advisories/33386/ || url,milw0rm.com/exploits/7687 || url,doc.emergingthreats.net/2009085 1 || 2009086 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS playSMS init.php apps_path themes parameter remote file inclusion || url,secunia.com/advisories/33386/ || url,milw0rm.com/exploits/7687 || url,doc.emergingthreats.net/2009086 1 || 2009087 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS playSMS init.php apps_path themes parameter local file inclusion || url,secunia.com/advisories/33386/ || url,milw0rm.com/exploits/7687 || url,doc.emergingthreats.net/2009087 1 || 2009088 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS playSMS function.php apps_path libs parameter remote file inclusion || url,secunia.com/advisories/33386/ || url,milw0rm.com/exploits/7687 || url,doc.emergingthreats.net/2009088 1 || 2009089 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS playSMS function.php apps_path libs parameter local file inclusion || url,secunia.com/advisories/33386/ || url,milw0rm.com/exploits/7687 || url,doc.emergingthreats.net/2009089 1 || 2009090 || 5 || trojan-activity || 0 || ET TROJAN Generic Banker Trojan Downloader Config to client || url,doc.emergingthreats.net/2009090 1 || 2009091 || 5 || policy-violation || 0 || ET MALWARE Adware/Spyware Trymedia.com EXE download || url,www.browserdefender.com/site/trymedia.com || url,www.threatexpert.com/reports.aspx?find=Adware.Trymedia || url,doc.emergingthreats.net/2009091 1 || 2009092 || 9 || trojan-activity || 0 || ET DELETED New Malware Information Post || url,doc.emergingthreats.net/2009092 1 || 2009093 || 5 || trojan-activity || 0 || ET DELETED Backdoor PcClient.CAK.Pakes POST on non-http Port || url,doc.emergingthreats.net/2009093 1 || 2009094 || 7 || trojan-activity || 0 || ET TROJAN Password Stealer (PSW.Win32.Magania Family) GET || url,www.f-secure.com/v-descs/trojan-psw_w32_magania.shtml || url,www.threatexpert.com/reports.aspx?find=Trojan-PWS.Magania || url,doc.emergingthreats.net/2009094 1 || 2009095 || 3 || policy-violation || 0 || ET POLICY Newzbin Usenet Reader License Check || url,doc.emergingthreats.net/2009095 1 || 2009096 || 8 || trojan-activity || 0 || ET TROJAN Tigger.a/Syzor Control Checkin || url,voices.washingtonpost.com/securityfix/2009/02/the_t-i-double-guh-r_trojan_ic.html?wprss=securityfix || url,mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html || url,doc.emergingthreats.net/2009096 1 || 2009097 || 2 || policy-violation || 0 || ET P2P Manolito Connection (1) || url,doc.emergingthreats.net/2009097 1 || 2009098 || 3 || policy-violation || 0 || ET P2P Manolito Ping || url,doc.emergingthreats.net/2009098 1 || 2009099 || 3 || policy-violation || 0 || ET P2P ThunderNetwork UDP Traffic || url,xunlei.com || url,en.wikipedia.org/wiki/Xunlei || url,doc.emergingthreats.net/2009099 1 || 2009100 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SocialEngine browse_classifieds.php Remote SQL Injection || url,secunia.com/advisories/33474/ || url,milw0rm.com/exploits/7730 || url,doc.emergingthreats.net/2009100 1 || 2009101 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS REALTOR define.php Remote File Inclusion || bugtraq,33227 || url,milw0rm.com/exploits/7743 || url,doc.emergingthreats.net/2009101 1 || 2009102 || 8 || web-application-attack || 0 || ET ACTIVEX Easy Grid ActiveX Multiple Arbitrary File Overwrite || bugtraq,33272 || url,doc.emergingthreats.net/2009102 1 || 2009103 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Free Bible Search readbible.php SQL Injection || bugtraq,33301 || url,milw0rm.com/exploits/7798 || url,doc.emergingthreats.net/2009103 1 || 2009104 || 8 || web-application-attack || 0 || ET ACTIVEX MetaProducts MetaTreeX ActiveX Control Arbitrary File Overwrite || bugtraq,33318 || url,milw0rm.com/exploits/7804 || url,doc.emergingthreats.net/2009104 1 || 2009108 || 4 || trojan-activity || 0 || ET TROJAN Parite Setup Connection (tqzn.com related) || url,doc.emergingthreats.net/2009108 1 || 2009111 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (get_site1) || url,doc.emergingthreats.net/2009111 1 || 2009114 || 7 || trojan-activity || 0 || ET TROJAN Downadup/Conficker A Worm reporting || url,www.f-secure.com/weblog/archives/00001584.html || url,doc.emergingthreats.net/bin/view/Main/2009114 1 || 2009115 || 6 || web-application-attack || 0 || ET ACTIVEX JamDTA ActiveX Control SaveToFile Arbitrary File Overwrite || bugtraq,33345 || url,doc.emergingthreats.net/2009115 1 || 2009117 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easynet4u Link Host directory.php cat_id parameter SQL Injection || bugtraq,31717 || url,www.milw0rm.com/exploits/6728 || url,doc.emergingthreats.net/2009117 1 || 2009118 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetik.net ESA sayfalar.php KayitNo Parameter SQL Injection || bugtraq,31352 || url,www.milw0rm.com/exploits/6549 || url,doc.emergingthreats.net/2009118 1 || 2009119 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetik.net ESA diger.php KayitNo Parameter SQL Injection || bugtraq,31352 || url,www.milw0rm.com/exploits/6549 || url,doc.emergingthreats.net/2009119 1 || 2009120 || 9 || web-application-attack || 0 || ET ACTIVEX FlexCell Grid ActiveX Multiple Arbitrary File Overwrite || url,www.milw0rm.com/exploits/7868 || bugtraq,33453 || url,doc.emergingthreats.net/2009120 1 || 2009121 || 9 || web-application-attack || 0 || ET ACTIVEX NCTsoft NCTAudioFile2 ActiveX Control NCTWMAFILE2.DLL Arbitrary File Overwrite || url,www.milw0rm.com/exploits/7871 || bugtraq,24613 || url,doc.emergingthreats.net/2009121 1 || 2009122 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wazzum Dating Software profile_view.php userid Parameter SQL Injection || url,www.milw0rm.com/exploits/7877 || url,secunia.com/Advisories/33654/ || url,doc.emergingthreats.net/2009122 1 || 2009123 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SezHoo SezHooTabsAndActions.php IP Parameter Remote File Inclusion || bugtraq,31756 || url,www.milw0rm.com/exploits/6751 || url,doc.emergingthreats.net/2009123 1 || 2009124 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (GETJOB) || url,doc.emergingthreats.net/2009124 1 || 2009125 || 15 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Inject.esi/Comfoo Outbound Communication || url,doc.emergingthreats.net/2009125 || url,www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/ 1 || 2009126 || 8 || trojan-activity || 0 || ET TROJAN Win32/Monkif Downloader Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fMonkif.C || url,doc.emergingthreats.net/2009126 1 || 2009127 || 7 || trojan-activity || 0 || ET TROJAN General Banker.PWS POST Checkin || url,doc.emergingthreats.net/2009127 1 || 2009128 || 5 || trojan-activity || 0 || ET TROJAN Bifrose Connect to Controller (PING PONG) || url,doc.emergingthreats.net/2009128 1 || 2009129 || 5 || trojan-activity || 0 || ET TROJAN Bifrose Response from Controller (PING PONG) || url,doc.emergingthreats.net/2009129 1 || 2009130 || 3 || trojan-activity || 0 || ET TROJAN Overtoolbar.net Backdoor ICMP Checkin Request || url,doc.emergingthreats.net/2009130 1 || 2009131 || 3 || trojan-activity || 0 || ET TROJAN Overtoolbar.net Backdoor ICMP Checkin Response || url,doc.emergingthreats.net/2009131 1 || 2009132 || 6 || web-application-attack || 0 || ET WEB_CLIENT Internet Explorer javascript onUnload http spliting attempt (body) || url,doc.emergingthreats.net/2009132 1 || 2009133 || 6 || web-application-attack || 0 || ET WEB_CLIENT Internet Explorer javascript onUnload http spliting attempt (img) || url,doc.emergingthreats.net/2009133 1 || 2009134 || 6 || web-application-attack || 0 || ET WEB_CLIENT Internet Explorer javascript onURLFlip http spliting attempt (body) || url,doc.emergingthreats.net/2009134 1 || 2009135 || 6 || web-application-attack || 0 || ET WEB_CLIENT Internet Explorer javascript onURLFlip http spliting attempt || url,doc.emergingthreats.net/2009135 1 || 2009136 || 6 || web-application-attack || 0 || ET ACTIVEX Web on Windows ActiveX Insecure Methods || bugtraq,33515 || url,xforce.iss.net/xforce/xfdb/48337 || url,doc.emergingthreats.net/2009136 1 || 2009137 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Realty dpage.php docID parameter SQL Injection || url,secunia.com/advisories/31484/ || url,packetstorm.linuxsecurity.com/0808-exploits/phprealty-sql.txt || url,doc.emergingthreats.net/2009137 1 || 2009138 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Synactis All_IN_THE_BOX ActiveX SaveDoc Method Arbitrary File Overwrite || url,milw0rm.com/exploits/7928 || bugtraq,33535 || url,doc.emergingthreats.net/2009138 1 || 2009139 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Million Pixel Ad Script tops_top.php id_cat parameter SQL Injection || url,secunia.com/advisories/31626/ || url,milw0rm.com/exploits/6044 || url,doc.emergingthreats.net/2009139 1 || 2009140 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ReVou Micro Blogging user_updates.php user Parameter SQL Injection || url,milw0rm.com/exploits/7925 || bugtraq,33540 || url,doc.emergingthreats.net/2009140 1 || 2009141 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNBank utdb_access.php minsoft_path Parameter Remote File Inclusion || bugtraq,31492 || url,milw0rm.com/exploits/6632 || url,doc.emergingthreats.net/2009141 1 || 2009142 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNBank utgn_message.php minsoft_path Parameter Remote File Inclusion || bugtraq,31492 || url,milw0rm.com/exploits/6632 || url,doc.emergingthreats.net/2009142 1 || 2009143 || 37 || web-application-attack || 0 || ET ACTIVEX ACTIVEX PPMate PPMedia Class ActiveX Control Buffer Overflow || cve,2008-3242 || url,secunia.com/advisories/30952 || url,milw0rm.com/exploits/6090 || url,doc.emergingthreats.net/2009143 1 || 2009144 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sourdough neededFiles Parameter Remote File Inclusion || url,doc.emergingthreats.net/2009144 1 || 2009145 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Syntax Desktop preview.php synTarget Parameter Local File Inclusion || url,www.milw0rm.com/exploits/7977 || bugtraq,33601 || url,doc.emergingthreats.net/2009145 1 || 2009146 || 4 || web-application-activity || 0 || ET ATTACK_RESPONSE Possible ASPXSpy Request || url,doc.emergingthreats.net/2009146 1 || 2009147 || 4 || web-application-activity || 0 || ET ATTACK_RESPONSE Possible ASPXSpy Related Activity || url,doc.emergingthreats.net/2009147 1 || 2009149 || 4 || web-application-activity || 0 || ET ATTACK_RESPONSE Possible ASPXSpy Upload Attempt || url,doc.emergingthreats.net/2009149 1 || 2009150 || 6 || trojan-activity || 0 || ET MALWARE Viruskill.co.kr Fake AV User-Agent Detected (virus_kill) || url,doc.emergingthreats.net/2009150 1 || 2009151 || 8 || web-application-attack || 0 || ET WEB_SERVER PHP Generic Remote File Include Attempt (HTTP) || url,doc.emergingthreats.net/2009151 1 || 2009152 || 8 || web-application-attack || 0 || ET WEB_SERVER PHP Generic Remote File Include Attempt (HTTPS) || url,doc.emergingthreats.net/2009152 1 || 2009153 || 8 || web-application-attack || 0 || ET WEB_SERVER PHP Generic Remote File Include Attempt (FTP) || url,doc.emergingthreats.net/2009153 1 || 2009154 || 8 || attempted-recon || 0 || ET SCAN Automated Injection Tool User-Agent (AutoGetColumn) || url,doc.emergingthreats.net/2009154 1 || 2009155 || 8 || web-application-attack || 0 || ET WEB_SERVER PHP Generic Remote File Include Attempt (FTPS) || url,doc.emergingthreats.net/2009155 1 || 2009156 || 9 || trojan-activity || 0 || ET TROJAN Koobface Checkin via POST || url,www.virustotal.com/analisis/a4a854e56ecc0a54204fc3b043c63094 || url,doc.emergingthreats.net/2009156 1 || 2009157 || 6 || trojan-activity || 0 || ET MALWARE Fake AV User-Agent (N1) || url,doc.emergingthreats.net/2009157 1 || 2009158 || 4 || attempted-recon || 0 || ET SCAN WebShag Web Application Scan Detected || url,www.scrt.ch/pages_en/outils.html || url,doc.emergingthreats.net/2009158 1 || 2009159 || 7 || attempted-recon || 0 || ET SCAN Toata Scanner User-Agent Detected || url,isc.sans.org/diary.html?storyid=5599 || url,doc.emergingthreats.net/2009159 1 || 2009160 || 8 || web-application-attack || 0 || ET ACTIVEX GeoVision LiveX_v8200 ActiveX Control Arbitrary File Overwrite || url,milw0rm.com/exploits/8059 || url,doc.emergingthreats.net/2009160 1 || 2009161 || 8 || web-application-attack || 0 || ET ACTIVEX GeoVision LiveX_v7000 ActiveX Control Arbitrary File Overwrite || url,xforce.iss.net/xforce/xfdb/48773 || url,milw0rm.com/exploits/8059 || url,doc.emergingthreats.net/2009161 1 || 2009162 || 8 || web-application-attack || 0 || ET ACTIVEX GeoVision LiveX_v8120 ActiveX Control Arbitrary File Overwrite || url,xforce.iss.net/xforce/xfdb/48773 || url,milw0rm.com/exploits/8059 || url,doc.emergingthreats.net/2009162 1 || 2009163 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GBook header.php abspath Parameter Remote File Inclusion || url,secunia.com/advisories/33768/ || url,milw0rm.com/exploits/7955 || url,doc.emergingthreats.net/2009163 1 || 2009164 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS openEngine filepool.php oe_classpath parameter Remote File Inclusion || bugtraq,31423 || url,milw0rm.com/exploits/6585 || url,doc.emergingthreats.net/2009164 1 || 2009165 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Barcode Generator LSTable.php class_dir parameter Remote File Inclusion || bugtraq,31419 || url,milw0rm.com/exploits/6575 || url,doc.emergingthreats.net/2009165 1 || 2009166 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Concord Consortium CoAST header.php sections_file parameter remote file inclusion || bugtraq,31461 || url,milw0rm.com/exploits/6598 || url,doc.emergingthreats.net/2009166 1 || 2009167 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AdaptCMS Lite rss_importer_functions.php sitepath Parameter Remote File Inclusion || url,milw0rm.com/exploits/8016 || bugtraq,33698 || url,doc.emergingthreats.net/2009167 1 || 2009168 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Papoo CMS message_class.php pfadhier Local File Inclusion || bugtraq,33718 || url,milw0rm.com/exploits/8030 || url,doc.emergingthreats.net/2009168 1 || 2009169 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Thyme export.php export_to Parameter Local File Inclusion || bugtraq,33731 || url,milw0rm.com/exploits/8029 || url,doc.emergingthreats.net/2009169 1 || 2009170 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Psyb0t Code Download || url,www.adam.com.au/bogaurd/PSYB0T.pdf || url,doc.emergingthreats.net/2009170 1 || 2009171 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Psyb0t Bot Nick || url,www.adam.com.au/bogaurd/PSYB0T.pdf || url,doc.emergingthreats.net/2009171 1 || 2009172 || 2 || trojan-activity || 0 || ET TROJAN Psyb0t joining an IRC Channel || url,www.adam.com.au/bogaurd/PSYB0T.pdf || url,doc.emergingthreats.net/2009172 1 || 2009173 || 5 || trojan-activity || 0 || ET TROJAN Possible Vundo Trojan Variant reporting to Controller || url,doc.emergingthreats.net/2009173 1 || 2009174 || 4 || trojan-activity || 0 || ET TROJAN Possible Vundo EXE Download Attempt || url,doc.emergingthreats.net/2009174 1 || 2009175 || 6 || trojan-activity || 0 || ET DELETED Zbot/Zeus C&C Access || url,doc.emergingthreats.net/2009175 1 || 2009178 || 8 || web-application-attack || 0 || ET ACTIVEX Nokia Phoenix Service Software ActiveX Control Buffer Overflow || bugtraq,33726 || url,doc.emergingthreats.net/2009178 1 || 2009179 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SnippetMaster vars.inc.php _SESSION Parameter Remote File Inclusion || url,secunia.com/advisories/33865/ || url,milw0rm.com/exploits/8017 || url,doc.emergingthreats.net/2009179 1 || 2009180 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SnippetMaster pcltar.lib.php g_pcltar_lib_dir Parameter Remote File Inclusion || url,secunia.com/advisories/33865/ || url,milw0rm.com/exploits/8017 || url,doc.emergingthreats.net/2009180 1 || 2009181 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SnippetMaster vars.inc.php _SESSION Parameter Local File Inclusion || url,secunia.com/advisories/33865/ || url,milw0rm.com/exploits/8017 || url,doc.emergingthreats.net/2009181 1 || 2009182 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SnippetMaster pcltar.lib.php g_pcltar_lib_dir Parameter Local File Inclusion || url,secunia.com/advisories/33865/ || url,milw0rm.com/exploits/8017 || url,doc.emergingthreats.net/2009182 1 || 2009184 || 8 || web-application-attack || 0 || ET ACTIVEX FathFTP ActiveX DeleteFile Arbitrary File Deletion || bugtraq,33842 || url,xforce.iss.net/xforce/xfdb/48837 || url,doc.emergingthreats.net/2009184 1 || 2009185 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS A Better Member-Based ASP Photo Gallery view.asp entry parameter SQL injection || bugtraq,33693 || url,milw0rm.com/exploits/8012 || url,doc.emergingthreats.net/2009185 1 || 2009186 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Auto Listings Script moreinfo.php itemno Parameter SQL Injection || bugtraq,32131 || url,milw0rm.com/exploits/7003 || url,doc.emergingthreats.net/2009186 1 || 2009187 || 7 || web-application-attack || 0 || ET ACTIVEX iDefense COMRaider ActiveX Control Arbitrary File Deletion || bugtraq,33867 || bugtraq,33942 || url,doc.emergingthreats.net/2009187 1 || 2009188 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gapicms toolbar.php dirDepth Parameter Remote File Inclusion || url,vupen.com/english/advisories/2008/2059 || url,milw0rm.com/exploits/6036 || url,doc.emergingthreats.net/2009188 1 || 2009190 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YACS update_trailer.php context Parameter Remote File Inclusion || url,milw0rm.com/exploits/8066 || url,secunia.com/advisories/33959/ || url,doc.emergingthreats.net/2009190 1 || 2009191 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YACS update_trailer.php context Parameter Local File Inclusion || url,milw0rm.com/exploits/8066 || url,secunia.com/advisories/33959/ || url,doc.emergingthreats.net/2009191 1 || 2009192 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Faethon info.php item Parameter SQL Injection || bugtraq,33775 || url,milw0rm.com/exploits/8054 || url,doc.emergingthreats.net/2009192 1 || 2009194 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X7 Chat mini.php help_file Parameter Local File Inclusion || url,milw0rm.com/exploits/6592 || bugtraq,31460 || url,doc.emergingthreats.net/2009194 1 || 2009195 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Basebuilder main.inc.php mj_config Parameter Local File Inclusion || url,secunia.com/advisories/31947/ || url,milw0rm.com/exploits/6533 || url,doc.emergingthreats.net/2009195 1 || 2009196 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Basebuilder main.inc.php mj_config Parameter Remote File inclusion || url,secunia.com/advisories/31947/ || url,milw0rm.com/exploits/6533 || url,doc.emergingthreats.net/2009196 1 || 2009198 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kalptaru Infotech Product Sale Framework customer.forumtopic.php forum_topic_id parameter SQL Injection || cve,2008-5590 || bugtraq,32672 || url,www.exploit-db.com/exploits/7368/ || url,doc.emergingthreats.net/2009198 1 || 2009199 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Script Toko Online shop_display_products.php cat_id Parameter SQL Injection || cve,CVE-2009-0296 || url,secunia.com/advisories/33661/ || url,milw0rm.com/exploits/7873 || url,doc.emergingthreats.net/2009199 1 || 2009200 || 6 || trojan-activity || 0 || ET TROJAN Conficker.a Shellcode || url,www.honeynet.org/node/388 || url,doc.emergingthreats.net/2009200 1 || 2009201 || 6 || trojan-activity || 0 || ET TROJAN Conficker.b Shellcode || url,www.honeynet.org/node/388 || url,doc.emergingthreats.net/2009201 1 || 2009202 || 8 || trojan-activity || 0 || ET DELETED GhostNet Trojan Reporting || url,www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network || url,doc.emergingthreats.net/2009202 1 || 2009203 || 5 || trojan-activity || 0 || ET TROJAN Alman Dropper Checkin || url,doc.emergingthreats.net/2009203 1 || 2009204 || 7 || trojan-activity || 0 || ET TROJAN Crypt.CFI.Gen Checkin || url,doc.emergingthreats.net/2009204 1 || 2009205 || 5 || trojan-activity || 0 || ET TROJAN Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 1) || url,mtc.sri.com/Conficker/addendumC/ || url,doc.emergingthreats.net/2009205 1 || 2009206 || 4 || trojan-activity || 0 || ET TROJAN Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4) || url,mtc.sri.com/Conficker/addendumC/ || url,doc.emergingthreats.net/2009206 1 || 2009207 || 4 || trojan-activity || 0 || ET TROJAN Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5) || url,mtc.sri.com/Conficker/addendumC/ || url,doc.emergingthreats.net/2009207 1 || 2009208 || 4 || trojan-activity || 0 || ET TROJAN Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16) || url,mtc.sri.com/Conficker/addendumC/ || url,doc.emergingthreats.net/2009208 1 || 2009209 || 5 || trojan-activity || 0 || ET TROJAN Rogue A/V Win32/FakeXPA GET Request || url,doc.emergingthreats.net/2009209 1 || 2009210 || 3 || trojan-activity || 0 || ET ATTACK_RESPONSE Unusual FTP Server Banner (fuckFtpd) || url,doc.emergingthreats.net/2009210 1 || 2009211 || 3 || trojan-activity || 0 || ET ATTACK_RESPONSE Unusual FTP Server Banner (NzmxFtpd) || url,doc.emergingthreats.net/2009211 1 || 2009212 || 5 || trojan-activity || 0 || ET TROJAN Zbot/Zeus Dropper Infection - /check || url,doc.emergingthreats.net/2009212 1 || 2009213 || 6 || trojan-activity || 0 || ET TROJAN Zbot/Zeus Dropper Infection - /loads.php || url,doc.emergingthreats.net/2009213 1 || 2009215 || 5 || trojan-activity || 0 || ET TROJAN Farfli HTTP Checkin Activity || url,www.virustotal.com/analisis/3b532a7bf7850483882024652f6c8a8b || url,doc.emergingthreats.net/2009215 1 || 2009216 || 7 || attempted-admin || 0 || ET DELETED Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit || cve,2008-5457 || url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html || url,doc.emergingthreats.net/2009216 1 || 2009217 || 6 || attempted-admin || 0 || ET SCAN Tomcat admin-admin login credentials || url,tomcat.apache.org || url,doc.emergingthreats.net/2009217 1 || 2009218 || 7 || attempted-admin || 0 || ET SCAN Tomcat admin-blank login credentials || url,tomcat.apache.org || url,doc.emergingthreats.net/2009218 1 || 2009219 || 3 || successful-admin || 0 || ET SCAN Tomcat Successful default credential login from external source || url,tomcat.apache.org || url,doc.emergingthreats.net/2009219 1 || 2009220 || 4 || successful-admin || 0 || ET SCAN Tomcat upload from external source || url,tomcat.apache.org || url,doc.emergingthreats.net/2009220 1 || 2009222 || 7 || trojan-activity || 0 || ET MALWARE NewWeb User-Agent (Lobo Lunar) || url,doc.emergingthreats.net/2009222 1 || 2009223 || 8 || trojan-activity || 0 || ET TROJAN Fake AV Downloader.Onestage/FakeAlert.ZR User-Agent (AV1) || md5,208e5551efce47ac6c95691715c12e46 || md5,735dff747d0c7ce74dde31547b2b5750 || md5,a84a144677a786c6855fd4899d024948 1 || 2009224 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ea-gBook index_inc.php inc_ordner parameter local file inclusion || url,secunia.com/advisories/33927/ || bugtraq,33774 || url,milw0rm.com/exploits/8052 || url,doc.emergingthreats.net/2009224 1 || 2009225 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ea-gBook index_inc.php inc_ordner parameter remote file inclusion || url,secunia.com/advisories/33927/ || bugtraq,33774 || url,milw0rm.com/exploits/8052 || url,doc.emergingthreats.net/2009225 1 || 2009226 || 8 || web-application-attack || 0 || ET ACTIVEX Sopcast SopCore ActiveX Control Remote Code Execution || bugtraq,33920 || url,packetstorm.linuxsecurity.com/0902-exploits/9sg_sopcastia.txt || url,doc.emergingthreats.net/2009226 1 || 2009227 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eFiction toplists.php list Parameter SQL Injection || url,secunia.com/advisories/30606/ || url,milw0rm.com/exploits/5785 || url,doc.emergingthreats.net/2009227 1 || 2009228 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AlstraSoft Video Share Enterprise album.php UID Parameter SQL Injection || cve,CVE-2008-3386 || url,www.milw0rm.com/exploits/6092 || url,secunia.com/advisories/31134/ || url,doc.emergingthreats.net/2009228 1 || 2009229 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TECHNOTE shop_this_skin_path Paramter Remote File Inclusion || url,secunia.com/advisories/33732/ || cve,CVE-2009-0441 || url,milw0rm.com/exploits/7965 || url,doc.emergingthreats.net/2009229 1 || 2009230 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TECHNOTE shop_this_skin_path Paramter Local File Inclusion || url,secunia.com/advisories/33732/ || cve,CVE-2009-0441 || url,milw0rm.com/exploits/7965 || url,doc.emergingthreats.net/2009230 1 || 2009231 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hedgehog CMS header.php c_temp_path Local File Inclusion || cve,CVE-2008-2898 || url,secunia.com/advisories/30778/ || url,milw0rm.com/exploits/5904 || url,doc.emergingthreats.net/2009231 1 || 2009232 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hedgehog CMS footer.php c_temp_path Remote File Inclusion || cve,CVE-2008-2898 || url,secunia.com/advisories/30778/ || url,milw0rm.com/exploits/8028 || url,doc.emergingthreats.net/2009232 1 || 2009233 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hedgehog CMS header.php c_temp_path Remote File Inclusion || cve,CVE-2008-2898 || url,secunia.com/advisories/30778/ || url,milw0rm.com/exploits/5904 || url,doc.emergingthreats.net/2009233 1 || 2009234 || 5 || policy-violation || 0 || ET MALWARE Adware-Mirar Reporting (BAR) || url,doc.emergingthreats.net/2009234 1 || 2009235 || 5 || trojan-activity || 0 || ET TROJAN PWSteal.Bancos Generic Banker Trojan SCR Download || url,www.symantec.com/security_response/writeup.jsp?docid=2005-050210-0214-99&tabid=2 || url,www.packetninjas.net || url,doc.emergingthreats.net/2009235 1 || 2009236 || 9 || trojan-activity || 0 || ET MALWARE Pigeon.AYX/AVKill Related User-Agent (CTTBasic) || url,doc.emergingthreats.net/2009236 1 || 2009238 || 2 || trojan-activity || 0 || ET TROJAN PcClient Backdoor Checkin Packet 1 || url,doc.emergingthreats.net/2009238 1 || 2009239 || 2 || trojan-activity || 0 || ET TROJAN PcClient Backdoor Checkin || url,doc.emergingthreats.net/2009239 1 || 2009240 || 8 || trojan-activity || 0 || ET TROJAN General Win32 Backdoor Checkin POST Packet 1 || url,doc.emergingthreats.net/2009240 1 || 2009241 || 6 || trojan-activity || 0 || ET TROJAN General Win32 Backdoor Checkin POST || url,doc.emergingthreats.net/2009241 1 || 2009242 || 3 || trojan-activity || 0 || ET TROJAN LDPinch Reporting infection via Email || url,doc.emergingthreats.net/2009242 1 || 2009243 || 2 || bad-unknown || 0 || ET POLICY HSRP Active Router Changed || url,packetlife.net/blog/2008/oct/27/hijacking-hsrp/ || url,doc.emergingthreats.net/2009243 1 || 2009244 || 2 || bad-unknown || 0 || ET ATTACK_RESPONSE Cisco TclShell TFTP Read Request || url,wwww.irmplc.com/downloads/whitepapers/Creating_Backdoors_in_Cisco_IOS_using_Tcl.pdf || url,doc.emergingthreats.net/2009244 1 || 2009245 || 2 || bad-unknown || 0 || ET ATTACK_RESPONSE Cisco TclShell TFTP Download || url,wwww.irmplc.com/downloads/whitepapers/Creating_Backdoors_in_Cisco_IOS_using_Tcl.pdf || url,doc.emergingthreats.net/2009245 1 || 2009246 || 3 || shellcode-detect || 0 || ET SHELLCODE Bindshell2 Decoder Shellcode || url,doc.emergingthreats.net/2009246 1 || 2009247 || 3 || shellcode-detect || 0 || ET SHELLCODE Rothenburg Shellcode || url,doc.emergingthreats.net/2009247 1 || 2009248 || 3 || shellcode-detect || 0 || ET SHELLCODE Lindau (linkbot) xor Decoder Shellcode || url,doc.emergingthreats.net/2009248 1 || 2009249 || 3 || shellcode-detect || 0 || ET SHELLCODE Adenau Shellcode || url,doc.emergingthreats.net/2009249 1 || 2009250 || 3 || shellcode-detect || 0 || ET SHELLCODE Mainz/Bielefeld Shellcode || url,doc.emergingthreats.net/2009250 1 || 2009251 || 3 || shellcode-detect || 0 || ET SHELLCODE Wuerzburg Shellcode || url,doc.emergingthreats.net/2009251 1 || 2009252 || 3 || shellcode-detect || 0 || ET SHELLCODE Schauenburg Shellcode || url,doc.emergingthreats.net/2009252 1 || 2009253 || 3 || shellcode-detect || 0 || ET SHELLCODE Koeln Shellcode || url,doc.emergingthreats.net/2009253 1 || 2009254 || 3 || shellcode-detect || 0 || ET SHELLCODE Lichtenfels Shellcode || url,doc.emergingthreats.net/2009254 1 || 2009255 || 3 || shellcode-detect || 0 || ET SHELLCODE Mannheim Shellcode || url,doc.emergingthreats.net/2009255 1 || 2009256 || 3 || shellcode-detect || 0 || ET SHELLCODE Berlin Shellcode || url,doc.emergingthreats.net/2009256 1 || 2009257 || 3 || shellcode-detect || 0 || ET SHELLCODE Leimbach Shellcode || url,doc.emergingthreats.net/2009257 1 || 2009258 || 3 || shellcode-detect || 0 || ET SHELLCODE Aachen Shellcode || url,doc.emergingthreats.net/2009258 1 || 2009259 || 3 || shellcode-detect || 0 || ET SHELLCODE Furth Shellcode || url,doc.emergingthreats.net/2009259 1 || 2009260 || 3 || shellcode-detect || 0 || ET SHELLCODE Langenfeld Shellcode || url,doc.emergingthreats.net/2009260 1 || 2009261 || 3 || shellcode-detect || 0 || ET SHELLCODE Bonn Shellcode || url,doc.emergingthreats.net/2009261 1 || 2009262 || 3 || shellcode-detect || 0 || ET SHELLCODE Siegburg Shellcode || url,doc.emergingthreats.net/2009262 1 || 2009263 || 3 || shellcode-detect || 0 || ET SHELLCODE Plain1 Shellcode || url,doc.emergingthreats.net/2009263 1 || 2009264 || 3 || shellcode-detect || 0 || ET SHELLCODE Plain2 Shellcode || url,doc.emergingthreats.net/2009264 1 || 2009265 || 3 || shellcode-detect || 0 || ET SHELLCODE Bindshell1 Decoder Shellcode || url,doc.emergingthreats.net/2009265 1 || 2009266 || 2 || shellcode-detect || 0 || ET SHELLCODE Bindshell1 Decoder Shellcode (UDP) || url,doc.emergingthreats.net/2009266 1 || 2009267 || 2 || shellcode-detect || 0 || ET SHELLCODE Plain2 Shellcode (UDP) || url,doc.emergingthreats.net/2009267 1 || 2009268 || 2 || shellcode-detect || 0 || ET SHELLCODE Plain1 Shellcode (UDP) || url,doc.emergingthreats.net/2009268 1 || 2009269 || 2 || shellcode-detect || 0 || ET SHELLCODE Siegburg Shellcode (UDP) || url,doc.emergingthreats.net/2009269 1 || 2009270 || 2 || shellcode-detect || 0 || ET SHELLCODE Bonn Shellcode (UDP) || url,doc.emergingthreats.net/2009270 1 || 2009271 || 2 || shellcode-detect || 0 || ET SHELLCODE Langenfeld Shellcode (UDP) || url,doc.emergingthreats.net/2009271 1 || 2009272 || 2 || shellcode-detect || 0 || ET SHELLCODE Furth Shellcode (UDP) || url,doc.emergingthreats.net/2009272 1 || 2009273 || 2 || shellcode-detect || 0 || ET SHELLCODE Aachen Shellcode (UDP) || url,doc.emergingthreats.net/2009273 1 || 2009274 || 2 || shellcode-detect || 0 || ET SHELLCODE Leimbach Shellcode (UDP) || url,doc.emergingthreats.net/2009274 1 || 2009275 || 2 || shellcode-detect || 0 || ET SHELLCODE Berlin Shellcode (UDP) || url,doc.emergingthreats.net/2009275 1 || 2009276 || 2 || shellcode-detect || 0 || ET SHELLCODE Mannheim Shellcode (UDP) || url,doc.emergingthreats.net/2009276 1 || 2009277 || 2 || shellcode-detect || 0 || ET SHELLCODE Lichtenfels Shellcode (UDP) || url,doc.emergingthreats.net/2009277 1 || 2009278 || 2 || shellcode-detect || 0 || ET SHELLCODE Koeln Shellcode (UDP) || url,doc.emergingthreats.net/2009278 1 || 2009279 || 2 || shellcode-detect || 0 || ET SHELLCODE Schauenburg Shellcode (UDP) || url,doc.emergingthreats.net/2009279 1 || 2009280 || 2 || shellcode-detect || 0 || ET SHELLCODE Wuerzburg Shellcode (UDP) || url,doc.emergingthreats.net/2009280 1 || 2009281 || 2 || shellcode-detect || 0 || ET SHELLCODE Mainz/Bielefeld Shellcode (UDP) || url,doc.emergingthreats.net/2009281 1 || 2009282 || 2 || shellcode-detect || 0 || ET SHELLCODE Adenau Shellcode (UDP) || url,doc.emergingthreats.net/2009282 1 || 2009283 || 2 || shellcode-detect || 0 || ET SHELLCODE Lindau (linkbot) xor Decoder Shellcode (UDP) || url,doc.emergingthreats.net/2009283 1 || 2009284 || 2 || shellcode-detect || 0 || ET SHELLCODE Rothenburg Shellcode (UDP) || url,doc.emergingthreats.net/2009284 1 || 2009285 || 2 || shellcode-detect || 0 || ET SHELLCODE Bindshell2 Decoder Shellcode (UDP) || url,doc.emergingthreats.net/2009285 1 || 2009286 || 3 || bad-unknown || 0 || ET SCAN Modbus Scanning detected || url,code.google.com/p/modscan/ || url,www.rtaautomation.com/modbustcp/ || url,doc.emergingthreats.net/2009286 1 || 2009287 || 7 || trojan-activity || 0 || ET TROJAN CoreFlooder C&C Checkin (2) || url,doc.emergingthreats.net/2009287 1 || 2009288 || 56 || web-application-attack || 0 || ET WEB_SERVER Attack Tool Revolt Scanner || url,www.Whitehatsecurityresponse.blogspot.com || url,doc.emergingthreats.net/2009288 1 || 2009289 || 6 || trojan-activity || 0 || ET MALWARE No-ad.co.kr Fake AV Related User-Agent (U2Clean) || url,doc.emergingthreats.net/2009289 1 || 2009290 || 2 || trojan-activity || 0 || ET DELETED Possible Hupigon Connect || url,doc.emergingthreats.net/2009290 1 || 2009291 || 2 || trojan-activity || 0 || ET DELETED Hupigon CnC Client Status || url,doc.emergingthreats.net/2009291 1 || 2009292 || 2 || trojan-activity || 0 || ET DELETED Hupigon CnC Server Response || url,doc.emergingthreats.net/2009292 1 || 2009293 || 1 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (15 digit spaced 2) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2009293 1 || 2009294 || 1 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (15 digit dashed 2) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2009294 1 || 2009295 || 9 || trojan-activity || 0 || ET USER_AGENTS Suspicious Mozilla User-Agent Likely Fake (Mozilla/5.0) || url,doc.emergingthreats.net/2009295 1 || 2009296 || 6 || trojan-activity || 0 || ET TROJAN Banker/Banbra Related HTTP Post-infection Checkin || url,doc.emergingthreats.net/2009296 1 || 2009297 || 6 || trojan-activity || 0 || ET TROJAN Boaxxe HTTP POST Checkin || url,doc.emergingthreats.net/2009297 1 || 2009298 || 3 || attempted-recon || 0 || ET SCAN Port Unreachable Response to Xprobe2 OS Fingerprint Scan || url,xprobe.sourceforge.net/ || url,doc.emergingthreats.net/2009298 1 || 2009299 || 6 || trojan-activity || 0 || ET TROJAN General Trojan Downloader || url,doc.emergingthreats.net/2009299 1 || 2009300 || 6 || trojan-activity || 0 || ET TROJAN Small.zon checkin || url,doc.emergingthreats.net/2009300 1 || 2009301 || 6 || policy-violation || 0 || ET DELETED Megaupload file download service access || url,doc.emergingthreats.net/2009301 1 || 2009302 || 7 || policy-violation || 0 || ET POLICY Badongo file download service access || url,doc.emergingthreats.net/2009302 1 || 2009303 || 4 || policy-violation || 0 || ET POLICY MediaFire file download service access || url,doc.emergingthreats.net/2009303 1 || 2009304 || 4 || policy-violation || 0 || ET POLICY Gigasize file download service access || url,doc.emergingthreats.net/2009304 1 || 2009305 || 6 || trojan-activity || 0 || ET DELETED Adware.AdzgaloreBiz/AdRotator!IK Install/Checkin || url,www.threatexpert.com/report.aspx?md5=1ca433d3f5538fda49c5defb59232f9d || url,doc.emergingthreats.net/2009305 1 || 2009306 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid cron.php include_path Parameter Local File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009306 1 || 2009307 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid cron.php include_path Parameter Remote File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009307 1 || 2009308 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid ST_browsers.php include_path Parameter Local File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009308 1 || 2009309 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid ST_browsers.php include_path Parameter Remote File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009309 1 || 2009310 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid ST_countries.php include_path Parameter Local File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009310 1 || 2009311 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid ST_countries.php include_path Parameter Remote File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009311 1 || 2009312 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid ST_platforms.php include_path Parameter Local File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009312 1 || 2009313 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid ST_platforms.php include_path Parameter Remote File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009313 1 || 2009314 || 9 || web-application-attack || 0 || ET ACTIVEX Orbit Downloader ActiveX Control Arbitrary File Delete || bugtraq,34200 || url,milw0rm.com/exploits/8257 || url,doc.emergingthreats.net/2009314 1 || 2009315 || 8 || web-application-attack || 0 || ET ACTIVEX PrecisionID Datamatrix ActiveX control Arbitrary File Overwrite || url,milw0rm.com/exploits/8332 || url,securityfocus.com/archive/1/502319 || url,doc.emergingthreats.net/2009315 1 || 2009316 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YapBB class_yapbbcooker.php cfgIncludeDirectory Parameter Remote File Inclusion || bugtraq,30686 || url,doc.emergingthreats.net/2009316 1 || 2009317 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DesktopOnNet don3_requiem.php app_path Parameter Remote File Inclusion || cve,2008-2649 || url,xforce.iss.net/xforce/xfdb/42790 || url,milw0rm.com/exploits/5715 || url,doc.emergingthreats.net/2009317 1 || 2009318 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DesktopOnNet frontpage.php app_path Parameter Remote File Inclusion || cve,2008-2649 || url,xforce.iss.net/xforce/xfdb/42790 || url,milw0rm.com/exploits/5715 || url,doc.emergingthreats.net/2009318 1 || 2009319 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DeZine DZcms products.php pcat parameter SQL injection || bugtraq,33194 || url,milw0rm.com/exploits/7722 || url,doc.emergingthreats.net/2009319 1 || 2009320 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS rgboard _footer.php skin_path parameter local file inclusion || bugtraq,33621 || url,milw0rm.com/exploits/7978 || url,doc.emergingthreats.net/2009320 1 || 2009321 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS rgboard footer.php _path parameter remote file inclusion || bugtraq,33621 || url,milw0rm.com/exploits/7978 || url,doc.emergingthreats.net/2009321 1 || 2009322 || 7 || web-application-attack || 0 || ET ACTIVEX SupportSoft DNA Editor Module ActiveX Control Insecure Method Remote Code Execution || bugtraq,34004 || url,milw0rm.com/exploits/8160 || url,doc.emergingthreats.net/2009322 1 || 2009323 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Demium CMS tracking.php follow_kat Parameter SQL Injection || bugtraq,33933 || url,milw0rm.com/exploits/8124 || url,doc.emergingthreats.net/2009323 1 || 2009324 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Demium CMS urheber.php name Parameter Local File Inclusion || bugtraq,33933 || url,milw0rm.com/exploits/8124 || url,doc.emergingthreats.net/2009324 1 || 2009325 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phPortal gunaysoft.php icerikyolu Parameter Remote File Inclusion || bugtraq,30064 || cve,CVE-2008-3022 || url,xforce.iss.net/xforce/xfdb/43569 || url,doc.emergingthreats.net/2009325 1 || 2009326 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phPortal gunaysoft.php sayfaid Parameter Remote File Inclusion || bugtraq,30064 || cve,CVE-2008-3022 || url,xforce.iss.net/xforce/xfdb/43569 || url,doc.emergingthreats.net/2009326 1 || 2009327 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phPortal gunaysoft.php uzanti Parameter Remote File Inclusion || bugtraq,30064 || cve,CVE-2008-3022 || url,xforce.iss.net/xforce/xfdb/43569 || url,doc.emergingthreats.net/2009327 1 || 2009328 || 8 || web-application-attack || 0 || ET ACTIVEX GeoVision LiveAudio ActiveX Control Remote Code Execution || bugtraq,34115 || url,milw0rm.com/exploits/8206 || url,doc.emergingthreats.net/2009328 1 || 2009329 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ZABBIX locales.php srclang Parameter Local File Inclusion || url,secunia.com/advisories/34091/ || url,milw0rm.com/exploits/8140 || bugtraq,33965 || url,doc.emergingthreats.net/2009329 1 || 2009330 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyForum centre.php padmin Parameter Local File Inclusion || url,vupen.com/english/advisories/2008/2938 || url,www.exploit-db.com/exploits/6846/ || url,doc.emergingthreats.net/2009330 1 || 2009331 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS tinyCMS templater.php Local File Inclusion || url,milw0rm.com/exploits/6287 || bugtraq,30785 || url,doc.emergingthreats.net/2009331 1 || 2009332 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ODARS resource_categories_view.php CLASSES_ROOT parameter local file inclusion || url,secunia.com/advisories/30784/ || url,milw0rm.com/exploits/5906 || url,doc.emergingthreats.net/2009332 1 || 2009333 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ODARS resource_categories_view.php CLASSES_ROOT parameter Remote file inclusion || url,secunia.com/advisories/30784/ || url,milw0rm.com/exploits/5906 || url,doc.emergingthreats.net/2009333 1 || 2009334 || 30 || web-application-attack || 0 || ET ACTIVEX Morovia Barcode ActiveX Control Arbitrary File Overwrite || url,milw0rm.com/exploits/8208 || bugtraq,23934 || url,doc.emergingthreats.net/2009334 1 || 2009335 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS nicLOR CMS-School showarticle.php aID Parameter SQL Injection || bugtraq,32112 || url,milw0rm.com/exploits/6982 || url,xforce.iss.net/xforce/xfdb/46330 || url,doc.emergingthreats.net/2009335 1 || 2009345 || 8 || attempted-recon || 0 || ET ATTACK_RESPONSE HTTP 401 Unauthorized || url,doc.emergingthreats.net/2009345 1 || 2009346 || 9 || attempted-recon || 0 || ET ATTACK_RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack || url,doc.emergingthreats.net/2009346 1 || 2009347 || 6 || trojan-activity || 0 || ET TROJAN Tigger.a/Syzor Checkin || url,doc.emergingthreats.net/2009347 1 || 2009349 || 6 || trojan-activity || 0 || ET TROJAN Metafisher/Bzub/Cimuz/Tanspy Reporting User Activity || url,doc.emergingthreats.net/2009349 1 || 2009350 || 4 || trojan-activity || 0 || ET TROJAN Win32.Hupigon Control Server Response || url,doc.emergingthreats.net/2009350 1 || 2009351 || 8 || trojan-activity || 0 || ET TROJAN Urlzone/Bebloh Communication with Controller || url,threatinfo.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_BEBLOH.KO&VSect=Td || url,doc.emergingthreats.net/2009351 1 || 2009353 || 9 || trojan-activity || 0 || ET TROJAN Bredolab Downloader Communicating With Controller (1) || url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B || url,doc.emergingthreats.net/2009353 1 || 2009354 || 9 || trojan-activity || 0 || ET TROJAN Bredolab Downloader Communicating With Controller (2) || url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B || url,doc.emergingthreats.net/2009354 1 || 2009355 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (runUpdater.html) || url,doc.emergingthreats.net/2009355 1 || 2009356 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (runPatch.html) || url,doc.emergingthreats.net/2009356 1 || 2009358 || 5 || web-application-attack || 0 || ET SCAN Nmap Scripting Engine User-Agent Detected (Nmap Scripting Engine) || url,doc.emergingthreats.net/2009358 1 || 2009359 || 3 || web-application-attack || 0 || ET SCAN Nmap Scripting Engine User-Agent Detected (Nmap NSE) || url,doc.emergingthreats.net/2009359 1 || 2009360 || 10 || trojan-activity || 0 || ET TROJAN Bredolab Check In || url,www.martinsecurity.net/2009/05/20/inside-the-massive-gumblar-attacka-dentro-del-enorme-ataque-gumblar/ || url,doc.emergingthreats.net/2009360 1 || 2009361 || 5 || attempted-recon || 0 || ET WEB_SERVER cmd.exe In URI - Possible Command Execution Attempt || url,doc.emergingthreats.net/2009361 1 || 2009362 || 5 || attempted-recon || 0 || ET WEB_SERVER /system32/ in Uri - Possible Protected Directory Access Attempt || url,doc.emergingthreats.net/2009362 1 || 2009363 || 6 || attempted-admin || 0 || ET WEB_SERVER Suspicious Chmod Usage in URI || url,doc.emergingthreats.net/2009363 1 || 2009364 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Beerwins PHPLinkAdmin linkadmin.php page Parameter Remote File Inclusion || url,milw0rm.com/exploits/8216 || bugtraq,34129 || url,doc.emergingthreats.net/2009364 1 || 2009365 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Beerwins PHPLinkAdmin edlink.php linkid Parameter SQL Injection || url,milw0rm.com/exploits/8216 || bugtraq,34129 || url,doc.emergingthreats.net/2009365 1 || 2009366 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasySiteNetwork Riddles Complete Website riddle.php riddleid Parameter SQL Injection || bugtraq,29966 || url,milw0rm.com/exploits/5946 || url,doc.emergingthreats.net/2009366 1 || 2009367 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cmsWorks lib.module.php mod_root Parameter Remote File Inclusion || url,milw0rm.com/exploits/5921 || bugtraq,29914 || url,doc.emergingthreats.net/2009367 1 || 2009368 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DeluxeBB misc.php qorder Parameter SQL Injection || bugtraq,34174 || url,milw0rm.com/exploits/8240 || url,doc.emergingthreats.net/2009368 1 || 2009369 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Simple RSS Reader admin.rssreader.php mosConfig_live_site Parameter Remote File Inclusion || url,vupen.com/english/advisories/2008/3119 || bugtraq,32265 || url,www.exploit-db.com/exploits/7096/ || url,doc.emergingthreats.net/2009369 1 || 2009370 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Boonex Dolphin HTMLSax3.php Remote File Inclusion || url,milw0rm.com/exploits/6024 || bugtraq,30136 || url,doc.emergingthreats.net/2009370 1 || 2009371 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Boonex Dolphin safehtml.php Remote File Inclusion || url,milw0rm.com/exploits/6024 || bugtraq,30136 || url,doc.emergingthreats.net/2009371 1 || 2009372 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Boonex Dolphin content.inc.php Remote File Inclusion || url,milw0rm.com/exploits/6024 || bugtraq,30136 || url,doc.emergingthreats.net/2009372 1 || 2009373 || 8 || web-application-attack || 0 || ET ACTIVEX Symantec Norton Ghost EasySetupInt.dll ActiveX Multiple Remote Denial of Service || url,milw0rm.com/exploits/8523 || bugtraq,34696 || url,doc.emergingthreats.net/2009373 1 || 2009374 || 10 || trojan-activity || 0 || ET TROJAN Virut Counter/Check-in || url,www.threatexpert.com/reports.aspx?find=ipk8888.cn&x=0&y=0 || url,doc.emergingthreats.net/2009374 1 || 2009375 || 3 || policy-violation || 0 || ET CHAT General MSN Chat Activity || url,www.hypothetic.org/docs/msn/general/http_examples.php || url,doc.emergingthreats.net/2009375 1 || 2009376 || 5 || policy-violation || 0 || ET CHAT MSN User-Agent Activity || url,www.hypothetic.org/docs/msn/general/http_examples.php || url,doc.emergingthreats.net/2009376 1 || 2009377 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Acute Control Panel container.php theme_directory parameter local file inclusion || url,secunia.com/advisories/34485/ || bugtraq,34265 || url,milw0rm.com/exploits/8291 || url,doc.emergingthreats.net/2009377 1 || 2009378 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Acute Control Panel container.php theme_directory parameter remote file inclusion || url,secunia.com/advisories/34485/ || bugtraq,34265 || url,milw0rm.com/exploits/8291 || url,doc.emergingthreats.net/2009378 1 || 2009379 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Acute Control Panel header.php theme_directory parameter remote file inclusion || url,secunia.com/advisories/34485/ || bugtraq,34265 || url,milw0rm.com/exploits/8291 || url,doc.emergingthreats.net/2009379 1 || 2009380 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Acute Control Panel header.php theme_directory parameter local file inclusion || url,secunia.com/advisories/34485/ || bugtraq,34265 || url,milw0rm.com/exploits/8291 || url,doc.emergingthreats.net/2009380 1 || 2009381 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interact embedforum.php Remote File Inclusion || url,milw0rm.com/exploits/5526 || bugtraq,28996 || url,doc.emergingthreats.net/2009381 1 || 2009382 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Agares Media ThemeSiteScript frontpage_right.php Remote File Inclusion || bugtraq,31959 || url,milw0rm.com/exploits/6859 || url,vupen.com/english/advisories/2008/2959 || url,doc.emergingthreats.net/2009382 1 || 2009383 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Dada Mail Manager Component config.dadamail.php GLOBALS Parameter Local File Inclusion || url,secunia.com/advisories/32551 || bugtraq,32135 || url,www.exploit-db.com/exploits/7002/ || url,doc.emergingthreats.net/2009383 1 || 2009384 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Dada Mail Manager Component config.dadamail.php GLOBALS Parameter Remote File Inclusion || url,secunia.com/advisories/32551 || bugtraq,32135 || url,www.exploit-db.com/exploits/7002/ || url,doc.emergingthreats.net/2009384 1 || 2009385 || 7 || web-application-attack || 0 || ET ACTIVEX Symantec WinFax Pro DCCFAXVW.DLL Heap Buffer Overflow || bugtraq,34766 || url,milw0rm.com/exploits/8562 || url,doc.emergingthreats.net/2009385 1 || 2009386 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interact lib.inc.php Remote File Inclusion || url,milw0rm.com/exploits/5526 || bugtraq,28996 || url,doc.emergingthreats.net/2009386 1 || 2009387 || 4 || attempted-admin || 0 || ET POLICY PPTP Requester is not authorized to establish a command channel || url,tools.ietf.org/html/rfc2637 || url,doc.emergingthreats.net/2009387 || url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-June/002705.html 1 || 2009388 || 5 || trojan-activity || 0 || ET TROJAN Bredolab Downloader Response Binaries from Controller || url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B || url,doc.emergingthreats.net/2009388 1 || 2009389 || 9 || trojan-activity || 0 || ET DELETED Tornado Pack Binary Request || url,dxp2532.blogspot.com/2009/05/tornado-exploit-pack.html 1 || 2009390 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPizabi dac.php sendChatData Parameter Local File Inclusion || url,milw0rm.com/exploits/8268 || bugtraq,34213 || url,doc.emergingthreats.net/2009390 1 || 2009391 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Onguma Time Sheet Component onguma.class.php mosConfig_absolute_path Parameter Remote File Inclusion || bugtraq,32095 || cve,CVE-2008-6347 || url,www.exploit-db.com/exploits/6976/ || url,doc.emergingthreats.net/2009391 1 || 2009393 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YouTube Blog cuerpo.php base_archivo Local File Inclusion || url,milw0rm.com/exploits/6117 || bugtraq,30345 || url,secunia.com/advisories/31161 || url,doc.emergingthreats.net/2009393 1 || 2009394 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GDL gdl.php node Parameter SQL Injection || bugtraq,34144 || url,milw0rm.com/exploits/8228 || url,doc.emergingthreats.net/2009394 1 || 2009395 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OTManager ADM_Pagina.php Tipo Remote File Inclusion || cve,CVE-2008-5063 || url,vupen.com/english/advisories/2008/3093 || url,secunia.com/advisories/32645 || url,doc.emergingthreats.net/2009395 1 || 2009396 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OTManager ADM_Pagina.php Tipo Local File Inclusion || cve,CVE-2008-5063 || url,vupen.com/english/advisories/2008/3093 || url,secunia.com/advisories/32645 || url,doc.emergingthreats.net/2009396 1 || 2009397 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpProfiles body_comm.inc.php content parameter remote file inclusion || bugtraq,27952 || url,milw0rm.com/exploits/5175 || url,doc.emergingthreats.net/2009397 1 || 2009398 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HoMaP plugin_admin.php _settings Parameter Remote File Inclusion || url,milw0rm.com/exploits/5902 || bugtraq,29877 || url,doc.emergingthreats.net/2009398 1 || 2009399 || 8 || web-application-attack || 0 || ET ACTIVEX Autodesk IDrop Indicator ActiveX Control Memory Corruption || url,secunia.com/advisories/34563/ || url,archives.neohapsis.com/archives/fulldisclosure/2009-04/0020.html || url,vupen.com/english/advisories/2009/0942 || url,milw0rm.com/exploits/8560 || url,doc.emergingthreats.net/2009399 1 || 2009400 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft Communications Control Clsid Access || url,www.microsoft.com/technet/security/advisory/969898.mspx || url,doc.emergingthreats.net/2009400 1 || 2009401 || 26 || attempted-user || 0 || ET ACTIVEX Microgaming FlashXControl Control Clsid Access || url,www.microsoft.com/technet/security/advisory/969898.mspx || url,www.microgaming.co.uk/news_flashxcontrol.php || url,doc.emergingthreats.net/2009401 1 || 2009402 || 9 || attempted-user || 0 || ET ACTIVEX eBay Enhanced Picture Services Control Clsid Access (1) || url,www.kb.cert.org/vuls/id/983731 || url,www.microsoft.com/technet/security/advisory/969898.mspx || url,pages.ebay.com/securitycenter/activex/index.html || url,doc.emergingthreats.net/2009402 1 || 2009403 || 9 || attempted-user || 0 || ET ACTIVEX eBay Enhanced Picture Services Control Clsid Access (2) || url,www.kb.cert.org/vuls/id/983731 || url,www.microsoft.com/technet/security/advisory/969898.mspx || url,pages.ebay.com/securitycenter/activex/index.html || url,doc.emergingthreats.net/2009403 1 || 2009404 || 8 || attempted-user || 0 || ET ACTIVEX HP Virtual Rooms Control Clsid Access || url,www.microsoft.com/technet/security/advisory/969898.mspx || url,h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01678405 || url,doc.emergingthreats.net/2009404 1 || 2009405 || 4 || trojan-activity || 0 || ET TROJAN Personal Defender 2009 - prinimalka.py || url,malwarebytes.besttechie.net/2008/11/03/removal-instructions-for-personal-defender-2009/ || url,doc.emergingthreats.net/2009405 1 || 2009406 || 4 || trojan-activity || 0 || ET TROJAN Personal Defender 2009 - trash.py || url,malwarebytes.besttechie.net/2008/11/03/removal-instructions-for-personal-defender-2009/ || url,doc.emergingthreats.net/2009406 1 || 2009407 || 2 || trojan-activity || 0 || ET TROJAN Koobface BLACKLABEL || url,blog.threatexpert.com/2008/12/koobface-leaves-victims-black-spot.html || url,doc.emergingthreats.net/2009407 1 || 2009408 || 8 || trojan-activity || 0 || ET TROJAN Patcher/Bankpatch V2 Communication with Controller || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS%3AWin32%2FBanker.O 1 || 2009409 || 5 || trojan-activity || 0 || ET TROJAN Patcher/Bankpatch Module Download Request || url,www.symantec.com/security_response/writeup.jsp?docid=2008-081817-1808-99&tabid=2 || url,doc.emergingthreats.net/2009409 1 || 2009410 || 5 || trojan-activity || 0 || ET TROJAN Gozi check-in / update || url,www.secureworks.com/research/threats/gozi || url,doc.emergingthreats.net/2009410 1 || 2009411 || 10 || attempted-user || 0 || ET ACTIVEX McAfee ePolicy Orchestrator naPolicyManager.dll Arbitrary Data Write Attempt || url,www.securitytracker.com/alerts/2009/Jun/1022413.html || url,www.packetstormsecurity.com/0906-exploits/mcafee-activex.txt || url,doc.emergingthreats.net/2009411 1 || 2009412 || 11 || trojan-activity || 0 || ET DELETED Generic Trojan Checkin || url,doc.emergingthreats.net/2009412 1 || 2009413 || 4 || attempted-dos || 0 || ET DELETED Possible Slowloris Tool HTTP/Proxy Denial Of Service Attempt || url,isc.sans.org/diary.html?storyid=6601 || url,www.packetstormsecurity.com/filedesc/slowloris.pl.txt.html || url,doc.emergingthreats.net/2009413 1 || 2009414 || 5 || attempted-dos || 0 || ET DOS Large amount of TCP ZeroWindow - Possible Nkiller2 DDos attack || url,doc.emergingthreats.net/2009414 1 || 2009415 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PhpBlock basicfogfactory.class.php PATH_TO_CODE Parameter Remote File Inclusion || bugtraq,28588 || url,milw0rm.com/exploits/5348 || url,doc.emergingthreats.net/2009415 1 || 2009416 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS txtSQL startup.php CFG Parameter Remote File Inclusion || bugtraq,30625 || url,milw0rm.com/exploits/6224 || url,doc.emergingthreats.net/2009416 1 || 2009417 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blogplus block_center_down.php Local File Inclusion || url,milw0rm.com/exploits/8290 || bugtraq,34261 || url,secunia.com/advisories/34480/ || url,doc.emergingthreats.net/2009417 1 || 2009418 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blogplus block_center_top.php Local File Inclusion || url,milw0rm.com/exploits/8290 || bugtraq,34261 || url,secunia.com/advisories/34480/ || url,doc.emergingthreats.net/2009418 1 || 2009420 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blogplus block_left.php Local File Inclusion || url,milw0rm.com/exploits/8290 || bugtraq,34261 || url,secunia.com/advisories/34480/ || url,doc.emergingthreats.net/2009420 1 || 2009421 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blogplus block_right.php Local File Inclusion || url,milw0rm.com/exploits/8290 || bugtraq,34261 || url,secunia.com/advisories/34480/ || url,doc.emergingthreats.net/2009421 1 || 2009422 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blogplus window_down.php Local File Inclusion || url,milw0rm.com/exploits/8290 || bugtraq,34261 || url,secunia.com/advisories/34480/ || url,doc.emergingthreats.net/2009422 1 || 2009423 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blogplus window_top.php Local File Inclusion || url,milw0rm.com/exploits/8290 || bugtraq,34261 || url,secunia.com/advisories/34480/ || url,doc.emergingthreats.net/2009423 1 || 2009424 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AjaxPortal ajaxp_backend.php page Parameter SQL Injection || url,milw0rm.com/exploits/8341 || bugtraq,34338 || url,doc.emergingthreats.net/2009424 1 || 2009425 || 10 || web-application-attack || 0 || ET ACTIVEX BaoFeng Storm ActiveX Control OnBeforeVideoDownload Method Buffer Overflow || bugtraq,34789 || url,milw0rm.com/exploits/8579 || url,doc.emergingthreats.net/2009425 1 || 2009427 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grape Web Statistics functions.php location Parameter Remote File Inclusion || bugtraq,28838 || url,juniper.net/security/auto/vulnerabilities/vuln28838.html || url,milw0rm.com/exploits/5463 || url,doc.emergingthreats.net/2009427 1 || 2009428 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExBB threadstop.php exbb Parameter Local File Inclusion || bugtraq,28686 || url,milw0rm.com/exploits/5405 || url,doc.emergingthreats.net/2009428 1 || 2009429 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CAT2 spaw_control.class.php spaw_root Parameter Local File Inclusion || url,xforce.iss.net/xforce/xfdb/43536 || bugtraq,30042 || url,milw0rm.com/exploits/5983 || url,doc.emergingthreats.net/2009429 1 || 2009430 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mole viewsource.php fname Parameter Local File Inclusion || url,milw0rm.com/exploits/5394 || url,secunia.com/advisories/29685 || bugtraq,28659 || url,doc.emergingthreats.net/2009430 1 || 2009431 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NewsOffice news_show.php newsoffice_directory Parameter Local File Inclusion || url,secunia.com/advisories/29797 || bugtraq,28748 || url,www.exploit-db.com/exploits/5429/ || url,doc.emergingthreats.net/2009431 1 || 2009432 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NewsOffice news_show.php newsoffice_directory Parameter Remote File Inclusion || url,secunia.com/advisories/29797 || bugtraq,28748 || url,www.exploit-db.com/exploits/5429/ || url,doc.emergingthreats.net/2009432 1 || 2009434 || 6 || web-application-attack || 0 || ET ACTIVEX Sun Java Runtime Environment ActiveX Control Multiple Remote Buffer Overflow || url,xforce.iss.net/xforce/xfdb/50508 || bugtraq,34931 || url,milw0rm.com/exploits/8665 || url,doc.emergingthreats.net/2009434 1 || 2009435 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 123 FlashChat Module 123flashchat.php e107path Parameter Remote File Inclusion || url,xforce.iss.net/xforce/xfdb/41867 || url,secunia.com/advisories/29870 || url,milw0rm.com/exploits/5459 || url,doc.emergingthreats.net/2009435 1 || 2009436 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 123 FlashChat Module 123flashchat.php e107path Parameter Local File Inclusion || url,xforce.iss.net/xforce/xfdb/41867 || url,secunia.com/advisories/29870 || url,milw0rm.com/exploits/5459 || url,doc.emergingthreats.net/2009436 1 || 2009437 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mole viewsource.php dirn Parameter Local File Inclusion || url,milw0rm.com/exploits/5394 || url,secunia.com/advisories/29685 || bugtraq,28659 || url,doc.emergingthreats.net/2009437 1 || 2009438 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Mozilla/4.8 ru) || url,doc.emergingthreats.net/2009438 1 || 2009439 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (HelpSrvc) || url,doc.emergingthreats.net/2009439 1 || 2009440 || 6 || trojan-activity || 0 || ET DELETED Suspicious User Agent (Internet Antivirus Pro) || url,doc.emergingthreats.net/2009440 1 || 2009441 || 6 || trojan-activity || 0 || ET TROJAN Swizzor Family GET || url,www.threatexpert.com/report.aspx?md5=ed06e3cd6f57fc260194bf9fa224181e || url,doc.emergingthreats.net/2009441 1 || 2009442 || 10 || trojan-activity || 0 || ET TROJAN Murlo Trojan Checkin || url,doc.emergingthreats.net/2009442 1 || 2009443 || 5 || trojan-activity || 0 || ET TROJAN NoBo Downloader Dropper GET || url,www.spynomore.com/trojan-nobo-v1-3.htm || url,doc.emergingthreats.net/2009443 1 || 2009444 || 5 || trojan-activity || 0 || ET TROJAN Virut Family GET || url,www.f-secure.com/v-descs/virus_w32_virut.shtml || url,www.spywareremove.com/removeVirusVirutr.html || url,www.malwaredomainlist.com/mdl.php?search=lgate.php&colsearch=All&quantity=50 || url,www.threatexpert.com/reports.aspx?find=virut&x=0&y=0 || url,doc.emergingthreats.net/2009444 1 || 2009445 || 10 || trojan-activity || 0 || ET MALWARE User-Agent (AgavaDwnl) - Possibly Xema || url,doc.emergingthreats.net/2009445 1 || 2009446 || 8 || trojan-activity || 0 || ET POLICY trymedia.com User-Agent (Macrovision_DM) || url,doc.emergingthreats.net/2009445 1 || 2009447 || 7 || trojan-activity || 0 || ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download || url,doc.emergingthreats.net/2009447 1 || 2009448 || 5 || trojan-activity || 0 || ET TROJAN Zbot/Beomok/PSW - HTTP POST || url,doc.emergingthreats.net/2009448 1 || 2009449 || 4 || trojan-activity || 0 || ET TROJAN Trash Family - HTTP POST || url,www.spywareguide.com/product_show.php?id=1935 || url,www.sunbeltsecurity.com/threatdisplay.aspx?name=Trojan.Trash.Gen&tid=178782&cs=03253E96A71C3EE824071E5BE3A32CCD || url,doc.emergingthreats.net/2009449 1 || 2009450 || 6 || trojan-activity || 0 || ET TROJAN Atya Dropper Possible Rootkit - HTTP GET || url,www.paretologic.com/resources/definitions.aspx?remove=%41%67%65%6e%74%20%41%74%79%61%20%54%72%6f%6a%61%6e || url,doc.emergingthreats.net/2009450 1 || 2009451 || 6 || trojan-activity || 0 || ET TROJAN Common Trojan HTTP GET Logging || url,www.virustotal.com/analisis/df09ec9ec4e5caa42db9d08e0f9d34b378e301a1eeb3aa1e6dbd0de1aa4a66be-1246158969 || url,doc.emergingthreats.net/2009451 1 || 2009453 || 6 || trojan-activity || 0 || ET TROJAN BANLOAD Downloader GET Checkin || url,www.sophos.com/security/analyses/viruses-and-spyware/trojbanloe.html || url,doc.emergingthreats.net/2009453 1 || 2009454 || 6 || trojan-activity || 0 || ET DELETED Parite.B GET || url,www.pandasecurity.com/homeusers/security-info/18181/information/Parite.B || url,www.pctools.com/mrc/infections/id/Virus.Parite.B/ || url,www.threatexpert.com/threats/w32-parite-b.html || url,doc.emergingthreats.net/2009454 1 || 2009455 || 7 || trojan-activity || 0 || ET TROJAN FAKE AV HTTP CnC Post || url,doc.emergingthreats.net/2009455 1 || 2009456 || 5 || trojan-activity || 0 || ET DELETED Suspicious User Agent (ClickAdsByIE) || url,doc.emergingthreats.net/2009445 1 || 2009457 || 6 || trojan-activity || 0 || ET TROJAN Virut Counter/Check-in || url,www.threatexpert.com/reports.aspx?find=ipk8888.cn&x=0&y=0 || url,doc.emergingthreats.net/2009457 1 || 2009458 || 8 || trojan-activity || 0 || ET TROJAN Win32/Sisron/BackDoor.Cybergate.1 Checkin || url,doc.emergingthreats.net/2009458 1 || 2009459 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orlando CMS classes init.php GLOBALS Parameter Remote File Inclusion || bugtraq,29820 || url,milw0rm.com/exploits/5864 || url,doc.emergingthreats.net/2009459 1 || 2009460 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orlando CMS newscat.php GLOBALS Parameter Remote File Inclusion || bugtraq,29820 || url,milw0rm.com/exploits/5864 || url,doc.emergingthreats.net/2009460 1 || 2009461 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orlando CMS init.php GLOBALS Parameter Local File Inclusion || bugtraq,29820 || url,milw0rm.com/exploits/5864 || url,doc.emergingthreats.net/2009461 1 || 2009462 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orlando CMS stage1.php GLOBALS Parameter Local File Inclusion || bugtraq,29820 || url,milw0rm.com/exploits/5864 || url,doc.emergingthreats.net/2009462 1 || 2009463 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orlando CMS stage4.php GLOBALS Parameter Local File Inclusion || bugtraq,29820 || url,milw0rm.com/exploits/5864 || url,doc.emergingthreats.net/2009463 1 || 2009464 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orlando CMS stage6.php GLOBALS Parameter Local File Inclusion || bugtraq,29820 || url,milw0rm.com/exploits/5864 || url,doc.emergingthreats.net/2009464 1 || 2009466 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Competitions Component add.php GLOBALS Parameter Remote File Inclusion || bugtraq,32192 || url,milw0rm.com/exploits/7039 || url,doc.emergingthreats.net/2009466 1 || 2009467 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Competitions Component competitions.php GLOBALS Parameter Remote File Inclusion || bugtraq,32192 || url,milw0rm.com/exploits/7039 || url,doc.emergingthreats.net/2009467 1 || 2009468 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Competitions Component settings.php mosConfig_absolute_path Parameter Remote File Inclusion || bugtraq,32192 || url,milw0rm.com/exploits/7039 || url,doc.emergingthreats.net/2009468 1 || 2009469 || 11 || web-application-attack || 0 || ET ACTIVEX AOL Radio AmpX ActiveX Control ConvertFile Method Buffer Overflow || url,milw0rm.com/exploits/8733 || bugtraq,35028 || url,doc.emergingthreats.net/2009469 1 || 2009470 || 10 || trojan-activity || 0 || ET TROJAN Generic Info Stealer - HTTP POST || url,doc.emergingthreats.net/2009470 1 || 2009471 || 9 || trojan-activity || 0 || ET TROJAN Bancos/Banker Info Stealer Post || url,www.pctools.com/mrc/infections/id/Trojan.Bancos/ || url,www.threatexpert.com/reports.aspx?find=Trojan.Bancos || url,doc.emergingthreats.net/2009471 1 || 2009472 || 6 || trojan-activity || 0 || ET TROJAN Fasec/FakeAV Alert/Keylogger/Dropper/DNSChanger Possible Rootkit - HTTP GET || url,www.avast.com/eng/win32-fasec.html || url,www.threatexpert.com/threats/virus-win32-fasec.html || url,doc.emergingthreats.net/2009472 1 || 2009474 || 4 || trojan-activity || 0 || ET TROJAN Sality - Fake Opera User-Agent || url,www.spywareremove.com/removeTrojanDownloaderSalityG.html || url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM || url,doc.emergingthreats.net/2009474 1 || 2009475 || 8 || policy-violation || 0 || ET POLICY TeamViewer Dyngate User-Agent || url,www.teamviewer.com/index.aspx || url,doc.emergingthreats.net/2009475 1 || 2009476 || 8 || attempted-recon || 0 || ET SCAN Possible jBroFuzz Fuzzer Detected || url,www.owasp.org/index.php/Category%3aOWASP_JBroFuzz || url,doc.emergingthreats.net/2009476 1 || 2009477 || 3 || attempted-recon || 0 || ET SCAN SQLBrute SQL Scan Detected || url,www.justinclarke.com/archives/2006/03/sqlbrute.html || url,www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/ || url,doc.emergingthreats.net/2009477 1 || 2009478 || 4 || attempted-recon || 0 || ET DELETED SQLCheck Database Scan Detected || url,wiki.remote-exploit.org/backtrack/wiki/SQLcheck || url,doc.emergingthreats.net/2009478 1 || 2009479 || 8 || attempted-recon || 0 || ET SCAN Asp-Audit Web Scan Detected || url,www.hacker-soft.net/Soft/Soft_2895.htm || url,wiki.remote-exploit.org/backtrack/wiki/asp-audit || url,doc.emergingthreats.net/2009479 1 || 2009480 || 7 || attempted-recon || 0 || ET SCAN Grendel Web Scan - Default User Agent Detected || url,www.grendel-scan.com || url,doc.emergingthreats.net/2009480 1 || 2009481 || 5 || attempted-recon || 0 || ET SCAN Grendel-Scan Web Application Security Scan Detected || url,www.grendel-scan.com || url,doc.emergingthreats.net/2009481 1 || 2009483 || 4 || attempted-recon || 0 || ET SCAN Grabber.py Web Scan Detected || url,rgaucher.info/beta/grabber/ || url,doc.emergingthreats.net/2009483 1 || 2009484 || 7 || web-application-attack || 0 || ET WEB_SERVER Cpanel lastvisit.html Arbitary file disclosure || url,milw0rm.com/exploits/9039 || bugtraq,35518 || url,doc.emergingthreats.net/2009484 1 || 2009485 || 6 || attempted-recon || 0 || ET WEB_SERVER /etc/shadow Detected in URI || url,en.wikipedia.org/wiki/Shadow_password || url,doc.emergingthreats.net/2009485 1 || 2009486 || 14 || trojan-activity || 0 || ET TROJAN APT1 WEBC2-UGX Related Pingbed/Downbot User-Agent (Windows+NT+5.x) || url,www.mandiant.com/apt1 || md5,14cfaefa5b8bc6400467fba8af146b71 1 || 2009487 || 5 || trojan-activity || 0 || ET TROJAN Downloader Possible AV KILLER || url,doc.emergingthreats.net/2009487 1 || 2009491 || 4 || web-application-attack || 0 || ET DELETED Microsoft DirectShow ActiveX Exploit Attempt || url,csis.dk/dk/nyheder/nyheder.asp?tekstID=799 || url,tools.cisco.com/security/center/viewAlert.x?alertId=18595 || url,doc.emergingthreats.net/2009491 1 || 2009493 || 5 || trojan-activity || 0 || ET DELETED Likely MSVIDCTL.dll exploit in transit || url,isc.sans.org/diary.html?storyid=6733 || url,tools.cisco.com/security/center/viewAlert.x?alertId=18595 || url,doc.emergingthreats.net/2009493 1 || 2009494 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde XSS attempt colorpicker.php || url,bugs.horde.org/ticket/8399 || url,doc.emergingthreats.net/2009494 1 || 2009495 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde XSS attempt test.php || url,bugs.horde.org/ticket/8399 || url,doc.emergingthreats.net/2009495 1 || 2009496 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde XSS attempt passwd/main.php || url,bugs.horde.org/ticket/8398 || url,doc.emergingthreats.net/2009496 1 || 2009497 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde XSS attempt colorpicker.php (2) || url,bugs.horde.org/ticket/8399 || url,doc.emergingthreats.net/2009497 1 || 2009498 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde XSS attempt test.php (2) || url,bugs.horde.org/ticket/8399 || url,doc.emergingthreats.net/2009498 1 || 2009499 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde XSS attempt passwd/main.php (2) || url,bugs.horde.org/ticket/8398 || url,doc.emergingthreats.net/2009499 1 || 2009500 || 8 || web-application-attack || 0 || ET ACTIVEX Chinagames ActiveX Control CreateChinagames Method Buffer Overflow || bugtraq,34871 || url,milw0rm.com/exploits/8758 || url,doc.emergingthreats.net/2009500 1 || 2009501 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS nweb2fax viewrq.php var_filename Parameter Directory Traversal || bugtraq,29804 || url,milw0rm.com/exploits/5856 || url,doc.emergingthreats.net/2009501 1 || 2009502 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Quantum Game Library server_request.php CONFIG Parameter Remote File Inclusion || bugtraq,27945 || url,secunia.com/advisories/29077 || url,milw0rm.com/exploits/5174 || url,doc.emergingthreats.net/2009502 1 || 2009503 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Quantum Game Library server_request.php CONFIG Parameter Local File Inclusion || bugtraq,27945 || url,secunia.com/advisories/29077 || url,milw0rm.com/exploits/5174 || url,doc.emergingthreats.net/2009503 1 || 2009504 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Quantum Game Library smarty.inc.php CONFIG Parameter Remote File Inclusion || bugtraq,27945 || url,secunia.com/advisories/29077 || url,milw0rm.com/exploits/5174 || url,doc.emergingthreats.net/2009504 1 || 2009505 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Quantum Game Library smarty.inc.php CONFIG Parameter Local File Inclusion || bugtraq,27945 || url,secunia.com/advisories/29077 || url,milw0rm.com/exploits/5174 || url,doc.emergingthreats.net/2009505 1 || 2009506 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Falcon Series One sitemap.xml.php dir Parameter Remote File Inclusion || url,secunia.com/advisories/28047 || url,milw0rm.com/exploits/4712 || url,doc.emergingthreats.net/2009506 1 || 2009507 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Falcon Series One sitemap.xml.php dir Parameter Local File Inclusion || url,secunia.com/advisories/28047 || url,milw0rm.com/exploits/4712 || url,doc.emergingthreats.net/2009507 1 || 2009508 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Job2C windetail.php adtype Parameter Local File Inclusion || bugtraq,34537 || url,milw0rm.com/exploits/8443 || url,doc.emergingthreats.net/2009508 1 || 2009509 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Job2C detail.php adtype Parameter Local File Inclusion || bugtraq,34537 || url,milw0rm.com/exploits/8443 || url,doc.emergingthreats.net/2009509 1 || 2009511 || 7 || web-application-attack || 0 || ET EXPLOIT VLC web interface buffer overflow attempt || url,milw0rm.org/exploits/9029 || url,doc.emergingthreats.net/2009511 1 || 2009512 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Session) - Possible Trojan-Clicker || url,doc.emergingthreats.net/2009512 1 || 2009513 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Rentventory SQL Injection Attempt || url,www.milw0rm.com/exploits/9081 || url,doc.emergingthreats.net/2009513 1 || 2009514 || 6 || trojan-activity || 0 || ET TROJAN FAKE/ROGUE AV HTTP Post || url,doc.emergingthreats.net/2009514 1 || 2009516 || 7 || trojan-activity || 0 || ET TROJAN Generic Win32.Autorun HTTP Post || url,www.threatexpert.com/threats/worm-win32-autorun.html || url,doc.emergingthreats.net/2009516 1 || 2009517 || 8 || trojan-activity || 0 || ET TROJAN Qhosts Trojan Check-in || url,www.symantec.com/security_response/writeup.jsp?docid=2003-100116-5901-99 || url,doc.emergingthreats.net/2009517 1 || 2009518 || 4 || trojan-activity || 0 || ET TROJAN s4t4n1c Trojan Check-in || url,doc.emergingthreats.net/2009518 1 || 2009519 || 8 || trojan-activity || 0 || ET TROJAN Gaboc Trojan Check-in || url,www.threatexpert.com/report.aspx?md5=6e871b9c440d5c77b9158ebcbe3fcd4b || url,doc.emergingthreats.net/2009519 1 || 2009520 || 7 || trojan-activity || 0 || ET TROJAN Urlzone/Bebloh Trojan Check-in || url,doc.emergingthreats.net/2009520 1 || 2009521 || 4 || trojan-activity || 0 || ET TROJAN Unknown Trojan HTTP Check-in || url,doc.emergingthreats.net/2009521 1 || 2009522 || 8 || trojan-activity || 0 || ET TROJAN Win32/Pasta Downloader - GET Checkin to Fake GIF || url,malwarebytes.org/malwarenet.php?name=Trojan.Pasta || url,doc.emergingthreats.net/2009522 1 || 2009524 || 7 || trojan-activity || 0 || ET MALWARE MySideSearch Browser Optimizer || url,www.spywareremove.com/removeMySideSearch.html || url,www.threatexpert.com/threats/adware-win32-mysidesearch.html || url,www.pctools.com/mrc/infections/id/Adware.MySideSearch/ || url,doc.emergingthreats.net/2009524 1 || 2009525 || 5 || trojan-activity || 0 || ET TROJAN Sality - Fake Opera User-Agent || url,www.spywareremove.com/removeTrojanDownloaderSalityG.html || url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM || url,doc.emergingthreats.net/2009525 1 || 2009526 || 6 || trojan-activity || 0 || ET TROJAN Downloader Checkin - Downloads Rogue Adware || url,doc.emergingthreats.net/2009526 1 || 2009527 || 7 || trojan-activity || 0 || ET TROJAN Generic Downloader Checkin - HTTP GET || url,doc.emergingthreats.net/2009527 1 || 2009530 || 6 || trojan-activity || 0 || ET TROJAN Sality - Fake Opera User-Agent (Opera/8.89) || url,www.spywareremove.com/removeTrojanDownloaderSalityG.html || url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM || url,doc.emergingthreats.net/2009530 1 || 2009531 || 9 || trojan-activity || 0 || ET TROJAN Gamania Trojan Check-in || url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=166939 || url,doc.emergingthreats.net/2009531 1 || 2009532 || 5 || trojan-activity || 0 || ET TROJAN BackDoor-EGB Check-in || url,doc.emergingthreats.net/2009532 || url,home.mcafee.com/virusinfo/virusprofile.aspx?key=239060 1 || 2009533 || 7 || trojan-activity || 0 || ET TROJAN Keylogger Pro Update Check || url,vil.nai.com/vil/content/v_130975.htm || url,doc.emergingthreats.net/2009533 1 || 2009534 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Poker) || url,vil.nai.com/vil/content/v_130975.htm || url,doc.emergingthreats.net/2009534 1 || 2009535 || 4 || misc-activity || 0 || ET POLICY Telnet to HP JetDirect Printer With No Password Set || url,h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj05999#A3 || url,doc.emergingthreats.net/2009535 1 || 2009536 || 4 || misc-activity || 0 || ET POLICY External FTP Connection TO Local HP JetDirect Printer || url,h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj06165 || url,doc.emergingthreats.net/2009536 1 || 2009537 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Loands) - Possible Trojan Downloader GET Request || url,doc.emergingthreats.net/2009537 1 || 2009538 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ms_ie) - Crypt.ZPACK Gen Trojan Downloader GET Request || url,doc.emergingthreats.net/2009538 1 || 2009539 || 8 || trojan-activity || 0 || ET TROJAN Downloader Infostealer - GET Checkin || url,doc.emergingthreats.net/2009539 1 || 2009540 || 9 || trojan-activity || 0 || ET TROJAN PCFlashbang.com Spyware Checkin (PCFlashBangA) || url,www.ca.com/us/securityadvisor/pest/pest.aspx?id=453113169 || url,doc.emergingthreats.net/2009540 1 || 2009541 || 6 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent filled with System Details - GET Request || url,doc.emergingthreats.net/2009541 1 || 2009542 || 5 || trojan-activity || 0 || ET DELETED Silentbanker/Yaludle Checkin to C&C || url,doc.emergingthreats.net/2009542 1 || 2009544 || 6 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (InHold) - Possible Trojan Downloader GET Request || url,doc.emergingthreats.net/2009544 1 || 2009545 || 9 || trojan-activity || 0 || ET MALWARE User-Agent (_TEST_) || url,doc.emergingthreats.net/2009545 1 || 2009547 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Forthgoner) - Possible Trojan Downloader GET Request || url,doc.emergingthreats.net/2009547 1 || 2009548 || 5 || trojan-activity || 0 || ET DELETED Adware/Spyware Adrotator for Rogue AV || url,www.spywaredetector.net/spyware_encyclopedia/Trojan.Vapsup.htm || url,www.spywaredetector.net/spyware_encyclopedia/Fake AntiSpyware.POWER-ANTIVIRUS-2009.htm || url,www.threatexpert.com/threats/adware-agent-gen.html || url,novirusthanks.org/blog/2008/11/rogue-antispyware-2009-served-through-beedlyus-ads/ || url,doc.emergingthreats.net/2009548 1 || 2009549 || 6 || trojan-activity || 0 || ET TROJAN Generic Downloader - HTTP POST || url,doc.emergingthreats.net/2009549 1 || 2009550 || 8 || trojan-activity || 0 || ET TROJAN Banker PWS/Infostealer HTTP GET Checkin || url,www.pctools.com/mrc/infections/id/Trojan.Banker/ || url,doc.emergingthreats.net/2009550 1 || 2009553 || 7 || trojan-activity || 0 || ET TROJAN FAKE/ROGUE AV Encoded data= HTTP POST || url,doc.emergingthreats.net/2009553 1 || 2009554 || 6 || trojan-activity || 0 || ET TROJAN FAKE/ROGUE AV/Security Application Checkin || url,doc.emergingthreats.net/2009554 1 || 2009555 || 7 || attempted-recon || 0 || ET SCAN Absinthe SQL Injection Tool HTTP Header Detected || url,0x90.org/releases/absinthe || url,doc.emergingthreats.net/2009555 1 || 2009557 || 2 || trojan-activity || 0 || ET TROJAN Yoda's Protector Packed Binary - VERY Likely Hostile || url,doc.emergingthreats.net/2009557 1 || 2009558 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter File Download Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009558 1 || 2009559 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Process List (ps) Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009559 1 || 2009560 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Getuid Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009560 1 || 2009561 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Process Migration Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009561 1 || 2009562 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter ipconfig Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009562 1 || 2009563 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Sysinfo Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009563 1 || 2009564 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Route Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009564 1 || 2009565 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Kill Process Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009565 1 || 2009566 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Print Working Directory Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009566 1 || 2009567 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter View Current Process ID Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009567 1 || 2009568 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Execute Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009568 1 || 2009569 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter System Reboot/Shutdown Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009569 1 || 2009570 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter System Get Idle Time Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009570 1 || 2009571 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Make Directory Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009571 1 || 2009572 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Remove Directory Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009572 1 || 2009573 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Change Directory Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009573 1 || 2009574 || 3 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter List (ls) Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009574 1 || 2009575 || 3 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter rev2self Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009575 1 || 2009576 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Enabling/Disabling of Keyboard Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009576 1 || 2009577 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Enabling/Disabling of Mouse Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009577 1 || 2009578 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter File/Memory Interaction Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009578 1 || 2009579 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Registry Interation Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009579 1 || 2009580 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter File Upload Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009580 1 || 2009581 || 4 || successful-admin || 0 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host || url,doc.emergingthreats.net/2009581 1 || 2009582 || 2 || attempted-recon || 0 || ET SCAN NMAP -sS window 1024 || url,doc.emergingthreats.net/2000537 1 || 2009583 || 2 || attempted-recon || 0 || ET SCAN NMAP -sS window 3072 || url,doc.emergingthreats.net/2000537 1 || 2009584 || 1 || attempted-recon || 0 || ET SCAN NMAP -sS window 4096 || url,doc.emergingthreats.net/2000537 1 || 2009586 || 3 || misc-activity || 0 || ET DELETED Milw0rm Exploit Launch Attempt || url,www.milw0rm.com || url,doc.emergingthreats.net/2009586 1 || 2009587 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtualmin left.cgi XSS attempt || url,milw0rm.com/exploits/9143 || url,doc.emergingthreats.net/2009587 1 || 2009588 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtualmin link.cgi XSS attempt || url,milw0rm.com/exploits/9143 || url,doc.emergingthreats.net/2009588 1 || 2009589 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtualmin Anonymous Proxy attempt || url,milw0rm.com/exploits/9143 || url,doc.emergingthreats.net/2009589 1 || 2009590 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb edituser.php XSS attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009590 1 || 2009591 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb console.php XSS attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009591 1 || 2009592 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb forcesd.php XSS attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009592 1 || 2009593 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb forcerestart.php XSS attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009593 1 || 2009594 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb changepw.php CSRF attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009594 1 || 2009595 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb hardstopvm.php CSRF attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009595 1 || 2009596 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb writeconfig.php Remote Command Execution attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009596 1 || 2009597 || 4 || trojan-activity || 0 || ET DELETED Adware Istbar Search Hijacker and Downloader || url,www.pctools.com/mrc/infections/id/Trojan.ISTbar/ || url,www.threatexpert.com/reports.aspx?find=Trojan.ISTbar || url,doc.emergingthreats.net/2009597 1 || 2009598 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (29) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009598 1 || 2009599 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (30) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009599 1 || 2009600 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (31) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009600 1 || 2009601 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (32) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009601 1 || 2009602 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (33) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009602 1 || 2009603 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (34) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009603 1 || 2009604 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (35) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009604 1 || 2009606 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (37) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009606 1 || 2009607 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (38) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009607 1 || 2009609 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (40) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009609 1 || 2009610 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (41) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009610 1 || 2009611 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (42) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009611 1 || 2009612 || 3 || web-application-attack || 0 || ET DELETED Vulnerable Microsoft Video ActiveX CLSID access (43) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009612 1 || 2009613 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (44) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009613 1 || 2009614 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (1) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009614 1 || 2009615 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (2) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009615 1 || 2009616 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (3) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009616 1 || 2009617 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (4) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009617 1 || 2009618 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (5) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009618 1 || 2009619 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (6) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009619 1 || 2009620 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (7) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009620 1 || 2009621 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (8) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009621 1 || 2009622 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (9) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009622 1 || 2009623 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (10) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009623 1 || 2009624 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (11) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009624 1 || 2009625 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (12) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009625 1 || 2009626 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (13) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009626 1 || 2009627 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (14) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009627 1 || 2009628 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (15) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009628 1 || 2009629 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (16) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009629 1 || 2009630 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (17) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009630 1 || 2009631 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (18) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009631 1 || 2009632 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (19) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009632 1 || 2009633 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (20) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009633 1 || 2009634 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (21) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009634 1 || 2009635 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (22) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009635 1 || 2009636 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (23) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009636 1 || 2009638 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (24) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009638 1 || 2009639 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (25) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009639 1 || 2009640 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (26) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009640 1 || 2009641 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (27) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009641 1 || 2009642 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (28) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009642 1 || 2009643 || 5 || web-application-attack || 0 || ET WEB_SERVER Oracle Secure Enterprise Search 10.1.8 search Script XSS attempt || url,dsecrg.com/pages/vul/show.php?id=125 || url,doc.emergingthreats.net/2009643 1 || 2009644 || 5 || web-application-attack || 0 || ET WEB_SERVER Oracle BEA Weblogic Server 10.3 searchQuery XSS attempt || url,dsecrg.com/pages/vul/show.php?id=131 || url,doc.emergingthreats.net/2009644 1 || 2009646 || 5 || attempted-recon || 0 || ET SCAN Acunetix Version 6 (Free Edition) Scan Detected || url,www.acunetix.com/ || url,doc.emergingthreats.net/2009646 1 || 2009647 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hubscript XSS Attempt || url,www.packetstormsecurity.com/0907-exploits/hubscript-xssphpinfo.txt || url,doc.emergingthreats.net/2009647 1 || 2009650 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hubscript PHPInfo Attempt || url,www.packetstormsecurity.com/0907-exploits/hubscript-xssphpinfo.txt || url,doc.emergingthreats.net/2009650 1 || 2009651 || 3 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Channel Interaction Detected, Likely Interaction With Executable || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009651 1 || 2009652 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FreeWebShop startmodules.inc.php lang_file Parameter Local File Inclusion || bugtraq,34538 || url,milw0rm.com/exploits/8446 || url,doc.emergingthreats.net/2009652 1 || 2009653 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SMA-DB format.php _page_css Parameter Remote File Inclusion || bugtraq,34569 || url,milw0rm.com/exploits/8460 || url,doc.emergingthreats.net/2009653 1 || 2009654 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SMA-DB format.php _page_javascript Parameter Remote File Inclusion || bugtraq,34569 || url,milw0rm.com/exploits/8460 || url,doc.emergingthreats.net/2009654 1 || 2009656 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SMA-DB format.php _page_content Parameter Remote File Inclusion || bugtraq,34569 || url,milw0rm.com/exploits/8460 || url,doc.emergingthreats.net/2009656 1 || 2009657 || 8 || web-application-attack || 0 || ET ACTIVEX BaoFeng Storm ActiveX Control SetAttributeValue Method Buffer Overflow || bugtraq,34869 || url,juniper.net/security/auto/vulnerabilities/vuln34869.html || url,vupen.com/english/advisories/2009/1392 || url,milw0rm.com/exploits/8757 || url,doc.emergingthreats.net/2009657 1 || 2009658 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kalptaru Infotech Automated Link Exchange Portal cat_id Parameter SQL Injection || bugtraq,29205 || url,milw0rm.com/exploits/5611 || url,doc.emergingthreats.net/2009658 1 || 2009659 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PowerPHPBoard footer.inc.php settings Parameter Local File Inclusion || cve,CVE-2008-1534 || url,juniper.net/security/auto/vulnerabilities/vuln28421.html || bugtraq,28421 || url,milw0rm.com/exploits/5303 || url,doc.emergingthreats.net/2009659 1 || 2009660 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PowerPHPBoard header.inc.php settings Parameter Local File Inclusion || cve,CVE-2008-1534 || url,juniper.net/security/auto/vulnerabilities/vuln28421.html || bugtraq,28421 || url,milw0rm.com/exploits/5303 || url,doc.emergingthreats.net/2009660 1 || 2009661 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS artmedic weblog artmedic_print.php date Parameter Local File Inclusion || url,secunia.com/advisories/28927/ || url,milw0rm.com/exploits/5116 || url,doc.emergingthreats.net/2009661 1 || 2009663 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TotalCalendar config.php inc_dir Parameter Remote File Inclusion || bugtraq,34617 || url,milw0rm.com/exploits/8494 || url,doc.emergingthreats.net/2009663 1 || 2009665 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Possible JAVA pack200-zip-exploit attempt || url,isc.sans.org/diary.html?storyid=6805&rss || url,doc.emergingthreats.net/2009665 1 || 2009667 || 2 || attempted-admin || 0 || ET POLICY FTP Frequent Administrator Login Attempts || url,doc.emergingthreats.net/2009667 1 || 2009668 || 2 || attempted-admin || 0 || ET POLICY FTP Frequent Admin Login Attempts || url,doc.emergingthreats.net/2009668 1 || 2009670 || 9 || web-application-attack || 0 || ET WEB_SERVER Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt || bugtraq,35464 || url,doc.emergingthreats.net/2009670 1 || 2009671 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS millionpixel payment.php order_id XSS attempt || url,www.packetstormsecurity.org/0907-exploits/millionpixel-xss.txt || url,doc.emergingthreats.net/2009671 1 || 2009672 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS programsrating rate.php id XSS attempt || url,www.packetstormsecurity.org/0907-exploits/programsrating-xss.txt || url,doc.emergingthreats.net/2009672 1 || 2009673 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS programsrating postcomments.php id XSS attempt || url,www.packetstormsecurity.org/0907-exploits/programsrating-xss.txt || url,doc.emergingthreats.net/2009673 1 || 2009674 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guestbook guestbook.php mes_id SQL Injection attempt || url,www.milw0rm.com/exploits/9197 || url,doc.emergingthreats.net/2009674 1 || 2009675 || 5 || successful-recon-limited || 0 || ET ATTACK_RESPONSE Possible Ipconfig Information Detected in HTTP Response || url,en.wikipedia.org/wiki/Ipconfig || url,doc.emergingthreats.net/2009675 1 || 2009676 || 4 || successful-recon-limited || 0 || ET ATTACK_RESPONSE Ipconfig Response Detected || url,en.wikipedia.org/wiki/Ipconfig || url,doc.emergingthreats.net/2009676 1 || 2009677 || 7 || web-application-attack || 0 || ET WEB_SERVER Possible BASE Authentication Bypass Attempt || url,seclists.org/bugtraq/2009/Jun/0218.html || url,seclists.org/bugtraq/2009/Jun/0217.html || url,doc.emergingthreats.net/2009677 1 || 2009678 || 6 || attempted-admin || 0 || ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt || url,isc.sans.org/diary.html?storyid=6853 || url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/ || url,doc.emergingthreats.net/2009678 || url,www.dd-wrt.com/phpBB2/viewtopic.php?t=55173 || bid,35742 || cve,2009-2765 1 || 2009679 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phorum Possible Javascript/Remote-File-Inclusion 1 || url,www.securityfocus.com/bid/12869 || url,www.milw0rm.com/exploits/9231 || url,doc.emergingthreats.net/2009679 1 || 2009680 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phorum Possible Javascript/Remote-File-Inclusion 2 || url,www.securityfocus.com/bid/12869 || url,www.milw0rm.com/exploits/9231 || url,doc.emergingthreats.net/2009680 1 || 2009681 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phorum Possible Javascript/Remote-File-Inclusion 3 || url,www.securityfocus.com/bid/12869 || url,www.milw0rm.com/exploits/9231 || url,doc.emergingthreats.net/2009681 1 || 2009682 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phorum Possible Javascript/Remote-File-Inclusion 4 || url,www.securityfocus.com/bid/12869 || url,www.milw0rm.com/exploits/9231 || url,doc.emergingthreats.net/2009682 1 || 2009683 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phorum Possible Javascript/Remote-File-Inclusion 5 || url,www.securityfocus.com/bid/12869 || url,www.milw0rm.com/exploits/9231 || url,doc.emergingthreats.net/2009683 1 || 2009684 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phorum Possible Javascript/Remote-File-Inclusion 6 || url,www.securityfocus.com/bid/12869 || url,www.milw0rm.com/exploits/9231 || url,doc.emergingthreats.net/2009684 1 || 2009685 || 4 || trojan-activity || 0 || ET TROJAN Unkown Trojan User-Agent (5.1 ...) || url,doc.emergingthreats.net/2009685 1 || 2009687 || 9 || web-application-attack || 0 || ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 1 || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=813 || url,doc.emergingthreats.net/2009687 1 || 2009688 || 8 || web-application-attack || 0 || ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 2 || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=813 || url,doc.emergingthreats.net/2009688 1 || 2009689 || 9 || web-application-attack || 0 || ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 3 || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=813 || url,doc.emergingthreats.net/2009689 1 || 2009690 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMoney html.php page Remote File Inclusion || url,www.packetstormsecurity.org/0907-exploits/3awebmoney-rfi.txt || url,doc.emergingthreats.net/2009690 1 || 2009691 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMoney html2.php page Remote File Inclusion || url,www.packetstormsecurity.org/0907-exploits/3awebmoney-rfi.txt || url,doc.emergingthreats.net/2009691 1 || 2009693 || 4 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Zen Cart Remote Code Execution || url,www.securityfocus.com/bid/35467 || url,www.milw0rm.com/exploits/9004 || url,doc.emergingthreats.net/2009663 1 || 2009694 || 4 || trojan-activity || 0 || ET TROJAN Navipromo related update || url,doc.emergingthreats.net/2009694 1 || 2009696 || 3 || misc-activity || 0 || ET POLICY External Connection to Altiris HelpDesk || url,www.symantec.com/business/theme.jsp?themeid=altiris || url,doc.emergingthreats.net/2009696 1 || 2009697 || 3 || misc-activity || 0 || ET POLICY External Connection to Altiris Console || url,www.symantec.com/business/theme.jsp?themeid=altiris || url,doc.emergingthreats.net/2009697 1 || 2009698 || 1 || attempted-dos || 0 || ET VOIP INVITE Message Flood UDP || url,doc.emergingthreats.net/2009698 1 || 2009699 || 1 || attempted-dos || 0 || ET VOIP REGISTER Message Flood UDP || url,doc.emergingthreats.net/2009699 1 || 2009700 || 1 || attempted-dos || 0 || ET VOIP Multiple Unauthorized SIP Responses UDP || url,doc.emergingthreats.net/2009700 1 || 2009701 || 2 || attempted-dos || 0 || ET DOS DNS BIND 9 Dynamic Update DoS attempt || cve,2009-0696 || url,doc.emergingthreats.net/2009701 1 || 2009702 || 5 || policy-violation || 0 || ET POLICY DNS Update From External net || url,doc.emergingthreats.net/2009702 1 || 2009703 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (INet) || url,doc.emergingthreats.net/2009703 1 || 2009704 || 9 || trojan-activity || 0 || ET TROJAN Win32.Hupigon.dkwt Related Checkin || url,doc.emergingthreats.net/2009704 1 || 2009705 || 5 || trojan-activity || 0 || ET MALWARE W3i Related Adware/Spyware || url,www.tallemu.com/oasis2/vendor/w3i__llc/623302 || url,doc.emergingthreats.net/2009705 1 || 2009706 || 5 || misc-activity || 0 || ET POLICY Nessus Vulnerability Scanner Plugins Update || url,www.nessus.org/nessus/ || url,www.nessus.org/plugins/ || url,doc.emergingthreats.net/2009706 1 || 2009709 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMyAdmin Setup Code Injection (phpinfo) || cve,CVE-2009-1151 || url,www.securityfocus.com/bid/34236 || url,labs.neohapsis.com/2009/04/06/about-cve-2009-1151/ || url,doc.emergingthreats.net/2009709 1 || 2009710 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMyAdmin Setup Code Injection (system) || cve,CVE-2009-1151 || url,www.securityfocus.com/bid/34236 || url,labs.neohapsis.com/2009/04/06/about-cve-2009-1151/ || url,doc.emergingthreats.net/2009710 1 || 2009711 || 7 || trojan-activity || 0 || ET TROJAN Win32.Runner/Bublik Checkin || url,www.spywarecease.com/spyware-list/Spyware_Trojan.Win32.Runner.s.html || url,www.threatexpert.com/threats/trojan-win32-runner.html || md5,6d2919a92d7dda22f4bc7f9a9b15739f 1 || 2009712 || 5 || trojan-activity || 0 || ET MALWARE Adware PlusDream - GET Config Download/Update || url,doc.emergingthreats.net/2009712 1 || 2009714 || 5 || web-application-attack || 0 || ET WEB_SERVER Script tag in URI, Possible Cross Site Scripting Attempt || url,ha.ckers.org/xss.html || url,doc.emergingthreats.net/2009714 1 || 2009715 || 5 || web-application-attack || 0 || ET WEB_SERVER Onmouseover= in URI - Likely Cross Site Scripting Attempt || url,www.w3schools.com/jsref/jsref_onmouseover.asp || url,doc.emergingthreats.net/2009715 1 || 2009716 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ECShop user.php order_sn Parameter SQL Injection || bugtraq,34733 || url,milw0rm.com/exploits/8548 || url,doc.emergingthreats.net/2009716 1 || 2009717 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 1024 CMS standard.php page_include Parameter Remote File Inclusion || url,vupen.com/english/advisories/2009/0360 || url,milw0rm.com/exploits/8003 || url,doc.emergingthreats.net/2009717 1 || 2009718 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AvailScript Photo Album Script pics.php sid Parameter SQL Injection || bugtraq,31085 || url,milw0rm.com/exploits/6411 || url,doc.emergingthreats.net/2009718 1 || 2009719 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pHNews comments.php templates_dir Local File Inclusion || url,milw0rm.com/exploits/6000 || bugtraq,19838 || url,doc.emergingthreats.net/2009719 1 || 2009720 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pHNews comments.php template Local File Inclusion || url,milw0rm.com/exploits/6000 || bugtraq,19838 || url,doc.emergingthreats.net/2009720 1 || 2009723 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion || url,secunia.com/advisories/34997/ || url,milw0rm.com/exploits/8602 || url,doc.emergingthreats.net/2009723 1 || 2009724 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QuickTeam qte_init.php qte_root Parameter Local File Inclusion || url,secunia.com/advisories/34997/ || url,milw0rm.com/exploits/8602 || url,doc.emergingthreats.net/2009724 1 || 2009725 || 8 || web-application-attack || 0 || ET ACTIVEX Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow || url,milw0rm.com/exploits/8824 || bugtraq,23412 || url,doc.emergingthreats.net/2009725 1 || 2009726 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TotalCalendar config.php inc_dir Parameter Local File Inclusion || bugtraq,34617 || url,milw0rm.com/exploits/8494 || url,doc.emergingthreats.net/2009726 1 || 2009727 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection || cve,CVE-2008-6242 || bugtraq,32039 || url,milw0rm.com/exploits/6922 || url,doc.emergingthreats.net/2009727 1 || 2009728 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NotFTP config.php languages Parameter Local File Inclusion || url,milw0rm.com/exploits/8504 || bugtraq,34636 || url,doc.emergingthreats.net/2009728 1 || 2009729 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TotalCalendar cms_detect.php include Parameter Local File Inclusion || url,milw0rm.com/exploits/8503 || bugtraq,34634 || url,doc.emergingthreats.net/2009729 1 || 2009730 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JobHut browse.php pk Parameter SQL Injection || bugtraq,34300 || url,milw0rm.com/exploits/8318 || url,doc.emergingthreats.net/2009730 1 || 2009731 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VS Panel showcat.php Cat_ID Parameter SQL Injection || bugtraq,34648 || url,milw0rm.com/exploits/8506 || url,doc.emergingthreats.net/2009731 1 || 2009733 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Golabi index_logged.php cur_module Parameter Remote File Inclusion || url,milw0rm.com/exploits/8112 || url,vupen.com/english/advisories/2009/0553 || bugtraq,33916 || url,doc.emergingthreats.net/2009733 1 || 2009734 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 212cafe Board view.php qID Parameter SQL Injection || bugtraq,31426 || url,xforce.iss.net/xforce/xfdb/45428 || url,milw0rm.com/exploits/6578 || url,doc.emergingthreats.net/2009734 1 || 2009735 || 8 || web-application-attack || 0 || ET ACTIVEX Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow || url,xforce.iss.net/xforce/xfdb/50868 || url,milw0rm.com/exploits/8835 || url,doc.emergingthreats.net/2009735 1 || 2009736 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProjectCMS select_image.php dir Parameter Directory Traversal || url,milw0rm.com/exploits/8608 || bugtraq,34816 || url,doc.emergingthreats.net/2009736 1 || 2009737 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProjectCMS admin_theme_remove.php file Parameter Remote Directory Delete || url,milw0rm.com/exploits/8608 || bugtraq,34816 || url,doc.emergingthreats.net/2009737 1 || 2009738 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-BLC get_read.php section Parameter SQL Injection || url,milw0rm.com/exploits/8258 || bugtraq,34197 || url,doc.emergingthreats.net/2009738 1 || 2009739 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Multiple Products upload_image_category.asp cid Parameter SQL Injection || bugtraq,33253 || url,xforce.iss.net/xforce/xfdb/47959 || url,milw0rm.com/exploits/7767 || url,doc.emergingthreats.net/2009739 1 || 2009740 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BibCiter projects.php idp Parameter SQL Injection || url,secunia.com/advisories/33555 || bugtraq,33329 || url,milw0rm.com/exploits/7814 || url,doc.emergingthreats.net/2009740 1 || 2009741 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BibCiter contacts.php idc Parameter SQL Injection || url,secunia.com/advisories/33555 || bugtraq,33329 || url,milw0rm.com/exploits/7814 || url,doc.emergingthreats.net/2009741 1 || 2009742 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BibCiter users.php idu Parameter SQL Injection || url,secunia.com/advisories/33555 || bugtraq,33329 || url,milw0rm.com/exploits/7814 || url,doc.emergingthreats.net/2009742 1 || 2009743 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpDatingClub website.php page Parameter Local File Inclusion || bugtraq,30176 || url,milw0rm.com/exploits/6037 || url,doc.emergingthreats.net/2009743 1 || 2009744 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SuperNews valor.php noticia Parameter SQL Injection || url,milw0rm.com/exploits/8255 || bugtraq,34195 || url,doc.emergingthreats.net/2009744 1 || 2009745 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flatchat pmscript.php with Parameter Local File Inclusion || url,milw0rm.com/exploits/8549 || bugtraq,34734 || url,doc.emergingthreats.net/2009745 1 || 2009746 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QuickTeam qte_web.php qte_web_path Parameter Local File Inclusion || url,secunia.com/advisories/34997/ || url,milw0rm.com/exploits/8602 || url,doc.emergingthreats.net/2009746 1 || 2009747 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AvailScript Article Script articles.php aIDS Parameter SQL Injection || cve,CVE-2008-4371 || url,secunia.com/advisories/31816/ || url,milw0rm.com/exploits/6409 || url,doc.emergingthreats.net/2009747 1 || 2009749 || 4 || attempted-recon || 0 || ET SCAN Unusually Fast 403 Error Messages, Possible Web Application Scan || url,www.checkupdown.com/status/E403.html || url,doc.emergingthreats.net/2009749 1 || 2009750 || 6 || trojan-activity || 0 || ET TROJAN Banker/Bancos/Infostealer Possible Rootkit - HTTP HEAD Request || url,www.pctools.com/mrc/infections/id/Trojan.Banker/ || url,www.anti-spyware-101.com/remove-trojanbanker || url,doc.emergingthreats.net/2009750 1 || 2009751 || 9 || trojan-activity || 0 || ET TROJAN Fraudload/FakeAlert/FakeVimes Downloader - POST || url,www.pctools.com/mrc/infections/id/Trojan-Downloader.FraudLoad/ || url,www.threatexpert.com/reports.aspx?find=Trojan-Downloader.FraudLoad || url,doc.emergingthreats.net/2009751 1 || 2009752 || 7 || trojan-activity || 0 || ET TROJAN Monkif/DlKroha Trojan Activity HTTP Outbound || url,doc.emergingthreats.net/2009752 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fMonkif.C 1 || 2009754 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat install.clickheat.php mosConfig_absolute_path Remote File Inclusion || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009754 1 || 2009755 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat _main.php mosConfig_absolute_path Parameter Remote File Inclusion - 1 || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009755 1 || 2009756 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion - 2 || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009756 1 || 2009757 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat Cache.php mosConfig_absolute_path Remote File Inclusion || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009757 1 || 2009758 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat Clickheat_Heatmap.php mosConfig_absolute_path Remote File Inclusion || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009758 1 || 2009759 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat GlobalVariables.php mosConfig_absolute_path Remote File Inclusion - 1 || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009759 1 || 2009760 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion -2 || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009760 1 || 2009761 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LWS php User Base unverified.inc.php template Parameter Local File Inclusion || bugtraq,27964 || url,juniper.net/security/auto/vulnerabilities/vuln27964.html || url,www.exploit-db.com/exploits/5179/ || url,doc.emergingthreats.net/2009761 1 || 2009764 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cyberfolio css.php theme Parameter Local File Inclusion || cve,CVE-2008-6265 || bugtraq,32218 || url,vupen.com/english/advisories/2008/3070 || url,milw0rm.com/exploits/7065 || url,doc.emergingthreats.net/2009764 1 || 2009765 || 8 || trojan-activity || 0 || ET MALWARE Pivim Multibar User-Agent (Pivim Multibar) || url,doc.emergingthreats.net/2009765 1 || 2009766 || 9 || trojan-activity || 0 || ET MALWARE IE Toolbar User-Agent (IEToolbar) || url,doc.emergingthreats.net/2009766 1 || 2009767 || 4 || attempted-recon || 0 || ET SCAN Multiple NBTStat Query Responses to External Destination, Possible Automated Windows Network Enumeration || url,technet.microsoft.com/en-us/library/cc940106.aspx || url,doc.emergingthreats.net/2009767 1 || 2009768 || 4 || attempted-recon || 0 || ET SCAN NBTStat Query Response to External Destination, Possible Windows Network Enumeration || url,technet.microsoft.com/en-us/library/cc940106.aspx || url,doc.emergingthreats.net/2009768 1 || 2009769 || 3 || attempted-recon || 0 || ET SCAN SQL Power Injector SQL Injection User Agent Detected || url,www.sqlpowerinjector.com/index.htm || url,en.wikipedia.org/wiki/Sql_injection || url,doc.emergingthreats.net/2009769 1 || 2009770 || 6 || web-application-attack || 0 || ET WEB_SERVER Possible UNION SELECT SQL Injection In Cookie || url,www.w3schools.com/sql/sql_union.asp || url,www.w3schools.com/sql/sql_select.asp || url,en.wikipedia.org/wiki/SQL_injection || url,www.owasp.org/index.php/SQL_Injection || url,doc.emergingthreats.net/2009770 1 || 2009771 || 6 || web-application-attack || 0 || ET WEB_SERVER Possible SELECT FROM SQL Injection In Cookie || url,www.w3schools.com/sql/sql_select.asp || url,en.wikipedia.org/wiki/SQL_injection || url,www.owasp.org/index.php/SQL_Injection || url,doc.emergingthreats.net/2009771 1 || 2009772 || 6 || web-application-attack || 0 || ET WEB_SERVER Possible DELETE FROM SQL Injection In Cookie || url,www.w3schools.com/Sql/sql_delete.asp || url,en.wikipedia.org/wiki/SQL_injection || url,www.owasp.org/index.php/SQL_Injection || url,doc.emergingthreats.net/2009772 1 || 2009773 || 36 || web-application-attack || 0 || ET WEB_SERVER Possible INSERT INTO SQL Injection In Cookie || url,www.w3schools.com/SQL/sql_insert.asp || url,en.wikipedia.org/wiki/SQL_injection || url,www.owasp.org/index.php/SQL_Injection || url,doc.emergingthreats.net/2009773 1 || 2009776 || 7 || trojan-activity || 0 || ET TROJAN Oficla Downloader Activity Observed || url,www.threatexpert.com/report.aspx?md5=38e1d644e2a16041b5ec1a02826df280 || url,www.threatexpert.com/report.aspx?md5=1db0c8d48a76662496af7faf581b1cf0 || url,doc.emergingthreats.net/2009776 1 || 2009778 || 7 || attempted-recon || 0 || ET WEB_SPECIFIC_APPS Joomla Full Path Disclosure -- php5x.php || bugtraq,35780 || url,www.securityfocus.com/archive/1/505231 || url,doc.emergingthreats.net/2009778 1 || 2009779 || 6 || attempted-recon || 0 || ET WEB_SPECIFIC_APPS Joomla Full Path Disclosure -- ldap.php || bugtraq,35780 || url,www.securityfocus.com/archive/1/505231 || url,doc.emergingthreats.net/2009779 1 || 2009780 || 6 || attempted-recon || 0 || ET WEB_SPECIFIC_APPS Joomla Full Path Disclosure -- content.php || bugtraq,35780 || url,www.securityfocus.com/archive/1/505231 || url,doc.emergingthreats.net/2009780 1 || 2009783 || 8 || trojan-activity || 0 || ET MALWARE RubyFortune Spyware Capabilities User-Agent (Microgaming Install Program) - GET || url,vil.nai.com/vil/content/v_151034.htm || url,www.emsisoft.com/en/malware/?Adware.Win32.Ruby+Fortune+Casino+3.2.0.25 || url,www.threatexpert.com/reports.aspx?find=mgsmup.com || url,doc.emergingthreats.net/2009783 1 || 2009785 || 8 || trojan-activity || 0 || ET MALWARE QVOD Related Spyware/Malware User-Agent (Qvod) || url,www.siteadvisor.com/sites/update.qvod.com || url,www.threatexpert.com/reports.aspx?find=update.qvod.com || url,doc.emergingthreats.net/2009785 1 || 2009787 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Community CMS view.php article_id Parameter SQL Injection || bugtraq,34303 || url,milw0rm.com/exploits/8323 || url,doc.emergingthreats.net/2009787 1 || 2009788 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RSS-aggregator display.php path Parameter Remote File Inclusion || bugtraq,29873 || url,milw0rm.com/exploits/5900 || url,doc.emergingthreats.net/2009788 1 || 2009789 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TinyButStrong bs_us_examples_0view.php script Parameter Local File Inclusion || url,milw0rm.com/exploits/8667 || url,vupen.com/english/advisories/2009/1304 || url,doc.emergingthreats.net/2009789 1 || 2009790 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS beLive arch.php arch Parameter Local File Inclusion || url,milw0rm.com/exploits/8680 || bugtraq,34968 || url,secunia.com/advisories/35059/ || url,doc.emergingthreats.net/2009790 1 || 2009791 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GS Real Estate Portal email.php AgentID Parameter SQL Injection || url,juniper.net/security/auto/vulnerabilities/vuln32307.html || url,xforce.iss.net/xforce/xfdb/46638 || url,milw0rm.com/exploits/7117 || url,doc.emergingthreats.net/2009791 1 || 2009792 || 8 || web-application-attack || 0 || ET ACTIVEX Avax Vector avPreview.ocx ActiveX Control Buffer Overflow || url,packetstormsecurity.nl/0907-exploits/avax13-dos.txt || bugtraq,35582 || url,juniper.net/security/auto/vulnerabilities/vuln35583.html || url,doc.emergingthreats.net/2009792 1 || 2009793 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Crawler footer.php footer_file Parameter Remote File Inclusion || bugtraq,31217 || url,milw0rm.com/exploits/6475 || url,doc.emergingthreats.net/2009793 1 || 2009794 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VidShare Pro listing_video.php catid Parameter SQL Injection || url,milw0rm.com/exploits/8737 || bugtraq,35033 || url,doc.emergingthreats.net/2009794 1 || 2009795 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dog Pedigree Online Database managePerson.php personId Parameter SQL Injection || bugtraq,35032 || url,milw0rm.com/exploits/8738 || url,doc.emergingthreats.net/2009795 1 || 2009796 || 8 || trojan-activity || 0 || ET MALWARE FakeAV Windows Protection Suite/ReleaseXP.exe User-Agent (Releasexp) || url,doc.emergingthreats.net/2009796 1 || 2009797 || 3 || trojan-activity || 0 || ET TROJAN Bifrose Response from victim || url,doc.emergingthreats.net/2009797 1 || 2009798 || 2 || policy-violation || 0 || ET POLICY Carbonite Online Backup SSL Handshake || url,doc.emergingthreats.net/2009798 1 || 2009799 || 5 || web-application-attack || 0 || ET WEB_SERVER PHP Attack Tool Morfeus F Scanner - M || url,www.webmasterworld.com/search_engine_spiders/3227720.htm || url,doc.emergingthreats.net/2003466 1 || 2009800 || 4 || policy-violation || 0 || ET POLICY Carbonite.com Backup Software Leaking MAC Address || url,doc.emergingthreats.net/2009800 1 || 2009801 || 8 || policy-violation || 0 || ET POLICY Carbonite.com Backup Software User-Agent (Carbonite Installer) || url,doc.emergingthreats.net/2009801 1 || 2009803 || 6 || trojan-activity || 0 || ET DELETED Downloader Generic - GET || url,doc.emergingthreats.net/2009803 1 || 2009804 || 7 || trojan-activity || 0 || ET TROJAN Screenblaze SCR Related Backdoor - GET || url,vil.nai.com/vil/content/v_156782.htm || url,www.spywaredetector.net/spyware_encyclopedia/Backdoor.Prosti.htm || url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=207702#none || url,www.threatexpert.com/report.aspx?md5=0bcdc9c2e2102f36f594b9e727dae3c7 || url,doc.emergingthreats.net/2009804 1 || 2009805 || 5 || trojan-activity || 0 || ET TROJAN Luder.B User-Agent (Mozilla/4.0 (SPGK)) - GET || url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=212955#none || url,www.threatexpert.com/threats/virus-win32-luder-b.html || url,doc.emergingthreats.net/2009805 1 || 2009806 || 5 || trojan-activity || 0 || ET TROJAN Poison Ivy RAT/Backdoor follow on POST Data PUSH Packet || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPoisonivy.I&ThreatID=-2147363597 || url,www.viruslist.com/en/viruses/encyclopedia?virusid=133781 || url,doc.emergingthreats.net/2009806 1 || 2009807 || 5 || trojan-activity || 0 || ET MALWARE 2020search/PowerSearch Toolbar Adware/Spyware - GET || url,vil.nai.com/vil/content/v_103738.htm || url,www.sunbeltsecurity.com/ThreatDisplay.aspx?tid=13811&cs=1437A28B7A90C4C502B683CE6DE23C4E || url,www.symantec.com/security_response/writeup.jsp?docid=2004-111918-0210-99 || url,doc.emergingthreats.net/2009807 1 || 2009808 || 5 || trojan-activity || 0 || ET TROJAN Win32.Virut - GET || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fVirut || url,www.avast.com/eng/win32-virut.html || url,free.avg.com/66558 || url,www.threatexpert.com/threats/virus-win32-virut-ce.html || url,doc.emergingthreats.net/2009808 1 || 2009809 || 2 || trojan-activity || 0 || ET TROJAN Generic/Unknown Downloader Config to client || url,doc.emergingthreats.net/2009809 1 || 2009810 || 8 || trojan-activity || 0 || ET TROJAN Swizzor-based Downloader - Invalid User-Agent (Mozilla/4.0 (compatible MSIE 7.0 na .NET CLR 2.0.50727 .NET CLR 3.0.4506.2152 .NET CLR 3.5.30729)) || url,www.cyber-ta.org/releases/malware-analysis/public/2009-07-12-public/ARCHIVE/1247423556.chatter || url,doc.emergingthreats.net/2009810 1 || 2009811 || 6 || trojan-activity || 0 || ET TROJAN KillAV/Dropper/Mdrop/Hupigon - HTTP GET || url,doc.emergingthreats.net/2009811 1 || 2009812 || 7 || trojan-activity || 0 || ET TROJAN AVKiller with Backdoor checkin || url,doc.emergingthreats.net/2009812 1 || 2009813 || 3 || trojan-activity || 0 || ET TROJAN Trojan.MyDNS DNSChanger - HTTP POST || url,doc.emergingthreats.net/2009813 1 || 2009814 || 8 || trojan-activity || 0 || ET TROJAN Downloader (Win32.Doneltart) Checkin - HTTP GET || url,doc.emergingthreats.net/2009814 1 || 2009815 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_cmdshell Stored Procedure Via URI || url,msdn.microsoft.com/en-us/library/ms175046.aspx || url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm || url,doc.emergingthreats.net/2009815 1 || 2009816 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_servicecontrol Stored Procedure Via URI || url,www.sqlusa.com/bestpractices2005/administration/xpservicecontrol/ || url,doc.emergingthreats.net/2009816 1 || 2009817 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL sp_adduser Stored Procedure Via URI to Create New Database User || url,technet.microsoft.com/en-us/library/ms181422.aspx || url,doc.emergingthreats.net/2009817 1 || 2009818 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_regread/xp_regwrite/xp_regdeletevalue/xp_regdeletekey Stored Procedure Via URI to Modify Registry || url,www.mssqlcity.com/Articles/Undoc/UndocExtSP.htm || url,www.sql-server-performance.com/articles/dev/extended_stored_procedures_p1.aspx || url,doc.emergingthreats.net/2009818 1 || 2009819 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_fileexist Stored Procedure Via URI to Locate Files On Disk || url,www.mssqlcity.com/Articles/Undoc/UndocExtSP.htm || url,www.dugger-it.com/articles/xp_fileexist.asp || url,www.sql-server-performance.com/articles/dev/extended_stored_procedures_p1.aspx || url,doc.emergingthreats.net/2009819 1 || 2009820 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_enumerrorlogs Stored Procedure Via URI to View Error Logs || url,www.mssqlcity.com/Articles/Undoc/UndocExtSP.htm || url,www.sql-server-performance.com/articles/dev/extended_stored_procedures_p1.aspx || url,doc.emergingthreats.net/2009820 1 || 2009822 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_readerrorlogs Stored Procedure Via URI to View Error Logs || url,www.sql-server-performance.com/articles/dev/extended_stored_procedures_p1.aspx || url,www.sqlteam.com/article/using-xp_readerrorlog-in-sql-server-2005 || url,doc.emergingthreats.net/2009822 1 || 2009823 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_enumdsn/xp_enumgroups/xp_ntsec_enumdomains Stored Procedure Via URI || url,www.mssqlcity.com/Articles/Undoc/UndocExtSP.htm || url,ferruh.mavituna.com/sql-injection-cheatsheet-oku/ || url,msdn.microsoft.com/en-us/library/ms173792.aspx || url,doc.emergingthreats.net/2009823 1 || 2009824 || 6 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Delf followon POST Data PUSH Packet || url,www.threatexpert.com/threats/trojan-downloader-win32-delf.html || url,doc.emergingthreats.net/2009824 1 || 2009825 || 8 || trojan-activity || 0 || ET TROJAN Win32.VB.tdq - Fake User-Agent || url,vil.nai.com/vil/content/v_187654.htm || url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=187654 || url,doc.emergingthreats.net/2009825 1 || 2009826 || 9 || trojan-activity || 0 || ET DELETED Generic Backdoor Retrieve Instructions/Configs - HTTP GET || url,doc.emergingthreats.net/2009826 1 || 2009827 || 3 || attempted-recon || 0 || ET SCAN Pavuk User Agent Detected - Website Mirroring Tool for Off-line Analysis || url,pavuk.sourceforge.net/about.html || url,doc.emergingthreats.net/2009827 1 || 2009828 || 6 || attempted-admin || 0 || ET EXPLOIT Possible IIS FTP Exploit attempt - Large SITE command || url,www.milw0rm.com/exploits/9541 || url,doc.emergingthreats.net/2009828 || cve,2009-3023 1 || 2009829 || 4 || trojan-activity || 0 || ET TROJAN Virut/Virutas/Virtob/QQHelper Dropper Family - HTTP GET || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FQQHelper.gen!E&ThreatID=-2147371486 || url,www.sophos.com/security/analyses/viruses-and-spyware/w32viruti.html || url,www.threatexpert.com/threats/w32-virut-i.html || url,doc.emergingthreats.net/2009829 1 || 2009830 || 7 || trojan-activity || 0 || ET TROJAN Win32/Wombot.A checkin Possible Bruteforcer for Web Forms and Accounts - HTTP POST || url,doc.emergingthreats.net/2009830 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FWombot.A 1 || 2009831 || 6 || trojan-activity || 0 || ET MALWARE Topgame-online.com Ruch Casino Install User-Agent (RichCasino) || url,doc.emergingthreats.net/2009831 1 || 2009832 || 3 || attempted-recon || 0 || ET SCAN DCERPC rpcmgmt ifids Unauthenticated BIND || url,www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf || url,www.blackhat.com/presentations/win-usa-04/bh-win-04-seki-up2.pdf || url,seclists.org/fulldisclosure/2003/Aug/0432.html || url,doc.emergingthreats.net/2009832 1 || 2009833 || 9 || attempted-recon || 0 || ET SCAN WITOOL SQL Injection Scan || url,witool.sourceforge.net/ || url,doc.emergingthreats.net/2009833 1 || 2009834 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla portalid Component UNION SELECT SQL Injection || url,www.exploit-db.com/exploits/9563/ || url,www.securityfocus.com/bid/36206/info || url,doc.emergingthreats.net/2009834 1 || 2009835 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla portalid Component SELECT FROM SQL Injection || url,www.exploit-db.com/exploits/9563/ || url,www.securityfocus.com/bid/36206/info || url,doc.emergingthreats.net/2009835 1 || 2009836 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla portalid Component DELETE FROM SQL Injection || url,www.exploit-db.com/exploits/9563/ || url,www.securityfocus.com/bid/36206/info || url,doc.emergingthreats.net/2009836 1 || 2009837 || 7 || attempted-recon || 0 || ET DELETED OWASP Joomla Vulnerability Scanner Detected || url,www.owasp.org/index.php/Category%3aOWASP_Joomla_Vulnerability_Scanner_Project || url,doc.emergingthreats.net/2009837 1 || 2009838 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News search.php config Parameter Remote File Inclusion || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009838 1 || 2009839 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News archive.php config Parameter Remote File Inclusion -1 || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009839 1 || 2009840 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News Archive.php config Parameter Remote File Inclusion -2 || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009840 1 || 2009841 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News comments.php config Parameter Remote File Inclusion -1 || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009841 1 || 2009842 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News Comments.php config Parameter Remote File Inclusion -2 || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009842 1 || 2009843 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News news.php config Parameter Remote File Inclusion -1 || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009843 1 || 2009844 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News News.php config Parameter Remote File Inclusion -2 || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009844 1 || 2009845 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News SendFriend.php config Parameter Remote File Inclusion || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009845 1 || 2009846 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News global.php config Parameter Remote File Inclusion || url,secunia.com/advisories/33691 || url,milw0rm.com/exploits/8026 || url,doc.emergingthreats.net/2009846 1 || 2009847 || 7 || web-application-attack || 0 || ET ACTIVEX Symantec Security Check RuFSI ActiveX Control Buffer Overflow || bugtraq,8008 || url,xforce.iss.net/xforce/xfdb/12423 || url,juniper.net/security/auto/vulnerabilities/vuln8008.html || url,doc.emergingthreats.net/2009847 1 || 2009848 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragoon header.inc.php root Parameter Remote File Inclusion || url,milw0rm.com/exploits/5393 || bugtraq,28660 || url,doc.emergingthreats.net/2009848 1 || 2009849 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz num_questions.php quiz Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009849 1 || 2009850 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz answers.php quiz Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009850 1 || 2009851 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz answers.php order_number Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009851 1 || 2009852 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz high_score_web.php quiz Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009852 1 || 2009853 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz results_table_web.php quiz Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009853 1 || 2009854 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz question.php quiz Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009854 1 || 2009855 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz question.php order_number Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009855 1 || 2009856 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz high_score.php quiz Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009856 1 || 2009857 || 7 || web-application-attack || 0 || ET ACTIVEX Awingsoft Web3D Player Remote Buffer Overflow || url,secunia.com/advisories/35764/ || url,milw0rm.com/exploits/9116 || url,shinnai.net/xplits/TXT_nsGUdeley3EHfKEV690p.html || url,doc.emergingthreats.net/2009857 1 || 2009858 || 8 || attempted-user || 0 || ET ACTIVEX Possible PPStream MList.ocx Buffer Overflow Attempt || url,www.securityfocus.com/bid/36234/info || url,doc.emergingthreats.net/2009858 1 || 2009860 || 5 || attempted-admin || 0 || ET EXPLOIT IIS FTP Exploit - NLST Globbing Exploit || url,www.milw0rm.com/exploits/9541 || url,doc.emergingthreats.net/2009860 || cve,2009-3023 1 || 2009861 || 6 || trojan-activity || 0 || ET MALWARE ErrorNuker FakeAV User-Agent (ERRN2004 (Windows XP)) || url,doc.emergingthreats.net/2009861 1 || 2009862 || 3 || trojan-activity || 0 || ET TROJAN Banker Trojan CnC AddNew Command || url,doc.emergingthreats.net/2009862 1 || 2009863 || 3 || trojan-activity || 0 || ET TROJAN Banker Trojan CnC Hello Command || url,doc.emergingthreats.net/2009863 1 || 2009864 || 5 || trojan-activity || 0 || ET DELETED Banker Trojan CnC Server Ping || url,doc.emergingthreats.net/2009864 1 || 2009867 || 6 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Mozilla/3.0 (compatible)) || url,doc.emergingthreats.net/2009867 1 || 2009868 || 11 || attempted-user || 0 || ET ACTIVEX Possible Acer LunchApp Arbitrary Code Exucution Attempt || url,securitytracker.com/alerts/2009/Aug/1022752.html || url,www.kb.cert.org/vuls/id/485961 || url,www.securityfocus.com/bid/21207/info || url,doc.emergingthreats.net/2009868 1 || 2009869 || 9 || attempted-user || 0 || ET ACTIVEX Possible SmartVMD VideoMovement.dll Buffer Overflow Attempt || url,www.securityfocus.com/bid/36217/info || url,doc.emergingthreats.net/2009869 1 || 2009870 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XRMS CRM workflow-activities.php include_directory Remote File Inclusion || cve,CVE-2008-3399 || url,milw0rm.com/exploits/6131 || url,xforce.iss.net/xforce/xfdb/43992 || url,doc.emergingthreats.net/2009870 1 || 2009871 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPauction GPL converter.inc.php include_path Parameter Remote File Inclusion || url,vupen.com/english/advisories/2008/0908 || bugtraq,28284 || url,milw0rm.com/exploits/5266 || url,doc.emergingthreats.net/2009871 1 || 2009872 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPauction GPL messages.inc.php include_path Parameter Remote File Inclusion || url,vupen.com/english/advisories/2008/0908 || bugtraq,28284 || url,milw0rm.com/exploits/5266 || url,doc.emergingthreats.net/2009872 1 || 2009873 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPauction GPL settings.inc.php include_path Parameter Remote File Inclusion || url,vupen.com/english/advisories/2008/0908 || bugtraq,28284 || url,milw0rm.com/exploits/5266 || url,doc.emergingthreats.net/2009873 1 || 2009874 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce _functions.php GLOBALS Parameter Remote File Inclusion || bugtraq,35103 || url,milw0rm.com/exploits/8790 || url,doc.emergingthreats.net/2009874 1 || 2009875 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce _functions.php GLOBALS Parameter Local File Inclusion || bugtraq,35103 || url,milw0rm.com/exploits/8790 || url,doc.emergingthreats.net/2009875 1 || 2009876 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokuwiki doku.php config_cascade Local File Inclusion || bugtraq,35095 || url,milw0rm.com/exploits/8781 || url,doc.emergingthreats.net/2009876 1 || 2009877 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VirtueMart Google Base Component admin.googlebase.php Remote File Inclusion || bugtraq,32098 || url,milw0rm.com/exploits/6975 || url,doc.emergingthreats.net/2009877 1 || 2009878 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Harlandscripts Pro Traffic One mypage.php trg Parameter SQL Injection || url,secunia.com/advisories/32467 || bugtraq,31986 || url,milw0rm.com/exploits/6874 || url,doc.emergingthreats.net/2009878 1 || 2009880 || 6 || trojan-activity || 0 || ET MALWARE Casalemedia Spyware Reporting URL Visited 3 || url,doc.emergingthreats.net/2009880 1 || 2009881 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla Com_joomlub Component Union Select SQL Injection || url,www.exploit-db.com/exploits/9593/ || url,doc.emergingthreats.net/2009881 1 || 2009882 || 3 || attempted-recon || 0 || ET SCAN Default Mysqloit User Agent Detected - Mysql Injection Takover Tool || url,code.google.com/p/mysqloit/ || url,doc.emergingthreats.net/2009882 1 || 2009883 || 5 || attempted-recon || 0 || ET SCAN Possible Mysqloit Operating System Fingerprint/SQL Injection Test Scan Detected || url,code.google.com/p/mysqloit/ || url,doc.emergingthreats.net/2009883 1 || 2009884 || 3 || attempted-recon || 0 || ET SCAN Unusually Fast 400 Error Messages (Bad Request), Possible Web Application Scan || url,www.w3.org/Protocols/rfc2616/rfc2616-sec10.html || url,support.microsoft.com/kb/247249 || url,doc.emergingthreats.net/2009884 1 || 2009885 || 3 || attempted-recon || 0 || ET SCAN Unusually Fast 404 Error Messages (Page Not Found), Possible Web Application Scan/Directory Guessing Attack || url,www.w3.org/Protocols/rfc2616/rfc2616-sec10.html || url,en.wikipedia.org/wiki/HTTP_404 || url,doc.emergingthreats.net/2009885 1 || 2009886 || 4 || attempted-dos || 0 || ET NETBIOS Remote SMB2.0 DoS Exploit || url,securityreason.com/exploitalert/7138 || url,doc.emergingthreats.net/2009886 1 || 2009887 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProjectButler RFI attempt || url,www.sans.org/top20/ || url,www.packetstormsecurity.org/0908-exploits/projectbutler-rfi.txt || url,doc.emergingthreats.net/2009887 1 || 2009888 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXcms RFI attempt (1) || url,www.sans.org/top20/ || url,packetstormsecurity.org/0908-exploits/maxcms-rfi.txt || url,doc.emergingthreats.net/2009888 1 || 2009889 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXcms RFI attempt (2) || url,www.sans.org/top20/ || url,packetstormsecurity.org/0908-exploits/maxcms-rfi.txt || url,doc.emergingthreats.net/2009889 1 || 2009890 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXcms RFI attempt (3) || url,www.sans.org/top20/ || url,packetstormsecurity.org/0908-exploits/maxcms-rfi.txt || url,doc.emergingthreats.net/2009890 1 || 2009891 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXcms RFI attempt (4) || url,www.sans.org/top20/ || url,packetstormsecurity.org/0908-exploits/maxcms-rfi.txt || url,doc.emergingthreats.net/2009891 1 || 2009892 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Paid4Mail RFI attempt || url,packetstormsecurity.org/0907-exploits/paid4mail-rfi.txt || url,doc.emergingthreats.net/2009892 1 || 2009893 || 7 || attempted-user || 0 || ET ACTIVEX Possible HTTP ACTi SetText() nvUnifiedControl.dll Buffer Overflow Attempt || url,tools.cisco.com/security/center/viewIpsSignature.x?signatureId=18237&signatureSubId=1&softwareVersion=6.0&releaseVersion=S429 || url,www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=22546 || url,www.securityfocus.com/bid/25465 || url,doc.emergingthreats.net/2009893 1 || 2009894 || 7 || attempted-user || 0 || ET ACTIVEX Possible HTTP ACTi SaveXMLFile()/DeleteXMLFile() nvUnifiedControl.dll Arbitrary File Overwrite/Deletion Attempt || url,tools.cisco.com/security/center/viewIpsSignature.x?signatureId=18237&signatureSubId=1&softwareVersion=6.0&releaseVersion=S429 || url,www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=22546 || url,www.securityfocus.com/bid/25465 || url,doc.emergingthreats.net/2009894 1 || 2009895 || 3 || policy-violation || 0 || ET POLICY OperaUnite URL Registration || url,unite.opera.com || url,doc.emergingthreats.net/2009895 1 || 2009896 || 3 || trojan-activity || 0 || ET TROJAN Win32/Winwebsec User-Agent Detected || url,www.f-secure.com/sw-desc/rogue_w32_winwebsec.shtml || url,blogs.technet.com/mmpc/archive/2009/05/13/msrt-tackles-another-rogue.aspx || url,doc.emergingthreats.net/2009896 1 || 2009897 || 11 || trojan-activity || 0 || ET MALWARE Possible Windows executable sent when remote host claims to send html content || url,doc.emergingthreats.net/2009897 1 || 2009898 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pragyan CMS form.lib.php sourceFolder Parameter Remote File Inclusion || bugtraq,30235 || url,juniper.net/security/auto/vulnerabilities/vuln30235.html || url,milw0rm.com/exploits/6078 || url,doc.emergingthreats.net/2009898 1 || 2009903 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AdaptBB latestposts.php forumspath Parameter Remote File Inclusion || url,secunia.com/advisories/35315/ || url,milw0rm.com/exploits/8851 || url,doc.emergingthreats.net/2009903 1 || 2009904 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AdaptBB latestposts.php forumspath Parameter Local File Inclusion || url,secunia.com/advisories/35315/ || url,milw0rm.com/exploits/8851 || url,doc.emergingthreats.net/2009904 1 || 2009905 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unclassified NewsBoard forum.php __tplCollection Parameter Local File Inclusion || url,www.exploit-db.com/exploits/8841/ || url,secunia.com/advisories/35299/ || url,doc.emergingthreats.net/2009905 1 || 2009906 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Grades parents.php ADD Parameter SQL Injection || url,secunia.com/advisories/35304/ || url,milw0rm.com/exploits/8844 || url,doc.emergingthreats.net/2009906 1 || 2009907 || 8 || attempted-user || 0 || ET ACTIVEX Remote Desktop Connection ActiveX Control Heap Overflow clsid access || cve,2009-1929 || url,www.microsoft.com/technet/security/Bulletin/MS09-044.mspx || url,doc.emergingthreats.net/2009907 1 || 2009908 || 7 || trojan-activity || 0 || ET DELETED PinBall Corp. Related suspicious activity || url,doc.emergingthreats.net/2009908 1 || 2009909 || 9 || trojan-activity || 0 || ET TROJAN Possible Windows executable sent when remote host claims to send HTML/CSS Content || url,doc.emergingthreats.net/bin/view/Main/2009909 1 || 2009913 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_djcatalog component SELECT FROM SQL Injection || url,www.exploit-db.com/exploits/9693/ || url,doc.emergingthreats.net/2009913 1 || 2009914 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_djcatalog component DELETE FROM SQL Injection || url,www.exploit-db.com/exploits/9693/ || url,doc.emergingthreats.net/2009914 1 || 2009915 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_djcatalog component INSERT INTO SQL Injection || url,www.exploit-db.com/exploits/9693/ || url,doc.emergingthreats.net/2009915 1 || 2009916 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_djcatalog component UNION SELECT SQL Injection || url,www.exploit-db.com/exploits/9693/ || url,doc.emergingthreats.net/2009916 1 || 2009917 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_djcatalog component UPDATE SET SQL Injection || url,www.exploit-db.com/exploits/9693/ || url,doc.emergingthreats.net/2009917 1 || 2009919 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Foobla RSS Feed Creator Component 'id' Parameter SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36427/info || url,doc.emergingthreats.net/2009919 1 || 2009920 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Foobla RSS Feed Creator Component 'id' Parameter DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36427/info || url,doc.emergingthreats.net/2009920 1 || 2009921 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Foobla RSS Feed Creator Component 'id' Parameter UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36427/info || url,doc.emergingthreats.net/2009921 1 || 2009922 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Foobla RSS Feed Creator Component 'id' Parameter UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36427/info || url,doc.emergingthreats.net/2009922 1 || 2009923 || 9 || attempted-user || 0 || ET ACTIVEX Possible Novell GroupWise Client 'gxmim1.dll' ActiveX Buffer Overflow Attempt || url,www.securityfocus.com/bid/36398 || url,doc.emergingthreats.net/2009923 1 || 2009924 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Foobla RSS Feed Creator Component 'id' Parameter INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36427/info || url,doc.emergingthreats.net/2009924 1 || 2009925 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script function_core.php web_root Parameter Remote File Inclusion || url,secunia.com/advisories/31920 || bugtraq,31225 || url,milw0rm.com/exploits/6480 || url,doc.emergingthreats.net/2009925 1 || 2009926 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script function_core.php web_root Parameter Local File Inclusion || url,secunia.com/advisories/31920 || bugtraq,31225 || url,milw0rm.com/exploits/6480 || url,doc.emergingthreats.net/2009926 1 || 2009927 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script layout_lyrics.php web_root Parameter Remote File Inclusion || url,secunia.com/advisories/31920 || bugtraq,31225 || url,milw0rm.com/exploits/6480 || url,doc.emergingthreats.net/2009927 1 || 2009928 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script layout_lyrics.php web_root Parameter Local file Inclusion || url,secunia.com/advisories/31920 || bugtraq,31225 || url,milw0rm.com/exploits/6480 || url,doc.emergingthreats.net/2009928 1 || 2009929 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla! com_album Component Local File Inclusion Attempt || url,www.securityfocus.com/bid/36441/info || url,www.exploit-db.com/exploits/9706/ || url,doc.emergingthreats.net/2009929 1 || 2009930 || 9 || trojan-activity || 0 || ET MALWARE User-Agent (User Agent) - Likely Hostile || url,doc.emergingthreats.net/2009930 1 || 2009931 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible OpenSiteAdmin pageHeader.php Remote File Inclusion Attempt || url,www.securityfocus.com/bid/36445/info || url,www.owasp.org/index.php/PHP_File_Inclusion || url,doc.emergingthreats.net/2009931 1 || 2009932 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible eFront database.php Remote File Inclusion Attempt || url,www.securityfocus.com/bid/36411/info || url,www.owasp.org/index.php/PHP_File_Inclusion || url,doc.emergingthreats.net/2009932 1 || 2009933 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Mambo/Joomla! com_koesubmit Component 'koesubmit.php' Remote File Inclusion Attempt || url,www.securityfocus.com/bid/36447/info || url,www.owasp.org/index.php/PHP_File_Inclusion || url,doc.emergingthreats.net/2009933 1 || 2009934 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ideal MooFAQ Joomla Component file_includer.php file Parameter Local File Inclusion || bugtraq,35259 || url,www.exploit-db.com/exploits/8898/ || url,doc.emergingthreats.net/2009934 1 || 2009935 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Frontis aps_browse_sources.php source_class Parameter SQL Injection || url,secunia.com/advisories/35369/ || url,milw0rm.com/exploits/8900 || url,doc.emergingthreats.net/2009935 1 || 2009936 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Plogger plog-download.php checked Parameter SQL Injection || bugtraq,30547 || url,xforce.iss.net/xforce/xfdb/44233 || url,milw0rm.com/exploits/6204 || url,doc.emergingthreats.net/2009936 1 || 2009937 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Mambo MOStlyCE Module Image Manager Utility Arbitrary File Upload Attempt || url,www.securityfocus.com/bid/27472/info || url,doc.emergingthreats.net/2009937 1 || 2009938 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Survey Manager Component SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36464/info || url,doc.emergingthreats.net/2009938 1 || 2009939 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Survey Manager Component DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36464/info || url,doc.emergingthreats.net/2009939 1 || 2009940 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Survey Manager Component UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36464/info || url,doc.emergingthreats.net/2009940 1 || 2009941 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Survey Manager Component INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36464/info || url,doc.emergingthreats.net/2009941 1 || 2009942 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Survey Manager Component UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36464/info || url,doc.emergingthreats.net/2009942 1 || 2009943 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JBudgetsMagic 'bid' Parameter SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36461/info || url,doc.emergingthreats.net/2009943 1 || 2009944 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JBudgetsMagic 'bid' Parameter DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36461/info || url,doc.emergingthreats.net/2009944 1 || 2009945 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JBudgetsMagic 'bid' Parameter UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36461/info || url,doc.emergingthreats.net/2009945 1 || 2009946 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JBudgetsMagic 'bid' Parameter INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36461/info || url,doc.emergingthreats.net/2009946 1 || 2009947 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JBudgetsMagic 'bid' Parameter UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36461/info || url,doc.emergingthreats.net/2009947 1 || 2009948 || 9 || attempted-user || 0 || ET ACTIVEX Quiksoft EasyMail imap connect() ActiveX stack overflow vulnerability || url,www.milw0rm.com/exploits/9704 || url,www.securityfocus.com/bid/22583 || url,doc.emergingthreats.net/2009948 1 || 2009949 || 10 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .pl source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009949 1 || 2009950 || 10 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .inc source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009950 1 || 2009951 || 10 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .conf source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009951 1 || 2009952 || 10 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .asp source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009952 1 || 2009953 || 10 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .aspx source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009953 1 || 2009954 || 9 || web-application-attack || 0 || ET DELETED Tilde in URI after file, potential source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009954 1 || 2009955 || 10 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .php source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009955 1 || 2009956 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JoomlaFacebook Component SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36484/info || url,doc.emergingthreats.net/2009956 1 || 2009957 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JoomlaFacebook Component DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36484/info || url,doc.emergingthreats.net/2009957 1 || 2009958 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JoomlaFacebook Component UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36484/info || url,doc.emergingthreats.net/2009958 1 || 2009959 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JoomlaFacebook Component INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36484/info || url,doc.emergingthreats.net/2009959 1 || 2009960 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JoomlaFacebook Component UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36484/info || url,doc.emergingthreats.net/2009960 1 || 2009961 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SportFusion Component SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36481/info || url,doc.emergingthreats.net/2009961 1 || 2009962 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SportFusion Component DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36481/info || url,doc.emergingthreats.net/2009962 1 || 2009963 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SportFusion Component UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36481/info || url,doc.emergingthreats.net/2009963 1 || 2009964 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SportFusion Component INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36481/info || url,doc.emergingthreats.net/2009964 1 || 2009965 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SportFusion Component UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36481/info || url,doc.emergingthreats.net/2009965 1 || 2009966 || 3 || policy-violation || 0 || ET P2P KuGoo P2P Connection || url,koogoo.com || url,doc.emergingthreats.net/2009966 1 || 2009967 || 5 || policy-violation || 0 || ET P2P eMule KAD Network Connection Request || url,emule-project.net || url,doc.emergingthreats.net/2009967 1 || 2009968 || 4 || policy-violation || 0 || ET P2P eMule KAD Network Connection Request(2) || url,emule-project.net || url,doc.emergingthreats.net/2009968 1 || 2009969 || 4 || policy-violation || 0 || ET P2P eMule KAD Network Firewalled Request || url,emule-project.net || url,doc.emergingthreats.net/2009969 1 || 2009970 || 4 || policy-violation || 0 || ET P2P eMule Kademlia Hello Request || url,emule-project.net || url,doc.emergingthreats.net/2009970 1 || 2009971 || 5 || policy-violation || 0 || ET P2P eMule KAD Network Hello Request (2) || url,emule-project.net || url,doc.emergingthreats.net/2009971 1 || 2009972 || 4 || policy-violation || 0 || ET P2P eMule KAD Network Server Status Request || url,emule-project.net || url,doc.emergingthreats.net/2009972 1 || 2009973 || 4 || policy-violation || 0 || ET P2P eMule KAD Network Send Username || url, emule-project.net || url,doc.emergingthreats.net/2009973 1 || 2009976 || 4 || denial-of-service || 0 || ET EXPLOIT Siemens Gigaset SE361 WLAN Data Flood Denial of Service Vulnerability || cve,CVE-2009-3322 || bugtraq,36366 || url,www.milw0rm.com/exploits/9646 || url,doc.emergingthreats.net/2009976 1 || 2009977 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability || cve,CVE-2009-3326 || url,www.milw0rm.com/exploits/9727 || url,doc.emergingthreats.net/2009977 1 || 2009978 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability || cve,CVE-2009-3326 || url,www.milw0rm.com/exploits/9727 || url,doc.emergingthreats.net/2009978 1 || 2009979 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability || cve,CVE-2009-3326 || url,www.milw0rm.com/exploits/9727 || url,doc.emergingthreats.net/2009979 1 || 2009980 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability || cve,CVE-2009-3326 || url,www.milw0rm.com/exploits/9727 || url,doc.emergingthreats.net/2009980 1 || 2009981 || 2 || attempted-user || 0 || ET FTP Possible FTP Daemon Username SELECT FROM SQL Injection Attempt || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2009981 1 || 2009982 || 2 || attempted-user || 0 || ET FTP Possible FTP Daemon Username DELETE FROM SQL Injection Attempt || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2009982 1 || 2009983 || 2 || attempted-user || 0 || ET FTP Possible FTP Daemon Username INSERT INTO SQL Injection Attempt || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2009983 1 || 2009984 || 2 || attempted-user || 0 || ET FTP Possible FTP Daemon Username UPDATE SET SQL Injection Attempt || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2009984 1 || 2009985 || 2 || attempted-user || 0 || ET FTP Possible FTP Daemon Username UNION SELECT SQL Injection Attempt || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2009985 1 || 2009986 || 2 || trojan-activity || 0 || ET P2P Octoshape UDP Session || url,msmvps.com/blogs/bradley/archive/2009/01/20/peer-to-peer-on-cnn.aspx || url,doc.emergingthreats.net/2009986 1 || 2009987 || 7 || trojan-activity || 0 || ET DELETED OneStep Adware related User Agent (x) || url,www.symantec.com/security_response/writeup.jsp?docid=2008-112613-5052-99&tabid=2 1 || 2009988 || 5 || trojan-activity || 0 || ET TROJAN Banker.Delf User-Agent (MzApp) || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2007594 1 || 2009990 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM Lotus Connections simpleSearch.do Cross-Site Scripting Attempt || url,www.securitytracker.com/alerts/2009/Sep/1022945.html || url,doc.emergingthreats.net/2009990 1 || 2009991 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (MyIE/1.0) || url,doc.emergingthreats.net/2009991 1 || 2009993 || 8 || trojan-activity || 0 || ET MALWARE www.vaccinekiller.com Related Spyware User-Agent (VaccineKillerIU) || url,doc.emergingthreats.net/2009993 1 || 2009994 || 7 || trojan-activity || 0 || ET TROJAN User-Agent (STEROID Download) || url,anubis.iseclab.org/?action=result&task_id=17b118a86edba30f4f588db66eaf55d10 || url,security.thejoshmeister.com/2009/09/new-malware-ddos-botexe-etc-and.html || url,doc.emergingthreats.net/2009994 1 || 2009995 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (ONANDON) || url,doc.emergingthreats.net/2009995 1 || 2009998 || 9 || policy-violation || 0 || ET POLICY Smilebox Spyware Download || url,www.smilebox.com/info/privacy.html || url,doc.emergingthreats.net/2009998 1 || 2009999 || 3 || attempted-user || 0 || ET EXPLOIT xp_servicecontrol access || url,doc.emergingthreats.net/2009999 1 || 2010000 || 3 || attempted-user || 0 || ET EXPLOIT xp_fileexist access || url,doc.emergingthreats.net/2010000 1 || 2010001 || 3 || attempted-user || 0 || ET EXPLOIT xp_enumerrorlogs access || url,doc.emergingthreats.net/2010001 1 || 2010002 || 4 || attempted-user || 0 || ET EXPLOIT xp_readerrorlogs access || url,doc.emergingthreats.net/2010002 1 || 2010003 || 4 || attempted-user || 0 || ET EXPLOIT xp_enumdsn access || url,doc.emergingthreats.net/2010003 1 || 2010004 || 5 || attempted-user || 0 || ET WEB_SERVER SQL sp_start_job attempt || url,doc.emergingthreats.net/2010004 1 || 2010007 || 12 || trojan-activity || 0 || ET TROJAN Potential Gemini Malware Download || url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791 || url,doc.emergingthreats.net/2010007 1 || 2010008 || 4 || policy-violation || 0 || ET P2P Octoshape P2P streaming media || url,doc.emergingthreats.net/2010008 1 || 2010009 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Webmin Pre-1.290 Compromise Attempt || url,bliki.rimuhosting.com/comments/knowledgebase/linux/miscapplications/webmin || url,doc.emergingthreats.net/2010009 1 || 2010010 || 8 || attempted-user || 0 || ET ACTIVEX Possible HP LoadRunner XUpload.ocx ActiveX Control MakeHttpRequest Arbitrary File Download Attempt || url,www.securityfocus.com/bid/36550/info || url,doc.emergingthreats.net/2010010 1 || 2010011 || 8 || attempted-user || 0 || ET ACTIVEX Possible Symantec Altiris Deployment Solution AeXNSPkgDLLib.dll ActiveX Control DownloadAndInstall Method Arbitrary Code Execution Attempt || url,securitytracker.com/alerts/2009/Sep/1022928.html || url,www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00 || url,trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb?rev=7023 || url,doc.emergingthreats.net/2010011 1 || 2010012 || 7 || attempted-user || 0 || ET ACTIVEX Possible EMC Captiva QuickScan Pro KeyWorks KeyHelp Module keyhelp.ocx ActiveX Control Remote Buffer Overflow Attempt || url,www.securityfocus.com/bid/36546/info || url,tools.cisco.com/security/center/viewAlert.x?alertId=19135 || url,downloads.securityfocus.com/vulnerabilities/exploits/36546.html || url,doc.emergingthreats.net/2010012 1 || 2010013 || 8 || attempted-user || 0 || ET ACTIVEX Possible SAP GUI ActiveX Control Insecure Method File Overwrite Attempt || url,www.securitytracker.com/alerts/2009/Sep/1022953.html || url,doc.emergingthreats.net/2010013 1 || 2010014 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla! Game Server Component 'id' Parameter UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36213/info || url,doc.emergingthreats.net/2010014 1 || 2010015 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla! Game Server Component 'id' Parameter SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36213/info || url,doc.emergingthreats.net/2010015 1 || 2010016 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla! Game Server Component 'id' Parameter DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36213/info || url,doc.emergingthreats.net/2010016 1 || 2010017 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla! Game Server Component 'id' Parameter UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36213/info || url,doc.emergingthreats.net/2010017 1 || 2010018 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla Game Server Component id Parameter INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36213/info || url,doc.emergingthreats.net/2010018 1 || 2010019 || 8 || attempted-recon || 0 || ET SCAN Tomcat Web Application Manager scanning || url,doc.emergingthreats.net/2010019 1 || 2010020 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SHOP-INET show_cat2.php grid Parameter SQL Injection || bugtraq,33471 || url,milw0rm.com/exploits/7874 || url,secunia.com/advisories/33660/ || url,doc.emergingthreats.net/2010020 1 || 2010021 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RS-CMS rscms_mod_newsview.php key Parameter Processing Remote SQL Injection || url,milw0rm.com/exploits/9000 || url,vupen.com/english/advisories/2009/1658 || url,doc.emergingthreats.net/2010021 1 || 2010022 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AdaptWeb a_index.php CodigoDisciplina Parameter Remote SQL Injection || cve,CVE-2009-2152 || url,en.securitylab.ru/nvd/381723.php || url,milw0rm.com/exploits/8954 || url,doc.emergingthreats.net/2010022 1 || 2010023 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LightOpenCMS smarty.php cwd Parameter Local File Inclusion || url,www.exploit-db.com/exploits/9015/ || url,en.securitylab.ru/nvd/381880.php || url,doc.emergingthreats.net/2010023 1 || 2010024 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LightOpenCMS smarty.php cwd Parameter Remote File Inclusion || url,www.exploit-db.com/exploits/9015/ || url,en.securitylab.ru/nvd/381880.php || url,doc.emergingthreats.net/2010024 1 || 2010025 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DM Albums album.php SECURITY_FILE Parameter Local File Inclusion || url,secunia.com/advisories/35622/ || bugtraq,35521 || url,milw0rm.com/exploits/9044 || url,doc.emergingthreats.net/2010025 1 || 2010026 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TorrentTrader Classic delreq.php categ Parameter Sql Injection || url,milw0rm.com/exploits/8958 || bugtraq,35369 || url,doc.emergingthreats.net/2010026 1 || 2010027 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DM Albums album.php SECURITY_FILE Parameter Remote File Inclusion || url,secunia.com/advisories/35622/ || bugtraq,35521 || url,milw0rm.com/exploits/9044 || url,doc.emergingthreats.net/2010027 1 || 2010028 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NewSolved newsscript.php jahr Parameter SQL Injection || url,secunia.com/advisories/35611/ || url,www.exploit-db.com/exploits/9042/ || url,doc.emergingthreats.net/7741 1 || 2010029 || 9 || web-application-attack || 0 || ET ACTIVEX PDFZilla 1.0.8 ActiveX DebugMsgLog method DOS CLSid Access || url,packetstormsecurity.org/0908-exploits/pdfzilla-overflow.txt || url,doc.emergingthreats.net/9130 1 || 2010030 || 6 || web-application-activity || 0 || ET POLICY Exchange 2003 OWA plain-text E-Mail message access not SSL || url,support.microsoft.com/kb/321832 1 || 2010031 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Novell eDirectory 'dconserv.dlm' Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/36567/info || url,doc.emergingthreats.net/2010031 1 || 2010032 || 4 || trojan-activity || 0 || ET DELETED Internal User may have Visited an ASProx Infected Site (ads-t.ru) || url,garwarner.blogspot.com/2009/10/cyber-security-awareness-month-day-one.html || url,doc.emergingthreats.net/2010032 1 || 2010033 || 5 || trojan-activity || 0 || ET DELETED Internal User may have Visited an ASProx Infected Site (bannert.ru) || url,garwarner.blogspot.com/2009/10/cyber-security-awareness-month-day-one.html || url,doc.emergingthreats.net/2010033 1 || 2010034 || 6 || trojan-activity || 0 || ET DELETED Internal User may have Visited an ASProx Infected Site (bannerdriven.ru) || url,garwarner.blogspot.com/2009/10/cyber-security-awareness-month-day-one.html || url,doc.emergingthreats.net/2010034 1 || 2010035 || 6 || attempted-user || 0 || ET ACTIVEX Possible EMC Captiva PixTools Distributed Imaging ActiveX Control Vulnerable WriteToLog Method Arbitrary File Creation/Overwrite Attempt || url,www.securityfocus.com/bid/36566/info || url,www.shinnai.net/xplits/TXT_17zVMhRhsRE6qC6DAj52.html || url,doc.emergingthreats.net/2010035 1 || 2010036 || 4 || attempted-user || 0 || ET ACTIVEX Possible EMC Captiva PixTools Distributed Imaging ActiveX Control Vulnerable SetLogLevel/SetLogFileName Method Arbitrary File Creation/Overwrite Attempt || url,www.securityfocus.com/bid/36566/info || url,www.shinnai.net/xplits/TXT_17zVMhRhsRE6qC6DAj52.html || url,doc.emergingthreats.net/2010036 1 || 2010037 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection INTO OUTFILE Arbitrary File Write Attempt || url,www.milw0rm.com/papers/372 || url,www.greensql.net/publications/backdoor-webserver-using-mysql-sql-injection || url,websec.wordpress.com/2007/11/17/mysql-into-outfile/ || url,doc.emergingthreats.net/2010037 1 || 2010038 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible INTO OUTFILE Arbitrary File Write SQL Injection In Cookie || url,www.milw0rm.com/papers/372 || url,www.greensql.net/publications/backdoor-webserver-using-mysql-sql-injection || url,websec.wordpress.com/2007/11/17/mysql-into-outfile/ || url,doc.emergingthreats.net/2010038 1 || 2010039 || 6 || attempted-user || 0 || ET ACTIVEX Possible AOL SuperBuddy ActiveX Control Remote Code Execution Attempt || url,www.securityfocus.com/bid/36580/info || url,www.securityfocus.com/archive/1/506889 || url,doc.emergingthreats.net/2010039 1 || 2010040 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36598/info || url,doc.emergingthreats.net/2010040 1 || 2010041 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36598/info || url,doc.emergingthreats.net/2010041 1 || 2010042 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36598/info || url,doc.emergingthreats.net/2010042 1 || 2010043 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36598/info || url,doc.emergingthreats.net/2010043 1 || 2010044 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36598/info || url,doc.emergingthreats.net/2010044 1 || 2010045 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Soundset Component 'cat_id' Parameter SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36597/info || url,doc.emergingthreats.net/2010045 1 || 2010046 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Soundset Component 'cat_id' Parameter DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36597/info || url,doc.emergingthreats.net/2010046 1 || 2010047 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Soundset Component 'cat_id' Parameter UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36597/info || url,doc.emergingthreats.net/2010047 1 || 2010048 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Soundset Component 'cat_id' Parameter INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36597/info || url,doc.emergingthreats.net/2010048 1 || 2010050 || 6 || trojan-activity || 0 || ET TROJAN Likely Fake Antivirus Download Antivirus_21.exe || url,doc.emergingthreats.net/2010050 1 || 2010051 || 4 || trojan-activity || 0 || ET TROJAN Likely Fake Antivirus Download ws.exe || url,doc.emergingthreats.net/2010051 1 || 2010052 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS MALWARE Likely Rogue Antivirus Download - ws.zip || url,doc.emergingthreats.net/2010052 1 || 2010053 || 3 || trojan-activity || 0 || ET DELETED TROJAN Likely FakeRean Download || url,doc.emergingthreats.net/2010053 1 || 2010054 || 6 || trojan-activity || 0 || ET TROJAN Likely TDSS Download (codec.exe) || url,doc.emergingthreats.net/2010054 1 || 2010055 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Likely TDSS Download (pcdef.exe) || url,doc.emergingthreats.net/2010055 1 || 2010056 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS TROJAN Likely TDSS Download (197.exe) || url,doc.emergingthreats.net/2010056 1 || 2010057 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Fake Antivirus Download installpv.exe || url,doc.emergingthreats.net/2010057 1 || 2010058 || 3 || trojan-activity || 0 || ET DELETED MALWARE Likely Unknown Trojan Download || url,doc.emergingthreats.net/2010058 1 || 2010059 || 7 || trojan-activity || 0 || ET TROJAN Likely Infostealer exe Download 1 || 2010060 || 3 || trojan-activity || 0 || ET DELETED TROJAN Likely Possible Rogue A/V Win32/FakeXPA Download || url,doc.emergingthreats.net/2010060 1 || 2010061 || 10 || trojan-activity || 0 || ET TROJAN Likely Fake Antivirus Download InternetAntivirusPro.exe || url,doc.emergingthreats.net/2010061 1 || 2010062 || 5 || trojan-activity || 0 || ET TROJAN Likely Fake Antivirus Download AntivirusPlus.exe || url,doc.emergingthreats.net/2010062 1 || 2010064 || 6 || trojan-activity || 0 || ET DELETED Buzus Posting Data || url,doc.emergingthreats.net/2010064 1 || 2010065 || 5 || trojan-activity || 0 || ET TROJAN SafeFighter Fake Scanner Installation in Progress || url,doc.emergingthreats.net/2010065 1 || 2010066 || 10 || trojan-activity || 0 || ET POLICY Data POST to an image file (gif) || url,doc.emergingthreats.net/2010066 1 || 2010067 || 9 || trojan-activity || 0 || ET POLICY Data POST to an image file (jpg) || url,doc.emergingthreats.net/2010067 1 || 2010068 || 7 || trojan-activity || 0 || ET POLICY Data POST to an image file (jpeg) || url,doc.emergingthreats.net/2010068 1 || 2010069 || 7 || trojan-activity || 0 || ET POLICY Data POST to an image file (bmp) || url,doc.emergingthreats.net/2010069 1 || 2010070 || 6 || trojan-activity || 0 || ET POLICY Data POST to an image file (png) || url,doc.emergingthreats.net/2010070 1 || 2010071 || 9 || trojan-activity || 0 || ET TROJAN Hiloti/Mufanom Downloader Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fHiloti.gen!A || url,doc.emergingthreats.net/2010071 || url,blog.fortinet.com/hiloti-the-botmaster-of-disguise/ 1 || 2010072 || 8 || trojan-activity || 0 || ET TROJAN Bredolab Infection - Windows Key || url,doc.emergingthreats.net/2010072 1 || 2010073 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Docebo UPDATE SET SQL Injection Attempt || url,www.securityfocus.com/bid/36654/info || url,www.securityfocus.com/archive/1/507072 || url,doc.emergingthreats.net/2010073 1 || 2010074 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Docebo UNION SELECT SQL Injection Attempt || url,www.securityfocus.com/bid/36654/info || url,www.securityfocus.com/archive/1/507072 || url,doc.emergingthreats.net/2010074 1 || 2010075 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Docebo SELECT FROM SQL Injection Attempt || url,www.securityfocus.com/bid/36654/info || url,www.securityfocus.com/archive/1/507072 || url,doc.emergingthreats.net/2010075 1 || 2010076 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Docebo DELETE FROM SQL Injection Attempt || url,www.securityfocus.com/bid/36654/info || url,www.securityfocus.com/archive/1/507072 || url,doc.emergingthreats.net/2010076 1 || 2010077 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Docebo INSERT INTO Injection Attempt || url,www.securityfocus.com/bid/36654/info || url,www.securityfocus.com/archive/1/507072 || url,doc.emergingthreats.net/2010077 1 || 2010078 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Docebo UPDATE SET SQL Injection Attempt || url,www.securityfocus.com/bid/36654/info || url,www.securityfocus.com/archive/1/507072 || url,doc.emergingthreats.net/2010078 1 || 2010080 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible AIOCP cp_html2xhtmlbasic.php Remote File Inclusion Attempt || url,www.securityfocus.com/bid/36609/info || url,www.securityfocus.com/archive/1/507030 || url,doc.emergingthreats.net/2010080 1 || 2010081 || 2 || attempted-user || 0 || ET FTP Possible FTP Daemon Username INTO OUTFILE SQL Injection Attempt || url,www.milw0rm.com/papers/372 || url,www.greensql.net/publications/backdoor-webserver-using-mysql-sql-injection || url,websec.wordpress.com/2007/11/17/mysql-into-outfile/ || url,doc.emergingthreats.net/2010081 1 || 2010082 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible AWStats awstats.pl Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/30730/info || url,bugzilla.redhat.com/show_bug.cgi?id=474396 || url,sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764 || cve,2008-3714 || url,doc.emergingthreats.net/2010082 1 || 2010084 || 4 || web-application-attack || 0 || ET WEB_SERVER Possible ALTER SQL Injection Attempt || url,www.owasp.org/index.php/SQL_Injection || url,www.w3schools.com/SQl/sql_alter.asp || url,doc.emergingthreats.net/2010084 1 || 2010085 || 4 || web-application-attack || 0 || ET WEB_SERVER Possible DROP SQL Injection Attempt || url,www.owasp.org/index.php/SQL_Injection || url,www.w3schools.com/SQl/sql_drop.asp || url,doc.emergingthreats.net/2010085 1 || 2010086 || 5 || web-application-attack || 0 || ET WEB_SERVER Possible CREATE SQL Injection Attempt in URI || url,www.owasp.org/index.php/SQL_Injection || url,www.w3schools.com/Sql/sql_create_db.asp || url,doc.emergingthreats.net/2010086 1 || 2010087 || 6 || attempted-recon || 0 || ET SCAN Suspicious User-Agent Containing SQL Inject/ion, Likely SQL Injection Scanner || url,www.owasp.org/index.php/SQL_Injection || url,doc.emergingthreats.net/2010087 1 || 2010088 || 5 || attempted-recon || 0 || ET SCAN Suspicious User-Agent Containing Web Scan/er, Likely Web Scanner || url,doc.emergingthreats.net/2010088 1 || 2010089 || 5 || attempted-recon || 0 || ET SCAN Suspicious User-Agent Containing Security Scan/ner, Likely Scan || url,doc.emergingthreats.net/2010089 1 || 2010092 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Webradev Download Protect EmailTemplates.class.php Remote File Inclusion || url,milw0rm.com/exploits/8792 || url,doc.emergingthreats.net/2010092 1 || 2010093 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Webradev Download Protect PDPEmailReplaceConstants.class.php Remote File Inclusion || url,milw0rm.com/exploits/8792 || url,doc.emergingthreats.net/2010093 1 || 2010094 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Webradev Download Protect ResellersManager.class.php Remote File Inclusion || url,milw0rm.com/exploits/8792 || url,doc.emergingthreats.net/2010094 1 || 2010095 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPGenealogy CoupleDB.php DataDirectory Parameter Remote File Inclusion || url,milw0rm.com/exploits/9155 || url,packetstormsecurity.org/0907-exploits/phpgenealogy-rfi.txt || url,doc.emergingthreats.net/2010095 1 || 2010096 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GROUP-E head_auth.php CFG Parameter Remote File Inclusion || url,juniper.net/security/auto/vulnerabilities/vuln28024.html || bugtraq,28024 || url,milw0rm.com/exploits/5197 || url,doc.emergingthreats.net/2010096 1 || 2010097 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RaXnet Cacti top_graph_header.php config Parameter Remote File Inclusion || bugtraq,14030 || url,doc.emergingthreats.net/2010097 1 || 2010098 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Telephone Directory 2008 edit1.php code Parameter SQL Injection || bugtraq,29614 || url,xforce.iss.net/xforce/xfdb/42972 || url,milw0rm.com/exploits/5764 || url,doc.emergingthreats.net/2010098 1 || 2010099 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS News Manager ch_readalso.php read_xml_include Parameter Remote File Inclusion || bugtraq,29251 || url,xforce.iss.net/xforce/xfdb/42459 || url,milw0rm.com/exploits/5624 || url,doc.emergingthreats.net/2010099 1 || 2010100 || 7 || trojan-activity || 0 || ET TROJAN Palevo/BFBot/Mariposa client join attempt || url,defintel.com/docs/Mariposa_Analysis.pdf || url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html || url,doc.emergingthreats.net/2010100 || url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php || url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2 || url,www.symantec.com/connect/blogs/mariposa-butterfly 1 || 2010101 || 6 || trojan-activity || 0 || ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement || url,defintel.com/docs/Mariposa_Analysis.pdf || url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html || url,doc.emergingthreats.net/2010101 || url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php || url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2 || url,www.symantec.com/connect/blogs/mariposa-butterfly 1 || 2010119 || 6 || web-application-attack || 0 || ET WEB_SERVER xp_cmdshell Attempt in Cookie || url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm || url,msdn.microsoft.com/en-us/library/ms175046.aspx || url,tools.cisco.com/security/center/viewAlert.x?alertId=4072 || url,doc.emergingthreats.net/2010119 1 || 2010121 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Celepar module for Xoops aviso.php codigo SQL injection || url,milw0rm.com/exploits/9249 || url,xforce.iss.net/xforce/xfdb/51985 || url,doc.emergingthreats.net/2010121 1 || 2010122 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NewSolved newsscript.php idneu Parameter SQL Injection || url,secunia.com/advisories/35611/ || url,www.exploit-db.com/exploits/9042/ || url,doc.emergingthreats.net/2010122 1 || 2010123 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NewSolved newsscript.php newsid Parameter SQL Injection || url,secunia.com/advisories/35611/ || url,www.exploit-db.com/exploits/9042/ || url,doc.emergingthreats.net/2010123 1 || 2010124 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SERWeb load_lang.php configdir Parameter Remote File Inclusion || bugtraq,26747 || url,milworm.com/exploits/9284 || url,doc.emergingthreats.net/2010124 1 || 2010125 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SERWeb main_prepend.php functionsdir Parameter Remote File Inclusion || bugtraq,26747 || url,milworm.com/exploits/9284 || url,doc.emergingthreats.net/2010125 1 || 2010126 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultrize TimeSheet timesheet.php include_dir Parameter Remote File Inclusion || url,milw0rm.com/exploits/9297 || url,secunia.com/advisories/36033/ || url,doc.emergingthreats.net/2010126 1 || 2010127 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultrize TimeSheet timesheet.php include_dir Parameter Local File Inclusion || url,milw0rm.com/exploits/9297 || url,secunia.com/advisories/36033/ || url,doc.emergingthreats.net/2010127 1 || 2010129 || 6 || trojan-activity || 0 || ET TROJAN TROJAN Drop.Agent.bfsv HTTP Activity (UsER-AgENt) || url,doc.emergingthreats.net/2010129 1 || 2010131 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable UNION SELECT SQL Injection Attempt || url,securitytracker.com/alerts/2009/Oct/1023017.html || url,www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt || url,www.securityfocus.com/bid/36660/info || cve,2009-2734 || url,doc.emergingthreats.net/2010131 1 || 2010132 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable SELECT FROM SQL Injection Attempt || url,securitytracker.com/alerts/2009/Oct/1023017.html || url,www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt || url,www.securityfocus.com/bid/36660/info || cve,2009-2734 || url,doc.emergingthreats.net/2010132 1 || 2010133 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable INSERT INTO SQL Injection Attempt || url,securitytracker.com/alerts/2009/Oct/1023017.html || url,www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt || url,www.securityfocus.com/bid/36660/info || cve,2009-2734 || url,doc.emergingthreats.net/2010133 1 || 2010134 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable DELETE FROM SQL Injection Attempt || url,securitytracker.com/alerts/2009/Oct/1023017.html || url,www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt || url,www.securityfocus.com/bid/36660/info || cve,2009-2734 || url,doc.emergingthreats.net/2010134 1 || 2010135 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable UPDATE SET SQL Injection Attempt || url,securitytracker.com/alerts/2009/Oct/1023017.html || url,www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt || url,www.securityfocus.com/bid/36660/info || cve,2009-2734 || url,doc.emergingthreats.net/2010135 1 || 2010136 || 5 || trojan-activity || 0 || ET DELETED Suspicious User-Agent (asp2009) || url,www.threatexpert.com/report.aspx?md5=6cad864a439da7bbd6f1cec941cca72b || url,doc.emergingthreats.net/2010136 1 || 2010137 || 5 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (Sme32) || url,doc.emergingthreats.net/2010137 1 || 2010138 || 4 || trojan-activity || 0 || ET TROJAN Possible Win32/Agent.QBY CnC Post || url,www.threatexpert.com/report.aspx?uid=4f05faef-6a70-4957-8990-b316d8487f63 || url,doc.emergingthreats.net/2010138 1 || 2010139 || 5 || policy-violation || 0 || ET P2P Vuze BT Connection || url,vuze.com || url,doc.emergingthreats.net/2010139 1 || 2010140 || 5 || policy-violation || 0 || ET P2P Vuze BT UDP Connection || url,vuze.com || url,doc.emergingthreats.net/2010140 1 || 2010141 || 3 || policy-violation || 0 || ET P2P Vuze BT UDP Connection (2) || url,vuze.com || url,doc.emergingthreats.net/2010141 1 || 2010142 || 4 || policy-violation || 0 || ET P2P Vuze BT UDP Connection (3) || url,doc.emergingthreats.net/2010142 1 || 2010143 || 3 || policy-violation || 0 || ET P2P Vuze BT UDP Connection (4) || url,doc.emergingthreats.net/2010143 1 || 2010144 || 5 || policy-violation || 0 || ET P2P Vuze BT UDP Connection (5) || url,vuze.com || url,doc.emergingthreats.net/2010144 1 || 2010145 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM Rational RequisitePro ReqWebHelp Cross Site Scripting Attempt || url,www.securityfocus.com/bid/36721/info || url,www-01.ibm.com/support/docview.wss?uid=swg1PK83895 || url,doc.emergingthreats.net/2010145 1 || 2010146 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Apache Tomcat Host Manager Cross Site Scripting Attempt || url,www.securityfocus.com/bid/29502/info || cve,2008-1947 || url,doc.emergingthreats.net/2010146 1 || 2010147 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible bloofoxCMS 'search' Parameter Cross Site Scripting Attempt || url,www.securityfocus.com/bid/36700/info || url,doc.emergingthreats.net/2010147 1 || 2010148 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS DHL Spam Inbound || url,doc.emergingthreats.net/2010148 1 || 2010150 || 6 || trojan-activity || 0 || ET TROJAN Koobface HTTP Request (2) || url,ddanchev.blogspot.com/2009/09/koobface-botnets-scareware-business.html || url,doc.emergingthreats.net/2010150 1 || 2010151 || 8 || trojan-activity || 0 || ET TROJAN Koobface C&C availability check || url,us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/the_20heart_20of_20koobface_final_1_.pdf || url,doc.emergingthreats.net/2010151 1 || 2010152 || 3 || trojan-activity || 0 || ET TROJAN Koobface C&C availability check successful || url,us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/the_20heart_20of_20koobface_final_1_.pdf || url,doc.emergingthreats.net/2010152 1 || 2010153 || 6 || trojan-activity || 0 || ET TROJAN Koobface fetch C&C command detected || url,us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/the_20heart_20of_20koobface_final_1_.pdf || url,doc.emergingthreats.net/2010153 1 || 2010154 || 5 || web-application-attack || 0 || ET ACTIVEX EMC Captiva PixTools ActiveX Arbitrary File Creation/Overwrite function call Attempt || url,www.securityfocus.com/bid/36566/info || url,www.shinnai.net/xplits/TXT_17zVMhRhsRE6qC6DAj52.html || url,doc.emergingthreats.net/2010154 1 || 2010155 || 5 || web-application-attack || 0 || ET ACTIVEX EMC Captiva PixTools ActiveX Arbitrary File Creation/Overwrite function call Attempt || url,www.securityfocus.com/bid/36566/info || url,www.shinnai.net/xplits/TXT_17zVMhRhsRE6qC6DAj52.html || url,doc.emergingthreats.net/2010155 1 || 2010156 || 6 || misc-attack || 0 || ET GAMES Alien Arena 7.30 Remote Code Execution Attempt || url,www.packetstormsecurity.org/0910-advisories/alienarena-exec.txt || url,doc.emergingthreats.net/2010156 1 || 2010157 || 8 || not-suspicious || 0 || ET POLICY Suspicious User-Agent (XXX) Often Sony Update Related || url,doc.emergingthreats.net/bin/view/Main/2010157 1 || 2010158 || 6 || trojan-activity || 0 || ET TROJAN Nanspy Bot Checkin || url,doc.emergingthreats.net/2010158 1 || 2010159 || 4 || attempted-admin || 0 || ET WEB_SERVER Possible 3Com OfficeConnect Router Default User Account Remote Command Execution Attempt || url,securitytracker.com/alerts/2009/Oct/1023051.html || url,www.securityfocus.com/archive/1/507263 || url,www.securityfocus.com/bid/36722/info || url,doc.emergingthreats.net/2010159 1 || 2010160 || 7 || attempted-user || 0 || ET ACTIVEX Possible AOL IWinAmp ActiveX ConvertFile Buffer Overflow Attempt || url,www.milw0rm.org/exploits/8733 || url,www.securityfocus.com/bid/35028 || url,doc.emergingthreats.net/2010160 1 || 2010161 || 5 || attempted-user || 0 || ET ACTIVEX Possible Edraw PDF Viewer FtpConnect Component ActiveX Remote code execution Attempt || url,www.milw0rm.org/exploits/8986 || url,doc.emergingthreats.net/2010161 1 || 2010162 || 3 || attempted-recon || 0 || ET WEB_SERVER Possible Sucessful Juniper NetScreen ScreenOS Firmware Version Disclosure Attempt || url,securitytracker.com/alerts/2009/Apr/1022123.html || url,www.securityfocus.com/bid/34710 || url,seclists.org/bugtraq/2009/Apr/242 || url,www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-05 || url,doc.emergingthreats.net/2010162 1 || 2010163 || 7 || trojan-activity || 0 || ET TROJAN Glacial Dracon C&C Communication || url,www.threatexpert.com/report.aspx?md5=912692cb4e3f960c9cb4bbc96fa17c9d || url,www.threatexpert.com/report.aspx?md5=fd3d061ee86987e8f3f245c2dc0ceb46 || url,doc.emergingthreats.net/2010163 1 || 2010164 || 6 || trojan-activity || 0 || ET TROJAN Daonol C&C Communication || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fDaonol || url,blog.fireeye.com/research/2009/10/gumblar-not-gumby.html || url,www.iss.net/threats/gumblar.html || url,blog.scansafe.com/journal/2009/10/15/gumblar-website-botnet-awakes.html || url,doc.emergingthreats.net/2010164 1 || 2010165 || 7 || trojan-activity || 0 || ET TROJAN Tibs/Harnig Downloader Activity || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fHarnig || url,www.threatexpert.com/report.aspx?md5=2ce9c871a8a217cafcdce15c6c1e8dfc || url,doc.emergingthreats.net/2010165 1 || 2010167 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security viewHeaders.asp Queue XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010167 1 || 2010168 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security viewHeaders.asp FileName XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010168 1 || 2010169 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security viewHeaders.asp IsolatedMessageID XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010169 1 || 2010170 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security viewHeaders.asp ServerName XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010170 1 || 2010171 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgAnalyse.asp FileName XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010171 1 || 2010172 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgAnalyse.asp IsolatedMessageID XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010172 1 || 2010173 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgAnalyse.asp ServerName XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010173 1 || 2010174 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgAnalyse.asp Dictionary XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010174 1 || 2010175 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgAnalyse.asp Scoring XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010175 1 || 2010176 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgAnalyse.asp MessagePart XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010176 1 || 2010177 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgForwardToRiskFilter.asp Queue XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010177 1 || 2010178 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgForwardToRiskFilter.asp FileName XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010178 1 || 2010179 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgForwardToRiskFilter.asp IsolatedMessageID XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010179 1 || 2010180 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgForwardToRiskFilter.asp ServerName XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010180 1 || 2010181 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Rational RequisitePro ReqWebHelp searchWord Cross Site Scripting Attempt || url,www.securityfocus.com/bid/36721/info || url,www-01.ibm.com/support/docview.wss?uid=swg1PK83895 || url,doc.emergingthreats.net/2010181 1 || 2010182 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Rational RequisitePro ReqWebHelp maxHits Cross Site Scripting Attempt || url,www.securityfocus.com/bid/36721/info || url,www-01.ibm.com/support/docview.wss?uid=swg1PK83895 || url,doc.emergingthreats.net/2010182 1 || 2010183 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Rational RequisitePro ReqWebHelp scopedSearch Cross Site Scripting Attempt || url,www.securityfocus.com/bid/36721/info || url,www-01.ibm.com/support/docview.wss?uid=swg1PK83895 || url,doc.emergingthreats.net/2010183 1 || 2010184 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Rational RequisitePro ReqWebHelp scope Cross Site Scripting Attempt || url,www.securityfocus.com/bid/36721/info || url,www-01.ibm.com/support/docview.wss?uid=swg1PK83895 || url,doc.emergingthreats.net/2010184 1 || 2010185 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QUICKTEAM qte_result.php title Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/0910-exploits/quickteam-sql.txt || url,doc.emergingthreats.net/2010185 1 || 2010186 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QUICKTEAM qte_result.php title Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/0910-exploits/quickteam-sql.txt || url,doc.emergingthreats.net/2010186 1 || 2010187 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QUICKTEAM qte_result.php title Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/0910-exploits/quickteam-sql.txt || url,doc.emergingthreats.net/2010187 1 || 2010188 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QUICKTEAM qte_result.php title Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/0910-exploits/quickteam-sql.txt || url,doc.emergingthreats.net/2010188 1 || 2010189 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QUICKTEAM qte_result.php title Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/0910-exploits/quickteam-sql.txt || url,doc.emergingthreats.net/2010189 1 || 2010190 || 4 || attempted-user || 0 || ET ACTIVEX Altirix eXpress NS SC ActiveX Arbitrary Code Execution Function Call || url,trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb?rev=7023 || url,secunia.com/advisories/36679 || url,doc.emergingthreats.net/2010190 1 || 2010191 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS justVisual contact.php fs_jVroot Parameter Remote File Inclusion || url,secunia.com/advisories/36072/ || url,milw0rm.com/exploits/9308 || url,doc.emergingthreats.net/2010191 1 || 2010192 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS justVisual pageTemplate.php fs_jVroot Parameter Remote File Inclusion || url,secunia.com/advisories/36072/ || url,milw0rm.com/exploits/9308 || url,doc.emergingthreats.net/2010192 1 || 2010193 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS justVisual utilities.php fs_jVroot Parameter Remote File Inclusion || url,secunia.com/advisories/36072/ || url,milw0rm.com/exploits/9308 || url,doc.emergingthreats.net/2010193 1 || 2010194 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adobe JRun Directory Traversal || url,www.dsecrg.ru/pages/vul/show.php?id=152 || url,www.vupen.com/english/advisories/2009/2285 || url,doc.emergingthreats.net/2010194 1 || 2010195 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DS CMS DetailFile.php nFileId Parameter SQL Injection || url,packetstormsecurity.org/0908-exploits/dscms-sql.txt || url,doc.emergingthreats.net/2010195 1 || 2010196 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2FLY Gift Delivery 2fly_gift.php gameid Parameter SQL Injection || url,secunia.com/advisories/36294/ || url,osvdb.org/show/osvdb/57136 || url,doc.emergingthreats.net/2010196 1 || 2010197 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KingCMS menu.php CONFIG Parameter Remote File Inclusion || url,osvdb.org/show/osvdb/57688 || url,doc.emergingthreats.net/2010197 1 || 2010198 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Autonomous LAN Party _bot.php master Parameter Remote File Inclusion || url,secunia.com/advisories/36354 || url,packetstormsecurity.nl/0908-exploits/autonomouslan-rfi.txt || url,doc.emergingthreats.net/2010198 1 || 2010200 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross Site Scripting Attempt || cve,2007-5923 || url,www.securityfocus.com/bid/26375/info || url,doc.emergingthreats.net/2010200 1 || 2010201 || 3 || trojan-activity || 0 || ET TROJAN Silon Encrypted Data POST to C&C || url,www.trusteer.com/webform/w32silon-malware-analysis || url,doc.emergingthreats.net/2010201 1 || 2010203 || 6 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control EnableStartApplication/EnableStartBeforePrint/EnableKeepExistingFiles/EnablePassParameters Buffer Overflow Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010203 1 || 2010204 || 6 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control SetApplicationPath/SetStartApplicationParamCode/SetCustomStartAppParameter Buffer Overflow Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010204 1 || 2010205 || 7 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control SaveBlackIceDEVMODE Buffer Overflow Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010205 1 || 2010206 || 6 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control ClearUserSettings Buffer Overflow Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010206 1 || 2010207 || 6 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control ControlJob Buffer Overflow Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010207 1 || 2010208 || 4 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control EnableStartApplication/EnableStartBeforePrint/EnableKeepExistingFiles/EnablePassParameters Function Call Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010208 1 || 2010209 || 4 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control SetApplicationPath/SetStartApplicationParamCode/SetCustomStartAppParameter Function Call Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010209 1 || 2010210 || 4 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control SaveBlackIceDEVMODE Function Call Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010210 1 || 2010211 || 4 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control ClearUserSettings Function Call Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010211 1 || 2010212 || 4 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control ControlJob Function Call Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010212 1 || 2010214 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Adobe Flex SDK index.template.html Cross Site Scripting Attempt || cve,2009-1879 || url,securitytracker.com/alerts/2009/Aug/1022748.html || url,doc.emergingthreats.net/2010214 1 || 2010215 || 4 || web-application-attack || 0 || ET SCAN SQL Injection Attempt (Agent uil2pn) || url,www.prevx.com/filenames/89385984947861762-X1/UIL2PN.EXE.html || url,doc.emergingthreats.net/2010215 1 || 2010217 || 9 || trojan-activity || 0 || ET TROJAN DownloaderExchanger/Cbeplay Variant Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fCbeplay.B || url,www.secureworks.com/research/threats/ppi/ || url,doc.emergingthreats.net/2010217 1 || 2010218 || 5 || trojan-activity || 0 || ET MALWARE Win32/InternetAntivirus User-Agent (Internet Antivirus Pro) || url,doc.emergingthreats.net/2010218 1 || 2010219 || 6 || attempted-user || 0 || ET ACTIVEX ACTIVEX SAP AG SAPgui sapirrfc.dll ActiveX Control Buffer Overflow Attempt || url,www.securityfocus.com/bid/35256/info || url,doc.emergingthreats.net/2010219 1 || 2010220 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ClickAdsByIE) || url,doc.emergingthreats.net/2010220 1 || 2010221 || 6 || trojan-activity || 0 || ET TROJAN Possible Fake-Rean Installer Activity (Malwareurl.com Top 30) || url,www.sophos.com/security/analyses/viruses-and-spyware/trojfakereane.html?_log_from=rss || url,doc.emergingthreats.net/2010221 1 || 2010222 || 4 || bad-unknown || 0 || ET DELETED MALWARE Potential exploit redirect, in.cgi pepsi || url,malwareurl.com || url,doc.emergingthreats.net/2010222 1 || 2010223 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Mambo Cache_Lite Class mosConfig_absolute_path Remote File Inclusion Attempt || url,www.securityfocus.com/bid/29716/info || url,downloads.securityfocus.com/vulnerabilities/exploits/29716.rb || url,doc.emergingthreats.net/2010223 1 || 2010224 || 4 || trojan-activity || 0 || ET TROJAN Opachki Link Hijacker Traffic Redirection || url,www.secureworks.com/research/threats/opachki/?threat=opachki || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A || url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2 || url,doc.emergingthreats.net/2010224 1 || 2010227 || 5 || attempted-user || 0 || ET ACTIVEX Symantec Multiple Altiris Products AeXNSConsoleUtilities.dll ActiveX Control BrowseAndSaveFile Method Buffer Overflow Attempt || url,www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00 || url,www.securityfocus.com/bid/36698/info || url,sotiriu.de/adv/NSOADV-2009-001.txt || cve,2009-3031 || url,doc.emergingthreats.net/2010227 1 || 2010228 || 7 || policy-violation || 0 || ET POLICY Suspicious Microsoft Windows NT 6.1 User-Agent Detected || url,www.microsoft.com/windows/windows-7/default.aspx || url,doc.emergingthreats.net/2010228 1 || 2010229 || 3 || attempted-dos || 0 || ET WEB_SERVER Possible Cherokee Web Server GET AUX Request Denial Of Service Attempt || url,securitytracker.com/alerts/2009/Oct/1023095.html || url,www.securityfocus.com/bid/36814/info || url,www.securityfocus.com/archive/1/507456 || url,doc.emergingthreats.net/2010229 1 || 2010230 || 7 || trojan-activity || 0 || ET TROJAN W32.Koblu || url,doc.emergingthreats.net/2010230 1 || 2010231 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack Encrypted GIF download 1 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,www.threatexpert.com/threats/trojan-fraudpack-sd6.html || url,vil.nai.com/vil/content/v_157489.htm || url,blog.threatfire.com/2009/06/streamviewers-gif-images-embedded-with-encrypted-malware.html || url,doc.emergingthreats.net/2010231 1 || 2010232 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack Encrypted GIF download 2 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,vil.nai.com/vil/content/v_157489.htm || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOAD.TID&VSect=T || url,blog.threatfire.com/2009/06/streamviewers-gif-images-embedded-with-encrypted-malware.html || url,doc.emergingthreats.net/2010232 1 || 2010233 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack Encrypted GIF download 3 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,vil.nai.com/vil/content/v_157489.htm || url,blog.threatfire.com/2009/06/streamviewers-gif-images-embedded-with-encrypted-malware.html || url,doc.emergingthreats.net/2010233 1 || 2010234 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack HTTP Post 1 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,www.threatexpert.com/report.aspx?md5=7ca709f154e6abc678fbc4df8a3256b6 || url,www.threatexpert.com/threats/trojan-fraudpack-sd6.html || url,doc.emergingthreats.net/2010234 1 || 2010235 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack HTTP Post 2 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,www.threatexpert.com/threats/trojan-fraudpack-sd6.html || url,vil.nai.com/vil/content/v_157489.htm || url,doc.emergingthreats.net/2010235 1 || 2010236 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack HTTP Post 3 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,vil.nai.com/vil/content/v_157489.htm || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOAD.TID&VSect=T || url,doc.emergingthreats.net/2010236 1 || 2010237 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack HTTP Post 4 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,vil.nai.com/vil/content/v_157489.htm || url,doc.emergingthreats.net/2010237 1 || 2010238 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack HTTP Post 5 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,vil.nai.com/vil/content/v_157489.htm || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOAD.TID&VSect=T || url,doc.emergingthreats.net/2010238 1 || 2010239 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack HTTP Post 6 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,vil.nai.com/vil/content/v_157489.htm || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOAD.TID&VSect=T || url,www.threatexpert.com/report.aspx?md5=316fd88ac18d21889b1dbf9b979c1959 || url,doc.emergingthreats.net/2010239 1 || 2010240 || 4 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV check-in HEAD || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010240 1 || 2010241 || 6 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV check-in GET || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010241 1 || 2010242 || 4 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV get_product_domains.php || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010242 1 || 2010243 || 4 || trojan-activity || 0 || ET DELETED Agent.END || url,doc.emergingthreats.net/2010243 1 || 2010244 || 5 || trojan-activity || 0 || ET TROJAN Obitel Downloader Request || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fObitel.gen!A || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.ASLV&VSect=T || url,doc.emergingthreats.net/2010244 1 || 2010245 || 6 || attempted-user || 0 || ET ACTIVEX Multiple Altiris Products AeXNSConsoleUtilities.dll ActiveX Control BrowseAndSaveFile Method Buffer Overflow Attempt Function Call || url,www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00 || url,www.securityfocus.com/bid/36698/info || url,sotiriu.de/adv/NSOADV-2009-001.txt || url,securitytracker.com/alerts/2009/Nov/1023122.html || cve,2009-3031 || url,doc.emergingthreats.net/2010245 1 || 2010246 || 8 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV Reporting via POST initial check-in || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010246 1 || 2010247 || 6 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV Reporting via POST || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010247 1 || 2010248 || 5 || trojan-activity || 0 || ET TROJAN Eleonore Exploit Pack activity || url,www.offensivecomputing.net/?q=node/1419 || url,doc.emergingthreats.net/2010248 1 || 2010252 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Datalife Engine api.class.php dle_config_api Parameter Remote File Inclusion || url,www.juniper.net/security/auto/vulnerabilities/vuln36212.html || url,milw0rm.com/exploits/9572 || url,doc.emergingthreats.net/2010252 1 || 2010253 || 6 || web-application-attack || 0 || ET ACTIVEX EasyMail Quicksoft ActiveX Control Remote code excution clsid access attempt || url,milw0rm.com/exploits/9684 || url,doc.emergingthreats.net/2010253 1 || 2010254 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ve-EDIT edit_htmlarea.php highlighter Parameter Remote File Inclusion || url,osvdb.org/show/osvdb/57679 || url,doc.emergingthreats.net/2010254 1 || 2010255 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ve-EDIT debug_php.php _GET Parameter Local File Inclusion || url,osvdb.org/show/osvdb/57680 || url,doc.emergingthreats.net/2010255 1 || 2010256 || 6 || web-application-attack || 0 || ET ACTIVEX Adobe Shockwave Player ActiveX Control Buffer Overflow clsid access || url,www.milw0rm.com/exploits/9682 || url,doc.emergingthreats.net/2010256 1 || 2010257 || 4 || attempted-user || 0 || ET ACTIVEX Installshiled 2009 premier ActiveX File Overwrite Function Call || url,packetstormsecurity.com/0909-exploits/installshield-overwrite.txt || url,doc.emergingthreats.net/2010257 1 || 2010258 || 4 || web-application-attack || 0 || ET ACTIVEX Installshiled 2009 premier ActiveX File Overwrite clsid Access || url,packetstormsecurity.com/0909-exploits/installshield-overwrite.txt || url,doc.emergingthreats.net/2010258 1 || 2010259 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DvBBS boardrule.php groupboardid Parameter SQL Injection || bugtraq,36282 || url,doc.emergingthreats.net/2010259 1 || 2010260 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla AjaxChat Component ajcuser.php GLOBALS Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/59056 || url,packetstormsecurity.org/0910-exploits/joomlaajaxchat-rfi.txt || url,doc.emergingthreats.net/2010260 1 || 2010261 || 5 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV User-Agent TALWinHttpClient || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010261 1 || 2010262 || 6 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV Dynamic User-Agent || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010262 1 || 2010263 || 6 || attempted-user || 0 || ET ACTIVEX Wmm2fxa.dll COM Object Instantiation Memory Corruption CLSID 2 Access Attempt || cve,2006-1303 || bugtraq,18328 || url,www.microsoft.com/technet/security/bulletin/ms06-021.mspx || url,doc.emergingthreats.net/2010263 1 || 2010264 || 6 || attempted-user || 0 || ET ACTIVEX Wmm2fxa.dll COM Object Instantiation Memory Corruption CLSID 3 Access Attempt || cve,2006-1303 || bugtraq,18328 || url,www.microsoft.com/technet/security/bulletin/ms06-021.mspx || url,doc.emergingthreats.net/2010264 1 || 2010265 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (M0zilla) || url,doc.emergingthreats.net/2010265 1 || 2010266 || 6 || trojan-activity || 0 || ET TROJAN Banload Checkin || url,doc.emergingthreats.net/2010266 1 || 2010267 || 4 || trojan-activity || 0 || ET TROJAN Sinowal/Torpig Checkin || url,doc.emergingthreats.net/2010267 1 || 2010268 || 4 || trojan-activity || 0 || ET TROJAN W32.SillyFDC Checkin || url,doc.emergingthreats.net/2010268 1 || 2010270 || 6 || trojan-activity || 0 || ET TROJAN Asprox Data Post to C&C || url,www.secureworks.com/research/threats/danmecasprox/ || url,www.toorcon.org/tcx/18_Brown.pdf || url,doc.emergingthreats.net/2010270 1 || 2010271 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DEDECMS feedback_js.php arcurl Parameter SELECT FROM SQL Injection Attempt || url,osvdb.org/show/osvdb/59406 || url,www.packetstormsecurity.org/0910-exploits/dedecms-sql.txt || url,doc.emergingthreats.net/2010271 1 || 2010272 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DEDECMS feedback_js.php arcurl Parameter DELETE FROM SQL Injection Attempt || url,osvdb.org/show/osvdb/59406 || url,www.packetstormsecurity.org/0910-exploits/dedecms-sql.txt || url,doc.emergingthreats.net/2010272 1 || 2010273 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DEDECMS feedback_js.php arcurl Parameter UNION SELECT SQL Injection Attempt || url,osvdb.org/show/osvdb/59406 || url,www.packetstormsecurity.org/0910-exploits/dedecms-sql.txt || url,doc.emergingthreats.net/2010273 1 || 2010274 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DEDECMS feedback_js.php arcurl Parameter INSERT INTO SQL Injection Attempt || url,osvdb.org/show/osvdb/59406 || url,www.packetstormsecurity.org/0910-exploits/dedecms-sql.txt || url,doc.emergingthreats.net/2010274 1 || 2010275 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DEDECMS feedback_js.php arcurl Parameter UPDATE SET SQL Injection Attempt || url,osvdb.org/show/osvdb/59406 || url,www.packetstormsecurity.org/0910-exploits/dedecms-sql.txt || url,doc.emergingthreats.net/2010275 1 || 2010276 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProdLer prodler.class.php sPath Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/58298 || url,doc.emergingthreats.net/2010276 1 || 2010277 || 6 || web-application-attack || 0 || ET ACTIVEX EasyMail Quicksoft ActiveX CreateStore method Remote code excution clsid access || url,www.milw0rm.com/exploits/9685 || url,doc.emergingthreats.net/2010277 1 || 2010278 || 6 || web-application-attack || 0 || ET ACTIVEX EasyMail ActiveX AddAttachment method Remote code excution clsid access attempt || url,www.milw0rm.com/exploits/9705 || url,doc.emergingthreats.net/2010278 1 || 2010279 || 5 || web-application-attack || 0 || ET ACTIVEX InstanGet v2.08 Activex Control DOS clsid access attempt || url,www.packetstormsecurity.org/0909-exploits/instantget-dos.txt || url,doc.emergingthreats.net/2010279 1 || 2010280 || 6 || web-application-attack || 0 || ET ACTIVEX Charm Real Converter pro 6.6 Activex Control DOS clsid access attempt || url,www.packetstormsecurity.org/0909-exploits/charmrc-dos.txt || url,doc.emergingthreats.net/2010280 1 || 2010281 || 3 || attempted-user || 0 || ET WEB_SERVER Apache mod_perl Apache Status and Apache2 Status Cross Site Scripting Attempt || url,www.securityfocus.com/bid/34383/info || cve,2009-0796 || url,doc.emergingthreats.net/2010281 1 || 2010282 || 8 || trojan-activity || 0 || ET TROJAN Generic Trojan Checkin (double Content-Type headers) || url,doc.emergingthreats.net/2010282 1 || 2010283 || 9 || trojan-activity || 0 || ET TROJAN Opachki Link Hijacker HTTP Header Injection || url,www.secureworks.com/research/threats/opachki/?threat=opachki || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A || url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2 || url,doc.emergingthreats.net/2010283 1 || 2010284 || 3 || web-application-attack || 0 || ET WEB_SERVER SELECT INSTR in URI, Possible ORACLE Related Blind SQL Injection Attempt || url,www.psoug.org/reference/substr_instr.html || url,www.easywebtech.com/artical/Oracle_INSTR.html || url,www.owasp.org/index.php/SQL_Injection || url,msdn.microsoft.com/en-us/library/ms161953.aspx || url,doc.emergingthreats.net/2010284 1 || 2010285 || 5 || web-application-attack || 0 || ET WEB_SERVER SELECT SUBSTR/ING in URI, Possible Blind SQL Injection Attempt || url,www.1keydata.com/sql/sql-substring.html || url,www.owasp.org/index.php/SQL_Injection || url,msdn.microsoft.com/en-us/library/ms161953.aspx || url,doc.emergingthreats.net/2010285 1 || 2010286 || 3 || web-application-attack || 0 || ET WEB_SERVER SELECT INSTR in Cookie, Possible ORACLE Related Blind SQL Injection Attempt || url,www.psoug.org/reference/substr_instr.html || url,www.easywebtech.com/artical/Oracle_INSTR.html || url,www.owasp.org/index.php/SQL_Injection || url,msdn.microsoft.com/en-us/library/ms161953.aspx || url,doc.emergingthreats.net/2010286 1 || 2010287 || 3 || web-application-attack || 0 || ET WEB_SERVER SELECT SUBSTR/ING in Cookie, Possible Blind SQL Injection Attempt || url,www.1keydata.com/sql/sql-substring.html || url,www.owasp.org/index.php/SQL_Injection || url,msdn.microsoft.com/en-us/library/ms161953.aspx || url,doc.emergingthreats.net/2010287 1 || 2010288 || 3 || trojan-activity || 0 || ET TROJAN W32/Scar Downloader Request || url,www.f-secure.com/v-descs/trojan_w32_scar_a.shtml || url,doc.emergingthreats.net/2010288 1 || 2010289 || 5 || trojan-activity || 0 || ET TROJAN Clod/Sereki Communication with C&C || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fSereki.A || url,www.threatexpert.com/report.aspx?md5=bbb6ac2181dbbe15efd13c294cb991fa || url,www.threatexpert.com/report.aspx?md5=3c39bfc78fcf3fe805c7472296bf6319 || url,doc.emergingthreats.net/2010289 1 || 2010290 || 10 || trojan-activity || 0 || ET TROJAN Clod/Sereki Checkin with C&C (noalert) || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fSereki.A || url,www.threatexpert.com/report.aspx?md5=bbb6ac2181dbbe15efd13c294cb991fa || url,www.threatexpert.com/report.aspx?md5=3c39bfc78fcf3fe805c7472296bf6319 || url,doc.emergingthreats.net/2010290 1 || 2010291 || 4 || trojan-activity || 0 || ET TROJAN Clod/Sereki Checkin Response || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fSereki.A || url,www.threatexpert.com/report.aspx?md5=bbb6ac2181dbbe15efd13c294cb991fa || url,www.threatexpert.com/report.aspx?md5=3c39bfc78fcf3fe805c7472296bf6319 || url,doc.emergingthreats.net/2010291 1 || 2010292 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 1 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010292 1 || 2010293 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 2 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010293 1 || 2010294 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 3 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010294 1 || 2010295 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 4 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010295 1 || 2010296 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 5 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010296 1 || 2010297 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 6 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010297 1 || 2010298 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 7 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010298 1 || 2010299 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 8 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010299 1 || 2010300 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 9 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010300 1 || 2010301 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 10 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010301 1 || 2010302 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 11 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010302 1 || 2010303 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 12 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010303 1 || 2010304 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 13 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010304 1 || 2010305 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 14 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010305 1 || 2010306 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 15 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010306 1 || 2010307 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 16 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010307 1 || 2010308 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 17 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010308 1 || 2010309 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 18 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010309 1 || 2010310 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 19 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010310 1 || 2010311 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 20 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010311 1 || 2010312 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 21 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010312 1 || 2010313 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 22 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010313 1 || 2010314 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 23 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010314 1 || 2010315 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 24 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010315 1 || 2010316 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 25 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010316 1 || 2010317 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 26 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010317 1 || 2010318 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 27 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010318 1 || 2010319 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 28 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010319 1 || 2010320 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 29 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010320 1 || 2010321 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 30 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010321 1 || 2010322 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 31 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010322 1 || 2010323 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 32 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010323 1 || 2010324 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 33 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010324 1 || 2010325 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 34 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010325 1 || 2010326 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 35 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010326 1 || 2010327 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 36 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010327 1 || 2010328 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 37 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010328 1 || 2010329 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 38 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010329 1 || 2010330 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 39 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010330 1 || 2010331 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 40 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010331 1 || 2010332 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 41 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010332 1 || 2010333 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (CrazyBro) || url,www.f-secure.com/v-descs/trojan-proxy_w32_kvadr_gen!a.shtml || url,www.threatexpert.com/report.aspx?md5=fd2d6bb1d2a9803c49f1e175d558a934 || url,www.threatexpert.com/report.aspx?md5=e4664144f8e95cfec510d5efa24a35e7 || url,anubis.iseclab.org/?action=result&task_id=14118b80c1b346124c183394d5b3004b1&format=html || url,doc.emergingthreats.net/2010333 1 || 2010334 || 5 || trojan-activity || 0 || ET TROJAN Dosenjo/Kvadr Proxy Trojan Activity || url,www.f-secure.com/v-descs/trojan-proxy_w32_kvadr_gen!a.shtml || url,www.threatexpert.com/report.aspx?md5=fd2d6bb1d2a9803c49f1e175d558a934 || url,www.threatexpert.com/report.aspx?md5=e4664144f8e95cfec510d5efa24a35e7 || url,doc.emergingthreats.net/2010334 1 || 2010337 || 19 || trojan-activity || 0 || ET TROJAN FakeAV Reporting - POST often to resolution|borders.php || url,www.sophos.com/security/analyses/viruses-and-spyware/trojagentmbr.html?_log_from=rss || url,doc.emergingthreats.net/2010337 1 || 2010338 || 2 || policy-violation || 0 || ET DELETED offers.e-centives.com Coupon Printer || url,offers.e-centives.com || url,doc.emergingthreats.net/2010338 1 || 2010339 || 3 || trojan-activity || 0 || ET DELETED Potential Fake Anti-Virus Download Inst_58s6.exe || url,cyveillanceblog.com/general-cyberintel/malware-google-search-results || url,doc.emergingthreats.net/2010339 1 || 2010341 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OS Commerce 2.2 RC2 Potential Anonymous Remote Code Execution || url,seclists.org/fulldisclosure/2009/Nov/169 || url,seclists.org/fulldisclosure/2009/Nov/170 || url,www.milw0rm.com/exploits/9556 || url,doc.emergingthreats.net/2010341 1 || 2010342 || 5 || trojan-activity || 0 || ET DELETED NACHA/Zeus Phishing Executable Download Attempt || url,garwarner.blogspot.com/2009/11/newest-zeus-nacha-electronic-payments.html || url,doc.emergingthreats.net/2010342 1 || 2010343 || 5 || web-application-activity || 0 || ET SCAN pangolin SQL injection tool || url,www.lifedork.net/pangolin-best-sql-injection-tool.html || url,doc.emergingthreats.net/2010343 1 || 2010344 || 3 || trojan-activity || 0 || ET TROJAN Chorns/Poison Ivy related Backdoor Initial Connection || url,doc.emergingthreats.net/2010344 1 || 2010345 || 3 || trojan-activity || 0 || ET TROJAN Chorns/Poison Ivy related Backdoor Keep Alive || url,doc.emergingthreats.net/2010345 1 || 2010346 || 6 || trojan-activity || 0 || ET TROJAN Ultimate HAckerz Team User-Agent (Made by UltimateHackerzTeam) - Likely Trojan Report || url,doc.emergingthreats.net/2010346 1 || 2010347 || 6 || trojan-activity || 0 || ET TROJAN Fake/Rogue AV Landing Page Encountered || url,en.wikipedia.org/wiki/Scareware || url,doc.emergingthreats.net/2010347 1 || 2010348 || 6 || trojan-activity || 0 || ET TROJAN - Possible Zeus/Perkesh (.bin) configuration download || url,zeustracker.abuse.ch || url,doc.emergingthreats.net/2010348 1 || 2010349 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_photoblog component category Parameter SELECT FROM SQL Injection Attempt || bugtraq,36809 || url,www.packetstormsecurity.org/0910-exploits/joomlaphotoblog-sql.txt || url,doc.emergingthreats.net/2010349 1 || 2010350 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_photoblog component category Parameter DELETE FROM SQL Injection Attempt || bugtraq,36809 || url,www.packetstormsecurity.org/0910-exploits/joomlaphotoblog-sql.txt || url,doc.emergingthreats.net/2010350 1 || 2010351 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_photoblog component category Parameter UNION SELECT SQL Injection Attempt || bugtraq,36809 || url,www.packetstormsecurity.org/0910-exploits/joomlaphotoblog-sql.txt || url,doc.emergingthreats.net/2010351 1 || 2010352 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_photoblog component category Parameter INSERT INTO SQL Injection Attempt || bugtraq,36809 || url,www.packetstormsecurity.org/0910-exploits/joomlaphotoblog-sql.txt || url,doc.emergingthreats.net/2010352 1 || 2010353 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_photoblog component category Parameter UPDATE SET SQL Injection Attempt || bugtraq,36809 || url,www.packetstormsecurity.org/0910-exploits/joomlaphotoblog-sql.txt || url,doc.emergingthreats.net/2010353 1 || 2010354 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Achievo debugger.php config_atkroot parameter Remote File Inclusion Attempt || bugtraq,36822 || url,doc.emergingthreats.net/2010354 1 || 2010355 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OBOphiX fonctions_racine.php chemin_lib parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/57869 || url,secunia.com/advisories/36658/ || url,doc.emergingthreats.net/2010355 1 || 2010356 || 6 || web-application-attack || 0 || ET ACTIVEX NCTAVIFile V 1.6.2 Activex File Creation clsid access attempt || url,www.packetstatic.com/0909-exploits/nctavi-exec.txt || url,doc.emergingthreats.net/2010356 1 || 2010357 || 4 || web-application-attack || 0 || ET ACTIVEX NCTAVIFile V 1.6.2 ActiveX File Creation Function call attempt || url,www.packetstatic.com/0909-exploits/nctavi-exec.txt || url,doc.emergingthreats.net/2010357 1 || 2010358 || 6 || successful-user || 0 || ET ACTIVEX Macrovision FLEXnet Connect ActiveX Control Arbitrary File Download || bugtraq,27279 || url,www.milw0rm.com/exploits/4913 || url,doc.emergingthreats.net/2010358 1 || 2010359 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FSphp FSphp.php FSPHP_LIB Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/58315 || url,www.milw0rm.com/exploits/9720 || url,doc.emergingthreats.net/2010359 1 || 2010360 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FSphp navigation.php FSPHP_LIB Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/58316 || url,www.milw0rm.com/exploits/9720 || url,doc.emergingthreats.net/2010360 1 || 2010361 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FSphp pathwirte.php FSPHP_LIB Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/58317 || url,www.milw0rm.com/exploits/9720 || url,doc.emergingthreats.net/2010361 1 || 2010362 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AjaxPortal di.php pathtoserverdata Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/55485 || url,doc.emergingthreats.net/2010362 1 || 2010363 || 6 || web-application-attack || 0 || ET ACTIVEX Orca Browser 1.1 Activex Command Execution clsid access attempt || url,www.packetstormsecurity.org/0909-exploits/orca-exec.txt || url,doc.emergingthreats.net/2010363 1 || 2010364 || 4 || web-application-attack || 0 || ET ACTIVEX Orca Browser 1.1 ActiveX Command Execution Function call attempt || url,www.packetstormsecurity.org/0909-exploits/orca-exec.txt || url,doc.emergingthreats.net/2010364 1 || 2010365 || 6 || web-application-attack || 0 || ET ACTIVEX ProgramChecker 1.5 Activex Command Execution clsid access attempt || url,www.packetstormsecurity.org/0909-exploits/programchecker-exec.txt || url,doc.emergingthreats.net/2010365 1 || 2010366 || 4 || web-application-attack || 0 || ET ACTIVEX ProgramChecker 1.5 ActiveX Command Execution Function call attempt || url,www.packetstormsecurity.org/0909-exploits/programchecker-exec.txt || url,doc.emergingthreats.net/2010366 1 || 2010367 || 6 || web-application-attack || 0 || ET ACTIVEX Gom Player V 2.1.16 Activex Command Execution clsid access attempt || url,www.packetstormsecurity.org/0909-exploits/gomplayer-exec.txt || url,doc.emergingthreats.net/2010367 1 || 2010368 || 4 || web-application-attack || 0 || ET ACTIVEX Gom Player V 2.1.16 ActiveX Command Execution Function call attempt || url,www.packetstormsecurity.org/0909-exploits/gomplayer-exec.txt || url,doc.emergingthreats.net/2010368 1 || 2010369 || 5 || attempted-user || 0 || ET ACTIVEX Possible Symantec Altiris Deployment Solution and Notification Server ActiveX Control RunCmd Arbitrary Code Execution Attempt || url,securitytracker.com/alerts/2009/Nov/1023238.html || url,www.securityfocus.com/bid/37092 || cve,2009-3033 || url,doc.emergingthreats.net/2010369 1 || 2010370 || 4 || attempted-user || 0 || ET ACTIVEX ACTIVEX Possible Symantec Altiris Deployment Solution and Notification Server ActiveX Control RunCmd Arbitrary Code Execution Function Call Attempt || url,securitytracker.com/alerts/2009/Nov/1023238.html || url,www.securityfocus.com/bid/37092 || cve,2009-3033 || url,doc.emergingthreats.net/2010370 1 || 2010371 || 2 || attempted-recon || 0 || ET SCAN Amap TCP Service Scan Detected || url,freeworld.thc.org/thc-amap/ || url,doc.emergingthreats.net/2010371 1 || 2010372 || 2 || attempted-recon || 0 || ET SCAN Amap UDP Service Scan Detected || url,freeworld.thc.org/thc-amap/ || url,doc.emergingthreats.net/2010372 1 || 2010373 || 6 || attempted-user || 0 || ET ACTIVEX Haihaisoft Universal Player ActiveX Control URL Property Buffer Overflow Attempt || url,www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt || url,www.securityfocus.com/bid/37151/info || url,doc.emergingthreats.net/2010373 1 || 2010374 || 4 || attempted-user || 0 || ET ACTIVEX Haihaisoft Universal Player ActiveX Control URL Property Buffer Overflow Function Call Attempt || url,www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt || url,www.securityfocus.com/bid/37151/info || url,doc.emergingthreats.net/2010374 1 || 2010375 || 2 || attempted-admin || 0 || ET EXPLOIT Possible Oracle Database Text Component ctxsys.drvxtabc.create_tables Remote SQL Injection Attempt || url,www.securityfocus.com/bid/36748 || cve,2009-1991 || url,doc.emergingthreats.net/2010375 1 || 2010376 || 3 || trojan-activity || 0 || ET DELETED WU Malicious Spam Inbound || url,doc.emergingthreats.net/2010376 1 || 2010377 || 6 || web-application-attack || 0 || ET POLICY JBOSS/JMX port 80 access from outside || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/ || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,doc.emergingthreats.net/2010377 1 || 2010378 || 5 || web-application-attack || 0 || ET POLICY JBOSS/JMX port 8080 access from outside || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/ || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,doc.emergingthreats.net/2010378 1 || 2010379 || 5 || web-application-attack || 0 || ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (POST) || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/ || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,doc.emergingthreats.net/2010379 1 || 2010380 || 5 || web-application-attack || 0 || ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (GET) || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/ || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,doc.emergingthreats.net/2010380 1 || 2010381 || 10 || trojan-activity || 0 || ET TROJAN Syrutrk/Gibon/Bredolab Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fSyrutrk.A || url,www.threatexpert.com/report.aspx?md5=a5f94577d00d0306e4ef64bad30e5d37 || url,www.threatexpert.com/report.aspx?md5=011d403b345672adc29846074e717865 || url,doc.emergingthreats.net/2010381 1 || 2010382 || 7 || trojan-activity || 0 || ET TROJAN Fake AV GET || url,threatexpert.com/report.aspx?md5=8d1b47452307259f1e191e16ed23cd35 || url,doc.emergingthreats.net/2010382 1 || 2010383 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell || url,doc.emergingthreats.net/2010383 1 || 2010385 || 4 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Countdown Encoded 2) || url,doc.emergingthreats.net/2010385 1 || 2010386 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Countdown Encoded 3) || url,doc.emergingthreats.net/2010386 1 || 2010387 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Countdown Encoded 4) || url,doc.emergingthreats.net/2010387 1 || 2010388 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Countdown Encoded 5) || url,doc.emergingthreats.net/2010388 1 || 2010389 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Encoded 1) || url,doc.emergingthreats.net/2010389 1 || 2010390 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Encoded 2) || url,doc.emergingthreats.net/2010390 1 || 2010391 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 1) || url,doc.emergingthreats.net/2010391 1 || 2010392 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 2) || url,doc.emergingthreats.net/2010392 1 || 2010393 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 3) || url,doc.emergingthreats.net/2010393 1 || 2010394 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 4) || url,doc.emergingthreats.net/2010394 1 || 2010395 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 5) || url,doc.emergingthreats.net/2010395 1 || 2010396 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 1) || url,doc.emergingthreats.net/2010396 1 || 2010397 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 2) || url,doc.emergingthreats.net/2010397 1 || 2010398 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 3) || url,doc.emergingthreats.net/2010398 1 || 2010399 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 4) || url,doc.emergingthreats.net/2010399 1 || 2010400 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 5) || url,doc.emergingthreats.net/2010400 1 || 2010401 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (PexFstEnvMov Encoded 1) || url,doc.emergingthreats.net/2010401 1 || 2010402 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (PexFstEnvMov Encoded 2) || url,doc.emergingthreats.net/2010402 1 || 2010403 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (JmpCallAdditive Encoded) || url,doc.emergingthreats.net/2010403 1 || 2010404 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Alpha2 Encoded 1) || url,doc.emergingthreats.net/2010404 1 || 2010405 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Alpha2 Encoded 2) || url,doc.emergingthreats.net/2010405 1 || 2010406 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Alpha2 Encoded 3) || url,doc.emergingthreats.net/2010406 1 || 2010407 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (PexFnstenvSub Encoded 1) || url,doc.emergingthreats.net/2010407 1 || 2010408 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (PexFnstenvSub Encoded 2) || url,doc.emergingthreats.net/2010408 1 || 2010409 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Countdown Encoded 1) || url,doc.emergingthreats.net/2010409 1 || 2010410 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Countdown Encoded 2) || url,doc.emergingthreats.net/2010410 1 || 2010411 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Countdown Encoded 3) || url,doc.emergingthreats.net/2010411 1 || 2010412 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Countdown Encoded 4) || url,doc.emergingthreats.net/2010412 1 || 2010413 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Encoded 1) || url,doc.emergingthreats.net/2010413 1 || 2010414 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Encoded 2) || url,doc.emergingthreats.net/2010414 1 || 2010415 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Not Encoded 1) || url,doc.emergingthreats.net/2010415 1 || 2010416 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Not Encoded 2) || url,doc.emergingthreats.net/2010416 1 || 2010417 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Not Encoded 3) || url,doc.emergingthreats.net/2010417 1 || 2010418 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 1) || url,doc.emergingthreats.net/2010418 1 || 2010419 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 2) || url,doc.emergingthreats.net/2010419 1 || 2010420 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 3) || url,doc.emergingthreats.net/2010420 1 || 2010421 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (PexFnstenvMov Encoded 1) || url,doc.emergingthreats.net/2010421 1 || 2010422 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (PexFnstenvMov Encoded 2) || url,doc.emergingthreats.net/2010422 1 || 2010423 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (JmpCallAdditive Encoded 1) || url,doc.emergingthreats.net/2010423 1 || 2010424 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Alpha2 Encoded 1) || url,doc.emergingthreats.net/2010424 1 || 2010425 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Alpha2 Encoded 2) || url,doc.emergingthreats.net/2010425 1 || 2010426 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Alpha2 Encoded 3) || url,doc.emergingthreats.net/2010426 1 || 2010427 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Bind shell (SPARC Encoded 1) || url,doc.emergingthreats.net/2010427 1 || 2010428 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Bind shell (SPARC Encoded 2) || url,doc.emergingthreats.net/2010428 1 || 2010429 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Bind shell (Not Encoded 1) || url,doc.emergingthreats.net/2010429 1 || 2010430 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Bind shell (Not Encoded 2) || url,doc.emergingthreats.net/2010430 1 || 2010431 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Bind shell (Not Encoded 3) || url,doc.emergingthreats.net/2010431 1 || 2010432 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Bind shell (Not Encoded 4) || url,doc.emergingthreats.net/2010432 1 || 2010433 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (Not Encoded 1) || url,doc.emergingthreats.net/2010433 1 || 2010434 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (Not Encoded 2) || url,doc.emergingthreats.net/2010434 1 || 2010435 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (SPARC Encoded 1) || url,doc.emergingthreats.net/2010435 1 || 2010436 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (SPARC Encoded 2) || url,doc.emergingthreats.net/2010436 1 || 2010437 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (Not Encoded 3) || url,doc.emergingthreats.net/2010437 1 || 2010438 || 6 || trojan-activity || 0 || ET MALWARE Possible Malicious Applet Access (justexploit kit) || url,www.malwaredomainlist.com/forums/index.php?topic=3570.0 || url,doc.emergingthreats.net/2010438 1 || 2010439 || 8 || trojan-activity || 0 || ET TROJAN Generic Trojan Checkin (UA VBTagEdit) || url,doc.emergingthreats.net/2010439 1 || 2010440 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS Potential Malware Download flash-HQ-plugin exe || url,malwareurl.com || url,doc.emergingthreats.net/2010440 1 || 2010441 || 5 || trojan-activity || 0 || ET TROJAN Possible Storm Variant HTTP Post (S) || url,cyber.secdev.ca/2009/11/russian-malware-bundle || url,www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf || url,doc.emergingthreats.net/2010441 1 || 2010442 || 4 || trojan-activity || 0 || ET TROJAN Possible Storm Variant HTTP Post (U) || url,cyber.secdev.ca/2009/11/russian-malware-bundle || url,www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf || url,doc.emergingthreats.net/2010442 1 || 2010444 || 3 || bad-unknown || 0 || ET DELETED MALWARE Potential Malware Download, pdf exploit || url,malwareurl.com || url,doc.emergingthreats.net/2010444 1 || 2010446 || 3 || bad-unknown || 0 || ET DELETED MALWARE Potential Malware Download, loadjavad.php exploit || url,malwareurl.com || url,doc.emergingthreats.net/2010446 1 || 2010447 || 3 || bad-unknown || 0 || ET DELETED MALWARE Potential Malware Download, rogue antivirus (IAInstall.exe) || url,malwareurl.com || url,doc.emergingthreats.net/2010447 1 || 2010448 || 3 || bad-unknown || 0 || ET DELETED MALWARE Potential Malware Download, trojan zbot || url,malwareurl.com || url,doc.emergingthreats.net/2010448 1 || 2010449 || 3 || bad-unknown || 0 || ET DELETED MALWARE Potential Malware Download, exploit redirect || url,malwareurl.com || url,doc.emergingthreats.net/2010449 1 || 2010450 || 5 || trojan-activity || 0 || ET TROJAN Potential Gemini/Fake AV Download URL Detected || url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791 || url,doc.emergingthreats.net/2010450 1 || 2010452 || 8 || trojan-activity || 0 || ET TROJAN Potential Fake AV GET installer.1.exe || url,www.malwareurl.com || url,doc.emergingthreats.net/2010452 1 || 2010453 || 7 || trojan-activity || 0 || ET TROJAN Potential Fake AV GET installer_1.exe || url,www.malwareurl.com || url,doc.emergingthreats.net/2010453 1 || 2010454 || 3 || successful-admin || 0 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host || url,doc.emergingthreats.net/2010454 1 || 2010456 || 6 || attempted-user || 0 || ET ACTIVEX SonicWALL SSL VPN Client Remote ActiveX AddRouteEntry Attempt || url,www.securityfocus.com/bid/26288/info || cve,2007-5603 || url,doc.emergingthreats.net/2010456 1 || 2010457 || 6 || attempted-user || 0 || ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Attempt || url,www.securityfocus.com/bid/35475/info || cve,2009-1203 || url,doc.emergingthreats.net/2010457 1 || 2010458 || 10 || trojan-activity || 0 || ET TROJAN Dropper Checkin (often scripts.dlv4.com related) || url,doc.emergingthreats.net/2010458 1 || 2010460 || 4 || attempted-user || 0 || ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/29191/info || cve,2008-2165 || url,doc.emergingthreats.net/2010460 1 || 2010461 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (MSIE7 na) || url,doc.emergingthreats.net/2010461 1 || 2010462 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible Barracuda IM Firewall smtp_test.cgi Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/37248/info || url,doc.emergingthreats.net/2010462 1 || 2010463 || 6 || successful-user || 0 || ET WEB_SERVER RFI Scanner Success (Fx29ID) || url,doc.emergingthreats.net/2010463 || url,opinion.josepino.com/php/howto_website_hack1 1 || 2010465 || 5 || trojan-activity || 0 || ET TROJAN Potential Fake AV Download (download/install.php) || url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html || url,malwareurl.com || url,www.malwaredomainlist.com || url,doc.emergingthreats.net/2010465 1 || 2010466 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PointComma pctemplate.php pcConfig Parameter Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0911-exploits/pointcomma-rfi.txt || url,doc.emergingthreats.net/2010466 1 || 2010467 || 4 || web-application-attack || 0 || ET ACTIVEX SAP GUI vsflexGrid ActiveX Buffer Overflow Function call Attempt || url,dsecrg.com/pages/vul/show.php?id=117 || url,osvdb.org/show/osvdb/41939 || url,doc.emergingthreats.net/2010467 1 || 2010468 || 6 || web-application-attack || 0 || ET ACTIVEX SAP GUI vsflexGrid ActiveX Archive method Buffer Overflow CLSID Attempt || url,dsecrg.com/pages/vul/show.php?id=117 || url,osvdb.org/show/osvdb/41939 || url,doc.emergingthreats.net/2010468 1 || 2010469 || 6 || web-application-attack || 0 || ET ACTIVEX SAP GUI vsflexGrid ActiveX Text method Buffer Overflow CLSID Attempt || url,dsecrg.com/pages/vul/show.php?id=117 || url,osvdb.org/show/osvdb/41939 || url,doc.emergingthreats.net/2010469 1 || 2010470 || 6 || web-application-attack || 0 || ET ACTIVEX SAP GUI vsflexGrid ActiveX EditSelText method Buffer Overflow CLSID Attempt || url,dsecrg.com/pages/vul/show.php?id=117 || url,osvdb.org/show/osvdb/41939 || url,doc.emergingthreats.net/2010470 1 || 2010471 || 6 || web-application-attack || 0 || ET ACTIVEX SAP GUI vsflexGrid ActiveX EditText method Buffer Overflow CLSID Attempt || url,dsecrg.com/pages/vul/show.php?id=117 || url,osvdb.org/show/osvdb/41939 || url,doc.emergingthreats.net/2010471 1 || 2010472 || 6 || web-application-attack || 0 || ET ACTIVEX SAP GUI vsflexGrid ActiveX CellFontName method Buffer Overflow CLSID Attempt || url,dsecrg.com/pages/vul/show.php?id=117 || url,osvdb.org/show/osvdb/41939 || url,doc.emergingthreats.net/2010472 1 || 2010473 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS p-Table for WordPress wptable-tinymce.php ABSPATH Parameter RFI Attempt || url,osvdb.org/show/osvdb/56763 || url,doc.emergingthreats.net/2010473 1 || 2010474 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla eZine Component d4m_ajax_pagenav.php Remote File Inclusion Attempt || bugtraq,37043 || url,doc.emergingthreats.net/2010474 1 || 2010475 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KR-Web krgourl.php DOCUMENT_ROOT Parameter Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0911-exploits/krweb-rfi.txt || url,doc.emergingthreats.net/2010475 1 || 2010476 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter SELECT FROM SQL Injection Attempt || bugtraq,36808 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || url,doc.emergingthreats.net/2010476 1 || 2010477 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter DELETE FROM SQL Injection Attempt || bugtraq,36808 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || url,doc.emergingthreats.net/2010477 1 || 2010478 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter UNION SELECT SQL Injection Attempt || bugtraq,36808 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || url,doc.emergingthreats.net/2010478 1 || 2010479 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter INSERT INTO SQL Injection Attempt || bugtraq,36808 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || url,doc.emergingthreats.net/2010479 1 || 2010480 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter UPDATE SET SQL Injection Attempt || bugtraq,36808 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || url,doc.emergingthreats.net/2010480 1 || 2010481 || 6 || attempted-user || 0 || ET ACTIVEX SAP AG SAPgui EAI WebViewer2D ActiveX stack buffer overflow CLSid Access || url,dsecrg.com/pages/vul/show.php?id=143 || url,doc.emergingthreats.net/2010481 1 || 2010482 || 5 || attempted-user || 0 || ET ACTIVEX IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb || url,www.kb.cert.org/vuls/id/340420 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17871 || cve,2009-0215 || url,doc.emergingthreats.net/2010482 1 || 2010483 || 7 || attempted-user || 0 || ET ACTIVEX IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb || url,www.kb.cert.org/vuls/id/340420 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17871 || cve,2009-0215 || url,doc.emergingthreats.net/2010483 1 || 2010484 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FormMailer formmailer.admin.inc.php BASE_DIR Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/55751 || url,doc.emergingthreats.net/2010484 1 || 2010485 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phptraverse mp3_id.php GLOBALS Parameter Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0911-exploits/phptraverse-rfi.txt || url,doc.emergingthreats.net/2010485 1 || 2010486 || 2 || attempted-dos || 0 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) || url,www.kb.cert.org/vuls/id/568372 || cve,2009-3563 || url,doc.emergingthreats.net/2010486 1 || 2010487 || 2 || attempted-dos || 0 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) || url,www.kb.cert.org/vuls/id/568372 || cve,2009-3563 || url,doc.emergingthreats.net/2010487 1 || 2010488 || 2 || attempted-dos || 0 || ET DELETED Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) || url,www.kb.cert.org/vuls/id/568372 || cve,2009-3563 || url,doc.emergingthreats.net/2010488 1 || 2010489 || 2 || attempted-dos || 0 || ET DELETED Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) || url,www.kb.cert.org/vuls/id/568372 || cve,2009-3563 || url,doc.emergingthreats.net/2010489 1 || 2010490 || 6 || trojan-activity || 0 || ET TROJAN Vundo User-Agent Check-in || url,www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99 || url,doc.emergingthreats.net/2010490 1 || 2010491 || 2 || attempted-dos || 0 || ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt || url,www.securityfocus.com/bid/37297/info || url,marc.info/?l=oss-security&m=125881733826437&w=2 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297.txt || cve,2009-4019 || url,doc.emergingthreats.net/2010491 1 || 2010492 || 3 || attempted-dos || 0 || ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt || url,www.securityfocus.com/bid/37297/info || url,marc.info/?l=oss-security&m=125881733826437&w=2 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297-2.txt || cve,2009-4019 || url,doc.emergingthreats.net/2010492 1 || 2010493 || 2 || attempted-recon || 0 || ET SCAN Non-Allowed Host Tried to Connect to MySQL Server || url,www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html || url,doc.emergingthreats.net/2010493 1 || 2010494 || 2 || attempted-recon || 0 || ET SCAN Multiple MySQL Login Failures, Possible Brute Force Attempt || url,doc.emergingthreats.net/2010494 1 || 2010495 || 13 || attempted-user || 0 || ET WEB_CLIENT Possible Adobe Multimedia Doc.media.newPlayer Memory Corruption Attempt || url,www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb || url,vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html || bid,37331 || cve,2009-4324 1 || 2010496 || 6 || trojan-activity || 0 || ET DELETED Adobe 0day Shovelware || url,isc.sans.org/diary.html?storyid=7747 || url,doc.emergingthreats.net/2010496 1 || 2010497 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Facebook Spam Inbound (1) || url,doc.emergingthreats.net/2010497 || url,postmaster.facebook.com/outbound 1 || 2010498 || 4 || trojan-activity || 0 || ET DELETED Facebook Spam Inbound (2) || url,doc.emergingthreats.net/2010498 1 || 2010500 || 5 || trojan-activity || 0 || ET MALWARE Executable purporting to be .txt file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99 || url,doc.emergingthreats.net/2010500 1 || 2010501 || 5 || trojan-activity || 0 || ET MALWARE Executable purporting to be .cfg file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99 || url,doc.emergingthreats.net/2010501 1 || 2010505 || 6 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt || url,www.securityfocus.com/bid/34307/info || url,tools.cisco.com/security/center/viewAlert.x?alertId=17950 || cve,2009-1220 || url,doc.emergingthreats.net/2010505 1 || 2010506 || 5 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/29191/info || cve,2008-2165 || url,doc.emergingthreats.net/2010506 1 || 2010507 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible APC Switched Rack PDU Web Administration Interface Cross Site Scripting Attempt || url,securitytracker.com/alerts/2009/Dec/1023331.html || url,doc.emergingthreats.net/2010507 1 || 2010508 || 4 || attempted-recon || 0 || ET SCAN Springenwerk XSS Scanner User-Agent Detected || url,springenwerk.org/ || url,doc.emergingthreats.net/2010508 1 || 2010509 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sonicwall NSA E7500 XSS attempt (fwReg parameter) || url,securiteam.com/exploits/6O00C1FQAS.html || url,doc.emergingthreats.net/2010509 1 || 2010510 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible OSSIM uniqueid Parameter Remote Command Execution Attempt || url, www.securityfocus.com/bid/37375/info || url,doc.emergingthreats.net/2010510 1 || 2010511 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sonicwall Global Management System XSS attempt (scrn_name parameter) || url,securiteam.com/exploits/6P00D1FQAG.html || url,doc.emergingthreats.net/2010511 1 || 2010512 || 9 || trojan-activity || 0 || ET TROJAN FakeAV FakeSmoke HTTP POST check-in || url,isc.sans.org/diary.html?storyid=7768 || url,doc.emergingthreats.net/2010512 1 || 2010513 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 401 XSS Attempt (Local Source) || url,doc.emergingthreats.net/2010513 1 || 2010514 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 401 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010514 1 || 2010515 || 5 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 403 XSS Attempt (Local Source) || url,doc.emergingthreats.net/2010515 1 || 2010516 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 403 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010516 1 || 2010517 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 404 XSS Attempt (Local Source) || url,doc.emergingthreats.net/2010517 1 || 2010518 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010518 1 || 2010519 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 405 XSS Attempt (Local Source) || url,doc.emergingthreats.net/2010519 1 || 2010520 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 405 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010520 1 || 2010521 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 406 XSS Attempt (Local Source) || url,doc.emergingthreats.net/2010521 1 || 2010522 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 406 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010522 1 || 2010524 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 500 XSS Attempt (Internal Source) || url,doc.emergingthreats.net/2010524 1 || 2010525 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 500 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010525 1 || 2010526 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 503 XSS Attempt (Internal Source) || url,doc.emergingthreats.net/2010526 1 || 2010527 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 503 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010527 1 || 2010528 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla MyRemote Video Gallery (user_id) Blind SQL Injection Attempt || url,milw0rm.org/exploits/9733 || url,doc.emergingthreats.net/2010528 1 || 2010529 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla component com_jinc (newsid) Blind SQL Injection Attempt || url,milw0rm.org/exploits/9732 || url,doc.emergingthreats.net/2010529 1 || 2010530 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Loggix Project RFI Attempt || url,www.exploit-db.com/exploits/9729/ || url,doc.emergingthreats.net/2010530 1 || 2010531 || 2 || web-application-attack || 0 || ET DELETED Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt || url,securitytracker.com/alerts/2009/Dec/1023375.html || cve,2009-3702 || url,doc.emergingthreats.net/2010531 1 || 2010532 || 3 || trojan-activity || 0 || ET DELETED Malwareurl.com - potential oficla download (annonce.pdf) || url,www.malwareurl.com || url,doc.emergingthreats.net/2010532 1 || 2010534 || 3 || trojan-activity || 0 || ET DELETED Malwareurl.com - potential oficla download (loadjavad.php) || url,www.malwareurl.com || url,doc.emergingthreats.net/2010534 1 || 2010535 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component City Portal (Itemid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt || url,doc.emergingthreats.net/2010535 1 || 2010536 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component Event Manager 1.5 (id) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt || url,doc.emergingthreats.net/2010536 1 || 2010537 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_zcalendar (eid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt || url,doc.emergingthreats.net/2010537 1 || 2010538 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_acmis (Itemid) SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt || url,doc.emergingthreats.net/2010538 1 || 2010539 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_digistore (pid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0903-exploits/joomladigistore-sql.txt || url,doc.emergingthreats.net/2010539 1 || 2010540 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_jbook (Itemid) Blind SQL Injection Attempt || url,packetstormsecurity.org/filedesc/joomlajbook-sql.txt.html || url,doc.emergingthreats.net/2010540 1 || 2010541 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_personel (id) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlapersonel-sql.txt || url,doc.emergingthreats.net/2010541 1 || 2010542 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_joomportfolio (secid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt || url,doc.emergingthreats.net/2010542 1 || 2010543 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (poll.php) || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt || url,doc.emergingthreats.net/2010543 1 || 2010544 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (new.php) || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt || url,doc.emergingthreats.net/2010544 1 || 2010546 || 3 || attempted-admin || 0 || ET EXPLOIT HP Open View Data Protector Buffer Overflow Attempt || url,dvlabs.tippingpoint.com/advisory/TPTI-09-15 || url,doc.emergingthreats.net/2010546 || cve,2007-2281 1 || 2010547 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_username) || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt || url,doc.emergingthreats.net/2010547 1 || 2010548 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_server) || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt || url,doc.emergingthreats.net/2010548 1 || 2010549 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_path) || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt || url,doc.emergingthreats.net/2010549 1 || 2010550 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_password) || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt || url,doc.emergingthreats.net/2010550 1 || 2010551 || 8 || trojan-activity || 0 || ET DELETED iPhone Bot iKee.B Contacting C&C || url,mtc.sri.com/iPhone/ || url,doc.emergingthreats.net/2010551 1 || 2010553 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke Module Emporium SQL Injection Attempt || url,milw0rm.com/exploits/3334 || url,packetstormsecurity.org/0912-exploits/phpnukeemporium-sql.txt || url,doc.emergingthreats.net/2010553 1 || 2010554 || 4 || attempted-dos || 0 || ET DOS Netgear DG632 Web Management Denial Of Service Attempt || url, securitytracker.com/alerts/2009/Jun/1022403.html || cve,2009-2256 || url,doc.emergingthreats.net/2010554 1 || 2010555 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_joaktree Component treeId Parameter SELECT FROM SQL Injection Attempt || bugtraq,37178 || url,secunia.com/advisories/37535/ || url,doc.emergingthreats.net/2010555 1 || 2010556 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_joaktree Component treeId Parameter DELETE FROM SQL Injection Attempt || bugtraq,37178 || url,secunia.com/advisories/37535/ || url,doc.emergingthreats.net/2010556 1 || 2010557 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_joaktree Component treeId Parameter UNION SELECT SQL Injection Attempt || bugtraq,37178 || url,secunia.com/advisories/37535/ || url,doc.emergingthreats.net/2010557 1 || 2010558 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_joaktree Component treeId Parameter INSERT INTO SQL Injection Attempt || bugtraq,37178 || url,secunia.com/advisories/37535/ || url,doc.emergingthreats.net/2010558 1 || 2010559 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_joaktree Component treeId Parameter UPDATE SET SQL Injection Attempt || bugtraq,37178 || url,secunia.com/advisories/37535/ || url,doc.emergingthreats.net/2010559 1 || 2010560 || 4 || web-application-attack || 0 || ET ACTIVEX Microsoft Whale Intelligent App Gateway ActiveX Buffer Overflow Function call-1 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/mswhale_checkforupdates.rb || url,www.kb.cert.org/vuls/id/789121 || url,doc.emergingthreats.net/210560 1 || 2010561 || 4 || web-application-attack || 0 || ET ACTIVEX Microsoft Whale Intelligent App Gateway ActiveX Buffer Overflow Function call-2 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/mswhale_checkforupdates.rb || url,www.kb.cert.org/vuls/id/789121 || url,doc.emergingthreats.net/2010561 1 || 2010562 || 6 || web-application-attack || 0 || ET ACTIVEX Microsoft Whale Intelligent Application Gateway ActiveX Buffer Overflow-1 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/mswhale_checkforupdates.rb || url,www.kb.cert.org/vuls/id/789121 || url,doc.emergingthreats.net/2010562 1 || 2010563 || 6 || web-application-attack || 0 || ET ACTIVEX Microsoft Whale Intelligent Application Gateway ActiveX Buffer Overflow-2 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/mswhale_checkforupdates.rb || url,www.kb.cert.org/vuls/id/789121 || url,doc.emergingthreats.net/2010563 1 || 2010564 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sisplet CMS komentar.php site_path Parameter Remote File Inclusion Attempt || bugtraq,23334 || url,doc.emergingthreats.net/2010564 1 || 2010565 || 12 || trojan-activity || 0 || ET TROJAN Bebloh C&C HTTP POST || url,doc.emergingthreats.net/2010565 1 || 2010566 || 4 || trojan-activity || 0 || ET DELETED Zbot update (av_base/pay.php) || url,www.threatexpert.com/report.aspx?md5=06e69bfb6fffa17c4fc1e23af71b345c || url,doc.emergingthreats.net/2010566 1 || 2010567 || 4 || trojan-activity || 0 || ET DELETED Zbot update (av_base/ip.php) || url,www.threatexpert.com/report.aspx?md5=06e69bfb6fffa17c4fc1e23af71b345c || url,doc.emergingthreats.net/2010567 1 || 2010568 || 4 || trojan-activity || 0 || ET DELETED Zbot update (av-i386-daily.zip) || url,www.threatexpert.com/report.aspx?md5=06e69bfb6fffa17c4fc1e23af71b345c || url,doc.emergingthreats.net/2010565 1 || 2010569 || 6 || trojan-activity || 0 || ET DELETED Trojan Downloader Win32/Small.CBA download || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FSmall.CBA&ThreatID=-2147372177 || url,doc.emergingthreats.net/2010569 1 || 2010570 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Moderate Islam...) || url,doc.emergingthreats.net/2010570 1 || 2010571 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Jihad, Martyrdom...) || url,doc.emergingthreats.net/2010571 1 || 2010572 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (The Call to Global...) || url,doc.emergingthreats.net/2010572 1 || 2010573 || 3 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Knights under the...) || url,doc.emergingthreats.net/2010573 1 || 2010574 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Jihad against...) || url,doc.emergingthreats.net/2010574 1 || 2010575 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Declaration of War against the Americans...) || url,doc.emergingthreats.net/2010575 1 || 2010576 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Join the Caravan of Martyrs...) || url,doc.emergingthreats.net/2010576 1 || 2010577 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Sharia and Democracy...) || url,doc.emergingthreats.net/2010577 1 || 2010578 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Al Qaeda Propaganda Theme (fardh ain) || url,doc.emergingthreats.net/2010578 1 || 2010579 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Al Qaeda Propaganda Theme/Group (Takfir) || url,doc.emergingthreats.net/2010579 1 || 2010580 || 4 || policy-violation || 0 || ET POLICY Possible Reference to Al Qaeda Propaganda Theme (Al-Wala' Wal Bara) || url,doc.emergingthreats.net/2010580 1 || 2010581 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Moderate Islam...) SMTP || url,doc.emergingthreats.net/2010581 1 || 2010582 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Jihad, Martyrdom...) SMTP || url,doc.emergingthreats.net/2010582 1 || 2010583 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (The Call to Global...) SMTP || url,doc.emergingthreats.net/2010583 1 || 2010584 || 3 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Knights under the...) SMTP || url,doc.emergingthreats.net/2010584 1 || 2010585 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Jihad against...) SMTP || url,doc.emergingthreats.net/2010585 1 || 2010586 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Declaration of War against the Americans...) SMTP || url,doc.emergingthreats.net/2010586 1 || 2010587 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Join the Caravan of Martyrs...) SMTP || url,doc.emergingthreats.net/2010587 1 || 2010588 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Sharia and Democracy...) SMTP || url,doc.emergingthreats.net/2010588 1 || 2010589 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Al Qaeda Propaganda Theme (fardh ain) SMTP || url,doc.emergingthreats.net/2010589 1 || 2010590 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Al Qaeda Propaganda Theme/Group (Takfir) SMTP || url,doc.emergingthreats.net/2010590 1 || 2010591 || 4 || policy-violation || 0 || ET POLICY Possible Reference to Al Qaeda Propaganda Theme (Al-Wala' Wal Bara) SMTP || url,doc.emergingthreats.net/2010591 1 || 2010592 || 7 || web-application-attack || 0 || ET WEB_SERVER Possible Microsoft Internet Information Services (IIS) .asp Filename Extension Parsing File Upload Security Bypass Attempt (asp) || url,www.securityfocus.com/bid/37460/info || url,doc.emergingthreats.net/2010592 || url,www.securityfocus.com/bid/37460/info || url,soroush.secproject.com/downloadable/iis-semicolon-report.pdf || cve,2009-4444 1 || 2010593 || 7 || web-application-attack || 0 || ET WEB_SERVER Possible Microsoft Internet Information Services (IIS) .aspx Filename Extension Parsing File Upload Security Bypass Attempt (aspx) || url,www.securityfocus.com/bid/37460/info || url,doc.emergingthreats.net/2010593 || url,www.securityfocus.com/bid/37460/info || url,soroush.secproject.com/downloadable/iis-semicolon-report.pdf || cve,2009-4444 1 || 2010594 || 7 || trojan-activity || 0 || ET TROJAN Potential FakeAV HTTP POST Check-IN (?r=) || url,www.threatexpert.com/report.aspx?md5=94e13e13c6da5e32bde00bc527475bd2 || url,www.malwaredomainlist.com/forums/index.php?topic=3190.420 || url,doc.emergingthreats.net/2010594 1 || 2010595 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (???) || url,doc.emergingthreats.net/2010595 1 || 2010596 || 2 || trojan-activity || 0 || ET TROJAN Trest1 Binary Download Attempt (multiple malware variants served) || url,www.malwaredomainlist.com || url,www.malwareurl.com/search.php?domain=&s=trest1&match=0&rp=200&urls=on&redirs=on&ip=on&reverse=on&as=on || url,doc.emergingthreats.net/2010596 1 || 2010597 || 5 || trojan-activity || 0 || ET TROJAN Potential FakeAV HTTP GET Check-IN (/check) || url,www.threatexpert.com/report.aspx?md5=94e13e13c6da5e32bde00bc527475bd2 || url,www.malwaredomainlist.com/forums/index.php?topic=3190.420 || url,doc.emergingthreats.net/2010597 1 || 2010599 || 6 || trojan-activity || 0 || ET MALWARE User-Agent Mozilla/3.0 || url,doc.emergingthreats.net/2010599 1 || 2010600 || 3 || trojan-activity || 0 || ET DELETED Suspicious User Agent WebUpdate || url,doc.emergingthreats.net/2010600 1 || 2010601 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 35mm Slide Gallery imgdir Parameter Directory Traversal Attempt || url,www.packetstormsecurity.org/0912-exploits/35mmsg-traversal.txt || url,doc.emergingthreats.net/2010601 1 || 2010602 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClarkConnect Linux proxy.php XSS Attempt || url,www.securityfocus.com/bid/37446/info || url,doc.emergingthreats.net/2010602 1 || 2010604 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PozScripts Classified Ads 'store_info.php' SQL Injection Attempt || url,www.securityfocus.com/bid/37541/info || url,doc.emergingthreats.net/2010604 1 || 2010605 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Component com_viewfulllisting SQL Injection Attempt || url,www.packetstormsecurity.org/0912-exploits/mambovfl-sql.txt || url,doc.emergingthreats.net/2010605 1 || 2010606 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_kkcontent Blind SQL Injection Attempt || url,www.packetstormsecurity.org/0912-exploits/joomlakkcontent-sql.txt || url,doc.emergingthreats.net/2010606 1 || 2010607 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Attempt || url,www.packetstormsecurity.org/0912-exploits/xoopsdictionary-sql.txt || url,doc.emergingthreats.net/2010607 1 || 2010608 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iPortal X gallery_show.asp GID parameter Blind SQL Injection Attempt || url,www.packetstormsecurity.org/0912-exploits/galleryshow-sql.txt || url,doc.emergingthreats.net/2010608 1 || 2010609 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Helpdesk Pilot Knowledge Base SQL Injection Attempt || url,www.www.packetstormsecurity.org/0912-exploits/helpdesk-sql.txt || url,doc.emergingthreats.net/2010609 1 || 2010610 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RoseOnline CMS LFI Attempt || url,www.packetstormsecurity.org/0912-exploits/roseonlinecms-lfi.txt || url,doc.emergingthreats.net/2010610 1 || 2010611 || 6 || web-application-attack || 0 || ET ACTIVEX HP Openview NNM ActiveX DisplayName method Memory corruption Attempt || url,www.securityfocus.com/archive/1/507948 || url,doc.emergingthreats.net/2010611 1 || 2010612 || 6 || web-application-attack || 0 || ET ACTIVEX HP Openview NNM ActiveX AddGroup method Memory corruption Attempt || url,www.securityfocus.com/archive/1/507948 || url,doc.emergingthreats.net/2010612 1 || 2010613 || 6 || web-application-attack || 0 || ET ACTIVEX HP Openview NNM ActiveX InstallComponent method Memory corruption Attempt || url,www.securityfocus.com/archive/1/507948 || url,doc.emergingthreats.net/2010613 1 || 2010614 || 6 || web-application-attack || 0 || ET ACTIVEX HP Openview NNM ActiveX Subscribe method Memory corruption Attempt || url,www.securityfocus.com/archive/1/507948 || url,doc.emergingthreats.net/2010614 1 || 2010615 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBMS invoices_discount_ajax.php id Parameter SELECT FROM SQL Injection Attempt || url,osvdb.org/show/osvdb/59194 || url,xforce.iss.net/xforce/xfdb/51650 || url,doc.emergingthreats.net/2010615 1 || 2010616 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBMS invoices_discount_ajax.php id Parameter DELETE FROM SQL Injection Attempt || url,osvdb.org/show/osvdb/59194 || url,xforce.iss.net/xforce/xfdb/51650 || url,doc.emergingthreats.net/2010616 1 || 2010617 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBMS invoices_discount_ajax.php id Parameter UNION SELECT SQL Injection Attempt || url,osvdb.org/show/osvdb/59194 || url,xforce.iss.net/xforce/xfdb/51650 || url,doc.emergingthreats.net/2010617 1 || 2010618 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBMS invoices_discount_ajax.php id Parameter INSERT INTO SQL Injection Attempt || url,osvdb.org/show/osvdb/59194 || url,xforce.iss.net/xforce/xfdb/51650 || url,doc.emergingthreats.net/2010618 1 || 2010619 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBMS invoices_discount_ajax.php id Parameter UPDATE SET SQL Injection Attempt || url,osvdb.org/show/osvdb/59194 || url,xforce.iss.net/xforce/xfdb/51650 || url,doc.emergingthreats.net/2010619 1 || 2010620 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mamboleto Joomla component mamboleto.php Remote File Inclusion Attempt || url,xforce.iss.net/xforce/xfdb/54662 || url,www.exploit-db.com/exploits/10369 || url,doc.emergingthreats.net/2010620 1 || 2010621 || 4 || web-application-attack || 0 || ET WEB_SERVER SQL Injection Attempt (Agent CZ32ts) || url,doc.emergingthreats.net/2009029 || url,www.Whitehatsecurityresponse.blogspot.com 1 || 2010622 || 4 || web-application-attack || 0 || ET WEB_SERVER Possible Cisco Subscriber Edge Services Manager Cross Site Scripting/HTML Injection Attempt || url,www.securityfocus.com/bid/34454/info || url,doc.emergingthreats.net/2010622 1 || 2010623 || 3 || web-application-attack || 0 || ET WEB_SERVER Cisco IOS HTTP Server Exec Command Execution Attempt || url,articles.techrepublic.com.com/5100-10878_11-6039967.html || url,doc.emergingthreats.net/2010623 1 || 2010624 || 2 || attempted-dos || 0 || ET CURRENT_EVENTS Possible Cisco PIX/ASA Denial Of Service Attempt (Hping Created Packets) || url,www.securityfocus.com/bid/34429/info || url,www.securityfocus.com/bid/34429/exploit || url,www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html || cve,2009-1157 || url,doc.emergingthreats.net/2010624 1 || 2010625 || 7 || trojan-activity || 0 || ET TROJAN FakeAV Landing Page (aid,sid) || url,www.bleepingcomputer.com/forums/lofiversion/index.php/t247125.html || url,doc.emergingthreats.net/2010625 1 || 2010626 || 7 || trojan-activity || 0 || ET TROJAN Likely FakeAV/Fakeinit/FraudLoad Checkin || url,www.threatexpert.com/report.aspx?md5=f5e907a11831c757a94cde9257b3574c || url,doc.emergingthreats.net/2010626 1 || 2010627 || 7 || trojan-activity || 0 || ET TROJAN Likely FakeAV/Fakeinit/FraudLoad Checkin || url,www.threatexpert.com/report.aspx?md5=f5e907a11831c757a94cde9257b3574c || url,doc.emergingthreats.net/2010627 1 || 2010628 || 7 || trojan-activity || 0 || ET TROJAN Likely FakeAV/Fakeinit/FraudLoad Checkin || url,www.threatexpert.com/report.aspx?md5=f5e907a11831c757a94cde9257b3574c || url,doc.emergingthreats.net/2010628 1 || 2010629 || 3 || trojan-activity || 0 || ET DELETED MySpace Spam Inbound || url,doc.emergingthreats.net/2010629 1 || 2010630 || 5 || trojan-activity || 0 || ET MALWARE Generic Adware Install Report || url,doc.emergingthreats.net/2010630 1 || 2010631 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyFusion last_seen_users_panel.php settings Parameter Local File Inclusion Attempt || url,osvdb.org/show/osvdb/56583 || url,www.exploit-db.com/exploits/9018/ || url,doc.emergingthreats.net/2010631 1 || 2010636 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jphoto Component Id Parameter SELECT FROM SQL Injection Attempt || bugtraq,37279 || url,doc.emergingthreats.net/2010636 1 || 2010637 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jphoto Component Id Parameter DELETE FROM SQL Injection Attempt || bugtraq,37279 || url,doc.emergingthreats.net/2010637 1 || 2010638 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jphoto Component Id Parameter UNION SELECT SQL Injection Attempt || bugtraq,37279 || url,doc.emergingthreats.net/2010638 1 || 2010639 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jphoto Component Id Parameter INSERT INTO SQL Injection Attempt || bugtraq,37279 || url,doc.emergingthreats.net/2010639 1 || 2010640 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jphoto Component Id Parameter UPDATE SET SQL Injection Attempt || bugtraq,37279 || url,doc.emergingthreats.net/2010640 1 || 2010641 || 2 || misc-activity || 0 || ET SCAN ICMP @hello request, Likely Precursor to Scan || url,doc.emergingthreats.net/2010641 1 || 2010642 || 3 || attempted-recon || 0 || ET SCAN Multiple FTP Root Login Attempts from Single Source - Possible Brute Force Attempt || url,doc.emergingthreats.net/2010642 1 || 2010643 || 3 || attempted-recon || 0 || ET SCAN Multiple FTP Administrator Login Attempts from Single Source - Possible Brute Force Attempt || url,doc.emergingthreats.net/2010643 1 || 2010644 || 15 || trojan-activity || 0 || ET CURRENT_EVENTS UPS Spam Inbound 1 || 2010645 || 8 || trojan-activity || 0 || ET POLICY User-Agent (Launcher) || url,doc.emergingthreats.net/2010645 1 || 2010646 || 3 || trojan-activity || 0 || ET TROJAN Lethic Spambot CnC Initial Connect || url,www.m86security.com/trace/spambotitem.asp?article=1205 || url,doc.emergingthreats.net/2010646 1 || 2010647 || 3 || trojan-activity || 0 || ET TROJAN Lethic Spambot CnC Initial Connect Bot Response || url,www.m86security.com/trace/spambotitem.asp?article=1205 || url,doc.emergingthreats.net/2010647 1 || 2010648 || 3 || trojan-activity || 0 || ET TROJAN Lethic Spambot CnC Connect Command || url,www.m86security.com/trace/spambotitem.asp?article=1205 || url,doc.emergingthreats.net/2010648 1 || 2010649 || 3 || trojan-activity || 0 || ET TROJAN Lethic Spambot CnC Connect Command (port 25 specifically) || url,www.m86security.com/trace/spambotitem.asp?article=1205 || url,doc.emergingthreats.net/2010649 1 || 2010650 || 3 || trojan-activity || 0 || ET TROJAN Lethic Spambot CnC Bot Command Confirmation || url,www.m86security.com/trace/spambotitem.asp?article=1205 || url,doc.emergingthreats.net/2010650 1 || 2010651 || 3 || trojan-activity || 0 || ET TROJAN Lethic Spambot CnC Bot Transaction Relay || url,www.m86security.com/trace/spambotitem.asp?article=1205 || url,doc.emergingthreats.net/2010651 1 || 2010652 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php SELECT FROM SQL Injection Attempt || url,www.exploit-db.com/exploits/10479 || url,doc.emergingthreats.net/2010652 1 || 2010653 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php DELETE FROM SQL Injection Attempt || url,www.exploit-db.com/exploits/10479 || url,doc.emergingthreats.net/2010653 1 || 2010654 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php UNION SELECT SQL Injection Attempt || url,www.exploit-db.com/exploits/10479 || url,doc.emergingthreats.net/2010654 1 || 2010655 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php INSERT INTO SQL Injection Attempt || url,www.exploit-db.com/exploits/10479 || url,doc.emergingthreats.net/2010655 1 || 2010656 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php UPDATE SET SQL Injection Attempt || url,www.exploit-db.com/exploits/10479 || url,doc.emergingthreats.net/2010656 1 || 2010657 || 5 || web-application-attack || 0 || ET ACTIVEX EasyMail Object SMTP Component Buffer Overflow Function call Attempt || url,secunia.com/advisories/24199/ || url,www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb || url,doc.emergingthreats.net/2010657 1 || 2010658 || 2 || web-application-attack || 0 || ET ACTIVEX EasyMail Object IMAP4 Component Buffer Overflow Function call Attempt || url,secunia.com/advisories/24199/ || url,doc.emergingthreats.net/2010658 1 || 2010659 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla mojoBlog wp-comments-post.php Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0912-exploits/joomlamojoblog-rfi.txt || bugtraq,37179 || url,doc.emergingthreats.net/2010659 1 || 2010660 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla mojoBlog wp-trackback.php Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0912-exploits/joomlamojoblog-rfi.txt || bugtraq,37179 || url,doc.emergingthreats.net/2010660 1 || 2010661 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS epay a_affil.php _REQUEST Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10697 || url,doc.emergingthreats.net/2010661 1 || 2010664 || 5 || attempted-user || 0 || ET WEB_CLIENT Possible Adobe Reader and Acrobat Forms Data Format Remote Security Bypass Attempt || url,www.securityfocus.com/bid/37763 || cve,2009-3956 || url,doc.emergingthreats.net/2010664 || url,www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf 1 || 2010665 || 7 || attempted-user || 0 || ET ACTIVEX Possible NOS Microsystems Adobe Reader/Acrobat getPlus Get_atlcomHelper ActiveX Control Multiple Stack Overflows Remote Code Execution Attempt || url,www.securityfocus.com/bid/37759 || url,www.kb.cert.org/vuls/id/773545 || url,www.adobe.com/support/security/bulletins/apsb10-02.html || url,www.exploit-db.com/exploits/11172/ || cve,2009-3958 || url,doc.emergingthreats.net/2010665 1 || 2010666 || 3 || attempted-user || 0 || ET DELETED Adobe Macromedia Flash Player In Windows XP Remote Arbitrary Code Execution CLSID Access Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=19710 || url,www.kb.cert.org/vuls/id/204889 || url,www.microsoft.com/technet/security/advisory/979267.mspx || url,doc.emergingthreats.net/2010666 1 || 2010667 || 5 || web-application-attack || 0 || ET WEB_SERVER /bin/bash In URI, Possible Shell Command Execution Attempt Within Web Exploit || url,doc.emergingthreats.net/2010667 1 || 2010669 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring Application INTO OUTFILE SQL Injection Attempt || url,www.securityfocus.com/bid/37802/info || url,doc.emergingthreats.net/2010669 1 || 2010670 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring Application SELECT FROM SQL Injection Attempt || url,www.securityfocus.com/bid/37802/info || url,doc.emergingthreats.net/2010670 1 || 2010672 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring Application INSERT INTO SQL Injection Attempt || url,www.securityfocus.com/bid/37802/info || url,doc.emergingthreats.net/2010672 1 || 2010673 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring Application UNTION SELECT SQL Injection Attempt || url,www.securityfocus.com/bid/37802/info || url,doc.emergingthreats.net/2010673 1 || 2010674 || 7 || attempted-dos || 0 || ET DOS Cisco 4200 Wireless Lan Controller Long Authorisation Denial of Service Attempt || url,www.securityfocus.com/bid/35805 || url,www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml || cve,2009-1164 || url,doc.emergingthreats.net/2010674 1 || 2010675 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (SogouExplorerMiniSetup) || url,doc.emergingthreats.net/2010675 1 || 2010676 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (Fast Browser Search) || url,doc.emergingthreats.net/2010676 1 || 2010677 || 6 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (My Session) || url,doc.emergingthreats.net/2010677 1 || 2010678 || 6 || trojan-activity || 0 || ET TROJAN Win32.OnLineGames User-Agent (BigFoot) || url,doc.emergingthreats.net/2010678 1 || 2010679 || 5 || trojan-activity || 0 || ET MALWARE Trojan.Win32.InternetAntivirus User-Agent (General Antivirus) || url,doc.emergingthreats.net/2010679 1 || 2010680 || 5 || trojan-activity || 0 || ET MALWARE chnsystem.com Spyware User-Agent (Update1.0) || url,doc.emergingthreats.net/2010680 1 || 2010681 || 2 || misc-activity || 0 || ET SCAN ICMP Delphi, Likely Precursor to Scan || url,www.koders.com/delphi/fid942A4EAF946B244BD3CD9BC83FEAAC35BA1F38AB.aspx || url,doc.emergingthreats.net/2010681 1 || 2010682 || 5 || trojan-activity || 0 || ET DELETED FakeAV AntivirusDoktor2009 User-Agent (768) || url,doc.emergingthreats.net/2010682 1 || 2010683 || 6 || trojan-activity || 0 || ET DELETED FakeAV AntivirusDoktor2009 User-Agent (657) || url,doc.emergingthreats.net/2010683 1 || 2010684 || 4 || trojan-activity || 0 || ET TROJAN Likely Fake Antivirus Download Setup_2012.exe || url,doc.emergingthreats.net/xxxxxxx 1 || 2010686 || 2 || misc-activity || 0 || ET SCAN ICMP =XXXXXXXX Likely Precursor to Scan || url,doc.emergingthreats.net/2010686 1 || 2010687 || 5 || web-application-attack || 0 || ET WEB_SERVER HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow Attempt || cve,2009-3849 || url,doc.emergingthreats.net/2010687 1 || 2010690 || 4 || attempted-user || 0 || ET ACTIVEX Possible activePDF WebGrabber ActiveX Control Buffer Overflow Function Call Attempt || url,www.fortiguard.com/encyclopedia/vulnerability/activepdf.webgrabber.apwebgrb.ocx.activex.access.html || url,packetstormsecurity.org/0911-exploits/activepdf_webgrabber.rb.txt || url,doc.emergingthreats.net/2010690 1 || 2010691 || 5 || attempted-user || 0 || ET ACTIVEX Possible activePDF WebGrabber ActiveX Control Buffer Overflow Attempt || url,www.fortiguard.com/encyclopedia/vulnerability/activepdf.webgrabber.apwebgrb.ocx.activex.access.html || url,packetstormsecurity.org/0911-exploits/activepdf_webgrabber.rb.txt || url,doc.emergingthreats.net/2010691 1 || 2010692 || 4 || attempted-user || 0 || ET ACTIVEX Possible McAfee Remediation Client Enginecom.Dll ActiveX Code Execution Function Call Attempt || url,fgc.fortinet.com/encyclopedia/vulnerability/mcafee.remediation.client.enginecom.dll.activex.access.html || url,doc.emergingthreats.net/2010692 1 || 2010693 || 6 || attempted-user || 0 || ET ACTIVEX Possible Novell iPrint Client ExecuteRequest ActiveX Control Buffer Overflow Attempt || cve,2008-0935 || url,doc.emergingthreats.net/2010693 1 || 2010694 || 6 || attempted-user || 0 || ET ACTIVEX Possible Novell iPrint Client GetDriverSettings ActiveX Control Buffer Overflow Attempt || cve,2008-2908 || url,doc.emergingthreats.net/2010694 1 || 2010695 || 2 || trojan-activity || 0 || ET TROJAN Aurora Backdoor (C&C) client connection to CnC || url,www.trustedsource.org/blog/373/An-Insight-into-the-Aurora-Communication-Protocol || url,doc.emergingthreats.net/2010695 1 || 2010696 || 2 || trojan-activity || 0 || ET TROJAN Aurora Backdoor (C&C) connection CnC response || url,www.trustedsource.org/blog/373/An-Insight-into-the-Aurora-Communication-Protocol || url,doc.emergingthreats.net/2010696 1 || 2010697 || 5 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent Beginning with digits - Likely spyware/trojan || url,doc.emergingthreats.net/2010697 1 || 2010698 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible D-Link Router HNAP Protocol Security Bypass Attempt || url,www.securityfocus.com/bid/37690 || url,doc.emergingthreats.net/2010698 1 || 2010699 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible HP Power Manager Management Web Server Login Remote Buffer Overflow Attempt || url,www.securityfocus.com/bid/36933 || cve,2009-2685 || url,doc.emergingthreats.net/2010699 1 || 2010700 || 6 || trojan-activity || 0 || ET TROJAN Likely Koobface Beaconing (getexe) || url,doc.emergingthreats.net/2010700 1 || 2010701 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VBulletin 4.0.1 SQL Injection Attempt || url,www.packetstormsecurity.org/1001-exploits/vbulletin401-sql.txt || url,doc.emergingthreats.net/2010701 1 || 2010702 || 4 || attempted-user || 0 || ET ACTIVEX Possible Windows Live Messenger ActiveX Control RichUploadControlContextData Buffer Overflow Attempt || url,www.securityfocus.com/bid/37908/info || url,doc.emergingthreats.net/2010702 1 || 2010703 || 4 || attempted-user || 0 || ET ACTIVEX Possible Windows Live Messenger ActiveX Control RichUploadControlContextData Buffer Overflow Function Call Attempt || url,www.securityfocus.com/bid/37908/info || url,doc.emergingthreats.net/2010703 1 || 2010704 || 5 || web-application-attack || 0 || ET WEB_SERVER Possible HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow Attempt || cve,2009-4179 || url,doc.emergingthreats.net/2010704 1 || 2010705 || 3 || attempted-user || 0 || ET ACTIVEX Adobe browser document ActiveX DoS Function call Attempt || url,www.packetstormsecurity.nl/0911-exploits/acropdf-dos.txt || url,doc.emergingthreats.net/2010705 1 || 2010706 || 9 || policy-violation || 0 || ET USER_AGENTS Internet Explorer 6 in use - Significant Security Risk || url,doc.emergingthreats.net/2010706 1 || 2010707 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dros core.write_compiled_include.php smarty Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10682 || url,doc.emergingthreats.net/2010707 1 || 2010708 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dros core.process_compiled_include.php smarty Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10682 || url,doc.emergingthreats.net/2010708 1 || 2010709 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dros function.config_load.php _compile_file Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10682 || url,doc.emergingthreats.net/2010709 1 || 2010710 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Foobla Suggestions Component idea_id SELECT FROM SQL Injection Attempt || bugtraq,36425 || url,doc.emergingthreats.net/2010710 1 || 2010711 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Foobla Suggestions Component idea_id DELETE FROM SQL Injection Attempt || bugtraq,36425 || url,doc.emergingthreats.net/2010711 1 || 2010712 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Foobla Suggestions Component idea_id UNION SELECT SQL Injection Attempt || bugtraq,36425 || url,doc.emergingthreats.net/2010712 1 || 2010713 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Foobla Suggestions Component idea_id INSERT INTO SQL Injection Attempt || bugtraq,36425 || url,doc.emergingthreats.net/2010713 1 || 2010714 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Foobla Suggestions Component idea_id UPDATE SET SQL Injection Attempt || bugtraq,36425 || url,doc.emergingthreats.net/2010714 1 || 2010715 || 9 || web-application-attack || 0 || ET SCAN ZmEu exploit scanner || url,doc.emergingthreats.net/2010715 1 || 2010716 || 3 || trojan-activity || 0 || ET DELETED Malwareurl - wywg executable download Likely Malware || url,malwareurl.com || url,doc.emergingthreats.net/2010716 1 || 2010717 || 5 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (FaceCooker) || url,doc.emergingthreats.net/2010717 1 || 2010718 || 6 || trojan-activity || 0 || ET TROJAN Gootkit Checkin User-Agent (Gootkit HTTP Client) || url,doc.emergingthreats.net/2010718 1 || 2010719 || 2 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS e107 CMS backdoor access, admin-access cookie and HTTP POST || url,seclists.org/fulldisclosure/2010/Jan/480 || url,www.e107.org/news.php || url,doc.emergingthreats.net/2010719 1 || 2010720 || 3 || web-application-attack || 0 || ET WEB_SERVER PHP Scan Precursor || url,doc.emergingthreats.net/2010720 1 || 2010721 || 7 || bad-unknown || 0 || ET USER_AGENTS Suspicious Non-Escaping backslash in User-Agent Outbound || url,www.w3.org/Protocols/rfc2616/rfc2616-sec14.html || url,mws.amazon.com/docs/devGuide/UserAgent.html || url,doc.emergingthreats.net/2010721 1 || 2010722 || 7 || bad-unknown || 0 || ET USER_AGENTS Suspicious Non-Escaping backslash in User-Agent Inbound || url,www.w3.org/Protocols/rfc2616/rfc2616-sec14.html || url,mws.amazon.com/docs/devGuide/UserAgent.html || url,doc.emergingthreats.net/2010722 1 || 2010723 || 4 || trojan-activity || 0 || ET TROJAN Oficla Russian Malware Bundle C&C instruction response with runurl || url,malwarelab.org/2009/11/russian-malware-bundle/ || url,doc.emergingthreats.net/2010723 1 || 2010724 || 4 || trojan-activity || 0 || ET TROJAN Oficla Russian Malware Bundle C&C instruction response || url,malwarelab.org/2009/11/russian-malware-bundle/ || url,doc.emergingthreats.net/2010724 1 || 2010725 || 8 || attempted-recon || 0 || ET POLICY ApacheBenchmark Tool User-Agent Detected || url,httpd.apache.org/docs/2.0/programs/ab.html/ || url,doc.emergingthreats.net/2010725 1 || 2010726 || 3 || attempted-user || 0 || ET ACTIVEX Adobe browser document ActiveX DoS Attempt || url,www.packetstormsecurity.nl/0911-exploits/acropdf-dos.txt || url,doc.emergingthreats.net/2010726 1 || 2010727 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (Live Enterprise Suite) || url,doc.emergingthreats.net/2010727 1 || 2010728 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress wp-admin/admin.php Module Configuration Security Bypass Attempt || url,www.securityfocus.com/bid/35584 || cve,2009-2334 || url,doc.emergingthreats.net/2010728 1 || 2010729 || 6 || trojan-activity || 0 || ET DELETED Zeus Bot / Zbot Checkin (/us01d/in.php) || url,garwarner.blogspot.com/2010/01/american-bankers-association-version-of.html || url,doc.emergingthreats.net/2010729 1 || 2010730 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible Cisco ASA Appliance Clientless SSL VPN HTML Rewriting Security Bypass Attempt/Cross Site Scripting Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=18442 || url,www.securityfocus.com/archive/1/504516 || url,www.securityfocus.com/bid/35476 || cve,2009-1201 || cve,2009-1202 || url,doc.emergingthreats.net/2010730 1 || 2010731 || 4 || attempted-recon || 0 || ET FTP FTP CWD command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010731 1 || 2010732 || 2 || attempted-recon || 0 || ET FTP FTP SITE command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010732 1 || 2010733 || 2 || attempted-recon || 0 || ET FTP FTP RMDIR command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010733 1 || 2010734 || 2 || attempted-recon || 0 || ET FTP FTP MKDIR command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010734 1 || 2010735 || 2 || attempted-recon || 0 || ET FTP FTP PWD command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010735 1 || 2010736 || 2 || attempted-recon || 0 || ET FTP FTP RETR command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010736 1 || 2010737 || 2 || attempted-recon || 0 || ET FTP FTP NLST command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010737 1 || 2010738 || 2 || attempted-recon || 0 || ET FTP FTP RNTO command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010738 1 || 2010739 || 2 || attempted-recon || 0 || ET FTP FTP RNFR command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010739 1 || 2010740 || 2 || attempted-recon || 0 || ET FTP FTP STOR command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010740 1 || 2010741 || 4 || trojan-activity || 0 || ET TROJAN Suspicious exe.exe request - possible downloader/Oficla || url,anubis.iseclab.org/?action=result&task_id=11873c8979f34c8d4fd0da512df635cac&format=txt || url,doc.emergingthreats.net/2010741 1 || 2010742 || 4 || trojan-activity || 0 || ET DELETED Pinkslipbot Trojan Downloader || url,doc.emergingthreats.net/2010742 1 || 2010743 || 8 || trojan-activity || 0 || ET TROJAN Oficla Checkin (1) || url,www.threatexpert.com/report.aspx?md5=f71d48a86776f8c0da4d7a46257ff97c || url,doc.emergingthreats.net/2010743 1 || 2010744 || 4 || trojan-activity || 0 || ET TROJAN Oficla Russian Malware Bundle C&C instruction response (2) || url,malwarelab.org/2009/11/russian-malware-bundle/ || url,doc.emergingthreats.net/2010744 1 || 2010745 || 2 || attempted-user || 0 || ET ACTIVEX SoftArtisans XFile FileManager ActiveX stack overfow Function call Attempt || url,www.kb.cert.org/vuls/id/914785 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,osvdb.org/47794 || url,doc.emergingthreats.net/2010745 1 || 2010746 || 2 || attempted-user || 0 || ET ACTIVEX SoftArtisans XFile FileManager ActiveX Buildpath method stack overflow Attempt || url,www.kb.cert.org/vuls/id/914785 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,osvdb.org/47794 || url,doc.emergingthreats.net/2010746 1 || 2010747 || 2 || attempted-user || 0 || ET ACTIVEX SoftArtisans XFile FileManager ActiveX GetDriveName method stack overflow Attempt || url,www.kb.cert.org/vuls/id/914785 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,osvdb.org/47794 || url,doc.emergingthreats.net/2010747 1 || 2010748 || 2 || attempted-user || 0 || ET ACTIVEX SoftArtisans XFile FileManager ActiveX DriveExists method stack overflow Attempt || url,www.kb.cert.org/vuls/id/914785 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,osvdb.org/47794 || url,doc.emergingthreats.net/2010748 1 || 2010749 || 2 || attempted-user || 0 || ET ACTIVEX SoftArtisans XFile FileManager ActiveX DeleteFile method stack overflow Attempt || url,www.kb.cert.org/vuls/id/914785 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,osvdb.org/47794 || url,doc.emergingthreats.net/2010749 1 || 2010750 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter SELECT FROM SQL Injection Attempt || bugtraq,37146 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || url,doc.emergingthreats.net/2010750 1 || 2010751 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter DELETE FROM SQL Injection Attempt || bugtraq,37146 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || url,doc.emergingthreats.net/2010751 1 || 2010752 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter UNION SELECT SQL Injection Attempt || bugtraq,37146 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || url,doc.emergingthreats.net/2010752 1 || 2010753 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter INSERT INTO SQL Injection Attempt || bugtraq,37146 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || url,doc.emergingthreats.net/2010753 1 || 2010754 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter UPDATE SET SQL Injection Attempt || bugtraq,37146 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || url,doc.emergingthreats.net/2010754 1 || 2010755 || 4 || attempted-dos || 0 || ET DOS IBM DB2 kuddb2 Remote Denial of Service Attempt || url,www.securityfocus.com/bid/38018 || url,intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html || url,doc.emergingthreats.net/2010755 1 || 2010756 || 3 || trojan-activity || 0 || ET TROJAN Sasfis Botnet Client Reporting Back to Controller After Command Execution || url,www.fortiguard.com/analysis/sasfisanalysis.html || url,doc.emergingthreats.net/2010756 1 || 2010757 || 6 || not-suspicious || 0 || ET WEB_CLIENT VLC Media Player Aegisub Advanced SubStation (.ass) File Request flowbit set || url,doc.emergingthreats.net/2010757 1 || 2010758 || 5 || attempted-user || 0 || ET WEB_CLIENT VLC Media Player .ass File Buffer Overflow Attempt || url,www.securityfocus.com/bid/37832/info || url,doc.emergingthreats.net/2010758 1 || 2010759 || 2 || attempted-admin || 0 || ET EXPLOIT Xerox WorkCentre PJL Daemon Buffer Overflow Attempt || url,www.securityfocus.com/bid/38010 || url,doc.emergingthreats.net/2010759 1 || 2010760 || 6 || attempted-user || 0 || ET ACTIVEX Possible Gracenote CDDBControl ActiveX Control ViewProfile Method Heap Buffer Overflow Attempt || url,www.securityfocus.com/bid/37834 || url,doc.emergingthreats.net/2010760 1 || 2010761 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery Attempt || url,www.securityfocus.com/bid/37843 || url,doc.emergingthreats.net/2010761 1 || 2010762 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand Attempt || url,www.securityfocus.com/bid/37843 || url,doc.emergingthreats.net/2010762 1 || 2010763 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery Ping UserCommand Attempt || url,www.securityfocus.com/bid/37843 || url,doc.emergingthreats.net/2010763 1 || 2010765 || 5 || trojan-activity || 0 || ET TROJAN Zalupko/Koceg/Mandaph HTTP Checkin (2) || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Backdoor%3aWin32%2fKoceg.gen!B || url,www.symantec.com/security_response/writeup.jsp?docid=2008-042816-0445-99&tabid=2 || url,www.threatexpert.com/report.aspx?md5=b2aad8e259cbfdd2ba1fcbf22bcee2e9 || url,doc.emergingthreats.net/2010765 1 || 2010766 || 11 || bad-unknown || 0 || ET POLICY Proxy TRACE Request - inbound || url,doc.emergingthreats.net/2010766 1 || 2010767 || 9 || bad-unknown || 0 || ET POLICY TRACE Request - outbound || url,doc.emergingthreats.net/2010767 1 || 2010768 || 5 || bad-unknown || 0 || ET SCAN Open-Proxy ScannerBot (webcollage-UA) || url, stateofsecurity.com/?p=526 || url,www.botsvsbrowsers.com/details/214715/index.html || url,doc.emergingthreats.net/2010768 1 || 2010770 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HP System Management Homepage Input Validation Cross Site Scripting Attempt || url,h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000727 || cve,2009-4185 || url,doc.emergingthreats.net/2010770 1 || 2010771 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro view_messages.php row_y5_site_configuration Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010771 1 || 2010772 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro view_blog_comments.php Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010772 1 || 2010773 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro view_blog_archives.php Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010773 1 || 2010774 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro add_comments.php row_y5_site_configuration Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010774 1 || 2010775 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro downloads.php row_y5_site_configuration Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010775 1 || 2010776 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro emailsender.php row_y5_site_configuration Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010776 1 || 2010777 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro left_menu.php row_y5_site_configuration Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010777 1 || 2010778 || 6 || attempted-user || 0 || ET ACTIVEX HP Mercury Quality Center ActiveX ProgColor Buffer Overflow Attempt -1 || url,secunia.com/advisories/24692/ || url,www.packetstormsecurity.nl/0911-exploits/hpmqc_progcolor.rb.txt || url,www.kb.cert.org/vuls/id/589097 || url,doc.emergingthreats.net/2010778 1 || 2010779 || 6 || attempted-user || 0 || ET ACTIVEX HP Mercury Quality Center ActiveX ProgColor Buffer Overflow Attempt -2 || url,secunia.com/advisories/24692/ || url,www.packetstormsecurity.nl/0911-exploits/hpmqc_progcolor.rb.txt || url,www.kb.cert.org/vuls/id/589097 || url,doc.emergingthreats.net/2010779 1 || 2010780 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla mediaslide component viewer.php path Local File Inclusion Attempt || bugtraq,37440 || url,doc.emergingthreats.net/2010780 1 || 2010781 || 2 || suspicious-filename-detect || 0 || ET POLICY PsExec service created || url,xinn.org/Snort-psexec.html || url,doc.emergingthreats.net/2010781 1 || 2010782 || 2 || suspicious-filename-detect || 0 || ET POLICY RemoteControlX rctrlx service created || url,xinn.org/Snort-rctrlx.html || url,doc.emergingthreats.net/2010782 1 || 2010783 || 3 || suspicious-filename-detect || 0 || ET EXPLOIT GsecDump executed || url,xinn.org/Snort-gsecdump.html || url,doc.emergingthreats.net/2010783 1 || 2010784 || 4 || policy-violation || 0 || ET CHAT Facebook Chat (send message) || url,doc.emergingthreats.net/2010784 1 || 2010785 || 6 || policy-violation || 0 || ET CHAT Facebook Chat (buddy list) || url,doc.emergingthreats.net/2010785 1 || 2010786 || 4 || policy-violation || 0 || ET CHAT Facebook Chat (settings) || url,doc.emergingthreats.net/2010786 1 || 2010787 || 5 || trojan-activity || 0 || ET TROJAN Knockbot Proxy Response From Controller || url,www.malwaredomainlist.com/mdl.php?search=knock.php || url,doc.emergingthreats.net/2010787 1 || 2010788 || 5 || trojan-activity || 0 || ET TROJAN Knockbot Proxy Response From Controller (empty command) || url,www.malwaredomainlist.com/mdl.php?search=knock.php || url,doc.emergingthreats.net/2010788 1 || 2010789 || 5 || trojan-activity || 0 || ET DELETED SpyEye Bot Checkin || url,www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bot || url,www.symantec.com/business/security_response/writeup.jsp?docid=2010-020216-0135-99 || url,malwareint.blogspot.com/2010/01/spyeye-new-bot-on-market.html || url,www.threatexpert.com/report.aspx?md5=2b8a408b56eaf3ce0198c9d1d8a75ec0 || url,doc.emergingthreats.net/2010789 1 || 2010790 || 4 || trojan-activity || 0 || ET TROJAN Bredavi Configuration Update Response || url,doc.emergingthreats.net/2010790 1 || 2010791 || 3 || trojan-activity || 0 || ET DELETED Bredavi Checkin || url,doc.emergingthreats.net/2010791 1 || 2010794 || 7 || attempted-recon || 0 || ET WEB_SERVER DFind w00tw00t GET-Requests || url,doc.emergingthreats.net/2010794 1 || 2010795 || 8 || trojan-activity || 0 || ET ATTACK_RESPONSE Matahari client || url,doc.emergingthreats.net/2010795 1 || 2010796 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS MALWARE Unknown Malware Download Attempt || url,malwareurl.com || url,doc.emergingthreats.net/2010796 1 || 2010797 || 3 || policy-violation || 0 || ET POLICY Twitter Status Update || url,twitter.com || url,doc.emergingthreats.net/2010797 1 || 2010798 || 4 || attempted-user || 0 || ET WEB_CLIENT Possible Microsoft Internet Explorer URI Validation Remote Code Execution Attempt || url,www.securityfocus.com/bid/37884 || cve,2010-0027 || url,doc.emergingthreats.net/2010798 1 || 2010799 || 5 || attempted-user || 0 || ET WEB_CLIENT Possible Internet Explorer srcElement Memory Corruption Attempt || url,www.microsoft.com/technet/security/bulletin/ms10-002.mspx || url,tools.cisco.com/security/center/viewAlert.x?alertId=19726 || url,www.kb.cert.org/vuls/id/492515 || cve,2010-0249 || url,doc.emergingthreats.net/2010799 1 || 2010800 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F5 Data Manager DiagLogListActionBody.do Local File Inclusion Attempt || url,secunia.com/advisories/38113/ || url,doc.emergingthreats.net/2010800 1 || 2010801 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F5 Data Manager DiagCaptureFileListActionBody.do Local File Inclusion Attempt || url,secunia.com/advisories/38113/ || url,doc.emergingthreats.net/2010801 1 || 2010802 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F5 Data Manager ViewSatReport.do Local File Inclusion Attempt || url,secunia.com/advisories/38113/ || url,doc.emergingthreats.net/2010802 1 || 2010803 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F5 Data Manager DiagCaptureFileListActionBody.do capture parameter LFI Attempt || url,secunia.com/advisories/38113/ || url,doc.emergingthreats.net/2010803 1 || 2010804 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F5 Data Manager ViewInventoryErrorReport.do Local File Inclusion Attempt || url,secunia.com/advisories/38113/ || url,doc.emergingthreats.net/2010804 1 || 2010805 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_yelp Component cid Parameter SELECT FROM SQL Injection Attempt || bugtraq,38022 || url,doc.emergingthreats.net/2010805 1 || 2010806 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_yelp Component cid Parameter DELETE FROM SQL Injection Attempt || bugtraq,38022 || url,doc.emergingthreats.net/2010806 1 || 2010807 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_yelp Component cid Parameter UNION SELECT SQL Injection Attempt || bugtraq,38022 || url,doc.emergingthreats.net/2010807 1 || 2010808 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_yelp Component cid Parameter INSERT INTO SQL Injection Attempt || bugtraq,38022 || url,doc.emergingthreats.net/2010808 1 || 2010809 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_yelp Component cid Parameter UPDATE SET SQL Injection Attempt || bugtraq,38022 || url,doc.emergingthreats.net/2010809 1 || 2010813 || 5 || attempted-user || 0 || ET WEB_CLIENT VLC Media Player smb URI Handling Remote Buffer Overflow Attempt || url,www.securityfocus.com/bid/35500/info || url,doc.emergingthreats.net/2010813 1 || 2010814 || 5 || attempted-user || 0 || ET ACTIVEX Possible AOL 9.5 BindToFile Heap Overflow Attempt || url,tcc.hellcode.net/advisories/hellcode-adv008.txt || url,doc.emergingthreats.net/2010814 1 || 2010815 || 5 || misc-activity || 0 || ET POLICY Incoming Connection Attempt From Amazon EC2 Cloud || url,doc.emergingthreats.net/2010815 1 || 2010816 || 6 || misc-activity || 0 || ET POLICY Incoming UDP Packet From Amazon EC2 Cloud || url,doc.emergingthreats.net/2010816 1 || 2010817 || 3 || attempted-dos || 0 || ET DOS Possible Cisco ASA 5500 Series Adaptive Security Appliance Remote SIP Inspection Device Reload Denial of Service Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=19915 || cve,2010-0569 || url,doc.emergingthreats.net/2010817 1 || 2010818 || 4 || attempted-dos || 0 || ET DELETED Possible Cisco ASA 5500 Series Adaptive Security Appliance Remote SIP Inspection Device Reload Denial of Service Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=19915 || cve,2010-0569 || url,doc.emergingthreats.net/2010818 1 || 2010819 || 4 || policy-violation || 0 || ET CHAT Facebook Chat using XMPP || url,www.facebook.com/sitetour/chat.php || url,doc.emergingthreats.net/2010819 1 || 2010820 || 4 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .cgi source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2010820 1 || 2010821 || 3 || trojan-activity || 0 || ET TROJAN Java Downloader likely malicious payload download src=xrun || url,www.bluetack.co.uk/forums/lofiversion/index.php/t18462.html || url,doc.emergingthreats.net/2010821 1 || 2010822 || 5 || trojan-activity || 0 || ET TROJAN smain?scout=acxc Generic Download landing || url,www.bluetack.co.uk/forums/lofiversion/index.php/t18462.html || url,www.threatexpert.com/report.aspx?md5=513077916da4e86827a6000b40db95d5 || url,doc.emergingthreats.net/2010822 1 || 2010823 || 4 || trojan-activity || 0 || ET TROJAN Torpig Related Fake User-Agent (Apache (compatible...)) || url,doc.emergingthreats.net/2010823 1 || 2010824 || 4 || trojan-activity || 0 || ET DELETED Torpig Ping-Pong Keepalives Outbound || url,doc.emergingthreats.net/2010824 1 || 2010825 || 4 || trojan-activity || 0 || ET DELETED Torpig Ping-Pong Keepalives Inbound || url,doc.emergingthreats.net/2010825 1 || 2010826 || 3 || trojan-activity || 0 || ET TROJAN Torpig Initial CnC Connect on port 8392 || url,doc.emergingthreats.net/2010826 1 || 2010827 || 3 || trojan-activity || 0 || ET TROJAN Torpig CnC Connect on port 8392 || url,doc.emergingthreats.net/2010827 1 || 2010828 || 3 || trojan-activity || 0 || ET TROJAN Torpig CnC IP Report Command on port 8392 || url,doc.emergingthreats.net/2010828 1 || 2010829 || 3 || trojan-activity || 0 || ET TROJAN Torpig CnC Report Command on port 8392 || url,doc.emergingthreats.net/2010829 1 || 2010830 || 5 || trojan-activity || 0 || ET DELETED Unknown Dropper Checkin (2) || url,doc.emergingthreats.net/2010830 1 || 2010833 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla intuit component intuit.php approval Local File Inclusion Attempt || url,www.exploit-db.com/exploits/10730 || url,doc.emergingthreats.net/2010833 1 || 2010834 || 6 || attempted-user || 0 || ET ACTIVEX Windows Defender ActiveX DeleteValue/WriteValue method Heap Overflow Attempt || url,www.packetstormsecurity.org/1001-exploits/msdef1-overflow.txt || url,doc.emergingthreats.net/2010834 1 || 2010835 || 4 || attempted-user || 0 || ET ACTIVEX Windows Defender ActiveX DeleteValue method Remote Code Execution Function Call || url,www.packetstormsecurity.org/1001-exploits/msdef1-overflow.txt || url,doc.emergingthreats.net/2010835 1 || 2010837 || 4 || attempted-user || 0 || ET ACTIVEX Windows Defender ActiveX WriteValue method Remote Code Execution Function Call || url,www.packetstormsecurity.org/1001-exploits/msdef2-overflow.txt || url,doc.emergingthreats.net/2010837 1 || 2010838 || 6 || trojan-activity || 0 || ET TROJAN WScript/VBScript XMLHTTP downloader likely malicious get?src= || url,www.bluetack.co.uk/forums/lofiversion/index.php/t18462.html || url,doc.emergingthreats.net/2010838 1 || 2010839 || 6 || attempted-user || 0 || ET ACTIVEX Possible Rising Online Virus Scanner ActiveX Control Scan() Method Stack Buffer Overflow Attempt || url,www.securityfocus.com/bid/38282 || url,doc.emergingthreats.net/2010839 1 || 2010840 || 5 || attempted-user || 0 || ET ACTIVEX Viscom Software Movie Player Pro SDK ActiveX 6.8 Remote Buffer Overflow Attempt || url,en.securitylab.ru/poc/extra/389924.php || url,doc.emergingthreats.net/2010840 1 || 2010841 || 4 || attempted-user || 0 || ET WEB_CLIENT DX Studio Player Firefox Plug-in Command Injection Attempt || cve,2009-2011 || url,doc.emergingthreats.net/2010841 1 || 2010842 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_avosbillets Component id Parameter UPDATE SET SQL Injection Attempt || bugtraq,37576 || url,doc.emergingthreats.net/2010842 1 || 2010843 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_avosbilletsy Component id Parameter SELECT FROM SQL Injection Attempt || bugtraq,37576 || url,doc.emergingthreats.net/2010843 1 || 2010844 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_avosbillets Component id Parameter DELETE FROM SQL Injection Attempt || bugtraq,37576 || url,doc.emergingthreats.net/2010844 1 || 2010845 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_avosbillets Component id Parameter UNION SELECT SQL Injection Attempt || bugtraq,37576 || url,doc.emergingthreats.net/2010845 1 || 2010846 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_avosbillets Component id Parameter INSERT INTO SQL Injection Attempt || bugtraq,37576 || url,doc.emergingthreats.net/2010846 1 || 2010847 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS com_if_nexus controller Parameter Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10754 || url,doc.emergingthreats.net/2010847 1 || 2010848 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla morfeoshow morfeoshow.html.php Remote File Inclusion Attempt || url,secdb.4sec.org/?s1=exp&sid=18773 || url,doc.emergingthreats.net/2010848 1 || 2010851 || 4 || web-application-attack || 0 || ET ACTIVEX Logitech VideoCall ActiveX Start method buffer overflow Attempt || url,osvdb.org/36820 || url,www.packetstormsecurity.nl/0911-exploits/logitechvideocall_start.rb.txt || url,www.kb.cert.org/vuls/id/330289 || url,doc.emergingthreats.net/2010851 1 || 2010852 || 4 || web-application-attack || 0 || ET ACTIVEX WinDVD7 IASystemInfo.DLL ActiveX ApplicationType method buffer overflow Attempt || url,www.packetstormsecurity.nl/0911-exploits/windvd7_applicationtype.rb.txt || url,secunia.com/advisories/24556/ || url,doc.emergingthreats.net/2010852 1 || 2010853 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_job Component id_job Parameter SELECT FROM SQL Injection Attempt || url,packetstorm.foofus.com/1002-exploits/joomlajobcom-sql.txt || url,doc.emergingthreats.net/2010853 1 || 2010854 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_job Component id_job Parameter DELETE FROM SQL Injection Attempt || url,packetstorm.foofus.com/1002-exploits/joomlajobcom-sql.txt || url,doc.emergingthreats.net/2010854 1 || 2010855 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_job Component id_job Parameter UNION SELECT SQL Injection Attempt || url,packetstorm.foofus.com/1002-exploits/joomlajobcom-sql.txt || url,doc.emergingthreats.net/2010855 1 || 2010856 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_job Component id_job Parameter INSERT INTO SQL Injection Attempt || url,packetstorm.foofus.com/1002-exploits/joomlajobcom-sql.txt || url,doc.emergingthreats.net/2010856 1 || 2010857 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_job Component id_job Parameter UPDATE SET SQL Injection Attempt || url,packetstorm.foofus.com/1002-exploits/joomlajobcom-sql.txt || url,doc.emergingthreats.net/2010857 1 || 2010859 || 5 || trojan-activity || 0 || ET DELETED Gh0st Trojan CnC || url,doc.emergingthreats.net/2010859 1 || 2010860 || 5 || trojan-activity || 0 || ET DELETED Gh0st Trojan CnC Response || url,doc.emergingthreats.net/2010860 1 || 2010861 || 7 || trojan-activity || 0 || ET DELETED Zeus Bot Request to CnC || url,doc.emergingthreats.net/2010861 1 || 2010862 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible APC Network Management Card Cross Site Scripting Attempt || cve,2009-1798 || url,doc.emergingthreats.net/2010862 1 || 2010863 || 6 || web-application-attack || 0 || ET WEB_SERVER LANDesk Command Injection Attempt || url,www.coresecurity.com/content/landesk-csrf-vulnerability || cve,2010-0369 || url,doc.emergingthreats.net/2010863 1 || 2010864 || 6 || web-application-attack || 0 || ET WEB_SERVER HP OpenView /OvCgi/Toolbar.exe Accept Language Heap Buffer Overflow Attempt || cve,2009-0921 || url,doc.emergingthreats.net/2010864 1 || 2010865 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Possible Lotus Domino readme.nsf Cross Site Scripting Attempt || url,www.securityfocus.com/bid/38481 || url,doc.emergingthreats.net/2010865 1 || 2010866 || 4 || trojan-activity || 0 || ET DELETED Hostile domain, NeoSploit FakeAV google.analytics.com.*.info || url,www.malwaredomainlist.com/forums/index.php?action=printpage#-#-topic=3781.0 || url,doc.emergingthreats.net/2010866 1 || 2010867 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Potential FakeAV download Setup_103s1 or Setup_207 variant || url,www.prevx.com/avgraph/1/AVG.html || url,doc.emergingthreats.net/2010867 1 || 2010868 || 6 || bad-unknown || 0 || ET MALWARE Incorrectly formatted User-Agent string (dashes instead of semicolons) Likely Hostile || url,doc.emergingthreats.net/2010868 1 || 2010869 || 3 || policy-violation || 0 || ET DELETED PE EXE or DLL Windows file download (2) || url,doc.emergingthreats.net/2010869 1 || 2010870 || 6 || trojan-activity || 0 || ET DELETED NeoSploit Exploit Kit Java exploit drive-by host likely infected (kav) || url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0 || url,doc.emergingthreats.net/2010870 1 || 2010871 || 6 || trojan-activity || 0 || ET DELETED NeoSploit Exploit Kit Java exploit drive-by host likely infected (nte) || url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0 || url,doc.emergingthreats.net/2010871 1 || 2010872 || 5 || trojan-activity || 0 || ET TROJAN Pragma hack Detected Outbound - Likely Infected Source || url,doc.emergingthreats.net/2010872 1 || 2010873 || 5 || not-suspicious || 0 || ET DELETED Opera User-Agent Flowbit Set || url,doc.emergingthreats.net/2010873 1 || 2010875 || 7 || trojan-activity || 0 || ET TROJAN Blackenergy Bot Checkin to C&C (2) || url,doc.emergingthreats.net/2010875 1 || 2010876 || 5 || attempted-user || 0 || ET DELETED Foxit PDF Reader Buffer Overflow Attempt || url,www.coresecurity.com/content/foxit-reader-vulnerabilities#lref.4 || cve,2009-0837 || url,doc.emergingthreats.net/2010876 1 || 2010877 || 3 || attempted-user || 0 || ET EXPLOIT Possible SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt || url,www.securityfocus.com/bid/38578 || url,seclists.org/fulldisclosure/2010/Mar/140 || url,doc.emergingthreats.net/2010877 1 || 2010878 || 6 || attempted-user || 0 || ET EXPLOIT Possible Foxit PDF Reader Authentication Bypass Attempt || url,www.coresecurity.com/content/foxit-reader-vulnerabilities#lref.4 || cve,2009-0836 || url,doc.emergingthreats.net/2010878 1 || 2010879 || 4 || misc-activity || 0 || ET DELETED Hex Obfuscated arguments.callee Javascript Method in PDF Possibly Hostile PDF || url,doc.emergingthreats.net/2010879 1 || 2010880 || 3 || misc-activity || 0 || ET DELETED Possible Hex Obfuscation of Javascript Declaration Within PDF File - Likely Hostile || url,doc.emergingthreats.net/2010880 1 || 2010881 || 6 || bad-unknown || 0 || ET WEB_CLIENT PDF With Unescape Method Defined Possible Hostile Obfuscation Attempt || url,isc.sans.org/diary.html?storyid=7903 || url,isc.sans.org/diary.html?storyid=7906 || url,doc.emergingthreats.net/2010881 1 || 2010882 || 8 || misc-activity || 0 || ET POLICY PDF File Containing Javascript 1 || 2010883 || 5 || misc-activity || 0 || ET POLICY PDF File Containing arguments.callee in Cleartext - Likely Hostile || url,isc.sans.org/diary.html?storyid=1519 || url,isc.sans.org/diary.html?storyid=7906 || url,doc.emergingthreats.net/2010883 1 || 2010884 || 4 || misc-activity || 0 || ET DELETED .pdf File Possibly Containing Basic Hex Obfuscation || url,isc.sans.org/diary.html?storyid=7903 || url,isc.sans.org/diary.html?storyid=7906 || url,doc.emergingthreats.net/2010884 1 || 2010885 || 8 || trojan-activity || 0 || ET TROJAN BlackEnergy v2.x HTTP Request with Encrypted Variables || url,www.secureworks.com/research/threats/blackenergy2/?threat=blackenergy2 || url,doc.emergingthreats.net/2010885 1 || 2010886 || 6 || trojan-activity || 0 || ET TROJAN BlackEnergy v2.x Plugin Download Request || url,www.secureworks.com/research/threats/blackenergy2/?threat=blackenergy2 || url,doc.emergingthreats.net/2010886 1 || 2010888 || 7 || trojan-activity || 0 || ET TROJAN Generic Downloader checkin (3) || url,doc.emergingthreats.net/2010888 1 || 2010889 || 3 || trojan-activity || 0 || ET USER_AGENTS Win32.Tdss User Agent Detected (Mozzila) || url,doc.emergingthreats.net/2010889 1 || 2010890 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS phpBB3 registration (Step1 GET) || url,doc.emergingthreats.net/2010890 1 || 2010891 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS phpBB3 registration (Step2 POST) || url,doc.emergingthreats.net/2010891 1 || 2010892 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS phpBB3 registration (Step3 GET) || url,doc.emergingthreats.net/2010892 1 || 2010893 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS phpBB3 registration (Step4 POST) || url,doc.emergingthreats.net/2010893 1 || 2010894 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB3 Brute-Force reg attempt (Bad pf_XXXXX) || url,doc.emergingthreats.net/2010894 1 || 2010895 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB3 Brute-Force reg attempt (Bad pf_XXXXX) || url,doc.emergingthreats.net/2010895 1 || 2010896 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB3 Brute-Force reg attempt (Bad flow 2) || url,doc.emergingthreats.net/2010896 1 || 2010897 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB3 Brute-Force reg attempt (Bad flow 2) || url,doc.emergingthreats.net/2010897 1 || 2010898 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB3 registration (Bogus Stage3 GET) || url,doc.emergingthreats.net/2010898 1 || 2010899 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS phpBB3 multiple login attempts || url,doc.emergingthreats.net/2010899 1 || 2010900 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB3 possible spammer posting attempts || url,doc.emergingthreats.net/2010900 1 || 2010901 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Potential FakeAV download ASetup_2009.exe variant || url,www.prevx.com/avgraph/1/AVG.html || url,doc.emergingthreats.net/2010901 1 || 2010902 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMyAdmin Remote Code Execution Proof of Concept (p=) || url,www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/ || url,doc.emergingthreats.net/2010902 1 || 2010903 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMyAdmin Remote Code Execution Proof of Concept (c=) || url,www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/ || url,doc.emergingthreats.net/2010903 1 || 2010904 || 7 || bad-unknown || 0 || ET MALWARE Fake Mozilla User-Agent (Mozilla/0.xx) Inbound || url,doc.emergingthreats.net/2010904 1 || 2010905 || 7 || bad-unknown || 0 || ET MALWARE Fake Mozilla UA Outbound (Mozilla/0.xx) || url,doc.emergingthreats.net/2010905 1 || 2010906 || 5 || bad-unknown || 0 || ET USER_AGENTS badly formatted User-Agent string (no closing parenthesis) || url,doc.emergingthreats.net/2010906 1 || 2010908 || 5 || trojan-activity || 0 || ET MALWARE Mozilla User-Agent (Mozilla/5.0) Inbound Likely Fake || url,doc.emergingthreats.net/2010908 1 || 2010909 || 2 || trojan-activity || 0 || ET TROJAN Arucer Command Execution || url,doc.emergingthreats.net/2010909 1 || 2010910 || 2 || trojan-activity || 0 || ET TROJAN Arucer DIR Listing || url,doc.emergingthreats.net/2010910 1 || 2010911 || 2 || trojan-activity || 0 || ET TROJAN Arucer WRITE FILE command || url,doc.emergingthreats.net/2010911 1 || 2010912 || 2 || trojan-activity || 0 || ET TROJAN Arucer READ FILE Command || url,doc.emergingthreats.net/2010912 1 || 2010913 || 2 || trojan-activity || 0 || ET TROJAN Arucer NOP Command || url,doc.emergingthreats.net/2010913 1 || 2010914 || 2 || trojan-activity || 0 || ET TROJAN Arucer FIND FILE Command || url,doc.emergingthreats.net/2010914 1 || 2010915 || 2 || trojan-activity || 0 || ET TROJAN Arucer YES Command || url,doc.emergingthreats.net/2010915 1 || 2010916 || 2 || trojan-activity || 0 || ET TROJAN Arucer ADD RUN ONCE Command || url,doc.emergingthreats.net/2010916 1 || 2010917 || 2 || trojan-activity || 0 || ET TROJAN Arucer DEL FILE Command || url,doc.emergingthreats.net/2010917 1 || 2010918 || 6 || trojan-activity || 0 || ET DELETED Paymilon-A HTTP POST || url,www.sophos.com/security/analyses/viruses-and-spyware/malpaymilona.html || url,doc.emergingthreats.net/2010918 1 || 2010919 || 3 || web-application-attack || 0 || ET WEB_SERVER HP LaserJet Printer Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=148 || cve,2009-2684 || url,doc.emergingthreats.net/2010919 1 || 2010920 || 7 || web-application-attack || 0 || ET WEB_SERVER Exploit Suspected PHP Injection Attack (cmd=) || cve,2002-0953 || url,doc.emergingthreats.net/2010920 1 || 2010921 || 3 || web-application-attack || 0 || ET ACTIVEX Ask.com Toolbar askBar.dll ActiveX ShortFormat Buffer Overflow Attempt || url,www.packetstormsecurity.nl/0911-exploits/ask_shortformat.rb.txt || url,secunia.com/advisories/26960/ || url,doc.emergingthreats.net/2010921 1 || 2010922 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SaurusCMS class.writeexcel_workbook.inc.php class_path Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/saurus-rfi.txt || url,doc.emergingthreats.net/2010922 1 || 2010923 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SaurusCMS class.writeexcel_worksheet.inc.php class_path Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/saurus-rfi.txt || url,doc.emergingthreats.net/2010923 1 || 2010924 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter SELECT FROM SQL Injection Attempt || url,www.exploit-db.com/exploits/11103 || url,doc.emergingthreats.net/2010924 1 || 2010925 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter DELETE FROM SQL Injection Attempt || url,www.exploit-db.com/exploits/11103 || url,doc.emergingthreats.net/2010925 1 || 2010926 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter UNION SELECT SQL Injection Attempt || url,www.exploit-db.com/exploits/11103 || url,doc.emergingthreats.net/2010926 1 || 2010927 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter INSERT INTO SQL Injection Attempt || url,www.exploit-db.com/exploits/11103 || url,doc.emergingthreats.net/2010927 1 || 2010928 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter UPDATE SET SQL Injection Attempt || url,www.exploit-db.com/exploits/11103 || url,doc.emergingthreats.net/2010928 1 || 2010929 || 6 || attempted-user || 0 || ET ACTIVEX Foxit Reader ActiveX control OpenFile method Heap Overflow Attempt || url,www.exploit-db.com/exploits/11196 || url,doc.emergingthreats.net/2010929 1 || 2010930 || 4 || attempted-user || 0 || ET ACTIVEX Foxit Reader ActiveX OpenFile method Remote Code Execution Function Call || url,www.exploit-db.com/exploits/11196 || url,doc.emergingthreats.net/2010930 1 || 2010931 || 7 || attempted-user || 0 || ET WEB_CLIENT Possible IE iepeers.dll Use-after-free Code Execution Attempt || url,www.rec-sec.com/2010/03/10/internet-explorer-iepeers-use-after-free-exploit/ || url,tools.cisco.com/security/center/viewAlert.x?alertId=20052 || url,www.microsoft.com/technet/security/bulletin/ms10-018.mspx || url,www.kb.cert.org/vuls/id/744549 || cve,2010-0806 || url,doc.emergingthreats.net/2010931 1 || 2010932 || 5 || trojan-activity || 0 || ET TROJAN Dropper Checkin 2 (often scripts.dlv4.com related) || url,doc.emergingthreats.net/2010932 1 || 2010934 || 5 || trojan-activity || 0 || ET MALWARE Infobox3 Spyware User-Agent (InfoBox) || url,doc.emergingthreats.net/2010934 1 || 2010935 || 2 || bad-unknown || 0 || ET POLICY Suspicious inbound to MSSQL port 1433 || url,doc.emergingthreats.net/2010935 1 || 2010936 || 2 || bad-unknown || 0 || ET POLICY Suspicious inbound to Oracle SQL port 1521 || url,doc.emergingthreats.net/2010936 1 || 2010937 || 2 || bad-unknown || 0 || ET POLICY Suspicious inbound to mySQL port 3306 || url,doc.emergingthreats.net/2010937 1 || 2010938 || 2 || bad-unknown || 0 || ET POLICY Suspicious inbound to mSQL port 4333 || url,doc.emergingthreats.net/2010938 1 || 2010939 || 2 || bad-unknown || 0 || ET POLICY Suspicious inbound to PostgreSQL port 5432 || url,doc.emergingthreats.net/2010939 1 || 2010941 || 1 || attempted-user || 0 || ET EXPLOIT Possible Sendmail SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt || url,www.securityfocus.com/bid/38578 || url,seclists.org/fulldisclosure/2010/Mar/140 || url,doc.emergingthreats.net/2010941 1 || 2010942 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_jcollection controller Parameter Local File Inclusion Attempt || url,www.exploit-db.com/exploits/11088 || url,doc.emergingthreats.net/2010942 1 || 2010943 || 2 || web-application-attack || 0 || ET ACTIVEX SoftCab Sound Converter ActiveX SaveFormat File overwrite Attempt || url,secunia.com/advisories/37967/ || url,doc.emergingthreats.net/2010943 1 || 2010944 || 2 || attempted-user || 0 || ET ACTIVEX Viscom Movie Player Pro SDK ActiveX DrawText method Buffer Overflow Function Call || url,www.shinnai.net/exploits/X6hU4E0E7P5H3qH5yXrn.txt || url,secunia.com/advisories/38156/ || url,doc.emergingthreats.net/2010944 1 || 2010945 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Yahoo CD Player ActiveX Open Stack Overflow Attempt || url,www.shinnai.net/exploits/pD9YWswsoR3EIcE9bf3N.txt || url,doc.emergingthreats.net/2010945 1 || 2010946 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Yahoo CD Player ActiveX Open Stack Overflow Function Call || url,www.shinnai.net/exploits/pD9YWswsoR3EIcE9bf3N.txt || url,doc.emergingthreats.net/2010946 1 || 2010947 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_hdflvplayer Component id Parameter SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/38691/ || url,doc.emergingthreats.net/2010947 1 || 2010948 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_hdflvplayer Component id Parameter DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/38691/ || url,doc.emergingthreats.net/2010948 1 || 2010949 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_hdflvplayer Component id Parameter UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/38691/ || url,doc.emergingthreats.net/2010949 1 || 2010950 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_hdflvplayer Component id Parameter INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/38691/ || url,doc.emergingthreats.net/2010950 1 || 2010951 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_hdflvplayer Component id Parameter UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/38691/ || url,doc.emergingthreats.net/2010951 1 || 2010952 || 4 || policy-violation || 0 || ET DELETED facebook activity || url,compnetworking.about.com/od/traceipaddresses/f/facebook-ip-address.htm || url,doc.emergingthreats.net/2010952 1 || 2010953 || 3 || attempted-recon || 0 || ET SCAN Skipfish Web Application Scan Detected || url,isc.sans.org/diary.html?storyid=8467 || url,code.google.com/p/skipfish/ || url,doc.emergingthreats.net/2010953 1 || 2010954 || 4 || network-scan || 0 || ET SCAN crimscanner User-Agent detected || url,doc.emergingthreats.net/2010954 1 || 2010956 || 3 || attempted-recon || 0 || ET SCAN Skipfish Web Application Scan Detected (2) || url,isc.sans.org/diary.html?storyid=8467 || url,code.google.com/p/skipfish/ || url,doc.emergingthreats.net/2010956 1 || 2010957 || 6 || attempted-user || 0 || ET ACTIVEX SAP GUI SAPBExCommonResources ActiveX Insecure Method Code Execution Attempt || url,dsecrg.com/pages/vul/show.php?id=164 || url,doc.emergingthreats.net/2010957 1 || 2010958 || 5 || attempted-user || 0 || ET ACTIVEX Possible Symantec Antivirus 10.0 Client Proxy ActiveX Control Buffer Overflow Attempt || url,www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02 || url,dsecrg.com/pages/vul/show.php?id=139 || cve,2010-0108 || url,doc.emergingthreats.net/2010958 1 || 2010959 || 4 || attempted-user || 0 || ET ACTIVEX Possible Symantec Antivirus 10.0 Client Proxy ActiveX Control Buffer Overflow Function Call Attempt || url,www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02 || url,dsecrg.com/pages/vul/show.php?id=139 || cve,2010-0108 || url,doc.emergingthreats.net/2010959 1 || 2010960 || 3 || attempted-recon || 0 || ET SCAN WhatWeb Web Application Fingerprint Scanner Default User-Agent Detected || url,www.morningstarsecurity.com/research/whatweb || url,doc.emergingthreats.net/2010960 1 || 2010961 || 5 || attempted-user || 0 || ET WEB_CLIENT Wscript Shell Run Attempt - Likely Hostile || url,msdn.microsoft.com/en-us/library/d5fk67ky(VS.85).aspx || url,doc.emergingthreats.net/2010961 1 || 2010962 || 6 || attempted-user || 0 || ET ACTIVEX AOL 9.5 Phobos.Playlist Import ActiveX Buffer Overflow Attempt || url,www.rec-sec.com/2010/01/25/aol-playlist-class-buffer-overflow/ || url,doc.emergingthreats.net/2010962 1 || 2010963 || 4 || web-application-attack || 0 || ET WEB_SERVER SELECT USER SQL Injection Attempt in URI || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2010963 1 || 2010964 || 3 || web-application-attack || 0 || ET WEB_SERVER SHOW CHARACTER SET SQL Injection Attempt in URI || url,en.wikipedia.org/wiki/SQL_injection || url,dev.mysql.com/doc/refman/5.0/en/show-character-set.html || url,doc.emergingthreats.net/2010964 1 || 2010965 || 3 || web-application-attack || 0 || ET WEB_SERVER SHOW VARIABLES SQL Injection Attempt in URI || url,en.wikipedia.org/wiki/SQL_injection || url,dev.mysql.com/doc/refman/5.1/en/server-system-variables.html || url,doc.emergingthreats.net/2010965 1 || 2010966 || 3 || web-application-attack || 0 || ET WEB_SERVER SHOW CURDATE/CURTIME SQL Injection Attempt in URI || url,en.wikipedia.org/wiki/SQL_injection || url,dev.mysql.com/doc/refman/5.1/en/date-and-time-functions.html#function_curdate || url,dev.mysql.com/doc/refman/5.1/en/date-and-time-functions.html#function_curtime || url,doc.emergingthreats.net/2010966 1 || 2010967 || 3 || web-application-attack || 0 || ET WEB_SERVER SHOW TABLES SQL Injection Attempt in URI || url,en.wikipedia.org/wiki/SQL_injection || url,dev.mysql.com/doc/refman/4.1/en/show-tables.html || url,doc.emergingthreats.net/2010967 1 || 2010968 || 7 || attempted-user || 0 || ET WEB_CLIENT Possible Foxit/Adobe PDF Reader Launch Action Remote Code Execution Attempt || url,www.kb.cert.org/vuls/id/570177 || url,www.h-online.com/security/news/item/Criminals-attempt-to-exploit-unpatched-hole-in-Adobe-Reader-979286.html || url,www.sudosecure.net/archives/673 || url,www.h-online.com/security/news/item/Adobe-issues-official-workaround-for-PDF-vulnerability-971932.html || url,blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/ || url,www.m86security.com/labs/i/PDF-Launch-Feature-Used-to-Install-Zeus,trace.1301~.asp || url,doc.emergingthreats.net/2010968 1 || 2010969 || 3 || policy-violation || 0 || ET POLICY Possible ProxyShell Anonymous Access Connection || url,doc.emergingthreats.net/2010969 1 || 2010970 || 3 || web-application-attack || 0 || ET WEB_SERVER HP OpenView Network Node Manager OvWebHelp.exe Heap Buffer Overflow Attempt || cve,2009-4178 || url,doc.emergingthreats.net/2010970 1 || 2010972 || 3 || policy-violation || 0 || ET POLICY Possible ProxyShell Hide IP Installation file download || url,www.browserdefender.com/file/484661/site/putas18.info/ || url,doc.emergingthreats.net/2010792 1 || 2010973 || 4 || trojan-activity || 0 || ET TROJAN Vobfus/Changeup/Chinky Download Command || url,doc.emergingthreats.net/2010973 || url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=beb8bc1ba5dbd8de0761ef362bc8b0a4 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fVobfus || url,www.symantec.com/security_response/writeup.jsp?docid=2009-081806-2906-99&tabid=2 || url,www.symantec.com/connect/blogs/w32changeup-threat-profile || url,www.threatexpert.com/report.aspx?md5=f8880b851ea5ed92dd97657574fb4f70 1 || 2010975 || 5 || trojan-activity || 0 || ET TROJAN Unruy Downloader Checkin || url,ddanchev.blogspot.com/2010/03/copyright-lawsuit-filed-against-you.html || url,isc.sans.org/diary.html?storyid=8497 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.STM&VSect=T || url,doc.emergingthreats.net/2010975 1 || 2010976 || 5 || attempted-user || 0 || ET WEB_SPECIFIC_APPS JcomBand toolbar ActiveX Control isRegistered Property Buffer Overflow Attempt || url,www.exploit-db.com/exploits/11059 || url,secunia.com/advisories/38081/ || url,doc.emergingthreats.net/2010976 1 || 2010977 || 5 || attempted-user || 0 || ET ACTIVEX AOL 9.5 ActiveX control Import method Heap Overflow Attempt || url,www.exploit-db.com/exploits/11204 || url,doc.emergingthreats.net/2010977 1 || 2010978 || 5 || attempted-user || 0 || ET ACTIVEX IE ActiveX control Exec method Remote code execution Attempt || url,www.packetstormsecurity.org/1001-exploits/wshomocx-activex.txt || url,doc.emergingthreats.net/2010978 1 || 2010979 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ispCP Omega admin1.template.php Remote File Inclusion Attempt || url,packetstorm.foofus.com/1003-exploits/ispcp-rfi.txt || bugtraq,38644 || url,doc.emergingthreats.net/2010979 1 || 2010980 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM ENOVIA SmarTeam v5 LoginPage.aspx Cross Site Scripting Attempt || url,packetstorm.foofus.com/1003-exploits/ibmenovia-xss.txt || url,doc.emergingthreats.net/2010980 1 || 2010981 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_quicknews Component newsid Parameter SELECT FROM SQL Injection Attempt || bugtraq,37161 || url,doc.emergingthreats.net/2010981 1 || 2010982 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_quicknews Component newsid Parameter DELETE FROM SQL Injection Attempt || bugtraq,37161 || url,doc.emergingthreats.net/2010982 1 || 2010983 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_quicknews Component newsid Parameter UNION SELECT SQL Injection Attempt || bugtraq,37161 || url,doc.emergingthreats.net/2010983 1 || 2010984 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_quicknews Component newsid Parameter INSERT INTO SQL Injection Attempt || bugtraq,37161 || url,doc.emergingthreats.net/2010984 1 || 2010985 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_quicknews Component newsid Parameter UPDATE SET SQL Injection Attempt || bugtraq,37161 || url,doc.emergingthreats.net/2010985 1 || 2010986 || 6 || attempted-user || 0 || ET ACTIVEX AOLShare ActiveX AppString method denial of service Attempt || url,packetstorm.foofus.com/1001-exploits/aolactivex-dos.txt || url,doc.emergingthreats.net/2010986 1 || 2010987 || 4 || attempted-user || 0 || ET ACTIVEX AOLShare ActiveX AppString method denial of service Function Call || url,packetstorm.foofus.com/1001-exploits/aolactivex-dos.txt || url,doc.emergingthreats.net/2010987 1 || 2010988 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CommonSpot Server longproc.cfm Cross Site Scripting Attempt || bugtraq,37986 || url,doc.emergingthreats.net/2010988 1 || 2010989 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_ccnewsletter controller Parameter Local File Inclusion Attempt || bugtraq,37987 || url,doc.emergingthreats.net/2010989 1 || 2010990 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla SQL Reports user_id Parameter SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/38678/ || url,doc.emergingthreats.net/2010990 1 || 2010991 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla SQL Reports user_id Parameter DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/38678/ || url,doc.emergingthreats.net/2010991 1 || 2010992 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla SQL Reports user_id Parameter UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/38678/ || url,doc.emergingthreats.net/2010992 1 || 2010993 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla SQL Reports user_id Parameter INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/38678/ || url,doc.emergingthreats.net/2010993 1 || 2010994 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla SQL Reports user_id Parameter UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/38678/ || url,doc.emergingthreats.net/2010994 1 || 2010995 || 4 || attempted-user || 0 || ET ACTIVEX BaoFeng Storm mps.dll ActiveX OnBeforeVideoDownload Buffer Overflow Function Call || bugtraq,34789 || url,doc.emergingthreats.net/2010995 1 || 2010996 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_communitypolls controller Parameter Local File Inclusion Attempt || url,www.exploit-db.com/exploits/11511 || url,doc.emergingthreats.net/2010996 1 || 2010997 || 6 || attempted-user || 0 || ET ACTIVEX Hyleos ChemView ActiveX Control SaveasMolFile Method Buffer Overflow Attempt || url,www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf || url,secunia.com/advisories/38523/ || url,doc.emergingthreats.net/2010997 1 || 2010998 || 6 || attempted-user || 0 || ET ACTIVEX Hyleos ChemView ActiveX Control ReadMolFile Method Buffer Overflow Attempt || url,www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf || url,secunia.com/advisories/38523/ || url,doc.emergingthreats.net/2010998 1 || 2010999 || 4 || attempted-user || 0 || ET ACTIVEX Hyleos ChemView ActiveX Buffer Overflow Function Call || url,www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf || url,secunia.com/advisories/38523/ || url,doc.emergingthreats.net/2010999 1 || 2011000 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Worksystems linkbar.php cfile Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10676 || url,doc.emergingthreats.net/2011000 1 || 2011001 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rsgallery2 Component catid Parameter SELECT FROM SQL Injection Attempt || bugtraq,38009 || url,doc.emergingthreats.net/2011001 1 || 2011002 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rsgallery2 Component catid Parameter DELETE FROM SQL Injection Attempt || bugtraq,38009 || url,doc.emergingthreats.net/2011002 1 || 2011003 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rsgallery2 Component catid Parameter UNION SELECT SQL Injection Attempt || bugtraq,38009 || url,doc.emergingthreats.net/2011003 1 || 2011004 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rsgallery2 Component catid Parameter INSERT INTO SQL Injection Attempt || bugtraq,38009 || url,doc.emergingthreats.net/2011004 1 || 2011005 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rsgallery2 Component catid Parameter UPDATE SET SQL Injection Attempt || bugtraq,38009 || url,doc.emergingthreats.net/2011005 1 || 2011006 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress NextGEN Gallery Plugin Cross Site Scripting Attempt || url,www.coresecurity.com/content/nextgen-gallery-xss-vulnerability || cve,2010-1186 || url,doc.emergingthreats.net/2011006 1 || 2011007 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft Internet Explorer Tabular DataURL ActiveX Control Memory Corruption Attempt || url,securitytracker.com/alerts/2010/Mar/1023773.html || url,tools.cisco.com/security/center/viewAlert.x?alertId=20202 || url,www.metasploit.com/redmine/projects/framework/repository/revisions/9018/entry/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb || url,www.microsoft.com/technet/security/bulletin/ms10-018.mspx || url,www.vupen.com/english/advisories/2010/0744 || url,www.kb.cert.org/vuls/id/744549 || cve,2010-0805 || url,doc.emergingthreats.net/2011007 1 || 2011008 || 4 || misc-activity || 0 || ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF || url,www.symantec.com/connect/blogs/journey-center-pdf-stream || url,doc.emergingthreats.net/2011008 1 || 2011009 || 5 || bad-unknown || 0 || ET DELETED Java JAR PROPFIND via DAV possible alternative JVM exploit || url,blogs.zdnet.com/security/?p=6082 || url,doc.emergingthreats.net/2011009 1 || 2011010 || 5 || attempted-user || 0 || ET ACTIVEX Possible Java Deployment Toolkit CSLID Command Execution Attempt || url,seclists.org/fulldisclosure/2010/Apr/119 || url,doc.emergingthreats.net/2011010 1 || 2011011 || 2 || attempted-admin || 0 || ET SNMP Attempted UDP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String ILMI || url,www.cisco.com/warp/public/707/cisco-sa-20010228-ios-snmp-community.shtml || url,www.cisco.com/warp/public/707/cisco-sa-20010227-ios-snmp-ilmi.shtml || url,doc.emergingthreats.net/2011011 1 || 2011012 || 2 || attempted-admin || 0 || ET SNMP Attempted TCP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String ILMI || url,www.cisco.com/warp/public/707/cisco-sa-20010228-ios-snmp-community.shtml || url,www.cisco.com/warp/public/707/cisco-sa-20010227-ios-snmp-ilmi.shtml || url,doc.emergingthreats.net/2011012 1 || 2011013 || 2 || attempted-admin || 0 || ET SNMP Attempted UDP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String cable-docsis || url,www.cisco.com/warp/public/707/cisco-sa-20010228-ios-snmp-community.shtml || url,www.iss.net/security_center/reference/vuln/cisco-ios-cable-docsis.htm || url,www.kb.cert.org/vuls/id/840665 || cve,2004-1776 || url,doc.emergingthreats.net/2011013 1 || 2011014 || 2 || attempted-admin || 0 || ET SNMP Attempted TCP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String cable-docsis || url,www.cisco.com/warp/public/707/cisco-sa-20010228-ios-snmp-community.shtml || url,www.iss.net/security_center/reference/vuln/cisco-ios-cable-docsis.htm || url,www.kb.cert.org/vuls/id/840665 || cve,2004-1776 || url,doc.emergingthreats.net/2011014 1 || 2011015 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible Sun Microsystems Sun Java System Web Server Remote File Disclosure Attempt || url,www.packetstormsecurity.org/1004-exploits/sun-knockout.txt || url,doc.emergingthreats.net/2011015 1 || 2011016 || 4 || web-application-attack || 0 || ET WEB_SERVER Possible Sun Microsystems Sun Java System Web Server Long OPTIONS URI Overflow Attmept || url,www.packetstormsecurity.com/1004-exploits/sunjavasystem-exec.txt || cve,2010-0361 || url,doc.emergingthreats.net/2011016 1 || 2011017 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jcalpro cal_popup.php Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/joomlajcalpro-rfi.txt || url,doc.emergingthreats.net/2011017 1 || 2011018 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gallery2 adodb-error.inc.php ADODB_LANG Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10705 || url,doc.emergingthreats.net/2011018 1 || 2011019 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comtrend ADSL Router srvName parameter XSS attempt || url,packetstorm.foofus.com/1001-exploits/comtrend-xss.txt || url,xforce.iss.net/xforce/xfdb/47765 || url,doc.emergingthreats.net/2011019 1 || 2011020 || 6 || attempted-user || 0 || ET ACTIVEX RKD Software ActiveX Control SaveasMolFile Method Buffer Overflow Attempt || url,packetstorm.foofus.com/1002-exploits/barcode_ax49.rb.txt || bugtraq,24596 || url,doc.emergingthreats.net/2011020 1 || 2011021 || 4 || attempted-user || 0 || ET ACTIVEX Rising Online Virus Scanner ActiveX Scan Method stack Overflow Function Call || url,packetstorm.foofus.com/1002-exploits/risingonline-dos.txt || bugtraq,38282 || url,doc.emergingthreats.net/2011021 1 || 2011022 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_blog Component id Parameter SELECT FROM SQL Injection Attempt || bugtraq,38668 || url,exploit-db.com/exploits/11688 || url,doc.emergingthreats.net/2011022 1 || 2011023 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_blog Component id Parameter DELETE FROM SQL Injection Attempt || bugtraq,38668 || url,exploit-db.com/exploits/11688 || url,doc.emergingthreats.net/2011023 1 || 2011024 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_blog Component id Parameter UNION SELECT SQL Injection Attempt || bugtraq,38668 || url,exploit-db.com/exploits/11688 || url,doc.emergingthreats.net/2011024 1 || 2011025 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_blog Component id Parameter INSERT INTO SQL Injection Attempt || bugtraq,38668 || url,exploit-db.com/exploits/11688 || url,doc.emergingthreats.net/2011025 1 || 2011026 || 13 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_blog Component id Parameter UPDATE SET SQL Injection Attempt || bugtraq,38668 || url,exploit-db.com/exploits/11688 || url,doc.emergingthreats.net/2011026 1 || 2011027 || 4 || attempted-recon || 0 || ET SCAN w3af Scan In Progress ARGENTINA Req Method || url,w3af.sourceforge.net || url,doc.emergingthreats.net/2011027 1 || 2011028 || 6 || attempted-recon || 0 || ET SCAN HZZP Scan in Progress calc in Headers || url,www.krakowlabs.com/dev.html || url,doc.emergingthreats.net/2011028 1 || 2011029 || 8 || attempted-recon || 0 || ET SCAN Netsparker Default User-Agent || url,www.mavitunasecurity.com/communityedition/ 1 || 2011030 || 5 || attempted-recon || 0 || ET SCAN Netsparker Scan in Progress || url,www.mavitunasecurity.com/communityedition/ || url,doc.emergingthreats.net/2011030 1 || 2011031 || 4 || bad-unknown || 0 || ET SCAN HTTP GET invalid method case || url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html || url,doc.emergingthreats.net/2011031 1 || 2011032 || 4 || bad-unknown || 0 || ET SCAN HTTP POST invalid method case || url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html || url,doc.emergingthreats.net/2011032 1 || 2011033 || 4 || bad-unknown || 0 || ET SCAN HTTP HEAD invalid method case || url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html || url,doc.emergingthreats.net/2011033 1 || 2011034 || 5 || bad-unknown || 0 || ET SCAN HTTP OPTIONS invalid method case || url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html || url,doc.emergingthreats.net/2011034 1 || 2011035 || 4 || web-application-attack || 0 || ET WEB_SERVER SQL Injection BULK INSERT in URI to Insert File Content into Database Table || url,msdn.microsoft.com/en-us/library/ms188365.aspx || url,msdn.microsoft.com/en-us/library/ms175915.aspx || url,www.sqlteam.com/article/using-bulk-insert-to-load-a-text-file || url,doc.emergingthreats.net/2011035 1 || 2011037 || 4 || web-application-attack || 0 || ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION || url,support.microsoft.com/kb/321185 || url,doc.emergingthreats.net/2011037 1 || 2011039 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible INSERT VALUES SQL Injection Attempt || url,ferruh.mavituna.com/sql-injection-cheatsheet-oku/ || url,en.wikipedia.org/wiki/Insert_(SQL) || url,doc.emergingthreats.net/2011039 1 || 2011040 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible Usage of MYSQL Comments in URI for SQL Injection || url,dev.mysql.com/doc/refman/5.0/en/comments.html || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2011040 1 || 2011041 || 3 || web-application-attack || 0 || ET WEB_SERVER MYSQL Benchmark Command in URI to Consume Server Resources || url,dev.mysql.com/doc/refman/5.1/en/information-functions.html#function_benchmark || url,doc.emergingthreats.net/2011041 1 || 2011042 || 3 || web-application-attack || 0 || ET WEB_SERVER MYSQL SELECT CONCAT SQL Injection Attempt || url,ferruh.mavituna.com/sql-injection-cheatsheet-oku/ || url,www.webdevelopersnotes.com/tutorials/sql/a_little_more_on_the_mysql_select_statement.php3 || url,doc.emergingthreats.net/2011042 1 || 2011044 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Copperleaf Photolog postid Parameter SELECT FROM SQL Injection Attempt || url,www.exploit-db.com/exploits/11458 || url,doc.emergingthreats.net/2011044 1 || 2011045 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Copperleaf Photolog postid Parameter DELETE FROM SQL Injection Attempt || url,www.exploit-db.com/exploits/11458 || url,doc.emergingthreats.net/2011045 1 || 2011046 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Copperleaf Photolog postid Parameter INSERT INTO SQL Injection Attempt || url,www.exploit-db.com/exploits/11458 || url,doc.emergingthreats.net/2011046 1 || 2011047 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Copperleaf Photolog postid Parameter UPDATE SET SQL Injection Attempt || url,www.exploit-db.com/exploits/11458 || url,doc.emergingthreats.net/2011047 1 || 2011048 || 4 || attempted-user || 0 || ET ACTIVEX IncrediMail 2.0 Authenticate Method Remote Buffer Overflow Attempt || url,packetstormsecurity.org/1004-exploits/incredimail20-overflow.txt || url,exploit-db.com/exploits/12030 || url,doc.emergingthreats.net/2011048 1 || 2011049 || 6 || attempted-user || 0 || ET ACTIVEX IncrediMail 2.0 Authenticate Method Remote Buffer Overflow Function Call Attempt || url,packetstormsecurity.org/1004-exploits/incredimail20-overflow.txt || url,exploit-db.com/exploits/12030 || url,doc.emergingthreats.net/2011049 1 || 2011050 || 4 || attempted-user || 0 || ET ACTIVEX Liquid XML Studio 2010 OpenFile Method Remote Heap Overflow Attempt || url,exploit-db.com/exploits/11750 || url,doc.emergingthreats.net/2011050 1 || 2011051 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softsaurus CMS subHeader.php objects_path Parameter Remote File Inclusion -1 || bugtraq,38842 || url,exploit-db.com/exploits/11807 || url,doc.emergingthreats.net/2011051 1 || 2011052 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softsaurus CMS subHeader.php objects_path Parameter Remote File Inclusion -2 || bugtraq,38842 || url,exploit-db.com/exploits/11807 || url,doc.emergingthreats.net/2011052 1 || 2011053 || 3 || attempted-user || 0 || ET WEB_CLIENT Possible Java Deployment Toolkit Launch Method Remote Code Execution Attempt || url,seclists.org/fulldisclosure/2010/Apr/119 || url,www.darknet.org.uk/2010/04/serious-java-bug-exposes-users-to-code-execution/ || url,doc.emergingthreats.net/2011053 1 || 2011054 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible CactuShop User Invoices Persistent XSS Attempt || url,www.coresecurity.com/content/cactushop-xss-persistent-vulnerability || cve,2010-1486 || url,doc.emergingthreats.net/2011054 1 || 2011055 || 7 || attempted-user || 0 || ET ACTIVEX Possible EDraw Flowchart ActiveX Control OpenDocument Method Remote Code Execution Attempt || url,doc.emergingthreats.net/2011055 1 || 2011057 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp SELECT FROM SQL Injection Attempt || bugtraq,39510 || url,doc.emergingthreats.net/2011057 1 || 2011058 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp DELETE FROM SQL Injection Attempt || bugtraq,39510 || url,doc.emergingthreats.net/2011058 1 || 2011059 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp UNION SELECT SQL Injection Attempt || bugtraq,39510 || url,doc.emergingthreats.net/2011059 1 || 2011060 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp INSERT INTO SQL Injection Attempt || bugtraq,39510 || url,doc.emergingthreats.net/2011060 1 || 2011061 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp UPDATE SET SQL Injection Attempt || bugtraq,39510 || url,doc.emergingthreats.net/2011061 1 || 2011062 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mp3 Online Id Tag Editor getid3.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/12219 || url,doc.emergingthreats.net/2011062 1 || 2011063 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mp3 Online Id Tag Editor module.archive.gzip.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/12219 || url,doc.emergingthreats.net/2011063 1 || 2011065 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SurgeFTP surgeftpmgr.cgi classid Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/38097 || url,packetstormsecurity.org/1001-exploits/surgeftp-xss.txt || url,doc.emergingthreats.net/2011065 1 || 2011066 || 6 || trojan-activity || 0 || ET DELETED TROJAN SEO HTTP REFERER landing capture rewrite, likely Fake AV || url,doc.emergingthreats.net/2011066 1 || 2011067 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla wgPicasa Component controller Parameter Local File Inclusion Attempt || url,secunia.com/advisories/39467 || url,exploit-db.com/exploits/12230 || url,doc.emergingthreats.net/2011067 1 || 2011071 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Copperleaf Photolog postid Parameter UNION SELECT SQL Injection Attempt || url,www.exploit-db.com/exploits/11458 || url,doc.emergingthreats.net/2011071 1 || 2011072 || 5 || trojan-activity || 0 || ET TROJAN Fruspam polling for IP likely infected || url,community.ca.com/blogs/securityadvisor/archive/2009/03/26/in-the-wild-win32-fruspam-using-american-greetings.aspx || url,doc.emergingthreats.net/2011072 1 || 2011073 || 5 || web-application-attack || 0 || ET WEB_SERVER Microsoft SharePoint Server 2007 _layouts/help.aspx Cross Site Scripting Attempt || url,www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html || url,tools.cisco.com/security/center/viewAlert.x?alertId=20415 || url,www.microsoft.com/technet/security/Bulletin/MS10-039.mspx || url,tools.cisco.com/security/center/viewAlert.x?alertId=20610 || cve,2010-0817 || url,doc.emergingthreats.net/2011073 1 || 2011075 || 8 || attempted-user || 0 || ET ACTIVEX HP Operations Manager SourceView ActiveX LoadFile/SaveFile Method Buffer Overflow Attempt || url,packetstormsecurity.org/1004-exploits/CORELAN-10-027.txt || url,secunia.com/advisories/39538/ || url,doc.emergingthreats.net/2011075 1 || 2011077 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla FaceBook Component face_id Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/12299 || url,packetstormsecurity.org/1004-exploits/joomlagbufacebook-sql.txt || url,doc.emergingthreats.net/2011077 1 || 2011078 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla FaceBook Component face_id Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/12299 || url,packetstormsecurity.org/1004-exploits/joomlagbufacebook-sql.txt || url,doc.emergingthreats.net/2011078 1 || 2011079 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla FaceBook Component face_id Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/12299 || url,packetstormsecurity.org/1004-exploits/joomlagbufacebook-sql.txt || url,doc.emergingthreats.net/2011079 1 || 2011080 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla FaceBook Component face_id Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/12299 || url,packetstormsecurity.org/1004-exploits/joomlagbufacebook-sql.txt || url,doc.emergingthreats.net/2011080 1 || 2011081 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla FaceBook Component face_id Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/12299 || url,packetstormsecurity.org/1004-exploits/joomlagbufacebook-sql.txt || url,doc.emergingthreats.net/2011081 1 || 2011082 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS McAfee Email Gateway queueMsgType Parameter Cross Site Scripting Attempt || url,exploit-db.com/sploits/cybsec_advisory_2010_0402.pdf || url,doc.emergingthreats.net/2011082 1 || 2011083 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS McAfee Email Gateway QtnType Parameter Cross Site Scripting Attempt || url,exploit-db.com/sploits/cybsec_advisory_2010_0402.pdf || url,doc.emergingthreats.net/2011083 1 || 2011084 || 5 || trojan-activity || 0 || ET DELETED User-Agent (BlueSky) || url,doc.emergingthreats.net/2011084 1 || 2011085 || 7 || misc-activity || 0 || ET POLICY HTTP Redirect to IPv4 Address || url,doc.emergingthreats.net/2011085 1 || 2011086 || 6 || trojan-activity || 0 || ET TROJAN Trojan-Dropper.Win32.Flystud || url,doc.emergingthreats.net/2011086 1 || 2011087 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (gomtour) || url,doc.emergingthreats.net/2011087 1 || 2011088 || 3 || attempted-recon || 0 || ET SCAN Possible DavTest WebDav Vulnerability Scanner Initial Check Detected || url,www.darknet.org.uk/2010/04/davtest-webdav-vulerability-scanning-scanner-tool/ || url,code.google.com/p/davtest/ || url,doc.emergingthreats.net/2011088 1 || 2011089 || 3 || attempted-recon || 0 || ET SCAN DavTest WebDav Vulnerability Scanner Default User Agent Detected || url,www.darknet.org.uk/2010/04/davtest-webdav-vulerability-scanning-scanner-tool/ || url,code.google.com/p/davtest/ || url,doc.emergingthreats.net/2011089 1 || 2011090 || 8 || trojan-activity || 0 || ET POLICY User-Agent Recuva (Recuva) || url,doc.emergingthreats.net/2011090 || url,www.piriform.com/ 1 || 2011091 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Manage Engine Service Desk Plus WorkOrder.do SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/39032/ || url,exploit-db.com/exploits/11793 || url,doc.emergingthreats.net/2011091 1 || 2011092 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Manage Engine Service Desk Plus WorkOrder.do DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/39032/ || url,exploit-db.com/exploits/11793 || url,doc.emergingthreats.net/2011092 1 || 2011093 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Manage Engine Service Desk Plus WorkOrder.do UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/39032/ || url,exploit-db.com/exploits/11793 || url,doc.emergingthreats.net/2011093 1 || 2011094 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Manage Engine Service Desk Plus WorkOrder.do INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/39032/ || url,exploit-db.com/exploits/11793 || url,doc.emergingthreats.net/2011094 1 || 2011095 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Manage Engine Service Desk Plus WorkOrder.do UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/39032/ || url,exploit-db.com/exploits/11793 || url,doc.emergingthreats.net/2011095 1 || 2011096 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fatwiki datumscalc.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/11188 || url,doc.emergingthreats.net/2011096 1 || 2011097 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fatwiki monatsblatt.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/11188 || url,doc.emergingthreats.net/2011097 1 || 2011098 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YaPig last_gallery.php YAPIG_PATH Parameter Remote File Inclusion Attempt || url,inj3ct0r.com/exploits/11708 || url,doc.emergingthreats.net/2011098 1 || 2011099 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DaFun Spirit lgsl_players.php lgsl_path Parameter Remote File Inclusion || url,exploit-db.com/exploits/11888 || url,doc.emergingthreats.net/2011099 1 || 2011100 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DaFun Spirit lgsl_settings.php lgsl_path Parameter Remote File Inclusion || url,exploit-db.com/exploits/11888 || url,doc.emergingthreats.net/2011100 1 || 2011101 || 7 || trojan-activity || 0 || ET MALWARE Recuva User-Agent (OpenPage) - likely trojan dropper || url,doc.emergingthreats.net/2011101 1 || 2011103 || 10 || trojan-activity || 0 || ET TROJAN Exploit kit download payload likely Hiloti Gozi FakeAV etc || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FHiloti.gen%21D || url,doc.emergingthreats.net/2011103 1 || 2011104 || 10 || trojan-activity || 0 || ET TROJAN Exploit kit attack activity likely hostile || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FHiloti.gen%21D || url,doc.emergingthreats.net/2011104 1 || 2011105 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (i-scan) || url,doc.emergingthreats.net/2011105 1 || 2011106 || 5 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (lineguide) || url,doc.emergingthreats.net/2011106 1 || 2011107 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress WP-Cumulus Plugin tagcloud.swf Cross-Site Scripting Attempt || url,doc.emergingthreats.net/2011107 1 || 2011108 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfire Jabber-Server type Parameter SELECT FROM SQL Injection Attempt || url,www.securiteam.com/securitynews/6T00C0AN5G.html || url,doc.emergingthreats.net/2011108 1 || 2011109 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfire Jabber-Server type Parameter DELETE FROM SQL Injection Attempt || url,www.securiteam.com/securitynews/6T00C0AN5G.html || url,doc.emergingthreats.net/2011109 1 || 2011110 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfire Jabber-Server type Parameter UNION SELECT SQL Injection Attempt || url,www.securiteam.com/securitynews/6T00C0AN5G.html || url,doc.emergingthreats.net/2011110 1 || 2011111 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfire Jabber-Server type Parameter INSERT INTO SQL Injection Attempt || url,www.securiteam.com/securitynews/6T00C0AN5G.html || url,doc.emergingthreats.net/2011111 1 || 2011112 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfire Jabber-Server type Parameter UPDATE SET SQL Injection Attempt || url,www.securiteam.com/securitynews/6T00C0AN5G.html || url,doc.emergingthreats.net/2011112 1 || 2011113 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Business Objects Crystal Reports Web Form Viewer Directory Traversal Attempt || url,secunia.com/advisories/11803/ || bugtraq,10260 || url,doc.emergingthreats.net/2011113 1 || 2011114 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ARISg errmsg Parameter Cross Site Scripting Attempt || bugtraq,38441 || url,secunia.com/advisories/38793 || url,doc.emergingthreats.net/2011114 1 || 2011115 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cPanel fileop Parameter Cross Site Scripting Attempt || bugtraq,37394 || url,vupen.com/english/advisories/2009/3608 || url,doc.emergingthreats.net/2011115 1 || 2011116 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gallo gfw_smarty.php gfwroot Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/12488 || bugtraq,39890 || url,doc.emergingthreats.net/2011116 1 || 2011117 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PowerEasy ComeUrl Parameter Cross Site Scripting Attempt || bugtraq,39696 || url,secunia.com/advisories/39627 || url,doc.emergingthreats.net/2011117 1 || 2011118 || 4 || trojan-activity || 0 || ET DELETED Suspicious User Agent Maxthon || url,doc.emergingthreats.net/2011118 1 || 2011120 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (Save) || url,poweredbysave.com 1 || 2011121 || 6 || trojan-activity || 0 || ET TROJAN Phoenix Exploit Kit Facebook phishing page payload could be ZeuS || url,malwareint.blogspot.com/2010/03/new-phishing-campaign-against-facebook.html || url,doc.emergingthreats.net/2011121 1 || 2011122 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible SQL injection obfuscated via REVERSE function || url,snosoft.blogspot.com/2010/05/reversenoitcejni-lqs-dnilb-bank-hacking.html || url,doc.emergingthreats.net/2011122 1 || 2011123 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (Yodao Desktop Dict) || url,doc.emergingthreats.net/2011123 1 || 2011124 || 15 || non-standard-protocol || 0 || ET MALWARE Suspicious FTP 220 Banner on Local Port (spaced) || url,doc.emergingthreats.net/2011124 1 || 2011125 || 7 || not-suspicious || 0 || ET POLICY Maxthon Browser Background Agent UA (MxAgent) || url,doc.emergingthreats.net/2011125 1 || 2011126 || 5 || attempted-user || 0 || ET ACTIVEX Possible VMware Console ActiveX Format String Remote Code Execution Attempt || url,dsecrg.com/pages/vul/show.php?id=153 || url,lists.vmware.com/pipermail/security-announce/2010/000090.html || cve,2009-3732 || url,doc.emergingthreats.net/2011126 1 || 2011127 || 8 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (InTeRNeT) || url,doc.emergingthreats.net/2011127 1 || 2011128 || 4 || trojan-activity || 0 || ET TROJAN Eleonore Exploit Pack activity variant May 2010 || url,www.offensivecomputing.net/?q=node/1419 || url,doc.emergingthreats.net/2010248 1 || 2011129 || 6 || attempted-user || 0 || ET ACTIVEX Possible Attachmate Reflection X ActiveX Control 'ControlID' Buffer Overflow Attempt || url,doc.emergingthreats.net/2011129 1 || 2011130 || 4 || attempted-user || 0 || ET ACTIVEX Possible Attachmate Reflection X ActiveX Control 'ControlID' Buffer Overflow Function Call Attempt || url,doc.emergingthreats.net/2011130 1 || 2011131 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla jwmmxtd Component mosConfig_absolute_path Parameter Remote File Inclusion || url,exploit-db.com/exploits/11845 || url,doc.emergingthreats.net/2011131 1 || 2011132 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_universal Component Remote File Inclusion || url,exploit-db.com/exploits/11865 || bugtraq,38949 || url,doc.emergingthreats.net/2011132 1 || 2011133 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke viewslink module sid Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/12514 || bugtraq,39925 || url,doc.emergingthreats.net/2011133 1 || 2011134 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke viewslink module sid Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/12514 || bugtraq,39925 || url,doc.emergingthreats.net/2011134 1 || 2011135 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke viewslink module sid Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/12514 || bugtraq,39925 || url,doc.emergingthreats.net/2011135 1 || 2011136 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke viewslink module sid Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/12514 || bugtraq,39925 || url,doc.emergingthreats.net/2011136 1 || 2011137 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke viewslink module sid Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/12514 || bugtraq,39925 || url,doc.emergingthreats.net/2011137 1 || 2011138 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XAMPP showcode.php TEXT Parameter Cross Site Scripting Attempt || bugtraq,37997 || url,doc.emergingthreats.net/2011138 1 || 2011139 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XAMPP xamppsecurity.phpp TEXT Parameter Cross Site Scripting Attempt || bugtraq,37997 || url,doc.emergingthreats.net/2011139 1 || 2011140 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JE Ajax Event Calendar view Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/12598 || url,doc.emergingthreats.net/2011140 1 || 2011141 || 3 || attempted-recon || 0 || ET WEB_SERVER PHP Easteregg Information-Disclosure (phpinfo) || url,osvdb.org/12184 || url,www.0php.com/php_easter_egg.php || url,seclists.org/nmap-dev/2010/q2/569 || url,doc.emergingthreats.net/2011141 1 || 2011142 || 3 || attempted-recon || 0 || ET WEB_SERVER PHP Easteregg Information-Disclosure (php-logo) || url,osvdb.org/12184 || url,www.0php.com/php_easter_egg.php || url,seclists.org/nmap-dev/2010/q2/569 || url,doc.emergingthreats.net/2011142 1 || 2011143 || 3 || attempted-recon || 0 || ET WEB_SERVER PHP Easteregg Information-Disclosure (zend-logo) || url,osvdb.org/12184 || url,www.0php.com/php_easter_egg.php || url,seclists.org/nmap-dev/2010/q2/569 || url,doc.emergingthreats.net/2011143 1 || 2011144 || 3 || attempted-recon || 0 || ET WEB_SERVER PHP Easteregg Information-Disclosure (funny-logo) || url,osvdb.org/12184 || url,www.0php.com/php_easter_egg.php || url,seclists.org/nmap-dev/2010/q2/569 || url,doc.emergingthreats.net/2011144 1 || 2011145 || 3 || web-application-attack || 0 || ET WEB_SERVER 3Com Intelligent Management Center Cross Site Scripting Attempt || url,securitytracker.com/alerts/2010/May/1024022.html || url,support.3com.com/documents/netmgr/imc/3Com_IMC_readme_plat_3.30-SP2.html || url,www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-02 || url,doc.emergingthreats.net/2011145 1 || 2011146 || 5 || policy-violation || 0 || ET MALWARE User-Agent (Download Master) - Possible Malware Downloader || url,www.httpuseragent.org/list/Download+Master-n727.htm || url,www.westbyte.com/dm/ || url,doc.emergingthreats.net/2011146 1 || 2011148 || 5 || trojan-activity || 0 || ET TROJAN Unknown Malware Download Request || url,www.prevx.com/filenames/X22210989379038527-X1/GR_OLD_CR.EXE.html || url,doc.emergingthreats.net/2011148 1 || 2011149 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (webcount) || url,doc.emergingthreats.net/2011149 1 || 2011150 || 3 || trojan-activity || 0 || ET DELETED UPS Spam Inbound Variant 2 || url,doc.emergingthreats.net/201150 1 || 2011151 || 3 || trojan-activity || 0 || ET DELETED UPS Spam Inbound Variant 3 || url,doc.emergingthreats.net/2011151 1 || 2011152 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Consona Products n6plugindestructor.asp Cross Site Scripting Attempt || bugtraq,39999 || url,juniper.net/security/auto/vulnerabilities/vuln39999.html || url,doc.emergingthreats.net/2011152 1 || 2011153 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ektron CMS400.NET reterror.aspx info Parameter Cross Site Scripting Attempt || bugtraq,39679 || url,secunia.com/advisories/39547/ || url,doc.emergingthreats.net/2011153 1 || 2011154 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ektron CMS400.NET medialist.aspx selectids Parameter Cross Site Scripting Attempt || bugtraq,39679 || url,secunia.com/advisories/39547/ || url,doc.emergingthreats.net/2011154 1 || 2011155 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RJ-iTop Network Vulnerabilities Scan System id SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/39404/ || url,doc.emergingthreats.net/2011155 1 || 2011156 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RJ-iTop Network Vulnerabilities Scan System id DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/39404/ || url,doc.emergingthreats.net/2011156 1 || 2011157 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RJ-iTop Network Vulnerabilities Scan System id UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/39404/ || url,doc.emergingthreats.net/2011157 1 || 2011158 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RJ-iTop Network Vulnerabilities Scan System id INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/39404/ || url,doc.emergingthreats.net/2011158 1 || 2011159 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RJ-iTop Network Vulnerabilities Scan System id UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/39404/ || url,doc.emergingthreats.net/2011159 1 || 2011160 || 4 || web-application-attack || 0 || ET WEB_SERVER Apache Axis2 xsd Parameter Directory Traversal Attempt || bugtraq,40343 || url,doc.emergingthreats.net/2011160 1 || 2011161 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HotNews hnmain.inc.php3 incdir Parameter Remote File Inclusion Attempt || url,inj3ct0r.com/exploits/11731 || url,exploit-db.com/exploits/12160 || url,doc.emergingthreats.net/2011161 1 || 2011162 || 5 || trojan-activity || 0 || ET TROJAN IRC Potential bot update/download via ftp command || url,doc.emergingthreats.net/2011162 1 || 2011164 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 29o3 CMS pageDescriptionObject.php LibDir Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/12558 || bugtraq,40049 || url,doc.emergingthreats.net/2011164 || cve,2010-1922 1 || 2011165 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutHeaderFuncs.php LibDir Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/12558 || bugtraq,40049 || url,doc.emergingthreats.net/2011165 1 || 2011167 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutParser.php LibDir Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/12558 || bugtraq,40049 || url,doc.emergingthreats.net/2011167 1 || 2011168 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt || bugtraq,39992 || url,doc.emergingthreats.net/2011168 1 || 2011169 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt || bugtraq,39992 || url,doc.emergingthreats.net/2011169 1 || 2011170 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt || bugtraq,39992 || url,doc.emergingthreats.net/2011170 1 || 2011171 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt || bugtraq,39992 || url,doc.emergingthreats.net/2011171 1 || 2011172 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt || bugtraq,39992 || url,doc.emergingthreats.net/2011172 1 || 2011173 || 11 || misc-attack || 0 || ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt || url,www.exploit-db.com/exploits/13808/ || url,doc.emergingthreats.net/2011173 || cve,2010-1885 1 || 2011174 || 3 || web-application-attack || 0 || ET WEB_SERVER SQL Injection Attempt (Agent CZxt2s) || url,doc.emergingthreats.net/2011174 1 || 2011175 || 5 || web-application-attack || 0 || ET WEB_SERVER Casper Bot Search RFI Scan || url,doc.emergingthreats.net/2011175 1 || 2011176 || 4 || web-application-attack || 0 || ET DELETED MaMa CaSpEr RFI Scan || url,doc.emergingthreats.net/2011176 1 || 2011178 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV Download with Cookie WinSec || url,www.virustotal.com/analisis/6b5ff522ddf418a5cca87ebd924736774c1a58a9b51bb44ee72dac01f0db317a-1278686791 || url,doc.emergingthreats.net/2011178 1 || 2011179 || 5 || trojan-activity || 0 || ET TROJAN Generic Checkin - MSCommonInfoEx || url,doc.emergingthreats.net/2011179 1 || 2011180 || 4 || trojan-activity || 0 || ET TROJAN Phoenix Exploit Kit pdfopen.pdf || url,doc.emergingthreats.net/2011180 1 || 2011181 || 4 || trojan-activity || 0 || ET TROJAN Phoenix Exploit Kit pdfswf.pdf || url,doc.emergingthreats.net/2011181 1 || 2011182 || 4 || trojan-activity || 0 || ET TROJAN Phoenix Exploit Kit - libtiff.pdf || url,doc.emergingthreats.net/2011182 1 || 2011183 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit malware payload download || url,doc.emergingthreats.net/2011183 1 || 2011184 || 4 || trojan-activity || 0 || ET TROJAN Phoenix Exploit Kit VBscript download || url,doc.emergingthreats.net/2011184 1 || 2011185 || 2 || trojan-activity || 0 || ET DELETED Nine Ball Infection Ping Outbound || url,doc.emergingthreats.net/2011185 1 || 2011186 || 6 || trojan-activity || 0 || ET TROJAN Nine Ball Infection ya.ru Post || url,www.martinsecurity.net/page/3 || url,doc.emergingthreats.net/2011186 1 || 2011187 || 3 || trojan-activity || 0 || ET DELETED Nine Ball Infection Posting Data || url,www.martinsecurity.net/page/3 || url,doc.emergingthreats.net/2011187 1 || 2011188 || 5 || trojan-activity || 0 || ET TROJAN Nine Ball User-Agent Detected (NQX315) || url,doc.emergingthreats.net/2011188 1 || 2011189 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Cisco IOS HTTP Server Cross Site Scripting Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=17364 || url,www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html || cve,2008-3821 || url,doc.emergingthreats.net/2011189 1 || 2011190 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM BladeCenter Management Module cindefn.php Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=154 || url,doc.emergingthreats.net/2011190 1 || 2011191 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM BladeCenter Management Module power_management_policy_options.php Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=154 || url,doc.emergingthreats.net/2011191 1 || 2011192 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM BladeCenter Management Module pm_temp.php Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=154 || url,doc.emergingthreats.net/2011192 1 || 2011193 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM BladeCenter Management Module power_module.php Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=154 || url,doc.emergingthreats.net/2011193 1 || 2011194 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM BladeCenter Management Module blade_leds.php Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=154 || url,doc.emergingthreats.net/2011194 1 || 2011195 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM BladeCenter Management Module ipmi_bladestatus.php Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=154 || url,doc.emergingthreats.net/2011195 1 || 2011196 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid ICount Remote Code Execution Attempt || url,www.zerodayinitiative.com/advisories/ZDI-10-085/ || cve,2010-1554 || url,doc.emergingthreats.net/2011196 1 || 2011197 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid MaxAge Remote Code Execution Attempt || url,www.zerodayinitiative.com/advisories/ZDI-10-084/ || cve,2010-1553 || url,doc.emergingthreats.net/2011197 1 || 2011198 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid Hostname Remote Code Execution Attempt || url,www.zerodayinitiative.com/advisories/ZDI-10-086/ || cve,2010-1555 || url,doc.emergingthreats.net/2011198 1 || 2011199 || 2 || trojan-activity || 0 || ET TROJAN Outbound AVISOSVB MSSQL Request || url,www.threatexpert.com/report.aspx?md5=1f5b6d6d94cc6272c937045e22e6d192 || url,doc.emergingthreats.net/2011199 1 || 2011200 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX SendCommand Method Buffer Overflow Attempt || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011200 1 || 2011201 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX Login Method Buffer Oveflow Attempt || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011201 1 || 2011202 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX Snapshot Method Buffer Overflow Attempt || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011202 1 || 2011203 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX _DownloadPBOpen Method Buffer Overflow Attempt || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011203 1 || 2011204 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX _DownloadPBClose Method Buffer Overflow Attempt || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011204 1 || 2011205 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX _DownloadPBControl Method Buffer Overflow Attempt || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011205 1 || 2011206 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX Buffer Overflow Function Call || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011206 1 || 2011207 || 2 || web-application-attack || 0 || ET ACTIVEX SaschArt SasCam Webcam Server ActiveX Control Head Method Buffer Overflow Attempt || url,exploit-db.com/exploits/14215/ || bugtraq,41343 || url,doc.emergingthreats.net/2011207 1 || 2011208 || 3 || attempted-user || 0 || ET WEB_SPECIFIC_APPS SaschArt SasCam Webcam Server ActiveX Buffer Overflow Function Call || url,exploit-db.com/exploits/14215/ || bugtraq,41343 || url,doc.emergingthreats.net/2011208 1 || 2011209 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClearSite device_admin.php cs_base_path Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/65117 || cve,CVE-2010-2145 || url,doc.emergingthreats.net/2011209 1 || 2011210 || 6 || attempted-user || 0 || ET ACTIVEX ComponentOne VSFlexGrid ActiveX Control Archive Method Buffer Overflow Attempt || url,exploit-db.com/exploits/12673 || url,doc.emergingthreats.net/2011210 1 || 2011211 || 4 || attempted-user || 0 || ET ACTIVEX AtHocGov IWSAlerts ActiveX Control Buffer Overflow Function Call Attempt || url,metasploit.com/modules/exploit/windows/browser/athocgov_completeinstallation || url,athoc.com/products/IWSAlerts_overview.aspx || url,doc.emergingthreats.net/2011211 1 || 2011212 || 6 || attempted-user || 0 || ET ACTIVEX Consona Products SdcUser.TgConCtl ActiveX Control Buffer Overflow Attempt || url,www.kb.cert.org/vuls/id/602801 || bugtraq,40006 || url,juniper.net/security/auto/vulnerabilities/vuln40006.html || url,doc.emergingthreats.net/2011212 1 || 2011213 || 4 || attempted-user || 0 || ET ACTIVEX Consona Products SdcUser.TgConCtl ActiveX Control BOF Function Call || url,www.kb.cert.org/vuls/id/602801 || bugtraq,40006 || url,juniper.net/security/auto/vulnerabilities/vuln40006.html || url,doc.emergingthreats.net/2011213 1 || 2011214 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ArdeaCore pathForArdeaCore Parameter Remote File Inclusion Attempt || bugtraq,40811 || url,vupen.com/english/advisories/2010/1444 || url,exploit-db.com/exploits/13832/ || url,doc.emergingthreats.net/2011214 1 || 2011215 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Campsite article_id Parameter SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/39580/ || url,doc.emergingthreats.net/2011215 1 || 2011216 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Campsite article_id Parameter DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/39580/ || url,doc.emergingthreats.net/2011216 1 || 2011217 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Campsite article_id Parameter UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/39580/ || url,doc.emergingthreats.net/2011217 1 || 2011218 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Campsite article_id Parameter INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/39580/ || url,doc.emergingthreats.net/2011218 1 || 2011219 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Campsite article_id Parameter UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/39580/ || url,doc.emergingthreats.net/2011219 1 || 2011220 || 3 || trojan-activity || 0 || ET DELETED Executable requested from /wp-content/languages || url,www.malewareurl.com || url,doc.emergingthreats.net/2011220 1 || 2011221 || 3 || trojan-activity || 0 || ET DELETED FakeAV Served To Client || url,doc.emergingthreats.net/2011221 1 || 2011222 || 3 || bad-unknown || 0 || ET DELETED Malvertising drive by kit encountered - bmb cookie || url,doc.emergingthreats.net/2011222 1 || 2011223 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Malvertising drive by kit encountered - Loading... || url,doc.emergingthreats.net/2011223 1 || 2011224 || 4 || bad-unknown || 0 || ET DELETED Malvertising drive by kit collecting browser info || url,doc.emergingthreats.net/2011224 1 || 2011225 || 6 || policy-violation || 0 || ET POLICY Suspicious User Agent (AskInstallChecker) || url,doc.emergingthreats.net/2011225 1 || 2011226 || 5 || trojan-activity || 0 || ET MALWARE Sogou Toolbar Checkin || url,doc.emergingthreats.net/2011225 1 || 2011227 || 4 || trojan-activity || 0 || ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers || url,doc.emergingthreats.net/2011227 1 || 2011228 || 3 || trojan-activity || 0 || ET DELETED Trojan.StartPage activity || url,doc.emergingthreats.net/2011228 1 || 2011229 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (Suggestion) || url,doc.emergingthreats.net/2011229 1 || 2011230 || 4 || bad-unknown || 0 || ET DELETED MALVERTISING client requesting drive by - /x/?src= || url,doc.emergingthreats.net/2011230 1 || 2011231 || 5 || bad-unknown || 0 || ET DELETED MALVERTISING client requesting redirect to drive by - .php?c=cust || url,doc.emergingthreats.net/2011231 1 || 2011232 || 7 || trojan-activity || 0 || ET P2P p2p Related User-Agent (eChanblard) || url,doc.emergingthreats.net/2011232 1 || 2011233 || 2 || trojan-activity || 0 || ET TROJAN Troxen GetSpeed Request || url,www.threatexpert.com/report.aspx?md5=af89d15930fe59dcb621069abc83cc66 || url,doc.emergingthreats.net/2011233 1 || 2011234 || 4 || trojan-activity || 0 || ET TROJAN Cosmu Process Dump Report || url,doc.emergingthreats.net/2011234 1 || 2011235 || 2 || attempted-admin || 0 || ET EXPLOIT Possible Novell Groupwise Internet Agent CREATE Verb Stack Overflow Attempt || url,www.exploit-db.com/exploits/14379/ || url,www.zerodayinitiative.com/advisories/ZDI-10-129/ || url,www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7006374&sliceId=2&docTypeID=DT_TID_1_1&dialogID=155271264&stateId=0 0 155267598 || url,doc.emergingthreats.net/2011235 1 || 2011236 || 4 || trojan-activity || 0 || ET TROJAN Trojan-Downloader Win32.Genome.avan || url,doc.emergingthreats.net/2011236 1 || 2011238 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (Mozilla/4.0 (SP3 WINLD)) || url,doc.emergingthreats.net/2011238 1 || 2011239 || 3 || attempted-user || 0 || ET DELETED Possible Microsoft Windows Shortcut LNK File Automatic File Execution Attempt Via WebDAV || url,support.microsoft.com/kb/2286198 || url,www.kb.cert.org/vuls/id/940193 || url,tools.cisco.com/security/center/viewAlert.x?alertId=20918 || cve,2010-2568 || url,doc.emergingthreats.net/2011239 1 || 2011240 || 5 || misc-attack || 0 || ET WEB_CLIENT Mozilla Firefox Window.Open Document URI Spoofing Attempt || url,www.mozilla.org/security/announce/2010/mfsa2010-45.html || url,bugzilla.mozilla.org/show_bug.cgi?id=556957 || cve,2010-1206 || url,doc.emergingthreats.net/2011240 1 || 2011241 || 2 || not-suspicious || 0 || ET EXPLOIT M3U File Request Flowbit Set || url,doc.emergingthreats.net/2011241 1 || 2011242 || 3 || attempted-user || 0 || ET EXPLOIT Possible VLC Media Player M3U File FTP URL Processing Stack Buffer Overflow Attempt || url,securitytracker.com/alerts/2010/Jul/1024172.html || url,doc.emergingthreats.net/2011242 1 || 2011243 || 4 || web-application-attack || 0 || ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/ || url,doc.emergingthreats.net/2011243 1 || 2011244 || 5 || web-application-attack || 0 || ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like sun4u) || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/ || url,doc.emergingthreats.net/2011244 1 || 2011245 || 3 || bad-unknown || 0 || ET WEB_CLIENT PDF Containing Windows Commands Downloaded || url,doc.emergingthreats.net/2011245 1 || 2011246 || 4 || bad-unknown || 0 || ET WEB_CLIENT Likely Malicious PDF Containing StrReverse || url,doc.emergingthreats.net/2011246 1 || 2011247 || 6 || trojan-activity || 0 || ET MALWARE Likely Hostile User-Agent (Forthgoer) || url,doc.emergingthreats.net/2011247 1 || 2011248 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (XieHongWei-HttpDown/2.0) || url,doc.emergingthreats.net/2011248 1 || 2011249 || 6 || web-application-attack || 0 || ET ACTIVEX RSP MP3 Player OCX ActiveX OpenFile Method Buffer Overflow Attempt || url,exploit-db.com/exploits/14309/ || url,packetstormsecurity.org/1007-exploits/rspmp3-overflow.txt || url,doc.emergingthreats.net/2011249 1 || 2011250 || 4 || web-application-attack || 0 || ET ACTIVEX Image22 ActiveX DrawIcon Method Buffer Overflow Attempt || url,exploit-db.com/exploits/14321/ || url,doc.emergingthreats.net/2011250 1 || 2011251 || 7 || web-application-attack || 0 || ET ACTIVEX FathFTP ActiveX Control GetFromURL Method Buffer Overflow Attempt || url,exploit-db.com/exploits/14269/ || url,doc.emergingthreats.net/2011251 1 || 2011252 || 5 || web-application-attack || 0 || ET DELETED FathFTP ActiveX Control RasIsConnected Method Buffer Overflow Attempt || url,exploit-db.com/exploits/14269/ || url,doc.emergingthreats.net/2011252 1 || 2011253 || 6 || attempted-user || 0 || ET ACTIVEX Registry OCX ActiveX FullPath Method Buffer Overflow Attempt || url,exploit-db.com/exploits/14200/ || url,doc.emergingthreats.net/2011253 1 || 2011254 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Redaxo CMS index.inc.php Remote File Inclusion Attempt || url,vupen.com/english/advisories/2010/0942 || url,exploit-db.com/exploits/12276 || url,doc.emergingthreats.net/2011254 1 || 2011255 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Redaxo CMS specials.inc.php Remote File Inclusion Attempt || url,vupen.com/english/advisories/2010/0942 || url,exploit-db.com/exploits/12276 || url,doc.emergingthreats.net/2011255 1 || 2011256 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FireStats window-add-excluded-ip.php Cross Site Scripting Attempt || url,secunia.com/advisories/40569/ || url,h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html || url,doc.emergingthreats.net/2011256 1 || 2011257 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FireStats window-add-excluded-url.php Cross Site Scripting Attempt || url,secunia.com/advisories/40569/ || url,h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html || url,doc.emergingthreats.net/2011257 1 || 2011258 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FireStats window-new-edit-site.php Cross Site Scripting Attempt || url,secunia.com/advisories/40569/ || url,h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html || url,doc.emergingthreats.net/2011258 1 || 2011259 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXcms fm_includes_special Parameter Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/9350/ || url,vupen.com/english/advisories/2009/2136 || url,doc.emergingthreats.net/2011259 1 || 2011262 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/40665/ || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,doc.emergingthreats.net/2011262 1 || 2011263 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/40665/ || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,doc.emergingthreats.net/2011263 1 || 2011264 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/40665/ || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,doc.emergingthreats.net/2011264 1 || 2011265 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/40665/ || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,doc.emergingthreats.net/2011265 1 || 2011266 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/40665/ || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,doc.emergingthreats.net/2011266 1 || 2011268 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle Business Process Management context Parameter Cross Site Scripting Attempt || url,exploit-db.com/exploits/14369/ || url,secunia.com/advisories/40605 || url,doc.emergingthreats.net/2011268 1 || 2011269 || 6 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Small || url,doc.emergingthreats.net/2011269 1 || 2011270 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible Microsoft Windows .lnk File Processing WebDAV Arbitrary Code Execution Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=20918 || url,www.kb.cert.org/vuls/id/940193 || url,www.microsoft.com/technet/security/advisory/2286198.mspx || cve,2010-2568 || url,doc.emergingthreats.net/2011270 1 || 2011271 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (CustomSpy) || url,doc.emergingthreats.net/2011271 1 || 2011272 || 5 || trojan-activity || 0 || ET TROJAN Win32/Chekafe.A or Related Infection Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32/Chekafe.A || url,doc.emergingthreats.net/2011272 1 || 2011273 || 5 || trojan-activity || 0 || ET DELETED User-Agent (GM Login) || url,doc.emergingthreats.net/2011273 1 || 2011274 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OpenX phpAdsNew phpAds_geoPlugin Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/14432/ || url,inj3ct0r.com/exploits/13426 || url,doc.emergingthreats.net/2011274 1 || 2011275 || 5 || policy-violation || 0 || ET DELETED Akamai Redswoosh CLIOnlineManager Connection Detected || url,doc.emergingthreats.net/2011275 1 || 2011276 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (InfoBot) || url,doc.emergingthreats.net/2011276 1 || 2011277 || 8 || trojan-activity || 0 || ET TROJAN Rogue.Win32/Winwebsec Checkin || url,doc.emergingthreats.net/2011277 1 || 2011278 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Cosmu.xet || url,www.threatexpert.com/report.aspx?md5=f39554f3afe92dca3597efc1f7709ad4 1 || 2011279 || 3 || trojan-activity || 0 || ET MALWARE User-Agent (browserbob.com) 1 || 2011280 || 3 || bad-unknown || 0 || ET WEB_SERVER Phoenix Exploit Kit - Admin Login Page Detected Outbound 1 || 2011281 || 2 || bad-unknown || 0 || ET WEB_CLIENT phoenix exploit kit - admin login page detected 1 || 2011282 || 3 || trojan-activity || 0 || ET USER_AGENTS Suspicious User Agent (ScrapeBox) 1 || 2011283 || 4 || trojan-activity || 0 || ET MALWARE User-Agent (TALWinInetHTTPClient) 1 || 2011285 || 4 || web-application-attack || 0 || ET WEB_SERVER Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/ || url,doc.emergingthreats.net/2011285 1 || 2011286 || 4 || web-application-attack || 0 || ET WEB_SERVER Bot Search RFI Scan (Casper-Like MaMa Cyber/ebes) || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/ || url,doc.emergingthreats.net/2011286 1 || 2011287 || 3 || web-application-attack || 0 || ET WEB_SERVER Gootkit Website Infection Receiving FTP Credentials from Control Server || url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp || url,doc.emergingthreats.net/2011287 1 || 2011289 || 3 || web-application-attack || 0 || ET WEB_SERVER Local Website Infected By Gootkit || url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp || url,doc.emergingthreats.net/2011285 1 || 2011290 || 6 || web-application-attack || 0 || ET WEB_SERVER Gootkit Website Infection Request for FTP Credentials from Control Server || url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp || url,doc.emergingthreats.net/2011286 1 || 2011291 || 3 || web-application-attack || 0 || ET WEB_SERVER Asprox Spambot SQL-Injection Atempt 1 || 2011293 || 7 || trojan-activity || 0 || ET MALWARE Suspicious User Agent (GabPath) 1 || 2011294 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Win32.FraudPack.aweo || url,www.threatexpert.com/report.aspx?md5=4bc4c32a8d93c29b026bbfb24ccecd14 1 || 2011295 || 7 || trojan-activity || 0 || ET TROJAN Butterfly/Mariposa Bot client init connection 1 || 2011296 || 2 || trojan-activity || 0 || ET TROJAN Butterfly/Mariposa Bot Join Acknowledgment 1 || 2011297 || 3 || trojan-activity || 0 || ET MALWARE User-Agent (KRMAK) Butterfly Bot download 1 || 2011300 || 3 || trojan-activity || 0 || ET TROJAN Stuxnet index.php || url,research.zscaler.com/2010/07/lnk-cve-2010-2568-stuxnet-incident.html 1 || 2011302 || 3 || bad-unknown || 0 || ET DELETED MALVERTISING request to media.fastclick.net.* host 1 || 2011303 || 1 || bad-unknown || 0 || ET DELETED MALVERTISING request to js.zedo.com.* host 1 || 2011304 || 1 || bad-unknown || 0 || ET DELETED MALVERTISING request to view.ads.* host 1 || 2011305 || 1 || bad-unknown || 0 || ET DELETED MALVERTISING request to adnet.media.* host 1 || 2011306 || 1 || bad-unknown || 0 || ET DELETED MALVERTISING request to adfarm.mediaplex.com.* host 1 || 2011307 || 2 || bad-unknown || 0 || ET DELETED DRIVEBY bredolab - hidden div served by nginx 1 || 2011311 || 4 || policy-violation || 0 || ET CURRENT_EVENTS request for hide-my-ip.com autoupdate 1 || 2011312 || 3 || policy-violation || 0 || ET CURRENT_EVENTS hide-my-ip.com POST version check 1 || 2011324 || 3 || policy-violation || 0 || ET CURRENT_EVENTS Games.jar Download Suspicious Possible Exploit Attempt 1 || 2011325 || 3 || policy-violation || 0 || ET DELETED Notes1.pdf Download Suspicious Possible Exploit Attempt 1 || 2011326 || 2 || policy-violation || 0 || ET CURRENT_EVENTS NewGames.jar Download Suspicious Possible Exploit Attempt 1 || 2011328 || 4 || web-application-attack || 0 || ET EXPLOIT HP OpenView Network Node Manager OvJavaLocale Cookie Value Buffer Overflow Attempt || url,www.coresecurity.com/content/hp-nnm-ovjavalocale-buffer-overflow || bugtraq,42154 || cve,2010-2709 1 || 2011329 || 5 || bad-unknown || 0 || ET WEB_CLIENT Possible PDF Launch Function Remote Code Execution Attempt with Name Representation Obfuscation || url,www.kb.cert.org/vuls/id/570177 || url,www.h-online.com/security/news/item/Criminals-attempt-to-exploit-unpatched-hole-in-Adobe-Reader-979286.html || url,www.sudosecure.net/archives/673 || url,www.h-online.com/security/news/item/Adobe-issues-official-workaround-for-PDF-vulnerability-971932.html || url,blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/ || url,www.m86security.com/labs/i/PDF-Launch-Feature-Used-to-Install-Zeus,trace.1301~.asp || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ 1 || 2011330 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Fragus - landing page delivered 1 || 2011334 || 6 || bad-unknown || 0 || ET MALWARE User-Agent (C\:\\WINDOWS\\system32\\NetLogom.exe) 1 || 2011335 || 3 || trojan-activity || 0 || ET TROJAN Sality Variant Checkin Activity || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AU || url,www.threatexpert.com/report.aspx?md5=f39d0a669ad98b95370a4f525d7d79ec 1 || 2011336 || 4 || trojan-activity || 0 || ET TROJAN Sality Variant Downloader Activity || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AU || url,www.threatexpert.com/report.aspx?md5=f39d0a669ad98b95370a4f525d7d79ec 1 || 2011337 || 3 || trojan-activity || 0 || ET TROJAN Sality Variant Downloader Activity (2) || url,www.threatexpert.com/report.aspx?md5=76cf08503cdd036850bcc4f29f64022f || url,www.threatexpert.com/report.aspx?md5=579f2e29434218d62d31625d369cbc42 1 || 2011338 || 3 || trojan-activity || 0 || ET TROJAN Sality Variant Downloader Activity (3) || url,www.threatexpert.com/report.aspx?md5=438bcb3c4a304b65419674ce8775d8a3 1 || 2011339 || 2 || bad-unknown || 0 || ET DELETED PHARMSPAM image requested layout viagra_super_active.jpg 1 || 2011341 || 6 || trojan-activity || 0 || ET TROJAN Suspicious POST to WINDOWS Folder Possible Malware Infection 1 || 2011342 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Malvertising DRIVEBY Fragus Admin Panel Delivered To Client 1 || 2011343 || 3 || bad-unknown || 0 || ET WEB_CLIENT FakeAV scanner page encountered Initializing Virus Protection System 1 || 2011344 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS POST to /x48/x58/ Possible Zeus Version 3 Command and Control Server Traffic || url,www.m86security.com/labs/i/Customers-of-Global-Financial-Institution-Hit-by-Cybercrime,trace.1431~.asp || url,www.m86security.com/documents/pdfs/security_labs/cybercriminals_target_online_banking.pdf 1 || 2011345 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zeus Version 3 Infection Posting Banking HTTP Log to Command and Control Server || url,www.m86security.com/labs/i/Customers-of-Global-Financial-Institution-Hit-by-Cybercrime,trace.1431~.asp || url,www.m86security.com/documents/pdfs/security_labs/cybercriminals_target_online_banking.pdf 1 || 2011346 || 7 || shellcode-detect || 0 || ET SHELLCODE Possible Unescape %u Shellcode/Heap Spray || url,www.w3schools.com/jsref/jsref_unescape.asp || url,isc.sans.org/diary.html?storyid=7906 || url,isc.sans.org/diary.html?storyid=7903 || url,malzilla.sourceforge.net/tutorial01/index.html || url,doc.emergingthreats.net/2011346 1 || 2011347 || 2 || bad-unknown || 0 || ET WEB_CLIENT Possible String.FromCharCode Javascript Obfuscation Attempt || url,www.w3schools.com/jsref/jsref_fromCharCode.asp || url,www.roseindia.net/javascript/method-fromcharcode.shtml || url,isc.sans.org/diary.html?storyid=7906 || url,isc.sans.org/diary.html?storyid=7903 1 || 2011348 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Exploit Kit request for PDF exploit 1 || 2011349 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Exploit Kit request for Java exploit 1 || 2011350 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Exploit Kit request for Java and PDF exploits 1 || 2011351 || 2 || bad-unknown || 0 || ET DELETED Driveby bredolab server response contains .ru 8080/index.php? 1 || 2011353 || 2 || bad-unknown || 0 || ET DELETED Driveby bredolab jquery.jxx 1 || 2011354 || 3 || bad-unknown || 0 || ET DELETED Driveby bredolab request to a .ru 8080 URI 1 || 2011355 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Driveby bredolab hidden div served by nginx 1 || 2011357 || 3 || trojan-activity || 0 || ET TROJAN FakeAV SetupSecure Download Attempt SetupSecure || url,www.malwareurl.com/listing.php?domain=virus-scanner-6.com 1 || 2011358 || 4 || web-application-attack || 0 || ET WEB_SERVER ColdFusion Path Traversal (locale 1/5) || url,h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964 || url,www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ || cve,CVE-2010-2861 || url,www.exploit-db.com/exploits/14641/ 1 || 2011359 || 5 || web-application-attack || 0 || ET WEB_SERVER ColdFusion Path Traversal (locale 2/5) || url,h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964 || url,www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ || cve,CVE-2010-2861 || url,www.exploit-db.com/exploits/14641/ 1 || 2011360 || 5 || web-application-attack || 0 || ET WEB_SERVER ColdFusion Path Traversal (locale 3/5) || url,h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964 || url,www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ || cve,CVE-2010-2861 || url,www.exploit-db.com/exploits/14641/ 1 || 2011362 || 5 || web-application-attack || 0 || ET WEB_SERVER ColdFusion Path Traversal (locale 5/5) || url,h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964 || url,www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ || cve,CVE-2010-2861 || url,www.exploit-db.com/exploits/14641/ 1 || 2011364 || 5 || trojan-activity || 0 || ET TROJAN Sinowal/sinonet/mebroot/Torpig infected host POSTing process list 1 || 2011365 || 10 || trojan-activity || 0 || ET TROJAN Sinowal/sinonet/mebroot/Torpig infected host checkin 1 || 2011366 || 2 || attempted-user || 0 || ET WEB_CLIENT Possible Apple Quicktime Invalid SMIL URI Buffer Overflow Attempt || url,securitytracker.com/alerts/2010/Aug/1024336.html || bugtraq,41962 || cve,2010-1799 1 || 2011367 || 1 || bad-unknown || 0 || ET SCAN TCP Traffic (ET SCAN Malformed Packet SYN FIN) 1 || 2011368 || 1 || bad-unknown || 0 || ET SCAN TCP Traffic (ET SCAN Malformed Packet SYN RST) 1 || 2011369 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY phoenix exploit kit landing page 1 || 2011370 || 3 || trojan-activity || 0 || ET TROJAN Stupid Stealer C&C Communication (1) || url,amada.abuse.ch/?search=f4bf4fb71d0846b0d43f22f0a77253fb 1 || 2011371 || 3 || trojan-activity || 0 || ET TROJAN Stupid Stealer C&C Communication (2) || url,amada.abuse.ch/?search=f4bf4fb71d0846b0d43f22f0a77253fb 1 || 2011373 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FakeAV client requesting fake scanner page 1 || 2011374 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.co.cc domain 1 || 2011375 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.cz.cc domain 1 || 2011377 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SaurusCMS com_del.php class_path Parameter Remote File Inclusion Attempt || url,inj3ct0r.com/exploits/13665 1 || 2011378 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter SELECT FROM SQL Injection Attempt || bugtraq,41377 1 || 2011380 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter UNION SELECT SQL Injection Attempt || bugtraq,41377 1 || 2011381 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter INSERT INTO SQL Injection Attempt || bugtraq,41377 1 || 2011382 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter UPDATE SET SQL Injection Attempt || bugtraq,41377 1 || 2011383 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CSSTidy css_optimiser.php url Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/40515/ || url,cross-site-scripting.blogspot.com/2010/07/impresscms-121-final-reflected-cross.html 1 || 2011384 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXcms fm_includes_special Parameter Remote File Inclusion Attempt || url,inj3ct0r.com/exploits/5609 || url,vupen.com/english/advisories/2009/2136 1 || 2011385 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla NoticeBoard Component controller Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/12427 1 || 2011387 || 5 || trojan-activity || 0 || ET TROJAN indux.php check-in 1 || 2011389 || 4 || web-application-activity || 0 || ET SCAN w3af Scan Remote File Include Retrieval || url,w3af.sourceforge.net 1 || 2011390 || 2 || web-application-activity || 0 || ET SCAN Nikto Scan Remote File Include Retrieval || url,cirt.net/nikto2 1 || 2011391 || 9 || trojan-activity || 0 || ET MALWARE web shell detected 1 || 2011392 || 4 || trojan-activity || 0 || ET MALWARE User-Agent (http-get-demo) Possible Reverse Web Shell 1 || 2011393 || 3 || trojan-activity || 0 || ET MALWARE User-Agent (Microsoft Internet Explorer 6.0) Possible Reverse Web Shell 1 || 2011395 || 3 || trojan-activity || 0 || ET TROJAN wisp backdoor detected reporting 1 || 2011396 || 3 || trojan-activity || 0 || ET TROJAN FakeYak or Related Infection Checkin 1 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Rogue%3aWin32%2fFakeYak 1 || 2011397 || 3 || trojan-activity || 0 || ET TROJAN FakeYak or Related Infection Checkin 2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Rogue%3aWin32%2fFakeYak 1 || 2011398 || 3 || trojan-activity || 0 || ET TROJAN Yoyo-DDoS Bot Execute DDoS Command From CnC Server || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/ 1 || 2011399 || 4 || trojan-activity || 0 || ET TROJAN Yoyo-DDoS Bot Download and Launch Executable Message From CnC Server || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/ 1 || 2011400 || 3 || trojan-activity || 0 || ET TROJAN Yoyo-DDoS Bot Execute SYN Flood Command Message From CnC Server || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/ 1 || 2011401 || 1 || trojan-activity || 0 || ET TROJAN Yoyo-DDoS Bot Unknown Command From CnC Server || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/ 1 || 2011402 || 4 || denial-of-service || 0 || ET TROJAN Yoyo-DDoS Bot HTTP Flood Attack Inbound || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/ 1 || 2011403 || 3 || denial-of-service || 0 || ET TROJAN Yoyo-DDoS Bot HTTP Flood Attack Outbound || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/ 1 || 2011407 || 3 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .com.ru Domain || url,sign.kaffenews.com/?p=104 1 || 2011408 || 3 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .com.cn Domain || url,sign.kaffenews.com/?p=104 1 || 2011409 || 3 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .co.cc Domain || url,sign.kaffenews.com/?p=104 1 || 2011410 || 3 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .cz.cc Domain || url,sign.kaffenews.com/?p=104 1 || 2011411 || 3 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .co.kr Domain || url,sign.kaffenews.com/?p=104 1 || 2011412 || 2 || attempted-user || 0 || ET ACTIVEX Apple QuickTime _Marshaled_pUnk Backdoor Param Arbitrary Code Execution Attempt || url,www.exploit-db.com/exploits/14843/ 1 || 2011413 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Group Office json.php fingerprint Parameter Remote Command Execution Attempt || url,inj3ct0r.com/exploits/13365 1 || 2011414 || 4 || trojan-activity || 0 || ET TROJAN Win32/Small.gen!AQ Communication with Controller || url,perpetualhorizon.blogspot.com/2010/08/shot-in-dark-analysis-of-failed-malware.html || url,www.threatexpert.com/report.aspx?md5=eb3140416c06fa8cb7851076dd100dfb || url,www.threatexpert.com/report.aspx?md5=8033dffa899dcd16769f389073f9f053 1 || 2011415 || 4 || trojan-activity || 0 || ET DELETED General Trojan Downloader Request Observed || url,www.threatexpert.com/report.aspx?md5=3dd8193692b62a875985349b67da38c6 || url,www.threatexpert.com/report.aspx?md5=6c9ad4d06f72edcd2b301d66b25ad101 || url,www.threatexpert.com/report.aspx?md5=91fa03240b5a59853d0dad708055a7a8 1 || 2011416 || 4 || trojan-activity || 0 || ET TROJAN General Trojan FakeAV Downloader 1 || 2011417 || 3 || bad-unknown || 0 || ET DELETED MALVERTISING Hidden iframe Redirecting to SEO Driveby Site 1 || 2011419 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV landing page - sector.hdd.png no-repeat 1 || 2011420 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV client requesting image - sector.hdd.png 1 || 2011421 || 2 || bad-unknown || 0 || ET DELETED FAKEAV redirecting to fake scanner page - /?777 1 || 2011422 || 2 || attempted-recon || 0 || ET VOIP Possible Modified Sipvicious OPTIONS Scan || url,code.google.com/p/sipvicious/ || url,blog.sipvicious.org/ 1 || 2011423 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti cacti/utilities.php Cross Site Scripting Attempt || bid,42575 || cve,2010-2544 || cve,2010-2545 1 || 2011424 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection Using MSSQL sp_configure Command || url,technet.microsoft.com/en-us/library/ms188787.aspx || url,technet.microsoft.com/en-us/library/ms190693.aspx 1 || 2011425 || 4 || web-application-attack || 0 || ET DELETED Possible Attempt to Create MSSQL SOAP/HTTP Endpoint in URI to Allow for Operating System Interaction || url,msdn.microsoft.com/en-us/library/ms345123.aspx 1 || 2011426 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS V-EVA Classified Script clsid Parameter SELECT FROM SQL Injection Attempt || bugtraq,41204 1 || 2011427 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS V-EVA Classified Script clsid Parameter DELETE FROM SQL Injection Attempt || bugtraq,41204 1 || 2011428 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS V-EVA Classified Script clsid Parameter UNION SELECT SQL Injection Attempt || bugtraq,41204 1 || 2011429 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS V-EVA Classified Script clsid Parameter INSERT INTO SQL Injection Attempt || bugtraq,41204 1 || 2011450 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS V-EVA Classified Script clsid Parameter UPDATE SET SQL Injection Attempt || bugtraq,41204 1 || 2011451 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla JGrid Component File Inclusion Attempt || url,secunia.com/advisories/40987/ || url,exploit-db.com/exploits/14656/ 1 || 2011452 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dance Studio Manager dailyview.php date Parameter Cross Site Scripting Attempt || url,inj3ct0r.com/exploits/13770 1 || 2011453 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion maincore.php folder_level Parameter Local File Inclusion Attempt || url,inj3ct0r.com/exploits/13709 1 || 2011454 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 4images global.php db_servertype Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/14712/ 1 || 2011456 || 3 || misc-activity || 0 || ET WEB_CLIENT PROPFIND Flowbit Set 1 || 2011457 || 6 || attempted-user || 0 || ET WEB_CLIENT DLL or EXE File From Possible WebDAV Share, Possible DLL Preloading Exploit Attempt || url,blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html || url,www.us-cert.gov/cas/techalerts/TA10-238A.html || url,www.microsoft.com/technet/security/advisory/2269637.mspx || url,blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx || url,blog.metasploit.com/2010/08/better-faster-stronger.html || url,blog.rapid7.com/?p=5325 1 || 2011464 || 4 || web-application-attack || 0 || ET WEB_SERVER /bin/csh In URI Possible Shell Command Execution Attempt 1 || 2011465 || 7 || web-application-attack || 0 || ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt 1 || 2011466 || 5 || web-application-attack || 0 || ET WEB_SERVER /bin/tsh In URI Possible Shell Command Execution Attempt 1 || 2011467 || 5 || web-application-attack || 0 || ET WEB_SERVER /bin/ksh In URI Possible Shell Command Execution Attempt 1 || 2011468 || 4 || bad-unknown || 0 || ET DELETED MALVERTISING trafficbiztds.com - client requesting redirect to exploit kit 1 || 2011469 || 6 || bad-unknown || 0 || ET DELETED MALVERTISING trafficbiztds.com - client receiving redirect to exploit kit 1 || 2011470 || 3 || trojan-activity || 0 || ET TROJAN Daurso FTP Credential Theft Reported || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fDaurso || url,xanalysis.blogspot.com/2009/07/9121219837-badness.html || url,www.threatexpert.com/report.aspx?md5=348ba619aab3a92b99701335f95fe2a7 || url,www.threatexpert.com/report.aspx?md5=8be56dbd057c3bde42ae804bfd647bb6 1 || 2011471 || 3 || trojan-activity || 0 || ET TROJAN Daurso Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fDaurso || url,xanalysis.blogspot.com/2009/07/9121219837-badness.html || url,www.threatexpert.com/report.aspx?md5=348ba619aab3a92b99701335f95fe2a7 || url,www.threatexpert.com/report.aspx?md5=8be56dbd057c3bde42ae804bfd647bb6 1 || 2011472 || 2 || bad-unknown || 0 || ET WEB_CLIENT Possible Microsoft Internet Explorer CSS Cross-Origin Theft Attempt || url,www.theregister.co.uk/2010/09/06/mystery_ie_bug/ || url,www.darknet.org.uk/2010/09/microsoft-investigate-ie-css-cross-origin-theft-vulnerability/ || url,seclists.org/fulldisclosure/2010/Sep/64 1 || 2011473 || 4 || trojan-activity || 0 || ET TROJAN Antivirus2010 Checkin port 8082 || url,blog.emsisoft.com/2010/08/09/antivirus2010-userinit-and-then-some-more/ || url,doc.emergingthreats.net/2011473 1 || 2011474 || 3 || trojan-activity || 0 || ET DELETED FakeAV Checkin 1 || 2011475 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV scanner page enocuntered - .hdd_icon 1 || 2011478 || 5 || attempted-user || 0 || ET EXPLOIT Possible Microsoft Office Word 2007 sprmCMajority Buffer Overflow Attempt || url,www.exploit-db.com/moaub11-microsoft-office-word-sprmcmajority-buffer-overflow/ || url,www.microsoft.com/technet/security/Bulletin/MS10-056.mspx || bid,42136 || cve,2010-1900 1 || 2011479 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING redirect to exploit kit (unoeuro server) 1 || 2011480 || 4 || trojan-activity || 0 || ET TROJAN IMDDOS Botnet User-Agent STORMDDOS || url,www.damballa.com/downloads/r_pubs/Damballa_Report_IMDDOS.pdf 1 || 2011481 || 4 || trojan-activity || 0 || ET TROJAN IMDDOS Botnet User-Agent IAMDDOS || url,www.damballa.com/downloads/r_pubs/Damballa_Report_IMDDOS.pdf 1 || 2011482 || 5 || trojan-activity || 0 || ET TROJAN IMDDOS Botnet User-Agent kav || url,www.damballa.com/downloads/r_pubs/Damballa_Report_IMDDOS.pdf 1 || 2011483 || 4 || trojan-activity || 0 || ET TROJAN IMDDOS Botnet User-Agent YTDDOS || url,www.damballa.com/downloads/r_pubs/Damballa_Report_IMDDOS.pdf 1 || 2011484 || 4 || trojan-activity || 0 || ET TROJAN IMDDOS Botnet User-Agent i am ddos || url,www.damballa.com/downloads/r_pubs/Damballa_Report_IMDDOS.pdf 1 || 2011485 || 2 || attempted-user || 0 || ET WEB_CLIENT RealPlayer FLV Parsing Integer Overflow Attempt || url,service.real.com/realplayer/security/08262010_player/en/ || url,www.exploit-db.com/moaub-13-realplayer-flv-parsing-multiple-integer-overflow/ || bugtraq,42775 || cve,2010-3000 1 || 2011486 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Phoenix landing page - valium 1 || 2011487 || 2 || bad-unknown || 0 || ET FTP Suspicious Percentage Symbol Usage in FTP Username || url,www.checkpoint.com/defense/advisories/public/2010/sbp-16-Aug.html 1 || 2011488 || 1 || bad-unknown || 0 || ET FTP Suspicious Quotation Mark Usage in FTP Username || url,www.checkpoint.com/defense/advisories/public/2010/sbp-16-Aug.html 1 || 2011489 || 5 || trojan-activity || 0 || ET TROJAN Meredrop/Nusump Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FNusump&ThreatID=-2147329857 || url,www.threatexpert.com/report.aspx?md5=ef0616d75bd892ed69fe22a510079686 || url,www.threatexpert.com/report.aspx?md5=463cdec2df12a04d6ea1d015746ee950 1 || 2011490 || 3 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Zlob.bgs Checkin(1) || url,threatexpert.com/report.aspx?md5=ffdcea0ed88d47bc21d71040f9289ef4 1 || 2011491 || 3 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Zlob.bgs Checkin(2) || url,threatexpert.com/report.aspx?md5=ffdcea0ed88d47bc21d71040f9289ef4 1 || 2011492 || 2 || trojan-activity || 0 || ET TROJAN Adware.Kraddare Checkin 1 || 2011493 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OpenX OpenFlashChart Remote Exploit Attempt || url,www.afterdawn.com/news/article.cfm/2010/09/12/vulnerability_in_openx_advertisement_server_afterdawn_s_ads_affected_as_well || url,www.esarcasm.com/17960/no-esarcasm-is-not-a-tool-of-satan-or-malware-authors/ || url,www.thinq.co.uk/2010/9/13/pirate-bay-cracked-spread-malware/ || url,www.kreativrauschen.com/blog/2010/09/09/critical-vulnerability-in-openx-286-open-flash-chart-2/ || url,www.heise.de/newsticker/meldung/Ein-Jahr-alte-Luecke-gefaehrdet-OpenX-Ad-Server-1077941.html || url,www.kreativrauschen.de/blog/2010/09/09/kritische-sicherheitsluecke-in-openx-2-8-6-open-flash-chart-2/ || url,doc.emergingthreats.net/2011493 1 || 2011494 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OpenX OpenFlashChart Remote Exploit - possible Access to uploaded Files || url,www.afterdawn.com/news/article.cfm/2010/09/12/vulnerability_in_openx_advertisement_server_afterdawn_s_ads_affected_as_well || url,www.esarcasm.com/17960/no-esarcasm-is-not-a-tool-of-satan-or-malware-authors/ || url,www.thinq.co.uk/2010/9/13/pirate-bay-cracked-spread-malware/ || url,www.kreativrauschen.com/blog/2010/09/09/critical-vulnerability-in-openx-286-open-flash-chart-2/ || url,www.heise.de/newsticker/meldung/Ein-Jahr-alte-Luecke-gefaehrdet-OpenX-Ad-Server-1077941.html || url,www.kreativrauschen.de/blog/2010/09/09/kritische-sicherheitsluecke-in-openx-2-8-6-open-flash-chart-2/ || url,doc.emergingthreats.net/2011494 1 || 2011495 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Executable Download named to be .com FQDN || url,malwareurl.com 1 || 2011496 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Executable Download named to be FQDN || url,malwareurl.com 1 || 2011497 || 4 || attempted-recon || 0 || ET SCAN Hydra User-Agent || url,freeworld.thc.org/thc-hydra 1 || 2011499 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF With Embedded Adobe Shockwave Flash, Possibly Related to Remote Code Execution Attempt || url,feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py/ || cve,2010-1297 || cve,2010-2201 1 || 2011500 || 2 || attempted-user || 0 || ET WEB_CLIENT Possible Adobe Acrobat and Reader Pushstring Memory Corruption Attempt || url,www.exploit-db.com/moaub12-adobe-acrobat-and-reader-pushstring-memory-corruption/ || bugtraq,41237 || cve,2010-2201 1 || 2011501 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible Adobe CoolType Smart INdependent Glyplets - SING - Table uniqueName Stack Buffer Overflow Attempt || url,contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.html || cve,2010-2883 1 || 2011502 || 1 || misc-attack || 0 || ET EXPLOIT Possible Etrust Secure Transaction Platform Identification and Entitlements Server File Disclosure Attempt || url,shh.thathost.com/secadv/2009-06-15-entrust-ies.txt || url,securitytracker.com/alerts/2010/Sep/1024391.html 1 || 2011503 || 1 || misc-attack || 0 || ET EXPLOIT Sucessful Etrust Secure Transaction Platform Identification and Entitlements Server File Disclosure Attempt || url,shh.thathost.com/secadv/2009-06-15-entrust-ies.txt || url,securitytracker.com/alerts/2010/Sep/1024391.html 1 || 2011504 || 3 || bad-unknown || 0 || ET WEB_CLIENT String Replace in PDF File, Likely Hostile || url,www.w3schools.com/jsref/jsref_replace.asp 1 || 2011505 || 3 || bad-unknown || 0 || ET WEB_CLIENT PDF With Embedded Flash, Possible Remote Code Execution Attempt || url,feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py/ || cve,2010-1297 1 || 2011506 || 3 || bad-unknown || 0 || ET WEB_CLIENT PDF With eval Function - Possibly Hostile || url,www.w3schools.com/jsref/jsref_eval.asp 1 || 2011507 || 7 || bad-unknown || 0 || ET WEB_CLIENT PDF With Embedded File || url,blog.didierstevens.com/2009/07/01/embedding-and-hiding-files-in-pdf-documents/ 1 || 2011509 || 2 || attempted-user || 0 || ET ACTIVEX Possible Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Stack Overflow Attempt || url,www.exploit-db.com/moaub-14-novell-iprint-client-browser-plugin-executerequest-debug-parameter-stack-overflow/ || bid,42100 || url,doc.emergingthreats.net/2011509 1 || 2011510 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Eleonore - landing page 1 || 2011511 || 1 || denial-of-service || 0 || ET DOS ntop Basic-Auth DOS inbound || url,www.securityfocus.com/bid/36074 || url,www.securityfocus.com/archive/1/505862 || url,www.securityfocus.com/archive/1/505876 1 || 2011512 || 1 || denial-of-service || 0 || ET DOS ntop Basic-Auth DOS outbound || url,www.securityfocus.com/bid/36074 || url,www.securityfocus.com/archive/1/505862 || url,www.securityfocus.com/archive/1/505876 1 || 2011513 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Phoenix Exploit Kit - PROPFIND AVI 1 || 2011514 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit - tmp/flash.swf 1 || 2011515 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit - collab.pdf 1 || 2011517 || 3 || trojan-activity || 0 || ET MALWARE Inbound AlphaServer User-Agent (Powered By 64-Bit Alpha Processor) 1 || 2011518 || 3 || trojan-activity || 0 || ET MALWARE Outbound AlphaServer User-Agent (Powered By 64-Bit Alpha Processor) 1 || 2011519 || 2 || attempted-user || 0 || ET WEB_CLIENT Possible Adobe Acrobat Reader Newclass Invalid Pointer Remote Code Execution Attempt || url,www.exploit-db.com/adobe-acrobat-newclass-invalid-pointer-vulnerability/ || cve,2010-1297 1 || 2011520 || 4 || trojan-activity || 0 || ET TROJAN Knock.php Shiz or Rohimafo CnC Server Contact URL || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab 1 || 2011521 || 4 || trojan-activity || 0 || ET DELETED Shiz or Rohimafo config download || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab 1 || 2011522 || 3 || trojan-activity || 0 || ET DELETED Shiz or Rohimafo config loaded || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab 1 || 2011523 || 3 || trojan-activity || 0 || ET TROJAN Shiz or Rohimafo Reporting Listening Socket to CnC Server || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab 1 || 2011524 || 3 || trojan-activity || 0 || ET DELETED Knok.php Shiz or Rohimafo Host Information Submission to CnC Server || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab 1 || 2011525 || 3 || not-suspicious || 0 || ET POLICY OpenSSL Demo Cert Exchange 1 || 2011526 || 1 || suspicious-filename-detect || 0 || ET NETBIOS windows recycler request - suspicious || url,about-threats.trendmicro.com/ArchiveMalware.aspx?name=WORM_AUTORUN.ZBC || url,www.symantec.com/connect/forums/virus-alert-crecyclers-1-5-21-1482476501-1644491937-682003330-1013svchostexe || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FFakerecy.A || url,support.microsoft.com/kb/971029 1 || 2011527 || 4 || suspicious-filename-detect || 0 || ET NETBIOS windows recycler .exe request - suspicious || url,about-threats.trendmicro.com/ArchiveMalware.aspx?name=WORM_AUTORUN.ZBC || url,www.symantec.com/connect/forums/virus-alert-crecyclers-1-5-21-1482476501-1644491937-682003330-1013svchostexe 1 || 2011528 || 6 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of /Subtype || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ 1 || 2011529 || 6 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of Action || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ 1 || 2011530 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of EmbeddedFile || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ 1 || 2011531 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of Type || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ 1 || 2011532 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of Javascript || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ 1 || 2011533 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of URL || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ 1 || 2011534 || 7 || attempted-user || 0 || ET DELETED PDF Name Representation Obfuscation of JBIG2Decode, Very Likely Memory Corruption Attempt || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ || url,blog.didierstevens.com/2009/03/01/quickpost-jbig2decode-signatures/ || bugtraq,33751 || cve,2009-0658 1 || 2011535 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of JS || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ 1 || 2011536 || 5 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of Pages || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ 1 || 2011537 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of OpenAction || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ 1 || 2011538 || 2 || attempted-user || 0 || ET WEB_CLIENT Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Attempt || url,www.exploit-db.com/moaub-17-firefox-plugin-parameter-ensurecachedattrparamarrays-remote-code-execution/ || url,www.mozilla.org/security/announce/2010/mfsa2010-37.html || bugtraq,41842 || cve,2010-1214 1 || 2011539 || 3 || not-suspicious || 0 || ET POLICY OpenSSL Demo CA - Internet Widgits Pty (CN) 1 || 2011540 || 4 || trojan-activity || 0 || ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) 1 || 2011541 || 4 || trojan-activity || 0 || ET POLICY OpenSSL Demo CA - Cryptsoft Pty (CN) 1 || 2011542 || 6 || bad-unknown || 0 || ET POLICY OpenSSL Demo CA - Cryptsoft Pty (O) 1 || 2011543 || 5 || attempted-user || 0 || ET WEB_CLIENT Adobe Shockwave Director tSAC Chunk memory corruption Attempt || url,exploit-db.com/download_pdf/15077 1 || 2011544 || 7 || trojan-activity || 0 || ET TROJAN JAR Download From Crimepack Exploit Kit || url,doc.emergingthreats.net/2011544 || url,krebsonsecurity.com/tag/crimepack/ || url,www.offensivecomputing.net/?q=node/1572 1 || 2011545 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Client requesting fake scanner page /scan/?key= 1 || 2011546 || 2 || bad-unknown || 0 || ET DELETED FAKEAV client requesting fake scanner page 1 || 2011547 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AlstraSoft AskMe que_id Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/14979/ 1 || 2011552 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FCMS familynews.php current_user_id Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/14965/ 1 || 2011553 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FCMS settings.php current_user_id Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/14965/ 1 || 2011554 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_jphone Local File Inclusion Attempt || url,exploit-db.com/exploits/14964/ 1 || 2011555 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SnortReport nmap.php target Parameter Arbitrary Command Execution Attempt || url,osvdb.org/show/osvdb/67739 1 || 2011556 || 1 || web-application-attack || 0 || ET DELETED ClearSite device_admin.php cs_base_path Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/65117 || cve,CVE-2010-2145 1 || 2011557 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_zoomportfolio component UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/41047/ || url,exploit-db.com/exploits/14718/ 1 || 2011558 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_zoomportfolio component INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/41047/ || url,exploit-db.com/exploits/14718/ 1 || 2011559 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_zoomportfolio component UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/41047/ || url,exploit-db.com/exploits/14718/ 1 || 2011560 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_zoomportfolio component SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/41047/ || url,exploit-db.com/exploits/14718/ 1 || 2011561 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_zoomportfolio component DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/41047/ || url,exploit-db.com/exploits/14718/ 1 || 2011562 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PithCMS oldnews_reader.php lang Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/13899/ 1 || 2011563 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DynPage dynpage_load.php file Parameter Local File Inclusion Attempt || url,secunia.com/advisories/41317/ 1 || 2011564 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Classifieds class.phpmailer.php lang_path Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/14893/ 1 || 2011565 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dompdf dompdf.php input_file Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/14851/ 1 || 2011566 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easypush Server Manager addressbook.cgi page Parameter Cross Site Scripting Attempt || url,inj3ct0r.com/exploits/13944 1 || 2011571 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Euchia CMS catalogo.php id_livello Parameter Cross Site Scripting Attempt || url,inj3ct0r.com/exploits/13028 1 || 2011572 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Plogger phpThumb.php h Parameter Remote File Disclosure Attempt || url,exploit-db.com/exploits/14636/ 1 || 2011573 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Plogger phpThumb.php src Parameter Remote File Disclosure Attempt || url,exploit-db.com/exploits/14636/ 1 || 2011574 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Plogger phpThumb.php w Parameter Remote File Disclosure Attempt || url,exploit-db.com/exploits/14636/ 1 || 2011575 || 2 || attempted-user || 0 || ET WEB_CLIENT Adobe Acrobat newfunction Remote Code Execution Attempt || url,www.adobe.com/support/security/bulletins/apsb10-15.html || url,www.exploit-db.com/moaub-23-adobe-acrobat-and-reader-newfunction-remote-code-execution-vulnerability/ || bid,41236 || cve,2010-2168 1 || 2011576 || 4 || trojan-activity || 0 || ET TROJAN nte Binary Download Attempt (multiple malware variants served) || url,www.malwaredomainlist.com || url,www.malwareurl.com/search.php?domain=&s=trest1&match=0&rp=200&urls=on&redirs=on&ip=on&reverse=on&as=on 1 || 2011577 || 3 || trojan-activity || 0 || ET TROJAN DNSTrojan FakeAV Dropper Activity Observed (1) || url,www.abuse.ch/?p=2740 || url,www.abuse.ch/?p=2796 || url,www.threatexpert.com/report.aspx?md5=c59cdd1366dd5c2f448c03738ec0dc88 || url,www.threatexpert.com/report.aspx?md5=b93360ec3798215a5cca573747df0139 1 || 2011578 || 3 || trojan-activity || 0 || ET TROJAN DNSTrojan FakeAV Dropper Activity Observed (2) || url,www.abuse.ch/?p=2740 || url,www.abuse.ch/?p=2796 || url,www.threatexpert.com/report.aspx?md5=c59cdd1366dd5c2f448c03738ec0dc88 || url,www.threatexpert.com/report.aspx?md5=b93360ec3798215a5cca573747df0139 1 || 2011579 || 1 || bad-unknown || 0 || ET POLICY route1.com SSL certificate for remote access detected 1 || 2011581 || 9 || bad-unknown || 0 || ET POLICY Vulnerable Java Version 1.5.x Detected || url,javatester.org/version.html 1 || 2011582 || 33 || bad-unknown || 0 || ET POLICY Vulnerable Java Version 1.6.x Detected || url,javatester.org/version.html 1 || 2011583 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Neosploit Exploit Pack Activity Observed || url,blog.fireeye.com/research/2010/01/pdf-obfuscation.html || url,blog.fireeye.com/research/2010/06/neosploit_notes.html || url,dxp2532.blogspot.com/2007/12/neosploit-exploit-toolkit.html 1 || 2011584 || 11 || bad-unknown || 0 || ET POLICY Vulnerable Java Version 1.4.x Detected || url,javatester.org/version.html 1 || 2011585 || 3 || trojan-activity || 0 || ET TROJAN Avzhan DDOS Bot Outbound Hardcoded Malformed GET Request Denial Of Service Attack Detected || url,asert.arbornetworks.com/2010/09/another-family-of-ddos-bots-avzhan/ 1 || 2011588 || 19 || trojan-activity || 0 || ET TROJAN Zeus Bot Request to CnC || url,www.secureworks.com/research/threats/zeus/?threat=zeus || url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html 1 || 2011589 || 6 || web-application-attack || 0 || ET ACTIVEX Microsoft DirectX 9 msvidctl.dll ActiveX Control Code Execution Attempt || url,packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt 1 || 2011590 || 3 || attempted-user || 0 || ET ACTIVEX Microsoft DirectX 9 ActiveX Control Format String Function Call || url,packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt 1 || 2011591 || 3 || trojan-activity || 0 || ET TROJAN Potential-Hiloti/FakeAV site access 1 || 2011592 || 1 || trojan-activity || 0 || ET TROJAN Yoyo-DDoS Bot Download and Launch Executable Message From CnC Server || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/ 1 || 2011666 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutManager.php LibDir Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/12558 || bugtraq,40049 || url,doc.emergingthreats.net/2011666 1 || 2011667 || 6 || trojan-activity || 0 || ET ATTACK_RESPONSE Backdoor reDuh http initiate || url,www.sensepost.com/labs/tools/pentest/reduh || url,doc.emergingthreats.net/2011667 1 || 2011668 || 6 || trojan-activity || 0 || ET ATTACK_RESPONSE Backdoor reDuh http tunnel || url,www.sensepost.com/labs/tools/pentest/reduh || url,doc.emergingthreats.net/2011668 1 || 2011669 || 4 || attempted-admin || 0 || ET EXPLOIT Linksys WAP54G debug.cgi Shell Access as Gemtek || url,seclists.org/fulldisclosure/2010/Jun/176 || url,doc.emergingthreats.net/2011669 1 || 2011670 || 3 || trojan-activity || 0 || ET DELETED Fake AV Related CSS Download || url,doc.emergingthreats.net/2011670 1 || 2011672 || 4 || misc-attack || 0 || ET DELETED Adobe Flash 0Day Exploit Attempt || url,www.exploit-db.com/exploits/13787/ || url,doc.emergingthreats.net/2011672 1 || 2011673 || 3 || attempted-dos || 0 || ET DOS Possible SolarWinds TFTP Server Read Request Denial Of Service Attempt || url,www.exploit-db.com/exploits/12683/ || url,doc.emergingthreats.net/2011673 1 || 2011674 || 3 || attempted-dos || 0 || ET DOS SolarWinds TFTP Server Long Write Request Denial Of Service Attempt || url,www.exploit-db.com/exploits/13836/ || url,doc.emergingthreats.net/2011674 1 || 2011675 || 4 || attempted-user || 0 || ET ACTIVEX Possible NOS Microsystems Adobe Reader/Acrobat getPlus Get_atlcom Helper ActiveX Control Multiple Stack Overflows Remote Code Execution Attempt || url,www.securityfocus.com/bid/37759 || url,www.kb.cert.org/vuls/id/773545 || url,www.exploit-db.com/exploits/11172/ || url,www.adobe.com/support/security/bulletins/apsb10-02.html || cve,2009-3958 || url,doc.emergingthreats.net/2011675 1 || 2011676 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Collaboration Server LoginPage.jhtml Cross Site Scripting Attempt || url,www.exploit-db.com/exploits/11403/ || cve,2010-0641 || url,doc.emergingthreats.net/2011676 1 || 2011677 || 7 || trojan-activity || 0 || ET MALWARE MSIL.Amiricil.gen HTTP Checkin || url,www.threatexpert.com/report.aspx?md5=af0bbdf6097233e8688c5429aa97bbed || url,doc.emergingthreats.net/2011677 1 || 2011678 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (HTTP_Query) || url,doc.emergingthreats.net/2011678 1 || 2011679 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (dbcount) || url,doc.emergingthreats.net/2011679 1 || 2011680 || 6 || trojan-activity || 0 || ET DELETED Skype Easybits Extras Manager - Exploit || url,www.m86security.com/labs/traceitem.asp?article=1347 || url,doc.emergingthreats.net/2011680 1 || 2011681 || 3 || attempted-user || 0 || ET ACTIVEX Avaya CallPilot Unified Messaging ActiveX Function Call || url,secunia.com/advisories/40184/ || bugtraq,40535 || url,doc.emergingthreats.net/2011681 1 || 2011690 || 7 || attempted-user || 0 || ET ACTIVEX Possible Sygate Personal Firewall ActiveX SetRegString Method Stack Overflow Attempt || url,www.exploit-db.com/exploits/13834/ || url,www.corelan.be#=#=8800/index.php/forum/security-advisories/10-050-sygate-personal-firewall-5-6-build-2808-activex/ || url,doc.emergingthreats.net/2011690 1 || 2011691 || 6 || trojan-activity || 0 || ET MALWARE Hotbar Agent User-Agent (PinballCorp) || url,doc.emergingthreats.net/2011691 1 || 2011692 || 3 || attempted-user || 0 || ET ACTIVEX Avaya CallPilot Unified Messaging ActiveX InstallFrom Method Access Attempt || url,secunia.com/advisories/40184/ || bugtraq,40535 || url,doc.emergingthreats.net/10767 1 || 2011693 || 5 || trojan-activity || 0 || ET TROJAN Fragus Exploit Kit Landing || url,jsunpack.jeek.org/dec/go?report=d60344851322218108076f1ad8d21435de9d5b7c || url,www.malwareurl.com || url,doc.emergingthreats.net/2011693 1 || 2011694 || 9 || policy-violation || 0 || ET POLICY Windows 3.1 User-Agent Detected - Possible Malware or Non-Updated System || url,doc.emergingthreats.net/2011694 1 || 2011695 || 4 || attempted-user || 0 || ET WEB_CLIENT Possible Microsoft Internet Explorer Dynamic Object Tag/URLMON Sniffing Cross Domain Information Disclosure Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=19873 || url,tools.cisco.com/security/center/viewAlert.x?alertId=20610 || url,www.microsoft.com/technet/security/bulletin/ms10-035.mspx || url,www.coresecurity.com/content/internet-explorer-dynamic-object-tag || cve,2010-0255 || url,doc.emergingthreats.net/2011695 1 || 2011696 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible JBoss JMX Console Beanshell Deployer WAR Upload and Deployment Exploit Attempt || url,www.redteam-pentesting.de/en/publications/jboss/-bridging-the-gap-between-the-enterprise-and-you-or-whos-the-jboss-now || cve,2010-0738 || url,doc.emergingthreats.net/2011696 1 || 2011697 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JBoss JMX Console Beanshell Deployer .WAR File Upload and Deployment Cross Site Request Forgery Attempt || url,www.redteam-pentesting.de/en/publications/jboss/-bridging-the-gap-between-the-enterprise-and-you-or-whos-the-jboss-now || cve,2010-0738 || url,doc.emergingthreats.net/2011697 1 || 2011698 || 6 || web-application-attack || 0 || ET WEB_CLIENT Java Web Start Command Injection (.jar) || url,seclists.org/fulldisclosure/2010/Apr/119 || url,doc.emergingthreats.net/2011698 1 || 2011699 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (Transmission/1.x) || url,www.transmissionbt.com || url,doc.emergingthreats.net/2011699 1 || 2011700 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (KTorrent/3.x.x) || url,ktorrent.org || url,doc.emergingthreats.net/2011700 1 || 2011701 || 6 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (Opera/10.x) || url,www.opera.com || url,doc.emergingthreats.net/2011701 1 || 2011702 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (BitTornado) || url,www.bittornado.com || url,doc.emergingthreats.net/2011702 1 || 2011703 || 6 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (Enhanced CTorrent 3.x) || url,www.rahul.net/dholmes/ctorrent || url,doc.emergingthreats.net/2011703 1 || 2011704 || 5 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (Deluge 1.x.x) || url,deluge-torrent.org || url,doc.emergingthreats.net/2011704 1 || 2011705 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (rTorrent) || url,libtorrent.rakshasa.no || url,doc.emergingthreats.net/2011705 1 || 2011706 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (uTorrent) || url,www.utorrent.com || url,doc.emergingthreats.net/2011706 1 || 2011707 || 4 || policy-violation || 0 || ET P2P Client User-Agent (Shareaza 2.x) || url,shareaza.sourceforge.net || url,doc.emergingthreats.net/2011707 1 || 2011708 || 6 || policy-violation || 0 || ET GAMES Blizzard Downloader Client User-Agent (Blizzard Downloader 2.x) || url,www.worldofwarcraft.com/info/faq/blizzarddownloader.html || url,doc.emergingthreats.net/2011708 1 || 2011710 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (BitComet) || url,www.bitcomet.com || url,doc.emergingthreats.net/2011710 1 || 2011711 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (KTorrent 2.x) || url,ktorrent.org || url,doc.emergingthreats.net/2011711 1 || 2011712 || 6 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (FDM 3.x) || url,www.freedownloadmanager.org || url,doc.emergingthreats.net/2011712 1 || 2011713 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (BTSP) || url,doc.emergingthreats.net/2011713 1 || 2011714 || 6 || bad-unknown || 0 || ET DELETED Hidden iframe Served by nginx - Likely Hostile Code || url,doc.emergingthreats.net/2011714 1 || 2011715 || 3 || trojan-activity || 0 || ET DELETED MALVERTISING Adobe Exploited Check-In || url,doc.emergingthreats.net/2011715 1 || 2011716 || 3 || attempted-recon || 0 || ET SCAN Sipvicious User-Agent Detected (friendly-scanner) || url,code.google.com/p/sipvicious/ || url,blog.sipvicious.org/ || url,doc.emergingthreats.net/2011716 1 || 2011718 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (RangeCheck/0.1) || url,doc.emergingthreats.net/2011718 1 || 2011719 || 7 || trojan-activity || 0 || ET POLICY Win32/Sogou User-Agent (SOGOU_UPDATER) || url,doc.emergingthreats.net/2011719 || url,microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Program%3aWin32%2fSogou 1 || 2011720 || 3 || attempted-recon || 0 || ET SCAN Possible WafWoof Web Application Firewall Detection Scan || url,code.google.com/p/waffit/ || url,doc.emergingthreats.net/2011720 1 || 2011721 || 3 || attempted-recon || 0 || ET SCAN Possible Fast-Track Tool Spidering User-Agent Detected || url,www.offensive-security.com/metasploit-unleashed/Fast-Track-Modes || url,doc.emergingthreats.net/2011721 1 || 2011722 || 3 || attempted-user || 0 || ET ACTIVEX Axis Media Controller ActiveX SetImage Method Remote Code Execution Attempt || bugtraq,41078 || url,doc.emergingthreats.net/2011722 1 || 2011723 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Webmoney Advisor ActiveX Redirect Method Remote DoS Attempt || url,exploit-db.com/exploits/12431 || url,doc.emergingthreats.net/2011723 1 || 2011724 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Webmoney Advisor ActiveX Control DoS Function Call || url,exploit-db.com/exploits/12431 || url,doc.emergingthreats.net/2011724 1 || 2011725 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EZPX photoblog tpl_base_dir Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/13890/ || url,vupen.com/english/advisories/2010/1497 || bugtraq,40881 || url,doc.emergingthreats.net/2011725 1 || 2011726 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SchoolMation studentmain.php session Parameter SELECT FROM SQL Injection Attempt || bugtraq,40737 || url,exploit-db.com/exploits/13812/ || url,doc.emergingthreats.net/2011726 1 || 2011727 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SchoolMation studentmain.php session Parameter DELETE FROM SQL Injection Attempt || bugtraq,40737 || url,exploit-db.com/exploits/13812/ || url,doc.emergingthreats.net/2011727 1 || 2011728 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SchoolMation studentmain.php session Parameter UNION SELECT SQL Injection Attempt || bugtraq,40737 || url,exploit-db.com/exploits/13812/ || url,doc.emergingthreats.net/2011728 1 || 2011729 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SchoolMation studentmain.php session Parameter INSERT INTO SQL Injection Attempt || bugtraq,40737 || url,exploit-db.com/exploits/13812/ || url,doc.emergingthreats.net/2011729 1 || 2011730 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SchoolMation studentmain.php session Parameter UPDATE SET SQL Injection Attempt || bugtraq,40737 || url,exploit-db.com/exploits/13812/ || url,doc.emergingthreats.net/2011730 1 || 2011731 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SchoolMation studentmain.php session Parameter Cross Site Scripting Attempt || bugtraq,40737 || url,exploit-db.com/exploits/13812/ || url,doc.emergingthreats.net/2011731 1 || 2011732 || 2 || attempted-dos || 0 || ET DOS Possible VNC ClientCutText Message Denial of Service/Memory Corruption Attempt || url,www.fortiguard.com/encyclopedia/vulnerability/vnc.server.clientcuttext.message.memory.corruption.html || url,doc.emergingthreats.net/2011732 1 || 2011733 || 3 || policy-violation || 0 || ET GAMES TeamSpeak3 Connect || url,teamspeak.com || url,doc.emergingthreats.net/2011733 1 || 2011734 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Connection/Login || url,teamspeak.com || url,doc.emergingthreats.net/2011734 1 || 2011735 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Connection/Login Replay || url,teamspeak.com || url,doc.emergingthreats.net/2011735 1 || 2011736 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Connection/Ping || url,teamspeak.com || url,doc.emergingthreats.net/2011736 1 || 2011737 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Connection/Ping Reply || url,teamspeak.com || url,doc.emergingthreats.net/2011737 1 || 2011738 || 4 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Login Part 2 || url,teamspeak.com || url,doc.emergingthreats.net/2011738 1 || 2011739 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Channel List || url,teamspeak.com || url,doc.emergingthreats.net/2011739 1 || 2011740 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Player List || url,teamspeak.com || url,doc.emergingthreats.net/2011740 1 || 2011741 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Login End || url,teamspeak.com || url,doc.emergingthreats.net/2011741 1 || 2011742 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/New Player Joined || url,teamspeak.com || url,doc.emergingthreats.net/2011742 1 || 2011743 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Player Left || url,teamspeak.com || url,doc.emergingthreats.net/2011743 1 || 2011744 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Change Status || url,teamspeak.com || url,doc.emergingthreats.net/2011744 1 || 2011745 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Known Player Update || url,teamspeak.com || url,doc.emergingthreats.net/2011745 1 || 2011746 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Disconnect || url,teamspeak.com || url,doc.emergingthreats.net/2011746 1 || 2011747 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 ACK || url,teamspeak.com || url,doc.emergingthreats.net/2011747 1 || 2011748 || 4 || policy-violation || 0 || ET GAMES TrackMania Game Launch || url,www.trackmania.com || url,doc.emergingthreats.net/2011748 1 || 2011749 || 3 || policy-violation || 0 || ET GAMES TrackMania Game Check for Patch || url,www.trackmania.com || url,doc.emergingthreats.net/2011749 1 || 2011750 || 4 || policy-violation || 0 || ET GAMES TrackMania Request GetConnectionAndGameParams || url,www.trackmania.com || url,doc.emergingthreats.net/2011750 1 || 2011751 || 4 || policy-violation || 0 || ET GAMES TrackMania Request OpenSession || url,www.trackmania.com || url,doc.emergingthreats.net/2011751 1 || 2011752 || 5 || policy-violation || 0 || ET GAMES TrackMania Request Connect || url,www.trackmania.com || url,doc.emergingthreats.net/2011752 1 || 2011753 || 4 || policy-violation || 0 || ET GAMES TrackMania Request Disconnect || url,www.trackmania.com || url,doc.emergingthreats.net/2011753 1 || 2011754 || 4 || policy-violation || 0 || ET GAMES TrackMania Request GetOnlineProfile || url,www.trackmania.com || url,doc.emergingthreats.net/2011754 1 || 2011755 || 4 || policy-violation || 0 || ET GAMES TrackMania Request GetBuddies || url,www.trackmania.com || url,doc.emergingthreats.net/2011755 1 || 2011756 || 4 || policy-violation || 0 || ET GAMES TrackMania Request SearchNew || url,www.trackmania.com || url,doc.emergingthreats.net/2011756 1 || 2011757 || 4 || policy-violation || 0 || ET GAMES TrackMania Request LiveUpdate || url,www.trackmania.com || url,doc.emergingthreats.net/2011757 1 || 2011758 || 3 || policy-violation || 0 || ET GAMES TrackMania Ad Report || url,www.trackmania.com || url,doc.emergingthreats.net/2011758 1 || 2011759 || 4 || web-application-activity || 0 || ET WEB_SERVER TIEHTTP User-Agent || url,www.torry.net/authorsmore.php?id=4292 || url,doc.emergingthreats.net/2011759 1 || 2011760 || 6 || bad-unknown || 0 || ET DELETED Likely FAKEAV scanner page encountered - i1000000.gif || url,doc.emergingthreats.net/2011760 1 || 2011761 || 2 || attempted-dos || 0 || ET DOS Possible MySQL ALTER DATABASE Denial Of Service Attempt || url,securitytracker.com/alerts/2010/Jun/1024160.html || url,dev.mysql.com/doc/refman/5.1/en/alter-database.html || cve,2010-2008 || url,doc.emergingthreats.net/2011761 1 || 2011763 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible Cisco PIX/ASA HTTP Web Interface HTTP Response Splitting Attempt || url,www.secureworks.com/ctu/advisories/SWRX-2010-001/ || url,tools.cisco.com/security/center/viewAlert.x?alertId=20737 || cve,2008-7257 || url,doc.emergingthreats.net/2011763 1 || 2011764 || 4 || attempted-user || 0 || ET WEB_CLIENT Possible Microsoft Internet Explorer mshtml.dll Timer ID Memory Pointer Information Disclosure Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=20815 || url,reversemode.com/index.php?option=com_content&task=view&id=68&Itemid=1 || url,doc.emergingthreats.net/2011764 1 || 2011765 || 3 || bad-unknown || 0 || ET POLICY eval(function(p a c k e d) JavaScript from nginx Detected - Likely Hostile || url,doc.emergingthreats.net/2011765 1 || 2011766 || 3 || attempted-recon || 0 || ET SCAN Modified Sipvicious User-Agent Detected (sundayddr) || url,honeynet.org.au/?q=sunday_scanner || url,code.google.com/p/sipvicious/ || url,blog.sipvicious.org/ || url,doc.emergingthreats.net/2011766 1 || 2011767 || 3 || attempted-dos || 0 || ET TROJAN Avzhan DDOS Bot Inbound Hardcoded Malformed GET Request Denial Of Service Attack Detected || url,asert.arbornetworks.com/2010/09/another-family-of-ddos-bots-avzhan/ 1 || 2011768 || 6 || web-application-attack || 0 || ET WEB_SERVER PHP tags in HTTP POST || url,isc.sans.edu/diary.html?storyid=9478 1 || 2011769 || 5 || trojan-activity || 0 || ET TROJAN Shiz/Rohimafo Binary Download Request || url,www.symantec.com/business/security_response/writeup.jsp?docid=2010-041308-3301-99&tabid=2 || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab || url,doc.emergingthreats.net/2010793 1 || 2011791 || 4 || trojan-activity || 0 || ET TROJAN Shiz/Rohimafo Checkin || url,www.symantec.com/business/security_response/writeup.jsp?docid=2010-041308-3301-99&tabid=2 || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab || url,doc.emergingthreats.net/2010791 1 || 2011792 || 5 || trojan-activity || 0 || ET DELETED Shiz/Rohimafo Proxy Registration || url,www.symantec.com/business/security_response/writeup.jsp?docid=2010-041308-3301-99&tabid=2 || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab 1 || 2011794 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter DELETE FROM SQL Injection Attempt || bugtraq,41377 1 || 2011795 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Driveby Bredolab - client requesting java exploit 1 || 2011796 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Driveby Bredolab - landing page 1 || 2011797 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Driveby Bredolab - client exploited by acrobat 1 || 2011798 || 3 || trojan-activity || 0 || ET TROJAN carberp check in 1 || 2011799 || 7 || trojan-activity || 0 || ET TROJAN Carberp checkin task || url,www.trustdefender.com/blog/2010/10/06/carberp-%E2%80%93-a-new-trojan-in-the-making/ || url,www.honeynet.org/node/578 || url,www.symantec.com/security_response/writeup.jsp?docid=2010-101313-5632-99&tabid=2 || url,www.eset.com/threat-center/encyclopedia/threats/win32trojandownloadercarberpb || url,www.threatexpert.com/report.aspx?md5=31a4bc4e9a431d91dc0b368f4a76ee85 || url,www.threatexpert.com/report.aspx?md5=1d0d38dd63551a30eda664611ed4958b || url,www.threatexpert.com/report.aspx?md5=6f89b98729483839283d04b82055dc44 || url,www.threatexpert.com/report.aspx?md5=07d3fbb124ff39bd5c1045599f719e36 1 || 2011800 || 8 || trojan-activity || 0 || ET POLICY Abnormal User-Agent No space after colon - Likely Hostile 1 || 2011801 || 2 || web-application-attack || 0 || ET ACTIVEX AoA Audio Extractor ActiveX Control Buffer Overflow Attempt || url,exploit-db.com/exploits/14599/ || url,packetstormsecurity.org/1010-exploits/aoaae-rop.txt 1 || 2011802 || 3 || bad-unknown || 0 || ET DNS DNS Lookup for localhost.DOMAIN.TLD 1 || 2011803 || 5 || shellcode-detect || 0 || ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/ 1 || 2011804 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible UDP x86 JMP to CALL Shellcode Detected || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/ 1 || 2011806 || 4 || web-application-attack || 0 || ET WEB_SERVER ScriptResource.axd access without t (time) parameter - possible ASP padding-oracle exploit || url,netifera.com/research/ || url,www.microsoft.com/technet/security/advisory/2416728.mspx 1 || 2011807 || 6 || web-application-attack || 0 || ET WEB_SERVER WebResource.axd access without t (time) parameter - possible ASP padding-oracle exploit || url,netifera.com/research/ || url,www.microsoft.com/technet/security/advisory/2416728.mspx 1 || 2011808 || 3 || attempted-recon || 0 || ET SCAN Inspathx Path Disclosure Scanner User-Agent Detected || url,code.google.com/p/inspathx/ || url,www.darknet.org.uk/2010/09/inspathx-tool-for-finding-path-disclosure-vulnerabilities/ 1 || 2011809 || 5 || attempted-recon || 0 || ET SCAN Inspathx Path Disclosure Scan || url,code.google.com/p/inspathx/ || url,www.darknet.org.uk/2010/09/inspathx-tool-for-finding-path-disclosure-vulnerabilities/ 1 || 2011810 || 1 || bad-unknown || 0 || ET DELETED MALVERTISING redirect to eleonore exploit kit 1 || 2011811 || 3 || trojan-activity || 0 || ET DELETED ZeuS http client library detected 1 || 2011812 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SEO Exploit Kit - Landing Page 1 || 2011813 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS SEO Exploit Kit - client exploited 1 || 2011814 || 3 || bad-unknown || 0 || ET DELETED SEO Exploit Kit - client exploited by SMB 1 || 2011815 || 2 || bad-unknown || 0 || ET DELETED SEO Exploit Kit - client exploited by Acrobat 1 || 2011816 || 16 || trojan-activity || 0 || ET DELETED Zeus POST Request to CnC || url,www.secureworks.com/research/threats/zeus/?threat=zeus || url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html 1 || 2011817 || 3 || trojan-activity || 0 || ET DELETED Zeus GET Request to CnC 1 || 2011818 || 4 || trojan-activity || 0 || ET DELETED Zeus http client library detected 1 || 2011819 || 1 || bad-unknown || 0 || ET POLICY Zero Content-Length HTTP POST with data (outbound) 1 || 2011820 || 3 || trojan-activity || 0 || ET TROJAN Fake AV CnC Checkin cycle_report || url,www.threatexpert.com/report.aspx?md5=fa078834dd3b4c6604d12823a6f9f17e 1 || 2011821 || 1 || denial-of-service || 0 || ET CURRENT_EVENTS User-Agent used in known DDoS Attacks Detected outbound || url,www.linuxquestions.org/questions/linux-security-4/massive-ddos-need-advice-help-795298/ 1 || 2011822 || 1 || denial-of-service || 0 || ET CURRENT_EVENTS User-Agent used in known DDoS Attacks Detected inbound || url,www.linuxquestions.org/questions/linux-security-4/massive-ddos-need-advice-help-795298/ 1 || 2011823 || 1 || denial-of-service || 0 || ET CURRENT_EVENTS User-Agent used in known DDoS Attacks Detected outbound 2 || url,www.linuxquestions.org/questions/linux-security-4/massive-ddos-need-advice-help-795298/ 1 || 2011824 || 2 || denial-of-service || 0 || ET CURRENT_EVENTS User-Agent used in known DDoS Attacks Detected inbound 2 || url,www.linuxquestions.org/questions/linux-security-4/massive-ddos-need-advice-help-795298/ 1 || 2011825 || 9 || trojan-activity || 0 || ET TROJAN MUROFET/Licat Trojan || url,extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html 1 || 2011826 || 2 || web-application-attack || 0 || ET DELETED Pre Projects E-Smart Cart login.asp Arbitrary SQL Command Injection Attempt || url,juniper-federal.org/security/auto/vulnerabilities/vuln37418.html || url,exploit-db.com/exploits/14376 1 || 2011827 || 4 || trojan-activity || 0 || ET TROJAN Xilcter/Zeus related malware dropper reporting in 1 || 2011828 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 724CMS section.php Module Parameter Local File inclusion Attempt || url,packetstormsecurity.org/1005-exploits/724cms459-lfi.txt 1 || 2011829 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyOWNspace getfeed.php file Parameter Local File Inclusion Attempt(1) || url,inj3ct0r.com/exploits/12674 1 || 2011830 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyOWNspace getfeed.php file Parameter Local File Inclusion Attempt(2) || url,inj3ct0r.com/exploits/12674 1 || 2011831 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Board site_path Parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/1010-exploits/cmsboard-rfi.txt 1 || 2011832 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter SELECT FROM SQL Injection Attempt || url,inj3ct0r.com/exploits/14205 1 || 2011833 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter DELETE FROM SQL Injection Attempt || url,inj3ct0r.com/exploits/14205 1 || 2011834 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter UNION SELECT SQL Injection Attempt || url,inj3ct0r.com/exploits/14205 1 || 2011835 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter UPDATE SET SQL Injection Attempt || url,inj3ct0r.com/exploits/14205 1 || 2011836 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter INSERT INTO SQL Injection Attempt || url,inj3ct0r.com/exploits/14205 1 || 2011837 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS A6MamboHelpDesk Admin.a6mambohelpdesk.php Remote File inclusion Attempt || bugtraq,19198 || cve,CVE-2006-3930 1 || 2011838 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.com/1010-exploits/phpfusionmguser-sql.txt 1 || 2011839 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.com/1010-exploits/phpfusionmguser-sql.txt 1 || 2011840 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.com/1010-exploits/phpfusionmguser-sql.txt 1 || 2011841 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.com/1010-exploits/phpfusionmguser-sql.txt 1 || 2011842 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.com/1010-exploits/phpfusionmguser-sql.txt 1 || 2011843 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BaconMap updatelist.php filepath Local File Inclusion Attempt || url,packetstormsecurity.com/1010-exploits/baconmap10-lfi.txt 1 || 2011844 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rwcards mosConfig_absolute_path Remote File Inclusion Attempt || url,packetstormsecurity.com/1010-exploits/joomlarwcards-rfi.txt 1 || 2011845 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lantern CMS intPassedLocationID Parameter Cross Site Scripting Attempt || bugtraq,43865 1 || 2011846 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OrangeHRM uri Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/15232 1 || 2011847 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jomestate Parameter Remote File Inclusion Attempt || url,inj3ct0r.com/exploits/12835 1 || 2011848 || 5 || trojan-activity || 0 || ET TROJAN Win32/Comotor.A!dll Reporting 1 || url,threatexpert.com/report.aspx?md5=5e1c680e70e423dd02e31ab9d689e40b || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FComotor.A!dll&ThreatID=-2147346593 1 || 2011849 || 4 || trojan-activity || 0 || ET TROJAN Win32/Comotor.A!dll Reporting 2 || url,threatexpert.com/report.aspx?md5=5e1c680e70e423dd02e31ab9d689e40b || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FComotor.A!dll&ThreatID=-2147346593 1 || 2011850 || 4 || trojan-activity || 0 || ET TROJAN Carberp file download 1 || 2011851 || 7 || trojan-activity || 0 || ET TROJAN Carberp CnC Reply no tasks 1 || 2011852 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W-Agora search.php bn Parameter Cross Site Scripting Attempt || bugtraq,44370 1 || 2011853 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W-Agora search.php bn Parameter Local File Inclusion Attempt || bugtraq,44370 1 || 2011854 || 3 || not-suspicious || 0 || ET POLICY Java JAR file download 1 || 2011855 || 2 || bad-unknown || 0 || ET POLICY Java JAR Download Attempt || url,blogs.technet.com/b/mmpc/archive/2010/10/18/have-you-checked-the-java.aspx 1 || 2011856 || 3 || trojan-activity || 0 || ET MALWARE HTML.Psyme.Gen Reporting || url,threatexpert.com/report.aspx?md5=de1adb1df396863e7e3967271e7db734 1 || 2011857 || 6 || trojan-activity || 0 || ET TROJAN SpyEye C&C Check-in URI || url,www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bot || url,krebsonsecurity.com/2010/10/spyeye-v-zeus-rivalry-ends-in-quiet-merger/ 1 || 2011858 || 12 || trojan-activity || 0 || ET TROJAN Likely Hostile HTTP Header GET structure 1 || 2011860 || 2 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS Oracle Fusion Middleware BPEL Console Cross Site Scripting || bid,43954 || cve,2010-3581 1 || 2011861 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Bredolab CnC URL Detected || url,blog.fireeye.com/.a/6a00d835018afd53ef013488839529970c-pi 1 || 2011862 || 4 || trojan-activity || 0 || ET TROJAN Feodo Banking Trojan Account Details Post || url,blog.fireeye.com/research/2010/10/feodosoff-a-new-botnet-on-the-rise.html#more 1 || 2011863 || 5 || trojan-activity || 0 || ET DELETED Feodo Banking Trojan Receiving Configuration File || url,blog.fireeye.com/research/2010/10/feodosoff-a-new-botnet-on-the-rise.html 1 || 2011864 || 2 || attempted-user || 0 || ET WEB_CLIENT Possible Oracle Java APPLET Tag Children Property Memory Corruption Attempt || url,code.google.com/p/skylined/issues/detail?id=18 || url,www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html 1 || 2011865 || 3 || bad-unknown || 0 || ET WEB_CLIENT Embedded Executable File in PDF - This Program Cannot Be Run in DOS Mode 1 || 2011866 || 4 || bad-unknown || 0 || ET WEB_CLIENT Suspicious Embedded Shockwave Flash In PDF 1 || 2011867 || 2 || attempted-user || 0 || ET ACTIVEX Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution Attempt || url,www.exploit-db.com/trend-micro-internet-security-pro-2010-activex-extsetowner-remote-code-execution/ 1 || 2011868 || 3 || bad-unknown || 0 || ET WEB_CLIENT Possible Javascript obfuscation using app.setTimeOut in PDF in Order to Run Code || url,www.h-online.com/security/features/CSI-Internet-PDF-timebomb-1038864.html?page=4 || url,www.vicheck.ca/md5query.php?hash=6932d141916cd95e3acaa3952c7596e4 1 || 2011869 || 2 || web-application-attack || 0 || ET ACTIVEX Softek Barcode Reader Toolkit ActiveX Control Buffer Overflow Attempt || url,exploit-db.com/exploits/15071 1 || 2011870 || 2 || attempted-user || 0 || ET ACTIVEX Softek Barcode Reader Toolkit ActiveX Control Format String Function Call || url,exploit-db.com/exploits/15071/ 1 || 2011871 || 1 || policy-violation || 0 || ET POLICY SubmitToTDWTF.asmx DailyWTF Potential Source Code Leakage || url,thedailywtf.com/Articles/Submit-WTF-Code-Directly-From-Your-IDE.aspx || url,code.google.com/p/submittotdwtf/source/browse/trunk/ 1 || 2011872 || 3 || trojan-activity || 0 || ET MALWARE User-Agent (Gbot) 1 || 2011873 || 4 || trojan-activity || 0 || ET DELETED Suspicious HTTP GET to JPG with query string 1 || 2011874 || 3 || policy-violation || 0 || ET POLICY NSPlayer User-Agent Windows Media Player streaming detected || url,msdn.microsoft.com/en-us/library/cc234851 1 || 2011875 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/15309/ 1 || 2011876 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/15309/ 1 || 2011877 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/15309/ 1 || 2011878 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/15309/ 1 || 2011879 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/15309/ 1 || 2011880 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBazar picturelib.php Remote File inclusion Attempt || cve,CVE-2010-2315 || url,exploit-db.com/exploits/12855/ 1 || 2011881 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Open Web Analytics mw_plugin.php IP Parameter Remote File inclusion Attempt || url,exploit-db.com/exploits/11903/ 1 || 2011882 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Open Web Analytics owa_action Parameter Local File inclusion Attempt || url,exploit-db.com/exploits/11903/ 1 || 2011883 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Open Web Analytics owa_do Parameter Local File inclusion Attempt || url,exploit-db.com/exploits/11903/ 1 || 2011884 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGaming CMS loadplugin.php load Parameter Local File inclusion Attempt || url,packetstormsecurity.org/1010-exploits/igamingcms-lfi.txt 1 || 2011886 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Webspell wCMS-Clanscript staticID Parameter SQL Injection Attempt || url,exploit-db.com/exploits/15152/ 1 || 2011887 || 1 || attempted-recon || 0 || ET SCAN Medusa User-Agent || url,www.foofus.net/~jmk/medusa/medusa.html 1 || 2011889 || 5 || attempted-user || 0 || ET DELETED HP Data Protector Media Operations SignInName Parameter Overflow || url,elotrolad0.blogspot.com/2010/10/hp-data-protector-media-operations-611_23.html || url,securitytracker.com/id?1024634 1 || 2011890 || 7 || trojan-activity || 0 || ET DELETED Potential TDSS HTTP Library GET 1 || 2011891 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Possible Microsoft Internet Explorer CSS Tags Remote Code Execution Attempt || bid,44536 || cve,2010-3962 1 || 2011892 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Microsoft IE CSS Clip Attribute Memory Corruption (POC SPECIFIC) || url,extraexploit.blogspot.com/2010/11/cve-2010-3962-yet-another-internet.html || url,www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks || url,blog.fireeye.com/research/2010/11/ie-0-day-hupigon-joins-the-party.html || url,www.offensive-security.com/0day/ie-0day.txt || url,www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms10_xxx_ie_css_clip.rb 1 || 2011893 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Firefox Interleaving document.write and appendChild Overflow (POC SPECIFIC) || url,bugzilla.mozilla.org/show_bug.cgi?id=607222 || url,blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/ 1 || 2011894 || 16 || trojan-activity || 0 || ET TROJAN TDSS/TDL/Alureon MBR rootkit Checkin 1 || 2011895 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Driveby leads to exploits aaitsol1/networks.php 1 || 2011896 || 2 || bad-unknown || 0 || ET DELETED ZBot sp107fb/photo.exe 1 || 2011897 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS vb exploits / trojan vietshow 1 || 2011898 || 1 || bad-unknown || 0 || ET DELETED Rogue antivirus downloader x/l.php?id=RdxUVjSVVKicADPtx=6666os=5.1n=1 1 || 2011899 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Trojan perflogger ~duydati/inst_PCvw.exe 1 || 2011900 || 1 || bad-unknown || 0 || ET DELETED Trojandropper dunik!rts xxx/download7/21/install_flash_player.exe 1 || 2011901 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Hacked server to exploits ~rio1/admin/login.php 1 || 2011902 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Phishing ~mbscom/moneybookers/app/login/login.html 1 || 2011903 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS iframe Phoenix Exploit & ZBot vt073pd/photo.exe 1 || 2011904 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS fast flux rogue antivirus download.php?id=2004 1 || 2011905 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS exploit kit x/index.php?s=dexc 1 || 2011906 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS exploit kit x/load/svchost.exe 1 || 2011907 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS exploit kit x/l.php?s=dexc 1 || 2011908 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS exploit kit x/exe.php?x=mdac 1 || 2011909 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS trojan renos Flash.HD.exe 1 || 2011910 || 6 || attempted-user || 0 || ET WEB_CLIENT Possible Adobe Reader 9.4 this.printSeps Memory Corruption Attempt || bid,44638 || cve,2010-4091 1 || 2011911 || 2 || bad-unknown || 0 || ET DNS Hiloti DNS CnC Channel Successful Install Message || url,sign.kaffenews.com/?p=104 || url,blog.fortinet.com/hiloti-the-botmaster-of-disguise/ 1 || 2011912 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Fake AV Checkin 1 || 2011914 || 1 || attempted-recon || 0 || ET SCAN DirBuster Scan in Progress || url,www.owasp.org/index.php/Category%3aOWASP_DirBuster_Project 1 || 2011915 || 1 || attempted-recon || 0 || ET SCAN DotDotPwn User-Agent || url,dotdotpwn.sectester.net 1 || 2011916 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SEO/Malvertising Executable Landing exe2.php 1 || 2011917 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV Gemini - JavaScript Redirection To Scanning Page 1 || 2011918 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV Gemini - JavaScript Redirection To FakeAV Binary 1 || 2011919 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FAKEAV Gemini - packupdate*.exe download 1 || 2011920 || 4 || bad-unknown || 0 || ET DELETED FAKEAV CryptMEN - 302 Redirect 1 || 2011921 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV CryptMEN - Landing Page Download Contains .hdd_icon 1 || 2011922 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV CryptMEN - Random Named DeObfuscation JavaScript File Download 1 || 2011923 || 6 || trojan-activity || 0 || ET DELETED FAKEAV CryptMEN inst.exe Payload Download 1 || 2011924 || 2 || web-application-attack || 0 || ET SCAN Havij SQL Injection Tool User-Agent Outbound || url,itsecteam.com/en/projects/project1.htm 1 || 2011925 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Rogue AV Downloader concat URI || url,malwareurl.com 1 || 2011926 || 5 || trojan-activity || 0 || ET TROJAN X-Tag Zeus Mitmo user agent || url,eternal-todo.com/blog/thoughts-facts-zeus-mitmo 1 || 2011927 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SiteloomCMS mailform_1 variable Cross Site Scripting Attempt || url,packetstormsecurity.org/1008-exploits/siteloomcms-xss.txt 1 || 2011928 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TFTgallery adminlangfile Parameter Local File inclusion Attempt || url,exploit-db.com/exploits/15345/ 1 || 2011929 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_banners banners.class.php Remote File inclusion Attempt || url,packetstormsecurity.org/1010-exploits/joomlabanners-rfi.txt 1 || 2011930 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php SELECT FROM SQL Injection Attempt || url,inj3ct0r.com/exploits/14090 1 || 2011931 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php DELETE FROM SQL Injection Attempt || url,inj3ct0r.com/exploits/14090 1 || 2011932 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php UNION SELECT SQL Injection Attempt || url,inj3ct0r.com/exploits/14090 1 || 2011933 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php INSERT INTO SQL Injection Attempt || url,inj3ct0r.com/exploits/14090 1 || 2011934 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php UPDATE SET SQL Injection Attempt || url,inj3ct0r.com/exploits/14090 1 || 2011935 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component joomlaXplorer admin.joomlaxplorer.php File Inclusion Attempt || url,packetstormsecurity.org/1011-exploits/joomlaxplorer-rfi.txt 1 || 2011936 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dolphin BxDolGzip.php file Disclosure Attempt || url,secunia.com/advisories/42108 || url,exploit-db.com/exploits/15400/ 1 || 2011938 || 5 || trojan-activity || 0 || ET MALWARE CryptMEN HTTP library purporting to be MSIE to PHP HTTP 1.0 1 || 2011939 || 7 || trojan-activity || 0 || ET MALWARE CryptMEN HTTP library purporting to be MSIE to PHP HTTP 1.1 1 || 2011940 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PossibleFreeNAS exec_raw.php Arbitrary Command Execution Attempt || bid,44974 1 || 2011941 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Open Source Support Ticket System module.php Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/95646/osticket-lfi.txt 1 || 2011942 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Vodpod Video Gallery Plugin gid Cross-Site Scripting Attempt || url,secunia.com/advisories/42195 1 || 2011943 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GeekLog filemgt SELECT FROM SQL Injection Attempt || url,securityreason.com/exploitalert/9145 1 || 2011944 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GeekLog filemgt DELETE FROM SQL Injection Attempt || url,securityreason.com/exploitalert/9145 1 || 2011945 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GeekLog filemgt UNION SELECT SQL Injection Attempt || url,securityreason.com/exploitalert/9145 1 || 2011946 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GeekLog filemgt INSERT INTO SQL Injection Attempt || url,securityreason.com/exploitalert/9145 1 || 2011947 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GeekLog filemgt UPDATE SET SQL Injection Attempt || url,securityreason.com/exploitalert/9145 1 || 2011948 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AWCM window_top.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15510/ 1 || 2011949 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AWCM common.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15510/ 1 || 2011950 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AWCM header.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15510/ 1 || 2011951 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY SEO Client Exploited By SMB/JavaWebStart 1 || 2011952 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY SEO Client Exploited By PDF 1 || 2011953 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Client Requesting Malicious jjar.jar 1 || 2011954 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Client Requesting Malicious loadjjar.php 1 || 2011955 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Client Requesting Malicious lib.pdf 1 || 2011956 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Client Requesting Malicious loadpeers.php 1 || 2011957 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Landing Page Encountered 1 || 2011958 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Obfuscated JavaScript desttable 1 || 2011959 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Obfuscated JavaScript srctable 1 || 2011960 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING SEO iframe redirect to drive by 1 || 2011961 || 4 || bad-unknown || 0 || ET DELETED MALVERTISING SEO iframe redirect to drive by 2 1 || 2011962 || 1 || bad-unknown || 0 || ET DELETED FAKEAV client requesting fake scanner page 1 || 2011966 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan downloader (AS8514) || url,www.malwareurl.com/listing.php?domain=1001jimm.ru 1 || 2011967 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan Zbot (AS9121) || url,www.malwareurl.com/listing.php?domain=19eylulmusikicemiyeti.com 1 || 2011968 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan Banker (AS33182) || url,www.malwareurl.com/listing.php?domain=allmobilefashion.com 1 || 2011969 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Ponmocup C2 Post-infection Checkin 1 || 2011970 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS SWF served from /tmp/ 1 || 2011972 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS PDF served from /tmp/ could be Phoenix Exploit Kit 1 || 2011973 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS JAR served from /tmp/ could be Phoenix Exploit Kit 1 || 2011974 || 3 || attempted-recon || 0 || ET SCAN Metasploit WMAP GET len 0 and type 1 || 2011975 || 2 || attempted-recon || 0 || ET SCAN RatProxy in-use 1 || 2011976 || 1 || attempted-dos || 0 || ET SCADA RealWin SCADA System Buffer Overflow || url,www.exploit-db.com/exploits/15337/ 1 || 2011978 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING Alureon JavaScript IFRAME Redirect 1 || 2011979 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS FedEX Spam Inbound 1 || 2011980 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Ircbrute Trojan || url,www.malwareurl.com/listing.php?domain=egyboys.net 1 || 2011981 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Eleonore Exploit Pack / Trojan Brebolab || url,www.malwareurl.com/listing.php?domain=media-download-kb572810.biz 1 || 2011982 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Trojan Ransom.AM || url,www.malwareurl.com/listing.php?domain=newpornmov.info 1 || 2011983 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Fast Flux Trojan || url,www.malwareurl.com/listing.php?domain=mediafilesonline.net 1 || 2011984 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Fast Flux Rogue Antivirus MalvRem || url,www.malwareurl.com/listing.php?domain=giga-protectiona.com || url,www.malwareurl.com/listing.php?domain=protectsystemf.com || url,www.malwareurl.com/listing.php?domain=1cnetantispy.com || url,www.malwareurl.com/listing.php?domain=3gb-scanner.com 1 || 2011985 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Fast Flux Rogue Antivirus avdistr || url,www.malwareurl.com/listing.php?domain=giga-protectiona.com || url,www.malwareurl.com/listing.php?domain=protectsystemf.com || url,www.malwareurl.com/listing.php?domain=1cnetantispy.com || url,www.malwareurl.com/listing.php?domain=3gb-scanner.com 1 || 2011986 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Fast Flux Rogue Antivirus RunAV || url,www.malwareurl.com/listing.php?domain=giga-protectiona.com || url,www.malwareurl.com/listing.php?domain=protectsystemf.com || url,www.malwareurl.com/listing.php?domain=1cnetantispy.com || url,www.malwareurl.com/listing.php?domain=3gb-scanner.com 1 || 2011987 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softbiz Article Directory Script sbiz_id Parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/14910/ 1 || 2011988 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Phoenix-style Exploit Kit Java Request with semicolon in URI 1 || 2011989 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Fast Flux Trojan (adobe-flash.v.) || url,www.malwareurl.com/listing.php?domain=realmultimediaonline.com 1 || 2011990 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Rogue AV (installer.xxxx.exe) || url,www.malwareurl.com/listing.php?domain=scripttoscan.co.cc 1 || 2011991 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FAKEAV Gemini systempack exe download 1 || 2011992 || 3 || trojan-activity || 0 || ET DELETED Possible ProFTPD Backdoor Initiate Attempt || url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/ || url, sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org || url,slashdot.org/story/10/12/02/131214/ProFTPDorg-Compromised-Backdoor-Distributed 1 || 2011993 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS ProFTPD Backdoor outbound Request Sent || url,slashdot.org/story/10/12/02/131214/ProFTPDorg-Compromised-Backdoor-Distributed || url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/ || url, sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org 1 || 2011994 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS ProFTPD Backdoor Inbound Backdoor Open Request (ACIDBITCHEZ) || url,slashdot.org/story/10/12/02/131214/ProFTPDorg-Compromised-Backdoor-Distributed || url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/ || url, sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org 1 || 2011995 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS invoice.scr download most likely a TROJAN 1 || 2011996 || 11 || trojan-activity || 0 || ET TROJAN Darkness DDoS Bot Checkin || url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20101205 || url,ef.kaffenews.com/?p=833 || url,www.threatexpert.com/report.aspx?md5=55edeb8742f0c38aaa3d984eb4205c68 || url,www.threatexpert.com/report.aspx?md5=60c84bb1ca03f80ca385f16946322440 || url,www.threatexpert.com/report.aspx?md5=7fcebf5bd67cede35d08bedd683e3524 || url,www.threatexpert.com/report.aspx?md5=778113cc4e758ed65de0123bb79cbd1f 1 || 2011999 || 6 || trojan-activity || 0 || ET TROJAN Trojan.Spy.YEK MAC and IP POST || url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20101115 1 || 2012000 || 3 || trojan-activity || 0 || ET MALWARE ASKTOOLBAR.DLL Reporting || url,threatexpert.com/report.aspx?md5=3f6413475b1466964498c8450de4062f 1 || 2012001 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS digiSHOP cart.php SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/15405/ 1 || 2012002 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS digiSHOP cart.php DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/15405/ 1 || 2012003 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS digiSHOP cart.php UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/15405/ 1 || 2012004 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS digiSHOP cart.php INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/15405/ 1 || 2012005 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS digiSHOP cart.php UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/15405/ 1 || 2012006 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MassMirror Uploader example_1.php Remote File Inclusion attempt || url,exploit-db.com/exploits/15441/ 1 || 2012007 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCow skin_file Parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/1011-exploits/phpcow-rfilfi.txt 1 || 2012008 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCow skin_file Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/1011-exploits/phpcow-rfilfi.txt 1 || 2012009 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress FeedList Plugin i Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/42197/ || url,johnleitch.net/Vulnerabilities/WordPress.Feed.List.2.61.01.Reflected.Cross-site.Scripting/56 1 || 2012010 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zen Cart loader_file Parameter Local File Inclusion Attempt || url,secunia.com/advisories/42101/ 1 || 2012011 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde IMP fetchmailprefs.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/94299/hordeimp-xss.txt 1 || 2012012 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Uploader download_launch.php Remote File Disclosure Attempt || url,exploit-db.com/exploits/13966/ 1 || 2012013 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Component com_smf smf.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/view/95510/mambosmf-rfi.txt 1 || 2012014 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Jimtawl Component task Parameter Local File Inclusion Attempt || url,expbase.com/WebApps/13388.html || url,secunia.com/advisories/42324/ 1 || 2012015 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebRCSdiff viewver.php File Inclusion Attempt || url,expbase.com/WebApps/13387.html || url,xforce.iss.net/xforce/xfdb/63343 1 || 2012016 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter SELECT FROM SQL Injection Attempt || url,expbase.com/WebApps/13391.html || url,secunia.com/advisories/42330/ 1 || 2012017 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter DELETE FROM SQL Injection Attempt || url,expbase.com/WebApps/13391.html || url,secunia.com/advisories/42330/ 1 || 2012018 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter UNION SELECT SQL Injection Attempt || url,expbase.com/WebApps/13391.html || url,secunia.com/advisories/42330/ 1 || 2012019 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter INSERT INTO SQL Injection Attempt || url,expbase.com/WebApps/13391.html || url,secunia.com/advisories/42330/ 1 || 2012020 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter UPDATE SET SQL Injection Attempt || url,expbase.com/WebApps/13391.html || url,secunia.com/advisories/42330/ 1 || 2012021 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jSchool Advanced id_gallery Parameter SQL Injection Attempt || url,exploit-db.com/exploits/15595/ || url,secunia.com/advisories/42334/ 1 || 2012022 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Community Builder Enhenced Component Local File Inclusion Attempt || url,exploit-db.com/exploits/15222/ 1 || 2012023 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ZyXEL P-660R-T1 HomeCurrent_Date Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/42344/ || url,archives.neohapsis.com/archives/bugtraq/2010-11/0190.html 1 || 2012024 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gbook MX newlangsel Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/10986/ 1 || 2012025 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Seo Panel file Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/95644/seopanel-disclose.txt 1 || 2012026 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/15526/ 1 || 2012027 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/15526/ 1 || 2012028 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/15526/ 1 || 2012029 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/15526/ 1 || 2012030 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/15526/ 1 || 2012031 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Abtp Portal Project skel_null.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15711/ 1 || 2012032 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Abtp Portal Project skel_null.php Local File Inclusion Attempt || url,exploit-db.com/exploits/15711/ 1 || 2012033 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS N-13 News default_login_language Parameter Local File Inclusion Attempt || url,secunia.com/advisories/39144/ || url,1337db.com/exploits/11446 1 || 2012034 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia artid Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/15006/ 1 || 2012035 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia artid Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/15006/ 1 || 2012036 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia artid Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/15006/ 1 || 2012037 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia artid Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/15006/ 1 || 2012038 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia artid Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/15006/ 1 || 2012039 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Car Portal car Parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/15135/ 1 || 2012040 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contenido idart Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/42440/ 1 || 2012041 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of String.fromCharCode % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012042 || 4 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of String.fromCharCode %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012043 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of charCodeAt % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012044 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of charCodeAt %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012045 || 4 || attempted-admin || 0 || ET EXPLOIT VMware Tools Update OS Command Injection Attempt || url,www.exploit-db.com/exploits/15717/ || cve,2010-4297 1 || 2012046 || 3 || web-application-attack || 0 || ET DELETED Android Use-After-Free Remote Code Execution on Webkit || url,exploit-db.com/exploits/15548/ 1 || 2012048 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Outbound Low Orbit Ion Cannon LOIC Tool Internal User May Be Participating in DDOS || url,www.isc.sans.org/diary.html?storyid=10051 1 || 2012049 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Inbound Low Orbit Ion Cannon LOIC DDOS Tool desu string || url,www.isc.sans.org/diary.html?storyid=10051 1 || 2012050 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Outbound Low Orbit Ion Cannon LOIC Tool Internal User May Be Participating in DDOS desu string || url,www.isc.sans.org/diary.html?storyid=10051 1 || 2012052 || 1 || misc-attack || 0 || ET WEB_CLIENT Winzip 15.0 WZFLDVW.OCX IconIndex Property Denial of Service || url,www.exploit-db.com/exploits/15695/ 1 || 2012053 || 1 || misc-attack || 0 || ET WEB_CLIENT Winzip 15.0 WZFLDVW.OCX Text Property Denial of Service || url,www.exploit-db.com/exploits/15694/ 1 || 2012054 || 3 || attempted-admin || 0 || ET SMTP Potential Exim HeaderX with run exploit attempt || url,www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html || url,eclists.org/fulldisclosure/2010/Dec/221 1 || 2012055 || 2 || attempted-recon || 0 || ET EXPLOIT JDownloader Webinterface Source Code Disclosure || url,packetstormsecurity.org/files/view/96126/jdownloader-disclose.txt 1 || 2012056 || 2 || attempted-dos || 0 || ET WEB_CLIENT Flash Player Flash6.ocx AllowScriptAccess Denial of Service || url,www.exploit-db.com/exploits/15698/ 1 || 2012057 || 2 || attempted-recon || 0 || ET EXPLOIT VMware 2 Web Server Directory Traversal || url,www.exploit-db.com/exploits/15617/ 1 || 2012058 || 1 || misc-attack || 0 || ET EXPLOIT HP LaserJet PLJ Interface Directory Traversal || url,www.exploit-db.com/exploits/15631/ || bugtraq,44882 || cve,2010-4107 1 || 2012059 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of document.write % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012060 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of document.write %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012061 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of arguments.callee % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012062 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of arguments.callee %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012063 || 1 || attempted-user || 0 || ET NETBIOS Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference || url,www.exploit-db.com/exploits/14674/ || url,www.microsoft.com/technet/security/bulletin/ms09-050.mspx || cve,2009-3103 1 || 2012064 || 4 || attempted-user || 0 || ET WEB_CLIENT Foxit PDF Reader Title Stack Overflow || url,www.exploit-db.com/exploits/15532/ 1 || 2012065 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aigaion ID Parameter UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/42463/ || url,securityreason.com/securityalert/7955 1 || 2012066 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aigaion ID Parameter INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/42463/ || url,securityreason.com/securityalert/7955 1 || 2012068 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Profi Einzelgebots Auktions System auktion_text.php Blind SQL Injection Attempt || url,exploit-db.com/exploits/12005/ 1 || 2012069 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MantisBT db_type Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/15736/ || url,secunia.com/advisories/42597/ 1 || 2012070 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MantisBT db_type Parameter Cross Site Scripting Attempt || url,exploit-db.com/exploits/15735/ || url,secunia.com/advisories/42597/ 1 || 2012071 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Google Urchin session.cgi Local File Inclusion Attempt || url,exploit-db.com/exploits/15737/ 1 || 2012072 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Safe Search Plugin v1 Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/42544 1 || 2012073 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aigaion ID Parameter SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/42463/ || url,securityreason.com/securityalert/7955 1 || 2012074 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aigaion ID Parameter DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/42463/ || url,securityreason.com/securityalert/7955 1 || 2012075 || 2 || attempted-user || 0 || ET WEB_CLIENT Possible Internet Explorer CSS Parser Remote Code Execution Attempt || url,seclists.org/fulldisclosure/2010/Dec/110 || url,www.breakingpointsystems.com/community/blog/ie-vulnerability/ || url,seclists.org/fulldisclosure/2010/Dec/110 || url,www.breakingpointsystems.com/community/blog/ie-vulnerability/ || url,www.microsoft.com/technet/security/advisory/2488013.mspx || bid,45246 || cve,2010-3971 1 || 2012076 || 2 || trojan-activity || 0 || ET TROJAN Win32.Krap.ar Infection URL Request || url,www.threatexpert.com/report.aspx?md5=df29b9866397fd311a5259c5d4bc00dd 1 || 2012077 || 2 || attempted-recon || 0 || ET SCAN Goatzapszu Header from unknown Scanning Tool 1 || 2012078 || 5 || policy-violation || 0 || ET POLICY Windows-Based OpenSSL Tunnel Outbound || url,www.stunnel.org/download/binaries.html 1 || 2012079 || 4 || policy-violation || 0 || ET POLICY Windows-Based OpenSSL Tunnel Connection Outbound 2 || url,www.stunnel.org/download/binaries.html 1 || 2012080 || 4 || policy-violation || 0 || ET POLICY Windows-Based OpenSSL Tunnel Connection Outbound 3 || url,www.stunnel.org/download/binaries.html 1 || 2012081 || 4 || trojan-activity || 0 || ET DELETED Possible Bozvanovna Zeus Campaign Config File URL || url,www.abuse.ch/?p=2986 1 || 2012082 || 3 || trojan-activity || 0 || ET DELETED Possible Bozvanovna Zeus Campaign Binary File URL || url,www.abuse.ch/?p=2986 1 || 2012083 || 1 || trojan-activity || 0 || ET DELETED Possible Bozvanovna Zeus Campaign SSL Certificate || url,www.abuse.ch/?p=2986 1 || 2012084 || 2 || attempted-user || 0 || ET NETBIOS Microsoft Windows SMB Client Race Condition Remote Code Execution || url,www.exploit-db.com/exploits/12258/ || cve,2010-0017 || bid,38100 || url,www.microsoft.com/technet/security/Bulletin/MS10-006.mspx 1 || 2012085 || 2 || not-suspicious || 0 || ET WEB_CLIENT Oracle Java 6 Object Tag launchjnlp docbase Parameters Flowbits Set 1 || 2012086 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset TCP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/ 1 || 2012087 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset UDP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/ 1 || 2012088 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset TCP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/ 1 || 2012089 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset TCP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/ 1 || 2012090 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset TCP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/ 1 || 2012091 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset UDP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/ 1 || 2012092 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset TCP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/ 1 || 2012093 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset UDP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/ 1 || 2012094 || 2 || attempted-user || 0 || ET NETBIOS SMB Trans2 Query_Fs_Attribute_Info SrvSmbQueryFsInformation Pool Buffer Overflow || url,www.exploit-db.com/exploits/14607/ || url,seclists.org/fulldisclosure/2010/Aug/122 || cve,2010-2550 || bid,42224 || url,www.microsoft.com/technet/security/Bulletin/MS10-054.mspx 1 || 2012096 || 1 || attempted-user || 0 || ET SCADA DATAC RealWin SCADA Server Buffer Overflow || url,www.securityfocus.com/bid/31418 || cve,2008-4322 || url,secunia.com/advisories/32055 1 || 2012099 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component Billy Portfolio catid Parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/15721/ 1 || 2012100 || 4 || attempted-user || 0 || ET WEB_CLIENT Oracle Java 6 Object Tag launchjnlp docbase Parameters Buffer Overflow || url,www.exploit-db.com/exploits/15241/ || cve,2010-3552 || bid,44023 1 || 2012101 || 2 || attempted-user || 0 || ET EXPLOIT Oracle Virtual Server Agent Command Injection Attempt || url,exploit-db.com/exploits/15244/ 1 || 2012102 || 4 || attempted-user || 0 || ET ACTIVEX Image Viewer CP Gold Image2PDF Buffer Overflow || url,www.exploit-db.com/exploits/15658/ 1 || 2012103 || 5 || web-application-attack || 0 || ET EXPLOIT D-Link bsc_wlan.php Security Bypass || url,packetstormsecurity.org/files/view/96100/dlinkwlan-bypass.txt 1 || 2012104 || 4 || trojan-activity || 0 || ET MALWARE User-Agent (AdVantage) || url,www.siteadvisor.com/sites/config.poweredbyadvantage.com 1 || 2012105 || 3 || trojan-activity || 0 || ET MALWARE AdVantage Malware URL Infection Report || url,www.siteadvisor.com/sites/config.poweredbyadvantage.com 1 || 2012106 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of arguments.callee %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012107 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of document.write %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012108 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of charCodeAt %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012109 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of String.fromCharCode %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012110 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible UTF-8 %u90 NOP SLED || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.windowsecurity.com/articles/Obfuscated-Shellcode-Part1.html 1 || 2012111 || 4 || shellcode-detect || 0 || ET SHELLCODE Possible UTF-16 %u9090 NOP SLED || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.windowsecurity.com/articles/Obfuscated-Shellcode-Part1.html 1 || 2012112 || 4 || shellcode-detect || 0 || ET SHELLCODE Possible Encoded %90 NOP SLED || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.windowsecurity.com/articles/Obfuscated-Shellcode-Part1.html 1 || 2012113 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan.BackDoor-DRV.gen.c Reporting-1 || url,threatexpert.com/report.aspx?md5=d5ff6df296c068fcc0ddd303984fa6b9 || url,support.clean-mx.de/clean-mx/viruses.php?domain=wyunion.com&sort=first desc 1 || 2012114 || 3 || trojan-activity || 0 || ET TROJAN Trojan.BackDoor-DRV.gen.c Reporting-2 || url,threatexpert.com/report.aspx?md5=d5ff6df296c068fcc0ddd303984fa6b9 || url,support.clean-mx.de/clean-mx/viruses.php?domain=wyunion.com&sort=first desc 1 || 2012115 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query for a Suspicious Malware Related Numerical .in Domain || url,sign.kaffenews.com/?p=104 || url,www.isc.sans.org/diary.html?storyid=10165 1 || 2012116 || 4 || attempted-recon || 0 || ET WEB_SERVER DD-WRT Information Disclosure Attempt || url,www.exploit-db.com/exploits/15842/ 1 || 2012117 || 2 || successful-recon-limited || 0 || ET WEB_SERVER Successful DD-WRT Information Disclosure || url,www.exploit-db.com/exploits/15842/ 1 || 2012118 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS http string in hex Likely Obfuscated Exploit Redirect 1 || 2012119 || 3 || bad-unknown || 0 || ET WEB_CLIENT Possible Hex Obfuscation Usage On Webpage || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,cansecwest.com/slides07/csw07-nazario.pdf 1 || 2012120 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Usage of Actionscript ByteArray writeByte Function to Build Shellcode || url,blog.fireeye.com/research/2009/07/actionscript_heap_spray.html 1 || 2012121 || 1 || attempted-user || 0 || ET DELETED Adobe Reader and Acrobat U3D File Invalid Array Index Remote Code Execution Attempt || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=827 || url,www.adobe.com/support/security/bulletins/apsb09-15.html || bid,36638 || cve,2009-2990 1 || 2012122 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-1 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012122 1 || 2012123 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-2 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012123 1 || 2012124 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-3 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012124 1 || 2012125 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-4 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012125 1 || 2012126 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-5 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012126 1 || 2012127 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-6 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012127 1 || 2012128 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-7 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012128 1 || 2012129 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-8 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012129 1 || 2012130 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie mybloggie_root_path Parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/view/96805/mybloggie216-rfi.txt || url,doc.emergingthreats.net/2012130 1 || 2012131 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Seyret Video com_seyret Component Blind SQL Injection Attempt || url,exploit-db.com/exploits/14172/ || url,doc.emergingthreats.net/2012131 1 || 2012132 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS p2pshare.org Malware Related Activity 1 || 2012133 || 4 || attempted-user || 0 || ET ACTIVEX FathFTP 1.8 EnumFiles Method ActiveX Buffer Overflow || url,www.exploit-db.com/exploits/14552/ 1 || 2012134 || 4 || attempted-user || 0 || ET ACTIVEX SigPlus Pro 3.74 ActiveX LCDWriteString Method Remote Buffer Overflow || cve,2010-2931 || url,www.exploit-db.com/exploits/14514/ 1 || 2012135 || 3 || attempted-user || 0 || ET SMTP IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Attempt || url,www.exploit-db.com/exploits/15005/ || cve,2010-3407 1 || 2012136 || 9 || trojan-activity || 0 || ET TROJAN Waledac 2.0/Storm Worm 3.0 GET request detected 1 || 2012137 || 5 || trojan-activity || 0 || ET TROJAN Storm/Waledac 3.0 Checkin 1 1 || 2012139 || 8 || trojan-activity || 0 || ET TROJAN Storm/Waledac 3.0 Checkin 2 1 || 2012140 || 5 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan Command and Control Communication || url,www.isc.sans.org/diary.html?storyid=10186 1 || 2012141 || 2 || policy-violation || 0 || ET POLICY Protocol 41 IPv6 encapsulation potential 6in4 IPv6 tunnel active || url,en.wikipedia.org/wiki/6in4 1 || 2012142 || 2 || not-suspicious || 0 || ET WEB_CLIENT AVI RIFF Chunk Access Flowbit Set 1 || 2012143 || 3 || attempted-user || 0 || ET WEB_CLIENT Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow || cve,2010-0480 || url,www.exploit-db.com/moaub-5-microsoft-mpeg-layer-3-audio-stack-based-overflow/ || url,www.exploit-db.com/exploits/14895/ || url,www.microsoft.com/technet/security/Bulletin/MS10-026.mspx 1 || 2012144 || 3 || bad-unknown || 0 || ET DELETED Possible Malware Related Numerical .co Domain Lookup || url,sign.kaffenews.com/?p=104 || url,www.isc.sans.org/diary.html?storyid=10165 1 || 2012145 || 4 || attempted-user || 0 || ET ACTIVEX Netcraft Toolbar Remote Code Execution || url,www.exploit-db.com/exploits/15600 1 || 2012146 || 8 || attempted-user || 0 || ET ACTIVEX ImageShack Toolbar Remote Code Execution || url,www.exploit-db.com/exploits/15601 1 || 2012147 || 7 || attempted-user || 0 || ET ACTIVEX Advanced File Vault Activex Heap Spray Attempt || url,www.exploit-db.com/exploits/14580/ 1 || 2012148 || 6 || attempted-user || 0 || ET ACTIVEX dBpowerAMP Audio Player 2 FileExists Method ActiveX Buffer Overflow || url,www.exploit-db.com/exploits/14586/ 1 || 2012149 || 4 || attempted-admin || 0 || ET WEB_CLIENT MS10-090 IE CSS Exploit Metasploit POC Specific Unicoded || cve,CVE-2010-3971 || url,breakingpointsystems.com/community/blog/ie-vulnerability/ || bid,45246 1 || 2012150 || 2 || attempted-dos || 0 || ET WEB_SERVER PHP Large Subnormal Double Precision Floating Point Number PHP DoS in URI || url,bugs.php.net/bug.php?id=53632 1 || 2012151 || 1 || attempted-dos || 0 || ET WEB_SERVER PHP Large Subnormal Double Precision Floating Point Number PHP DoS Inbound || url,bugs.php.net/bug.php?id=53632 1 || 2012152 || 2 || not-suspicious || 0 || ET WEB_CLIENT DXF Extension File Detection Access Flowbit Set 1 || 2012153 || 3 || attempted-user || 0 || ET WEB_CLIENT Microsoft Office Visio DXF File Processing Remote Code Execution || url,www.exploit-db.com/moaub-8-microsoft-office-visio-dxf-file-stack-overflow || url,www.exploit-db.com/exploits/14944/ || cve,2010-1681 || url,www.microsoft.com/technet/security/bulletin/ms10-028.mspx || bid,39836 1 || 2012154 || 2 || attempted-user || 0 || ET EXPLOIT Wireshark ENTTEC DMX Data Processing Code Execution Attempt 1 || url,www.exploit-db.com/exploits/15898/ || bid,45634 1 || 2012155 || 2 || attempted-user || 0 || ET EXPLOIT Wireshark ENTTEC DMX Data Processing Code Execution Attempt 2 || url,www.exploit-db.com/exploits/15898/ || bid,45634 1 || 2012156 || 1 || attempted-user || 0 || ET WEB_CLIENT Possible Adobe Reader 9.4 doc.printSeps Memory Corruption Attempt || bid,44638 || cve,2010-4091 1 || 2012157 || 2 || attempted-user || 0 || ET ACTIVEX Possible Microsoft WMI Administration Tools WEBSingleView.ocx ActiveX Buffer Overflow Attempt Function Call || url,xcon.xfocus.net/XCon2010_ChenXie_EN.pdf || url,wooyun.org/bug.php?action=view&id=1006 1 || 2012158 || 3 || attempted-user || 0 || ET ACTIVEX Possible Microsoft WMI Administration Tools WEBSingleView.ocx ActiveX Buffer Overflow Attempt || url,xcon.xfocus.net/XCon2010_ChenXie_EN.pdf || url,wooyun.org/bug.php?action=view&id=1006 || bid,45546 || cve,CVE-2010-3973 1 || 2012159 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Informacion General informacion_general.php SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97188/phpig-sql.txt 1 || 2012160 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Informacion General informacion_general.php DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97188/phpig-sql.txt 1 || 2012161 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Informacion General informacion_general.php UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/97188/phpig-sql.txt 1 || 2012162 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Informacion General informacion_general.php INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/97188/phpig-sql.txt 1 || 2012163 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Informacion General informacion_general.php UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/97188/phpig-sql.txt 1 || 2012164 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WORDPRESS Plugin Accept Signups email Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/96928/wpsignups-xss.txt 1 || 2012165 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Concrete DIR_FILES_BLOCK_TYPES_CORE Parameter Remote File Inclusion Attempt || bugtraq,45669 1 || 2012166 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_xmovie file Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/96996/xmovie-fli.txt 1 || 2012167 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ndCMS editor.aspx index Parameter SQL Injection Attempt || url,exploit-db.com/exploits/15124/ 1 || 2012168 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tiki Wiki CMS Groupware language Parameter Local File Inclusion Attempt || url,johnleitch.net/Vulnerabilities/Tiki.Wiki.CMS.Groupware.5.2.Local.File.Inclusion/46 1 || 2012169 || 9 || bad-unknown || 0 || ET TROJAN Potential Blackhole Exploit Pack Binary Load Request || url,krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/ 1 || 2012170 || 2 || policy-violation || 0 || ET GAMES Blizzard Web Downloader Install Detected 1 || 2012171 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.org Domain || url,isc.sans.edu/diary.html?storyid=3266 || url,isc.sans.edu/diary.html?storyid=5710 || url,google.com/safebrowsing/diagnostic?site=3322.org/ || url,www.mywot.com/en/scorecard/3322.org 1 || 2012172 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (mrgud) 1 || 2012173 || 2 || bad-unknown || 0 || ET WEB_CLIENT eval String.fromCharCode String Which May Be Malicious 1 || 2012174 || 8 || attempted-admin || 0 || ET EXPLOIT Microsoft Windows Common Control Library Heap Buffer Overflow || bugtraq,43717 || url,www.microsoft.com/technet/security/bulletin/MS10-081.mspx 1 || 2012176 || 1 || misc-activity || 0 || ET MALWARE Lookup of Malware Domain twothousands.cm Likely Infection 1 || 2012177 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS p2pshares.org Related Malware 1 || 2012178 || 4 || trojan-activity || 0 || ET TROJAN Carberp CnC request POST /set/task.html 1 || 2012179 || 6 || attempted-user || 0 || ET WEB_CLIENT Adobe Reader and Acrobat U3D File Invalid Array Index Remote Code Execution Attempt || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=827 || url,www.adobe.com/support/security/bulletins/apsb09-15.html || bid,36638 || cve,2009-2990 1 || 2012180 || 3 || bad-unknown || 0 || ET USER_AGENTS Suspicious User Agent no space 1 || 2012181 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nucleus action.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15907/ 1 || 2012182 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nucleus media.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15907/ 1 || 2012183 || 3 || attempted-recon || 0 || ET DELETED Possible Open SIP Relay scanner Fake Eyebeam User-Agent Detected || url,honeynet.org.au/?q=open_sip_relay_scanner 1 || 2012184 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nucleus server.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15907/ 1 || 2012185 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nucleus PLUGINADMIN.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15907/ 1 || 2012186 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS axdcms aXconf Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/15938/ 1 || 2012187 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bizdir.cgi f_srch Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/96613/bizdir510-xss.txt 1 || 2012189 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpscripte24 Vor und Ruckwarts Auktions System Blind SQL Injection Attempt || url,exploit-db.com/exploits/12026/ 1 || 2012190 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zimplit CMS client Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/96466/zimplit-xss.txt 1 || 2012191 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zimplit CMS file Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/96466/zimplit-xss.txt 1 || 2012192 || 3 || attempted-user || 0 || ET ACTIVEX NewV SmartClient NewvCommon.ocx DelFile Method Arbitrary File Deletion Attempt || url,packetstormsecurity.org/files/view/97394/newvcommon-insecure.txt 1 || 2012193 || 2 || web-application-attack || 0 || ET EXPLOIT Lexmark Printer RDYMSG Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/97265/lexmark-xss.txt 1 || 2012194 || 3 || attempted-user || 0 || ET ACTIVEX Real Networks RealPlayer SP RecordClip Method Remote Code Execution Attempt || bid,44443 || cve,2010-3749 1 || 2012195 || 3 || misc-activity || 0 || ET DELETED Nginx Serving EXE/DLL File Often Malware Related 1 || 2012196 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible Unescape Encoded Content With Split String Obfuscation || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012197 || 4 || shellcode-detect || 0 || ET SHELLCODE Possible Unescape Encoded Content With Split String Obfuscation 2 || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012198 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Worm W32.Svich or Other Infection Request for setting.ini || url,www.threatexpert.com/report.aspx?md5=fcb828c0b735ea8d560a45b3bdd29b94 || url,www.threatexpert.com/report.aspx?md5=36d9a446d6311f9a4c19865e2b62f15d 1 || 2012199 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Worm W32.Svich or Other Infection Request for setting.xls || url,www.threatexpert.com/report.aspx?md5=fb789b067c2809c25fb36abb677cdfcd 1 || 2012200 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Worm W32.Svich or Other Infection Request for setting.doc || url,www.threatexpert.com/report.aspx?md5=fb789b067c2809c25fb36abb677cdfcd 1 || 2012201 || 3 || trojan-activity || 0 || ET WORM Possible Worm Sohanad.Z or Other Infection Request for setting.nql || url,www.threatexpert.com/report.aspx?md5=a70aad8f27957702febfa162556dc5b5 1 || 2012202 || 2 || trojan-activity || 0 || ET DELETED DNS Lookup of Known BlackEnergy DDOS Botnet CnC Server greenter.ru || url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20110116 || url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20100913 1 || 2012204 || 3 || attempted-recon || 0 || ET SCAN Modified Sipvicious Sundayddr Scanner (sipsscuser) || url,code.google.com/p/sipvicious/ || url,blog.sipvicious.org/ || url,honeynet.org.au/?q=sunday_scanner 1 || 2012205 || 2 || misc-activity || 0 || ET WEB_CLIENT Possible Malicious String.fromCharCode with charCodeAt String 1 || 2012206 || 2 || attempted-user || 0 || ET ACTIVEX Novell iPrint ActiveX GetDriverSettings Remote Code Execution Attempt || url,www.zerodayinitiative.com/advisories/ZDI-10-256/ || url,www.vupen.com/english/advisories/2010/3023 || bid,44966 || cve,2010-4321 1 || 2012207 || 4 || misc-attack || 0 || ET DELETED Possible Twitter Worm Attack || url,threatpost.com/en_us/blogs/twitter-worm-uses-google-url-shortener-spread-scareware-012011 1 || 2012208 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS FAKEAV CryptMEN pack.exe Payload Download 1 || 2012209 || 2 || trojan-activity || 0 || ET DELETED m28sx twitter worm redirect access || url,isc.sans.edu/diary.html?storyid=10297 1 || 2012210 || 2 || trojan-activity || 0 || ET DELETED DNS Lookup of Twitter m28sx Worm || url,isc.sans.edu/diary.html?storyid=10297 1 || 2012211 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/96808/tunngavikcms-sql.txt 1 || 2012212 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/96808/tunngavikcms-sql.txt 1 || 2012213 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/96808/tunngavikcms-sql.txt 1 || 2012214 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/96808/tunngavikcms-sql.txt 1 || 2012215 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/96808/tunngavikcms-sql.txt 1 || 2012216 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS B-Cumulus tagcloud.swf Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/97618/bcumulus-xss.txt 1 || 2012217 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LetoDMS lang Parameter Local File Inclusion Attempt || bugtraq,37828 1 || 2012218 || 3 || web-application-attack || 0 || ET ACTIVEX Possible UserManager SelectServer method Buffer Overflow Attempt || url,exploit-db.com/exploits/16002/ 1 || 2012219 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BetMore Site Suite mainx_a.php bid Paramter Blind SQL Injection Attempt || url,exploit-db.com/exploits/15999/ 1 || 2012220 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS B-Cumulus tagcloud-ru.swf Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/97618/bcumulus-xss.txt 1 || 2012221 || 2 || trojan-activity || 0 || ET USER_AGENTS Malware Related msndown || url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=17fdf0cb5970b71b81b1a5406e017ac1 1 || 2012222 || 2 || trojan-activity || 0 || ET TROJAN Winsoft.E Checkin 1 || url,www.threatexpert.com/report.aspx?md5=d773d063d8cf35166831af0dae13a4b7 || url,xml.ssdsandbox.net/index.php/935021734dd64921defd1eb266c3fb39 1 || 2012223 || 2 || trojan-activity || 0 || ET TROJAN Winsoft.E Checkin 2 || url,www.threatexpert.com/report.aspx?md5=d773d063d8cf35166831af0dae13a4b7 || url,xml.ssdsandbox.net/index.php/935021734dd64921defd1eb266c3fb39 1 || 2012224 || 2 || trojan-activity || 0 || ET TROJAN Winsoft.E Checkin 3 || url,www.threatexpert.com/report.aspx?md5=d773d063d8cf35166831af0dae13a4b7 || url,xml.ssdsandbox.net/index.php/935021734dd64921defd1eb266c3fb39 1 || 2012225 || 4 || trojan-activity || 0 || ET TROJAN Spy Banker Outbound Communication Attempt || url,www.threatexpert.com/report.aspx?md5=58b3c37b61d27cdc0a55321f4c12ef04 1 || 2012226 || 4 || trojan-activity || 0 || ET TROJAN Win32/Banbra Banking Trojan Communication || url,www.threatexpert.com/report.aspx?md5=7ce03717d6879444d8e45b7cf6470c67 1 || 2012227 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FAKEAV Gemini softupdate*.exe download 1 || 2012228 || 5 || misc-activity || 0 || ET MALWARE Suspicious Russian Content-Language Ru Which May Be Malware Related 1 || 2012229 || 7 || misc-activity || 0 || ET MALWARE Suspicious Chinese Content-Language zh-cn Which May be Malware Related 1 || 2012230 || 4 || web-application-attack || 0 || ET WEB_SERVER Likely Malicious Request for /proc/self/environ 1 || 2012231 || 2 || attempted-user || 0 || ET ACTIVEX Oracle Document Capture Insecure Read Method File Access Attempt || cve,2010-3595 1 || 2012232 || 2 || attempted-user || 0 || ET ACTIVEX Oracle Document Capture File Deletion Attempt || cve,2010-3591 1 || 2012233 || 3 || attempted-user || 0 || ET ACTIVEX Oracle Document Capture File Overwrite Attempt || cve,2010-3591 1 || 2012234 || 3 || attempted-user || 0 || ET ACTIVEX Oracle Document Capture File Overwrite or Buffer Overflow Attempt || cve,2010-3599 1 || 2012235 || 3 || trojan-activity || 0 || ET DELETED UPS Spam Inbound Variant 4 1 || 2012236 || 2 || trojan-activity || 0 || ET TROJAN x0Proto Init 1 || 2012237 || 2 || trojan-activity || 0 || ET TROJAN x0Proto Client Info 1 || 2012238 || 2 || trojan-activity || 0 || ET TROJAN x0Proto Pong 1 || 2012239 || 2 || trojan-activity || 0 || ET TROJAN x0Proto Ping 1 || 2012240 || 2 || trojan-activity || 0 || ET TROJAN x0Proto Download Cmd 1 || 2012241 || 2 || bad-unknown || 0 || ET WEB_CLIENT Possible % Encoded Iframe Tag || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.guardian.co.uk/technology/2008/apr/03/security.google 1 || 2012242 || 2 || bad-unknown || 0 || ET WEB_CLIENT Possible %u UTF-8 Encoded Iframe Tag || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.guardian.co.uk/technology/2008/apr/03/security.google 1 || 2012243 || 2 || bad-unknown || 0 || ET WEB_CLIENT Possible %u UTF-16 Encoded Iframe Tag || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.guardian.co.uk/technology/2008/apr/03/security.google 1 || 2012244 || 2 || bad-unknown || 0 || ET WEB_CLIENT Possible # Encoded Iframe Tag || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.guardian.co.uk/technology/2008/apr/03/security.google 1 || 2012245 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of document.write # Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012246 || 3 || trojan-activity || 0 || ET USER_AGENTS Unknown Trojan Checkin UA Detected iamx 1 || 2012247 || 3 || policy-violation || 0 || ET P2P BTWebClient UA uTorrent in use 1 || 2012248 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS MUROFET/Licat Trojan Checkin Forum || url,extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html || url,www.threatexpert.com/report.aspx?md5=531e84b0894a7496479d186712acd7d2 1 || 2012249 || 4 || trojan-activity || 0 || ET USER_AGENTS Suspicious Win32 User Agent 1 || 2012250 || 3 || trojan-activity || 0 || ET TROJAN Unknown Web Backdoor Keep-Alive 1 || 2012251 || 8 || policy-violation || 0 || ET MOBILE_MALWARE Google Android Device HTTP Request 1 || 2012252 || 3 || shellcode-detect || 0 || ET SHELLCODE Common 0a0a0a0a Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012253 || 2 || shellcode-detect || 0 || ET SHELLCODE Common %0a%0a%0a%0a Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012254 || 3 || shellcode-detect || 0 || ET SHELLCODE Common %u0a0a%u0a0a UTF-16 Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012255 || 3 || shellcode-detect || 0 || ET SHELLCODE Common %u0a%u0a%u0a%u0a UTF-8 Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012256 || 2 || shellcode-detect || 0 || ET SHELLCODE Common 0c0c0c0c Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012257 || 3 || shellcode-detect || 0 || ET SHELLCODE Common %0c%0c%0c%0c Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012258 || 3 || shellcode-detect || 0 || ET SHELLCODE Common %u0c0c%u0c0c UTF-16 Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012259 || 3 || shellcode-detect || 0 || ET SHELLCODE Common %u0c%u0c%u0c%u0c UTF-8 Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012260 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of parseInt % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,/www.w3schools.com/jsref/jsref_parseInt.asp 1 || 2012261 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of parseInt %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,/www.w3schools.com/jsref/jsref_parseInt.asp 1 || 2012262 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of parseInt %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,/www.w3schools.com/jsref/jsref_parseInt.asp 1 || 2012263 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of Script Tag % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012264 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of Script Tag %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012265 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of Script Tag %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012266 || 4 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of unescape % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012267 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of unescape %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012268 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of unescape %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012269 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of substr % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012270 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of substr %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012271 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of substr %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012272 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of eval % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012273 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of eval %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012274 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of eval %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012275 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Post Express Inbound SPAM (possible Spyeye) || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out 1 || 2012276 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS USPS Inbound SPAM 1 || 2012278 || 5 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent (Our_Agent) 1 || 2012279 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SpyEye HTTP Library Checkin || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out 1 || 2012280 || 2 || trojan-activity || 0 || ET DELETED SpyEye Post_Express_Label infection activity to document.doc || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out 1 || 2012281 || 2 || trojan-activity || 0 || ET DELETED SpyEye Post_Express_Label infection activity multi-stage download request || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out 1 || 2012282 || 4 || trojan-activity || 0 || ET DELETED SpyEye Post_Express_Label infection activity multi-stage download confirmed success || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out 1 || 2012283 || 4 || trojan-activity || 0 || ET DELETED SpyEye Post_Express_Label infection check-in || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out 1 || 2012284 || 3 || trojan-activity || 0 || ET TROJAN SpyEye Post_Express_Label ftpgrabber check-in || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out 1 || 2012285 || 4 || trojan-activity || 0 || ET DELETED Trojan/Win32.CodecPack Reporting 1 || 2012286 || 4 || attempted-recon || 0 || ET WEB_SERVER Automated Site Scanning for backupdata 1 || 2012287 || 3 || attempted-recon || 0 || ET WEB_SERVER Automated Site Scanning for backup_data 1 || 2012288 || 4 || trojan-activity || 0 || ET TROJAN Spy.Win32.Agent.bijs Reporting 2 || url,threatexpert.com/report.aspx?md5=846ac24b003c6d468a833bff58db5f5c 1 || 2012289 || 4 || trojan-activity || 0 || ET TROJAN Win32 Troxen Reporting || url,threatexpert.com/report.aspx?md5=664a5147e6258f10893c3fd375f16ce4 || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32/Troxen!rts 1 || 2012290 || 4 || trojan-activity || 0 || ET TROJAN Spy.Win32.Agent.bijs Reporting 1 || url,threatexpert.com/report.aspx?md5=846ac24b003c6d468a833bff58db5f5c 1 || 2012291 || 2 || attempted-user || 0 || ET DELETED Base64 Encoded FTP Commands (21 > o&echo user 1 1 >> o &echo get) 1 || 2012292 || 3 || attempted-user || 0 || ET DELETED Base64 Encoded FTP Commands Upload (21 > o&echo user 1 1 >> o &echo get) 1 || 2012295 || 3 || trojan-activity || 0 || ET USER_AGENTS suspicious user-agent (REKOM) 1 || 2012296 || 2 || attempted-recon || 0 || ET VOIP Modified Sipvicious Asterisk PBX User-Agent || url,blog.sipvicious.org/2010/11/distributed-sip-scanning-during.html 1 || 2012297 || 2 || attempted-recon || 0 || ET VOIP Possible Inbound VOIP Scan/Misuse With User-Agent Zoiper || url,blog.sipvicious.org/2010/12/11-million-euro-loss-in-voip-fraud-and.html 1 || 2012298 || 3 || trojan-activity || 0 || ET MALWARE User-Agent (0xa10xa1HttpClient) 1 || 2012299 || 3 || trojan-activity || 0 || ET TROJAN W32 Bamital or Backdoor.Win32.Shiz CnC Communication || url,www.threatexpert.com/report.aspx?md5=fbcdfecc73c4389e8d3ed7e2e573b6f1 1 || 2012300 || 3 || trojan-activity || 0 || ET TROJAN Win32.Banker.AAD CnC Communication || url,www.threatexpert.com/report.aspx?md5=8556aec7ff96824e2da9d1b948ed7029 1 || 2012301 || 3 || trojan-activity || 0 || ET TROJAN Potential Trojan dropper Wlock.A (AS1680) || url,www.malwareurl.com/listing.php?domain=pworldxxx.info 1 || 2012302 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Potential Fake AV Scan (AS31252) || url,www.malwareurl.com/listing.php?domain=scan.dpowerprotection.com 1 || 2012303 || 4 || trojan-activity || 0 || ET TROJAN Night Dragon CnC Beacon Outbound || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf 1 || 2012304 || 6 || trojan-activity || 0 || ET TROJAN Night Dragon CnC Beacon Inbound || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-Night-dragon.pdf 1 || 2012305 || 5 || trojan-activity || 0 || ET TROJAN Night Dragon CnC Traffic Inbound 2 || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-Night-dragon.pdf 1 || 2012306 || 6 || trojan-activity || 0 || ET TROJAN Night Dragon CnC Traffic Outbound 2 || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-Night-dragon.pdf 1 || 2012307 || 1 || trojan-activity || 0 || ET TROJAN Night Dragon CMD Shell || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-Night-dragon.pdf 1 || 2012308 || 2 || trojan-activity || 0 || ET TROJAN Night Dragon Dropper Download Command || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-Night-dragon.pdf 1 || 2012309 || 1 || trojan-activity || 0 || ET TROJAN Night Dragon Server Auth to Bot || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-Night-dragon.pdf 1 || 2012310 || 5 || trojan-activity || 0 || ET TROJAN Si25f_302 User-Agent 1 || 2012311 || 4 || trojan-activity || 0 || ET DELETED W32.SillyP2P Checkin || url,www.securehomenetwork.blogspot.com/2011/02/anonleaks-continues-relationship-with.html || url,www.threatexpert.com/report.aspx?md5=a7e1388c38c1fed12785bc335f95b15d 1 || 2012312 || 5 || trojan-activity || 0 || ET TROJAN Generic Trojan with /? and Indy Library User-Agent 1 || 2012313 || 5 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent Moxilla 1 || 2012314 || 3 || trojan-activity || 0 || ET TROJAN Rootkit TDSS/Alureon Checkin 2 || url,contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html 1 || 2012315 || 2 || trojan-activity || 0 || ET USER_AGENTS Fake Opera 8.11 UA related to Trojan Activity 1 || 2012316 || 3 || trojan-activity || 0 || ET DELETED Suspicious Win32 User Agent 1 || 2012317 || 2 || attempted-admin || 0 || ET NETBIOS Microsoft Windows Server 2003 Active Directory Pre-Auth BROWSER ELECTION Heap Overflow Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=22457 || bid,46360 1 || 2012318 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FAKEAV download (AntiSpyWareSetup.exe) 1 || 2012319 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS IRS Inbound SMTP Malware 1 || 2012320 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS IRS Inbound SPAM 1 || 2012321 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.cx.cc domain 1 || 2012322 || 7 || trojan-activity || 0 || ET TROJAN Possible TDSS User-Agent CMD || url,www.kernelmode.info/forum/viewtopic.php?f=16&t=19 || url,www.securelist.com/en/analysis/204792180/TDL4_Top_Bot 1 || 2012323 || 3 || bad-unknown || 0 || ET DELETED Malicious Advertizing URL in.cgi/antibot_hash 1 || 2012324 || 3 || bad-unknown || 0 || ET EXPLOIT Unknown Exploit Pack URL Detected 1 || 2012325 || 4 || bad-unknown || 0 || ET WEB_CLIENT Obfuscated Javascript // ptth 1 || 2012326 || 5 || bad-unknown || 0 || ET WEB_CLIENT Obfuscated Javascript // ptth (escaped) 1 || 2012327 || 3 || misc-activity || 0 || ET MALWARE All Numerical .cn Domain Likely Malware Related 1 || 2012328 || 5 || misc-activity || 0 || ET MALWARE All Numerical .ru Domain Lookup Likely Malware Related 1 || 2012329 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS IRS Inbound SPAM variant 3 1 || 2012330 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain 1 || 2012331 || 3 || policy-violation || 0 || ET POLICY Apple iDisk Sync Unencrypted 1 || 2012332 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Fast Flux Trojan Rogue Antivirus || url,www.malwareurl.com/listing.php?domain=microantivirus5.com 1 || 2012333 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neosploit Toolkit download || url,www.malwareurl.com/listing.php?domain=piadraspgdw.com || url,labs.m86security.com/2011/01/shedding-light-on-the-neosploit-exploit-kit 1 || 2012334 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Froxlor customer_ftp.php id Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/16051/ 1 || 2012335 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coupon Script bus parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/16034/ 1 || 2012336 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CultBooking lang parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/16028/ 1 || 2012337 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CultBooking lang Parameter Cross Site Scripting Attempt || url,exploit-db.com/exploits/16028/ 1 || 2012338 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-fusion Team Structure Infusion team_id Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97588/phpfusiontsi-sql.txt 1 || 2012339 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-fusion Team Structure Infusion team_id Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97588/phpfusiontsi-sql.txt 1 || 2012340 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-fusion Team Structure Infusion team_id Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/97588/phpfusiontsi-sql.txt 1 || 2012341 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-fusion Team Structure Infusion team_id Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/97588/phpfusiontsi-sql.txt 1 || 2012342 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-fusion Team Structure Infusion team_id Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/97588/phpfusiontsi-sql.txt 1 || 2012343 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid active_auctions.php lan Parameter Local File inclusion Attempt || url,johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Local.File.Inclusion/63 1 || 2012344 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Madirish Webmail basedir Parameter Remote File inclusion Attempt || url,exploit-db.com/exploits/12369/ 1 || 2012345 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Frontend-User-Access controller Parameter Local File Inclusion Attempt || url,secunia.com/advisories/43137/ || url,securityhome.eu/exploits/exploit.php?eid=17879866924d479451d88fa8.02873909 1 || 2012346 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMB Services id Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/16087/ 1 || 2012347 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMB Services id Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/16087/ 1 || 2012348 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Services id Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/16087/ 1 || 2012349 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMB Services id Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/16087/ 1 || 2012350 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMB Services id Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/16087/ 1 || 2012351 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Emerson Network AllResults.aspx Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/98029/enp-xss.txt 1 || 2012352 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Classified ads software cid parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/16062/ 1 || 2012353 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Audio showfile Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/97834/WordPressAudio0.5.1-xss.txt 1 || 2012354 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos and Chamilo open_document.php file Parameter File Disclosure Attempt || bugtraq,46173 1 || 2012355 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Moodle PHPCOVERAGE_HOME Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/98053/Moodle2.0.1-xss.txt 1 || 2012356 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Featured Content param Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/97826/WordPressFeaturedContent0.0.1-xss.txt 1 || 2012357 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla XGallery com_xgallery Component Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/96864/joomlaxgallery-lfi.txt 1 || 2012358 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPCMS modelid Parameter SQL Injection Attempt || bugtraq,45933 1 || 2012359 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS T-Content Management System id_novedad Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/98190/tcms-sql.txt 1 || 2012360 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS T-Content Management System id_novedad Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/98190/tcms-sql.txt 1 || 2012361 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS T-Content Management System id_novedad Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/98190/tcms-sql.txt 1 || 2012362 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS T-Content Management System id_novedad Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/98190/tcms-sql.txt 1 || 2012363 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS T-Content Management System id_novedad Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/98190/tcms-sql.txt 1 || 2012364 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bexfront sid Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97294/phpbexfront-sql.txt 1 || 2012365 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bexfront sid Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97294/phpbexfront-sql.txt 1 || 2012366 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bexfront sid Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/97294/phpbexfront-sql.txt 1 || 2012367 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bexfront sid Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/97294/phpbexfront-sql.txt 1 || 2012368 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bexfront sid Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/97294/phpbexfront-sql.txt 1 || 2012369 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla swMenuPro ImageManager.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/view/95505/joomlaswmenupro-rfi.txt 1 || 2012370 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Boonex Dolphin explain Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/98408/Dolphin7.0.4-xss.txt || bugtraq,46337 1 || 2012371 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Boonex Dolphin relocate Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/98408/Dolphin7.0.4-xss.txt || bugtraq,46337 1 || 2012372 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ColdUserGroup LibraryID Parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/14935/ 1 || 2012373 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde type Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/98424/horde-lfi.txt 1 || 2012374 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/16202/ 1 || 2012375 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/16202/ 1 || 2012376 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/16202/ 1 || 2012377 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/16202/ 1 || 2012378 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/16202/ 1 || 2012379 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TelebidAuctionScript aid Parameter Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/82724/telebidauction-sql.txt 1 || 2012380 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Podcast Generator themes.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/98143/podcastgenerator-xss.txt 1 || 2012381 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ITechBids productid Parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/9497 1 || 2012382 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery output Parameter Remote Command Execution Attempt || url,packetstormsecurity.org/files/view/98347/cpg15x-exec.txt 1 || 2012383 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery retva Parameter Remote Command Execution Attempt || url,packetstormsecurity.org/files/view/98347/cpg15x-exec.txt 1 || 2012384 || 3 || trojan-activity || 0 || ET INFO Suspicious Purported MSIE 7 with terse HTTP Headers GET to PHP 1 || 2012385 || 3 || trojan-activity || 0 || ET DELETED Likely Infected HTTP POST to PHP with User-Agent of HTTP Client 1 || 2012386 || 2 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent VCTestClient 1 || 2012387 || 2 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent PrivacyInfoUpdate 1 || 2012388 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS USPS SPAM Inbound possible spyeye trojan || url,www.virustotal.com/file-scan/report.html?id=ed1766eb13cc7f41243dd722baab9973560c999c1489763c0704debebe8f4cb1-1298551066 1 || 2012389 || 3 || trojan-activity || 0 || ET TROJAN Java Exploit Kit Success Check-in Executable Download Likely 1 || 2012390 || 2 || trojan-activity || 0 || ET P2P Libtorrent User-Agent 1 || 2012391 || 3 || trojan-activity || 0 || ET TROJAN Tatanga Checkin || url,securityblog.s21sec.com/2011/02/tatanga-new-banking-trojan-with-mitb.html || url,www.sophos.com/security/analyses/viruses-and-spyware/trojtatangac.html || url,support.clean-mx.de/clean-mx/view_joebox.php?md5=4b5eb54de32f86819c638878ac2c7985&id=740958 || url,www.malware-control.com/statics-pages/06198e9b72e1bb0c256769c5754ed821.php 1 || 2012392 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Potential Fast Flux Rogue Antivirus (Setup_245.exe) || url,www.malwareurl.com/listing.php?domain=antivirus-live21.com 1 || 2012393 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Attempt || bid,45123 || cve,2010-4367 1 || 2012394 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf Cross Site Scripting Attempt || bid,46471 || cve,2011-1038 1 || 2012395 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf Cross Site Scripting Attempt || bid,46471 || cve,2011-1038 1 || 2012396 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclipse IDE Help Component Cross Site Scripting Attempt || bid,44883 || cve,2010-4647 1 || 2012397 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclipse IDE Help Component Cross Site Scripting Attempt || bid,44883 || cve,2010-4647 1 || 2012398 || 4 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of replace Javascript Function % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012399 || 4 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of replace Javascript Function %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012400 || 4 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of replace Javascript Function %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012401 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby Download Secondary Request 1 || 2012402 || 7 || trojan-activity || 0 || ET DELETED Facebook URL Redirect Vulnerability || url,lists.grok.org.uk/pipermail/full-disclosure/2011-February/079577.html 1 || 2012403 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Potential Rogue Antivirus FakePAV || url,www.malwareurl.com/listing.php?domain=76.76.102.214 1 || 2012404 || 2 || bad-unknown || 0 || ET WEB_CLIENT Likely Hostile Eval CRYPT.obfuscate Usage || url,research.zscaler.com/2010/05/malicious-hidden-iframes-using-publicly.html 1 || 2012405 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Potential FakePAV Checkin || url,www.threatexpert.com/report.aspx?md5=f5dd61e29eff89a93c591fba7ea14d92 1 || 2012406 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Potential Cewolf DOS attempt || url,lists.grok.org.uk/pipermail/full-disclosure/2011-February/079547.html 1 || 2012407 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Potential Wordpress local file disclosure vulnerability || url,lists.grok.org.uk/pipermail/full-disclosure/2011-February/079568.html 1 || 2012408 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Potential Wordpress local file disclosure vulnerability || url,lists.grok.org.uk/pipermail/full-disclosure/2011-February/079568.html 1 || 2012409 || 3 || trojan-activity || 0 || ET DELETED Unknown Malware Keepalive 1 || 2012410 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE DroidDream Android Trojan info upload || url,androguard.blogspot.com/2011/03/droiddream.html || url,blog.aegislab.com/index.php?op=ViewArticle&articleId=79&blogId=1 || url,blog.mylookout.com/2011/03/android-malware-droiddream-how-it-works/ || url,countermeasures.trendmicro.eu/google-android-rooted-backdoored-infected/ 1 || 2012411 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress updateAJAX.php post_id Parameter Cross Site Scripting Attempt || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html 1 || 2012412 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id SELECT || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html 1 || 2012413 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id UNION SELECT || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html 1 || 2012414 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id INSERT || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html 1 || 2012415 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id DELETE || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html 1 || 2012416 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id ASCII || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html 1 || 2012417 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id UPDATE || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html 1 || 2012418 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PhreeBooks js_include.php form Parameter Cross Site Scripting Attempt 1 || url,packetstormsecurity.org/files/view/98756/PhreeBooksR30RC4-xss.txt || url,exploit-db.com/exploits/16249/ 1 || 2012419 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PhreeBooks js_include.php form Parameter Cross Site Scripting Attempt 2 || url,packetstormsecurity.org/files/view/98756/PhreeBooksR30RC4-xss.txt || url,exploit-db.com/exploits/16249/ 1 || 2012420 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SOPHIA CMS SQL Injection Attempt dsp_page.cfm pageid SELECT || url,exploit-db.com/exploits/16225/ || url,securelist.com/en/advisories/43460 || url,secunia.com/advisories/43460 1 || 2012421 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SOPHIA CMS SQL Injection Attempt -- dsp_page.cfm pageid UNION SELECT || url,exploit-db.com/exploits/16225/ || url,securelist.com/en/advisories/43460 || url,secunia.com/advisories/43460 1 || 2012422 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SOPHIA CMS SQL Injection Attempt -- dsp_page.cfm pageid INSERT || url,exploit-db.com/exploits/16225/ || url,securelist.com/en/advisories/43460 || url,secunia.com/advisories/43460 1 || 2012423 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SOPHIA CMS SQL Injection Attempt -- dsp_page.cfm pageid DELETE || url,exploit-db.com/exploits/16225/ || url,securelist.com/en/advisories/43460 || url,secunia.com/advisories/43460 1 || 2012424 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SOPHIA CMS SQL Injection Attempt -- dsp_page.cfm pageid ASCII || url,exploit-db.com/exploits/16225/ || url,securelist.com/en/advisories/43460 || url,secunia.com/advisories/43460 1 || 2012425 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SOPHIA CMS SQL Injection Attempt -- dsp_page.cfm pageid UPDATE || url,exploit-db.com/exploits/16225/ || url,securelist.com/en/advisories/43460 || url,secunia.com/advisories/43460 1 || 2012426 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress XCloner Plugin cloner.cron.php config Parameter Local File Inclusion Attempt || bugtraq,46582 || url,exploit-db.com/exploits/16246/ 1 || 2012427 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla XCloner Component cloner.cron.php config Parameter Local File Inclusion Attempt || bugtraq,46582 || url,exploit-db.com/exploits/16246/ 1 || 2012428 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress XCloner Plugin index2.php option Parameter Cross Site Scripting Attempt || bugtraq,46582 || url,exploit-db.com/exploits/16246/ 1 || 2012429 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress XCloner Plugin index2.php mosmsg Parameter Cross Site Scripting Attempt || bugtraq,46582 || url,exploit-db.com/exploits/16246/ 1 || 2012430 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla XCloner Component index2.php mosmsg Parameter Cross Site Scripting Attempt || bugtraq,46582 || url,exploit-db.com/exploits/16246/ 1 || 2012431 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WP Forum Server wordpress plugin SQL Injection Attempt -- feed.php topic SELECT || url,exploit-db.com/exploits/16235/ 1 || 2012432 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WP Forum Server wordpress plugin SQL Injection Attempt -- feed.php topic UNION SELECT || url,exploit-db.com/exploits/16235/ 1 || 2012433 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WP Forum Server wordpress plugin SQL Injection Attempt -- feed.php topic INSERT || url,exploit-db.com/exploits/16235/ 1 || 2012434 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WP Forum Server wordpress plugin SQL Injection Attempt -- feed.php topic DELETE || url,exploit-db.com/exploits/16235/ 1 || 2012435 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WP Forum Server wordpress plugin SQL Injection Attempt -- feed.php topic ASCII || url,exploit-db.com/exploits/16235/ 1 || 2012436 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WP Forum Server wordpress plugin SQL Injection Attempt -- feed.php topic UPDATE || url,exploit-db.com/exploits/16235/ 1 || 2012437 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Zotpress citation Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/98746/WordPressZotpress2.6-xss.txt 1 || 2012438 || 5 || trojan-activity || 0 || ET TROJAN TrojanDownloader Win32/Harnig.gen-P Reporting || url,threatexpert.com/report.aspx?md5=40d1819b9c3c85e1f3b7723c7a9118ad 1 || 2012439 || 4 || trojan-activity || 0 || ET TROJAN Win32.Vilsel.akd Reporting || url,threatexpert.com/report.aspx?md5=2d6cede13913b17bc2ea7c7f70ce5fa8 1 || 2012440 || 4 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Agent.bqkb Reporting || url,threatexpert.com/report.aspx?md5=de85ae919d48325189bead995e8052e7 || url,support.clean-mx.de/clean-mx/viruses.php?ip=210.163.9.69&sort=first desc 1 || 2012441 || 4 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Banload Reporting || url,threatexpert.com/report.aspx?md5=43b0ddf87c66418053ee055501193abf || url,scumware.org/report/89.108.68.81 1 || 2012442 || 2 || trojan-activity || 0 || ET DELETED UPS Inbound bad attachment v.4 1 || 2012443 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS UPS Inbound bad attachment v.5 1 || 2012444 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS UPS Inbound bad attachment v.6 1 || 2012445 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Post Express Inbound bad attachment 1 || 2012446 || 2 || trojan-activity || 0 || ET TROJAN Possible Eleonore Exploit pack download || url,www.malwareurl.com/listing.php?domain=ultranichehost.com 1 || 2012447 || 2 || trojan-activity || 0 || ET TROJAN Possible Fast Flux Rogue Antivirus || url,www.malwareurl.com/listing.php?domain=spyremover-k3.com 1 || 2012448 || 2 || trojan-activity || 0 || ET TROJAN Downloader Win32.Agent.FakeAV.AVG 1 || url,support.clean-mx.de/clean-mx/view_joebox.php?md5=96742442435325983fefb385174a57be&id=765408 1 || 2012449 || 2 || trojan-activity || 0 || ET TROJAN Downloader Win32.Agent.FakeAV.AVG 2 || url,support.clean-mx.de/clean-mx/view_joebox.php?md5=96742442435325983fefb385174a57be&id=765408 1 || 2012450 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan HongTouTou Command and Control Communication || url,blog.netqin.com/en/?p=451 1 || 2012451 || 5 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan MSO.PJApps checkin 1 || url,virus.netqin.com/en/android/MSO.PJApps.A 1 || 2012452 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan MSO.PJApps checkin 2 || url,virus.netqin.com/en/android/MSO.PJApps.A/ 1 || 2012453 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan DroidDream Command and Control Communication || url,blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/ 1 || 2012454 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan Fake10086 checkin 1 || url,blog.aegislab.com/index.php?op=ViewArticle&articleId=81&blogId=1 1 || 2012455 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan Fake10086 checkin 2 || url,blog.aegislab.com/index.php?op=ViewArticle&articleId=81&blogId=1 1 || 2012456 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JKDDOS download 500.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry 1 || 2012457 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JKDDOS download ddos.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry 1 || 2012458 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JKDDOS download desyms.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry 1 || 2012459 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JKDDOS download 1691.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry 1 || 2012460 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JKDDOS download wm.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry 1 || 2012461 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JKDDOS download cl.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry 1 || 2012466 || 3 || trojan-activity || 0 || ET DELETED Possible JKDDOS download b.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry 1 || 2012467 || 2 || policy-violation || 0 || ET P2P Ocelot BitTorrent Server in Use 1 || 2012468 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu SELECT || url,securityreason.com/wlb_show/WLB-2011020009 1 || 2012469 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu UNION SELECT || url,securityreason.com/wlb_show/WLB-2011020009 1 || 2012470 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu INSERT || url,securityreason.com/wlb_show/WLB-2011020009 1 || 2012471 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu DELETE || url,securityreason.com/wlb_show/WLB-2011020009 1 || 2012472 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu ASCII || url,securityreason.com/wlb_show/WLB-2011020009 1 || 2012473 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu UPDATE || url,securityreason.com/wlb_show/WLB-2011020009 1 || 2012474 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RecordPress rp-menu.php sess_user Parameter Cross Site Scripting Attempt || bugtraq,46798 || url,exploit-db.com/exploits/16950/ 1 || 2012475 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RecordPress header.php titledesc Parameter Cross Site Scripting Attempt || bugtraq,46798 || url,exploit-db.com/exploits/16950/ 1 || 2012476 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin folder.php type Parameter Cross Site Scripting Attempt || url,htbridge.ch/advisory/xss_in_1_flash_gallery_wordpress_plugin.html || url,packetstormsecurity.org/files/view/99086/1flashgal-sqlxss.txt 1 || 2012477 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id SELECT || url,htbridge.ch/advisory/sql_injection_in_1_flash_gallery_wordpress_plugin.html 1 || 2012478 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id UNION SELECT || url,htbridge.ch/advisory/sql_injection_in_1_flash_gallery_wordpress_plugin.html 1 || 2012479 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id INSERT || url,htbridge.ch/advisory/sql_injection_in_1_flash_gallery_wordpress_plugin.html 1 || 2012480 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id DELETE || url,htbridge.ch/advisory/sql_injection_in_1_flash_gallery_wordpress_plugin.html 1 || 2012481 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id ASCII || url,htbridge.ch/advisory/sql_injection_in_1_flash_gallery_wordpress_plugin.html 1 || 2012482 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id UPDATE || url,htbridge.ch/advisory/sql_injection_in_1_flash_gallery_wordpress_plugin.html 1 || 2012483 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wikiwig spell-check-savedicts.php to_p_dict Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/43709 1 || 2012484 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wikiwig spell-check-savedicts.php to_r_list Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/43709 1 || 2012485 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf SELECT || url,exploit-db.com/exploits/16954/ 1 || 2012486 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf UNION SELECT || url,exploit-db.com/exploits/16954/ 1 || 2012487 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf INSERT || url,exploit-db.com/exploits/16954/ 1 || 2012488 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf DELETE || url,exploit-db.com/exploits/16954/ 1 || 2012489 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf ASCII || url,exploit-db.com/exploits/16954/ 1 || 2012490 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf UPDATE || url,exploit-db.com/exploits/16954/ 1 || 2012491 || 6 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Presto) 1 || 2012492 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DHL Spam Inbound 1 || 2012493 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DHL Spam Inbound 1 || 2012494 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV InstallInternetDefender Download 1 || 2012495 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV campaign related JavaScript eval document obfuscation 1 || 2012496 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sahana Agasti AccessController.php approot Parameter Remote File Inclusion Attempt || bugtraq,45656 || url,exploit-db.com/exploits/15896/ || url,xforce.iss.net/xforce/xfdb/64442 1 || 2012497 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sahana Agasti dao.php approot Parameter Remote File Inclusion Attempt || bugtraq,45656 || url,exploit-db.com/exploits/15896/ || url,xforce.iss.net/xforce/xfdb/64442 1 || 2012498 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Constructr CMS SQL Injection Attempt -- constructrXmlOutput.content.xml.php page_id SELECT || bugtraq,46842 || url,packetstormsecurity.org/files/99204 || url,exploit-db.com/exploits/16963/ 1 || 2012499 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Constructr CMS SQL Injection Attempt -- constructrXmlOutput.content.xml.php page_id UNION SELECT || bugtraq,46842 || url,packetstormsecurity.org/files/99204 || url,exploit-db.com/exploits/16963/ 1 || 2012500 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Constructr CMS SQL Injection Attempt -- constructrXmlOutput.content.xml.php page_id INSERT || bugtraq,46842 || url,packetstormsecurity.org/files/99204 || url,exploit-db.com/exploits/16963/ 1 || 2012501 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Constructr CMS Injection Attempt -- constructrXmlOutput.content.xml.php page_id DELETE || bugtraq,46842 || url,packetstormsecurity.org/files/99204 || url,exploit-db.com/exploits/16963/ 1 || 2012502 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Constructr CMS SQL Injection Attempt -- constructrXmlOutput.content.xml.php page_id ASCII || bugtraq,46842 || url,packetstormsecurity.org/files/99204 || url,exploit-db.com/exploits/16963/ 1 || 2012503 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Compressed Adobe Flash File Embedded in XLS FILE Caution - Could be Exploit || url,blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html || url,bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html || bid,46860 || cve,2011-0609 1 || 2012504 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Excel with Embedded .emf object downloaded 1 || 2012505 || 4 || trojan-activity || 0 || ET TROJAN Monkif Checkin 1 || 2012506 || 5 || trojan-activity || 0 || ET TROJAN Driveby Exploit Attempt Often to Install Monkif 1 || 2012507 || 5 || trojan-activity || 0 || ET TROJAN Monkif CnC response in fake JPEG || url,2009.brucon.org/material/Julia_Wolf_Brucon_final.pdf || url,research.zscaler.com/2010/03/trojan-monkif-is-still-active-and.html || url,blogs.mcafee.com/mcafee-labs/monkif-botnet-hides-commands-in-jpegs 1 || 2012508 || 2 || policy-violation || 0 || ET POLICY Akamai NetSession Interface PUTing data || url,www.akamai.com/html/misc/akamai_client/netsession_interface_faq.html 1 || 2012509 || 2 || attempted-user || 0 || ET WEB_CLIENT Android Webkit removeChild Use-After-Free Remote Code Execution Attempt || bid,40642 || cve,2010-1119 1 || 2012510 || 2 || bad-unknown || 0 || ET SHELLCODE UTF-8/16 Encoded Shellcode || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html 1 || 2012511 || 2 || attempted-user || 0 || ET WEB_CLIENT Opera Window.Open document.cloneNode Null Pointer Deference Attempt || url,www.exploit-db.com/exploits/16979/ 1 || 2012512 || 2 || trojan-activity || 0 || ET TROJAN Hiloti loader installed successfully response 1 || 2012513 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Hiloti loader installed successfully request 1 || 2012514 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Hiloti loader requesting payload URL 1 || 2012515 || 5 || trojan-activity || 0 || ET DELETED Hiloti loader receiving payload URL 1 || 2012516 || 2 || trojan-activity || 0 || ET DELETED Fake Google Toolbar User-Agent 1 || 2012517 || 2 || trojan-activity || 0 || ET TROJAN Win32/Rimecud.B Activity || url,www.threatexpert.com/report.aspx?md5=01dd7102b9d36ec8556eed2909b74f52 1 || 2012518 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RetroGuard Obfuscated JAR likely part of hostile exploit kit || url,www.retrologic.com 1 || 2012519 || 4 || attempted-user || 0 || ET DELETED Microsoft Publisher Array Indexing Memory Corruption SET || cve,2010-3995 || url,www.microsoft.com/technet/security/bulletin/MS10-103.mspx 1 || 2012520 || 7 || protocol-command-decode || 0 || ET WEB_CLIENT Microsoft OLE Compound File Magic Bytes Flowbit Set 1 || 2012521 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Generic Win32 Banker Trojan CheckIn || url,www.xandora.net/xangui/malware/view/18e5c43b3d430526e90799e7cc2c3ec8 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3AWin32%2FBancos.ZY 1 || 2012522 || 1 || policy-violation || 0 || ET POLICY DNS Query For XXX Adult Site Top Level Domain || url,mashable.com/2011/03/19/xxx-tld-porn/ || url,mashable.com/2010/06/24/dot-xxx-porn-domain/ 1 || 2012523 || 8 || trojan-activity || 0 || ET POLICY Executable Download From Russian Content-Language Website 1 || 2012524 || 7 || trojan-activity || 0 || ET POLICY Executable Download From Chinese Content-Language Website 1 || 2012525 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Download of Microsft Office File From Russian Content-Language Website 1 || 2012526 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Download of Microsoft Office File From Chinese Content-Language Website 1 || 2012527 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Download of PDF File From Russian Content-Language Website 1 || 2012528 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Download of PDF File From Chinese Content-Language Website 1 || 2012529 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS WindowsLive Imposter Site WindowsLive.png 1 || 2012530 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS WindowsLive Imposter Site Landing Page 1 || 2012531 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS WindowsLive Imposter Site blt .png 1 || 2012532 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS WindowsLive Imposter Site Payload Download 1 || 2012533 || 4 || trojan-activity || 0 || ET TROJAN Win32/Virut.BN Checkin || url,www.threatexpert.com/report.aspx?md5=199d9ea754f193194e251415a2f6dd46 1 || 2012534 || 2 || shellcode-detect || 0 || ET SHELLCODE Unescape Variable %u Shellcode || url,www.symantec.com/avcenter/reference/evolving.shell.code.pdf 1 || 2012535 || 2 || shellcode-detect || 0 || ET SHELLCODE Unescape Variable Unicode Shellcode || url,www.symantec.com/avcenter/reference/evolving.shell.code.pdf 1 || 2012536 || 3 || trojan-activity || 0 || ET MALWARE Mozilla 3.0 and Indy Library User-Agent Likely Hostile 1 || 2012537 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zbot Trojan || url,www.malwareurl.com/listing.php?domain=umbralinversiones.com 1 || 2012538 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zbot Trojan || url,www.malwareurl.com/listing.php?domain=poleoa.net 1 || 2012539 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Rogue Antivirus || url,www.malwareurl.com/listing.php?domain=umbralinversiones.com 1 || 2012540 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Win32 Backdoor Poison || url,www.malwareurl.com/listing.php?domain=arteencueros.com 1 || 2012541 || 2 || trojan-activity || 0 || ET TROJAN Downloader.small Generic Checkin 1 || 2012542 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.gv.vg domain 1 || 2012543 || 3 || attempted-user || 0 || ET ACTIVEX RealPlayer CDDA URI Overflow Uninitialized Pointer Attempt || bid,44450 || cve,2010-3747 1 || 2012546 || 4 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for addons.mozilla.org 1 || 2012547 || 4 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for Global Trustee 1 || 2012548 || 4 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for login.live.com 1 || 2012549 || 4 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for login.skype.com 1 || 2012550 || 4 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for login.yahoo.com 1 1 || 2012551 || 5 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for login.yahoo.com 2 1 || 2012552 || 4 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for login.yahoo.com 3 1 || 2012553 || 5 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for mail.google.com 1 || 2012554 || 6 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for www.google.com 1 || 2012555 || 2 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent (VMozilla) || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fNeeris.BF || url,www.avira.com/en/support-threats-description/tid/6259/tlang/en 1 || 2012556 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Shape Web Solutions imprimir.php SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/99467/shapewebsolutions-sql.txt 1 || 2012557 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Shape Web Solutions imprimir.php DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/99467/shapewebsolutions-sql.txt 1 || 2012558 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Shape Web Solutions imprimir.php UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/99467/shapewebsolutions-sql.txt 1 || 2012559 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Shape Web Solutions imprimir.php INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/99467/shapewebsolutions-sql.txt 1 || 2012560 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Shape Web Solutions imprimir.php UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/99467/shapewebsolutions-sql.txt 1 || 2012561 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfoncier action.class.php script Remote File inclusion Attempt || url,exploit-db.com/exploits/12366 1 || 2012562 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfoncier architecte.class.php script Remote File inclusion Attempt || url,exploit-db.com/exploits/12366 1 || 2012563 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfoncier avis.class.php script Remote File inclusion Attempt || url,exploit-db.com/exploits/12366 1 || 2012564 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfoncier bible.class.php script Remote File inclusion Attempt || url,exploit-db.com/exploits/12366 1 || 2012565 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfoncier blocnote.class.php script Remote File inclusion Attempt || url,exploit-db.com/exploits/12366 1 || 2012566 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin vbBux vbplaza.php Blind SQL Injection Attempt || url,exploit-db.com/exploits/8784/ 1 || 2012567 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS coRED CMS rubID Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/98769/coredcms-sql.txt 1 || 2012568 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS coRED CMS rubID Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/98769/coredcms-sql.txt 1 || 2012569 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS coRED CMS rubID Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/98769/coredcms-sql.txt 1 || 2012570 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS coRED CMS rubID Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/98769/coredcms-sql.txt 1 || 2012571 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jQuery Mega Menu Wordpress Plugin Local File Inclusion Attempt || url,exploit-db.com/exploits/16250 1 || 2012572 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Cache_Lite Class mosConfig_absolute_path Remote File inclusion Attempt || url,exploit-db.com/exploits/16912 1 || 2012573 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RecordPress header.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/99118/recordpress-xsrfxss.txt 1 || 2012574 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RecordPress header.php rp-menu.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/99118/recordpress-xsrfxss.txt 1 || 2012575 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field SELECT || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt 1 || 2012576 || 5 || web-application-attack || 0 || ET DELETED mySeatXT SQL Injection Attempt autocomplete.php field UNION SELECT || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt 1 || 2012577 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field INSERT || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt 1 || 2012578 || 5 || web-application-attack || 0 || ET DELETED mySeatXT SQL Injection Attempt autocomplete.php field DELETE || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt 1 || 2012579 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field ASCII || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt 1 || 2012580 || 4 || web-application-attack || 0 || ET DELETED mySeatXT SQL Injection Attempt autocomplete.php field UPDATE || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt 1 || 2012581 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Lazyest Gallery Plugin image Parameter Cross Site Scripting Attempt || url,htbridge.ch/advisory/xss_in_lazyest_gallery_wordpress_plugin.html || url,secunia.com/advisories/43661/ 1 || 2012582 || 4 || web-application-attack || 0 || ET DELETED Interleave basicstats.php AjaxHandler Parameter Cross Site Scripting Attempt || bugtraq,46771 || url,xforce.iss.net/xforce/xfdb/65942 || url,packetstorm.linuxsecurity.com/1103-exploits/Interleave5.5.0.2-xss.txt 1 || 2012583 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ardeaCore PHP Framework appMVCPath Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/15840/ || url,securityreason.com/wlb_show/WLB-2011010005 1 || 2012584 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ardeaCore PHP Framework CURRENT_BLOG_PATH Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/15840/ || url,securityreason.com/wlb_show/WLB-2011010005 1 || 2012585 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS coRED CMS rubID Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/98769/coredcms-sql.txt 1 || 2012586 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent I mLuo 1 || 2012587 || 4 || trojan-activity || 0 || ET TROJAN VirTool-Win32-VBInject.gen-FA Reporting || url,threatexpert.com/report.aspx?md5=85a9f25c9b6614a8ad16dd7f3363a247 1 || 2012588 || 4 || web-application-attack || 0 || ET DELETED RiskTool.Win32.WFPDisabler Reporting || url,threatexpert.com/report.aspx?md5=c81be1cf10d9578803dab8c1bc62ccfa 1 || 2012589 || 4 || trojan-activity || 0 || ET DELETED Trojan-Dropper.Win32.Mudrop.asj Reporting || url,threatexpert.com/report.aspx?md5=0398af3218eb6f21195d701a0b001445 1 || 2012590 || 5 || trojan-activity || 0 || ET TROJAN Best Spyware Scanner FaveAV Download 1 || 2012591 || 5 || bad-unknown || 0 || ET DELETED EICAR test file with MZ header double-stacking AV evasion technique || url,isc.sans.edu/diary/Strange+Shockwave+File+with+Surprising+Attachments/10612 || url,www.eicar.org/anti_virus_test_file.htm 1 || 2012592 || 5 || trojan-activity || 0 || ET TROJAN PWS-Banker.gen.b Reporting || url,threatexpert.com/report.aspx?md5=e3fdf31ce57b3807352971a62f85c55b 1 || 2012593 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.ce.ms domain 1 || 2012595 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field SELECT || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt 1 || 2012596 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field UNION SELECT || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt 1 || 2012597 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field INSERT || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt 1 || 2012598 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field DELETE || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt 1 || 2012599 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field ASCII || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt 1 || 2012600 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field UPDATE || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt 1 || 2012601 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Lazyest Gallery Plugin image Parameter Cross Site Scripting Attempt || url,htbridge.ch/advisory/xss_in_lazyest_gallery_wordpress_plugin.html || url,secunia.com/advisories/43661/ 1 || 2012603 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interleave basicstats.php AjaxHandler Parameter Cross Site Scripting Attempt || bugtraq,46771 || url,xforce.iss.net/xforce/xfdb/65942 || url,packetstorm.linuxsecurity.com/1103-exploits/Interleave5.5.0.2-xss.txt 1 || 2012604 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ardeaCore PHP Framework appMVCPath Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/15840/ || url,securityreason.com/wlb_show/WLB-2011010005 1 || 2012605 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ardeaCore PHP Framework CURRENT_BLOG_PATH Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/15840/ || url,securityreason.com/wlb_show/WLB-2011010005 1 || 2012606 || 3 || web-application-attack || 0 || ET SCAN Havij SQL Injection Tool User-Agent Inbound || url,itsecteam.com/en/projects/project1.htm 1 || 2012607 || 4 || trojan-activity || 0 || ET USER_AGENTS Lowercase User-Agent header purporting to be MSIE 1 || 2012608 || 7 || trojan-activity || 0 || ET DELETED Java Exploit Attempt applet via file URI || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452 1 || 2012609 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Phoenix Java Exploit Attempt Request for .class from octal host || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452 1 || 2012610 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Java Exploit io.exe download served 1 || 2012611 || 5 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent Sample 1 || 2012612 || 11 || trojan-activity || 0 || ET TROJAN Hiloti Style GET to PHP with invalid terse MSIE headers 1 || 2012613 || 5 || trojan-activity || 0 || ET DELETED SpyeEye Trojan Request file=grabbers 1 || 2012614 || 5 || web-application-attack || 0 || ET CURRENT_EVENTS Internal WebServer Compromised By Lizamoon Mass SQL-Injection Attacks || url,malwaresurvival.net/tag/lizamoon-com/ 1 || 2012615 || 2 || trojan-activity || 0 || ET MALWARE Unknown Malware PUTLINK Command Message 1 || 2012616 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Slugin.A PatchTimeCheck.dat Request 1 || 2012617 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Malware PatchPathNewS3.dat Request 1 || 2012618 || 2 || trojan-activity || 0 || ET DELETED .dll Request Without User-Agent Likely Malware 1 || 2012619 || 6 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 1 || 2012620 || 9 || trojan-activity || 0 || ET TROJAN Unknown Fake antivirus check-in 1 || 2012621 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Adobe Flash SWF File Embedded in XLS FILE Caution - Could be Exploit || url,blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html || url,bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html || bid,46860 || cve,2011-0609 1 || 2012622 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Adobe Flash Unicode SWF File Embedded in Office File Caution - Could be Hostile || url,blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html || url,bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html || bid,46860 || cve,2011-0609 || url,www.adobe.com/support/security/advisories/apsa11-02.html || cve,2011-0611 1 || 2012624 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Lizamoon Related Compromised site served to local client 1 || 2012625 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Potential Lizamoon Client Request /ur.php 1 || 2012626 || 4 || trojan-activity || 0 || ET TROJAN Unknown Dropper Checkin with NSISDL/1.2 User-Agent 1 || 2012627 || 2 || trojan-activity || 0 || ET TROJAN FakeAV Check-in purporting to be MSIE with invalid terse HTTP headers 1 || 2012628 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Java Exploit Attempt Request for .id from octal host || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452 1 || 2012629 || 4 || trojan-activity || 0 || ET USER_AGENTS Unknown Trojan User-Agent IE6 on Windows XP 1 || 2012630 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Paypal Phishing victim POSTing data 1 || 2012631 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Chinese Bootkit Checkin || url,www.securelist.com/en/blog/434/The_Chinese_bootkit 1 || 2012632 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Potential Paypal Phishing Form Attachment 1 || 2012633 || 3 || trojan-activity || 0 || ET DELETED Content-Type image/jpeg with DOS MZ header set likely 2nd stage download 1 || 2012634 || 3 || trojan-activity || 0 || ET DELETED Content-Type image/jpeg with Win32 MZ header set likely 2nd stage download 1 || 2012635 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Potential ACH Transaction Phishing Attachment 1 || 2012636 || 3 || attempted-user || 0 || ET ACTIVEX RealNetworks RealGames StubbyUtil.ProcessMgr.1 InstallerDlg.dll Remote Command Execution Attempt || url,www.exploit-db.com/exploits/17105/ || bid,47133 1 || 2012637 || 4 || attempted-user || 0 || ET ACTIVEX RealNetworks RealGames StubbyUtil.ProcessMgr.1 InstallerDlg.dll Remote Command Execution Attempt || url,www.exploit-db.com/exploits/17105/ || bid,47133 1 || 2012638 || 4 || attempted-user || 0 || ET ACTIVEX RealNetworks RealGames StubbyUtil.ShellCtl.1 InstallerDlg.dll Remote Command Execution Attempt || url,www.exploit-db.com/exploits/17105/ || bid,47133 1 || 2012639 || 4 || attempted-user || 0 || ET ACTIVEX RealNetworks RealGames StubbyUtil.ShellCtl.1 InstallerDlg.dll Remote Command Execution Attempt || url,www.exploit-db.com/exploits/17105/ || bid,47133 1 || 2012640 || 4 || attempted-user || 0 || ET ACTIVEX RealNetworks RealGames StubbyUtil.ShellCtl.1 InstallerDlg.dll Remote Command Execution Attempt || url,www.exploit-db.com/exploits/17105/ || bid,47133 1 || 2012641 || 3 || attempted-user || 0 || ET ACTIVEX Sun Java Runtime New Plugin Docbase Buffer Overflow Attempt || bid,44023 || cve,2010-3552 1 || 2012642 || 7 || trojan-activity || 0 || ET MALWARE Lowercase mozilla/2.0 User-Agent Likely Malware || url,www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FCycbot.B 1 || 2012643 || 2 || trojan-activity || 0 || ET TROJAN Trojan-Clicker.Win32.Agent.qqf Checkin || url,www.threatexpert.com/report.aspx?md5=f468778836fd27a2ccca88c99f6dd3e9 1 || 2012644 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Java Exploit Attempt Request for hostile binary 1 || 2012645 || 4 || trojan-activity || 0 || ET TROJAN GET to Google with specific HTTP lib likely Cycbot/Bifrose/Kryptic checking Internet connection 1 || 2012646 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious JAR olig 1 || 2012647 || 3 || policy-violation || 0 || ET POLICY Dropbox.com Offsite File Backup in Use || url,www.dropbox.com || url,dereknewton.com/2011/04/dropbox-authentication-static-host-ids/ 1 || 2012648 || 3 || policy-violation || 0 || ET POLICY Dropbox Client Broadcasting 1 || 2012649 || 4 || misc-activity || 0 || ET MALWARE All Numerical .ru Domain HTTP Request Likely Malware Related 1 || 2012650 || 6 || misc-activity || 0 || ET CURRENT_EVENTS HTTP Request to a Malware Related Numerical .cn Domain 1 || 2012651 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke Surveys pollID parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/100119/phpnukesurveys-sql.txt 1 || 2012652 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke Surveys pollID parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/100119/phpnukesurveys-sql.txt 1 || 2012653 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke Surveys pollID parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/100119/phpnukesurveys-sql.txt 1 || 2012654 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke Surveys pollID parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/100119/phpnukesurveys-sql.txt 1 || 2012655 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke Surveys pollID parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/100119/phpnukesurveys-sql.txt 1 || 2012656 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eyeOS callback parameter Cross Site Scripting Attempt || url,secunia.com/advisories/43818 1 || 2012657 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eyeOS file Parameter Local File Inclusion Attempt || url,secunia.com/advisories/43818 1 || 2012658 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OrangeHRM recruitcode parameter Cross Site Script Attempt || bugtraq,47046 1 || 2012659 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_doqment Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/99278/joomladoqment-rfilfisql.txt 1 || 2012660 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portel patron Parameter Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/80053/portel-sql.txt 1 || 2012661 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin cChatBox messageid Parameter SELECT FROM SQL Injection Attempt || bugtraq,46635 1 || 2012662 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin cChatBox messageid Parameter DELETE FROM SQL Injection Attempt || bugtraq,46635 1 || 2012663 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin cChatBox messageid Parameter UNION SELECT SQL Injection Attempt || bugtraq,46635 1 || 2012664 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin cChatBox messageid Parameter INSERT INTO SQL Injection Attempt || bugtraq,46635 1 || 2012665 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin cChatBox messageid Parameter UPDATE SET SQL Injection Attempt || bugtraq,46635 1 || 2012666 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla component smartformer Remote File Inclusion Attempt || url,packetstormsecurity.org/files/view/95477/joomlasmartformer-rfi.txt 1 || 2012667 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component Media Mall Factory Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/88439/joomlamediamallfactory-bsql.txt 1 || 2012668 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LoCal Calendar System LIBDIR Parameter Local File Inclusion Attempt || url,secunia.com/advisories/22484 1 || 2012669 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClanSphere 'CKEditorFuncNum' parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/99698/ClanSphere2010.3CKEditor-xss.txt 1 || 2012670 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PhotoSmash action Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/99089/photosmash-xss.txt 1 || 2012672 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andy PHP Knowledgebase SQL Injection Attempt pdfgen.php pdfa SELECT || url,exploit-db.com/exploits/17061/ || url,vupen.com/english/advisories/2011/0823 1 || 2012673 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andy PHP Knowledgebase SQL Injection Attempt pdfgen.php pdfa UNION SELECT || url,exploit-db.com/exploits/17061/ || url,vupen.com/english/advisories/2011/0823 1 || 2012674 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andy PHP Knowledgebase SQL Injection Attempt pdfgen.php pdfa INSERT || url,exploit-db.com/exploits/17061/ || url,vupen.com/english/advisories/2011/0823 1 || 2012675 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andy PHP Knowledgebase SQL Injection Attempt pdfgen.php pdfa DELETE || url,exploit-db.com/exploits/17061/ || url,vupen.com/english/advisories/2011/0823 1 || 2012676 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andy PHP Knowledgebase SQL Injection Attempt pdfgen.php pdfa ASCII || url,exploit-db.com/exploits/17061/ || url,vupen.com/english/advisories/2011/0823 1 || 2012677 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andy PHP Knowledgebase SQL Injection Attempt pdfgen.php pdfa UPDATE || url,exploit-db.com/exploits/17061/ || url,vupen.com/english/advisories/2011/0823 1 || 2012678 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webEdition CMS openBrowser.php Cross Site Scripting Attempt || bugtraq,47047 || url,packetstormsecurity.org/files/99790 || url,exploit-db.com/exploits/17054/ 1 || 2012679 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webEdition CMS edit_shop_editorFrameset.php Cross Site Scripting Attempt || bugtraq,47047 || url,packetstormsecurity.org/files/99790 || url,exploit-db.com/exploits/17054/ 1 || 2012680 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webEdition CMS we_transaction Parameter Cross Site Scripting Attempt || bugtraq,47047 || url,packetstormsecurity.org/files/99790 || url,exploit-db.com/exploits/17054/ 1 || 2012681 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webEdition CMS shop_artikelid Parameter Cross Site Scripting Attempt || bugtraq,47047 || url,packetstormsecurity.org/files/99790 || url,exploit-db.com/exploits/17054/ 1 || 2012682 || 6 || attempted-admin || 0 || ET EXPLOIT HP OpenView NNM snmpviewer.exe CGI Stack Buffer Overflow 1 || cve,CVE-2010-1552 || bugtraq,40068 1 || 2012683 || 5 || attempted-admin || 0 || ET EXPLOIT HP OpenView NNM snmpviewer.exe CGI Stack Buffer Overflow 2 || cve,CVE-2010-1552 || bugtraq,40068 1 || 2012684 || 8 || trojan-activity || 0 || ET WEB_CLIENT Office File With Embedded Executable 1 || 2012685 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Win32/CazinoSilver Download VegasVIP_setup.exe || url,ddanchev.blogspot.com/2011/04/dont-play-poker-on-infected-table-part.html 1 || 2012686 || 4 || trojan-activity || 0 || ET TROJAN SpyEye Checkin version 1.3.25 or later 1 || 2012687 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Pack Binary Load Request 1 || 2012688 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Potential Blackhole Exploit Pack landing || url,krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/ 1 || 2012689 || 5 || attempted-recon || 0 || ET POLICY LoJack asset recovery/tracking - not malicious || url,www.absolute.com/en/lojackforlaptops/home.aspx 1 || 2012690 || 1 || successful-admin || 0 || ET ATTACK_RESPONSE Windows 7 CMD Shell from Local System 1 || 2012691 || 2 || policy-violation || 0 || ET POLICY Internal Host visiting Showmyipaddress.com - Possible Trojan 1 || 2012692 || 6 || trojan-activity || 0 || ET POLICY Microsoft user-agent automated process response to automated request 1 || 2012693 || 3 || trojan-activity || 0 || ET MALWARE overtls.com adware request 1 || 2012694 || 3 || policy-violation || 0 || ET POLICY request to .xxx TLD || url,en.wikipedia.org/wiki/.xxx 1 || 2012695 || 2 || trojan-activity || 0 || ET USER_AGENTS suspicious User Agent (Lotto) 1 || 2012696 || 3 || trojan-activity || 0 || ET TROJAN FakeAV InstallInternetProtection Download 1 || 2012697 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla virtuemart Blind SQL Injection Attempt || url,exploit-db.com/exploits/17132 1 || 2012698 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eGroupware loaddetails.php script SELECT FROM SQL Injection Attempt || url,securityreason.com/wlb_show/WLB-2011040052 1 || 2012699 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eGroupware loaddetails.php script DELETE FROM SQL Injection Attempt || url,securityreason.com/wlb_show/WLB-2011040052 1 || 2012700 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eGroupware loaddetails.php script UNION SELECT SQL Injection Attempt || url,securityreason.com/wlb_show/WLB-2011040052 1 || 2012701 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eGroupware loaddetails.php script INSERT INTO SQL Injection Attempt || url,securityreason.com/wlb_show/WLB-2011040052 1 || 2012702 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eGroupware loaddetails.php script UPDATE SET SQL Injection Attempt || url,securityreason.com/wlb_show/WLB-2011040052 1 || 2012703 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla mod_virtuemart_latestprod module Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100324 1 || 2012704 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla mod_virtuemart_featureprod module Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100325 1 || 2012705 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress WP Publication file Parameter Local File Inclusion Attempt || url,secunia.com/advisories/43067 || url,securelist.com/en/advisories/43067 1 || 2012706 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vtiger CRM service parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/100183/vtigerCRM5.2.1-XSS.txt 1 || 2012707 || 4 || trojan-activity || 0 || ET TROJAN Suspicious double Server Header 1 || 2012708 || 2 || web-application-attack || 0 || ET WEB_SERVER HTTP 414 Request URI Too Large 1 || 2012709 || 5 || protocol-command-decode || 0 || ET POLICY MS Remote Desktop Administrator Login Request || cve,CAN-2001-0540 1 || 2012710 || 1 || protocol-command-decode || 0 || ET POLICY MS Terminal Server Root login || cve,2001-0540 1 || 2012711 || 1 || protocol-command-decode || 0 || ET POLICY MS Remote Desktop POS User Login Request || cve,2001-0540 1 || 2012712 || 1 || protocol-command-decode || 0 || ET POLICY MS Remote Desktop Service User Login Request || cve,CAN-2001-0540 1 || 2012713 || 3 || trojan-activity || 0 || ET TROJAN Internet Protection FakeAV checkin || url,www.threatexpert.com/report.aspx?md5=7710686d03cd3174b6f644434750b22b 1 || 2012714 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV BestAntivirus2011 Download 1 || 2012715 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS I-Escorts Directory country_id parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/10809 1 || 2012716 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS I-Escorts Directory country_id parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/10809 1 || 2012717 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS I-Escorts Directory country_id parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/10809 1 || 2012718 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS I-Escorts Directory country_id parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/10809 1 || 2012719 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS I-Escorts Directory country_id parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/10809 1 || 2012720 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simploo CMS x parameter Remote PHP Code Execution Attempt || url,exploit-db.com/exploits/16016 1 || 2012721 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LightNEasy File Manager language Parameter Local File Inclusion Attempt || url,secunia.com/advisories/39517 1 || 2012722 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SocialGrid Plugin default_services Cross-Site Scripting Vulnerability || url,secunia.com/advisories/44256 || url,htbridge.ch/advisory/xss_in_socialgrid_wordpress_plugin.html 1 || 2012723 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo component com_zoom Blind SQL Injection Vulnerability || url,packetstormsecurity.org/files/view/80992/mambozoom-sql.txt 1 || 2012724 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CitusCMS filePath Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100525/cituscms-rfi.txt 1 || 2012725 || 9 || trojan-activity || 0 || ET TROJAN Win32/FakeSysdef Rogue AV Checkin || url,www.threatexpert.com/report.aspx?md5=f0f750e8f195dcfc8623679ff2df1267 || url,www.threatexpert.com/report.aspx?md5=e186e530ebf0aec07f0cd2afd706633c || url,www.threatexpert.com/report.aspx?md5=294a729bb6a8fc266990b4c94eb86359 1 || 2012726 || 4 || attempted-recon || 0 || ET SCAN OpenVAS User-Agent Inbound || url,openvas.org 1 || 2012727 || 3 || trojan-activity || 0 || ET TROJAN BestAntivirus2011 Fake AV reporting 1 || 2012728 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Known Hostile Domain citi-bank.ru Lookup 1 || 2012729 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Known Hostile Domain .ntkrnlpa.info Lookup 1 || 2012730 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Known Hostile Domain ilo.brenz.pl Lookup 1 || 2012731 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Likely Redirector to Exploit Page /in/rdrct/rckt/? 1 || 2012732 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown .ru Exploit Redirect Page 1 || 2012734 || 4 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent String (AskPartnerCobranding) 1 || 2012735 || 7 || policy-violation || 0 || ET POLICY Babylon User-Agent (Translation App Observed in PPI MALWARE) || md5,54e482d6c0344935115d04b411afdb27 || md5,54dfd618401a573996b2b32bdd21b2d4 || md5,546888f8a18ed849058a5325015c29ef || url,www.babylon.com 1 || 2012736 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan-GameThief.Win32.OnLineGames.bnye Checkin || url,www.threatexpert.com/report.aspx?md5=014945cf93ffc94833f7a3efd92fe263 1 || 2012737 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.cw.cm domain 1 || 2012738 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.8866.org || url,isc.sans.edu/diary.html?storyid=6739 || url,google.com/safebrowsing/diagnostic?site=8866.org/ || url,www.mywot.com/en/scorecard/8866.org 1 || 2012739 || 2 || trojan-activity || 0 || ET WORM Rimecud Worm checkin || url,www.threatexpert.com/report.aspx?md5=9623efa133415d19c941ef92a4f921fc 1 || 2012740 || 3 || trojan-activity || 0 || ET USER_AGENTS Backdoor.Win32.Vertexbot.A User-Agent (VERTEXNET) || url,www.symantec.com/business/security_response/writeup.jsp?docid=2011-032315-2902-99&tabid=2 1 || 2012741 || 4 || web-application-attack || 0 || ET ACTIVEX Gesytec ElonFmt ActiveX Component GetItem1 member Buffer Overflow Attempt || url,exploit-db.com/exploits/17196 1 || 2012742 || 2 || attempted-user || 0 || ET ACTIVEX Gesytec ElonFmt ActiveX Component Format String Function Call || url,exploit-db.com/exploits/17196 1 || 2012743 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SaurusCMS captcha_image.php script Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100461/sauruscms-rfi.txt 1 || 2012744 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Publishing Technology id Parameter Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/100822/publishingtechnology-sql.txt 1 || 2012745 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpRS id parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/96760/phprsmk-sql.txt 1 || 2012746 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpRS id parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/96760/phprsmk-sql.txt 1 || 2012747 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpRS id parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/96760/phprsmk-sql.txt 1 || 2012748 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpRS id parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/96760/phprsmk-sql.txt 1 || 2012749 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpRS id parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/96760/phprsmk-sql.txt 1 || 2012750 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OrangeHRM path Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/100823/OrangeHRM2.6.3-lfi.txt 1 || 2012751 || 2 || trojan-activity || 0 || ET USER_AGENTS suspicious user agent string (changhuatong) 1 || 2012752 || 2 || trojan-activity || 0 || ET DELETED Vertex Trojan UA (VERTEXNET) 1 || 2012753 || 6 || trojan-activity || 0 || ET MALWARE Possible FakeAV Binary Download 1 || 2012754 || 2 || attempted-recon || 0 || ET SCAN Possible SQLMAP Scan || url,sqlmap.sourceforge.net || url,www.darknet.org.uk/2011/04/sqlmap-0-9-released-automatic-blind-sql-injection-tool/ 1 || 2012755 || 4 || attempted-recon || 0 || ET SCAN Possible SQLMAP Scan || url,sqlmap.sourceforge.net || url,www.darknet.org.uk/2011/04/sqlmap-0-9-released-automatic-blind-sql-injection-tool/ 1 || 2012756 || 2 || attempted-user || 0 || ET WEB_CLIENT Windows Help and Support Center XSS Attempt || cve,2010-1885 1 || 2012757 || 5 || trojan-activity || 0 || ET USER_AGENTS suspicious user agent string (CholTBAgent) 1 || 2012758 || 4 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to *.dyndns. Domain 1 || 2012760 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Communications Manager xmldirectorylist.jsp SQL Injection Attempt || url,www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml || bid,47607 || cve,2011-1609 1 || 2012761 || 2 || trojan-activity || 0 || ET USER_AGENTS Suspicious user agent (mdms) 1 || 2012762 || 2 || trojan-activity || 0 || ET USER_AGENTS Suspicious user agent (asd) 1 || 2012763 || 9 || bad-unknown || 0 || ET DELETED Suspicious IAT Checking for Debugger || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012764 || 5 || misc-activity || 0 || ET DELETED Suspicious IAT NtQueryInformationProcess Possibly Checking for Debugger || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012765 || 7 || misc-activity || 0 || ET DELETED Suspicious IAT GetStartupInfo || url, sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012766 || 5 || misc-activity || 0 || ET DELETED Suspicious IAT GetComputerName || url, sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012767 || 11 || misc-activity || 0 || ET TROJAN Suspicious IAT HttpAddRequestHeader - Can Be Used For HTTP CnC || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012768 || 7 || misc-activity || 0 || ET TROJAN Suspicious IAT ZwProtectVirtualMemory - Undocumented API Which Can be Used for Rootkit Functionality || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012769 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT ZwSetSystemInformation - Undocumented API Which Can be Used for Rootkit Functionality || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012770 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT ZwWriteVirtualMemory - Undocumented API Which Can be Used for CnC Functionality || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012771 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT SetSfcFileException - Undocumented API Which Can be Used for Disabling Windows File Protections || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012772 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT NtQueueApcThread - Undocumented API Which Can be Used for Thread Injection/Downloading || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012773 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT NtResumeThread - Undocumented API Which Can be Used to Resume Thread Injection || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012774 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT NoExecuteAddFileOptOutList - Undocumented API to Add Executable to DEP Exception List || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012775 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT ModifyExecuteProtectionSupport - Undocumented API to Modify DEP || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012776 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT LdrLoadDll - Undocumented Low Level API to Load DLL || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012777 || 5 || misc-activity || 0 || ET POLICY Suspicious IAT EnableExecuteProtectionSupport - Undocumented API to Modify DEP || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012778 || 3 || misc-activity || 0 || ET DELETED Suspicious IAT NamedPipe - May Indicate Reverse Shell/Backdoor Functionality || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012779 || 4 || misc-activity || 0 || ET DELETED Suspicious IAT FTP File Interaction || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012780 || 6 || misc-activity || 0 || ET POLICY Suspicious IAT SetKeyboardState - Can Be Used for Keylogging || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012781 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Hiloti DNS Checkin Message explorer_exe || url,blog.fortinet.com/hiloti-the-botmaster-of-disguise/ 1 || 2012782 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS SuperFairy.D StartUpdata.ini Missing File HTTP Request || url,www.fortiguard.com/encyclopedia/virus/symbos_superfairy.d!tr.html 1 || 2012783 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS SuperFairy.D BackgroundUpdata.ini Missing File HTTP Request || url,www.fortiguard.com/encyclopedia/virus/symbos_superfairy.d!tr.html 1 || 2012784 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS SuperFairy.D active.txt Missing File HTTP Request || url,www.fortiguard.com/encyclopedia/virus/symbos_superfairy.d!tr.html 1 || 2012785 || 3 || trojan-activity || 0 || ET DELETED Egypack/1.0 User-Agent Likely Malware || url,www.vbulletin.com/forum/showthread.php/338741-vBulletin-Footer-SQL-Injection-Hack 1 || 2012786 || 1 || bad-unknown || 0 || ET TROJAN DNS Query for Possible FakeAV Domain 1 || 2012787 || 4 || attempted-user || 0 || ET SCADA ICONICS WebHMI ActiveX Stack Overflow || url,www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf || url,www.exploit-db.com/exploits/17240/ 1 || 2012788 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97186/klink-sql.txt 1 || 2012789 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97186/klink-sql.txt 1 || 2012790 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/97186/klink-sql.txt 1 || 2012791 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/97186/klink-sql.txt 1 || 2012792 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/97186/klink-sql.txt 1 || 2012793 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Xoopport Samsara Sections module secid Parameter Blind SQL Injection Exploit || url,exploit-db.com/exploits/15004 1 || 2012794 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClanSphere CurrentFolder Parameter Local File Inclusion Attempt || bugtraq,47636 1 || 2012795 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Golem Gaming Portal root_path Parameter Remote File inclusion Attempt || url,securityreason.com/exploitalert/7180 1 || 2012796 || 3 || bad-unknown || 0 || ET DELETED Malicious SEO landing in.cgi with URI HTTP_REFERER 1 || 2012797 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebAuction lang parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101056/WebAuction0.3.6-XSS.txt 1 || 2012799 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Ponmocup C2 Sending Data to Controller 1 || url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/ || url,community.websense.com/forums/p/10728/23862.aspx || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443 || url,www9.dyndns-server.com%3a8080/pub/botnet-links.html 1 || 2012800 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Ponmocup C2 Sending Data to Controller 2 || url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/ || url,community.websense.com/forums/p/10728/23862.aspx || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443 1 || 2012801 || 5 || trojan-activity || 0 || ET TROJAN Spoofed MSIE 7 User-Agent Likely Ponmocup || url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/ || url,community.websense.com/forums/p/10728/23862.aspx || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443 1 || 2012802 || 4 || trojan-activity || 0 || ET MALWARE Spoofed MSIE 8 User-Agent Likely Ponmocup || url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/ || url,community.websense.com/forums/p/10728/23862.aspx || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443 1 || 2012803 || 5 || trojan-activity || 0 || ET TROJAN Delf Alms backdoor checkin 1 || 2012804 || 5 || trojan-activity || 0 || ET MALWARE Possible Windows executable sent ASCII-hex-encoded || url,www.xanalysis.blogspot.com/2008/11/cve-2008-2992-adobe-pdf-exploitation.html || url,www.threatexpert.com/report.aspx?md5=513077916da4e86827a6000b40db95d5 1 || 2012805 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Automne upload-controler.php Arbitrary File Upload Vulnerability || url,securelist.com/en/advisories/43589 1 || 2012806 || 4 || attempted-user || 0 || ET WEB_CLIENT QuickTime Remote Exploit (exploit specific) || url,www.1337day.com/exploits/16077 1 || 2012807 || 4 || attempted-user || 0 || ET DELETED Possible g01pack Exploit Pack Malicious JAR File Request || url,blog.tllod.com/2010/11/03/statistics-dont-lie-or-do-they/ || url,community.websense.com/blogs/securitylabs/archive/2011/04/19/Mass-Injections-Leading-to-g01pack-Exploit-Kit.aspx 1 || 2012808 || 2 || attempted-recon || 0 || ET WEB_SPECIFIC_APPS WordPress DB XML dump attempted access || url,seclists.org/fulldisclosure/2011/May/322 1 || 2012809 || 3 || successful-recon-largescale || 0 || ET WEB_SPECIFIC_APPS WordPress DB XML dump successful leakage || url,seclists.org/fulldisclosure/2011/May/322 1 || 2012810 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.tk domain 1 || 2012811 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to a .tk domain - Likely Hostile 1 || 2012812 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Known Malicious Facebook Javascript || url,blog.trendmicro.com/dubious-javascript-code-found-in-facebook-application/ 1 || 2012813 || 2 || bad-unknown || 0 || ET WEB_CLIENT PDF With Adobe Audition Session File Handling Buffer Overflow Flowbit Set || url,exploit-db.com/exploits/17278/ || url,securitytracker.com/id/1025530 1 || 2012814 || 3 || attempted-user || 0 || ET WEB_CLIENT PDF With Adobe Audition Session File Handling Memory Corruption Attempt || url,exploit-db.com/exploits/17278/ || url,securitytracker.com/id/1025530 1 || 2012815 || 3 || bad-unknown || 0 || ET DELETED FAKEAV Scanner Landing Page (Initializing Virus Protection System...) 1 || 2012816 || 8 || bad-unknown || 0 || ET TROJAN EXE Using Suspicious IAT ZwUnmapViewOfSection Possible Malware Process Hollowing || url,blog.spiderlabs.com/2011/05/analyzing-malware-hollow-processes.html || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012817 || 4 || bad-unknown || 0 || ET DELETED EXE Using Suspicious IAT NtUnmapViewOfSection Possible Malware Process Hollowing || url,blog.spiderlabs.com/2011/05/analyzing-malware-hollow-processes.html || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 1 || 2012818 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager Blind SQL Injection Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0960 1 || 2012819 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager advancedfind.do Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0959 1 || 2012820 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager deviceInstanceName Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0959 1 || 2012821 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0959 1 || 2012822 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon_wrapper.jsp Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0959 1 || 2012823 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager clusterName Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0959 1 || 2012824 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0962 1 || 2012825 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0961 1 || 2012826 || 1 || bad-unknown || 0 || ET DNS DNS Query to a Suspicious *.vv.cc domain 1 || 2012827 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.vv.cc domain 1 || 2012828 || 2 || trojan-activity || 0 || ET TROJAN Win32/Rimecud download || url,www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Rimecud.A 1 || 2012829 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_hello SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/101251/joomlahelo-sql.txt 1 || 2012830 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_hello DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/101251/joomlahelo-sql.txt 1 || 2012831 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_hello UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/101251/joomlahelo-sql.txt 1 || 2012832 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_hello INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/101251/joomlahelo-sql.txt 1 || 2012833 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_hello UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/101251/joomlahelo-sql.txt 1 || 2012834 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ChillyCMS mod Parameter Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/89665/chillycms-sql.txt || url,exploit-db.com/exploits/12643 1 || 2012835 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS f-fileman direkt Parameter Directory Traversal Vulnerability || url,packetstormsecurity.org/files/view/101212/ffileman-traversal.txt 1 || 2012836 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Slooze Web Photo Album file Parameter Command Execution Attempt || url,1337day.com/exploits/12148 1 || 2012837 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_mgm Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/94593/joomlamgm-rfi.txt || url,securityreason.com/wlb_show/WLB-2010100045 1 || 2012838 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Plugin Is-human type Parameter Remote Code Execution Attempt || url,exploit-db.com/exploits/17299 1 || 2012839 || 4 || trojan-activity || 0 || ET TROJAN Trojan-Downloader.Win32.Small Checkin || url,threatexpert.com/report.aspx?md5=48432bdd116dccb684c8cef84579b963 1 || 2012841 || 5 || attempted-user || 0 || ET TROJAN Incognito Exploit Kit Checkin || url,blog.fireeye.com/research/2011/03/the-rise-of-incognito.html 1 || 2012842 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Xyligan Checkin || url,www.threatexpert.com/report.aspx?md5=bfbc0b106a440c111a42936906d36643 || url,www.threatexpert.com/report.aspx?md5=2190a2c0a3775bc9c60629ec2eb6f3b9 1 || 2012843 || 3 || policy-violation || 0 || ET POLICY Cleartext WordPress Login 1 || 2012844 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes.B/E CnC Checkin Request || url,blog.fortinet.com/symbosyxes-or-downloading-customized-malware/ 1 || 2012845 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes CnC Checkin Request || url,blog.fortinet.com/symbosyxes-or-downloading-customized-malware/ 1 || 2012846 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes CnC Checkin Request 2 || url,blog.fortinet.com/symbosyxes-or-downloading-customized-malware/ 1 || 2012847 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes.F CnC Checkin Request 3 || url,blog.fortinet.com/symbosyxes-or-downloading-customized-malware/ 1 || 2012848 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Possible Mobile Malware POST of IMEI International Mobile Equipment Identity in URI || url,www.met.police.uk/mobilephone/imei.htm 1 || 2012849 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Possible Mobile Malware POST of IMSI International Mobile Subscriber Identity in URI || url,www.learntelecom.com/telephony/gsm/international-mobile-subscriber-identity-imsi 1 || 2012850 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS.Flexispy.a Commercial Spying App Sending User Information to Server || url,www.fortiguard.com/encyclopedia/virus/symbos_flexispy.a!tr.spy.html 1 || 2012851 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes.I PropertyFile.jsp CnC Server Communication || url,www.fortiguard.com/encyclopedia/virus/symbos_yxes.i!worm.html 1 || 2012852 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes.I TipFile.jsp CnC Server Communication || url,www.fortiguard.com/encyclopedia/virus/symbos_yxes.i!worm.html 1 || 2012853 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes.I NumberFile.jsp CnC Server Communication || url,www.fortiguard.com/encyclopedia/virus/symbos_yxes.i!worm.html 1 || 2012854 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Merogo User Agent || url,www.fortiguard.com/encyclopedia/virus/symbos_merogo.b!tr.html 1 || 2012855 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SPR/MobileSpy Mobile Spyware Sending Geographic Location Logs To Remote Server || url,www.fortiguard.com/encyclopedia/virus/spy_mobilespy!iphoneos.html 1 || 2012856 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SPR/MobileSpy Mobile Spyware Sending Call Logs to Remote Server || url,www.fortiguard.com/encyclopedia/virus/spy_mobilespy!iphoneos.html 1 || 2012857 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SPR/MobileSpy Mobile Spyware Sending SMS Logs to Remote Server || url,www.fortiguard.com/encyclopedia/virus/spy_mobilespy!iphoneos.html 1 || 2012858 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS.Sagasi.a Worm Sending Data to Server || url,www.fortiguard.com/encyclopedia/virus/symbos_sagasi.a!tr.html 1 || 2012859 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS.Sagasi.a Worm Sending Data to Server || url,www.fortiguard.com/encyclopedia/virus/symbos_sagasi.a!tr.html 1 || 2012860 || 4 || bad-unknown || 0 || ET USER_AGENTS Suspicious User-Agent SimpleClient 1.0 || url,www.fortiguard.com/encyclopedia/virus/symbos_sagasi.a!tr.html 1 || 2012861 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS.Sagasi.a User Agent LARK/1.3.0 || url,www.fortiguard.com/encyclopedia/virus/symbos_sagasi.a!tr.html 1 || 2012862 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SslCrypt Server Communication || url,www.fortiguard.com/encyclopedia/virus/adware_sslcrypt!symbos.html 1 || 2012863 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SslCrypt Server Communication || url,www.fortiguard.com/encyclopedia/virus/adware_sslcrypt!symbos.html 1 || 2012864 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SslCrypt Server Communication || url,www.fortiguard.com/encyclopedia/virus/adware_sslcrypt!symbos.html 1 || 2012865 || 10 || trojan-activity || 0 || ET TROJAN Vinself Backdoor Checkin || url,blog.fireeye.com/research/2010/11/winself-a-new-backdoor-in-town.html 1 || 2012866 || 2 || attempted-admin || 0 || ET EXPLOIT RXS-3211 IP Camera Password Information Disclosure Attempt || bid,47976 1 || 2012867 || 3 || trojan-activity || 0 || ET TROJAN Clicker.Win32.AutoIt.ai Checkin || url,www.threatexpert.com/report.aspx?md5=39d0dbe4f6923ed36864ae339f558963 1 || 2012868 || 3 || policy-violation || 0 || ET POLICY HTTP Outbound Request containing a password 1 || 2012869 || 2 || policy-violation || 0 || ET POLICY HTTP Outbound Request containing a pass field 1 || 2012870 || 2 || policy-violation || 0 || ET POLICY HTTP Outbound Request contains pw 1 || 2012871 || 4 || trojan-activity || 0 || ET TROJAN Gozi posting form data 1 || 2012872 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TCExam tce_xml_user_results.php script SELECT FROM SQL Injection Attempt || url,autosectools.com/Advisory/TCExam-11.1.029-SQL-Injection-201 1 || 2012873 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TCExam tce_xml_user_results.php script DELETE FROM SQL Injection Attempt || url,autosectools.com/Advisory/TCExam-11.1.029-SQL-Injection-201 1 || 2012874 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TCExam tce_xml_user_results.php script UNION SELECT SQL Injection Attempt || url,autosectools.com/Advisory/TCExam-11.1.029-SQL-Injection-201 1 || 2012875 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TCExam tce_xml_user_results.php script INSERT INTO SQL Injection Attempt || url,autosectools.com/Advisory/TCExam-11.1.029-SQL-Injection-201 1 || 2012876 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TCExam tce_xml_user_results.php script UPDATE SET SQL Injection Attempt || url,autosectools.com/Advisory/TCExam-11.1.029-SQL-Injection-201 1 || 2012877 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 HANDLERS_DIRECTORY Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100565/e1070725-xssrfi.txt 1 || 2012878 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 IMAGES_DIRECTORY Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100565/e1070725-xssrfi.txt 1 || 2012879 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 imgp Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100565/e1070725-xssrfi.txt 1 || 2012880 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 trackback_url Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100565/e1070725-xssrfi.txt 1 || 2012881 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 permLink Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100565/e1070725-xssrfi.txt 1 || 2012882 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Poison.AU checkin || url,www.threatexpert.com/report.aspx?md5=4b8adc7612e984d12b77f197c59827a2 1 || 2012883 || 6 || bad-unknown || 0 || ET DELETED MALVERTISING Malicious Advertizing URL in.cgi 1 || 2012884 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Java Exploit Attempt applet via file URI param || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452 1 || 2012885 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains password= in cleartext 1 || 2012886 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains passwd= in cleartext 1 || 2012887 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains pass= in cleartext 1 || 2012888 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains pwd= in cleartext 1 || 2012889 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains pw= in cleartext 1 || 2012890 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains passphrase= in cleartext 1 || 2012891 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains pword= in cleartext 1 || 2012892 || 2 || trojan-activity || 0 || ET TROJAN JKDDOS Bot CnC Phone Home Message || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry/ || url,www.threatexpert.com/report.aspx?md5=d6b3baae9fb476f0cf3196e556cab348 1 || 2012893 || 2 || trojan-activity || 0 || ET USER_AGENTS Known Skunkx DDOS Bot User-Agent Cyberdog || url,asert.arbornetworks.com/2011/03/skunkx-ddos-bot-analysis/ 1 || 2012894 || 4 || trojan-activity || 0 || ET TROJAN Dropper.Win32.Agent.bpxo Checkin || url,www.threatexpert.com/report.aspx?md5=02e447b347a90680e03c8b7d843a8e46 || url,www.antivirus365.org/PCAntivirus/37128.html 1 || 2012895 || 2 || trojan-activity || 0 || ET TROJAN Dropper.Win32.Agent.ahju Checkin || url,www.threatexpert.com/report.aspx?md5=48ad09c574a4bd3bb24d007005382e63 || url,www.threatexpert.com/report.aspx?md5=a264690a775a4e1b3d91c2dbcd850ce9 1 || 2012896 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.ae.am domain 1 || 2012897 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.noc.su domain 1 || 2012898 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.be.ma domain 1 || 2012899 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.qc.cx domain 1 || 2012900 || 2 || bad-unknown || 0 || ET DNS DNS Query for a Suspicious *.ae.am domain 1 || 2012901 || 2 || bad-unknown || 0 || ET DNS DNS Query for a Suspicious *.noc.su domain 1 || 2012902 || 3 || bad-unknown || 0 || ET DNS DNS Query for a Suspicious *.be.ma domain 1 || 2012903 || 2 || bad-unknown || 0 || ET DNS DNS Query for a Suspicious *.qc.cx domain 1 || 2012904 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/SuperFairy.D Bookmarked Connection to Server || url,www.fortiguard.com/encyclopedia/virus/symbos_superfairy.d!tr.html 1 || 2012905 || 2 || attempted-user || 0 || ET ACTIVEX Magneto ICMP ActiveX ICMPSendEchoRequest Remote Code Execution Attempt || url,www.exploit-db.com/exploits/17328/ 1 || 2012906 || 3 || misc-activity || 0 || ET WEB_CLIENT Download of PDF With Uncompressed Flash Content flowbit set || url,www.symantec.com/connect/blogs/analysis-zero-day-exploit-adobe-flash-and-reader || url,blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/ 1 || 2012907 || 3 || misc-activity || 0 || ET WEB_CLIENT Download of PDF With Compressed Flash Content || url,www.symantec.com/connect/blogs/analysis-zero-day-exploit-adobe-flash-and-reader || url,blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/ 1 || 2012908 || 3 || bad-unknown || 0 || ET TROJAN Backdoor Win32/Begman.A Checkin || url,support.clean-mx.de/clean-mx/view_joebox.php?md5=2eb07de0ccaed89cd099fe61e6ae689e&id=766255/ || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FBegman.A || url,www.virustotal.com/file-scan/report.html?id=0bb86bf59dd554f98194b23a16b96f873ddab8cbe11de627415ff81facd84f48-1299508248 || url,anubis.iseclab.org/?action=result&task_id=138559df2a6ed04a401366a9c60e2e1cf&format=txt 1 || 2012909 || 3 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent Fragment (WORKED) 1 || 2012910 || 6 || trojan-activity || 0 || ET DELETED CPL Trojan Downloader Request 1 || 2012911 || 2 || policy-violation || 0 || ET POLICY URL Contains password Parameter 1 || 2012912 || 2 || policy-violation || 0 || ET POLICY URL Contains passwd Parameter 1 || 2012913 || 2 || policy-violation || 0 || ET POLICY URL Contains pass Parameter 1 || 2012914 || 2 || policy-violation || 0 || ET POLICY URL Contains pwd Parameter 1 || 2012915 || 2 || policy-violation || 0 || ET POLICY URL Contains pw Parameter 1 || 2012916 || 3 || policy-violation || 0 || ET POLICY URL Contains passphrase Parameter 1 || 2012917 || 2 || policy-violation || 0 || ET POLICY URL Contains pword Parameter 1 || 2012918 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible TDSS Trojan GET with xxxx_ string 1 || 2012919 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nagios Expand Parameter XSS Attempt || bid,48087 1 || 2012921 || 2 || trojan-activity || 0 || ET TROJAN Possible TDSS Base64 Encoded Command 1 1 || 2012922 || 2 || trojan-activity || 0 || ET TROJAN Possible TDSS Base64 Encoded Command 2 1 || 2012923 || 2 || trojan-activity || 0 || ET TROJAN Possible TDSS Base64 Encoded Command 3 1 || 2012924 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Smspacem CnC Communication Attempt || url,www.fortiguard.com/encyclopedia/virus/android_smspacem.a!tr.html 1 || 2012925 || 2 || shellcode-detect || 0 || ET SHELLCODE Javascript Split String Unicode Heap Spray Attempt 1 || 2012926 || 3 || attempted-dos || 0 || ET WEB_SERVER Apache APR apr_fnmatch Stack Overflow Denial of Service || cve,2011-0419 || url,cxib.net/stuff/apr_fnmatch.txt || url,bugzilla.redhat.com/show_bug.cgi?id=703390 1 || 2012927 || 4 || bad-unknown || 0 || ET DELETED DYNAMIC_DNS HTTP Request to a *.dyndns.* domain 1 || 2012928 || 7 || bad-unknown || 0 || ET DELETED DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain 1 || 2012929 || 2 || attempted-user || 0 || ET ACTIVEX Cisco AnyConnect VPN Secure Mobility Client Arbitrary Program Execution Attempt || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=909 || bid,48081 || cve,2011-2039 || cve,2011-2040 1 || 2012930 || 3 || attempted-user || 0 || ET ACTIVEX Cisco AnyConnect VPN Secure Mobility Client Cisco.AnyConnect.VPNWeb.1 Arbitrary Program Execution Attempt || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=909 || bid,48081 || cve,2011-2039 || cve,2011-2040 1 || 2012931 || 4 || trojan-activity || 0 || ET TROJAN Generic Dropper/Clicker Checkin 1 || 2012932 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Suspicious Email Attachment Possibly Related to Mydoom.L@mm || url,www.symantec.com/security_response/writeup.jsp?docid=2004-071915-0829-99&tabid=2 || url,www.threatexpert.com/report.aspx?md5=28110a8ea5c13859ddf026db5a8a864a 1 || 2012933 || 3 || policy-violation || 0 || ET POLICY Smilebox Software/Adware Checkin || url,www.smilebox.com/privacy-policy.html 1 || 2012934 || 4 || trojan-activity || 0 || ET TROJAN Generic adClicker Checkin 1 || 2012935 || 6 || policy-violation || 0 || ET POLICY Google Music Streaming || url,music.google.com/about 1 || 2012936 || 3 || trojan-activity || 0 || ET SCAN ZmEu Scanner User-Agent Inbound 1 || 2012937 || 2 || trojan-activity || 0 || ET SCAN Internal Dummy Connection User-Agent Inbound 1 || 2012938 || 2 || denial-of-service || 0 || ET DOS IBM Tivoli Endpoint Buffer Overflow Attempt || url, zerodayinitiative.com/advisories/ZDI-11-169/ 1 || 2012939 || 7 || trojan-activity || 0 || ET TROJAN Kazy/Kryptor/Cycbot Trojan Checkin 1 || 2012940 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Eleonore Exploit Pack exemple.com Request 1 || 2012941 || 7 || attempted-user || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit Newplayer.pdf || cve,2009-4324 || url,www.m86security.com/labs/i/Phoenix-Exploit-Kit-2-0,trace.1427~.asp 1 || 2012942 || 7 || attempted-user || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit Printf.pdf || cve,2008-2992 || url,www.m86security.com/labs/i/Phoenix-Exploit-Kit-2-0,trace.1427~.asp 1 || 2012943 || 7 || attempted-user || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit Geticon.pdf || url,www.m86security.com/labs/i/Phoenix-Exploit-Kit-2-0,trace.1427~.asp 1 || 2012944 || 7 || attempted-user || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit All.pdf || url,www.m86security.com/labs/i/Phoenix-Exploit-Kit-2-0,trace.1427~.asp 1 || 2012945 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS nvisionix Roaming System sessions.php script Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/101786/nvisionix-lfi.txt 1 || 2012946 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress inline-gallery do parameter Cross Site Scripting Attempt || bugtraq,46781 1 || 2012947 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebC.be Fichier_a_telecharger Parameter Local File Disclosure Attempt || url,1337day.com/exploits/16237 1 || 2012948 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_jmsfileseller view Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/17338 1 || 2012949 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Opencadastre soustab.php script Local File Inclusion Vulnerability || url,hack0wn.com/view.php?xroot=1440.0&cat=exploits 1 || 2012950 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openscrutin droit.class.php path_om Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/88613/openscrutin-rfilfi.txt 1 || 2012951 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openscrutin collectivite.class.php path_om Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/88613/openscrutin-rfilfi.txt 1 || 2012952 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openscrutin utilisateur.class.php path_om Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/88613/openscrutin-rfilfi.txt 1 || 2012953 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openscrutin courrier.class.php path_om Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/88613/openscrutin-rfilfi.txt 1 || 2012954 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openscrutin profil.class.php path_om Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/88613/openscrutin-rfilfi.txt 1 || 2012955 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.co.tv domain 1 || 2012956 || 2 || bad-unknown || 0 || ET DNS DNS Query for a Suspicious *.co.tv domain 1 || 2012957 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.ZZSlash/Redosdru.E checkin || url,www.threatexpert.com/report.aspx?md5=3b0299d72c853f56a1595c855776f89f || url,www.threatexpert.com/report.aspx?md5=adc3a35d1244c9129be6edd6ccfaec5b 1 || 2012958 || 5 || trojan-activity || 0 || ET DELETED MacDefender OS X Fake AV Scareware || url,blog.spiderlabs.com/2011/06/analysis-and-evolution-of-macdefender-os-x-fake-av-scareware.html 1 || 2012959 || 3 || trojan-activity || 0 || ET TROJAN MacShield User-Agent Likely Malware || url,blog.spiderlabs.com/2011/06/analysis-and-evolution-of-macdefender-os-x-fake-av-scareware.html 1 || 2012960 || 8 || trojan-activity || 0 || ET TROJAN Trojan.Vaklik.kku Checkin Request || url,threatexpert.com/report.aspx?md5=47a6dd02ee197f82b28cee0ab2b9bd35 || url,threatexpert.com/report.aspx?md5=81d8a235cb5f7345b5796483abe8145f || url,www.threatexpert.com/report.aspx?md5=9688d1d37a7ced200c53ec2b9332a0ad 1 || 2012961 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Vaklik.kku Checkin Response || url,threatexpert.com/report.aspx?md5=81d8a235cb5f7345b5796483abe8145f || url,www.threatexpert.com/report.aspx?md5=9688d1d37a7ced200c53ec2b9332a0ad 1 || 2012962 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible 0x0a0a0a0a Heap Spray Attempt 1 || 2012963 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible 0x0b0b0b0b Heap Spray Attempt 1 || 2012964 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible 0x0c0c0c0c Heap Spray Attempt 1 || 2012965 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible 0x0d0d0d0d Heap Spray Attempt 1 || 2012966 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible %0d%0d%0d%0d Heap Spray Attempt || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012967 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible %u0d%u0d%u0d%u0d UTF-8 Heap Spray Attempt || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012968 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible %u0d0d%u0d0d UTF-16 Heap Spray Attempt || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012969 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Vertical Slash Unicode Heap Spray Attempt || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012970 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Backslash Unicode Heap Spray Attempt || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2012971 || 2 || trojan-activity || 0 || ET TROJAN W32.Qakbot Update Request || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf || url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99 1 || 2012972 || 2 || trojan-activity || 0 || ET TROJAN W32.Qakbot Request for Compromised FTP Sites || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf || url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99 1 || 2012973 || 3 || trojan-activity || 0 || ET TROJAN W32.Qakbot Webpage Infection Routine POST || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf || url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99 1 || 2012974 || 2 || trojan-activity || 0 || ET TROJAN W32.Qakbot .cb File Extention FTP Upload || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf || url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99 1 || 2012975 || 2 || trojan-activity || 0 || ET TROJAN W32.Qakbot Seclog FTP Upload || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf || url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99 1 || 2012976 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HP Insight Diagnostics Online Edition search.php XSS Attempt || bid,45420 || cve,2010-4111 1 || 2012977 || 2 || attempted-recon || 0 || ET WEB_SPECIFIC_APPS Possible Oracle GlassFish Server Administration Console Authentication Bypass Attempt || url,www.coresecurity.com/content/oracle-glassfish-server-administration-console-authentication-bypass || bid,47818 || cve,2011-1511 1 || 2012978 || 2 || attempted-user || 0 || ET WEB_CLIENT Adobe Audition Malformed Session File Buffer Overflow Attempt || url,www.coresecurity.com/content/Adobe-Audition-malformed-SES-file || bid,47838 || cve,2011-0615 1 || 2012979 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt || url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities || cve,2010-3272 1 || 2012980 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ZOHO ManageEngine ADSelfService Employee Search XSS Attempt || url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities || cve,2010-3274 1 || 2012981 || 3 || trojan-activity || 0 || ET TROJAN Possible FakeAV Binary Download (Security) 1 || 2012982 || 3 || not-suspicious || 0 || ET SMTP Abuseat.org Block Message 1 || 2012986 || 2 || not-suspicious || 0 || ET SMTP Robtex.com Block Message 1 || 2012987 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TEDE Simplificado processaPesquisa.php script SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/101876/tedesimplificado-sql.txt 1 || 2012988 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TEDE Simplificado processaPesquisa.php script DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/101876/tedesimplificado-sql.txt 1 || 2012989 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TEDE Simplificado processaPesquisa.php script UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/101876/tedesimplificado-sql.txt 1 || 2012990 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TEDE Simplificado processaPesquisa.php script INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/101876/tedesimplificado-sql.txt 1 || 2012991 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TEDE Simplificado processaPesquisa.php script UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/101876/tedesimplificado-sql.txt 1 || 2012992 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nakid CMS CKEditorFuncNum parameter Cross Site Scripting Attempt || url,autosectools.com/Advisory/Nakid-CMS-1.0.2-Reflected-Cross-site-Scripting-230 1 || 2012993 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PEAR include_path Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/86292/pear-rfi.txt 1 || 2012994 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PEAR_PHPDIR Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/86292/pear-rfi.txt 1 || 2012995 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS People Joomla Component controller Parameter Local File Inclusion Vulnerability || url,exploit-db.com/exploits/16001 1 || 2012996 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AWStats Totals sort parameter Remote Code Execution Attempt || url,packetstormsecurity.org/files/view/101698/awstatstotals_multisort.rb.txt 1 || 2012997 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible http Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2012998 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible https Local File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2012999 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible ftp Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2013000 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible ftps Local File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2013001 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible php Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2013002 || 5 || web-application-attack || 0 || ET WEB_SERVER PHP Possible file Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2013003 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible data Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2013004 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible glob Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2013005 || 5 || web-application-attack || 0 || ET WEB_SERVER PHP Possible phar Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2013006 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible ssh2 Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2013007 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible rar Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2013008 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible ogg Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2013009 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible expect Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2013010 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Request to malicious info.php drive-by landing 1 || 2013011 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious PHP 302 redirect response with avtor URI and cookie 1 || 2013012 || 4 || bad-unknown || 0 || ET DELETED MALVERTISING SL_*_0000 JavaScript redirect 1 || 2013013 || 3 || policy-violation || 0 || ET POLICY StumbleUpon Submission Detected 1 || 2013014 || 5 || web-application-attack || 0 || ET WEB_SERVER PHP Possible zlib Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/ 1 || 2013015 || 2 || policy-violation || 0 || ET CURRENT_EVENTS HTTP Request to Illegal Drug Sales Site (SilkRoad) 1 || 2013016 || 2 || policy-violation || 0 || ET DNS DNS Query for Illegal Drug Sales Site (SilkRoad) 1 || 2013017 || 4 || trojan-activity || 0 || ET TROJAN Known Malicious User-Agent (x) Win32/Tracur.A or OneStep Adware Related || url,www.symantec.com/security_response/writeup.jsp?docid=2008-112613-5052-99&tabid=2 || url,doc.emergingthreats.net/2009987 1 || 2013018 || 5 || trojan-activity || 0 || ET POLICY HTMLGET User Agent Detected - Often Linux utility based || url,mtc.sri.com/iPhone/ 1 || 2013019 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Iphone iKee.B Checkin || url,mtc.sri.com/iPhone/ 1 || 2013020 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE DroidKungFu Checkin || url,extraexploit.blogspot.com/2011/06/droidkungfu-just-some-piece-of-code.html || url,www.redmondpie.com/droidkungfu-new-hard-to-detect-android-malware-threat-on-the-loose-steals-user-data-and-more/ || url,www.fortiguard.com/encyclopedia/virus/android_droidkungfu.a!tr.html 1 || 2013021 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Possible Post of Infected Mobile Device Location Information 1 || 2013022 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE DroidKungFu Checkin 2 || url,extraexploit.blogspot.com/2011/06/droidkungfu-just-some-piece-of-code.html || url,www.redmondpie.com/droidkungfu-new-hard-to-detect-android-malware-threat-on-the-loose-steals-user-data-and-more/ || url,www.fortiguard.com/encyclopedia/virus/android_droidkungfu.a!tr.html 1 || 2013023 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE DNS Query for gongfu-android.com DroidKungFu CnC Server || url,extraexploit.blogspot.com/2011/06/droidkungfu-just-some-piece-of-code.html || url,www.redmondpie.com/droidkungfu-new-hard-to-detect-android-malware-threat-on-the-loose-steals-user-data-and-more/ || url,www.fortiguard.com/encyclopedia/virus/android_droidkungfu.a!tr.html 1 || 2013024 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit kit mario.jar 1 || 2013025 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Java/PDF Exploit kit from /Home/games/ initial landing 1 || 2013026 || 2 || trojan-activity || 0 || ET TROJAN Secure-Soft.Stealer Checkin || url,www.threatexpert.com/report.aspx?md5=c86923d90ef91653b0a61eb2fbfae202 || url,www.threatexpert.com/report.aspx?md5=0a52131eebbee1df877767875ab32352 1 || 2013027 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Java/PDF Exploit kit initial landing 1 || 2013028 || 4 || attempted-recon || 0 || ET POLICY curl User-Agent Outbound || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013029 || 2 || attempted-recon || 0 || ET DELETED Java User Agent || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013030 || 3 || attempted-recon || 0 || ET POLICY libwww-perl User-Agent || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013031 || 3 || attempted-recon || 0 || ET POLICY Python-urllib/ Suspicious User Agent || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013032 || 2 || attempted-recon || 0 || ET USER_AGENTS EmailSiphon Suspicious User-Agent Inbound || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013033 || 3 || attempted-recon || 0 || ET USER_AGENTS EmailSiphon Suspicious User-Agent Outbound || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013034 || 4 || trojan-activity || 0 || ET TROJAN WebToolbar.Win32.WhenU.r Reporting || url,threatexpert.com/report.aspx?md5=27867435a1b6b3f35daf13faac6f77b7 1 || 2013035 || 3 || misc-activity || 0 || ET POLICY Java Client HTTP Request 1 || 2013036 || 7 || trojan-activity || 0 || ET TROJAN Java EXE Download by Vulnerable Version - Likely Driveby 1 || 2013037 || 7 || trojan-activity || 0 || ET POLICY Java EXE Download 1 || 2013038 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE DNS Query For Known Mobile Malware Control Server Waplove.cn || url,www.symantec.com/security_response/writeup.jsp?docid=2011-060910-5804-99&tabid=2 1 || 2013039 || 5 || trojan-activity || 0 || ET DELETED Android.Tonclank Sending Device Information || url,www.symantec.com/security_response/writeup.jsp?docid=2011-061012-4545-99&tabid=2 1 || 2013040 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android.Tonclank JAR File Download || url,www.symantec.com/security_response/writeup.jsp?docid=2011-061012-4545-99&tabid=2 1 || 2013042 || 6 || trojan-activity || 0 || ET POLICY Android.Plankton/Tonclank Successful Installation Device Information POST || url,www.csc.ncsu.edu/faculty/jiang/Plankton/ || url,www.symantec.com/security_response/writeup.jsp?docid=2011-060910-5804-99&tabid=2 1 || 2013043 || 4 || trojan-activity || 0 || ET POLICY Android.Plankton/Tonclank Successful Installation Device Information POST Message Body || url,www.csc.ncsu.edu/faculty/jiang/Plankton/ || url,www.symantec.com/security_response/writeup.jsp?docid=2011-060910-5804-99&tabid=2 1 || 2013044 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE Android.Plankton/Tonclank Control Server Responding With JAR Download URL || url,www.csc.ncsu.edu/faculty/jiang/Plankton/ || url,www.symantec.com/security_response/writeup.jsp?docid=2011-060910-5804-99&tabid=2 1 || 2013045 || 2 || trojan-activity || 0 || ET TROJAN DLoader File Download Request Activity || url,www.f-secure.com/v-descs/trojan-downloader_w32_kdv176347.shtml || url,about-threats.trendmicro.com/malware.aspx?language=us&name=TROJ_VBKRYPT.CB || url,www.threatexpert.com/report.aspx?md5=3310259795b787210dd6825e7b6d6d28 || url,www.threatexpert.com/report.aspx?md5=12554e7f2e78daf26e73a2f92d01e7a7 || url,www.threatexpert.com/report.aspx?md5=7af2097d75869aa5aa656cd6e523c8b3 1 || 2013046 || 3 || trojan-activity || 0 || ET TROJAN DLoader PWS Module Data Upload Activity || url,www.f-secure.com/v-descs/trojan-downloader_w32_kdv176347.shtml || url,about-threats.trendmicro.com/malware.aspx?language=us&name=TROJ_VBKRYPT.CB || url,www.threatexpert.com/report.aspx?md5=3310259795b787210dd6825e7b6d6d28 || url,www.threatexpert.com/report.aspx?md5=12554e7f2e78daf26e73a2f92d01e7a7 || url,www.threatexpert.com/report.aspx?md5=7af2097d75869aa5aa656cd6e523c8b3 1 || 2013047 || 4 || trojan-activity || 0 || ET TROJAN DonBot Checkin || url,labs.m86security.com/2011/06/new-bots-old-bots-ii-donbot/ 1 || 2013048 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Shipping Invoice Request to JPG.exe Executable 1 || 2013049 || 2 || attempted-recon || 0 || ET WEB_SERVER Binget PHP Library User Agent Inbound || url,www.bin-co.com/php/scripts/load/ || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013050 || 2 || attempted-recon || 0 || ET USER_AGENTS Binget PHP Library User Agent Outbound || url,www.bin-co.com/php/scripts/load/ || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013051 || 2 || attempted-recon || 0 || ET WEB_SERVER pxyscand Suspicious User Agent Inbound || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013052 || 2 || attempted-recon || 0 || ET USER_AGENTS pxyscand/ Suspicious User Agent Outbound || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013053 || 2 || attempted-recon || 0 || ET WEB_SERVER PyCurl Suspicious User Agent Inbound || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013054 || 2 || attempted-recon || 0 || ET USER_AGENTS PyCurl Suspicious User Agent Outbound || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013055 || 2 || attempted-recon || 0 || ET POLICY Peach C++ Library User Agent Inbound || url,www.useragentstring.com/pages/useragentstring.php || url,www.useragentstring.com/Peach1.01_id_12276.php 1 || 2013056 || 4 || attempted-recon || 0 || ET POLICY Peach C++ Library User Agent Outbound || url,www.useragentstring.com/pages/useragentstring.php || url,www.useragentstring.com/Peach1.01_id_12276.php 1 || 2013057 || 3 || attempted-recon || 0 || ET WEB_SERVER Inbound PHP User-Agent || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013058 || 3 || attempted-recon || 0 || ET WEB_SERVER Outbound PHP User-Agent || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013059 || 3 || bad-unknown || 0 || ET POLICY BitCoin 1 || 2013060 || 3 || web-application-attack || 0 || ET DELETED Client Visiting Sidename.js Injected Website - Malware Related || url,blog.armorize.com/2011/06/mass-meshing-injection-sidenamejs.html 1 || 2013061 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Sidename.js Injected Script Served by Local WebServer || url,blog.armorize.com/2011/06/mass-meshing-injection-sidenamejs.html 1 || 2013062 || 2 || trojan-activity || 0 || ET TROJAN MacShield FakeAV CnC Communication || url,blog.trendmicro.com/obfuscated-ip-addresses-and-affiliate-ids-in-mac-fakeav/ 1 || 2013063 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE DroidKungFu Checkin 3 || url,extraexploit.blogspot.com/2011/06/droidkungfu-just-some-piece-of-code.html || url,www.redmondpie.com/droidkungfu-new-hard-to-detect-android-malware-threat-on-the-loose-steals-user-data-and-more/ || url,www.fortiguard.com/encyclopedia/virus/android_droidkungfu.a!tr.html || url,blog.fortinet.com/androiddroidkungfu-attacking-from-a-mobile-device/ 1 || 2013064 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Tracur.Q HTTP Communication || url,xml.ssdsandbox.net/view/d2afc3be7357f96834ec684ab329d7e2 1 || 2013065 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CVE-2011-2110 Flash Exploit Attempt || url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20110617 1 || 2013066 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Java Exploit Attempt applet via file URI setAttribute || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452 1 || 2013067 || 2 || trojan-activity || 0 || ET DELETED Win32/Fynloski Backdoor Keepalive Message || url,www.threatexpert.com/report.aspx?md5=baca8170608c189e2911dc4e430c7719 1 || 2013068 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible GRANT TO SQL Injection Attempt || url,beginner-sql-tutorial.com/sql-grant-revoke-privileges-roles.htm 1 || 2013069 || 3 || attempted-user || 0 || ET WEB_CLIENT Adobe Shockwave rcsL Chunk Remote Code Execution Attempt || url,www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/ || bid,42682 || cve,2010-2873 1 || 2013070 || 3 || attempted-user || 0 || ET WEB_CLIENT Adobe Shockwave Director tSAC Chunk memory corruption Attempt || url,www.exploit-db.com/moaub-22-adobe-shockwave-director-tsac-chunk-memory-corruption/ 1 || 2013071 || 4 || trojan-activity || 0 || ET TROJAN Dropper.MSIL.Agent.ate Checkin || url,threatexpert.com/report.aspx?md5=4860e53b7e71cd57956e10ef48342b5f 1 || 2013072 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.HongTouTou Checkin || url,www.fortiguard.com/encyclopedia/virus/android_hongtoutou.a!tr.html 1 || 2013073 || 4 || trojan-activity || 0 || ET TROJAN Win32.Meredrop Checkin || url,www.virustotal.com/file-scan/report.html?id=14c8e9f054d6f7ff4d59b71b65933d73027fe39a2a62729257712170e36f32c5-1308250070 1 || 2013075 || 9 || bad-unknown || 0 || ET CURRENT_EVENTS Large DNS Query possible covert channel 1 || 2013076 || 7 || trojan-activity || 0 || ET TROJAN Zeus Bot GET to Google checking Internet connectivity || url,www.secureworks.com/research/threats/zeus/?threat=zeus || url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html 1 || 2013077 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Pack HCP overflow Media Player lt 10 1 || 2013078 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.YzhcSms CnC Keepalive Message || url,www.fortiguard.com/encyclopedia/virus/android_yzhcsms.a!tr.html 1 || 2013079 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.YzhcSms URL for Possible File Download || url,www.fortiguard.com/encyclopedia/virus/android_yzhcsms.a!tr.html 1 || 2013080 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP link Directory sbcat_id Parameter SELECT FROM SQL Injection Attempt || bugtraq,46048 1 || 2013081 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP link Directory sbcat_id Parameter DELETE FROM SQL Injection Attempt || bugtraq,46048 1 || 2013082 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP link Directory sbcat_id Parameter UNION SELECT SQL Injection Attempt || bugtraq,46048 1 || 2013083 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP link Directory sbcat_id Parameter INSERT INTO SQL Injection Attempt || bugtraq,46048 1 || 2013084 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP link Directory sbcat_id Parameter UPDATE SET SQL Injection Attempt || bugtraq,46048 1 || 2013085 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BLOG CMS nsextt parameter Cross Site Scripting Vulnerability || url,seclists.org/bugtraq/2011/Jun/59 1 || 2013086 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin sortorder parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/102001/xperience-xss.txt 1 || 2013087 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS impressCMS FCKeditor root_path Parameter Remote File inclusion Attempt || url,1337day.com/exploits/16001 1 || 2013088 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS impressCMS tinymce root_path Parameter Remote File inclusion Attempt || url,1337day.com/exploits/16001 1 || 2013089 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS impressCMS dhtmltextarea root_path Parameter Remote File inclusion Attempt || url,1337day.com/exploits/16001 1 || 2013090 || 10 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Fynloski.A/DarkRat Checkin Outbound || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fFynloski.A&ThreatID=-2147327112 || url,www.contextis.com/research/blog/darkcometrat/ || url,www.eff.org/deeplinks/2012/08/syrian-malware-post || md5,a2f58a4215441276706f18519dae9102 1 || 2013091 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Fynloski.A Checkin Inbound || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fFynloski.A&ThreatID=-2147327112 || url,www.contextis.com/research/blog/darkcometrat/ 1 || 2013092 || 4 || trojan-activity || 0 || ET TROJAN VBKrypt.cmtp Login to Server || url,vil.nai.com/vil/content/v_377875.htm 1 || 2013093 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Clickfraud Framework Request 1 || 2013094 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS Phoenix/Fiesta URI Requested Contains /? and hex 1 || 2013095 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nagios Expand Parameter Cross Site Scripting Attempt || bid,48087 || cve,2011-2179 1 || 2013096 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain 1 || 2013097 || 7 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns.* domain 1 || 2013098 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Driveby Exploit Kit Browser Progress Checkin - Binary Likely Previously Downloaded 1 || 2013099 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive useredit script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt 1 || 2013100 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive roleedit script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt 1 || 2013101 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive userlist script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt 1 || 2013102 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive deleteArtifact script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt 1 || 2013103 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive addLegacyArtifactPath script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt 1 || 2013104 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive deleteNetworkProxy script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt 1 || 2013105 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive addRepository script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc xss.txt 1 || 2013106 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive confirmDeleteRepository script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc xss.txt 1 || 2013107 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive editAppearance script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt 1 || 2013108 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive addLegacyArtifactPath.action Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt 1 || 2013109 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive addNetworkProxy script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt 1 || 2013110 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive networkProxies script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt 1 || 2013111 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive legacyArtifactPath script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt 1 || 2013112 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive configureAppearance script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt 1 || 2013113 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CVE-2011-2110 Flash Exploit Campaign Log.txt Request || cve,2011-2110 || url,blog.fireeye.com/research/2011/06/old-wine-in-a-new-bottle.html 1 || 2013114 || 2 || trojan-activity || 0 || ET TROJAN Win32.Vilsel Checkin || url,www.malware-control.com/statics-pages/5de2e2f56e5277cfe3d44299ab496648.php || url,www.malware-control.com/statics-pages/87290c3019b7dbac0d7d2e15f03572ba.php 1 || 2013115 || 3 || attempted-recon || 0 || ET WEB_SERVER Muieblackcat scanner 1 || 2013116 || 5 || attempted-recon || 0 || ET SCAN Potential muieblackcat scanner double-URI and HTTP library 1 || 2013117 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Tomcat Sort Paramter Cross Site Scripting Attempt || bid,45015 || cve,2010-4172 1 || 2013118 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Tomcat Orderby Paramter Cross Site Scripting Attempt || bid,45015 || cve,2010-4172 1 || 2013119 || 2 || attempted-user || 0 || ET ACTIVEX Easewe FTP OCX ActiveX Control EaseWeFtp.ocx Remote Code Execution Attempt || bid,48393 1 || 2013120 || 1 || denial-of-service || 0 || ET SCADA Siemens FactoryLink 8 CSService Logging Buffer Overflow Vulnerability || url,packetstormsecurity.org/files/view/102579/factorylink_csservice.rb.txt 1 || 2013121 || 3 || trojan-activity || 0 || ET DELETED Win32.VB.OWR Checkin || url,www.threatexpert.com/report.aspx?md5=7684532e7e1d717427f6842e9d5ecd56 || url,anubis.iseclab.org/?action=result&task_id=1ac5dbffd86ddd7f49da78a66fbeb6c37&format=txt 1 || 2013122 || 5 || trojan-activity || 0 || ET TROJAN Vilsel.ayjv Checkin (aid) 1 || 2013123 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.co.be domain 1 || 2013124 || 3 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .co.be Domain 1 || 2013125 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SoftMP3 search Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/17209 1 || 2013126 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SoftMP3 search Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/17209 1 || 2013127 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SoftMP3 search Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/17209 1 || 2013128 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SoftMP3 search Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/17209 1 || 2013129 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SoftMP3 search Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/17209 1 || 2013130 || 2 || attempted-user || 0 || ET ACTIVEX Black Ice Cover Page SDK DownloadImageFileURL Method Exploit || url,exploit-db.com/exploits/17415/ || cve,2008-2683 1 || 2013131 || 2 || attempted-user || 0 || ET ACTIVEX Black Ice Fax Voice SDK GetItemQueue Method Remote Code Execution Exploit || url,exploit-db.com/exploits/17416 1 || 2013132 || 2 || attempted-user || 0 || ET ACTIVEX Black Ice Fax Voice SDK GetFirstItem Method Remote Code Execution Exploit || url,exploit-db.com/exploits/17416 1 || 2013133 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin vBTube vidid Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/102238/vbtube129-xss.txt 1 || 2013134 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin vBTube uname Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/102238/vbtube129-xss.txt 1 || 2013135 || 1 || trojan-activity || 0 || ET TROJAN FakeAV FakeAlert.Rena.n Checkin Flowbit set 1 || 2013136 || 6 || trojan-activity || 0 || ET TROJAN FakeAV FakeAlertRena.n Checkin Response from Server 1 || 2013137 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible CVE-2011-2110 Flash Exploit Attempt Embedded in Web Page || url,stopmalvertising.com/malware-reports/all-ur-swf-bel0ng-2-us-analysis-of-cve-2011-2110.html || bid,48268 || cve,2011-2110 1 || 2013138 || 8 || trojan-activity || 0 || ET MOBILE_MALWARE XML Style POST Of IMEI International Mobile Equipment Identity || url,www.met.police.uk/mobilephone/imei.htm 1 || 2013139 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE XML Style POST Of IMSI International Mobile Subscriber Identity || url,www.learntelecom.com/telephony/gsm/international-mobile-subscriber-identity-imsi 1 || 2013140 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes CnC Checkin Message || url,blog.fortinet.com/symbosyxes-goes-version-2/ 1 || 2013141 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes Plugucsrv.sisx File Download || url,blog.fortinet.com/symbosyxes-goes-version-2/ 1 || 2013142 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes Jump.jsp CnC Checkin Message || url,blog.fortinet.com/symbosyxes-goes-version-2/ 1 || 2013143 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes KernelPara.jsp CnC Checkin Message || url,blog.fortinet.com/symbosyxes-goes-version-2/ 1 || 2013144 || 2 || attempted-user || 0 || ET WEB_CLIENT Mozilla Firefox nsTreeSelection Element invalidateSelection Remote Code Execution Attempt || bid,41853 || cve,2010-2753 1 || 2013145 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible %41%41%41%41 Heap Spray Attempt 1 || 2013146 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible %u41%u41%u41%u41 UTF-8 Heap Spray Attempt 1 || 2013147 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible %u4141%u4141 UTF-16 Heap Spray Attempt 1 || 2013148 || 3 || shellcode-detect || 0 || ET SHELLCODE JavaScript Redefinition of a HeapLib Object - Likely Malicious Heap Spray Attempt 1 || 2013149 || 2 || trojan-activity || 0 || ET MALWARE RogueAntiSpyware.AntiVirusPro Checkin || url,www.threatexpert.com/report.aspx?md5=8d1b47452307259f1e191e16ed23cd35 1 || 2013150 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ZyXEL ZyWALL LoginPassword/HiddenPassword Cross Site Scripting Attempt || cve,2011-2466 1 || 2013152 || 2 || attempted-user || 0 || ET WEB_CLIENT Adobe Acrobat Util.printf Buffer Overflow Attempt || url,www.coresecurity.com/content/adobe-reader-buffer-overflow || bid,30035 || cve,2008-2992 1 || 2013153 || 2 || attempted-user || 0 || ET WEB_CLIENT Adobe Acrobat Reader FlateDecode Stream Predictor Exploit Attempt || url,www.fortiguard.com/analysis/pdfanalysis.html || bid,36600 || cve,2009-3459 1 || 2013154 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Gbod.dv Checkin 1 || 2013155 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress plugin Flash Album Gallery pid Parameter SELECT FROM SQL Injection Attempt || url,htbridge.ch/advisory/sql_injection_in_grand_flash_album_gallery_wordpress_plugin.html 1 || 2013156 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress plugin Flash Album Gallery pid Parameter DELETE FROM SQL Injection Attempt || url,htbridge.ch/advisory/sql_injection_in_grand_flash_album_gallery_wordpress_plugin.html 1 || 2013157 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress plugin Flash Album Gallery pid Parameter UNION SELECT SQL Injection Attempt || url,htbridge.ch/advisory/sql_injection_in_grand_flash_album_gallery_wordpress_plugin.html 1 || 2013158 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress plugin Flash Album Gallery pid Parameter INSERT INTO SQL Injection Attempt || url,htbridge.ch/advisory/sql_injection_in_grand_flash_album_gallery_wordpress_plugin.html 1 || 2013159 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress plugin Flash Album Gallery pid Parameter UPDATE SET SQL Injection Attempt || url,htbridge.ch/advisory/sql_injection_in_grand_flash_album_gallery_wordpress_plugin.html 1 || 2013160 || 2 || attempted-user || 0 || ET ACTIVEX CygniCon CyViewer ActiveX Control SaveData Insecure Method Vulnerability || bugtraq,48483 1 || 2013161 || 2 || attempted-user || 0 || ET ACTIVEX Ubisoft CoGSManager ActiveX Initialize method Buffer Overflow Vulnerability || url,secunia.com/advisories/45044 1 || 2013162 || 2 || attempted-user || 0 || ET ACTIVEX Ubisoft CoGSManager ActiveX RunCore method Buffer Overflow Vulnerability || url,secunia.com/advisories/45044 1 || 2013163 || 2 || attempted-user || 0 || ET ACTIVEX LEADTOOLS Imaging LEADSmtp ActiveX SaveMessage Method Vulnerability || bugtraq,48408 1 || 2013164 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Webcat web_id Parameter Blind SQL Injection Vulnerability || url,exploit-db.com/exploits/17444 1 || 2013165 || 2 || attempted-admin || 0 || ET EXPLOIT 2Wire Password Reset Vulnerability via GET || url,www.seguridad.unam.mx/doc/?ap=articulo&id=196 || url,packetstormsecurity.org/files/view/102614/2wire-reset.rb.txt 1 || 2013166 || 2 || attempted-admin || 0 || ET EXPLOIT 2Wire Password Reset Vulnerability via POST || url,www.seguridad.unam.mx/doc/?ap=articulo&id=196 || url,packetstormsecurity.org/files/view/102614/2wire-reset.rb.txt 1 || 2013167 || 4 || misc-activity || 0 || ET EXPLOIT FreeBSD OpenSSH 3.5p1 possible vulnerable server || url,packetstormsecurity.org/files/view/102683/ssh_preauth_freebsd.txt || url,seclists.org/2011/Jul/6 1 || 2013168 || 5 || trojan-activity || 0 || ET TROJAN Generic Bot Checkin || url,www.threatexpert.com/report.aspx?md5=be3aed34928cb826030b462279a1c453 1 || 2013169 || 2 || trojan-activity || 0 || ET TROJAN Gozi Communication 2 1 || 2013170 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.cu.cc domain 1 || 2013171 || 2 || web-application-attack || 0 || ET SCAN DominoHunter Security Scan in Progress || url,packetstormsecurity.org/files/31653/DominoHunter-0.92.zip.html 1 || 2013172 || 2 || bad-unknown || 0 || ET DNS DNS Query for a Suspicious *.cu.cc domain 1 || 2013173 || 3 || attempted-recon || 0 || ET USER_AGENTS Atomic_Email_Hunter User-Agent Inbound || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013174 || 3 || attempted-recon || 0 || ET USER_AGENTS Atomic_Email_Hunter User-Agent Outbound || url,www.useragentstring.com/pages/useragentstring.php 1 || 2013175 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Likely EgyPack Exploit kit landing page (EGYPACK_CRYPT) || url,www.kahusecurity.com/2011/new-exploit-kit-egypack/ || url,www.vbulletin.com/forum/forum/vbulletin-3-8/vbulletin-3-8-questions-problems-and-troubleshooting/346989-vbulletin-footer-sql-injection-hack || url,blog.webroot.com/2013/03/29/a-peek-inside-the-egypack-web-malware-exploitation-kit/ 1 || 2013176 || 6 || trojan-activity || 0 || ET TROJAN EgyPack Exploit Kit Post-Infection Request || url,www.kahusecurity.com/2011/new-exploit-kit-egypack/ || url,www.vbulletin.com/forum/forum/vbulletin-3-8/vbulletin-3-8-questions-problems-and-troubleshooting/346989-vbulletin-footer-sql-injection-hack || url,blog.webroot.com/2013/03/29/a-peek-inside-the-egypack-web-malware-exploitation-kit/ 1 || 2013178 || 3 || trojan-activity || 0 || ET TROJAN Long Fake wget 3.0 User-Agent Detected 1 || 2013179 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Ponmocup C2 Malware Update before fake JPEG download || url,www9.dyndns-server.com%3a8080/pub/botnet-links.html 1 || 2013180 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Ponmocup C2 Malware Update after fake JPEG download || url,www9.dyndns-server.com%3a8080/pub/botnet-links.html 1 || 2013181 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Ponmocup Redirection from infected Website to Trojan-Downloader || url,www9.dyndns-server.com%3a8080/pub/botnet-links.html 1 || 2013182 || 1 || trojan-activity || 0 || ET TROJAN Sidetab or Related Trojan Checkin 1 || 2013183 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Known Facebook Iframe Phishing Attempt || url,www.f-secure.com/weblog/archives/00002196.html 1 || 2013184 || 5 || trojan-activity || 0 || ET TROJAN Artro Downloader User-Agent Detected || url,www.securelist.com/en/analysis/204792172/The_Advertising_Botnet 1 || 2013185 || 6 || trojan-activity || 0 || ET TROJAN Trojan-Banker.Win32.Agent Checkin || url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=1bcc87209703cf73c80f9772935e47b0 || url,www.threatexpert.com/report.aspx?md5=c8b3d2bc407b0260b40b7f97e504faa5 1 || 2013186 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS Win32.Renos/Artro Trojan Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=TROJANDOWNLOADER%3aWIN32/RENOS.MJ || url,www.securelist.com/en/analysis/204792172/The_Advertising_Botnet || url,www.threatexpert.com/report.aspx?md5=01ca25570659c2e1b8b887a3229ef421 1 || 2013187 || 1 || misc-activity || 0 || ET CURRENT_EVENTS Backdoor Win32/IRCbot.FJ Cnc connection dns lookup || url,www.exposedbotnets.com/2011/02/minervacdmonorgbotnet-hosted-in.html || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fIRCbot.FJ || url,www.threatexpert.com/report.aspx?md5=13e43c44681ba9acb8fd42217bd3dbd2 || url,www.bfk.de/bfk_dnslogger_en.html?query=minerva.cdmon.org 1 || 2013188 || 5 || attempted-admin || 0 || ET EXPLOIT VSFTPD Backdoor User Login Smiley 1 || 2013189 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Dropper HTTP POST Check-in || url,www.mywot.com/en/forum/13816-clickjacking-scam-spreading-on-facebook 1 || 2013190 || 3 || trojan-activity || 0 || ET POLICY Likely PCTools.com Installer User-Agent (Installer Ping) 1 || 2013191 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS Client Visiting cssminibar.js Injected Website Malware Related || url,blog.armorize.com/2011/06/mass-meshing-injection-sidenamejs.html 1 || 2013192 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS cssminibar.js Injected Script Served by Local WebServer || url,blog.armorize.com/2011/06/mass-meshing-injection-sidenamejs.html 1 || 2013193 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.CruseWin Retriving XML File from Hard Coded CnC || url,www.fortiguard.com/encyclopedia/virus/android_crusewin.a!tr.html 1 || 2013194 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android.CruseWin XML Configuration File Sent From CnC Server || url,www.fortiguard.com/encyclopedia/virus/android_crusewin.a!tr.html 1 || 2013195 || 2 || trojan-activity || 0 || ET MALWARE Win32.EZula Adware Reporting Sucessful Install || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FEzula.F 1 || 2013196 || 2 || trojan-activity || 0 || ET TROJAN Win32.Genome Initial Checkin 1 || 2013197 || 2 || trojan-activity || 0 || ET TROJAN Win32.Genome Download.php HTTP Request on Off Port 1 || 2013198 || 2 || trojan-activity || 0 || ET TROJAN Trojan/Hacktool.Sniffer Initial Checkin 1 || 2013199 || 4 || trojan-activity || 0 || ET TROJAN Trojan/Hacktool.Sniffer Sucessful Install Message 1 || 2013200 || 2 || trojan-activity || 0 || ET MALWARE Unknown Malware patchlist.xml Request 1 || 2013201 || 6 || trojan-activity || 0 || ET TROJAN Win32/Rodecap CnC Checkin 1 || 2013202 || 2 || trojan-activity || 0 || ET TROJAN Win32/Fosniw MacTryCnt CnC Style Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FFosniw.B 1 || 2013203 || 2 || trojan-activity || 0 || ET TROJAN Win32/Fosniw CnC Checkin Style 2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FFosniw.B 1 || 2013204 || 3 || trojan-activity || 0 || ET DELETED Unknown Generic Trojan Checkin 1 || 2013205 || 3 || trojan-activity || 0 || ET DELETED Win32.Hooker Checkin Message 1 || 2013206 || 3 || trojan-activity || 0 || ET TROJAN Unknown Trojan POST datan.php 1 || 2013207 || 5 || trojan-activity || 0 || ET TROJAN Trojan Internet Connectivity Check 1 || 2013208 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Mobile Malware Posting Device Phone Number 1 || 2013209 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.Walkinwat Sending Data to CnC Server || url,us.norton.com/security_response/writeup.jsp?docid=2011-033008-4831-99&tabid=2 || url,blog.avast.com/2011/03/21/android-is-calling-walk-and-text-and-be-malicious/ 1 || 2013210 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.Bgserv POST of Data to CnC Server || url,us.norton.com/security_response/writeup.jsp?docid=2011-031005-2918-99&tabid=2 1 || 2013211 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Esion CnC Checkin || url,us.norton.com/security_response/writeup.jsp?docid=2011-052510-1535-99&tabid=2 1 || 2013212 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Meciv Checkin || url,us.norton.com/security_response/writeup.jsp?docid=2011-070516-5325-99&tabid=2 || url,www.secureworks.com/research/threats/sindigoo/ 1 || 2013213 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.3322.org 1 || 2013214 || 2 || trojan-activity || 0 || ET TROJAN GhOst Remote Access Trojan Encrypted Session To CnC Server || url,www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network || url,www.symantec.com/connect/blogs/inside-back-door-attack 1 || 2013215 || 3 || trojan-activity || 0 || ET DELETED W32/Alworo CnC Checkin || url,us.norton.com/security_response/writeup.jsp?docid=2011-062909-5644-99&tabid=2 1 || 2013217 || 2 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP Via myip.ozymo.com 1 || 2013218 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Specfix Checkin || url,us.norton.com/security_response/writeup.jsp?docid=2011-062203-3150-99&tabid=2 1 || 2013219 || 3 || trojan-activity || 0 || ET DELETED Android.Ggtracker Ggtrack.org Checkin || url,us.norton.com/security_response/writeup.jsp?docid=2011-062208-5013-99&tabid=2 1 || 2013220 || 4 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.8866.org || url,www.mywot.com/en/scorecard/8866.org 1 || 2013221 || 2 || trojan-activity || 0 || ET TROJAN Win32/Sefnit Initial Checkin 1 || 2013222 || 3 || shellcode-detect || 0 || ET SHELLCODE Excessive Use of HeapLib Objects Likely Malicious Heap Spray Attempt 1 || 2013224 || 9 || trojan-activity || 0 || ET POLICY Suspicious User-Agent Containing .exe 1 || 2013225 || 3 || trojan-activity || 0 || ET TROJAN W32/IRCBrute Checkin 2 || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~DwnLdr-IRB/detailed-analysis.aspx 1 || 2013226 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Immophp secteur parameter Cross Site Scripting Attempt || bugtraq,48341 1 || 2013227 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Immophp annonce parameter SELECT FROM SQL Injection Attempt || bugtraq,48341 1 || 2013228 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Immophp annonce parameter DELETE FROM SQL Injection Attempt || bugtraq,48341 1 || 2013229 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Immophp annonce parameter UNION SELECT SQL Injection Attempt || bugtraq,48341 1 || 2013230 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Immophp annonce parameter INSERT INTO SQL Injection Attempt || bugtraq,48341 1 || 2013231 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Immophp annonce parameter UPDATE SET SQL Injection Attempt || bugtraq,48341 1 || 2013232 || 2 || attempted-user || 0 || ET ACTIVEX IDrive Online Backup ActiveX control SaveToFile Insecure Method || url,htbridge.ch/advisory/idrive_online_backup_activex_control_insecure_method.html 1 || 2013233 || 3 || attempted-user || 0 || ET ACTIVEX Chilkat Crypt ActiveX Control SaveDecrypted Insecure Method Vulnerability || bugtraq,48585 1 || 2013234 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActivDesk cid Parameter Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/102537/activdesk-sqlxss.txt 1 || 2013236 || 2 || trojan-activity || 0 || ET TROJAN Palevo (OUTBOUND) || url,threatexpert.com/report.aspx?md5=5f1296995c7ccba13c0c0655baf03a3a 1 || 2013237 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Obfuscated Javascript Often Used in Drivebys 1 || 2013238 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE Android/GoldDream Infected Device Registration || url,www.fortiguard.com/encyclopedia/virus/android_golddream.a!tr.spy.html 1 || 2013240 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/GoldDream Task Information Retrieval || url,www.fortiguard.com/encyclopedia/virus/android_golddream.a!tr.spy.html 1 || 2013241 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/GoldDream Uploading Watch Files || url,www.fortiguard.com/encyclopedia/virus/android_golddream.a!tr.spy.html 1 || 2013242 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Suspicious *.cu.cc domain 1 || 2013243 || 2 || trojan-activity || 0 || ET MALWARE SweetIM Install in Progress 1 || 2013244 || 2 || misc-activity || 0 || ET CURRENT_EVENTS Known Injected Credit Card Fraud Malvertisement Script || url,blogs.paretologic.com/malwarediaries/index.php/2011/07/06/stolen-credit-cards-site-injected-with-malware/ 1 || 2013245 || 3 || trojan-activity || 0 || ET TROJAN Ruskill/Palevo Download Command || url,www.threatexpert.com/report.aspx?md5=2d69d8d243499ab53b840c64f68cc830 || url,sebdraven.tumblr.com/post/6769853139/palevo-analysises 1 || 2013246 || 2 || trojan-activity || 0 || ET TROJAN Ruskill/Palevo CnC PONG || url,ore.carnivore.it/malware/hash/d4dc8459a34ea14d856e529d3a9e0362 || url,sebdraven.tumblr.com/post/6769853139/palevo-analysises 1 || 2013247 || 5 || trojan-activity || 0 || ET TROJAN Ruskill/Palevo KCIK IRC Command || url,ore.carnivore.it/malware/hash/d4dc8459a34ea14d856e529d3a9e0362 || url,sebdraven.tumblr.com/post/6769853139/palevo-analysises 1 || 2013248 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a *.uni.cc domain 1 || 2013249 || 3 || attempted-recon || 0 || ET SCAN Vega Web Application Scan || url,www.subgraph.com/products.html || url,www.darknet.org.uk/2011/07/vega-open-source-cross-platform-web-application-security-assessment-platform/ 1 || 2013250 || 3 || attempted-user || 0 || ET WEB_CLIENT Microsoft Word RTF pFragments Stack Buffer Overflow Attempt || url,labs.m86security.com/2011/07/resurrection-of-cve-2010-3333-in-the-wild/ || bid,44652 || cve,2010-3333 1 || 2013251 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Known in Wild Microsoft Internet Explorer Time Element Uninitialized Memory Remote Code Execution Attempt || url,labs.m86security.com/2011/06/0-day-exploit-used-in-a-targeted-attack-cve-2011-1255/ || bid,48206 || cve,2011-1255 1 || 2013252 || 3 || attempted-user || 0 || ET WEB_CLIENT Microsoft Internet Explorer Time Element Uninitialized Memory Remote Code Execution Attempt || url,labs.m86security.com/2011/06/0-day-exploit-used-in-a-targeted-attack-cve-2011-1255/ || bid,48206 || cve,2011-1255 1 || 2013253 || 4 || policy-violation || 0 || ET POLICY Yandexbot Request Inbound 1 || 2013254 || 2 || trojan-activity || 0 || ET TROJAN Yandexbot Request Outbound 1 || 2013255 || 4 || trojan-activity || 0 || ET POLICY Majestic12 User-Agent Request Inbound 1 || 2013256 || 3 || trojan-activity || 0 || ET TROJAN Majestic12 User-Agent Request Outbound 1 || 2013258 || 7 || trojan-activity || 0 || ET USER_AGENTS Avzhan DDoS Bot User-Agent MyIE || url,asert.arbornetworks.com/2010/09/another-family-of-ddos-bots-avzhan/ || url,blog.fireeye.com/research/2010/10/avzhan-botnet-the-story-of-evolution.html 1 || 2013259 || 3 || trojan-activity || 0 || ET TROJAN Guagua Trojan Update Checkin 1 || 2013260 || 3 || trojan-activity || 0 || ET TROJAN Win32/Nekill Checkin || url,blog.emergingthreatspro.com/2011/07/bot-of-day-nekilla.html 1 || 2013261 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/CommDN Downloading Second Stage Malware Binary || url,www.fortiguard.com/encyclopedia/virus/symbos_commdn.a!tr.html 1 || 2013263 || 3 || attempted-recon || 0 || ET SCAN Nessus FTP Scan detected (ftp_anonymous.nasl) || url,www.nessus.org/plugins/index.php?view=single&id=10079 || url,osvdb.org/show/osvdb/69 1 || 2013264 || 2 || attempted-recon || 0 || ET SCAN Nessus FTP Scan detected (ftp_writeable_directories.nasl) || url,www.nessus.org/plugins/index.php?view=single&id=19782 || url,osvdb.org/show/osvdb/76 1 || 2013265 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/SymGam CnC Checkin || url,www.fortiguard.com/encyclopedia/virus/symbos_symgam.a!tr.html 1 || 2013266 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/SymGam Receiving SMS Message Template from CnC Server || url,www.fortiguard.com/encyclopedia/virus/symbos_symgam.a!tr.html 1 || 2013267 || 4 || shellcode-detect || 0 || ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0a0a0a0a || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2013268 || 4 || shellcode-detect || 0 || ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0b0b0b0b || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2013269 || 2 || shellcode-detect || 0 || ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0c0c0c0c || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2013270 || 2 || shellcode-detect || 0 || ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0d0d0d0d || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2013271 || 2 || shellcode-detect || 0 || ET SHELLCODE Hex Obfuscated JavaScript NOP SLED || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2013272 || 3 || shellcode-detect || 0 || ET SHELLCODE Unescape Hex Obfuscated Content 1 || 2013273 || 2 || shellcode-detect || 0 || ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 41414141 || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2013274 || 2 || shellcode-detect || 0 || ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0a0a0a0a || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2013275 || 2 || shellcode-detect || 0 || ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0b0b0b0b || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2013276 || 2 || shellcode-detect || 0 || ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0c0c0c0c || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2013277 || 2 || shellcode-detect || 0 || ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0d0d0d0d || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2013278 || 2 || shellcode-detect || 0 || ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript NOP SLED || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2013279 || 2 || shellcode-detect || 0 || ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 41414141 || url,www.darkreading.com/security/vulnerabilities/221901428/index.html 1 || 2013280 || 2 || attempted-user || 0 || ET WEB_CLIENT Microsoft Word RTF pFragments Stack Overflow Attempt || url,labs.m86security.com/2011/07/resurrection-of-cve-2010-3333-in-the-wild/ || bid,44652 || cve,2010-3333 1 || 2013281 || 2 || attempted-user || 0 || ET WEB_CLIENT Adobe Authplay.dll NewClass Memory Corruption Attempt || url,www.exploit-db.com/adobe-acrobat-newclass-invalid-pointer-vulnerability/ || bid,40586 || cve,2010-1297 1 || 2013282 || 2 || attempted-user || 0 || ET WEB_CLIENT Adobe Flash Player Button Remote Code Execution Attempt || bid,44504 || cve,2010-3654 1 || 2013283 || 3 || trojan-activity || 0 || ET TROJAN DarkComet-RAT init connection || url,www.darkcomet-rat.com || url,anubis.iseclab.org/?action=result&task_id=1a7326f61fef1ecb4ed4fbf3de3f3b8cb&format=txt 1 || 2013284 || 3 || trojan-activity || 0 || ET TROJAN DarkComet-RAT server join acknowledgement || url,www.darkcomet-rat.com || url,anubis.iseclab.org/?action=result&task_id=1a7326f61fef1ecb4ed4fbf3de3f3b8cb&format=txt 1 || 2013285 || 2 || trojan-activity || 0 || ET TROJAN DarkComet-RAT Client Keepalive || url,www.darkcomet-rat.com 1 || 2013286 || 2 || trojan-activity || 0 || ET TROJAN Win32.Jadtre Retrieving Cfg File 1 || 2013287 || 5 || trojan-activity || 0 || ET TROJAN Papras Banking Trojan Checkin || url,www.threatexpert.com/report.aspx?md5=85d82c840f4b90fcb6d5311f501374ca 1 || 2013288 || 3 || web-application-attack || 0 || ET EXPLOIT HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow Attempt || url,exploit-db.com/exploits/17536/ 1 || 2013289 || 6 || attempted-recon || 0 || ET POLICY MOBILE Apple device leaking UDID from SpringBoard || url,www.innerfence.com/howto/find-iphone-unique-device-identifier-udid || url,support.apple.com/kb/HT4061 1 || 2013290 || 2 || attempted-recon || 0 || ET POLICY MOBILE Apple device leaking UDID from SpringBoard via GET || url,www.innerfence.com/howto/find-iphone-unique-device-identifier-udid || url,support.apple.com/kb/HT4061 1 || 2013291 || 2 || trojan-activity || 0 || ET TROJAN Win32/Cycbot Pay-Per-Install Executable Download || url,www.eset.com/about/blog/blog/article/cycbot-ready-to-ride/ 1 || 2013292 || 2 || trojan-activity || 0 || ET TROJAN Win32/Cycbot Initial Checkin to CnC || url,www.eset.com/about/blog/blog/article/cycbot-ready-to-ride/ 1 || 2013293 || 2 || trojan-activity || 0 || ET TROJAN Win32/Glupteba CnC Checkin || url,blog.eset.com/2011/03/02/tdl4-and-glubteba-piggyback-piggybugs 1 || 2013294 || 2 || policy-violation || 0 || ET POLICY Self Signed SSL Certificate (Persona Not Validated) 1 || 2013295 || 2 || policy-violation || 0 || ET POLICY Self Signed SSL Certificate (Snake Oil CA) 1 || 2013296 || 3 || policy-violation || 0 || ET POLICY Free SSL Certificate Provider (StartCom Class 1 Primary Intermediate Server CA) 1 || 2013297 || 3 || policy-violation || 0 || ET POLICY Free SSL Certificate (StartCom Free Certificate Member) 1 || 2013298 || 2 || bad-unknown || 0 || ET POLICY Nessus Server SSL certificate detected 1 || 2013299 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HippoSms Method Request to CnC || url,www.fortiguard.com/encyclopedia/virus/android_hipposms.a!tr.html 1 || 2013303 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nuke Evolution Xtreme pid Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/101249/nukeevolution-sql.txt 1 || 2013304 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nuke Evolution Xtreme pid Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/101249/nukeevolution-sql.txt 1 || 2013305 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nuke Evolution Xtreme pid Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/101249/nukeevolution-sql.txt 1 || 2013306 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nuke Evolution Xtreme pid Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/101249/nukeevolution-sql.txt 1 || 2013307 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nuke Evolution Xtreme pid Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/101249/nukeevolution-sql.txt 1 || 2013308 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress PHP Speedy Plugin page Parameter Remote File inclusion Attempt || url,secunia.com/advisories/43652 1 || 2013309 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress PHP Speedy Plugin page Parameter Local File Inclusion Attempt || url,secunia.com/advisories/43652 1 || 2013310 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress PHP Speedy Plugin title parameter Cross Site Scripting Attempt || url,secunia.com/advisories/43652 1 || 2013311 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.dlinkddns.com domain 1 || 2013312 || 3 || bad-unknown || 0 || ET TROJAN Possible Ponmocup Driveby Download || url,www9.dyndns-server.com%3a8080/pub/botnet/r-cgi_malware_analyse.txt 1 || 2013313 || 7 || trojan-activity || 0 || ET TROJAN Obfuscated Javascript Often Used in the Blackhole Exploit Kit 3 1 || 2013314 || 5 || trojan-activity || 0 || ET TROJAN Phoenix Landing Page Obfuscated Javascript 2 1 || 2013315 || 10 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Agent and 5 or 6 digits) 1 || 2013316 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE Android.AdSms Retrieving XML File from CnC Server || url,www.fortiguard.com/encyclopedia/virus/android_adsms.a!tr.html 1 || 2013317 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE Android.AdSms XML File From CnC Server || url,www.fortiguard.com/encyclopedia/virus/android_adsms.a!tr.html 1 || 2013318 || 1 || trojan-activity || 0 || ET TROJAN Google Warning Infected Local User 1 || 2013319 || 2 || shellcode-detect || 0 || ET SHELLCODE Unicode UTF-8 Heap Spray Attempt 1 || 2013320 || 2 || shellcode-detect || 0 || ET SHELLCODE Unicode UTF-16 Heap Spray Attempt 1 || 2013321 || 2 || attempted-user || 0 || ET WEB_CLIENT Internet Explorer toStaticHTML HTML Sanitizing Information Disclosure Attempt || bid,48199 || cve,2011-1252 1 || 2013322 || 2 || attempted-user || 0 || ET WEB_CLIENT Microsoft Visio 2003 mfc71enu.dll DLL Loading Arbitrary Code Execution Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=23601 || url,www.microsoft.com/technet/security/bulletin/MS11-055.mspx || bid,42681 || cve,2010-3148 1 || 2013323 || 3 || trojan-activity || 0 || ET DELETED Dictcn Trojan Downloader Update Check to CnC 1 || 2013324 || 3 || trojan-activity || 0 || ET DELETED Dictcn Trojan Downloader Receiving XML Format Update File From CnC Server 1 || 2013325 || 3 || trojan-activity || 0 || ET DELETED Dictcn Trojan Downloader Receiving XML Format Node ID File From CnC Server 1 || 2013326 || 4 || trojan-activity || 0 || ET DELETED Dictcn Trojan Downloader Node Server Type 1 || 2013327 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android.Zitmo Forwarding SMS Message to CnC Server || url,blog.fortinet.com/zitmo-hits-android/ 1 || 2013328 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query for Known Hostile Domain gooqlepics com || url,blog.armorize.com/2011/07/willysycom-mass-injection-ongoing.html 1 || 2013329 || 3 || trojan-activity || 0 || ET TROJAN Ruskill CnC Download Command 1 1 || 2013330 || 1 || trojan-activity || 0 || ET TROJAN Ruskill CnC Download Command 2 1 || 2013331 || 1 || trojan-activity || 0 || ET TROJAN Ruskill Reporting on Local Scans 1 || 2013332 || 4 || trojan-activity || 0 || ET TROJAN FakeAV Landing Page || url,www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=23514 1 || 2013333 || 4 || trojan-activity || 0 || ET MALWARE Zugo.com SearchToolbar User-Agent (SearchToolbar) || url,www.zugo.com/faq/ || url,plus.google.com/109412257237874861202/posts/FXL1y8qG7YF 1 || 2013334 || 4 || not-suspicious || 0 || ET DELETED SSL MiTM Vulnerable or EOL iOS 3.x device || url,support.apple.com/kb/HT1222 || url,support.apple.com/kb/HT4824 || url,en.wikipedia.org/wiki/IOS_version_history 1 || 2013335 || 5 || not-suspicious || 0 || ET DELETED SSL MiTM Vulnerable or EOL iOS 4.x device || url,support.apple.com/kb/HT1222 || url,support.apple.com/kb/HT4824 || url,en.wikipedia.org/wiki/IOS_version_history 1 || 2013336 || 4 || not-suspicious || 0 || ET POLICY SSL MiTM Vulnerable iOS 4.x CDMA iPhone device || url,support.apple.com/kb/HT1222 || url,support.apple.com/kb/HT4825 || url,en.wikipedia.org/wiki/IOS_version_history 1 || 2013337 || 5 || trojan-activity || 0 || ET TROJAN PoisonIvy.E Keepalive to CnC || url,www.threatexpert.com/report.aspx?md5=fc414168a5b4ca074ea6e03f770659ef 1 || 2013338 || 2 || trojan-activity || 0 || ET TROJAN Bifrose Client Checkin 1 || 2013339 || 5 || trojan-activity || 0 || ET TROJAN Win32.FakeAV.Rean Checkin || url,www.threatexpert.com/report.aspx?md5=0a998a070beb287524f9be6dd650c959 1 || 2013340 || 2 || trojan-activity || 0 || ET TROJAN FakeAV/Application JPDesk/Delf checkin || url,www.threatexpert.com/report.aspx?md5=08f116cf4feff245dca581244e4f509c 1 || 2013341 || 3 || trojan-activity || 0 || ET DELETED Trojan Dropper User-Agent Firefox/3.6.3 1 || 2013342 || 4 || trojan-activity || 0 || ET TROJAN Win32/Sisproc Variant POST to CnC Server || url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=04dc87d4dcf12f9c05a22ab9890a6323 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FSisproc&ThreatID=-2147342628 1 || 2013343 || 3 || trojan-activity || 0 || ET DELETED Backdoor W32/Phanta Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FPopureb.A || url,www.threatexpert.com/report.aspx?md5=0012a0b60572dfa4f42a4325507841d8 1 || 2013344 || 4 || trojan-activity || 0 || ET TROJAN Unknown Trojan Checkin to CnC Server 1 || 2013345 || 2 || trojan-activity || 0 || ET TROJAN Win32.Pamesg/ArchSMS.HL CnC Checkin || url,www.threatexpert.com/report.aspx?md5= 00068992bc003713058a17d50d9e3e14 1 || 2013346 || 3 || trojan-activity || 0 || ET TROJAN Unknown Trojan File Stealer FTP File Upload 1 || 2013348 || 8 || trojan-activity || 0 || ET TROJAN Zeus Bot Request to CnC 2 1 || 2013349 || 4 || trojan-activity || 0 || ET TROJAN Connectivity Check of Unknown Origin 1 1 || 2013350 || 3 || trojan-activity || 0 || ET TROJAN Connectivity Check of Unknown Origin 2 1 || 2013351 || 3 || trojan-activity || 0 || ET TROJAN Connectivity Check of Unknown Origin 3 1 || 2013352 || 3 || trojan-activity || 0 || ET TROJAN Executable Download Purporting to be JavaScript likely 2nd stage Infection 1 || 2013353 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - flickr.com.* || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29 1 || 2013354 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - picasa.com.* || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29 1 || 2013355 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - blogger.com.* || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29 1 || 2013356 || 2 || web-application-attack || 0 || ET DELETED Wordpress possible Malicious DNS-Requests - wordpress.com.* || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29 1 || 2013357 || 1 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - wordpress.com.* || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29 1 || 2013358 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - img.youtube.com.* || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29 1 || 2013359 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - upload.wikimedia.com.* || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29 1 || 2013360 || 1 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - photobucket.com.* || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29 1 || 2013361 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS HTran/SensLiceld.A Checkin 1 || url,www.secureworks.com/research/threats/htran/ || url,www.symantec.com/connect/blogs/truth-behind-shady-rat || url,www.symantec.com/security_response/writeup.jsp?docid=2010-120716-4344-99&tabid=2 || url,www.securelist.com/en/descriptions/10120120/Trojan-Spy.Win32.Agent.bptu 1 || 2013362 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS HTran/SensLiceld.A Checkin 2 (unicode) || url,www.secureworks.com/research/threats/htran/ || url,www.symantec.com/connect/blogs/truth-behind-shady-rat || url,www.symantec.com/security_response/writeup.jsp?docid=2010-120716-4344-99&tabid=2 || url,www.securelist.com/en/descriptions/10120120/Trojan-Spy.Win32.Agent.bptu 1 || 2013363 || 4 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Request tkr 1 || 2013364 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS windows_security_update Fake AV download 1 || 2013365 || 2 || web-application-attack || 0 || ET WEB_SERVER PUT Website Defacement Attempt 1 || 2013366 || 2 || trojan-activity || 0 || ET TROJAN FakeAV Checkin 1 || 2013367 || 4 || trojan-activity || 0 || ET TROJAN KeyloggerOnline Keylogger Checkin (kill) || url,threatexpert.com/report.aspx?md5=06b783d348a4f9d72bf743c8262778ef 1 || 2013368 || 3 || trojan-activity || 0 || ET TROJAN KeyloggerOnline Keylogger Checkin (sleep) || url,threatexpert.com/report.aspx?md5=06b783d348a4f9d72bf743c8262778ef 1 || 2013369 || 3 || trojan-activity || 0 || ET TROJAN KeyloggerOnline Keylogger Checkin (go https) || url,threatexpert.com/report.aspx?md5=06b783d348a4f9d72bf743c8262778ef 1 || 2013370 || 3 || trojan-activity || 0 || ET DELETED Unknown Trojan Checkin 1 1 || 2013371 || 3 || trojan-activity || 0 || ET DELETED Unknown Trojan Checkin 2 1 || 2013372 || 3 || trojan-activity || 0 || ET TROJAN Win32/Oliga Fake User Agent 1 || 2013373 || 2 || trojan-activity || 0 || ET TROJAN FakeAV oms.php Data Post 1 || 2013374 || 2 || trojan-activity || 0 || ET TROJAN FakeAV User-Agent XML 1 || 2013375 || 2 || trojan-activity || 0 || ET TROJAN W32/Nolja Trojan Downloader Initial Checkin 1 || 2013376 || 2 || trojan-activity || 0 || ET TROJAN W32/Nolja Trojan User-Agent (FileNolja) 1 || 2013377 || 2 || trojan-activity || 0 || ET TROJAN W32/Alunik User Agent Detected 1 || 2013378 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.de.ms domain 1 || 2013379 || 3 || trojan-activity || 0 || ET TROJAN Downbot/Shady Rat Remote Shell Connection || url,www.symantec.com/connect/blogs/truth-behind-shady-rat 1 || 2013380 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Malicious 1px iframe related to Mass Wordpress Injections 1 || 2013381 || 2 || trojan-activity || 0 || ET TROJAN W32/Sality Executable Pack Digital Signature ASCII Marker || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/sality_peer_to_peer_viral_network.pdf 1 || 2013382 || 3 || trojan-activity || 0 || ET TROJAN Fakealert.Rena CnC Checkin 2 || url,www.malware-control.com/statics-pages/24b9c5f59a4706689d4f9bb5f510ec35.php 1 || 2013383 || 3 || trojan-activity || 0 || ET TROJAN Fakealert.Rena CnC Checkin 1 1 || 2013384 || 3 || trojan-activity || 0 || ET TROJAN W32/Siscos CnC Checkin 1 || 2013385 || 3 || trojan-activity || 0 || ET TROJAN Accept-encode HTTP header with UA indicating infected host 1 || 2013386 || 2 || trojan-activity || 0 || ET TROJAN W32/FakeAlert Fake Security Tool Checkin || url,threatexpert.com/reports.aspx?find=03abdc31d0f864c7b69b09d6481d3ff7 1 || 2013387 || 4 || trojan-activity || 0 || ET POLICY User Agent Ryeol HTTP Client Class 1 || 2013388 || 4 || trojan-activity || 0 || ET MALWARE Adrevmedia Related Media Manager Spyware Checkin 1 || 2013389 || 2 || trojan-activity || 0 || ET MALWARE Adware/CommonName Reporting 1 || 2013390 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User Agent 3653Client 1 || 2013391 || 3 || trojan-activity || 0 || ET TROJAN Ufasoft bitcoin Related User-Agent 1 || 2013392 || 2 || trojan-activity || 0 || ET TROJAN W32/Hupigon.B User Agent TSDownload 1 || 2013393 || 4 || trojan-activity || 0 || ET DELETED Suspicious User-Agent FSD - Possible FakeAV Related 1 || 2013394 || 2 || trojan-activity || 0 || ET TROJAN W32/SpeedRunner User-Agent SRRemove 1 || 2013395 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent _updater_agent 1 || 2013396 || 2 || trojan-activity || 0 || ET TROJAN W32/Skintrim CnC Checkin 1 || 2013397 || 3 || trojan-activity || 0 || ET TROJAN W32/Pandex Trojan Dropper Initial Checkin 1 || 2013398 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32/Momibot Checkin || url,hypersecurity.blogspot.com/2011/08/uncovering-win32momibot-communication.html 1 || 2013399 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32/Momibot Ping Checkin || url,hypersecurity.blogspot.com/2011/08/uncovering-win32momibot-communication.html 1 || 2013400 || 7 || policy-violation || 0 || ET POLICY Request to Suspicious Games at pcgame.gamedia.cn 1 || 2013401 || 2 || trojan-activity || 0 || ET TROJAN Win32/Winshow User Agent 1 || 2013402 || 3 || trojan-activity || 0 || ET DELETED Win32/TrojanDropper.Agent Checkin 1 || 2013403 || 7 || trojan-activity || 0 || ET DELETED Suspicious User-Agent (TheWorld) || url,www.virustotal.com/file-scan/report.html?id=70e502c9b8752da6dc0ff2a41c6975d59090482d2c0758387aca1b5702f96988-1305238279 1 || 2013404 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User Agent ksdl_1_0 1 || 2013405 || 3 || trojan-activity || 0 || ET MALWARE W32/Baigoo User Agent 1 || 2013406 || 5 || not-suspicious || 0 || ET POLICY SSL MiTM Vulnerable or EOL iOS 3.x device || url,support.apple.com/kb/HT1222 || url,support.apple.com/kb/HT4824 || url,en.wikipedia.org/wiki/IOS_version_history || url,github.com/jan0/isslfix || cve,CVE-2011-0228 1 || 2013407 || 5 || not-suspicious || 0 || ET POLICY SSL MiTM Vulnerable or EOL iOS 4.x device || url,support.apple.com/kb/HT1222 || url,support.apple.com/kb/HT4824 || url,en.wikipedia.org/wiki/IOS_version_history || url,github.com/jan0/isslfix || cve,CVE-2011-0228 1 || 2013408 || 6 || not-suspicious || 0 || ET POLICY SSL MiTM Vulnerable iOS 4.x CDMA iPhone device || url,support.apple.com/kb/HT1222 || url,support.apple.com/kb/HT4825 || url,en.wikipedia.org/wiki/IOS_version_history || url,github.com/jan0/isslfix || cve,CVE-2011-0228 1 || 2013409 || 3 || bad-unknown || 0 || ET POLICY Outbound MSSQL Connection to Non-Standard Port - Likely Malware 1 || 2013410 || 4 || bad-unknown || 0 || ET POLICY Outbound MSSQL Connection to Standard port (1433) 1 || 2013411 || 1 || trojan-activity || 0 || ET TROJAN Bancos.DV MSSQL CnC Connection Outbound 1 || 2013412 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.co.com.au domain 1 || 2013413 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV Landing Page Checking firewall status 1 || 2013414 || 10 || bad-unknown || 0 || ET POLICY Executable served from Amazon S3 || url,blog.trendmicro.com/cybercriminals-using-amazon-web-services-aws-to-host-malware/ || url,www.securelist.com/en/blog/208188099/Financial_data_stealing_Malware_now_on_Amazon_Web_Services_Cloud 1 || 2013415 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.cz.tf domain 1 || 2013416 || 8 || attempted-recon || 0 || ET SCAN libwww-perl GET to // with specific HTTP header ordering without libwww-perl User-Agent 1 || 2013417 || 2 || attempted-user || 0 || ET WEB_CLIENT Mozilla Firefox mChannel Object Dangling Pointer Use-After-Free Memory Corruption Attempt || url,www.mozilla.org/security/announce/2011/mfsa2011-13.html || bid,47635 || cve,2011-0065 1 || 2013418 || 5 || trojan-activity || 0 || ET DELETED Mitglieder Proxy Trojan CnC || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Win32%2fMitglieder 1 || 2013419 || 4 || trojan-activity || 0 || ET TROJAN FakeAV FakeAlert.Rena or similar Checkin Flowbit Set 2 1 || 2013420 || 4 || trojan-activity || 0 || ET TROJAN FakeAV FakeAlertRena.n Checkin NO Response from Server 1 || 2013422 || 2 || trojan-activity || 0 || ET MALWARE HTTP Connection to go2000.cn - Common Malware Checkin Server || url,www.mywot.com/en/scorecard/go2000.cn 1 || 2013423 || 7 || trojan-activity || 0 || ET TROJAN User-Agent in Referrer Field - Likely Malware 1 || 2013424 || 3 || trojan-activity || 0 || ET TROJAN W32/UFR POST to CnC 1 || 2013425 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress eShop plugin eshoptemplate parameter Cross Site Scripting Attempt || url,secunia.com/advisories/45553 1 || 2013426 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress eShop plugin action parameter Cross Site Scripting Attempt || url,secunia.com/advisories/45553 1 || 2013427 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress eShop plugin viewemail parameter Cross Site Scripting Attempt || url,secunia.com/advisories/45553 1 || 2013428 || 2 || attempted-user || 0 || ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 1 || url,packetstormsecurity.org/files/view/103964/teechart_pro.rb.txt 1 || 2013429 || 2 || attempted-user || 0 || ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 2 || url,packetstormsecurity.org/files/view/103964/teechart_pro.rb.txt 1 || 2013430 || 2 || attempted-user || 0 || ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 3 || url,packetstormsecurity.org/files/view/103964/teechart_pro.rb.txt 1 || 2013431 || 2 || attempted-user || 0 || ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 4 || url,packetstormsecurity.org/files/view/103964/teechart_pro.rb.txt 1 || 2013432 || 2 || attempted-user || 0 || ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 5 || url,packetstormsecurity.org/files/view/103964/teechart_pro.rb.txt 1 || 2013433 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla jfeedback Component controller parameter Local File Inclusion Attempt || url,xforce.iss.net/xforce/xfdb/57654 1 || 2013434 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tiki Wiki CMS ajax parameter XSS Vulnerability || url,packetstormsecurity.org/files/view/103179/tikiwiki7-xss.txt 1 || 2013435 || 3 || trojan-activity || 0 || ET TROJAN Win32.Shiz.fxm/Agent-TBT Checkin 1 || 2013436 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Redirection to driveby Page Home index.php 1 || 2013437 || 5 || bad-unknown || 0 || ET DELETED Executable served from Amazon S3 || url,blog.trendmicro.com/cybercriminals-using-amazon-web-services-aws-to-host-malware/ || url,www.securelist.com/en/blog/208188099/Financial_data_stealing_Malware_now_on_Amazon_Web_Services_Cloud 1 || 2013438 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.uni.cc domain 1 || 2013439 || 9 || trojan-activity || 0 || ET TROJAN Dirt Jumper/Russkill3 Checkin || url,www.threatexpert.com/report.aspx?md5=905ffd2089d6bd50f8f1fed04b27013e || url,asert.arbornetworks.com/2011/08/dirt-jumper-caught/ || url,www.deependresearch.org/2011/10/dirt-jumper-ddos-bot-new-versions-new.html 1 || 2013440 || 6 || trojan-activity || 0 || ET TROJAN W32/DirtJumper CnC Server Providing DDOS Targets || url,asert.arbornetworks.com/2011/08/dirt-jumper-caught/ 1 || 2013441 || 9 || trojan-activity || 0 || ET TROJAN EXE Download When Server Claims To Send Audio File - Must Be Win32 1 || 2013442 || 3 || trojan-activity || 0 || ET DELETED EXE Download When Server Claims To Send Audio File - DOS Mode 1 || 2013443 || 4 || trojan-activity || 0 || ET TROJAN W32/Mnless Checkin 1 || 2013444 || 3 || trojan-activity || 0 || ET TROJAN Win32/Onescan FraudWare User-Agent 1 || 2013445 || 3 || trojan-activity || 0 || ET TROJAN W32/NetShare User-Agent 1 || 2013446 || 2 || trojan-activity || 0 || ET TROJAN Win32/TrojanDownloader.Chekafe.D User-Agent my_check_data On Off HTTP Port 1 || 2013447 || 3 || trojan-activity || 0 || ET TROJAN Win32/TrojanDownloader.Chekafe.D Initial Checkin 1 || 2013448 || 6 || trojan-activity || 0 || ET MALWARE SurfSideKick Activity (iinfo) 1 || 2013449 || 3 || trojan-activity || 0 || ET DELETED W32/Rbot User-Agent (tiehttp) 1 || 2013450 || 3 || trojan-activity || 0 || ET TROJAN Troxen Downloader Checkin || url,www.threatexpert.com/report.aspx?md5=c936b15a8f7a3732bc16ee36693831ec 1 || 2013451 || 3 || trojan-activity || 0 || ET TROJAN NgrBot IRC CnC Channel Join || url,stopmalvertising.com/rootkits/analysis-of-ngrbot.html 1 || 2013452 || 3 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (go-diva) || url,pcthreat.com/parasitebyid-8835en.html 1 || 2013453 || 2 || policy-violation || 0 || ET POLICY CNET Custom Installer Possible Bundled Bloatware || url,www.extremetech.com/computing/93504-download-com-wraps-downloads-in-bloatware-lies-about-motivations 1 || 2013454 || 3 || policy-violation || 0 || ET POLICY CNET TechTracker Software Manager request || url,www.cnet.com/techtracker-free/ 1 || 2013455 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (GUIDTracker) || url,threatexpert.com/report.aspx?md5=7a8807f4de0999dba66a8749b2366def 1 || 2013456 || 5 || trojan-activity || 0 || ET TROJAN Win32/VB.HV Checkin || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FVB.HV 1 || 2013457 || 4 || trojan-activity || 0 || ET POLICY BitCoin User-Agent Likely Bitcoin Miner || url,isc.sans.edu/diary.html?storyid=11059 1 || 2013458 || 2 || policy-violation || 0 || ET POLICY Facebook Like Button Clicked (1) || url,developers.facebook.com/docs/reference/plugins/like/ || url,news.cnet.com/8301-1023_3-20094866-93/facebooks-like-button-illegal-in-german-state/ 1 || 2013459 || 2 || policy-violation || 0 || ET POLICY Facebook Like Button Clicked (2) || url,developers.facebook.com/docs/reference/plugins/like/ || url,news.cnet.com/8301-1023_3-20094866-93/facebooks-like-button-illegal-in-german-state/ 1 || 2013460 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.c0m.li domain 1 || 2013461 || 3 || trojan-activity || 0 || ET TROJAN Win32/Wizpop Initial Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FWizpop&ThreatID=159818 1 || 2013462 || 2 || web-application-attack || 0 || ET DOS Skype FindCountriesByNamePattern property Buffer Overflow Attempt || url,garage4hackers.com/f43/skype-5-x-activex-crash-poc-981.html 1 || 2013463 || 2 || attempted-user || 0 || ET DOS Skype FindCountriesByNamePattern property Buffer Overflow Attempt Format String Function Call || url,garage4hackers.com/f43/skype-5-x-activex-crash-poc-981.html 1 || 2013464 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress UnGallery pic Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/99004/RhinOS3.0r1113-lfi.txt 1 || 2013465 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasySiteEdit langval Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/104292/easysiteedit-rfi.txt 1 || 2013466 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DiY-CMS lang Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/93285/diycms-rfi.txt 1 || 2013467 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Community component userid parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/103680/joomlacommunity-sql.txt 1 || 2013468 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Community component userid parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/12644 1 || 2013469 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Community component userid parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/12644 1 || 2013470 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Community component userid parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/12644 1 || 2013471 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Community component userid parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/12644 1 || 2013472 || 4 || attempted-dos || 0 || ET SCAN Kingcope KillApache.pl Apache mod_deflate DoS attempt || url,seclists.org/fulldisclosure/2011/Aug/175 1 || 2013473 || 5 || attempted-dos || 0 || ET SCAN Apache mod_deflate DoS via many multiple byte Range values || url,seclists.org/fulldisclosure/2011/Aug/175 1 || 2013474 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY ACH - Redirection 1 || 2013475 || 2 || bad-unknown || 0 || ET POLICY SUSPICIOUS *.doc.exe in HTTP URL 1 || 2013476 || 2 || bad-unknown || 0 || ET POLICY SUSPICIOUS *.pdf.exe in HTTP URL 1 || 2013477 || 9 || bad-unknown || 0 || ET POLICY SUSPICIOUS *.doc.exe in HTTP HEADER 1 || 2013478 || 8 || bad-unknown || 0 || ET POLICY SUSPICIOUS *.pdf.exe in HTTP HEADER 1 || 2013479 || 3 || misc-activity || 0 || ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (Outbound) || url,threatpost.com/en_us/blogs/new-worm-morto-using-rdp-infect-windows-pcs-082811 1 || 2013480 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain qfsl.net || url,www.f-secure.com/weblog/archives/00002227.html 1 || 2013481 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain jaifr.com || url,www.f-secure.com/weblog/archives/00002227.html 1 || 2013482 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain jaifr.net || url,www.f-secure.com/weblog/archives/00002227.html 1 || 2013483 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain jifr.co.cc || url,www.f-secure.com/weblog/archives/00002227.html 1 || 2013484 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Phoenix Java MIDI Exploit Received By Vulnerable Client 1 || 2013485 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Phoenix Java MIDI Exploit Received 1 || 2013486 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Phoenix landing page JAVASMB 1 || 2013487 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Generic Java Exploit Attempt Request for Java to decimal host || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452 1 || 2013488 || 3 || trojan-activity || 0 || ET TROJAN Zeus Bot GET to Bing checking Internet connectivity || url,www.secureworks.com/research/threats/zeus/?threat=zeus || url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html 1 || 2013489 || 3 || bad-unknown || 0 || ET TROJAN Best Pack Exploit Pack Binary Load Request || url,www.kahusecurity.com/2011/best-pack/ 1 || 2013490 || 2 || unknown || 0 || ET POLICY NetBIOS nbtstat Type Query Outbound 1 || 2013491 || 2 || unknown || 0 || ET POLICY NetBIOS nbtstat Type Query Inbound 1 || 2013492 || 4 || attempted-recon || 0 || ET SCAN McAfee/Foundstone Scanner Web Scan || url,www.mcafee.com/us/products/vulnerability-manager.aspx 1 || 2013493 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain qfsl.co.be || url,contagiodump.blogspot.com/2011/08/aug-28-morto-tsclient-rdp-worm-with.html 1 || 2013494 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain qfsl.co.cc || url,contagiodump.blogspot.com/2011/08/aug-28-morto-tsclient-rdp-worm-with.html 1 || 2013495 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain jifr.info || url,contagiodump.blogspot.com/2011/08/aug-28-morto-tsclient-rdp-worm-with.html 1 || 2013496 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain jifr.co.be || url,contagiodump.blogspot.com/2011/08/aug-28-morto-tsclient-rdp-worm-with.html 1 || 2013497 || 2 || protocol-command-decode || 0 || ET TROJAN MS Terminal Server User A Login, possible Morto inbound || cve,CAN-2001-0540 1 || 2013498 || 2 || policy-violation || 0 || ET POLICY Netflix Streaming Player Access || url,netflix.com 1 || 2013499 || 3 || policy-violation || 0 || ET POLICY IncrediMail Install Callback || url,www.incredimail.com 1 || 2013500 || 2 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent DigiNotar SSL Certificate for google.com || url,www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx 1 || 2013501 || 2 || misc-activity || 0 || ET DELETED Known Fraudulent DigiNotar SSL Certificate for google.com 2 || url,www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx 1 || 2013502 || 4 || trojan-activity || 0 || ET TROJAN Win32/Wizpop Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FWizpop&ThreatID=159818 1 || 2013503 || 3 || policy-violation || 0 || ET POLICY OS X Software Update Request Outbound || url,www.apple.com/softwareupdate/ 1 || 2013504 || 5 || not-suspicious || 0 || ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management || url,help.ubuntu.com/community/AptGet/Howto 1 || 2013505 || 3 || policy-violation || 0 || ET POLICY GNU/Linux YUM User-Agent Outbound likely related to package management || url,www.phy.duke.edu/~rgb/General/yum_HOWTO/yum_HOWTO/ 1 || 2013506 || 1 || trojan-activity || 0 || ET TROJAN W32/Badlib Connectivity Check To Department of Defense Intelligence Information Systems || url,blog.eset.com/2011/08/03/win32delf-qcztrust-me-i%E2%80%99m-your-anti-virus || url,www.eset.com/about/blog/blog/article/win32delf-qcz-additional-details 1 || 2013507 || 2 || trojan-activity || 0 || ET TROJAN Win32/Dynamer Trojan Dropper User-Agent VB Http || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FDynamer!dtc 1 || 2013508 || 3 || trojan-activity || 0 || ET TROJAN Downloader User-Agent HTTPGET 1 || 2013509 || 2 || trojan-activity || 0 || ET TROJAN W32/Lalus Trojan Downloader Checkin 1 || 2013510 || 2 || trojan-activity || 0 || ET TROJAN W32/Lalus Trojan Downloader User Agent (Message Center) 1 || 2013511 || 2 || trojan-activity || 0 || ET TROJAN Win32/CazinoSilver User-Agent (DMFR) 1 || 2013512 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (MadeByLc) 1 || 2013513 || 2 || trojan-activity || 0 || ET TROJAN W32/Bancos Reporting 1 || 2013514 || 2 || trojan-activity || 0 || ET TROJAN Potential DNS Command and Control via TXT queries || url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html 1 || 2013515 || 3 || trojan-activity || 0 || ET TROJAN Potential DNS Command and Control via TXT queries || url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html 1 || 2013516 || 1 || trojan-activity || 0 || ET TROJAN TR/Spy.Gen checkin via dns ANY query || url,anubis.iseclab.org/?action=result&task_id=1623d5fd288be7024e56c5bd38359c33c || url,mwanalysis.org/?page=report&analysisid=430235&password=wwgcvyheon || url,www.threatexpert.com/report.aspx?md5=2519bdb5459bc9f59f59cd7ccb147d23 1 || 2013517 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Morto Worm Rar Download || url,contagiodump.blogspot.com/2011/08/aug-28-morto-tsclient-rdp-worm-with.html 1 || 2013518 || 2 || trojan-activity || 0 || ET TROJAN Driveby Loader Request List.php 1 || 2013519 || 2 || trojan-activity || 0 || ET TROJAN Driveby Loader Request sn.php 1 || 2013520 || 4 || trojan-activity || 0 || ET DELETED Unknown Loader *.jpg?t=0.* in http_uri 1 || 2013521 || 4 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 0 1 || 2013522 || 4 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 1 1 || 2013523 || 4 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 2 1 || 2013524 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 3 1 || 2013525 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 4 1 || 2013526 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 5 1 || 2013527 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 6 1 || 2013528 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 7 1 || 2013529 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 8 1 || 2013530 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 9 1 || 2013531 || 2 || protocol-command-decode || 0 || ET TROJAN MS Terminal Server User A Login, possible Morto Outbound || cve,CAN-2001-0540 1 || 2013532 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Fynloski.A Command Request || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fFynloski.A&ThreatID=-2147327112 || url,home.mcafee.com/virusinfo/virusprofile.aspx?key=570863 1 || 2013533 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Fynloski.A Command Response || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fFynloski.A&ThreatID=-2147327112 || url,home.mcafee.com/virusinfo/virusprofile.aspx?key=570863 1 || 2013534 || 7 || trojan-activity || 0 || ET TROJAN VirTool.Win32/VBInject.gen!DM Checkin || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=VirTool%3aWin32/VBInject.gen!DM 1 || 2013535 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.tc domain 1 || 2013536 || 2 || trojan-activity || 0 || ET TROJAN BKDR_BTMINE.MNR BitCoin Miner Retrieving Server IP Addresses || url,about-threats.trendmicro.com/malware.aspx?language=us&name=BKDR_BTMINE.MNR 1 || 2013537 || 2 || trojan-activity || 0 || ET TROJAN BKDR_BTMINE.MNR BitCoin Miner Retrieving New IP Addresses From Server || url,about-threats.trendmicro.com/malware.aspx?language=us&name=BKDR_BTMINE.MNR 1 || 2013538 || 2 || trojan-activity || 0 || ET TROJAN BKDR_BTMINE.MNR BitCoin Miner Retrieving New Malware From Server || url,about-threats.trendmicro.com/malware.aspx?language=us&name=BKDR_BTMINE.MNR 1 || 2013539 || 2 || trojan-activity || 0 || ET TROJAN BKDR_BTMINE.MNR BitCoin Miner Server Checkin || url,about-threats.trendmicro.com/malware.aspx?language=us&name=BKDR_BTMINE.MNR 1 || 2013540 || 5 || trojan-activity || 0 || ET MALWARE Win32/Adware.Kraddare.FJ Checkin 1 || 2013541 || 3 || trojan-activity || 0 || ET DELETED Win32/Daemonize Trojan Proxy Initial Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanProxy%3AWin32%2FDaemonize.A&ThreatID=-2147464655 1 || 2013542 || 2 || trojan-activity || 0 || ET USER_AGENTS Win32/OnLineGames User-Agent (Revolution Win32) || url,threatexpert.com/report.aspx?md5=1431f4ab4bbe3ad1087eb14cf4d7dff9 1 || 2013543 || 3 || trojan-activity || 0 || ET TROJAN W32/iGrabber Info Stealer FTP Upload 1 || 2013544 || 2 || trojan-activity || 0 || ET TROJAN TROJ_VB.FJP Generic Dowbnloader Connectivity Check to Google 1 || 2013545 || 3 || trojan-activity || 0 || ET DELETED Helpexpress Spyware User-Agent HXLogOnly 1 || 2013546 || 2 || trojan-activity || 0 || ET TROJAN W32/Gagolino Banking Trojan Reporting to CnC 1 || 2013547 || 2 || trojan-activity || 0 || ET TROJAN Win32.Unknown.UDP.edsm CnC traffic || url,xml.ssdsandbox.net/view/11c0df38d31121885a76500140780cef 1 || 2013548 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Exploit Pack HCP exploit 1 || 2013549 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Exploit Pack HCP exploit 2 1 || 2013550 || 5 || bad-unknown || 0 || ET TROJAN Potential Blackhole Exploit Pack Binary Load Request 2 || url,krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/ 1 || 2013551 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Driveby Generic Java Exploit Attempt || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452 1 || 2013552 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Driveby Generic Java Exploit Attempt 2 || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452 1 || 2013553 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole landing page with malicious Java applet 1 || 2013554 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole MapYandex.class malicious jar 1 || 2013555 || 5 || trojan-activity || 0 || ET TROJAN Fivfrom Downloader (Unitrix) 1 || 2013556 || 2 || trojan-activity || 0 || ET TROJAN UBar Trojan/Adware Checkin 1 || url,www.threatexpert.com/report.aspx?md5=81a119f7f47663c03053e76146f54fe9 1 || 2013557 || 2 || trojan-activity || 0 || ET TROJAN UBar Trojan/Adware Checkin 2 1 || 2013558 || 2 || trojan-activity || 0 || ET TROJAN UBar Trojan/Adware Checkin 3 1 || 2013559 || 4 || trojan-activity || 0 || ET TROJAN Delphi Trojan Downloader User-Agent (JEDI-VCL) 1 || 2013560 || 3 || trojan-activity || 0 || ET TROJAN Potentially Unwanted Program Storm3-607.exe Download Reporting 1 || 2013561 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (windsoft) 1 || 2013562 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openads row Parameter Remote File inclusion Attempt 1 || 2013563 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bug_actiongroup_ext_page.php script Local File Inclusion Attempt 1 || 2013564 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bug_actiongroup_page.php script Local File Inclusion Attempt 1 || 2013565 || 2 || web-application-attack || 0 || ET ACTIVEX Tom Sawyer Software Possible Memory Corruption Attempt 1 || 2013566 || 2 || attempted-user || 0 || ET ACTIVEX Tom Sawyer Possible Memory Corruption Attempt Format String Function Call 1 || 2013567 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pranian Group e107 page Parameter Cross Site Scripting Vulnerability Attempt 1 || 2013568 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OneFileCMS p parameter Cross Site Scripting Attempt 1 || 2013569 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS University Of Vermont intro Parameter Remote File inclusion Attempt 1 || 2013651 || 2 || trojan-activity || 0 || ET DELETED Driveby Download Secondary Request 4 1 || 2013652 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Landing Reporting Successful Java Compromise 1 || 2013653 || 2 || trojan-activity || 0 || ET TROJAN Shady RAT Get File Command || url,www.symantec.com/connect/blogs/truth-behind-shady-rat 1 || 2013654 || 2 || trojan-activity || 0 || ET TROJAN Shady RAT Put File Command || url,www.symantec.com/connect/blogs/truth-behind-shady-rat 1 || 2013655 || 2 || trojan-activity || 0 || ET TROJAN Shady RAT Retrieve and Execute Command || url,www.symantec.com/connect/blogs/truth-behind-shady-rat 1 || 2013656 || 2 || trojan-activity || 0 || ET TROJAN Shady RAT Relay Command || url,www.symantec.com/connect/blogs/truth-behind-shady-rat 1 || 2013657 || 2 || trojan-activity || 0 || ET TROJAN Shady RAT Send Status Result || url,www.symantec.com/connect/blogs/truth-behind-shady-rat 1 || 2013658 || 2 || bad-unknown || 0 || ET MALWARE Zugo Toolbar Spyware/Adware download request || url,zugo.com/privacy-policy/ 1 || 2013659 || 4 || policy-violation || 0 || ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit) 1 || 2013660 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Landing Response Malicious JavaScript 1 || 2013661 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit kit worms.jar 1 || 2013662 || 1 || web-application-attack || 0 || ET CURRENT_EVENTS Crimepack Java exploit attempt(2) 1 || 2013663 || 2 || trojan-activity || 0 || ET TROJAN Unknown Exploit Pack Binary Load Request (server_privileges.php) 1 || 2013664 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?b Download Secondary Request 1 || 2013665 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?n Download Secondary Request 1 || 2013666 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?page Download Secondary Request 1 || 2013667 || 3 || trojan-activity || 0 || ET DELETED Likely Blackhole Exploit Kit Driveby ?v Download Secondary Request 1 || 2013668 || 2 || trojan-activity || 0 || ET TROJAN Win32.Riberow.A (listdir) || url,www.threatexpert.com/report.aspx?md5=c55fe941b80b3e5e77be8728642d138e 1 || 2013669 || 2 || trojan-activity || 0 || ET TROJAN Win32.Riberow.A (mkdir) || url,www.threatexpert.com/report.aspx?md5=c55fe941b80b3e5e77be8728642d138e 1 || 2013670 || 2 || trojan-activity || 0 || ET TROJAN Win32.Riberow.A (fsize) || url,www.threatexpert.com/report.aspx?md5=c55fe941b80b3e5e77be8728642d138e 1 || 2013671 || 2 || trojan-activity || 0 || ET TROJAN Win32.Riberow.A (touch) || url,www.threatexpert.com/report.aspx?md5=c55fe941b80b3e5e77be8728642d138e 1 || 2013672 || 3 || trojan-activity || 0 || ET TROJAN Win32.Riberow.A (postit3) || url,www.threatexpert.com/report.aspx?md5=c55fe941b80b3e5e77be8728642d138e 1 || 2013673 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Tune Library Plugin letter parameter SELECT FROM SQL Injection Attempt || bugtraq,49553 1 || 2013674 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Tune Library Plugin letter parameter DELETE FROM SQL Injection Attempt || bugtraq,49553 1 || 2013675 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Tune Library Plugin letter parameter UNION SELECT SQL Injection Attempt || bugtraq,49553 1 || 2013676 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Tune Library Plugin letter parameter INSERT INTO SQL Injection Attempt || bugtraq,49553 1 || 2013677 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Tune Library Plugin letter parameter UPDATE SET SQL Injection Attempt || bugtraq,49553 1 || 2013678 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_jr_questionnaire Directory Traversal Attempt || url,packetstormsecurity.org/files/view/102784/joomlajrqn-traversal.txt 1 || 2013679 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BbZL.PhP lien_2 Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/17495 1 || 2013680 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla EZ Realty id Parameter Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/104017/joomlarealestate-sql.txt 1 || 2013681 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS American Bankers Association Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/103855/aba-xss.txt 1 || 2013682 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simplis CMS download_file Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/99797/simpliscms-disclose.txt 1 || 2013683 || 2 || trojan-activity || 0 || ET TROJAN Win32.Parite Checkin SQL Database || url,www.threatexpert.com/report.aspx?md5=19441bc629e6c1dcb54cb5febdf9a22d 1 || 2013684 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.dtdns.net domain 1 || 2013685 || 2 || trojan-activity || 0 || ET TROJAN ZeroAccess/Max++ Rootkit C&C Activity 1 || url,resources.infosecinstitute.com/step-by-step-tutorial-on-reverse-engineering-malware-the-zeroaccessmaxsmiscer-crimeware-rootkit/ || url,www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99&tabid=2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3aWin32%2fSirefef.B 1 || 2013686 || 2 || trojan-activity || 0 || ET TROJAN ZeroAccess/Max++ Rootkit C&C Activity 2 || url,resources.infosecinstitute.com/step-by-step-tutorial-on-reverse-engineering-malware-the-zeroaccessmaxsmiscer-crimeware-rootkit/ || url,www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99&tabid=2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3aWin32%2fSirefef.B 1 || 2013687 || 4 || trojan-activity || 0 || ET TROJAN Shylock Module Data POST || url,anubis.iseclab.org/index.php?action=result&task_id=86c6da9437e65c94990ddd85d87299f1 || url,www.threatexpert.com/report.aspx?md5=4fda5e7e8e682870e993f97ad26ba6b2 1 || 2013688 || 2 || trojan-activity || 0 || ET TROJAN Shylock Module Server Response || url,anubis.iseclab.org/index.php?action=result&task_id=86c6da9437e65c94990ddd85d87299f1 || url,www.threatexpert.com/report.aspx?md5=4fda5e7e8e682870e993f97ad26ba6b2 1 || 2013690 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Kit reporting Java and PDF state 1 || 2013691 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Java requesting malicious JAR 1 || 2013692 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Java requesting malicious EXE 1 || 2013693 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Kit request for pdf_err__Error__Unspecified 1 || 2013694 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Netisend.A Posting Information to CnC || url,www.fortiguard.com/latest/mobile/2959807 1 || 2013695 || 4 || trojan-activity || 0 || ET DELETED Unknown Java Exploit Kit cc exploit progress status cookie 1 || 2013696 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit x.jar?o= 1 || 2013697 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit lo.class 1 || 2013698 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit lo2.jar 1 || 2013699 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit applet landing 1 || 2013700 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole landing page with malicious Java applet 1 || 2013701 || 2 || trojan-activity || 0 || ET TROJAN Agent-TMF Checkin 1 || 2013702 || 3 || trojan-activity || 0 || ET TROJAN Trojan Downloader User-Agent (NOPE) || url,support.clean-mx.de/clean-mx/view_joebox.php?md5=b0b7c391d084974b2666c1c57b349b62&id=711369 || url,www.virustotal.com/file-scan/report.html?id=54dcad20b326a409c09f1b059925ba4ba260ef58297cda1421ffca79942a96a5-1305296734 1 || 2013703 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious Self Signed SSL Certificate to 'My Company Ltd' could be SSL C&C 1 || 2013704 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo N-Myndir SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/104706/mambonmyndir-sql.txt 1 || 2013705 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo N-Myndir DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/104706/mambonmyndir-sql.txt 1 || 2013706 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo N-Myndir UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/104706/mambonmyndir-sql.txt 1 || 2013707 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo N-Myndir INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/104706/mambonmyndir-sql.txt 1 || 2013708 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo N-Myndir UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/104706/mambonmyndir-sql.txt 1 || 2013709 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Annonces Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/105224/wpannonces-rfi.txt 1 || 2013710 || 5 || trojan-activity || 0 || ET POLICY FreeRide Games Some AVs report as TrojWare.Win32.Trojan.Agent.Gen || url,forums.comodo.com/av-false-positivenegative-detection-reporting/trojwarewin32trojanagentgen-t55152.0.html 1 || 2013711 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TinyWebGallery workaround_dir parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/104631/tinywebgallery-lfishellsql.txt 1 || 2013712 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TinyWebGallery install_path parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/104631/tinywebgallery-lfishellsql.txt 1 || 2013713 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joostina CMS users component Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/100853/joostinausers-sql.txt 1 || 2013714 || 3 || trojan-activity || 0 || ET DELETED Win32/Spy.Lpxenur Checkin 1 || 2013715 || 4 || policy-violation || 0 || ET POLICY BingBar ToolBar User-Agent (BingBar) 1 || 2013716 || 3 || trojan-activity || 0 || ET DELETED W32/Parite CnC Checkin 1 || 2013717 || 2 || trojan-activity || 0 || ET USER_AGENTS Trojan Downloader User-Agent BGroom 1 || 2013718 || 2 || trojan-activity || 0 || ET USER_AGENTS Trojan Downloader User-Agent (Tiny) 1 || 2013719 || 3 || trojan-activity || 0 || ET POLICY GridinSoft.com Software Version Check 1 || 2013720 || 3 || trojan-activity || 0 || ET TROJAN Win32/Wapomi.AD Variant Checkin 1 || 2013721 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (WindowsNT) With No Separating Space 1 || 2013722 || 2 || trojan-activity || 0 || ET DELETED W32/OpenCapture CnC Checkin 1 || 2013723 || 2 || trojan-activity || 0 || ET TROJAN Win32/Daemonize Trojan Proxy Initial Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanProxy%3AWin32%2FDaemonize.A&ThreatID=-2147464655 1 || 2013724 || 2 || trojan-activity || 0 || ET TROJAN W32/OnlineGames User-Agent (LockXLS) 1 || 2013725 || 2 || trojan-activity || 0 || ET TROJAN Win32/OnLineGames User-Agent (Revolution Win32) 1 || 2013727 || 1 || trojan-activity || 0 || ET DELETED W32/iGrabber Info Stealer FTP Upload 1 || 2013728 || 2 || trojan-activity || 0 || ET TROJAN Win32/OnLineGames GetMyIP Style Checkin 1 || 2013729 || 2 || trojan-activity || 0 || ET MALWARE Adware/Helpexpress User Agent HXLogOnly 1 || 2013730 || 3 || attempted-user || 0 || ET SCADA PcVue Activex Control Insecure method (AddPage) || url,exploit-db.com/exploits/17896 1 || 2013731 || 3 || attempted-user || 0 || ET SCADA PcVue Activex Control Insecure method (DeletePage) || url,exploit-db.com/exploits/17896 1 || 2013732 || 3 || attempted-user || 0 || ET SCADA PcVue Activex Control Insecure method (SaveObject) || url,exploit-db.com/exploits/17896 1 || 2013733 || 3 || attempted-user || 0 || ET SCADA PcVue Activex Control Insecure method (LoadObject) || url,exploit-db.com/exploits/17896 1 || 2013734 || 3 || attempted-user || 0 || ET SCADA PcVue Activex Control Insecure method (GetExtendedColor) || url,exploit-db.com/exploits/17896 1 || 2013735 || 3 || attempted-user || 0 || ET SCADA Sunway ForceControl Activex Control Vulnerability || bugtraq,49747 1 || 2013736 || 4 || attempted-user || 0 || ET SCADA Sunway ForceControl Activex Control Remote Code Execution Vulnerability 2 || bugtraq,49747 1 || 2013737 || 4 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (GenericHttp/VER_STR_COMMA) 1 || 2013738 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla RokQuickCart view Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/96804/joomlarokquickcart-lfi.txt 1 || 2013739 || 13 || trojan-activity || 0 || ET TROJAN Zeus P2P CnC || url,www.abuse.ch/?p=3499 1 || 2013740 || 9 || trojan-activity || 0 || ET TROJAN Zeus/Aeausuc P2P Variant Retrieving Peers List || url,www.abuse.ch/?p=3499 1 || 2013741 || 6 || trojan-activity || 0 || ET TROJAN Trojan-Dropper.Win32.StartPage.dvm or Mebromi Bios Rootkit CnC Count Checkin || url,www.threatexpert.com/report.aspx?md5=7d2eb4b364e15e90cec1ddd7dcb97f64 || url,blog.webroot.com/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/ || url,threatexpert.com/report.aspx?md5=b3106dbfb3ab114755af311883f33697%20 1 || 2013742 || 3 || attempted-user || 0 || ET WEB_CLIENT Google Chrome Multiple Iframe PDF File Handling Memory Corruption Attempt || bid,49933 || cve,2011-2841 1 || 2013743 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain 1 || 2013744 || 8 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a no-ip Domain 1 || 2013745 || 5 || bad-unknown || 0 || ET TROJAN Double HTTP/1.1 Header Outbound - Likely Infected or Hostile Traffic 1 || 2013746 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Exploit Pack HCP exploit 3 1 || 2013747 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Aldibot.A User-Agent (Aldi Bot) || url,www.asert.arbornetworks.com/2011/10/ddos-aldi-bot || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fAbot.gen!A 1 || 2013748 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Aldibot.A Checkin || url,www.asert.arbornetworks.com/2011/10/ddos-aldi-bot/ || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fAbot.gen!A 1 || 2013749 || 5 || policy-violation || 0 || ET POLICY VMware User-Agent Outbound || url,www.vmware.com 1 || 2013750 || 3 || attempted-user || 0 || ET ACTIVEX DivX Plus Web Player DivXPlaybackModule File URL Buffer Overflow Attempt || url,www.dl.packetstormsecurity.net/1109-advisories/sa45550.txt 1 || 2013751 || 3 || trojan-activity || 0 || ET TROJAN Possible German Governmental Backdoor/R2D2.A 1 || url,ccc.de/en/updates/2011/staatstrojaner 1 || 2013752 || 3 || trojan-activity || 0 || ET TROJAN Possible German Governmental Backdoor/R2D2.A 2 || url,ccc.de/en/updates/2011/staatstrojaner 1 || 2013753 || 4 || trojan-activity || 0 || ET TROJAN Bundestrojaner (W32/R2D2 BTrojan) Inbound SRV-2 || url,www.ccc.de/de/updates/2011/staatstrojaner || url,www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf || url,www.f-secure.com/weblog/archives/00002249.html || url,www.heise.de/newsticker/meldung/CCC-knackt-Staatstrojaner-1357670.html || url,www.virustotal.com/file-scan/report.html?id=be36ce1e79ba6f97038a6f9198057abecf84b38f0ebb7aaa897fd5cf385d702f-1318152545 || url,www.ccc.de/en/updates/2011/staatstrojaner 1 || 2013754 || 4 || trojan-activity || 0 || ET TROJAN Bundestrojaner (W32/R2D2 BTrojan) Outbound SRV-2 || url,www.ccc.de/de/updates/2011/staatstrojaner || url,www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf || url,www.f-secure.com/weblog/archives/00002249.html || url,www.heise.de/newsticker/meldung/CCC-knackt-Staatstrojaner-1357670.html || url,www.virustotal.com/file-scan/report.html?id=be36ce1e79ba6f97038a6f9198057abecf84b38f0ebb7aaa897fd5cf385d702f-1318152545 || url,www.ccc.de/en/updates/2011/staatstrojaner 1 || 2013755 || 4 || trojan-activity || 0 || ET TROJAN Bundestrojaner (W32/R2D2 BTrojan) Inbound SRV-1 || url,www.ccc.de/de/updates/2011/staatstrojaner || url,www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf || url,www.f-secure.com/weblog/archives/00002249.html || url,www.heise.de/newsticker/meldung/CCC-knackt-Staatstrojaner-1357670.html || url,www.virustotal.com/file scan/report.html?id=be36ce1e79ba6f97038a6f9198057abecf84b38f0ebb7aaa897fd5cf385d702f-1318152545 || url,www.ccc.de/en/updates/2011/staatstrojaner 1 || 2013756 || 4 || trojan-activity || 0 || ET TROJAN Bundestrojaner (W32/R2D2 BTrojan) Outbound SRV-1 || url,www.ccc.de/de/updates/2011/staatstrojaner || url,www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf || url,www.f-secure.com/weblog/archives/00002249.html || url,www.heise.de/newsticker/meldung/CCC-knackt-Staatstrojaner-1357670.html || url,www.virustotal.com/file-scan/report.html?id=be36ce1e79ba6f97038a6f9198057abecf84b38f0ebb7aaa897fd5cf385d702f-1318152545 || url,www.ccc.de/en/updates/2011/staatstrojaner 1 || 2013757 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iBrowser Plugin dir Parameter Cross Site Scripting Attempt-1 || url,packetstormsecurity.org/files/105196 1 || 2013758 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Zingiri webshop plugin Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/105237/wpzingiri-rfi.txt 1 || 2013759 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo AHS Shop component SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt 1 || 2013760 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo AHS Shop component DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt 1 || 2013761 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo AHS Shop component UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt 1 || 2013762 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo AHS Shop component INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt 1 || 2013763 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo AHS Shop component UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt 1 || 2013764 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Redirect Component view Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/96608/joomlaredirect-lfi.txt 1 || 2013765 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iBrowser Plugin dir Parameter Cross Site Scripting Attempt-2 || url,packetstormsecurity.org/files/105196 1 || 2013766 || 5 || trojan-activity || 0 || ET TROJAN Win32.Swisyn Reporting || url,precisesecurity.com/worms/trojan-win32-swisyn-algm 1 || 2013767 || 3 || trojan-activity || 0 || ET TROJAN W32/Einstein CnC Checkin || url,www.cyberesi.com/2011/10/06/trojan-matryoshka-and-trojan-einstein/ 1 || 2013768 || 4 || trojan-activity || 0 || ET TROJAN Win32.Dropper.Wlock Checkin || url,www.threatexpert.com/report.aspx?md5=881e21645e5ffe1ffb959835f8fdf71d 1 || 2013769 || 1 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Prosti Checkin || url,www.threatexpert.com/report.aspx?md5=5113c6dbd644874482f3a26650970600 1 || 2013770 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS USPS Spam/Trojan Executable Download || url,www.virustotal.com/file-scan/report.html?id=41866ac1950b620bd13fb3d6063e3781eaa3bbccb3089b13073abe752d0a6ffa-1318350235 1 || 2013771 || 4 || trojan-activity || 0 || ET TROJAN Win32.Cerberus RAT Checkin Outbound || url,www.threatexpert.com/report.aspx?md5=76e084e9420bfaa31c0f0bf000f1c301 1 || 2013772 || 2 || trojan-activity || 0 || ET TROJAN Win32.Cerberus RAT Checkin Response || url,www.threatexpert.com/report.aspx?md5=76e084e9420bfaa31c0f0bf000f1c301 1 || 2013773 || 2 || trojan-activity || 0 || ET TROJAN Win32.Cerberus RAT Client pong || url,www.threatexpert.com/report.aspx?md5=76e084e9420bfaa31c0f0bf000f1c301 1 || 2013774 || 2 || trojan-activity || 0 || ET TROJAN Win32.Cerberus RAT Server ping || url,www.threatexpert.com/report.aspx?md5=76e084e9420bfaa31c0f0bf000f1c301 1 || 2013775 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Saturn Exploit Kit binary download request 1 || 2013776 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Saturn Exploit Kit probable Java exploit request 1 || 2013777 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Saturn Exploit Kit probable Java MIDI exploit request 1 || 2013778 || 2 || web-application-attack || 0 || ET SCAN NMAP SQL Spider Scan || url,nmap.org/nsedoc/scripts/sql-injection.html 1 || 2013779 || 4 || attempted-recon || 0 || ET SCAN Positive Technologies XSpider Security Scanner User-Agent (PTX) || url,www.securitylab.ru/forum/forum16/topic26800/ 1 || 2013780 || 2 || trojan-activity || 0 || ET TROJAN Suspicious HTTP Request for gift.exe 1 || 2013781 || 4 || trojan-activity || 0 || ET TROJAN Win32.Scar.dvov Searchstar.co.kr related Checkin || url,www.threatexpert.com/report.aspx?md5=07ed70b6e7775a510d725c9f032c70d8 1 || 2013782 || 3 || trojan-activity || 0 || ET DELETED W32.Duqu User-Agent || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf 1 || 2013783 || 5 || policy-violation || 0 || ET TROJAN W32.Duqu UA and Filename Requested || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf 1 || 2013784 || 6 || not-suspicious || 0 || ET POLICY Windows Mobile 7.0 User-Agent detected 1 || 2013785 || 3 || trojan-activity || 0 || ET TROJAN Zentom FakeAV Checkin 1 || 2013786 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 2 1 || 2013787 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 2 1 || 2013788 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?doit Download Secondary Request 1 || 2013789 || 3 || trojan-activity || 0 || ET DELETED Win32.PEx.C.91139756616/Win32.Zwangi-BU Checkin || url,threatcenter.crdf.fr/?More&ID=49889&D=CRDF.Win32.Win32.PEx.C.91139756616 || md5,2c969afbe71f35571d11e30f1e854b29 || url,www.pcsafedoctor.com/Adware/remove-AdWare.Win32.Zwangi.bu.html 1 || 2013790 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Cnzz.cn Related Dropper Checkin 1 || 2013791 || 2 || attempted-recon || 0 || ET SCAN Apache mod_proxy Reverse Proxy Exposure 1 || url,www.contextis.com/research/blog/reverseproxybypass/ || url,mail-archives.apache.org/mod_mbox/httpd-announce/201110.mbox/%3C20111005141541.GA7696@redhat.com%3E 1 || 2013792 || 3 || attempted-recon || 0 || ET SCAN Apache mod_proxy Reverse Proxy Exposure 2 || url,www.contextis.com/research/blog/reverseproxybypass/ || url,mail-archives.apache.org/mod_mbox/httpd-announce/201110.mbox/%3C20111005141541.GA7696@redhat.com%3E 1 || 2013793 || 1 || trojan-activity || 0 || ET TROJAN Dropper.Win32.Npkon Client Checkin || url,www.threatexpert.com/report.aspx?md5=a7f4a7d08fa650a5f09a00519b944b0b 1 || 2013794 || 1 || trojan-activity || 0 || ET TROJAN Dropper.Win32.Npkon Server Responce || url,www.threatexpert.com/report.aspx?md5=a7f4a7d08fa650a5f09a00519b944b0b 1 || 2013795 || 9 || trojan-activity || 0 || ET TROJAN Bifrose/Cycbot Checkin 1 || 2013796 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Bifrose Second Stage Obfuscated Binary Download Claiming to Be JPEG 1 || 2013797 || 4 || trojan-activity || 0 || ET MALWARE Win32/Adware.Winggo.AB Checkin || url,www.threatexpert.com/report.aspx?md5=2700d3fcdd4b8a7c22788db1658d9163 || url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628 1 || 2013798 || 3 || trojan-activity || 0 || ET TROJAN Win32.PEx.Delphi.1151005043 Post-infection Checkin || url,www.threatexpert.com/report.aspx?md5=b58485c9a221e8bd5b4725e7e19988b0 || url,www.threatcenter.crdf.fr/?More&ID=49992&D=CRDF.Malware.Win32.PEx.Delphi.1151005043 1 || 2013799 || 3 || trojan-activity || 0 || ET TROJAN Win32.Trojan.SuspectCRC FakeAV Checkin || url,www.threatexpert.com/report.aspx?md5=54c9d51661a05151e5143f4e80cbed86 1 || 2013800 || 2 || not-suspicious || 0 || ET POLICY OutGoing Chromoting Session || url,xinn.org/Chromoting.html 1 || 2013801 || 3 || not-suspicious || 0 || ET POLICY Incoming Chromoting Session || url,xinn.org/Chromoting.html 1 || 2013802 || 3 || trojan-activity || 0 || ET TROJAN Cycbot POST || url,www.threatexpert.com/report.aspx?md5=1f04bd1b4eceb42e6d5859b6330fc7d7 || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Cycbot-O/detailed-analysis.aspx 1 || 2013803 || 5 || trojan-activity || 0 || ET DELETED Unknown checkin 1 || 2013804 || 4 || misc-attack || 0 || ET DELETED Possible Redirection to Unknown Exploit Pack || url,www.kahusecurity.com/2011/malware-infection-from-new-exploit-pack/ 1 || 2013805 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious Self Signed SSL Certificate CN of common Possible SSL CnC 1 || 2013806 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious Self Signed SSL Certificate with admin@common Possible SSL CnC 1 || 2013807 || 3 || trojan-activity || 0 || ET TROJAN Jorik FakeAV GET 1 || 2013808 || 3 || trojan-activity || 0 || ET TROJAN Dooptroop Dropper Checkin 1 || 2013809 || 3 || attempted-user || 0 || ET ACTIVEX Oracle AutoVue Activex Insecure method (SaveViewStateToFile) || url,exploit-db.com/exploits/18016 1 || 2013810 || 3 || attempted-user || 0 || ET ACTIVEX Oracle AutoVue Activex Insecure method (SaveViewStateToFile) Format String Function Call || url,exploit-db.com/exploits/18016 1 || 2013811 || 4 || attempted-user || 0 || ET ACTIVEX Oracle AutoVue Activex Insecure method (Export3DBom) || url,packetstormsecurity.org/files/106064/9sg_autovueii.tgz 1 || 2013812 || 3 || attempted-user || 0 || ET ACTIVEX Oracle AutoVue Activex Insecure method (Export3DBom) Format String Function Call || url,packetstormsecurity.org/files/106064/9sg_autovueii.tgz 1 || 2013813 || 3 || attempted-user || 0 || ET ACTIVEX Oracle AutoVue Activex Insecure method (ExportEdaBom) || url,packetstormsecurity.org/files/106065/9sg_autovueiii.tgz 1 || 2013814 || 3 || attempted-user || 0 || ET ACTIVEX Oracle AutoVue Activex Insecure method (ExportEdaBom) Format String Function Call || url,packetstormsecurity.org/files/106065/9sg_autovueiii.tgz 1 || 2013815 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHool mainnav Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/106073/sportsphool-rfi.txt 1 || 2013816 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla YJ Contact Local File Inclusion Vulnerability || url,/packetstormsecurity.org/files/106222/joomlayjcontact-lfi.txt 1 || 2013817 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Easy Stats plugin homep Parameter Remote File inclusion Attempt || url,secunia.com/advisories/46069 || url,spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos 1 || 2013818 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WHMCompleteSolution templatefile Parameter Local File Inclusion Attempt || url,dl.packetstormsecurity.net/1110-exploits/whmcompletesolution-disclose.txt 1 || 2013819 || 4 || trojan-activity || 0 || ET TROJAN Tatanga/Win32.Kexject.A Checkin || url,securityblog.s21sec.com/2011/02/tatanga-new-banking-trojan-with-mitb.html 1 || 2013821 || 2 || trojan-activity || 0 || ET TROJAN Trojan.Kryptik/proscan.co.kr Checkin || url,www.threatexpert.com/report.aspx?md5=bf156b649cb5da6603a5f665a7d8f13b 1 || 2013822 || 3 || trojan-activity || 0 || ET DELETED Trojan.Kryptik/proscan.co.kr Checkin 2 || url,www.threatexpert.com/report.aspx?md5=bf156b649cb5da6603a5f665a7d8f13b 1 || 2013823 || 2 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a Suspicious *.myftp.biz Domain 1 || 2013824 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.myftp.biz Domain 1 || 2013826 || 3 || trojan-activity || 0 || ET TROJAN SecurityDefender exe Download Likely FakeAV Install 1 || 2013827 || 6 || trojan-activity || 0 || ET TROJAN AntiVirus exe Download Likely FakeAV Install 1 || 2013828 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.eu.tf domain 1 || 2013829 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.int.tf domain 1 || 2013830 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.edu.tf domain 1 || 2013831 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.us.tf domain 1 || 2013832 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.ca.tf domain 1 || 2013833 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.bg.tf domain 1 || 2013834 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.ru.tf domain 1 || 2013835 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.pl.tf domain 1 || 2013836 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a *.cz.tf domain 1 || 2013837 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.de.tf domain 1 || 2013838 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.at.tf domain 1 || 2013839 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.ch.tf domain 1 || 2013840 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.sg.tf domain 1 || 2013841 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.nl.ai domain 1 || 2013842 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.xe.cx domain 1 || 2013843 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to a Suspicious *.orge.pl Domain 1 || 2013844 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.orge.pl Domain 1 || 2013845 || 2 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a Suspicious *.ez-dns.com Domain 1 || 2013846 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.ez-dns.com Domain 1 || 2013847 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .net.tf Domain 1 || 2013848 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .eu.tf Domain 1 || 2013849 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .int.tf Domain 1 || 2013850 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .edu.tf Domain 1 || 2013851 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .us.tf Domain 1 || 2013852 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .ca.tf Domain 1 || 2013853 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .bg.tf Domain 1 || 2013854 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .ru.tf Domain 1 || 2013855 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .pl.tf Domain 1 || 2013856 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .cz.tf Domain 1 || 2013857 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .de.tf Domain 1 || 2013858 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .at.tf Domain 1 || 2013859 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .ch.tf Domain 1 || 2013860 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .sg.tf Domain 1 || 2013861 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .nl.ai Domain 1 || 2013862 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .xe.cx Domain 1 || 2013863 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a Suspicious *.dyndns-web.com Domain 1 || 2013864 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-web.com Domain 1 || 2013865 || 6 || trojan-activity || 0 || ET TROJAN Kazy/Kryptor/Cycbot Trojan Checkin 2 1 || 2013866 || 6 || trojan-activity || 0 || ET DELETED Kazy/Kryptor/Cycbot Trojan Checkin 3 1 || 2013867 || 3 || policy-violation || 0 || ET POLICY Bomgar Remote Assistance Tool Download || url,www.bomgar.com 1 || 2013868 || 4 || trojan-activity || 0 || ET TROJAN Win32/Sefbov.E Reporting || url,threatexpert.com/report.aspx?md5=f50d954f1fd38c6eb10e7e399caab480 1 || 2013869 || 6 || policy-violation || 0 || ET P2P Torrent Client User-Agent (Solid Core/0.82) || url,sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=4a9f376e8d01cb5f7990576ed927869b 1 || 2013870 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla component Simple File Lister sflDir Parameter directory traversal attempt || url,exploit-db.com/exploits/17736 1 || 2013871 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBSng str Parameter Cross Site Scripting Attempt || bugtraq,50468 1 || 2013872 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mole Group Vacation Estate Listing Script Blind SQL Injection Attempt || url,exploit-db.com/exploits/7626 1 || 2013873 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla techfolio component SELECT FROM SQL Injection Attempt || url,1337day.com/exploits/17138 1 || 2013874 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla techfolio component DELETE FROM SQL Injection Attempt || url,1337day.com/exploits/17138 1 || 2013875 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla techfolio component UNION SELECT SQL Injection Attempt || url,1337day.com/exploits/17138 1 || 2013876 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla techfolio component INSERT INTO SQL Injection Attempt || url,1337day.com/exploits/17138 1 || 2013877 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla techfolio component UPDATE SET SQL Injection Attempt || url,1337day.com/exploits/17138 1 || 2013878 || 4 || attempted-user || 0 || ET SCADA PROMOTIC ActiveX Control Insecure method (SaveCfg) || url,aluigi.altervista.org/adv/promotic_1-adv.txt 1 || 2013879 || 2 || attempted-user || 0 || ET SCADA PROMOTIC ActiveX Control Insecure method (AddTrend) || url,aluigi.altervista.org/adv/promotic_1-adv.txt 1 || 2013880 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (FULLSTUFF) || url,threatexpert.com/reports.aspx?find=mrb.mail.ru 1 || 2013881 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (NateFinder) 1 || 2013882 || 5 || trojan-activity || 0 || ET POLICY Norton Update User-Agent (Install Stub) || url,threatexpert.com/reports.aspx?find=stats.norton.com 1 || 2013883 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (webfile) || url,threatexpert.com/reports.aspx?find=upsh.playmusic.co.kr 1 || 2013884 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (DARecover) || url,threatexpert.com/reports.aspx?find=clients.mydealassistant.com 1 || 2013885 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 1024 CMS filename Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/18000 1 || 2013886 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress disclosure policy plugin Remote File Inclusion Attempt || url,exploit-db.com/exploits/17865 1 || 2013887 || 3 || trojan-activity || 0 || ET TROJAN W32/Fullstuff Initial Checkin 1 || 2013888 || 5 || trojan-activity || 0 || ET POLICY Cnet App Download and Checkin 1 || 2013889 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (MediaLabsSiteInstaller) 1 || 2013890 || 2 || trojan-activity || 0 || ET TROJAN W32/Koobface Variant Initial Checkin 1 || 2013891 || 1 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Svlk Client Checkin || url,www.threatexpert.com/report.aspx?md5=c929e8c75901c7e50685df0445a38bd0 1 || 2013892 || 1 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Svlk Server Reply || url,www.threatexpert.com/report.aspx?md5=c929e8c75901c7e50685df0445a38bd0 1 || 2013893 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Svlk Client Ping || url,www.threatexpert.com/report.aspx?md5=c929e8c75901c7e50685df0445a38bd0 1 || 2013894 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Excessive DNS Responses with 1 or more RR's (100+ in 10 seconds) to google.com.br possible Cache Poisoning Attempt || url,www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil || url,www.zdnet.com/blog/security/massive-dns-poisoning-attack-in-brazil-serving-exploits-and-malware/9780 1 || 2013895 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS google.com.br DNS Poisoning redirecting to exploit kit 1 || url,www.zdnet.com/blog/security/massive-dns-poisoning-attack-in-brazil-serving-exploits-and-malware/9780 || url,www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil 1 || 2013896 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS google.com.br DNS Poisoning redirecting to exploit kit 2 || url,www.zdnet.com/blog/security/massive-dns-poisoning-attack-in-brazil-serving-exploits-and-malware/9780 || url,www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil 1 || 2013897 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS google.com.br DNS Poisoning redirecting to exploit kit 3 || url,www.zdnet.com/blog/security/massive-dns-poisoning-attack-in-brazil-serving-exploits-and-malware/9780 || url,www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil 1 || 2013898 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS google.com.br DNS Poisoning redirecting to exploit kit 4 || url,www.zdnet.com/blog/security/massive-dns-poisoning-attack-in-brazil-serving-exploits-and-malware/9780 || url,www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil 1 || 2013899 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS google.com.br DNS Poisoning redirecting to exploit kit 5 || url,www.zdnet.com/blog/security/massive-dns-poisoning-attack-in-brazil-serving-exploits-and-malware/9780 || url,www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil 1 || 2013900 || 2 || trojan-activity || 0 || ET TROJAN W32/Yaq Checkin 1 || 2013901 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User Agent GeneralDownloadApplication 1 || 2013902 || 3 || trojan-activity || 0 || ET TROJAN Win32.BlackControl Retrieving IP Information 1 || 2013903 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User Agent GetFile 1 || 2013904 || 2 || trojan-activity || 0 || ET TROJAN W32/Rimecud User Agent beat 1 || 2013905 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User Agent banderas 1 || 2013906 || 4 || trojan-activity || 0 || ET DELETED Ghost Click DNSChanger DNS Request (UDP) || url,www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf 1 || 2013907 || 3 || trojan-activity || 0 || ET TROJAN ZAccess/Sirefef/MAX++/Jorik/Smadow Checkin 1 || 2013908 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS ZeuS estatements mailing campaign landing page 1 || 2013909 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS ZeuS estatements fake transaction page flash warning 1 || 2013910 || 3 || policy-violation || 0 || ET GAMES Second Life setup download || url,en.wikifur.com/wiki/Second_Life || url,wiki.secondlife.com/wiki/Furry 1 || 2013911 || 9 || trojan-activity || 0 || ET TROJAN P2P Zeus or ZeroAccess Request To CnC || url,www.abuse.ch/?p=3499 || url,www.kindsight.net/sites/default/files/Kindsight_Malware_Analysis-ZeroAcess-Botnet-final.pdf 1 || 2013912 || 4 || trojan-activity || 0 || ET TROJAN P2P Zeus Response From CnC || url,www.abuse.ch/?p=3499 1 || 2013913 || 3 || trojan-activity || 0 || ET TROJAN Request for utu.dat Likely Ponmocup checkin || url,www.threatexpert.com/report.aspx?md5=6fd8cdee653c0fde769e6c48d65e28bd 1 || 2013914 || 4 || policy-violation || 0 || ET POLICY APT User-Agent to BackTrack Repository || url,www.backtrack-linux.org 1 || 2013916 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito Exploit Kit Java request to showthread.php?t= || url,research.zscaler.com/2012/01/popularity-of-exploit-kits-leading-to.html 1 || 2013917 || 4 || trojan-activity || 0 || ET TROJAN Win32/Dofoil.L Checkin || url,www.threatexpert.com/report.aspx?md5=47f2b8fcc2873f4dfd573b0e8a77aaa9 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FDofoil.L&ThreatID=-2147317615 1 || 2013918 || 3 || attempted-user || 0 || ET EXPLOIT Possible BSNL Router DNS Change Attempt || url,www.hackersbay.in/2011/02/pwning-routersbsnl.html 1 || 2013919 || 2 || not-suspicious || 0 || ET POLICY external cPanel login 1 || 2013920 || 2 || not-suspicious || 0 || ET POLICY external cPanel password change 1 || 2013921 || 2 || web-application-attack || 0 || ET WEB_SERVER DNS changer cPanel attempt 1 || 2013922 || 1 || trojan-activity || 0 || ET TROJAN PoisonIvy.Emp Keepalive to CnC || url,www.mcafee.com/threat-intelligence/malware/default.aspx?id=541210 1 || 2013923 || 1 || trojan-activity || 0 || ET TROJAN PoisonIvy.Eu2 Keepalive to CnC 1 || 2013924 || 1 || trojan-activity || 0 || ET TROJAN PoisonIvy.Eu3 Keepalive to CnC 1 || 2013925 || 1 || trojan-activity || 0 || ET TROJAN PoisonIvy.Eu4 Keepalive to CnC 1 || 2013926 || 6 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (POST) 1 || 2013927 || 3 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (HEAD) 1 || 2013928 || 3 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (PROPFIND) 1 || 2013929 || 3 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (OPTIONS) 1 || 2013930 || 2 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (PUT) 1 || 2013931 || 2 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (DELETE) 1 || 2013932 || 2 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (TRACE) 1 || 2013933 || 3 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (CONNECT) 1 || 2013934 || 5 || trojan-activity || 0 || ET TROJAN Win32.Fareit.A/Pony Downloader Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS%3aWin32%2fFareit.A || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS%3aWin32%2fFareit || url,www.threatexpert.com/report.aspx?md5=99fab94fd824737393f5184685e8edf2 || url,www.threatexpert.com/report.aspx?md5=9544c681ae5c4fe3fdbd4d5c6c90e38e || url,www.threatexpert.com/report.aspx?md5=d50c39753ba88daa00bc40848f174168 || url,www.threatexpert.com/report.aspx?md5=bf422f3aa215d896f55bbe2ebcd25d17 1 || 2013935 || 2 || trojan-activity || 0 || ET TROJAN Win32.Zbot.chas/Unruy.H Covert DNS CnC Channel TXT Response 1 || 2013936 || 5 || bad-unknown || 0 || ET POLICY SSH banner detected on TCP 443 likely proxy evasion 1 || 2013937 || 4 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (system() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar 1 || 2013938 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (passthru() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar 1 || 2013939 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (shell_exec() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar 1 || 2013940 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (proc_open() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar 1 || 2013941 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (popen() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar 1 || 2013942 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (python_eval() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar 1 || 2013943 || 4 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (pcntl_exec() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar 1 || 2013944 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (perl->system() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar 1 || 2013945 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (exec() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar 1 || 2013946 || 4 || trojan-activity || 0 || ET TROJAN FakeAV.EGZ Checkin 1 || url,www.virustotal.com/file-scan/report.html?id=458ec5d5b3c1c02b6c64b360f82bcbf529f580c2d646b2ae161fc7dd2ea9927d-1321069787 1 || 2013947 || 4 || trojan-activity || 0 || ET TROJAN FakeAV.EGZ Checkin 2 1 || 2013948 || 4 || trojan-activity || 0 || ET TROJAN PWS.TIBIA Checkin or Data Post 1 || 2013949 || 4 || trojan-activity || 0 || ET TROJAN PWS.TIBIA Checkin or Data Post 2 1 || 2013950 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole obfuscated Javascript padded charcodes 25 1 || 2013951 || 3 || trojan-activity || 0 || ET TROJAN Win32/Rimecud.A User-Agent (needit) || url,www.threatexpert.com/report.aspx?md5=1b1fff82c72277aff808291d53df7fd8 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FRimecud.A 1 || 2013952 || 3 || trojan-activity || 0 || ET TROJAN TR/Rimecud.aksa User-Agent (indy) || url,www.threatexpert.com/report.aspx?md5=1536a7072981ce5140efe6b9c193bb7e || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FRimecud.A 1 || 2013953 || 3 || trojan-activity || 0 || ET TROJAN Win32/Rimecud.A User-Agent (counters) || url,www.threatexpert.com/report.aspx?md5=60ce66bd10fcac3c97151612c8a4d343 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FRimecud.A 1 || 2013954 || 2 || trojan-activity || 0 || ET TROJAN Win32/Rimecud.A User-Agent (giftz) || url,www.threatexpert.com/report.aspx?md5=0f726e84bae5a8d1f166bbf6d09d821b || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FRimecud.A 1 || 2013955 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Jupiter Exploit Kit Landing Page with Malicious Java Applets 1 || 2013956 || 2 || trojan-activity || 0 || ET TROJAN W32/SmartPops Adware Outbound Off-Port MSSQL Communication 1 || 2013959 || 2 || trojan-activity || 0 || ET TROJAN Win32.Sality User-Agent (DEBUT.TMP) 1 || 2013960 || 6 || attempted-user || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Delivering PDF Exploit to Client || url,isc.sans.org/diary/Updates+on+ZeroAccess+and+BlackHole+front+/12079 1 || 2013961 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Delivering Java Exploit to Client || url,isc.sans.org/diary/Updates+on+ZeroAccess+and+BlackHole+front+/12079 1 || 2013962 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Delivering Executable to Client || url,isc.sans.org/diary/Updates+on+ZeroAccess+and+BlackHole+front+/12079 1 || 2013963 || 3 || trojan-activity || 0 || ET TROJAN Win32.Sality User-Agent (Internet Explorer 5.01) 1 || 2013964 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Mozilla / 4.0 CNC traffic 1 || 2013965 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/SndApp.B Sending Device Information || url,www.fortiguard.com/latest/mobile/3302891 1 || 2013966 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Ozotshielder.A Checkin || url,www.fortiguard.com/latest/mobile/3302951 1 || 2013967 || 3 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent (adlib) || url,blog.trendmicro.com/connections-between-droiddreamlight-and-droidkungfu/ 1 || 2013968 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/KungFu Package Delete Command || url,blog.trendmicro.com/connections-between-droiddreamlight-and-droidkungfu/ 1 || 2013969 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a .noip.cn domain 1 || 2013970 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .noip.cn Domain 1 || 2013971 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query for Suspicious .dyndns-at-home.com Domain 1 || 2013972 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Initial Blackhole Landing Loading... Wait Please || url,isc.sans.org/diary/Updates+on+ZeroAccess+and+BlackHole+front+/12079 1 || 2013974 || 3 || trojan-activity || 0 || ET POLICY Suspicious Invalid HTTP Accept Header of ? 1 || 2013975 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Neosploit Java Exploit Kit request to /? plus hex 32 1 || 2013976 || 10 || trojan-activity || 0 || ET TROJAN Zeus POST Request to CnC - URL agnostic || url,www.secureworks.com/research/threats/zeus/?threat=zeus || url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html 1 || 2013977 || 1 || trojan-activity || 0 || ET TROJAN TDSS DNS Based Internet Connectivity Check 1 || 2013978 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Lilupophilupop Injected Script Being Served to Client 1 || 2013979 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Lilupophilupop Injected Script Being Served from Local Server 1 || 2013980 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tinderbox.mozilla.org showbuilds.cgi Cross Site Scripting Attempt || url,packetstorm.codar.com.br/1111-exploits/tinderbox-xss.txt 1 || 2013981 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orbis editor-body.php script Cross Site Scripting Attempt || url,autosectools.com/Advisory/Orbis-1.0.2-Reflected-Cross-site-Scripting-4 1 || 2013982 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web File Browser file Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/18070/ 1 || 2013983 || 5 || trojan-activity || 0 || ET MALWARE Adware-Win32/EoRezo Reporting || url,threatexpert.com/report.aspx?md5=b5708efc8b478274df4b03d8b7dbbb26 1 || 2013984 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zabbix popup.php SELECT FROM SQL Injection Vulnerability || url,1337day.com/exploits/17081 1 || 2013985 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zabbix popup.php DELETE FROM SQL Injection Vulnerability || url,1337day.com/exploits/17081 1 || 2013986 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zabbix popup.php UNION SELECT SQL Injection Vulnerability || url,1337day.com/exploits/17081 1 || 2013987 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zabbix popup.php UPDATE SET SQL Injection Vulnerability || url,1337day.com/exploits/17081 1 || 2013988 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zabbix popup.php INSERT INTO SQL Injection Vulnerability || url,1337day.com/exploits/17081 1 || 2013989 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla component img Local File Inclusion Attempt || url,packetstormsecurity.org/files/95683/joomlaimg-lfi.txt 1 || 2013990 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit hostile PDF qwe123 1 || 2013991 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole hostile PDF v1 1 || 2013992 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole hostile PDF v2 1 || 2013993 || 2 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Cacti Input Validation Attack 2 || url,www.cacti.net || url,www.idefense.com/application/poi/display?id=265&type=vulnerabilities || url,www.idefense.com/application/poi/display?id=266&type=vulnerabilities 1 || 2013994 || 4 || trojan-activity || 0 || ET DELETED LDPinch Loader Binary Request 1 || 2013995 || 2 || bad-unknown || 0 || ET WEB_CLIENT PDF With Embedded U3D || url,www.adobe.com/support/security/advisories/apsa11-04.html 1 || 2013996 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Adobe PDF Universal 3D file corrupted download 1 || url,www.adobe.com/support/security/advisories/apsa11-04.html 1 || 2013997 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Adobe PDF Universal 3D file corrupted download 2 || url,www.adobe.com/support/security/advisories/apsa11-04.html 1 || 2013998 || 3 || trojan-activity || 0 || ET TROJAN W32/Jorik DDOS Instructions From CnC Server 1 || 2013999 || 2 || trojan-activity || 0 || ET MALWARE W32/Adware.Ibryte User-Agent (ic Windows NT 5.1 MSIE 6.0 Firefox/ Def) 1 || 2014001 || 4 || trojan-activity || 0 || ET USER_AGENTS W32/Kazy User-Agent (Windows NT 5.1 \; v.) space infront of semi-colon 1 || 2014002 || 7 || trojan-activity || 0 || ET TROJAN Fake Variation of Mozilla 4.0 - Likely Trojan 1 || 2014003 || 3 || trojan-activity || 0 || ET TROJAN VBKrypt.dytr Checkin || url,www.threatexpert.com/report.aspx?md5=090986b0e303779bde1ddad3c65a9d78 1 || 2014004 || 4 || trojan-activity || 0 || ET MALWARE Win32/SWInformer.B Checkin || url,www.threatexpert.com/report.aspx?md5=0f90568d86557d62f7d4e1c0f7167431 1 || 2014005 || 3 || trojan-activity || 0 || ET DELETED DNS Query for Sykipot C&C www.prettylikeher.com || cve,CVE-2011-2462 || url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html 1 || 2014006 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Sykipot Checkin || cve,CVE-2011-2462 || url,blog.9bplus.com/analyzing-cve-2011-2462 || url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html 1 || 2014007 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Sykipot Put || cve,CVE-2011-2462 || url,blog.9bplus.com/analyzing-cve-2011-2462 || url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html 1 || 2014008 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Sykipot Get Config Request || cve,CVE-2011-2462 || url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html || url,blog.9bplus.com/analyzing-cve-2011-2462 1 || 2014009 || 3 || trojan-activity || 0 || ET TROJAN Smokeloader getgrab Command 1 || 2014010 || 3 || trojan-activity || 0 || ET TROJAN Smokeloader getproxy Command 1 || 2014011 || 3 || trojan-activity || 0 || ET TROJAN Smokeloader getsock Command 1 || 2014012 || 3 || trojan-activity || 0 || ET TROJAN Smokeloader getload Command || url,sophosnews.files.wordpress.com/2013/07/sophosszappanosplugxrevisitedintroducingsmoaler-rev1.pdf || url,symantec.com/security_response/writeup.jsp?docid=2011-100515-1838-99&tabid=2 1 || 2014014 || 6 || trojan-activity || 0 || ET TROJAN Zeus Checkin Header Pattern 1 || 2014015 || 7 || trojan-activity || 0 || ET DELETED TROJAN LDPinch Loader Binary Request 1 || 2014017 || 2 || web-application-activity || 0 || ET WEB_SERVER JBoss jmx-console Probe || cve,2010-0738 1 || 2014018 || 2 || web-application-activity || 0 || ET WEB_SERVER JBoss jmx-console Access Control Bypass Attempt || cve,2010-0738 1 || 2014019 || 4 || trojan-activity || 0 || ET DELETED Kargany Loader Obfuscated Payload Download 1 || 2014020 || 4 || attempted-recon || 0 || ET WEB_SERVER Wordpress Login Bruteforcing Detected 1 || 2014021 || 2 || trojan-activity || 0 || ET TROJAN Gootkit Checkin User-Agent 2 1 || 2014022 || 2 || web-application-attack || 0 || ET SCAN Gootkit Scanner User-Agent Inbound 1 || 2014023 || 2 || web-application-attack || 0 || ET TROJAN Gootkit Scanner User-Agent Outbound 1 || 2014024 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Probable Scalaxy exploit kit secondary request 1 || 2014025 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Probable Scalaxy exploit kit Java or PDF exploit request 1 || 2014026 || 1 || trojan-activity || 0 || ET DELETED Scalaxy exploit kit binary download request 1 || 2014027 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Obfuscated Base64 in Javascript probably Scalaxy exploit kit 1 || 2014028 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Likely CryptMEN FakeAV Download vclean 1 || 2014029 || 3 || trojan-activity || 0 || ET TROJAN Agent.UGP!tr/Cryptor/Graftor Dropper Requesting exe 1 || 2014030 || 2 || trojan-activity || 0 || ET POLICY Rebate Informer User-Agent (REBATEINF) || url,www.rebategiant.com 1 || 2014031 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested com.class 1 || 2014032 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested org.class 1 || 2014033 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested edu.class 1 || 2014034 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested net.class 1 || 2014035 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole PDF Exploit Request /fdp2.php || md5,8a33d1d36d097ca13136832aa10ae5ca || cve,CVE-2011-0611 1 || 2014036 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Generic Java Exploit Obfuscated With Allatori 1 || 2014037 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.osa.pl domain 1 || 2014038 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING OpenX BrowserDetect.init Download 1 || 2014039 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING Alureon Malicious IFRAME 1 || 2014040 || 3 || trojan-activity || 0 || ET TROJAN Win32.PowerPointer checkin 1 || 2014041 || 5 || trojan-activity || 0 || ET WORM AirOS .css Worm Outbound Propagation Sweep || url,seclists.org/fulldisclosure/2011/Dec/419 || url,www.root.cz/clanky/virus-v-bezdratovych-routerech-skynet/ 1 || 2014042 || 4 || trojan-activity || 0 || ET WORM AirOS admin.cgi/css Exploit Attempt || url,seclists.org/fulldisclosure/2011/Dec/419 || url,www.root.cz/clanky/virus-v-bezdratovych-routerech-skynet/ 1 || 2014044 || 5 || trojan-activity || 0 || ET TROJAN SpyEye Checkin version 1.3.25 or later 2 1 || 2014045 || 3 || attempted-dos || 0 || ET WEB_SERVER Generic Web Server Hashing Collision Attack || cve,2011-3414 || url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html || url,technet.microsoft.com/en-us/security/advisory/2659883 || url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx 1 || 2014046 || 3 || attempted-dos || 0 || ET WEB_SERVER Generic Web Server Hashing Collision Attack 2 || cve,2011-3414 || url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html || url,technet.microsoft.com/en-us/security/advisory/2659883 || url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx 1 || 2014047 || 3 || bad-unknown || 0 || ET TROJAN Double HTTP/1.1 Header Inbound - Likely Hostile Traffic 1 || 2014048 || 6 || attempted-user || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Java Rhino Script Engine Remote Code Execution Attempt || url,blog.eset.com/2011/12/15/spam-campaign-uses-blackhole-exploit-kit-to-install-spyeye || bid,50218 || cve,2011-3544 1 || 2014049 || 2 || not-suspicious || 0 || ET POLICY Bluecoat Proxy in use 1 || 2014050 || 3 || trojan-activity || 0 || ET DELETED Blackhole Rhino Java Exploit request to /content/v1.jar || md5,8a33d1d36d097ca13136832aa10ae5ca || cve,CVE-2011-0611 1 || 2014051 || 1 || trojan-activity || 0 || ET DELETED Blackhole Acrobat 8/9.3 PDF exploit download request 3 || md5,8a33d1d36d097ca13136832aa10ae5ca || cve,CVE-2011-0611 1 || 2014052 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 3 || md5,8a33d1d36d097ca13136832aa10ae5ca || cve,CVE-2011-0611 1 || 2014053 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Likely Flash exploit download request score.swf || cve,CVE-2011-0611 1 || 2014054 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS User-Agent used in Injection Attempts || url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-December/016882.html 1 || 2014055 || 1 || trojan-activity || 0 || ET TROJAN Win32/Hilgild!gen.A CnC Communication || md5,d8edad03f5524369e60c69a7483f8365 1 || 2014056 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.Eu5 Keepalive to CnC || md5,d8edad03f5524369e60c69a7483f8365 1 || 2014057 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.Eu5 Keepalive from CnC || md5,d8edad03f5524369e60c69a7483f8365 1 || 2014058 || 3 || trojan-activity || 0 || ET DELETED Unknown Loader EXE Payload Request 1 || 2014059 || 7 || trojan-activity || 0 || ET POLICY Spyware.Agent.elbb lava.cn Game Exe Download || url,securelist.com/en/descriptions/17601150/Trojan-Dropper.Win32.Agent.elbb?print_mode=1 || md5,c2b4f8abc742bf048f3856525c1b2800 || md5,4937dc6e111996dbe331327e7e9a4a12 || url,www.amada.abuse.ch/?search=download.lava.cn 1 || 2014060 || 4 || trojan-activity || 0 || ET MALWARE Tool.InstallToolbar.24 Reporting || url,virustotal.com/file-scan/report.html?id=1439d4061659a8534435352274b72dc2fe03c3deeb84e32fc90d40380c35cab1-1322189076 1 || 2014061 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_dshop Component SELECT FROM SQL Injection Attempt || bugtraq,51116 1 || 2014062 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_dshop Component DELETE FROM SQL Injection Attempt || bugtraq,51116 1 || 2014063 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_dshop Component UNION SELECT SQL Injection Attempt || bugtraq,51116 1 || 2014064 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_dshop Component INSERT INTO SQL Injection Attempt || bugtraq,51116 1 || 2014065 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_dshop Component UPDATE SET SQL Injection Attempt || bugtraq,51116 1 || 2014066 || 4 || trojan-activity || 0 || ET TROJAN Trojan-Clicker.Win32.VB.gnf Reporting || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanClicker%3AWin32%2FVB.GE 1 || 2014067 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Booking Calendar page_info_message parameter Cross-Site Scripting Vulnerability || url,packetstormsecurity.org/files/107995 1 || 2014068 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Plone and Zope cmd Parameter Remote Command Execution Attempt || url,exploit-db.com/exploits/18262 1 || 2014069 || 4 || trojan-activity || 0 || ET MALWARE Win32-Adware.Hotclip.A Reporting || url,spydig.com/spyware-info/Win32-Adware-Hotclip-A.html 1 || 2014070 || 4 || trojan-activity || 0 || ET TROJAN Trojan Downloader.Bancos Reporting || url,symantec.com/security_response/writeup.jsp?docid=2006-061110-0512-99 1 || 2014071 || 4 || trojan-activity || 0 || ET MALWARE Adware.Gen5 Reporting || url,threatexpert.com/report.aspx?md5=90410d783f6321c8684ccb9ff0613a51 1 || 2014072 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pet Listing Script type_id Parameter Cross Site Scripting Attempt || url,packetstorm.foofus.com/1112-exploits/petlisting-xss.txt 1 || 2014073 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress The-Welcomizer plugin page parameter Cross Site Scripting Attempt || url,dl.packetstormsecurity.net/1112-exploits/wpthewelcomizer-xss.txt 1 || 2014074 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jbShop e107 CMS plugin item_id parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/18056/ 1 || 2014075 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jbShop e107 CMS plugin item_id parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/18056/ 1 || 2014076 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jbShop e107 CMS plugin item_id parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/18056/ 1 || 2014077 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jbShop e107 CMS plugin item_id parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/18056/ 1 || 2014078 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jbShop e107 CMS plugin item_id parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/18056/ 1 || 2014079 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Zorder zorder Parameter UNION SELECT SQL Injection Vulnerability || url,dl.packetstormsecurity.net/1111-exploits/zorder-sql.txt 1 || 2014080 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Zorder zorder Parameter UPDATE SET SQL Injection Vulnerability || url,dl.packetstormsecurity.net/1111-exploits/zorder-sql.txt 1 || 2014081 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Zorder zorder Parameter INSERT INTO SQL Injection Vulnerability || url,dl.packetstormsecurity.net/1111-exploits/zorder-sql.txt 1 || 2014082 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SourceBans ajaxargs Parameter Local File Inclusion Attempt || url,dl.packetstormsecurity.net/1112-exploits/sourcebans-lfisql.txt 1 || 2014083 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Generic.pak!cobra Reporting || url,securelist.com/en/descriptions/24405309/Trojan.Win32.FakeAV.dlbc 1 || 2014084 || 5 || trojan-activity || 0 || ET TROJAN TROJAN Win32.OnlineGames.Bft Reporting || url,threatexpert.com/report.aspx?md5=e488fca95cb923a0ecd329642c076e0d || url,www.thespywaredetector.com/spywareinfo.aspx?ID=1874131 1 || 2014085 || 5 || trojan-activity || 0 || ET TROJAN TROJAN Win32-WebSec Reporting || url,threatexpert.com/report.aspx?md5=971e560b80e335ab88ef518b416d415a 1 || 2014086 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Planex Mini-300PU & Mini100s Cross-site Scripting Attempt || url,exploit-db.com/exploits/17114 1 || 2014087 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Zorder zorder Parameter SELECT FROM SQL Injection Vulnerability || url,dl.packetstormsecurity.net/1111-exploits/zorder-sql.txt 1 || 2014088 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Zorder zorder Parameter DELETE FROM SQL Injection Vulnerability || url,dl.packetstormsecurity.net/1111-exploits/zorder-sql.txt 1 || 2014090 || 6 || trojan-activity || 0 || ET TROJAN Suspicious user agent (V32) 1 || 2014091 || 2 || not-suspicious || 0 || ET POLICY Dyndns Client IP Check 1 || 2014092 || 2 || not-suspicious || 0 || ET POLICY Dyndns Client User-Agent 1 || 2014093 || 3 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Nurech Checkin UA 1 || 2014094 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole-like Java Exploit request to .jar?t= 1 || 2014095 || 4 || policy-violation || 0 || ET POLICY Kindle Fire Browser User-Agent Outbound || url,www.amazon.com/gp/product/B0051VVOB2%23silk 1 || 2014096 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Document.write Long Backslash UTF-16 Encoded Content - Exploit Kit Behavior Flowbit Set || url,www.kahusecurity.com/2011/elaborate-black-hole-infection/ 1 || 2014097 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Excessive new Array With Newline - Exploit Kit Behavior Flowbit Set || url,www.kahusecurity.com/2011/elaborate-black-hole-infection/ 1 || 2014098 || 4 || bad-unknown || 0 || ET DELETED Excessive JavaScript replace /g - Exploit Kit Behavior Flowbit Set 1 || 2014099 || 3 || trojan-activity || 0 || ET TROJAN Exploit Kit Delivering Office File to Client 1 || 2014100 || 3 || attempted-user || 0 || ET WEB_SERVER ASP.NET Forms Authentication Bypass || cve,2011-3416 1 || 2014101 || 2 || trojan-activity || 0 || ET TROJAN Blackshades Payload Download Command 1 || 2014102 || 3 || not-suspicious || 0 || ET POLICY FACEBOOK user id in http_client_body, lookup with fb.com/profile.php?id= 1 || 2014103 || 2 || web-application-activity || 0 || ET WEB_SERVER Unusually Fast HTTP Requests With Referrer Url Matching DoS Tool || url,community.qualys.com/blogs/securitylabs/2012/01/05/slow-read 1 || 2014104 || 2 || trojan-activity || 0 || ET DELETED Zeus POST Request to CnC - content-type variation 1 || 2014105 || 4 || trojan-activity || 0 || ET TROJAN Zeus Bot GET to Google checking Internet connectivity using proxy || url,www.secureworks.com/research/threats/zeus/?threat=zeus || url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html 1 || 2014106 || 3 || trojan-activity || 0 || ET DELETED Zeus POST Request to CnC - content-type variation 1 || 2014107 || 3 || trojan-activity || 0 || ET TROJAN Zeus POST Request to CnC - cookie variation || url,zeustracker.abuse.ch/monitor.php?search=209.59.216.103 1 || 2014108 || 1 || trojan-activity || 0 || ET TROJAN PoisonIvy.Eu6 Keepalive to CnC 1 || 2014109 || 2 || trojan-activity || 0 || ET DELETED Backdoor.Win32.Gh0st.QQ Checkin || url,www.threatexpert.com/report.aspx?md5=899feda736be77a39d05f0a5002048f0 1 || 2014110 || 4 || trojan-activity || 0 || ET DELETED Backdoor.Win32.Gh0st.QQ Checkin 2 || url,www.threatexpert.com/report.aspx?md5=899feda736be77a39d05f0a5002048f0 1 || 2014111 || 6 || trojan-activity || 0 || ET TROJAN Win32.UFRStealer.A issuing MKD command FTP || url,www.threatexpert.com/report.aspx?md5=a251ef38f048d695eae52626e57d617d 1 || 2014112 || 3 || trojan-activity || 0 || ET TROJAN W32.Menti/TrojanClicker.Agent.NII Checkin || url,blog.eset.com/2012/03/17/drive-by-ftp-a-new-view-of-cve-2011-3544 1 || 2014113 || 4 || trojan-activity || 0 || ET TROJAN Win32-Dynamer.dtc Reporting || url,microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Dynamer!dtc || md5,989ba48e0a9e39b4b6fc5c6bf400c41b 1 || 2014114 || 4 || trojan-activity || 0 || ET TROJAN Delf/Troxen/Zema Reporting 1 || md5,3d18363a20882bd74ae7e0f68d3ed8ef 1 || 2014115 || 3 || trojan-activity || 0 || ET TROJAN Delf/Troxen/Zema Reporting 2 || md5,3d18363a20882bd74ae7e0f68d3ed8ef 1 || 2014116 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent build - possibly Delf/Troxen/Zema || md5,3d18363a20882bd74ae7e0f68d3ed8ef 1 || 2014117 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Dropper.Win32.Dapato Checkin || url,www.threatexpert.com/report.aspx?md5=8eaf3b7b72a9af5a85d01b674653ccac || url,camas.comodo.com/cgi-bin/submit?file=31c027c13105e23af64b1b02882fb2b8300fdf7f511bb4c63c71f9b09c75dd6c 1 || 2014118 || 2 || successful-admin || 0 || ET TROJAN Cythosia V2 DDoS WebPanel Hosted Locally || url,blog.webroot.com/2012/01/09/a-peek-inside-the-cythosia-v2-ddos-bot/ 1 || 2014119 || 3 || trojan-activity || 0 || ET TROJAN W32/Lici Initial Checkin || md5,2f4d35e797249e837159ff60b827c601 1 || 2014120 || 3 || trojan-activity || 0 || ET MALWARE Win32/Eorezo-B Adware Checkin || md5,6631bb8d95906decc7e6f7c51f6469e6 1 || 2014121 || 2 || trojan-activity || 0 || ET TROJAN Win32/Nuclear Checkin || md5,bd4af162f583899eeb6ce574863b4db6 1 || 2014122 || 3 || trojan-activity || 0 || ET MALWARE W32/OpenCandy Adware Checkin 1 || 2014123 || 2 || policy-violation || 0 || ET POLICY Softango.com Installer Checking For Update 1 || 2014124 || 3 || policy-violation || 0 || ET POLICY Softango.com Installer POSTing Data 1 || 2014125 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Help and Control Panel Exploit Request || url,jsunpack.jeek.org/?report=2b1d42ba5b47676db4864855ac239a73fb8217ff 1 || 2014126 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole Likely Flash Exploit Request /field.swf 1 || 2014127 || 1 || not-suspicious || 0 || ET POLICY Splashtop Remote Control Checkin || url,www.splashtop.com 1 || 2014128 || 1 || not-suspicious || 0 || ET POLICY Splashtop Remote Control Session Start Request || url,www.splashtop.com 1 || 2014129 || 1 || not-suspicious || 0 || ET POLICY Splashtop Remote Control Session Keepalive || url,www.splashtop.com 1 || 2014131 || 3 || trojan-activity || 0 || ET TROJAN W32/Ramnit Initial CnC Connection || url,contagiodump.blogspot.com/2012/01/blackhole-ramnit-samples-and-analysis.html 1 || 2014133 || 4 || trojan-activity || 0 || ET TROJAN W32/Jiwerks.A Checkin || md5,0e47c711d9edee337575b6dbef850514 1 || 2014135 || 3 || trojan-activity || 0 || ET TROJAN Zeus/Reveton checkin to /images.rar || md5,2697e2b81ba1c90fcd32e24715fcf40a 1 || 2014136 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Version Check with hidden applet 1 || 2014137 || 3 || trojan-activity || 0 || ET MALWARE Common Adware Library ISX User Agent Detected || url,www.dateiliste.com/d3files/tools/mphider/isxdl.htm 1 || 2014138 || 2 || trojan-activity || 0 || ET DELETED DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested class.class 1 || 2014139 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Query to Known CnC Domain msnsolution.nicaze.net || md5,89332c92d0360095e2dda8385d400258 1 || 2014140 || 5 || attempted-dos || 0 || ET WEB_SERVER LOIC Javascript DDoS Inbound || url,isc.sans.org/diary/Javascript+DDoS+Tool+Analysis/12442 || url,www.wired.com/threatlevel/2012/01/anons-rickroll-botnet 1 || 2014141 || 4 || attempted-dos || 0 || ET CURRENT_EVENTS LOIC Javascript DDoS Outbound || url,isc.sans.org/diary/Javascript+DDoS+Tool+Analysis/12442 || url,www.wired.com/threatlevel/2012/01/anons-rickroll-botnet 1 || 2014142 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Driveby Delivered Malicious PDF 1 || 2014143 || 1 || trojan-activity || 0 || ET DELETED PoisonIvy.Esf Keepalive to CnC || md5,e6ca06e9b000933567a8604300094a85 1 || 2014144 || 1 || trojan-activity || 0 || ET DELETED PoisonIvy.Eks Keepalive to CnC || md5,9a494e7a48436e6defcb44dd6f053b33 1 || 2014145 || 1 || trojan-activity || 0 || ET TROJAN PoisonIvy.Ehy Keepalive to CnC || md5,d2311b7208d563ac59c9114f5d422441 1 || 2014146 || 1 || trojan-activity || 0 || ET TROJAN Win32/Spy.Banker Reporting Via SMTP 1 || 2014147 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Sakura Exploit Kit Landing Page Request || url,xylibox.blogspot.com/2012/01/sakura-exploit-pack-10.html 1 || 2014148 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Sakura Exploit Kit Binary Load Request 1 || 2014149 || 4 || trojan-activity || 0 || ET INFO Possible URL List or Clickfraud URLs Delivered To Client 1 || 2014150 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Trojan NgrBot 1 || 2014151 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Known Malicious Link Leading to Exploit Kits (t.php?id=is1) 1 || 2014152 || 3 || trojan-activity || 0 || ET TROJAN Gozi Checkin to CnC 1 || 2014153 || 3 || attempted-dos || 0 || ET CURRENT_EVENTS High Orbit Ion Cannon (HOIC) Attack Inbound Generic Detection Double Spaced UA || url,blog.spiderlabs.com/2012/01/hoic-ddos-analysis-and-detection.html 1 || 2014154 || 4 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY PDF Containing Subform with JavaScript 1 || 2014155 || 5 || attempted-user || 0 || ET CURRENT_EVENTS JavaScript Obfuscation JSXX Script || cve,2012-0003 || url,eromang.zataz.com/2012/10/22/gong-da-gondad-exploit-pack-evolutions/ 1 || 2014156 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Microsoft Windows Media component specific exploit || cve,2012-0003 1 || 2014157 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 4 1 || 2014158 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 4 1 || 2014159 || 2 || trojan-activity || 0 || ET DELETED Blackhole Rhino Java Exploit request to /content/rino.jar || cve,CVE-2011-0611 1 || 2014160 || 2 || trojan-activity || 0 || ET DELETED Blackhole OBE Java Exploit request to /content/obe.jar || cve,CVE-2010-0840 || cve,CVE-2010-0842 1 || 2014161 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/FakeTimer.A Reporting to CnC || url,about-threats.trendmicro.com/Malware.aspx?language=uk&name=ANDROIDOS_FAKETIMER.A || url,anubis.iseclab.org/?action=result&task_id=1ba82b938005acea4ddefc8eff1f4db06 || md5,cf9ba4996531d40402efe268c7efda91 || md5,537f190d3d469ad1f178024940affcb5 1 || 2014162 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/SndApps.SM Sending Information to CnC || url,about-threats.trendmicro.com/Malware.aspx?language=uk&name=ANDROIDOS_SNDAPPS.SM 1 || 2014163 || 8 || trojan-activity || 0 || ET TROJAN Bifrose/Cycbot Checkin 2 || md5,8c4f90bb59c05269c6c6990ec434eab6 1 || 2014164 || 2 || trojan-activity || 0 || ET TROJAN W32/DelfInject.A CnC Checkin 2 || md5,d8c2f31493692895c45d620723e9a8c3 1 || 2014165 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent MyAgrent || md5,75c2f3168eca26e10bd5b2f3f0e2a8c5 1 || 2014166 || 2 || trojan-activity || 0 || ET TROJAN W32/Mentory CnC Server Providing Update Details || md5,6724bb601611dcc0140960c59c7b3393 1 || 2014167 || 2 || trojan-activity || 0 || ET TROJAN W32/Mentory CnC Server Providing File Info Details || md5,6724bb601611dcc0140960c59c7b3393 1 || 2014168 || 3 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY Unknown Landing Page Received 1 || 2014169 || 1 || trojan-activity || 0 || ET POLICY DNS Query for .su TLD (Soviet Union) Often Malware Related || url,www.abuse.ch/?p=3581 1 || 2014170 || 2 || trojan-activity || 0 || ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related || url,www.abuse.ch/?p=3581 1 || 2014171 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Styx Exploit Kit Landing 1 || 2014172 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS TROJAN ClickCounter Connectivity Check 1 || 2014173 || 3 || trojan-activity || 0 || ET TROJAN Win32/Cryptrun.B Connectivity check || url,blog.9bplus.com/kim-jong-il-pdf-malware 1 || 2014174 || 4 || trojan-activity || 0 || ET TROJAN Win32/Cryptrun.B/MSUpdater C&C traffic 1 || url,blog.9bplus.com/kim-jong-il-pdf-malware || url,www.seculert.com/reports/MSUpdaterTrojanWhitepaper.pdf || url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html || url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html 1 || 2014175 || 3 || trojan-activity || 0 || ET TROJAN Win32.MSUpdater C&C traffic GET || url,www.seculert.com/reports/MSUpdaterTrojanWhitepaper.pdf || url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html || url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html 1 || 2014176 || 3 || trojan-activity || 0 || ET DELETED Incognito/Sakura exploit kit landing page with obfuscated URLs 1 || 2014177 || 5 || trojan-activity || 0 || ET DELETED Incognito/Sakura exploit kit binary download request 1 || 2014178 || 2 || trojan-activity || 0 || ET DELETED Unknown Malware Checkin Possibly ZeuS || url,anubis.iseclab.org/?action=result&task_id=1c19710e150ee00941148dee842a02976 1 || 2014179 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla mod_currencyconverter from Cross Site Scripting Attempt || url,packetstormsecurity.org/files/109337/Joomla-Currency-Converter-Cross-Site-Scripting.html 1 || 2014180 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SAPID get_infochannel.inc.php Remote File inclusion Attempt || url,packetstormsecurity.org/files/108488/sapidstable-rfi.txt 1 || 2014181 || 5 || trojan-activity || 0 || ET DELETED Malicious file BaiduPlayer1.0.21.25.exe download 1 || 2014182 || 3 || trojan-activity || 0 || ET DELETED Malicious getpvstat.php file Reporting 1 || 2014183 || 4 || trojan-activity || 0 || ET MALWARE Malicious ad_track.php file Reporting 1 || 2014184 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBBY nouvelles.php id Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/109169/IBBY-SQL-Injection.html 1 || 2014185 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBBY nouvelles.php id Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/109169/IBBY-SQL-Injection.html 1 || 2014186 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBBY nouvelles.php id Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/109169/IBBY-SQL-Injection.html 1 || 2014187 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBBY nouvelles.php id Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/109169/IBBY-SQL-Injection.html 1 || 2014188 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBBY nouvelles.php id Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/109169/IBBY-SQL-Injection.html 1 || 2014189 || 3 || trojan-activity || 0 || ET DELETED Likely Blackhole Exploit Kit Driveby ?id Download Secondary Request 1 || 2014190 || 2 || trojan-activity || 0 || ET MALWARE W32/OpenTrio User-Agent (Open3) 1 || 2014191 || 4 || trojan-activity || 0 || ET TROJAN W32/118GotYourNo Reporting to CnC 1 || 2014192 || 3 || trojan-activity || 0 || ET MALWARE W32/MediaGet Checkin 1 || 2014193 || 2 || trojan-activity || 0 || ET TROJAN W32/VPEYE Trojan Downloader User-Agent (VP-EYE Downloader) 1 || 2014194 || 4 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit JavaScript colon string splitting 1 || 2014195 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 5 1 || 2014196 || 3 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /content/rin.jar 1 || 2014197 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Yang Pack Exploit Kit Landing Page Known JavaScript Function Detected || url,www.kahusecurity.com/2012/chinese-exploit-packs/ 1 || 2014198 || 6 || trojan-activity || 0 || ET TROJAN ZeuS - ICE-IX cid= in cookie 1 || 2014199 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Kit Exploiting IEPeers || url,www.kahusecurity.com/2011/cve-2011-2140-caught-in-the-wild/ || cve,2010-0806 1 || 2014200 || 4 || trojan-activity || 0 || ET TROJAN Dapato/Cleaman Checkin || md5,1d26f4c1cfedd3d34b5067726a0460b0d || md5,45b3b6fcb666c93e305dba35832e1d42 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FCleaman.G 1 || 2014201 || 3 || misc-activity || 0 || ET POLICY Outbound HTTP Connection From Cisco IOS Device 1 || 2014202 || 2 || misc-activity || 0 || ET POLICY File Being Uploaded to SendSpace File Hosting Site 1 || 2014203 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CUTE-IE.html CutePack Exploit Kit Landing Page Request || url,www.kahusecurity.com/2012/chinese-exploit-packs/ 1 || 2014204 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS CutePack Exploit Kit JavaScript Variable Detected || url,www.kahusecurity.com/2012/chinese-exploit-packs/ 1 || 2014205 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS CUTE-IE.html CutePack Exploit Kit Iframe for Landing Page Detected || url,www.kahusecurity.com/2012/chinese-exploit-packs/ 1 || 2014206 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS CutePack Exploit Kit Landing Page Detected || url,www.kahusecurity.com/2012/chinese-exploit-packs/ 1 || 2014207 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Likely MS12-004 midiOutPlayNextPolyEvent Heap Overflow Midi Filename Requested baby.mid || cve,2012-0003 1 || 2014208 || 2 || trojan-activity || 0 || ET TROJAN TLD4 Purple Haze Variant Initial CnC Request for Ad Servers || url,contagiodump.blogspot.com/2012/02/purple-haze-bootkit.html 1 || 2014209 || 3 || trojan-activity || 0 || ET TROJAN Sykipot SSL Certificate serial number detected || url,labs.alienvault.com/labs/index.php/2011/are-the-sykipots-authors-obsessed-with-next-generation-us-drones/ 1 || 2014210 || 1 || trojan-activity || 0 || ET TROJAN Sykipot SSL Certificate subject emailAddress detected || url,labs.alienvault.com/labs/index.php/2011/are-the-sykipots-authors-obsessed-with-next-generation-us-drones/ 1 || 2014211 || 2 || trojan-activity || 0 || ET TROJAN MSUpdater alt checkin to CnC || url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html || url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html 1 || 2014212 || 3 || trojan-activity || 0 || ET TROJAN MSUpdater POST checkin to CnC || url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html || url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html 1 || 2014213 || 2 || trojan-activity || 0 || ET TROJAN MSUpdater Connectivity Check to Google || url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html || url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html 1 || 2014214 || 2 || trojan-activity || 0 || ET DELETED MSUpdater post-auth checkin || url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html || url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html 1 || 2014215 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Plankton.P Commands Request to CnC Server || url,about-threats.trendmicro.com/Malware.aspx?language=uk&name=ANDROIDOS_PLANKTON.P 1 || 2014216 || 2 || trojan-activity || 0 || ET TROJAN Delf/Troxen/Zema controller responding to client 1 || 2014217 || 3 || trojan-activity || 0 || ET TROJAN Delf/Troxen/Zema controller delivering clickfraud instructions 1 || 2014218 || 5 || trojan-activity || 0 || ET TROJAN Zeus POST Request to CnC sk1 and bn1 post parameters 1 || 2014219 || 4 || trojan-activity || 0 || ET TROJAN TSPY_SPCESEND.A Checkin || url,blog.trendmicro.com/malware-uses-sendspace-to-store-stolen-documents/ 1 || 2014220 || 7 || trojan-activity || 0 || ET DELETED TDS Sutra Exploit Kit Redirect Received 1 || 2014221 || 3 || trojan-activity || 0 || ET DELETED Unknown HTTP CnC Checkin 1 || 2014222 || 2 || trojan-activity || 0 || ET TROJAN QDIGIT Trojan Protocol detected || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf 1 || 2014223 || 4 || trojan-activity || 0 || ET TROJAN UPDATE Protocol Trojan Communication detected on http ports || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf 1 || 2014224 || 4 || trojan-activity || 0 || ET TROJAN UPDATE Protocol Trojan Communication detected on non-http ports || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf 1 || 2014225 || 2 || trojan-activity || 0 || ET TROJAN LURK Trojan Communication Protocol detected || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf 1 || 2014226 || 2 || trojan-activity || 0 || ET TROJAN IP2B Trojan Communication Protocol detected || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf 1 || 2014227 || 2 || trojan-activity || 0 || ET TROJAN BB Trojan Communication Protocol detected || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf 1 || 2014228 || 7 || trojan-activity || 0 || ET TROJAN Backdoor Win32.Idicaf/Atraps || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf 1 || 2014229 || 3 || trojan-activity || 0 || ET TROJAN NfLog Checkin || url,contagiodump.blogspot.com/2012/02/feb-9-cve-2011-1980-msoffice-dll.html 1 || 2014230 || 5 || trojan-activity || 0 || ET TROJAN Karagany/Kazy Obfuscated Payload Download || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FKaragany.I || url,www.virustotal.com/file/6c7ae03b8b660826f0c58bbec4208bf03e704201131b3b5c5709e5837bfdd218/analysis/1334672726/ 1 || 2014231 || 3 || trojan-activity || 0 || ET TROJAN UPDATE Protocol Trojan Communication detected on non-http ports 2 1 || 2014232 || 3 || trojan-activity || 0 || ET TROJAN UPDATE Protocol Trojan Communication detected on http ports 2 1 || 2014233 || 3 || network-scan || 0 || ET POLICY ASafaWeb Scan User-Agent (asafaweb.com) || url,asafaweb.com 1 || 2014234 || 10 || trojan-activity || 0 || ET TROJAN Fareit/Pony Downloader Checkin 3 || md5,dcc2c110e509fa777ab1460f665bd137 || url,www.threatexpert.com/report.aspx?md5=9544c681ae5c4fe3fdbd4d5c6c90e38e || url,www.threatexpert.com/report.aspx?md5=d50c39753ba88daa00bc40848f174168 || url,www.threatexpert.com/report.aspx?md5=bf422f3aa215d896f55bbe2ebcd25d17 1 || 2014235 || 12 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - info.exe 1 || 2014236 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - contacts.exe 1 || 2014237 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - calc.exe 1 || 2014238 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - about.exe 1 || 2014239 || 3 || trojan-activity || 0 || ET TROJAN W32.Duptwux/Ganelp FTP Username - onthelinux 1 || 2014240 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Win32/Cridex.B Self Signed SSL Certificate (root@ks310208.kimsufi.com) 1 || 2014241 || 7 || bad-unknown || 0 || ET DELETED DRIVEBY Generic - Java Exploit Obfuscated With Allatori 1 || 2014242 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Trojan Stream request /stream? 1 || 2014243 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Java Rhino Scripting Engine Exploit Downloaded 1 || 2014244 || 1 || bad-unknown || 0 || ET DELETED Blackhole Java applet with obfuscated URL 2 1 || 2014245 || 3 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request similar to /content/jav.jar 1 || 2014246 || 3 || trojan-activity || 0 || ET DELETED Sefnit Checkin 3 1 || 2014247 || 2 || trojan-activity || 0 || ET TROJAN Sefnit Checkin 4 1 || 2014248 || 2 || trojan-activity || 0 || ET TROJAN Sefnit Checkin 5 1 || 2014249 || 4 || trojan-activity || 0 || ET MALWARE W32/GameplayLabs.Adware Installer Checkin 1 || 2014250 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jreactions mosConfig_absolute_path Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/95431/Joomla-Jreactions-Remote-File-Inclusion.html 1 || 2014251 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grady Levkov id Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/109814/Grady-Levkov-Cross-Site-Scripting.html 1 || 2014252 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Membership Site Manager Script key Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/108687/PHP-Membership-Site-Manager-Script-Cross-Site-Scripting.html 1 || 2014253 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfile file.php id Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html 1 || 2014254 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfile file.php id Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html 1 || 2014255 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfile file.php id Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html 1 || 2014256 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfile file.php id Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html 1 || 2014257 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfile file.php id Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html 1 || 2014258 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_visa controller Local File Inclusion Attempt || url,packetstormsecurity.org/files/109214/Joomla-Visa-SQL-Injection-Local-File-Inclusion.html 1 || 2014259 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_eventcal mosConfig_absolute_path Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/94983/Joomla-Eventcal-Remote-File-Inclusion.html 1 || 2014260 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde 3.3.12 Backdoor Attempt || cve,2012-0209 1 || 2014261 || 2 || trojan-activity || 0 || ET MALWARE W32/PlaySushi User-Agent || md5,039815a7cb0b7ee52b753a9b79006f97 1 || 2014262 || 4 || trojan-activity || 0 || ET MALWARE AdWare.Win32.Sushi.au Checkin || md5,3aad2075e00d5169299a0a8889afa30b || url,www.securelist.com/en/descriptions/24412036/not-a-virus%3aAdWare.Win32.Sushi.au 1 || 2014263 || 2 || trojan-activity || 0 || ET TROJAN W32/Pasta.IK Checkin || md5,1a13d56365e864aba54967d4745ab660 1 || 2014264 || 6 || policy-violation || 0 || ET POLICY IP Geo Location Request || md5,0e2c46dc89dceb14e7add66cbfe8a2f8 1 || 2014265 || 4 || policy-violation || 0 || ET POLICY IP geo location service response || md5,0e2c46dc89dceb14e7add66cbfe8a2f8 1 || 2014266 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Win32.NfLog Checkin (TTip) || url,contagiodump.blogspot.com/2012/02/feb-9-cve-2011-1980-msoffice-dll.html 1 || 2014267 || 1 || trojan-activity || 0 || ET TROJAN Query for Known Hostile *test.3322.org.cn Domain || url,www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814 || md5,e4afcee06ddaf093982f80dafbf9c447 1 || 2014268 || 1 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.RShot Checkin || md5,c0aadd5594d340d8a4909d172017e5d0 1 || 2014269 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.RShot HTTP Checkin || md5,c0aadd5594d340d8a4909d172017e5d0 1 || 2014270 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.RShot Ping Outbound || md5,c0aadd5594d340d8a4909d172017e5d0 1 || 2014271 || 1 || trojan-activity || 0 || ET TROJAN Win32/Cutwail.BE Checkin 1 || md5,3d766c4d53188eb8173a5dc3cfc4e317 || md5,289f457083e8f59520b31a7ea13d16ec 1 || 2014272 || 1 || trojan-activity || 0 || ET TROJAN Win32/Cutwail.BE Checkin 2 || md5,3d766c4d53188eb8173a5dc3cfc4e317 || md5,289f457083e8f59520b31a7ea13d16ec 1 || 2014273 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32/DarkComet Second Stage Download Request || url,blog.trendmicro.com/darkcomet-surfaced-in-the-targeted-attacks-in-syrian-conflict/ 1 || 2014274 || 1 || attempted-admin || 0 || ET CURRENT_EVENTS Blackhole Tax Landing Page with JavaScript Attack 1 || 2014275 || 4 || trojan-activity || 0 || ET TROJAN W32/Rovnix Activity || url,blog.eset.com/2012/02/22/rovnix-reloaded-new-step-of-evolution 1 || 2014276 || 4 || trojan-activity || 0 || ET TROJAN W32/Rovnix Downloading Config File From CnC || url,blog.eset.com/2012/02/22/rovnix-reloaded-new-step-of-evolution 1 || 2014277 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query for try2check.me Carder Tool || url,cert.xmco.fr/blog/index.php?post/2012/02/23/Try2check.me%2C-le-maillon-fort 1 || 2014278 || 2 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /content/jav2.jar 1 || 2014279 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 6 1 || 2014280 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 6 1 || 2014281 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Java Applet with Obfuscated URL 2 1 || 2014282 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Download Secondary Request ?pagpag 1 || 2014283 || 3 || trojan-activity || 0 || ET TROJAN Trustezeb Checkin to CnC || url,www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=417 1 || 2014284 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Exploit Pack HCP exploit 4 1 || 2014285 || 4 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .ch.vu Domain || url,google.com/safebrowsing/diagnostic?site=ch.vu 1 || 2014288 || 2 || trojan-activity || 0 || ET TROJAN Java Archive sent when remote host claims to send an image 1 || 2014289 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a 3322.org.cn Domain 1 || 2014290 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.PEx.942728546 Checkin || md5,25e9e3652e567e70fba00c53738bdf74 || url,threatcenter.crdf.fr/?More&ID=74977&D=CRDF.Backdoor.Win32.PEx.942728546 1 || 2014291 || 4 || trojan-activity || 0 || ET TROJAN W32/Backdoor.Kbot Config Retrieval || md5,b8ee86e57261fd3fb422a2b20a3c3e09 1 || 2014292 || 2 || trojan-activity || 0 || ET POLICY External IP Lookup 1 || 2014293 || 3 || trojan-activity || 0 || ET TROJAN Smart Fortress FakeAV/Kryptik.ABNC Checkin || md5,1ddfc3f3a804f0844c5fdf49dc10562a6 || url,support.kaspersky.com/viruses/rogue/description?qid=208286259 1 || 2014294 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS High Probability Blackhole Landing with catch qq 1 || 2014295 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Java Atomic Exploit Downloaded 1 || 2014296 || 2 || web-application-attack || 0 || ET WEB_SERVER eval/base64_decode Exploit Attempt Inbound 1 || 2014297 || 25 || bad-unknown || 0 || ET POLICY Vulnerable Java Version 1.7.x Detected || url,javatester.org/version.html 1 || 2014298 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole obfuscated Javascript 171 charcodes >= 48 1 || 2014299 || 2 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /content/viewer.jar 1 || 2014300 || 1 || trojan-activity || 0 || ET TROJAN Win32/Kryptik.ABUD Checkin || md5,00b714468f1bc2254559dd8fd84186f1 1 || 2014301 || 9 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - readme.exe 1 || 2014302 || 2 || trojan-activity || 0 || ET TROJAN Suspicious HTTP Referrer C Drive Path || md5,8ef81f2555725f7eeae00b3e31229e0e 1 || 2014303 || 2 || trojan-activity || 0 || ET TROJAN W32/Koobface Variant Checkin Attempt || md5,62aa9e798746e586fb1f03459a970104 1 || 2014304 || 3 || misc-activity || 0 || ET POLICY External IP Lookup Attempt To Wipmania || md5,b318988249cd8e8629b4ef8a52760b65 1 || 2014305 || 3 || trojan-activity || 0 || ET TROJAN W32/TCYWin.Downloader User-Agent || md5,4cfe5674d9f33804572ae0d14f0c941b 1 || 2014306 || 3 || trojan-activity || 0 || ET TROJAN W32/Backdoor.BlackMonay Checkin || md5,4a203e37caa2e04671388341419bda69 1 || 2014307 || 4 || trojan-activity || 0 || ET TROJAN W32/SelfStarterInternet.InfoStealer Checkin || md5,67c748f3ecc0278f1f94596f86edc509 1 || 2014308 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Obfuscated Content Using Dadongs JSXX 0.41 VIP Obfuscation Script || url,www.kahusecurity.com/2012/chinese-pack-using-dadongs-jsxx-vip-script/ 1 || 2014309 || 3 || trojan-activity || 0 || ET TROJAN W32/LockScreen Scareware Geolocation Request || url,www.abuse.ch/?p=3610 || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_police_trojan.pdf 1 || 2014310 || 5 || trojan-activity || 0 || ET TROJAN RegSubsDat Checkin || url,www.secureworks.com/research/threats/sindigoo/ 1 || 2014312 || 2 || trojan-activity || 0 || ET TROJAN W32/NSIS.TrojanDownloader Second Stage Download Instructions from Server || md5,3ce5da32903b52394cff2517df51f599 1 || 2014313 || 8 || not-suspicious || 0 || ET POLICY Executable Download From DropBox 1 || 2014314 || 7 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY Incognito Payload Download /load/*exe 1 || 2014315 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Incognito libtiff PDF Exploit Requested 1 || 2014316 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Incognito libtiff PDF Exploit Recieved 1 || 2014317 || 2 || trojan-activity || 0 || ET TROJAN ZeuS Clickfraud List Delivered To Client 1 || 2014318 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Clickpayz redirection to *.clickpayz.com 1 || 2014319 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Dadong Java Exploit Requested 1 || 2014320 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ButorWiki service Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/109852/ButorWiki-Cross-Site-Scripting.html 1 || 2014321 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS b2evolution inc_path Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/100798/b2evolution-4.0.5-Remote-File-Inclusion.html 1 || 2014322 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS b2evolution skins_path Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/100798/b2evolution-4.0.5-Remote-File-Inclusion.html 1 || 2014323 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_bch controller Local File Inclusion Attempt || url,packetstormsecurity.org/files/109025/Joomla-BCH-Local-File-Inclusion.html 1 || 2014324 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fork-CMS js.php module parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.html 1 || 2014325 || 3 || attempted-user || 0 || ET ACTIVEX ASUS Net4Switch ipswcom.dll ActiveX Stack Buffer Overflow || url,packetstormsecurity.org/files/110296/ASUS-Net4Switch-ipswcom.dll-ActiveX-Stack-Buffer-Overflow.html 1 || 2014326 || 2 || attempted-user || 0 || ET ACTIVEX ASUS Net4Switch ActiveX CxDbgPrint Format String Function Call Attempt || url,packetstormsecurity.org/files/110296/ASUS-Net4Switch-ipswcom.dll-ActiveX-Stack-Buffer-Overflow.html 1 || 2014327 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS starCMS q parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/110376/starCMS-Cross-Site-Scripting.html 1 || 2014328 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_boss controller Local File Inclusion Attempt || url,packetstormsecurity.org/files/108905/Joomla-Boss-Local-File-Inclusion.html 1 || 2014329 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snipsnap search Cross Site Scripting Attempt || url,packetstormsecurity.org/files/109543/Snipsnap-Cross-Site-Scripting.html 1 || 2014330 || 3 || trojan-activity || 0 || ET TROJAN Kelihos/Hlux GET jucheck.exe from CnC || url,www.abuse.ch/?p=3658 1 || 2014331 || 1 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Genome.aetqe Checkin || md5,700b7a81d1460a652e5f9f06fc54dcd6 1 || 2014332 || 1 || policy-violation || 0 || ET POLICY Coral Web Proxy/Content Distribution Net Use || url,en.wikipedia.org/wiki/Coral_Content_Distribution_Network 1 || 2014333 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS OSX/Flashback Checkin via Twitter Hashtag Pepbyfadxeoa || url,blog.intego.com/flashback-mac-malware-uses-twitter-as-command-and-control-center/ 1 || 2014334 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Compromised Wordpress Redirect || url,community.websense.com/blogs/securitylabs/archive/2012/03/02/mass-injection-of-wordpress-sites.aspx 1 || 2014335 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Adobe Flash Player Malformed MP4 Remote Code Execution Attempt || url,contagiodump.blogspot.com/2012/03/mar-2-cve-2012-0754-irans-oil-and.html || bid,52034 || cve,2012-0754 1 || 2014336 || 3 || trojan-activity || 0 || ET TROJAN Yayih.A Checkin || url,contagiodump.blogspot.com/2012/03/mar-2-cve-2012-0754-irans-oil-and.html 1 || 2014337 || 2 || attempted-user || 0 || ET CURRENT_EVENTS RougeAV Wordpress Injection Campaign Compromised Page Served to Local Client || url,community.websense.com/blogs/securitylabs/archive/2012/03/05/mass-injection-of-wordpress-sites.aspx 1 || 2014338 || 3 || successful-admin || 0 || ET CURRENT_EVENTS RougeAV Wordpress Injection Campaign Compromised Page Served From Local Compromised Server || url,community.websense.com/blogs/securitylabs/archive/2012/03/05/mass-injection-of-wordpress-sites.aspx 1 || 2014339 || 2 || trojan-activity || 0 || ET MALWARE W32/GameVance Adware Checkin || md5,2609c78efbc325d1834e49553a9a9f89 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3aWin32/GameVance 1 || 2014340 || 4 || trojan-activity || 0 || ET MALWARE W32/GameVance Adware User Agent || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3aWin32/GameVance 1 || 2014341 || 2 || trojan-activity || 0 || ET POLICY Installshield One Click Install User-Agent Toys File || md5,22d3165c0e80ba50bc6a42a2e82b2874 1 || 2014342 || 4 || trojan-activity || 0 || ET POLICY Snadboy.com Products User-Agent || md5,26a813eadbf11a1dfc2e63dc7dc87480 1 || 2014343 || 2 || bad-unknown || 0 || ET TROJAN SMTP Subject Line Contains C Path and EXE Possible Trojan Reporting Execution Path/Binary Name || md5,24e937b9f3fd6a04dde46a2bc75d4b18 1 || 2014344 || 2 || trojan-activity || 0 || ET TROJAN W32/Coced.PasswordStealer User-Agent 5.0 || md5,24e937b9f3fd6a04dde46a2bc75d4b18 1 || 2014345 || 3 || trojan-activity || 0 || ET POLICY Suspicious User Agent UpdateSoft || md5,254efc77c18eb2f427d2a3920e07c2e8 1 || 2014346 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS INBOUND Blackhole Java Exploit request similar to /content/jav.jar 1 || 2014347 || 5 || trojan-activity || 0 || ET TROJAN Peed Checkin || md5,142ff7d3d931ecfa9a06229842ceefc4 || md5,df690cbf6e33e9ee53fdcfc456dc4c1f 1 || 2014348 || 2 || trojan-activity || 0 || ET TROJAN RevProxy ClientHello || md5,5d6f186f10acf5f21a3498601465cf40 1 || 2014349 || 2 || trojan-activity || 0 || ET DELETED RevProxy ServerRespone || md5,5d6f186f10acf5f21a3498601465cf40 1 || 2014350 || 2 || trojan-activity || 0 || ET DELETED RevProxy ClientPing || md5,5d6f186f10acf5f21a3498601465cf40 1 || 2014351 || 3 || trojan-activity || 0 || ET DELETED RevProxy CnC List Request || md5,5d6f186f10acf5f21a3498601465cf40 1 || 2014352 || 3 || attempted-admin || 0 || ET WEB_SERVER Possible SQL Injection Attempt char() Danmec related 1 || 2014353 || 3 || trojan-activity || 0 || ET MALWARE W32/MediaGet.Adware Installer Download || url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=860182 || md5,39c1769c39f61dd2ec009de8374352c6 1 || 2014355 || 2 || trojan-activity || 0 || ET MALWARE W32/SoftonicDownloader.Adware User Agent || md5,1047b186bb2822dbb5907cd743069261 1 || 2014356 || 4 || trojan-activity || 0 || ET TROJAN W32/ProxyChanger.InfoStealer Checkin || url,67c9799940dce6b9af2e6f98f52afdf7 1 || 2014357 || 4 || trojan-activity || 0 || ET TROJAN W32/Kazy Checkin || md5,bb129d433271951abb0e5262060a4583 1 || 2014358 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Riern.K Checkin Off Port 1 || 2014359 || 7 || trojan-activity || 0 || ET POLICY DNSWatch.info IP Check 1 || 2014360 || 4 || trojan-activity || 0 || ET TROJAN Win32/Protux.B POST checkin || md5,53105ecf3cf6040039e16abb382fb836 1 || 2014361 || 2 || trojan-activity || 0 || ET TROJAN Win32/Protux.B Download Update || md5,53105ecf3cf6040039e16abb382fb836 1 || 2014362 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Likely Scalaxy Exploit Kit URL template download 1 || 2014363 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Lookup of Algorithm Generated Zeus CnC Domain (DGA) 1 || 2014364 || 2 || trojan-activity || 0 || ET TROJAN W32.Blocker Checkin || md5,1d8841128e63ed7e26200d4ed3bc8e05 1 || 2014365 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Graybird Checkin || md5,0fd68129ecbf68ad1290a41429ee3e73 || md5,11353f5bdbccdd59d241644701e858e6 1 || 2014366 || 4 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Post 1 || 2014367 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Banload Trojan Downloader Dropped Binary || md5,31bb4e0d67a5af96d5b5691966e25d73 1 || 2014368 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole qwe123 PDF 1 || 2014369 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Landing with prototype catch 1 || 2014370 || 3 || trojan-activity || 0 || ET TROJAN W32/GamesForum.InfoStealer Reporting to CnC 1 || 2014371 || 6 || trojan-activity || 0 || ET DELETED Possible Kelihos .eu CnC Domain Generation Algorithm (DGA) Lookup Detected 1 || 2014372 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Kelihos .eu CnC Domain Generation Algorithm (DGA) Lookup NXDOMAIN Response 1 || 2014373 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zeus .ru CnC Domain Generation Algorithm (DGA) Lookup NXDOMAIN Response 1 || 2014374 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zeus .info CnC Domain Generation Algorithm (DGA) Lookup NXDOMAIN Response 1 || 2014375 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zeus .biz CnC Domain Generation Algorithm (DGA) Lookup NXDOMAIN Response 1 || 2014376 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zeus .ru CnC Domain Generation Algorithm (DGA) Lookup Detected 1 || 2014377 || 2 || bad-unknown || 0 || ET DELETED Cutwail Landing Page WAIT PLEASE 1 || 2014378 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole/Cutwail Redirection Page 1 1 || 2014379 || 2 || bad-unknown || 0 || ET POLICY HTTP GET invalid method case outbound || url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html 1 || 2014381 || 2 || bad-unknown || 0 || ET POLICY HTTP HEAD invalid method case outbound || url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html 1 || 2014383 || 2 || attempted-admin || 0 || ET EXPLOIT Microsoft RDP Server targetParams Exploit Attempt || url,msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 1 || 2014384 || 8 || attempted-dos || 0 || ET DOS Microsoft Remote Desktop (RDP) Syn then Reset 30 Second DoS Attempt || cve,2012-0152 1 || 2014385 || 5 || not-suspicious || 0 || ET DOS Microsoft Remote Desktop (RDP) Syn/Ack Outbound Flowbit Set || cve,2012-0152 1 || 2014386 || 2 || not-suspicious || 0 || ET DOS Microsoft Remote Desktop (RDP) Session Established Flowbit Set || cve,2012-0152 1 || 2014387 || 1 || trojan-activity || 0 || ET TROJAN Generic Dropper User-Agent (XXXwww) 1 || 2014388 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_phocadownload folder Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/100406/Joomla-Phocadownload-Remote-File-Inclusion.html 1 || 2014389 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_adsmanager mosConfig_absolute_path Remote File inclusion Attempt || url,packetstorm.foofus.com/1012-exploits/joomlaadsmanager-rfi.txt 1 || 2014390 || 2 || attempted-user || 0 || ET ACTIVEX EdrawSoft Office Viewer Component ActiveX FtpUploadFile Stack Buffer Overflow || url,packetstormsecurity.org/files/109298/EdrawSoft-Office-Viewer-Component-ActiveX-5.6-Buffer-Overflow.html 1 || 2014391 || 2 || attempted-user || 0 || ET ACTIVEX EdrawSoft Office Viewer Component ActiveX FtpUploadFile Format String Function Call Attempt || url,packetstormsecurity.org/files/109298/EdrawSoft-Office-Viewer-Component-ActiveX-5.6-Buffer-Overflow.html 1 || 2014392 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_fundhelp controller Local File Inclusion Attempt || url,packetstormsecurity.org/files/109023/Joomla-Fundhelp-Local-File-Inclusion.html 1 || 2014393 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rule controller Local File Inclusion Attempt || url,packetstormsecurity.org/files/109026/Joomla-Rule-Local-File-Inclusion.html 1 || 2014394 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_kp controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/108917/Joomla-KP-Local-File-Inclusion.html 1 || 2014395 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Address Book from Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/110667/PHP-Address-Book-6.2.12-SQL-Injection-Cross-Site-Scripting.html 1 || 2014396 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Volusion Chat ID Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/110811/Volusion-Chat-Cross-Site-Scripting.html 1 || 2014397 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EJBCA issuer Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/110683/EJBCA-4.0.7-Cross-Site-Scripting-User-Enumeration.html 1 || 2014398 || 3 || trojan-activity || 0 || ET TROJAN Generic.KD.291903/Win32.TrojanClicker.Agent.NII Nconfirm Checkin || url,blog.eset.com/2012/03/17/drive-by-ftp-a-new-view-of-cve-2011-3544 1 || 2014399 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Spy.Win32.Zbot.djrm Checkin || md5,b895249cce7d2c27cb9c480feb36560c || md5,f70a5f52d4c0071963602c25b62865cb 1 || 2014400 || 3 || trojan-activity || 0 || ET MALWARE W32/LoudMo.Adware Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FLoudmo || md5,fc06c613e83f0d3271beba4fdcda987f 1 || 2014401 || 2 || trojan-activity || 0 || ET WORM W32/Rimecud /qvod/ff.txt Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FRimecud || md5,f97e1c4aefbd2595fcfeb0f482c47517 || md5,f96a29bcf6cba870efd8f7dd9344c39e || md5,fae8675502d909d6b546c111625bcfba 1 || 2014402 || 2 || trojan-activity || 0 || ET WORM W32/Rimecud wg.txt Checkin || md5,a89f7289d5cce821a194542e90026082 || md5,fd56ce176889d4fbe588760a1da6462b || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FRimecud 1 || 2014403 || 2 || trojan-activity || 0 || ET MALWARE W32/PaPaPaEdge.Adware/Gambling Poker-Edge Checkin || md5,f9d226bf9807c72432050f7dcb396b06 1 || 2014404 || 3 || trojan-activity || 0 || ET DELETED W32/Bifrose.Backdoor Checkin Attempt via Facebook || md5,61661202e320dd91e4f7e4a10616eefc 1 || 2014405 || 10 || trojan-activity || 0 || ET TROJAN Cridex.B/Feodo Checkin || md5,7ed139b53e24e4385c4c59cd2aa0e5f7 || url,labs.m86security.com/2012/03/the-cridex-trojan-targets-137-financial-organizations-in-one-go/ || url,blog.fireeye.com/research/2010/10/feodosoff-a-new-botnet-on-the-rise.html || url,about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_CRIDEX.IC 1 || 2014406 || 2 || policy-violation || 0 || ET MOBILE_MALWARE iOS Keylogger iKeyMonitor access || url,moreinfo.thebigboss.org/moreinfo/depiction.php?file=ikeymonitorDp 1 || 2014407 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY EgyPack Exploit Kit Cookie Set || url,www.kahusecurity.com/2011/new-exploit-kit-egypack/ || url,www.vbulletin.com/forum/forum/vbulletin-3-8/vbulletin-3-8-questions-problems-and-troubleshooting/346989-vbulletin-footer-sql-injection-hack || url,blog.webroot.com/2013/03/29/a-peek-inside-the-egypack-web-malware-exploitation-kit/ 1 || 2014408 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY EgyPack Exploit Kit Cookie Present || url,www.kahusecurity.com/2011/new-exploit-kit-egypack/ || url,www.vbulletin.com/forum/forum/vbulletin-3-8/vbulletin-3-8-questions-problems-and-troubleshooting/346989-vbulletin-footer-sql-injection-hack || url,blog.webroot.com/2013/03/29/a-peek-inside-the-egypack-web-malware-exploitation-kit/ 1 || 2014409 || 3 || trojan-activity || 0 || ET TROJAN FakeAV.dfze/FakeAV!IK Checkin || md5,fe1e735ec10fb8836691fe2f2ac7ea44 1 || 2014410 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Ixeshe || url,blog.spiderlabs.com/2012/03/dirty-rat.html 1 || 2014411 || 10 || trojan-activity || 0 || ET TROJAN Fareit/Pony Downloader Checkin 2 || md5,99FAB94FD824737393F5184685E8EDF2 || url,www.threatexpert.com/report.aspx?md5=9544c681ae5c4fe3fdbd4d5c6c90e38e || url,www.threatexpert.com/report.aspx?md5=d50c39753ba88daa00bc40848f174168 || url,www.threatexpert.com/report.aspx?md5=bf422f3aa215d896f55bbe2ebcd25d17 1 || 2014412 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole client=done Cookie Set 1 || 2014413 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole client=done Cookie Present 1 || 2014414 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole Landing Page applet param window.document 1 || 2014415 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit JavaScript dotted quad hostile applet || url,community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.aspx 1 || 2014416 || 3 || attempted-user || 0 || ET ACTIVEX Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx Access 1 || url,retrogod.altervista.org/9sg_linksys_playerpt.htm 1 || 2014417 || 3 || attempted-user || 0 || ET ACTIVEX Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx Access 2 || url,retrogod.altervista.org/9sg_linksys_playerpt.htm 1 || 2014418 || 4 || attempted-user || 0 || ET ACTIVEX 2X ApplicationServer TuxSystem Class ActiveX Control ImportSettings Remote File Overwrite Attempt || url,www.exploit-db.com/exploits/18625/ 1 || 2014419 || 3 || attempted-user || 0 || ET ACTIVEX 2X ApplicationServer TuxSystem Class ActiveX Control ImportSettings Function Call Attempt || url,www.exploit-db.com/exploits/18625/ 1 || 2014420 || 2 || attempted-user || 0 || ET ACTIVEX 2X ApplicationServer TuxSystem Class ActiveX Control ExportSettings Remote File Overwrite Attempt || url,www.exploit-db.com/exploits/18625/ 1 || 2014421 || 2 || attempted-user || 0 || ET ACTIVEX 2X ApplicationServer TuxSystem Class ActiveX Control ExportSettings Function Call Attempt || url,www.exploit-db.com/exploits/18625/ 1 || 2014422 || 3 || attempted-user || 0 || ET ACTIVEX 2X Client for RDP ClientSystem Class ActiveX Control InstallClient Download and Execute || url,www.exploit-db.com/exploits/18624/ 1 || 2014423 || 2 || attempted-user || 0 || ET ACTIVEX 2X Client for RDP ClientSystem Class ActiveX Control InstallClient Function Call Attempt || url,www.exploit-db.com/exploits/18624/ 1 || 2014424 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VTiger CRM module_name parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/111075/Vtiger-5.1.0-Local-File-Inclusion.html 1 || 2014425 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OneFileCMS f parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/110906/OneFileCMS-1.1.5-Local-File-Inclusion.html 1 || 2014426 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WikyBlog which Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/110863/WikyBlog-1.7.3RC2-Cross-Site-Scripting.html 1 || 2014427 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Greenpeace.fr filter_dpt Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/110989/Greenpeace.fr-Cross-Site-Scripting.html 1 || 2014428 || 6 || trojan-activity || 0 || ET TROJAN SpyEye Checkin version 1.3.25 or later 3 1 || 2014429 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Java Rhino Exploit Attempt - evilcode.class || cve,2011-3544 1 || 2014430 || 13 || attempted-dos || 0 || ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt Negative INT || url,www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020-vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html 1 || 2014431 || 15 || attempted-dos || 0 || ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt || url,www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020-vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html 1 || 2014432 || 9 || attempted-dos || 0 || ET DELETED Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt 2 byte || url,www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020-vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html 1 || 2014433 || 10 || attempted-dos || 0 || ET DELETED Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt 3 byte || url,www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020-vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html 1 || 2014434 || 10 || attempted-dos || 0 || ET DELETED Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt 4 byte || url,www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020-vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html 1 || 2014435 || 11 || trojan-activity || 0 || ET TROJAN Infostealer.Banprox Proxy.pac Download || md5,3baae632d2476cbd3646c5e1b245d9be || md5,ace343a70fbd26e79358db4c27de73db 1 || 2014436 || 3 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /Pol.jar 1 || 2014437 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV Landing Page - Initializing Protection System 1 || 2014438 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Unknown - news=1 in http_cookie 1 || 2014439 || 4 || trojan-activity || 0 || ET TROJAN IRC Bot Download http Command || md5,fa6ae89b101a0367cc98798c7333e3a4 1 || 2014440 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - scandsk.exe 1 || 2014441 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Landing Page Requested - /Home/index.php 1 || 2014442 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Landing Page Requested - *.php?*=16HexCharacters in http_uri 1 || 2014443 || 5 || bad-unknown || 0 || ET DELETED DRIVEBY Blackhole - Landing Page Recieved - applet and flowbit 1 || 2014444 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Page redirecting to driveby 1 || 2014445 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Dynamic DNS Exploit Pack Payload 1 || 2014446 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Dynamic DNS Exploit Pack Landing Page /de/sN 1 || 2014447 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Dynamic Dns Exploit Pack Java exploit 1 || 2014448 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WEB-PHP Wordpress enable-latex plugin url Remote File inclusion Attempt || url,packetstormsecurity.org/files/107260/WordPress-Enable-Latex-Remote-File-Inclusion.html 1 || 2014449 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Event Calendar PHP cal_year Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/111161/Event-Calendar-PHP-Cross-Site-Scripting.html 1 || 2014450 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Mini Mail Dashboard Widget abspath Remote File inclusion Attempt || url,packetstormsecurity.org/files/105238/WordPress-Mini-Mail-Dashboard-Widget-1.36-Remote-File-Inclusion.html 1 || 2014451 || 2 || attempted-user || 0 || ET ACTIVEX Dell Webcam CrazyTalk ActiveX Control BackImage Access Potential Buffer Overflow Attempt || url,packetstormsecurity.org/files/111077/Dell-Webcam-CrazyTalk-ActiveX-BackImage-Vulnerability.html 1 || 2014452 || 5 || attempted-user || 0 || ET ACTIVEX Dell Webcam CrazyTalk ActiveX Control BackImage Access Potential Buffer Overflow Attempt 2 || url,packetstormsecurity.org/files/111077/Dell-Webcam-CrazyTalk-ActiveX-BackImage-Vulnerability.html 1 || 2014453 || 4 || attempted-user || 0 || ET ACTIVEX Quest InTrust Annotation Objects ActiveX Control Add Access Potential Remote Code Execution || url,www.exploit-db.com/exploits/18674/ 1 || 2014454 || 4 || attempted-user || 0 || ET ACTIVEX Quest InTrust Annotation Objects ActiveX Control Add Access Potential Remote Code Execution 2 || url,www.exploit-db.com/exploits/18674/ 1 || 2014455 || 3 || attempted-user || 0 || ET ACTIVEX TRENDnet TV-IP121WN UltraMJCam ActiveX Control OpenFileDlg Access Potential Remote Stack Buffer Overflow || url,www.exploit-db.com/exploits/18675/ 1 || 2014456 || 4 || attempted-user || 0 || ET ACTIVEX TRENDnet TV-IP121WN UltraMJCam ActiveX Control OpenFileDlg Access Potential Remote Stack Buffer Overflow 2 || url,www.exploit-db.com/exploits/18675/ 1 || 2014457 || 4 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit JAR from //Home/ || url,community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.aspx 1 || 2014458 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Italian Spam Campaign || md5,c64504b68d34b18a370f5e77bd0b0337 1 || 2014459 || 2 || policy-violation || 0 || ET P2P QVOD P2P Sharing Traffic detected (tcp) 1 || 2014460 || 5 || trojan-activity || 0 || ET DELETED Zeus CnC Checkin POST to Config.php || url,blog.fireeye.com/research/2012/04/zeus-takeover-leaves-undead-remains.html#more 1 || 2014461 || 7 || bad-unknown || 0 || ET EXPLOIT Java Atomic Reference Exploit Attempt Metasploit Specific || cve,CVE-2012-0507 || url,www.metasploit.com/modules/exploit/multi/browser/java_atomicreferencearray 1 || 2014462 || 3 || trojan-activity || 0 || ET TROJAN LuckyCat/TROJ_WIMMIE Checkin || url,blog.trendmicro.com/luckycat-redux-inside-an-apt-campaign/ || url,trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf 1 || 2014463 || 3 || attempted-user || 0 || ET WEB_CLIENT Internet Explorer CTableRowCellsCollectionCacheItem.GetNext Memory Use-After-Free Attempt || url,dvlabs.tippingpoint.com/blog/2012/03/15/pwn2own-2012-challenge-writeup || url,technet.microsoft.com/en-us/security/bulletin/MS10-002 || bid,37894 || cve,2010-0248 1 || 2014464 || 2 || trojan-activity || 0 || ET TROJAN DwnLdr-JMZ Downloading Binary || url,sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~DwnLdr-JMZ/detailed-analysis.aspx 1 || 2014465 || 2 || trojan-activity || 0 || ET TROJAN DwnLdr-JMZ Downloading Binary 2 || url,sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~DwnLdr-JMZ/detailed-analysis.aspx 1 || 2014466 || 4 || trojan-activity || 0 || ET TROJAN Win32.Datamaikon Checkin 1 || 2014467 || 4 || trojan-activity || 0 || ET TROJAN Win32.Datamaikon Checkin NewAgent || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FDatamaikon.gen!A&ThreatID=-2147312276 || md5,77d68770fcdc6052bd8d761d14a14f5a 1 || 2014468 || 3 || trojan-activity || 0 || ET TROJAN Win32.Datamaikon Checkin myAgent || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FDatamaikon.gen!A&ThreatID=-2147312276 || md5,a51933ee0f2ade7df98feb7207a2ffaf 1 || 2014470 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole PDF served from iframe || url,community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.aspx 1 || 2014471 || 6 || trojan-activity || 0 || ET POLICY DRIVEBY Generic - EXE Download by Java 1 || 2014472 || 6 || trojan-activity || 0 || ET INFO JAVA - Java Archive Download 1 || 2014473 || 4 || trojan-activity || 0 || ET INFO JAVA - Java Archive Download By Vulnerable Client 1 || 2014474 || 6 || trojan-activity || 0 || ET INFO JAVA - Java Class Download 1 || 2014475 || 6 || trojan-activity || 0 || ET INFO JAVA - Java Class Download By Vulnerable Client 1 || 2014476 || 2 || trojan-activity || 0 || ET TROJAN HTTP Request to Zaletelly CnC Domain zaletellyxx.be || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32/Gamarue.F 1 || 2014477 || 2 || trojan-activity || 0 || ET TROJAN HTTP Request to Zaletelly CnC Domain atserverxx.info || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32/Gamarue.F 1 || 2014478 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.3d-game.com Domain 1 || 2014479 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.3d-game.com Domain 1 || 2014480 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.4irc.com Domain 1 || 2014481 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.4irc.com Domain 1 || 2014482 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.b0ne.com Domain 1 || 2014483 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.b0ne.com Domain 1 || 2014484 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.bbsindex.com Domain 1 || 2014485 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.bbsindex.com Domain 1 || 2014486 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.chatnook.com Domain 1 || 2014487 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.chatnook.com Domain 1 || 2014488 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.darktech.org Domain 1 || 2014489 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.darktech.org Domain 1 || 2014490 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.deaftone.com Domain 1 || 2014491 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.deaftone.com Domain 1 || 2014492 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.dtdns.net Domain 1 || 2014493 || 6 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.dtdns.net Domain 1 || 2014494 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.effers.com Domain 1 || 2014495 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.effers.com Domain 1 || 2014496 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.etowns.net Domain 1 || 2014497 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.etowns.net Domain 1 || 2014498 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.etowns.org Domain 1 || 2014499 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.etowns.org Domain 1 || 2014500 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.flnet.org Domain 1 || 2014501 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.flnet.org Domain 1 || 2014502 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.gotgeeks.com Domain 1 || 2014503 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.gotgeeks.com Domain 1 || 2014504 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.scieron.com Domain 1 || 2014505 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.scieron.com Domain 1 || 2014506 || 5 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.slyip.com Domain 1 || 2014507 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.slyip.com Domain 1 || 2014508 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to a *.slyip.net Dynamic DNS Domain 1 || 2014509 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.slyip.net Domain 1 || 2014510 || 5 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.suroot.com Domain 1 || 2014511 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.suroot.com Domain 1 || 2014513 || 1 || trojan-activity || 0 || ET TROJAN DNS Request for Zaletelly CnC Domain || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~MDrop-EAB/detailed-analysis.aspx 1 || 2014514 || 7 || misc-activity || 0 || ET INFO EXE - OSX Executable Download - Multi Arch w/Intel 1 || 2014515 || 4 || misc-activity || 0 || ET INFO EXE - OSX Executable Download - Multi Arch w/PowerPC 1 || 2014516 || 4 || misc-activity || 0 || ET INFO EXE - OSX Executable Download - Intel Arch 1 || 2014517 || 4 || misc-activity || 0 || ET INFO EXE - OSX Executable Download - PowerPC Arch 1 || 2014518 || 5 || misc-activity || 0 || ET INFO EXE - OSX Disk Image Download 1 || 2014519 || 6 || misc-activity || 0 || ET INFO EXE - Served Inline HTTP 1 || 2014520 || 6 || misc-activity || 0 || ET INFO EXE - Served Attached HTTP 1 || 2014521 || 6 || bad-unknown || 0 || ET DELETED Possible Blackhole Landing to 8 chr folder plus index.html 1 || 2014522 || 4 || trojan-activity || 0 || ET TROJAN OSX/Flashback.K/I reporting successful infection || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml || url,vms.drweb.com/virus/?i=1816029 1 || 2014523 || 3 || trojan-activity || 0 || ET TROJAN OSX/Flashback.K/I reporting successful infection 2 || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml || url,vms.drweb.com/virus/?i=1816029 1 || 2014524 || 4 || trojan-activity || 0 || ET TROJAN OSX/Flashback.K/I reporting failed infection || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml || url,vms.drweb.com/virus/?i=1816029 1 || 2014525 || 4 || trojan-activity || 0 || ET TROJAN OSX/Flashback.K first execution checkin || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml || url,vms.drweb.com/virus/?i=1816029 1 || 2014526 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Exploit Kit Delivering JAR Archive to Client 1 || 2014527 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Exploit Kit Delivering Compressed Flash Content to Client 1 || 2014528 || 2 || trojan-activity || 0 || ET TROJAN W32/Taidoor.Backdoor Command Request CnC Checkin || url,www.symantec.com/connect/blogs/trojantaidoor-takes-aim-policy-think-tanks 1 || 2014529 || 2 || trojan-activity || 0 || ET TROJAN W32/Taidoor.Backdoor CnC Checkin With Default Substitute MAC Address Field || url,www.symantec.com/connect/blogs/trojantaidoor-takes-aim-policy-think-tanks 1 || 2014530 || 3 || successful-user || 0 || ET TROJAN Metasploit Meterpreter stdapi_* Command Request 1 || 2014531 || 4 || successful-user || 0 || ET TROJAN Metasploit Meterpreter core_channel_* Command Request 1 || 2014532 || 3 || successful-user || 0 || ET TROJAN Metasploit Meterpreter stdapi_* Command Response 1 || 2014533 || 4 || successful-user || 0 || ET TROJAN Metasploit Meterpreter core_channel_* Command Response 1 || 2014534 || 4 || trojan-activity || 0 || ET TROJAN OSX/Flashback.K/I User-Agent || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml || url,vms.drweb.com/virus/?i=1816029 || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml 1 || 2014535 || 3 || bad-unknown || 0 || ET MALWARE BitCoinPlus Embedded site forcing visitors to mine BitCoins || url,www.bitcoinplus.com/miner/embeddable || url,www.bitcoinplus.com/miner/whatsthis 1 || 2014536 || 2 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /Klot.jar 1 || 2014537 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Initial Blackhole Landing .prototype.q catch with split 1 || 2014538 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Initial Blackhole Landing Loading... Please Wait 1 || 2014539 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Malicious TDS /indigo? 1 || 2014540 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing for Loading prototype catch 1 || 2014541 || 5 || attempted-recon || 0 || ET SCAN FHScan core User-Agent Detect || url,www.tarasco.org/security/FHScan_Fast_HTTP_Vulnerability_Scanner/index.html 1 || 2014542 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - redirect received 1 || 2014543 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - request in.cgi 1 || 2014544 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - cookie set 1 || 2014545 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS 1 || 2014546 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - HTTP header redirecting to a SutraTDS 1 || 2014547 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - redirect received 1 || 2014548 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - cookie set 1 || 2014549 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS 1 || 2014550 || 2 || attempted-user || 0 || ET ACTIVEX Possible IBM Tivoli Provisioning Manager Express Isig.isigCtl.1 ActiveX RunAndUploadFile Method Overflow || url,packetstormsecurity.org/files/111680/IBM-Tivoli-Provisioning-Manager-Express-Overflow.html 1 || 2014551 || 2 || attempted-user || 0 || ET ACTIVEX Possible IBM Tivoli Provisioning Manager Express Isig.isigCtl.1 ActiveX RunAndUploadFile Method Overflow 2 || url,packetstormsecurity.org/files/111680/IBM-Tivoli-Provisioning-Manager-Express-Overflow.html 1 || 2014552 || 2 || attempted-user || 0 || ET ACTIVEX Possible Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal Remote Registry Dump Vulnerability || url,exploit-db.com/exploits/17557/ 1 || 2014553 || 2 || attempted-user || 0 || ET ACTIVEX Possible Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal Remote Registry Dump Vulnerability 2 || url,exploit-db.com/exploits/17557/ 1 || 2014554 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Pretty Link plugin url Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/107551/WordPress-Pretty-Link-1.5.2-Cross-Site-Scripting.html 1 || 2014555 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress flash-album-gallery plugin i Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/107424/WordPress-Flash-Album-Gallery-Cross-Site-Scripting.html 1 || 2014556 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS wordpress thecartpress plugin loop parameter Local File Inclusion Attempt || url,1337day.com/exploits/18018 1 || 2014557 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_bulkenquery controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/108913/Joomla-Bulkenquery-Local-File-Inclusion.html 1 || 2014558 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_br controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/108948/Joomla-BR-Local-File-Inclusion.html 1 || 2014559 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Free PHP photo gallery script path parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/92079/Free-PHP-Photo-Gallery-Script-Remote-File-Inclusion.html 1 || 2014560 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS - Modified Metasploit Jar 1 || 2014561 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS landing page with malicious Java applet 1 || 2014562 || 3 || trojan-activity || 0 || ET TROJAN Pony Downloader HTTP Library MSIE 5 Win98 1 || 2014563 || 3 || trojan-activity || 0 || ET TROJAN Pony Downloader check-in response STATUS-IMPORT-OK 1 || 2014564 || 2 || trojan-activity || 0 || ET TROJAN OS X Backdoor Checkin || url,www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Exploits_Targeted_Attacks_and_Possible_APT_link 1 || 2014565 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS JavaScript Determining OS MAC and Serving Java Archive File || url,blog.trendmicro.com/another-tibetan-themed-malware-email-campaign-targeting-windows-and-macs/ || cve,2011-3544 1 || 2014566 || 2 || trojan-activity || 0 || ET TROJAN W32/UltimateDefender.FakeAV Checkin || md5,cec40236236466a1acb33aca3220eebe 1 || 2014567 || 5 || trojan-activity || 0 || ET INFO EXE Download With Content Type Specified As Empty || md5,d51218653323e48672023806f6ace26b 1 || 2014568 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unkown exploit kit jar download 1 || 2014569 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Unkown exploit kit version check 1 || 2014570 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS HTTP Request to a known malware domain (regicsgf.net) || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Coswid-C/detailed-analysis.aspx 1 || 2014571 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS HTTP Request to a a known malware domain (sektori.org) || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Coswid-C/detailed-analysis.aspx 1 || 2014572 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query for a known malware domain (regicsgf.net) || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Coswid-C/detailed-analysis.aspx 1 || 2014573 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query for a known malware domain (sektori.org) || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Coswid-C/detailed-analysis.aspx 1 || 2014574 || 4 || policy-violation || 0 || ET POLICY CNET TechTracker User-Agent (CNET TechTracker) || url,www.cnet.com/techtracker-free/ 1 || 2014575 || 4 || trojan-activity || 0 || ET INFO Potential Malicious PDF (EmbeddedFiles) improper case || url,blog.didierstevens.com/2009/07/01/embedding-and-hiding-files-in-pdf-documents/ 1 || 2014576 || 2 || policy-violation || 0 || ET POLICY eBook Generator User-Agent (EBook) || url,malwr.com/analysis/a04b28e21adc70837eb7de811556ff4e/ || url,www.ebookgenerator.com/ 1 || 2014577 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS ET CURRENT_EVENTS Italian Spam Campaign ZIP with EXE Containing Many Underscores 1 || 2014578 || 3 || trojan-activity || 0 || ET TROJAN Win32.Winwebsec.B Checkin || md5,9c9109cea5845272d6abd1b5523c8de7 1 || 2014579 || 3 || trojan-activity || 0 || ET TROJAN Likely Infected HTTP POST to PHP with User-Agent of HTTP Client 1 || 2014581 || 3 || trojan-activity || 0 || ET TROJAN Hoax.Win32.BadJoke/DownLoader1.57593 Checkin || url,malwr.com/analysis/5ee02601d265a9a88f03a5465a99b190/ 1 || 2014583 || 3 || trojan-activity || 0 || ET TROJAN Adware/FakeAV.Kraddare Checkin UA || url,www.scumware.org/report/update.best-pc.co.kr 1 || 2014584 || 5 || bad-unknown || 0 || ET MALWARE Win32/Pdfjsc.XD Related Checkin (microsoft_predator_client header field) || url,www.fourteenforty.jp/products/yarai/CVE2011-0609/ || url,www.kahusecurity.com/2011/apec-spearphish-2/ || md5,3d91d9df315ffeb9bb1c774452b3114b 1 || 2014585 || 2 || attempted-user || 0 || ET ACTIVEX Possible Edraw Diagram Component 5 ActiveX LicenseName Access Potential buffer overflow DOS || url,exploit-db.com/exploits/18461/ 1 || 2014586 || 2 || attempted-user || 0 || ET ACTIVEX Possible Edraw Diagram Component 5 ActiveX LicenseName Access Potential buffer overflow DOS 2 || url,exploit-db.com/exploits/18461/ 1 || 2014587 || 3 || attempted-user || 0 || ET ACTIVEX Possible Quest vWorkspace Broker Client ActiveX Control SaveMiniLaunchFile Remote File Creation/Overwrite || url,exploit-db.com/exploits/18704/ 1 || 2014588 || 2 || attempted-user || 0 || ET ACTIVEX Quest vWorkspace Broker Client ActiveX Control SaveMiniLaunchFile Remote File Creation/Overwrite 2 || url,exploit-db.com/exploits/18704/ 1 || 2014589 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress yousaytoo-auto-publishing plugin submit Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/108470/wpystap-xss.txt 1 || 2014590 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_pinboard option Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/94991/Joomla-Pinboard-Remote-File-Inclusion.html 1 || 2014591 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress whois search domain Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/108271/WordPress-Whois-Search-Cross-Site-Scripting.html 1 || 2014592 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Facebook-Page-Promoter-Lightbox settings-updated Cross Site Scripting Attempt || url,packetstormsecurity.org/files/108238/WordPress-Facebook-Page-Promoter-Lightbox-Cross-Site-Scripting.html 1 || 2014593 || 3 || attempted-user || 0 || ET ACTIVEX Possible Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution || url,securityfocus.com/archive/1/520353 1 || 2014594 || 4 || attempted-user || 0 || ET ACTIVEX Possible Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution 2 || url,securityfocus.com/archive/1/520353 1 || 2014595 || 4 || trojan-activity || 0 || ET DELETED Win32 Jadtre/Wapomi/Nimnul/Viking.AY ICMP ping 1 || 2014596 || 5 || trojan-activity || 0 || ET TROJAN FlashBack Mac OSX malware Checkin || url,blog.intego.com/flashback-mac-trojan-horse-infections-increasing-with-new-variant/ 1 || 2014597 || 2 || trojan-activity || 0 || ET TROJAN Mac Flashback Checkin 1 1 || 2014598 || 6 || trojan-activity || 0 || ET TROJAN Mac Flashback Checkin 2 1 || 2014599 || 5 || trojan-activity || 0 || ET TROJAN Mac Flashback Checkin 3 1 || 2014600 || 5 || trojan-activity || 0 || ET TROJAN Win32/Nitol.A Checkin 1 || 2014601 || 4 || trojan-activity || 0 || ET TROJAN Win32/Nitol.B Checkin 1 || 2014604 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Yakes.pwo Checkin || md5,d40927e8c4b59a1c2af4f981ef295321 1 || 2014605 || 6 || trojan-activity || 0 || ET MALWARE W32/GameVance Adware Server Reponse To Client Checkin 1 || 2014606 || 4 || trojan-activity || 0 || ET MALWARE W32/GameVance User-Agent (aw v3) 1 || 2014607 || 9 || attempted-user || 0 || ET CURRENT_EVENTS Nikjju Mass Injection Compromised Site Served To Local Client 1 || 2014608 || 8 || attempted-user || 0 || ET CURRENT_EVENTS Nikjju Mass Injection Internal WebServer Compromised 1 || 2014609 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito Exploit Kit Java request to images.php?t= 1 || 2014610 || 4 || trojan-activity || 0 || ET TROJAN W32/Downvision.A Initial Checkin || url,www.fortiguard.com/av/VID3309956 1 || 2014611 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS TDS Sutra - cookie set RULEZ 1 || 2014612 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS TDS Sutra - cookie is set RULEZ 1 || 2014613 || 2 || web-application-activity || 0 || ET CURRENT_EVENTS Jembot PHP Webshell (file upload) || url,lab.onsec.ru/2012/04/find-new-web-bot-jembot.html?m=1 1 || 2014614 || 2 || web-application-activity || 0 || ET CURRENT_EVENTS Jembot PHP Webshell (system command) || url,lab.onsec.ru/2012/04/find-new-web-bot-jembot.html?m=1 1 || 2014615 || 3 || web-application-activity || 0 || ET CURRENT_EVENTS Jembot PHP Webshell (hell.php) || url,lab.onsec.ru/2012/04/find-new-web-bot-jembot.html?m=1 1 || 2014616 || 5 || trojan-activity || 0 || ET TROJAN Win32/Usteal.B Checkin || url,www.threatexpert.com/report.aspx?md5=3155b146bee46723acc5637617e3703a || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3AWin32%2FUsteal.B&ThreatID=-2147320862 1 || 2014617 || 2 || misc-activity || 0 || ET POLICY Cisco IOS Self Signed Certificate Served to External Host 1 || 2014618 || 2 || trojan-activity || 0 || ET TROJAN W32/Sogu Remote Access Trojan Social Media Embedded CnC Channel || url,blogs.norman.com/2012/security-research/trojan-moves-its-configuration-to-twitter-linkedin-msdn-and-baidu 1 || 2014619 || 2 || attempted-user || 0 || ET ACTIVEX Possible McAfee SaaS MyCioScan ShowReport Method Call Remote Command Execution || url,packetstormsecurity.org/files/108767/McAfee-SaaS-MyCioScan-ShowReport-Remote-Command-Execution.html 1 || 2014620 || 2 || attempted-user || 0 || ET ACTIVEX Possible McAfee SaaS MyCioScan ShowReport Method Call Remote Command Execution 2 || url,packetstormsecurity.org/files/108767/McAfee-SaaS-MyCioScan-ShowReport-Remote-Command-Execution.html 1 || 2014621 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DokuWiki target parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/111939/DocuWiki-2012-01-25-Cross-Site-Request-Forgery-Cross-Site-Scripting.html 1 || 2014622 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress 1-jquery-photo-gallery-slideshow-flash plugin page Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/107423/WordPress-1-JQuery-Photo-Gallery-Slideshow-Flash-Cross-Site-Scripting.html 1 || 2014623 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DirectNews rootpath parameter Remote File inclusion Attempt || url,1337day.com/exploits/15795 1 || 2014624 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DirectNews uploadBigFiles.php Remote File inclusion Attempt || url,1337day.com/exploits/15795 1 || 2014625 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DirectNews remote.php Remote File inclusion Attempt || url,1337day.com/exploits/15795 1 || 2014626 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DirectNews class.panier_article.php Remote File inclusion Attempt || url,1337day.com/exploits/15795 1 || 2014627 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DirectNews menu_layers.php Remote File inclusion Attempt || url,1337day.com/exploits/15795 1 || 2014628 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DirectNews lib.panier.php Remote File inclusion Attempt || url,1337day.com/exploits/15795 1 || 2014629 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Blackhole Landing to 8 chr folder plus js.js 1 || 2014630 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.Es11 Keepalive to CnC || md5,4a17e9bd99f496c518ddfaaef93384b0 1 || 2014631 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV Security Shield payment page request 1 || 2014633 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMyAdmin setup.php Remote File inclusion Attempt || url,blog.spiderlabs.com/2012/04/honeypot-alert-phpmyadmin-setupphp-rfi-attacks-detected.html || url,phpmyadmin.net/home_page/security/PMASA-2010-4.php || cve,CVE-2010-3055 1 || 2014634 || 1 || trojan-activity || 0 || ET TROJAN Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Session_Id length greater than Client_Hello Length) || md5,a01d75158cf4618677f494f9626b1c4c 1 || 2014635 || 1 || trojan-activity || 0 || ET TROJAN Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Cipher_Suite length greater than Client_Hello Length) || md5,a01d75158cf4618677f494f9626b1c4c 1 || 2014636 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32/Poison.BI || md5,3e008471eaa5e788c41c2a0dff3d1a89 1 || 2014637 || 3 || trojan-activity || 0 || ET TROJAN Maljava Dropper for Windows || url,www.symantec.com/connect/blogs/both-mac-and-windows-are-targeted-once 1 || 2014638 || 4 || trojan-activity || 0 || ET TROJAN Maljava Dropper for OS X || url,www.symantec.com/connect/blogs/both-mac-and-windows-are-targeted-once 1 || 2014639 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito Exploit Kit PDF request to images.php?t=81118 1 || 2014640 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito Exploit Kit payload request to images.php?t=N 1 || 2014641 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito Exploit Kit landing page request to images.php?t=4xxxxxxx 1 || 2014642 || 3 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /Edu.jar 1 || 2014643 || 7 || trojan-activity || 0 || ET TROJAN ConstructorWin32/Agent.V || md5,3305ad96bcfd3a406dc9daa31e538902 1 || 2014644 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole - Landing Page Recieved - applet PluginDetect and 10hexchar title 1 || 2014645 || 2 || attempted-admin || 0 || ET CURRENT_EVENTS RuggedCom Banner with MAC || url,www.exploit-db.com/exploits/18779/ || url,arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars 1 || 2014646 || 3 || attempted-admin || 0 || ET CURRENT_EVENTS RuggedCom factory account backdoor || url,www.exploit-db.com/exploits/18779/ || url,arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars 1 || 2014647 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Volunteer Management id parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112219/PHP-Volunteer-Management-1.0.2-Cross-Site-Scripting-SQL-Injection.html 1 || 2014648 || 4 || attempted-user || 0 || ET ACTIVEX Tracker Software pdfSaver ActiveX StoreInRegistry Method Access Potential Buffer Overflow || url,exploit-db.com/exploits/18427/ 1 || 2014649 || 6 || attempted-user || 0 || ET ACTIVEX Tracker Software pdfSaver ActiveX StoreInRegistry Method Access Potential Buffer Overflow 2 || url,exploit-db.com/exploits/18427/ 1 || 2014650 || 4 || attempted-user || 0 || ET ACTIVEX Tracker Software pdfSaver ActiveX InitFromRegistry Method Access Potential Buffer Overflow || url,exploit-db.com/exploits/18427/ 1 || 2014651 || 2 || attempted-user || 0 || ET ACTIVEX Tracker Software pdfSaver ActiveX InitFromRegistry Method Access Potential Buffer Overflow 2 || url,exploit-db.com/exploits/18427/ 1 || 2014652 || 3 || attempted-user || 0 || ET ACTIVEX Quest Explain Plan Display ActiveX Control SaveToFile Insecure Method Access || url,secunia.com/advisories/48681/ 1 || 2014653 || 3 || attempted-user || 0 || ET ACTIVEX Quest Explain Plan Display ActiveX Control SaveToFile Insecure Method Access 2 || url,secunia.com/advisories/48681/ 1 || 2014654 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_videogallery controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/112161/Joomla-Video-Gallery-Local-File-Inclusion-SQL-Injection.html 1 || 2014655 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_some controller Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/108906/Joomla-Some-Local-File-Inclusion.html 1 || 2014656 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Skysa Official submit parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/107342/WordPress-Skysa-Official-1.01-1.02-1.03-Cross-Site-Scripting.html 1 || 2014657 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Unkown exploit kit pdf download 1 || 2014658 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Unkown exploit kit payload download 1 || 2014659 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Obfuscated Please wait Message || url,isc.sans.edu/diary.html?storyid=13051 1 || 2014660 || 3 || trojan-activity || 0 || ET TROJAN Win32/Ponmocup.A Checkin || md5,97a1acc085849c0b9af19adcf44607a7 1 || 2014661 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing for prototype catch substr 1 || 2014662 || 1 || attempted-dos || 0 || ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds Integer indef DoS Attempt || url,www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020 vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html 1 || 2014663 || 1 || attempted-dos || 0 || ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds Negative Integer indef DoS Attempt || url, www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020 vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html 1 || 2014664 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole - Jar File Naming Algorithm 1 || 2014665 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic - Redirection to Kit - BrowserDetect with var stopit 1 || 2014666 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Injected Page Leading To Driveby 1 || 2014667 || 2 || trojan-activity || 0 || ET MALWARE W32/Dialer.Adultchat Checkin || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FDluca.AN&ThreatID=-2147365813 || md5,fd2c949dc20b651a53326a3d571641ec 1 || 2014669 || 4 || trojan-activity || 0 || ET DELETED SpyEyeV1.3.48 Data Post to CnC - lol.php || url,blogs.mcafee.com/mcafee-labs/latest-spyeye-botnet-active-and-cheaper 1 || 2014700 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Backdoor.BAT.Agent.W User Botnet || md5,fc7059ec1e3e86fd0a664c3747f09725 1 || 2014701 || 9 || policy-violation || 0 || ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 6 or 7 set - Likely Kazy || md5,a56ec0f9bd46f921f65e4f6e598e5ed0 || url,www.emergingthreatspro.com/bot-of-the-day/kazy-part-deux-revenge-of-the-clear-plastic-tarp/ || url,vrt-blog.snort.org/2008/08/checking-multiple-bits-in-flag-field_29.html 1 || 2014702 || 7 || policy-violation || 0 || ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set - Likely Kazy || md5,a56ec0f9bd46f921f65e4f6e598e5ed0 || url,www.emergingthreatspro.com/bot-of-the-day/kazy-part-deux-revenge-of-the-clear-plastic-tarp/ || url,vrt-blog.snort.org/2008/08/checking-multiple-bits-in-flag-field_29.html 1 || 2014703 || 7 || policy-violation || 0 || ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Reserved Bit Set - Likely Kazy || md5,a56ec0f9bd46f921f65e4f6e598e5ed0 || url,www.emergingthreatspro.com/bot-of-the-day/kazy-part-deux-revenge-of-the-clear-plastic-tarp/ || url,vrt-blog.snort.org/2008/08/checking-multiple-bits-in-flag-field_29.html 1 || 2014704 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-CGI query string parameter vulnerability || cve,2012-1823 || url,eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ || url,varanoid.com/research-alerts/us-cert/vu520827-php-cgi-query-string-parameter-vulnerability/ 1 || 2014705 || 3 || trojan-activity || 1 || ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack exploit request 1 || 2014706 || 2 || trojan-activity || 1 || ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack payload request (exploit successful!) 1 || 2014707 || 3 || trojan-activity || 1 || ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack payload download 1 || 2014708 || 3 || attempted-user || 0 || ET ACTIVEX Possible McAfee Virtual Technician MVT.MVTControl.6300 ActiveX Control GetObject method Remote Code Execution || url,exploit-db.com/exploits/18805/ 1 || 2014709 || 3 || attempted-user || 0 || ET ACTIVEX Possible McAfee Virtual Technician MVT.MVTControl.6300 ActiveX Control GetObject method Remote Code Execution 2 || url,exploit-db.com/exploits/18805/ 1 || 2014710 || 3 || attempted-user || 0 || ET ACTIVEX Possible Samsung NET-i Viewer Active-X SEH Overwrite || url,packetstormsecurity.org/files/112363/Samsung-NET-i Viewer-Active-X-SEH-Overwrite.html 1 || 2014711 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS maxxweb Cms kategorie parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112289/Maxxweb-CMS-Cross-Site-Scripting.html 1 || 2014712 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress WPsc-MijnPress plugin rwflush parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112324/WordPress-WPsc-MijnPress-Cross-Site-Scripting.html 1 || 2014713 || 3 || attempted-user || 0 || ET ACTIVEX Possible WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow || url,exploit-db.com/exploits/16604/ 1 || 2014714 || 3 || attempted-user || 0 || ET ACTIVEX Possible WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow 2 || url,exploit-db.com/exploits/16604/ 1 || 2014715 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_obsuggest controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/103598/Joomla-obSuggest-Local-File-Inclusion.html 1 || 2014716 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_joomtouch controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/104112/Joomla-JoomTouch-1.0.2-Local-File-Inclusion.html 1 || 2014717 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress WP Custom Pages url parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/100047/WordPress-WP-Custom-Pages-0.5.0.1-Local-File-Inclusion.html 1 || 2014718 || 3 || policy-violation || 0 || ET GAMES Nintendo Wii User-Agent || url,www.useragentstring.com/pages/Opera/ 1 || 2014719 || 2 || trojan-activity || 0 || ET TROJAN W32/Simbot.Backdoor Checkin || md5,a4edc9d31bc0ad763b3424e9306f4d7c 1 || 2014720 || 2 || trojan-activity || 0 || ET TROJAN W32/Downloader/Agent.dxh.1 Reporting to CnC || md5,ded49b8c92d7ab6725649f04f30df8ce 1 || 2014721 || 2 || trojan-activity || 0 || ET TROJAN Boatz Checkin || url,blogs.mcafee.com/mcafee-labs/pastebin-shares-botnet-source-code 1 || 2014722 || 4 || trojan-activity || 0 || ET TROJAN Medfos/Midhos Checkin || md5,00da8acc14d0e827dbb1326c023fc720 || md5,8f561f46fb262cac6bb4cacf3e4e78a6 || md5,63491dcc8e897bf442599febe48b824d 1 || 2014723 || 2 || trojan-activity || 0 || ET TROJAN Suspicious lcon http header in response seen with Medfos/Midhos downloader || md5,63491dcc8e897bf442599febe48b824d 1 || 2014724 || 3 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /Cal.jar 1 || 2014725 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Request for Blackhole Exploit Kit Landing Page - src.php?case= 1 || 2014726 || 33 || policy-violation || 0 || ET POLICY Outdated Windows Flash Version IE || url,www.adobe.com/software/flash/about/ 1 || 2014727 || 26 || policy-violation || 0 || ET POLICY Outdated Mac Flash Version 1 || 2014728 || 4 || trojan-activity || 0 || ET TROJAN Smoke Loader Checkin r=gate || md5,fafada188ce47a1459f4fcea487f06b5 1 || 2014729 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FakeAV Landing Page - Viruses were found 1 || 2014730 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS Potential FAKEAV Download a-f0-9 x16 download 1 || 2014731 || 2 || trojan-activity || 0 || ET TROJAN Snap Bot Checkin || md5,a45a1ccf6842b032b7f2ef2f2255c81c || md5,e070ce714e343052d19a7e3213ee2a9a || url,ddanchev.blogspot.com/2011/05/peek-inside-new-ddos-bot-snap.html 1 || 2014732 || 4 || trojan-activity || 0 || ET TROJAN Snap Bot Receiving Download Command || md5,a45a1ccf6842b032b7f2ef2f2255c81c || md5,e070ce714e343052d19a7e3213ee2a9a || url,ddanchev.blogspot.com/2011/05/peek-inside-new-ddos-bot-snap.html 1 || 2014733 || 5 || trojan-activity || 0 || ET TROJAN Snap Bot Receiving DDoS Command || md5,a45a1ccf6842b032b7f2ef2f2255c81c || md5,e070ce714e343052d19a7e3213ee2a9a || url,ddanchev.blogspot.com/2011/05/peek-inside-new-ddos-bot-snap.html 1 || 2014734 || 2 || policy-violation || 0 || ET P2P BitTorrent - Torrent File Downloaded 1 || 2014735 || 3 || trojan-activity || 0 || ET MALWARE Malicious file bitdefender_isecurity.exe download || md5,283ae10839fff3e183193efde3e633eb 1 || 2014736 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andromeda Streaming MP3 Server andromeda.php Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112549/Andromeda-Streaming-MP3-Server-1.9.3.6-Cross-Site-Scripting.html 1 || 2014737 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdSave Method Access Buffer Overflow || url,secunia.com/advisories/45511 1 || 2014738 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdSave Method Access Buffer Overflow 2 || url,secunia.com/advisories/45511 1 || 2014739 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdExport Method Access Buffer Overflow || url,secunia.com/advisories/45511 1 || 2014740 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdExport Method Access Buffer Overflow 2 || url,secunia.com/advisories/45511 1 || 2014741 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdImport Method Access Buffer Overflow || url,secunia.com/advisories/45511 1 || 2014742 || 3 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdImport Method Access Buffer Overflow 2 || url,secunia.com/advisories/45511 1 || 2014743 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdOpen Method Access Buffer Overflow || url,secunia.com/advisories/45511 1 || 2014744 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdOpen Method Access Buffer Overflow 2 || url,secunia.com/advisories/45511 1 || 2014745 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Try Prototype Catch May 11 2012 1 || 2014746 || 4 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /Set.jar 1 || 2014747 || 3 || trojan-activity || 0 || ET DELETED Blackhole Try Prototype Catch May 14 2012 1 || 2014748 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit Repeated Exploit Request Pattern || url,blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html || url,malware.dontneedcoffee.com/2012/05/inside-redkit.html || url,malware.dontneedcoffee.com/2012/05/redkit-not-so-red-anymore.html || url,www.malwaredomainlist.com/forums/index.php?topic=4855.msg23470 1 || 2014749 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit Java Exploit request to /24842.jar 1 || 2014750 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito/RedKit Exploit Kit vulnerable Java payload request to /1digit.html 1 || 2014751 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS Nuclear/Safe/CritX/FlashPack - Java Request - 32char hex-ascii 1 || 2014752 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Win32.HLLW.Autoruner USA_Load UA || url,news.drweb.com/show/?i=2440&lng=en&c=5 1 || 2014753 || 5 || bad-unknown || 0 || ET DELETED probable malicious Glazunov Javascript injection 1 || 2014754 || 6 || trojan-activity || 0 || ET TROJAN W32/Mepaow.Backdoor Initial Checkin to Intermediary Pre-CnC || url,home.mcafee.com/virusinfo/virusprofile.aspx?key=1072862 || url,8af17164500aac1c0965b842aca3fed7 1 || 2014755 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS W32/HupigonUser.Backdoor Rabclib UA Checkin || md5,65467e7ff3140f42f4758eca7b76185c 1 || 2014756 || 5 || policy-violation || 0 || ET POLICY Logmein.com/Join.me SSL Remote Control Access 1 || 2014757 || 4 || trojan-activity || 0 || ET TROJAN Win32/Comrerop Checkin to FTP server || md5,6b16290b05afd1a9d638737924f2ab5c 1 || 2014758 || 4 || trojan-activity || 0 || ET TROJAN Trojan.BAT.Qhost - SET || md5,8174d42fd82457592c573fe73bdc0cd5 1 || 2014759 || 3 || trojan-activity || 0 || ET TROJAN Trojan.BAT.Qhost Response from Controller || md5,8174d42fd82457592c573fe73bdc0cd5 1 || 2014760 || 2 || trojan-activity || 0 || ET TROJAN W32/Votwup.Backdoor Checkin || md5,1325e4e44b5bf2f8dfe550dec016da53 1 || 2014761 || 2 || misc-activity || 0 || ET POLICY Internal Host Getting External IP Address - ip2city.asp 1 || 2014762 || 2 || trojan-activity || 0 || ET TROJAN W32/SpyBanker Infection Confirmation Email 2 || md5,f091e8ed0e8f4953ff10ce3bd06dbe54 1 || 2014763 || 5 || attempted-user || 0 || ET ACTIVEX Possible Chilkat Software FTP2 ActiveX Component GetFile Access Remote Code Execution || url,packetstormsecurity.org/files/97160/Chilkat-Software-FTP2-ActiveX-Code-Execution.html 1 || 2014764 || 4 || attempted-user || 0 || ET ACTIVEX Possible Chilkat Software FTP2 ActiveX Component GetFile Access Remote Code Execution 2 || url,packetstormsecurity.org/files/97160/Chilkat-Software-FTP2-ActiveX-Code-Execution.html 1 || 2014765 || 5 || attempted-user || 0 || ET ACTIVEX Possible Windows Live Writer ActiveX BlogThisLink Method Access Denail of Service Attack || url,1337day.com/exploits/17583 1 || 2014766 || 5 || attempted-user || 0 || ET ACTIVEX Possible Windows Live Writer ActiveX BlogThisLink Method Access Denail of Service Attack 2 || url,1337day.com/exploits/17583 1 || 2014767 || 5 || trojan-activity || 0 || ET MALWARE Win32.Bublik.B/Birele/Variant.Kazy.66443 Checkin || md5,48352e3a034a95845864c0f6aad07d39 1 || 2014768 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress WP Survey and Quiz Tool plugin rowcount Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112685/WordPress-WP-Survey-And-Quiz-Tool-2.9.2-Cross-Site-Scripting.html 1 || 2014769 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress CataBlog plugin category Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112710/WordPress-CataBlog-1.6-Cross-Site-Scripting.html 1 || 2014770 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Download Monitor plugin uploader.php Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112707/WordPress-Download-Monitor-3.3.5.4-Cross-Site-Scripting.html 1 || 2014771 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Appointment Booking Pro view parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/103172/Joomla-Appointment-Booking-Pro-Arbitrary-File-Reading.html 1 || 2014772 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_media file parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/99775/Joomla-Media-Local-File-Inclusion.html 1 || 2014773 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page JavaScript Split String Obfuscation of CharCode 1 || 2014774 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Malicious PDF qweqwe= || url,jsunpack.jeek.org/dec/go?report=4d25f4f01ff5cdbee35a23fcd9e047b69d917b47 1 || 2014775 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole PDF Payload Request 1 || 2014776 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole PDF Payload Request With Double Colon 1 || 2014777 || 2 || trojan-activity || 0 || ET TROJAN Kazy/Kryptic Checkin with Opera/9 User-Agent || url,malwr.com/analysis/18c5b31198777f93a629a0357b22f2f8/ || md5,18c5b31198777f93a629a0357b22f2f8 || url,www.virustotal.com/file/94cf780fa829c16cd0b09a462b5419cd1175bac01ba935e906a109d97b4dadaa/ 1 || 2014778 || 2 || trojan-activity || 0 || ET TROJAN Bebloh connectivity check || md5,3f9ef604b68da32062ef27e15eb71715 || md5,ccb463b2dadaf362a03c8bbf34dc247e 1 || 2014779 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.2288.org 1 || 2014781 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.3322.net 1 || 2014782 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.6600.org 1 || 2014783 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.7766.org 1 || 2014784 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.8800.org 1 || 2014786 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.9966.org 1 || 2014787 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.2288.org 1 || 2014788 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.3322.net 1 || 2014789 || 4 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.6600.org 1 || 2014790 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.7766.org 1 || 2014791 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.8800.org 1 || 2014792 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.9966.org 1 || 2014793 || 3 || trojan-activity || 0 || ET TROJAN Win32/MultiPasswordRecovery.A cs-crash PWS 1 || 2014794 || 4 || trojan-activity || 0 || ET TROJAN Win32/Thetatic.A Client POST Get CMD Checkin 1 || 2014795 || 2 || trojan-activity || 0 || ET TROJAN Win32/Thetatic.A Client POST CMD result 1 || 2014796 || 5 || trojan-activity || 0 || ET DELETED Win32/Thetatic.A Checkin 1 || 2014797 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS ZeuS Ransomware win_unlock || url,www.f-secure.com/weblog/archives/00002367.html || md5,14a1d23b5a8b4f5c186bc5082ede4596 1 || 2014798 || 2 || bad-unknown || 0 || ET MALWARE PCMightyMax Agent PCMM.Installer 1 || 2014799 || 2 || policy-violation || 0 || ET POLICY OpenVPN Update Check 1 || 2014800 || 2 || trojan-activity || 0 || ET DELETED Blackhole Landing Page getElementByID Qwe - May 22nd 2012 || url,blog.spiderlabs.com/2012/05/catch-me-if-you-can-trojan-banker-zeus-strikes-again-part-2-of-5-1.html 1 || 2014801 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Try App.title Catch - May 22nd 2012 || url,blog.spiderlabs.com/2012/05/catch-me-if-you-can-trojan-banker-zeus-strikes-again-part-2-of-5-1.html 1 || 2014802 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fragus Exploit jar Download 1 || 2014803 || 7 || trojan-activity || 0 || ET TROJAN VBS/Wimmie.A Set || url,www.threatexpert.com/report.aspx?md5=6fd7493e56fdc3b0dd8ecd24aea20da1 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AVBS%2FWimmie.A || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf || md5,61474931882dce7b1c67e1f22d26187e 1 || 2014804 || 6 || trojan-activity || 0 || ET TROJAN VBS/Wimmie.A Checkin || url,www.threatexpert.com/report.aspx?md5=6fd7493e56fdc3b0dd8ecd24aea20da1 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AVBS%2FWimmie.A || md5,61474931882dce7b1c67e1f22d26187e || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf 1 || 2014805 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown java_ara Bin Download 1 || 2014806 || 5 || attempted-user || 0 || ET ACTIVEX Possible SkinCrafter ActiveX Control InitLicenKeys Method Access Buffer Overflow || url,exploit-db.com/exploits/18892/ 1 || 2014807 || 4 || attempted-user || 0 || ET ACTIVEX Possible SkinCrafter ActiveX Control InitLicenKeys Method Access Buffer Overflow 2 || url,exploit-db.com/exploits/18892/ 1 || 2014808 || 7 || attempted-user || 0 || ET ACTIVEX Possible IBM Lotus Quickr for Domino ActiveX control Attachment_Times Method Access buffer overflow Attempt || url,secunia.com/advisories/49285/ 1 || 2014809 || 4 || attempted-user || 0 || ET ACTIVEX Possible IBM Lotus Quickr for Domino ActiveX control Import_Times Method Access buffer overflow Attempt || url,secunia.com/advisories/49285/ 1 || 2014810 || 4 || trojan-activity || 0 || ET MALWARE Malicious pusk.exe download || md5,eae75c0e34d11e6daef216cfc3fbbb04 1 || 2014811 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Dynamic Widgets plugin id parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112706/WordPress-Dynamic-Widgets-1.5.1-Cross-Site-Scripting.html 1 || 2014812 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress LeagueManager plugin group parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112698/WordPress-LeagueManager-3.7-Cross-Site-Scripting.html 1 || 2014813 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress LeagueManager plugin season parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112698/WordPress-LeagueManager-3.7-Cross-Site-Scripting.html 1 || 2014814 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component JE Story Submit view parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/103214/Joomla-JE-K2-Story-Submit-Local-File-Inclusion.html 1 || 2014815 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_acooldebate controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/102422/Joomla-A-Cool-Debate-1.0.3-Local-File-Inclusion.html 1 || 2014816 || 5 || trojan-activity || 0 || ET TROJAN Rogue.Win32/Winwebsec Install 2 || md5,181999985de5feae6f44f9578915417f 1 || 2014817 || 2 || trojan-activity || 0 || ET USER_AGENTS W32/Renos.Downloader User Agent zeroup || url,www.f-secure.com/v-descs/trojan_w32_renos_h.shtml || md5,35ba53f6aeb6b38c1107018f271189af 1 || 2014818 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible SKyWIper/Win32.Flame UA || url,crysys.hu/skywiper/skywiper.pdf 1 || 2014819 || 3 || misc-activity || 0 || ET INFO Packed Executable Download 1 || 2014820 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Obfuscated Javascript Blob 1 || 2014821 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole RawValue Specific Exploit PDF || cve,2010-0188 1 || 2014822 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible SKyWIper/Win32.Flame POST || url,blog.cuckoobox.org/2012/05/29/cuckoo-in-flame/ 1 || 2014823 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Malicious PDF asdvsa 1 || 2014824 || 3 || trojan-activity || 0 || ET DELETED Redkit Java Exploit request to b.class 1 || 2014825 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Script Profile ASD 1 || 2014826 || 5 || trojan-activity || 0 || ET TROJAN Virus.Win32.Sality.aa Checkin || md5,1e0e6717f72b66f6fc83f2ef6c00dcb7 1 || 2014827 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FedEX Spam Inbound 1 || 2014828 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS UPS Spam Inbound 1 || 2014829 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Post Express Spam Inbound 1 || 2014830 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit Java Exploit request to .class file 1 || 2014831 || 3 || attempted-user || 0 || ET ACTIVEX Possible Wireless Manager Sony VAIO SetTmpProfileOption Method Access Buffer Overflow || url,packetstormsecurity.org/files/113131/Wireless-Manager-Sony-VAIO-4.0.0.0-Buffer-Overflows.html 1 || 2014832 || 4 || attempted-user || 0 || ET ACTIVEX Possible Wireless Manager Sony VAIO ConnectToNetwork Method Access Buffer Overflow || url,packetstormsecurity.org/files/113131/Wireless-Manager-Sony-VAIO-4.0.0.0-Buffer-Overflows.html 1 || 2014833 || 4 || attempted-user || 0 || ET ACTIVEX Possible LEADTOOLS ActiveX Raster Twain AppName Method Access Buffer Overflow || url,packetstormsecurity.org/files/93252/LEADTOOLS-ActiveX-Raster-Twain-16.5-Buffer-Overflow.html 1 || 2014834 || 4 || attempted-user || 0 || ET ACTIVEX Possible LEADTOOLS ActiveX Raster Twain AppName Method Access Buffer Overflow 2 || url,packetstormsecurity.org/files/93252/LEADTOOLS-ActiveX-Raster-Twain-16.5-Buffer-Overflow.html 1 || 2014835 || 4 || attempted-user || 0 || ET ACTIVEX Possible SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control Install3rdPartyComponent Method Buffer Overflow || url,packetstormsecurity.org/files/95286/SonicWALL-SSL-VPN-End-Point-Interrogator-Installer-ActiveX-Control.html 1 || 2014836 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DynPG CMS PathToRoot Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/87907/DynPG-CMS-4.1.0-Remote-File-Inclusion.html 1 || 2014837 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Jotloader component section parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/96812/Joomla-Jotloader-2.2.1-Local-File-Inclusion.html 1 || 2014838 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress PDF and Print Button Joliprint plugin type parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112700/WordPress-PDF-And-Print-Button-Joliprint-1.3.0-Cross-Site-Scripting.html 1 || 2014839 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress PDF and Print Button Joliprint plugin opt parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112700/WordPress-PDF-And-Print-Button-Joliprint-1.3.0-Cross-Site-Scripting.html 1 || 2014840 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Exponent file parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/101230/Exponent-2.0.0-Beta-1.1-Local-File-Inclusion.html 1 || 2014841 || 2 || trojan-activity || 0 || ET TROJAN Possible Feodo/Cridex Traffic Detected 1 || 2014843 || 3 || trojan-activity || 0 || ET TROJAN Blackhole Exploit Kit Request tkr 1 || 2014844 || 2 || bad-unknown || 0 || ET TROJAN Probable Golfhole exploit kit landing page #2 1 || 2014845 || 2 || trojan-activity || 0 || ET TROJAN Probable Golfhole exploit kit binary download #2 1 || 2014846 || 11 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress timthumb look-alike domain list RFI || url,code.google.com/p/timthumb/issues/detail?id=212 1 || 2014847 || 5 || web-application-attack || 0 || ET CURRENT_EVENTS php with eval/gzinflate/base64_decode possible webshell || url,blog.sucuri.net/2012/05/list-of-domains-hosting-webshells-for-timthumb-attacks.html 1 || 2014848 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS webshell used In timthumb attacks GIF98a 16129xX with PHP || url,blog.sucuri.net/2012/05/list-of-domains-hosting-webshells-for-timthumb-attacks.html 1 || 2014849 || 3 || trojan-activity || 0 || ET TROJAN Flamer WuSetupV module traffic 1 || md5,1f61d280067e2564999cac20e386041c 1 || 2014850 || 5 || trojan-activity || 0 || ET TROJAN Flamer WuSetupV module traffic 2 || md5,1f61d280067e2564999cac20e386041c 1 || 2014851 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura Exploit Kit Version 1.1 Archive Request || url,blog.spiderlabs.com/2012/05/sakura-exploit-kit-11.html 1 || 2014852 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sakura Exploit Kit Version 1.1 document.write Fake 404 - Landing Page || url,blog.spiderlabs.com/2012/05/sakura-exploit-kit-11.html 1 || 2014853 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura Exploit Kit Version 1.1 Applet Value lxxt || url,blog.spiderlabs.com/2012/05/sakura-exploit-kit-11.html 1 || 2014854 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Likely TDS redirecting to exploit kit 1 || 2014855 || 3 || trojan-activity || 0 || ET TROJAN FakeAvCn-A Checkin 1 1 || 2014856 || 2 || trojan-activity || 0 || ET TROJAN FakeAvCn-A Checkin 2 1 || 2014857 || 3 || trojan-activity || 0 || ET TROJAN FakeAvCn-A Checkin 3 1 || 2014858 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Fraudulent Paypal Mailing Server Response June 04 2012 1 || 2014859 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32.Tinba/Zusy Banking Trojan Hardcoded CnC Domain Request - dakotavolandos.com || url,www.symantec.com/security_response/writeup.jsp?docid=2012-060111-3803-99&om_rssid=sr-latestthreats30days 1 || 2014860 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32.Tinba/Zusy Banking Trojan Hardcoded CnC Domain Request - dak1otavola1ndos.com || url,www.symantec.com/security_response/writeup.jsp?docid=2012-060111-3803-99&om_rssid=sr-latestthreats30days 1 || 2014861 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32.Tinba/Zusy Banking Trojan Hardcoded CnC Domain Request - dako22tavol2andos.com || url,www.symantec.com/security_response/writeup.jsp?docid=2012-060111-3803-99&om_rssid=sr-latestthreats30days 1 || 2014862 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32.Tinba/Zusy Banking Trojan Hardcoded CnC Domain Request - d3akotav33olandos.com || url,www.symantec.com/security_response/writeup.jsp?docid=2012-060111-3803-99&om_rssid=sr-latestthreats30days 1 || 2014863 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32.Tinba/Zusy Banking Trojan Hardcoded CnC Domain Request - d4ak4otavolandos.com || url,www.symantec.com/security_response/writeup.jsp?docid=2012-060111-3803-99&om_rssid=sr-latestthreats30days 1 || 2014864 || 1 || trojan-activity || 0 || ET TROJAN W32.Gimemo/Aldibot CnC POST || url,www.evild3ad.com/?p=1693 1 || 2014865 || 3 || bad-unknown || 0 || ET WEB_CLIENT MP4 Embedded in PDF File - Potential Flash Exploit || cve,2012-0754 || url,blog.9bplus.com/observing-the-enemy-cve-2012-0754-pdf-interac 1 || 2014866 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Redirect to driveby sid=mix 1 || 2014867 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a dns-stuff.com Domain *.dns-stuff.com 1 || 2014868 || 2 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to dns-stuff.com Domain *.dns-stuff.com 1 || 2014869 || 3 || attempted-recon || 0 || ET SCAN Arachni Scanner Web Scan || url,arachni-scanner.com || url,github.com/Zapotek/arachni 1 || 2014870 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SN and CN From MS TS Revoked Cert Chain Seen || url,blog.crysys.hu/2012/06/the-flame-malware-wusetupv-exe-certificate-chain/ || url,rmhrisk.wpengine.com/?p=52 || url,msdn.microsoft.com/en-us/library/aa448396.aspx || md5,1f61d280067e2564999cac20e386041c 1 || 2014871 || 2 || trojan-activity || 0 || ET TROJAN Self Signed SSL Certificate (Reaserch) 1 || 2014872 || 2 || trojan-activity || 0 || ET TROJAN Self Signed SSL Certificate (John Doe) 1 || 2014873 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Obfuscated Javascript redirecting to Blackhole June 7 2012 1 || 2014874 || 7 || attempted-user || 0 || ET ACTIVEX Possible NET-i viewer ActiveX Control BackupToAvi Method Access Buffer Overflow || url,secunia.com/advisories/48966/ 1 || 2014875 || 6 || attempted-user || 0 || ET ACTIVEX Possible NET-i viewer ActiveX Control BackupToAvi Method Access Buffer Overflow 2 || url,secunia.com/advisories/48966/ 1 || 2014876 || 6 || attempted-user || 0 || ET ACTIVEX Possible NET-i viewer ActiveX Control ConnectDDNS Method Access Code Execution Vulnerability || url,secunia.com/advisories/48965/ 1 || 2014877 || 6 || attempted-user || 0 || ET ACTIVEX Possible NET-i viewer ActiveX Control ConnectDDNS Method Access Code Execution Vulnerability 2 || url,secunia.com/advisories/48965/ 1 || 2014878 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jeauto view parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/96803/Joomla-JE-Auto-Local-File-Inclusion.html 1 || 2014879 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jradio controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/96751/Joomla-JRadio-Local-File-Inclusion.html 1 || 2014880 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress wp-livephp plugin wp-live.php Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/108282/WordPress-LivePHP-Cross-Site-Scripting.html 1 || 2014881 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Mingle Forum groupid parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112696/WordPress-Mingle-Forum-1.0.33-Cross-Site-Scripting.html 1 || 2014882 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_catalogue controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/96190/Joomla-Catalogue-Local-File-Inclusion.html 1 || 2014883 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jvb_bridge Itemid Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/90844/Joomla-JVB-Bridge-Remote-File-Inclusion.html 1 || 2014884 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Request to malicious SutraTDS - lonly= in cookie 1 || 2014885 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SutraTDS (enema) used in Blackhole campaigns 1 || 2014886 || 2 || bad-unknown || 0 || ET WEB_SERVER IIS INDEX_ALLOCATION Auth Bypass Attempt || url,lists.grok.org.uk/pipermail/full-disclosure/2012-June/087269.html 1 || 2014887 || 2 || trojan-activity || 0 || ET TROJAN W32/Bakcorox.A ProxyBot CnC Server Connection || url,contagioexchange.blogspot.co.uk/2012/06/022-crime-win32bakcoroxa-proxy-bot-web.html 1 || 2014888 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Try Prototype Catch June 11 2012 1 || 2014890 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible attempt to enumerate MS SQL Server version || url,support.microsoft.com/kb/321185 1 || 2014891 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Java Exploit Requested - 5 digit jar 1 || 2014892 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Jar File Naming Algorithm 1 || 2014893 || 5 || network-scan || 0 || ET SCAN critical.io Scan || url,critical.io/ 1 || 2014894 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Landing Page Received - applet and 5digit jar 1 || 2014895 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Landing Page Received - applet and code 1 || 2014896 || 4 || attempted-user || 0 || ET ACTIVEX Possible IBM Lotus iNotes Upload Module possible ActiveX Control Attachment_Times Method Access Buffer Overflow Attempt || url,secunia.com/advisories/49443/ 1 || 2014897 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jmsfileseller view parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/101770/Joomla-JMSFileSeller-Local-File-Inclusion.html 1 || 2014898 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_mscomment controller parameter Local File Inclusion Attempt || url,1337day.com/exploits/12246 1 || 2014899 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Plugin Tinymce Thumbnail Gallery href parameter Remote File Disclosure Attempt || url,packetstormsecurity.org/files/113417/WordPress-Tinymce-Thumbnail-Gallery-1.0.7-File-Disclosure.html 1 || 2014900 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress 2 Click Social Media Buttons plugin pinterest-url parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112711/WordPress-2-Click-Social-Media-Buttons-0.32.2-Cross-Site-Scripting.html 1 || 2014901 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress 2 Click Social Media Buttons plugin xing-url parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112711/WordPress-2-Click-Social-Media-Buttons-0.32.2-Cross-Site-Scripting.html 1 || 2014902 || 4 || attempted-user || 0 || ET ACTIVEX Possible Camera Stream Client Possible ActiveX Control SetDirectory Method Access Buffer Overflow || url,secunia.com/advisories/48602/ 1 || 2014903 || 2 || attempted-user || 0 || ET ACTIVEX Possible Camera Stream Client Possible ActiveX Control SetDirectory Method Access Buffer Overflow 2 || url,secunia.com/advisories/48602/ 1 || 2014904 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Sharebar plugin status parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112690/WordPress-Sharebar-1.2.1-SQL-Injection-Cross-Site-Scripting.html 1 || 2014905 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_ckforms controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/95623/Joomla-CKForms-Local-File-Inclusion.html 1 || 2014906 || 2 || policy-violation || 0 || ET INFO .exe File requested over FTP 1 || 2014907 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Initial Blackhole Landing - UPS Number Loading.. Jun 15 2012 1 || 2014908 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Initial Blackhole Landing - Verizon Balance Due Jun 15 2012 1 || 2014909 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole obfuscated Java EXE Download by Vulnerable Version - Likely Driveby 1 || 2014910 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS MySQL mysql.user Dump (Used in Metasploit Auth-Bypass Module) 1 || 2014911 || 10 || attempted-user || 0 || ET WEB_CLIENT Microsoft Internet Explorer SameID Use-After-Free || cve,CVE-2012-1875 1 || 2014912 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown - Java Request - gt 60char hex-ascii 1 || 2014913 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS NuclearPack - JAR Naming Algorithm 1 || 2014914 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS NuclearPack - PDF Naming Algorithm 1 || 2014915 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS NuclearPack - Landing Page Received - applet archive=32CharHex 1 || 2014916 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Landing Page Requested - 8Digit.html 1 || 2014917 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Landing Page Received - applet and flowbit 1 || 2014918 || 3 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to Half.jar 1 || 2014919 || 3 || policy-violation || 0 || ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (1) || url,skydrive.live.com 1 || 2014920 || 3 || policy-violation || 0 || ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (2) || url,skydrive.live.com 1 || 2014921 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Try Prototype Catch Jun 18 2012 1 || 2014922 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Incognito Landing Page Requested .php?showtopic=6digit 1 || 2014923 || 1 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY Incognito Landing Page Received applet and flowbit 1 || 2014924 || 1 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY Incognito Payload Requested /getfile.php by Java Client 1 || 2014926 || 3 || misc-attack || 0 || ET INFO PDF embedded in XDP file (Possibly Malicious) || url,blog.9bplus.com/av-bypass-for-malicious-pdfs-using-xdp 1 || 2014927 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Malicious Jar /eeltff.jar 1 || 2014928 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown - Java Request .jar from dl.dropbox.com 1 || 2014929 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Request to .in FakeAV Campaign June 19 2012 exe or zip || url,isc.sans.edu/diary/+Vulnerabilityqueerprocessbrittleness/13501 1 || 2014930 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Obfuscated Javascript redirecting to badness 21 June 2012 1 || 2014931 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Please wait a moment Jun 20 2012 1 || 2014932 || 2 || bad-unknown || 0 || ET POLICY DynDNS CheckIp External IP Address Server Response 1 || 2014933 || 3 || trojan-activity || 0 || ET TROJAN Win32/Bicololo.Dropper ne_unik CnC Server Response 1 || 2014934 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FoxxySoftware - Landing Page - eval(function(p,a,c, 1 || 2014935 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS FoxxySoftware - Landing Page Received - foxxysoftware 1 || 2014936 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FoxxySoftware - Landing Page Received - applet and 0px 1 || 2014937 || 19 || trojan-activity || 0 || ET DELETED Blackhole - Blackhole Java Exploit request to Trop.jar 1 || 2014938 || 13 || attempted-admin || 0 || ET WEB_CLIENT Potential MSXML2.DOMDocument Uninitialized Memory Corruption CVE-2012-1889 || cve,CVE-2012-1889 1 || 2014939 || 1 || policy-violation || 0 || ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via TOR || url,en.wikipedia.org/wiki/.onion 1 || 2014940 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole RawValue Exploit PDF || cve,2010-0188 1 || 2014941 || 3 || policy-violation || 0 || ET POLICY TOR .exit Pseudo TLD DNS Query || url,en.wikipedia.org/wiki/.onion 1 || 2014942 || 2 || attempted-user || 0 || ET ACTIVEX Possible Autodesk MapGuide Viewer ActiveX LayersViewWidth Method Access Denial of Service || url,1337day.com/exploits/13938 1 || 2014943 || 2 || attempted-user || 0 || ET ACTIVEX Possible Autodesk MapGuide Viewer ActiveX LayersViewWidth Method Access Denial of Service 2 || url,1337day.com/exploits/13938 1 || 2014944 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WHCMS smarty Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/113912/WHCMS-5.0.3-Remote-File-Inclusion.html 1 || 2014945 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WHCMS banco Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/113912/WHCMS-5.0.3-Remote-File-Inclusion.html 1 || 2014946 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WHCMS smarty Parameter Remote File inclusion Attempt 2 || url,packetstormsecurity.org/files/113912/WHCMS-5.0.3-Remote-File-Inclusion.html 1 || 2014947 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Thinkun Remind Plugin dirPath Remote File Disclosure Vulnerability || url,secunia.com/advisories/49461 1 || 2014948 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Simple Download Button Shortcode Plugin Arbitrary File Disclosure Vulnerability || url,secunia.com/advisories/49462 1 || 2014949 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Plugins Wp-ImageZoom file parameter Remote File Disclosure Vulnerability || url,1337day.com/exploits/18685 1 || 2014950 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nagios XI div parameter Cross-Site Scripting Attempt || url,secunia.com/advisories/49544 1 || 2014951 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nagios XI view parameter Cross-Site Scripting Attempt || url,secunia.com/advisories/49544 1 || 2014952 || 3 || trojan-activity || 0 || ET TROJAN Capfire4 Checkin (register machine) || url,labs.alienvault.com/labs/index.php/2012/capfire4-malware-rat-software-and-cc-service-together/ 1 || 2014953 || 3 || trojan-activity || 0 || ET TROJAN Capfire4 Checkin (update machine status) || url,labs.alienvault.com/labs/index.php/2012/capfire4-malware-rat-software-and-cc-service-together/ 1 || 2014954 || 9 || policy-violation || 0 || ET INFO Vulnerable iTunes Version 10.6.x 1 || 2014955 || 2 || trojan-activity || 0 || ET TROJAN Backdoor Win32/Hupigon.CK Client Checkin 1 || 2014956 || 1 || trojan-activity || 0 || ET TROJAN Backdoor Win32/Hupigon.CK Server Checkin 1 || 2014957 || 1 || trojan-activity || 0 || ET TROJAN Backdoor Win32/Hupigon.CK Client Idle 1 || 2014958 || 1 || trojan-activity || 0 || ET TROJAN Backdoor Win32/Hupigon.CK Server Idle 1 || 2014959 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Base64 - Java Exploit Requested - /1Digit 1 || 2014960 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Base64 - Landing Page Received - base64encode(GetOs() 1 || 2014961 || 2 || trojan-activity || 0 || ET TROJAN W32/Scar CnC Checkin || md5,b345634df53511c7195d661ac755b320 1 || 2014962 || 2 || trojan-activity || 0 || ET TROJAN W32/Nutiliers.A Downloader CnC Checkin - Request Encrypted Response || md5,7b2bfb9d270a5f446f32502d2ed34d67 1 || 2014963 || 2 || trojan-activity || 0 || ET TROJAN W32/Armageddon CnC Checkin || md5,3f4c5649d66fc5befc0db47930edb9f6 1 || 2014964 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Hacked Website Response '/*km0ae9gr6m*/' Jun 25 2012 || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ 1 || 2014965 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Hacked Website Response '/*qhk6sa6g1c*/' Jun 25 2012 || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ 1 || 2014966 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Generic - PDF with NEW PDF EXPLOIT 1 || 2014967 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - Landing Page Requested - 15Alpha1Digit.php 1 || 2014968 || 8 || trojan-activity || 0 || ET DELETED Unknown - Payload Download - 9Alpha1Digit.exe 1 || 2014969 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown - Java Exploit Requested - 13-14Alpha.jar 1 || 2014970 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Runforestrun Malware Campaign Infected Website || url,www.symantec.com/security_response/writeup.jsp?docid=2012-062103-1655-99 || url,isc.sans.edu/diary/Run+Forest+/13540 || url,isc.sans.edu/diary/Run+Forest+Update+/13561 1 || 2014971 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS JS.Runfore Malware Campaign Request || url,www.symantec.com/security_response/writeup.jsp?docid=2012-062103-1655-99 || url,isc.sans.edu/diary/Run+Forest+/13540 || url,isc.sans.edu/diary/Run+Forest+Update+/13561 1 || 2014972 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HeapLib JS Library || url,www.blackhat.com/presentations/bh-europe-07/Sotirov/Presentation/bh-eu-07-sotirov-apr19.pdf 1 || 2014973 || 18 || trojan-activity || 0 || ET DELETED Blackhole - Landing Page Requested - /*.php?*=16HexChar 1 || 2014974 || 6 || trojan-activity || 0 || ET DELETED Blackhole - Landing Page Requested - /*.php?*=8HexChar 1 || 2014975 || 4 || trojan-activity || 0 || ET DELETED Blackhole - Landing Page Requested - /Home/index.php 1 || 2014976 || 3 || trojan-activity || 0 || ET DELETED Blackhole - Landing Page Received - catch and flowbit 1 || 2014977 || 7 || trojan-activity || 0 || ET DELETED Blackhole - Landing Page Recieved - applet and flowbit 1 || 2014979 || 2 || trojan-activity || 0 || ET TROJAN Zbot CnC POST /common/versions.php || md5,43d8afa89bd6bf06973af62220d6c158 1 || 2014980 || 3 || trojan-activity || 0 || ET TROJAN Zbot CnC GET /lost.dat || md5,43d8afa89bd6bf06973af62220d6c158 1 || 2014981 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Landing Page Try Renamed Prototype Catch - June 28th 2012 || url,research.zscaler.com/2012/06/cleartripcom-infected-with-blackhole.html 1 || 2014982 || 2 || attempted-recon || 0 || ET CURRENT_EVENTS Googlebot UA POST to /uploadify.php || url,blog.sucuri.net/2012/06/uploadify-uploadify-and-uploadify-the-new-timthumb.html 1 || 2014983 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Scalaxy Jar file 1 || 2014984 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Hacked Website Response /*km0ae9gr6m*/ Jun 25 2012 || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ 1 || 2014985 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Hacked Website Response /*qhk6sa6g1c*/ Jun 25 2012 || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ 1 || 2014986 || 2 || web-application-attack || 0 || ET WEB_SERVER possible IBM Rational Directory Server (RDS) Help system href browser redirect || url,secunia.com/advisories/49627/ 1 || 2014987 || 2 || web-application-attack || 0 || ET WEB_SERVER possible IBM Rational Directory Server (RDS) Help system href Cross Site Scripting Attempt || url,secunia.com/advisories/49627/ 1 || 2014988 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pliggCMS src parameter Remote File Inclusion Attempt || url,1337day.com/exploits/18854 1 || 2014989 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Download Monitor thumbnail parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112707/WordPress-Download-Monitor-3.3.5.4-Cross-Site-Scripting.html 1 || 2014990 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Download Monitor tags parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112707/WordPress-Download-Monitor-3.3.5.4-Cross-Site-Scripting.html 1 || 2014991 || 3 || attempted-user || 0 || ET ACTIVEX Possible SonciWALL Aventail AuthCredential Format String Exploit 2 || url,packetstormsecurity.org/files/92931/SonciWALL-Aventail-epi.dll-AuthCredential-Format-String-Exploit.html 1 || 2014992 || 3 || attempted-user || 0 || ET ACTIVEX Possible SonciWALL Aventail AuthCredential Format String Exploit || url,packetstormsecurity.org/files/92931/SonciWALL-Aventail-epi.dll-AuthCredential-Format-String-Exploit.html 1 || 2014993 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AdaptCMS sitepath parameter Remote File Inclusion Vulnerability || url,packetstormsecurity.org/files/91022/AdaptCMS-2.0.0-Beta-Remote-File-Inclusion.html 1 || 2014994 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_profile controller parameter Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/95609/Joomla-Profile-Local-File-Inclusion.html 1 || 2014995 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress jRSS Widget url parameter Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/95638/WordPress-jRSS-Widget-1.1.1-Local-File-Inclusion.html 1 || 2014996 || 3 || attempted-dos || 0 || ET DOS Microsoft Windows 7 ICMPv6 Router Advertisement Flood || url,www.samsclass.info/ipv6/proj/proj8x-124-flood-router.htm 1 || 2014997 || 2 || policy-violation || 0 || ET POLICY Pandora Usage || url,www.pandora.com 1 || 2014998 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Runforestrun Malware Campaign Infected Website Landing Page Obfuscated String JavaScript DGA || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ 1 || 2014999 || 2 || trojan-activity || 0 || ET TROJAN Zbot CnC POST /common/timestamps.php || md5,43d8afa89bd6bf06973af62220d6c158 1 || 2015000 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS NuclearPack Java exploit binary get request 1 || 2015001 || 2 || trojan-activity || 0 || ET DELETED Blackhole - Blackhole Java Exploit request to spn.jar 1 || 2015002 || 6 || trojan-activity || 0 || ET TROJAN Pushbot User-Agent || url,www.cert.pl/news/5587/langswitch_lang/en 1 || 2015003 || 4 || trojan-activity || 0 || ET TROJAN Pushbot server response || url,www.cert.pl/news/5587/langswitch_lang/en 1 || 2015004 || 3 || bad-unknown || 0 || ET INFO Compressed Executable SZDD Compress.exe Format Over HTTP || url,blog.fireeye.com/research/2012/07/inside-customized-threat.html#more || url,www.cabextract.org.uk/libmspack/doc/szdd_kwaj_format.html 1 || 2015005 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL 3 1 || 2015006 || 6 || trojan-activity || 0 || ET DELETED SofosFO exploit kit jar download 1 || 2015007 || 9 || trojan-activity || 0 || ET DELETED SofosFO exploit kit version check 1 || 2015009 || 3 || trojan-activity || 0 || ET DELETED SofosFO exploit kit payload download 1 || 2015010 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack exploit pack /mix/ Java exploit 1 || 2015011 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack exploit pack /mix/ payload 1 || 2015012 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Split String Obfuscation of Eval 1 1 || 2015013 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Split String Obfuscation of Eval 2 1 || 2015014 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Split String Obfuscation of Eval 3 1 || 2015015 || 1 || policy-violation || 0 || ET POLICY Download Request to Hotfile.com 1 || 2015016 || 2 || misc-activity || 0 || ET INFO FTP STOR to External Network 1 || 2015017 || 4 || trojan-activity || 0 || ET MALWARE W32/OnlineGames Checkin || md5,60763078b8860fd59a1d8bea2bf8900b 1 || 2015018 || 2 || trojan-activity || 0 || ET MALWARE W32/OnlineGames User Agent loadMM || md5,60763078b8860fd59a1d8bea2bf8900b 1 || 2015019 || 1 || trojan-activity || 0 || ET TROJAN W32/Icoo CnC Checkin || md5,1d2ddece4cd5cff3658c59e20d40dd8b 1 || 2015020 || 2 || trojan-activity || 0 || ET TROJAN W32/Numnet.Downloader CnC Checkin 1 || md5,fbc732c7cd1bbd84956b1e76b53384da 1 || 2015021 || 2 || trojan-activity || 0 || ET TROJAN W32/Numnet.Downloader CnC Checkin 2 || md5,fbc732c7cd1bbd84956b1e76b53384da 1 || 2015022 || 2 || trojan-activity || 0 || ET TROJAN W32/Zusy Gettime Checkin || md5,a152772516cef409ddd58f90917a3b44 1 || 2015023 || 3 || network-scan || 0 || ET WEB_SERVER IIS 8.3 Filename With Wildcard (Possible File/Dir Bruteforce) || url,soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf 1 || 2015024 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito - Malicious PDF Requested - /getfile.php 1 || 2015025 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 1 1 || 2015026 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 2 1 || 2015027 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 3 1 || 2015028 || 4 || trojan-activity || 0 || ET TROJAN Cridex Post to CnC || url,vrt-blog.snort.org/2012/07/banking-trojan-spread-via-ups-phish.html || url,www.virustotal.com/file/00bf5b6f32b6a8223b8e55055800ef7870f8acaed334cb12484e44489b2ace24/analysis/ || url,www.packetninjas.net 1 || 2015030 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito - Java Exploit Requested - /gotit.php by Java Client 1 || 2015031 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito - Payload Request - /load.php by Java Client 1 || 2015032 || 2 || attempted-user || 0 || ET ACTIVEX Possible IBM Rational ClearQuest Activex Control RegisterSchemaRepoFromFileByDbSet Insecure Method Access || url,11337day.com/exploits/18917 1 || 2015033 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Concrete CMS approveImmediately parameter Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/53268/info 1 || 2015034 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Concrete CMS btask parameter Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/53268/info 1 || 2015035 || 2 || web-application-attack || 0 || ET WEB_SERVER possible SAP Crystal Report Server 2008 path parameter Directory Traversal vulnerability || url,1337day.com/exploits/15332 1 || 2015036 || 2 || attempted-user || 0 || ET ACTIVEX Possible Crystal Reports Viewer Activex Control ServerResourceVersion Insecure Method Access || url,1337day.com/exploits/15098 1 || 2015037 || 2 || attempted-user || 0 || ET ACTIVEX Possible Crystal Reports Viewer Activex Control ServerResourceVersion Insecure Method Access 2 || url,1337day.com/exploits/15098 1 || 2015038 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Count Per Day Plugin page parameter Cross-Site Scripting Attempt || url,secunia.com/advisories/49692/ 1 || 2015039 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_wisroyq controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/95508/Joomla-Wisroyq-Local-File-Inclusion.html 1 || 2015040 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rssreader controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/95430/Joomla-RSSReader-Local-File-Inclusion.html 1 || 2015041 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Custom Contact Forms options-general.php Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112616/WordPress-Custom-Contact-Forms-Cross-Site-Scripting.html 1 || 2015042 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack - 32Char.php by Java Client 1 || 2015043 || 3 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Applet Code Rafa.Rafa 6th July 2012 1 || 2015044 || 3 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Obfuscated Applet Value 6th July 2012 1 || 2015045 || 3 || bad-unknown || 0 || ET INFO Potential Common Malicious JavaScript Loop 1 || 2015046 || 2 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Java Exploit request to /Set1.jar 6th July 2012 1 || 2015047 || 3 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Landing Page Redirect.php Port 8080 Request 1 || 2015048 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS 09 July 2012 Blackhole Landing Page - Please Wait Loading 1 || 2015049 || 3 || trojan-activity || 0 || ET DELETED Request For Blackhole Landing Page Go.php 1 || 2015050 || 4 || trojan-activity || 0 || ET TROJAN Generic - 8Char.JAR Naming Algorithm 1 || 2015051 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 1) || url,stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html 1 || 2015052 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 2) || url,stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html 1 || 2015053 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_s=1 - Landing Page - 10HexChar Title and applet 1 || 2015054 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_s=1 - Landing Page - 100HexChar value and applet 1 || 2015055 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_s=1 - Payload Requested - 32AlphaNum?s=1 Java Request 1 || 2015056 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Landing Page Structure 1 || 2015057 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS c3284d malware network iframe 1 || 2015061 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bdvkpbuldslsapeb.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015062 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain eilqnjkoytyjuchn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015063 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain npxsiiwpxqqiihmo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015064 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qtmyeslmsoxkjbku.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015065 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain adbjjkquyyhyqknf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015066 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ciqmhuwgvfsxdtrw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015067 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mocrafrewsdjztbj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015068 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain otruvbidvikzhlop.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015069 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain yafzvancybuwmnno.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015070 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bhujzorkulhkpwob.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015071 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lohnrnnpvvtxedfl.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015072 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ntvrnrdpyoadopbo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015073 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain wakvnkyzkyietkdr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015074 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain zfyafrjmmajqfvbh.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015075 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jnlkttkruqsdjqlx.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015076 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lsbppxhgckolsnap.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015077 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vznrahwzgntmfcqk.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015078 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xeeypppxswpquvrf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015079 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain inqgvoeohpcsfxmn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015080 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ksgmckchdppqeicu.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015081 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain uyrorwlibbjeasoq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015082 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain wejungvnykczyjam.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015083 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gmvdnpqbblixlgxj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015084 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jrkjelzwleadyxsd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015085 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain sywleisrsstsqoic.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015086 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain venrfhmthwpqlqge.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015087 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fmacqvmqafqwmebl.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015088 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hrpgglxvqwjesffr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015089 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rxbkqfydlnzopqrn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015090 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain tdsorylshsxjeawf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015091 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain elfxqghdubihhsgd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015092 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gqtcxunxhyujqjkf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015094 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain sdxkjaophbtufumx.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015095 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain clkujrjqvexvbmoi.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015096 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fqyyxagzkrpvxtki.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015097 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain owldagkyzrkhqnjo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015098 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rccjvgsgffokiwze.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015099 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain blorcdyiipxcwyxv.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015100 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain dpewaddpoewiycnj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015101 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain nwpykqeizraqthry.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015102 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain pchgijctfprxhnje.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015103 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain zisiiogqigzzqqeq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015104 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain cpittmwbqtjrjpql.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015105 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mvuvchtcxxibeubd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015106 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain oblcasnhxbbocpfj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015107 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xixftoplsduqqorx.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015108 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bpnqmxkpxxgbdnby.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015109 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain kvzstpqmeoxtcwko.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015110 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain nbqypqrjiqxlfvdj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015111 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain whddmvrxufbkkoew.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015112 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ymrhcvphevonympo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015113 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jveqgnmjxkocqifr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015114 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lavvckpordclbduy.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015115 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vhhzcvbegxbjsxke.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015116 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xmwettbvtbhvrjuo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015117 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain iujniiokeyjbmerc.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015118 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain kzxrowftdocgyghs.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015119 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gacdiuwnhonuulpe.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015120 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ifrhgnqeeotnzrmz.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015121 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rmdlgyreitjsjkfq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015122 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain uqspvdwyltgcyhft.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015123 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ezfydrexncoidbus.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015124 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hfveiooumeyrpchg.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015125 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qlihxnncwioxkdls.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015126 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain sqwlonyduvpowdgy.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015127 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain dyjvewshptsboygd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015128 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain febcbuyswmishvpl.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015129 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain plmekaayiholtevt.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015130 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rpckbgrziwbdrmhr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015131 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain cyosongjihugkjbg.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015132 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain eefysywrvkgxuqdf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015133 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain nkrbvqxzfwicmhwb.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015134 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qphhsudsmeftdaht.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015135 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain axtopsbtntqnfdyk.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015136 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ddkudnuklgiwtdyw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015137 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mkwwclogcvgeekws.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015138 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain opldkflyvlkywuec.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015139 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain yvxfekhokspfuwqr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015140 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bdprvpxdejpohqpt.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015141 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ljbvfrsvcevyfhor.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015142 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain noqzuukouyfuyrmd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015143 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xvcewyydwsmdgaju.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015144 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain zatiscwwtipqlycd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015145 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jjgshrjdcynohyuk.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015146 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mouwwvcwwlilnxub.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015147 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vuhaojpwxgsxuitu.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015148 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain yayfefhrwawquwcw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015149 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain iiloishkjwvqldlq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015150 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain knauycqgsdhgbwjo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015151 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain uumwyzhctrwdsrdp.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015152 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain wzbdwenwshfzglwt.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015153 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hiplksflttfkpsxn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015154 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jnfrqmekhoevppvw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015155 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ttqtkmthptxvwiku.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015156 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vygzhvfiuommkqfj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015157 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fhuidtlqttqxgjvn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015158 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain imjosxuhbcdonrco.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015159 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rtvqcdpbqxgwnrcn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015160 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain tykvyflnjhbnqpnr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015161 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ehyewyqydfpidbdp.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015162 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gmokuosvnbkshdtd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015163 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qsbourrdxgxgwepy.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015164 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain sxpskxdgoczvcjgp.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015165 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain dhedppigtpbwrmpc.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015166 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain flthmyjeuhdygshf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015167 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain osflhkaowydftniw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015168 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rxupwhkznihnxzqx.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015169 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bgjzhlasdrwwnenj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015170 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain elxegvkalqvkyoxc.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015171 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain nrkhysgoltauclop.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015172 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain pwyloytoagndnrex.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015173 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain zenquqdskekaudbe.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015174 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain cldcrgtnuwvgnbfd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015175 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mroeqjdaukskbgua.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015176 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain owekhoeuhmdiehrw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015177 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ydrngsmrdiiyvoiy.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015178 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bkhyiqitpoxewhmt.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015179 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain krtbityuhlewigfe.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015180 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain nvjgyermzsmynaeq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015181 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jwkpdxqbemsmclal.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015182 || 5 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lccwpflcdjrdfjib.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015183 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain uinyjmxfqinkxbda.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015184 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xndfbivuonkxfxrq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015185 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hvpmffxpfnlquqxo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015186 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain kbgsbqjugdqrgtdw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015187 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain tisubmfvqrgnloxr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015188 || 4 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vmibswhnpqhqwyih.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015189 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gvujhzvjxwptrtdg.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015190 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain iblpdiqdmmsbnuxb.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015191 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain shxrsvasoncjnxpn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015192 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ummxjwieppswcnrg.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015193 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fuyfrockpfclxccd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015194 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain haqmuqqukywrcxfa.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015195 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qhcplcuugevvyham.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015196 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain tmrtbcienxrbnsjc.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015197 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain dueebwwdllfburag.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015198 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fzsirujgdbvabrjm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015199 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain pghnrmkoeoetfwsm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015200 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rlvqmipovrqbmvqd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015201 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ctjbmgjudwisgshv.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015202 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain eyxejlabqaytqmjx.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015203 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ogmjjmqdhlbyabzg.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015204 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qlbpfyrupyadvjsl.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015205 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain atnwerhvttvbivra.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015206 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain dydderasilekaegh.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015207 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mfqfrnqllqcrayiw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015208 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain pkglwwwmjxokzzfq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015209 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain yrrnrgliojezjctg.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015210 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bxhzugppnulxghvm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015211 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lfvcngdbzjrzgyby.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015212 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain nkkijjyioljbfysn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015213 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xqwkdyjydkggsppd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015214 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain axmvnmubgwlmqfrp.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015215 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain keabgwmpzqhpmlng.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015216 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mjpflkwqskuqbjnk.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015217 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vqcicnuhtwhxmtjd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015218 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain yvqnltydqtpresfu.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015219 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain iefwvulgninlkoxe.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015220 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ljubdldgqwbarplc.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015221 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain upgghggmbusopaxv.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015222 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain wuvjdexaqtmqkvgk.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015223 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hektxucstnbuncix.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015224 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jiyxdlvawkranmin.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015225 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain tplczomvebjmhsgk.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015226 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vuaivypissryzhij.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015227 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gdoqznfilmtulxxv.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015228 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain iiewprjomieydnix.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015229 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ropypfmcqjjfdiel.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015230 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain utfenjxpvwtroioi.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015231 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain edtmjcvfnfcbweed.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015232 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hhishrpjdixwtctz.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015233 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qouubrmdxtgnnjvm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015234 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain stkbtccbckhdkbii.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015235 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain dcyjurmfwhgvyoio.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015236 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fhnpjsnknkuvhazm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015237 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain pozrtgdmhvhvdscn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015238 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rsoxjlibxohdcyov.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015239 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ccdifvomwhtynpay.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015240 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ehsmldxnregnruez.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015241 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lsvdxjpwykxxvryd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015242 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain oxkjnvhjnvnegtyb.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015243 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xfymtpavzblzbknq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015244 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bloxgsfzinxmdspt.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015245 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ksacasnubklrikdl.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015246 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mxpgggggukxqteoy.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015247 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain wedkgpdcxlrunbmu.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015248 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain yjsovtnpgbwqcbbd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015249 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jrfyaswntteouafv.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015250 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lwtcxuzbdrsnpqfb.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015251 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain veihxoqukuetxqbn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015252 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xiwlnutkxsqxwjge.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015253 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hrkusbnevtmyisab.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015254 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain kwyyhhqtwxupnhyu.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015255 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain tdndpphrtyniynvz.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015256 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain wicjgufeimlbmcus.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015257 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gqortbbbsnksxpmm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015258 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fjgtmicxtlxynlpf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015259 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ppsvcvrcgkllplyn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015260 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ruhctasjmpqbyvhm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015261 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bdvkpbuldslsapeb.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015262 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain eilqnjkoytyjuchn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015263 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain npxsiiwpxqqiihmo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015264 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qtmyeslmsoxkjbku.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015265 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain adbjjkquyyhyqknf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015266 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ciqmhuwgvfsxdtrw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015267 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mocrafrewsdjztbj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015268 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain otruvbidvikzhlop.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015269 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain yafzvancybuwmnno.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015270 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bhujzorkulhkpwob.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015271 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lohnrnnpvvtxedfl.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015272 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ntvrnrdpyoadopbo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015273 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain wakvnkyzkyietkdr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015274 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain zfyafrjmmajqfvbh.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015275 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jnlkttkruqsdjqlx.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015276 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lsbppxhgckolsnap.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015277 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vznrahwzgntmfcqk.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015278 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xeeypppxswpquvrf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015279 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain inqgvoeohpcsfxmn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015280 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ksgmckchdppqeicu.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015281 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain uyrorwlibbjeasoq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015282 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain wejungvnykczyjam.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015283 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gmvdnpqbblixlgxj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015284 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jrkjelzwleadyxsd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015285 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain sywleisrsstsqoic.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015286 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain venrfhmthwpqlqge.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015287 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fmacqvmqafqwmebl.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015288 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hrpgglxvqwjesffr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015289 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rxbkqfydlnzopqrn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015290 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain tdsorylshsxjeawf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015291 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain elfxqghdubihhsgd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015292 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gqtcxunxhyujqjkf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015293 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qxggipnnfmnihkic.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015294 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain sdxkjaophbtufumx.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015295 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain clkujrjqvexvbmoi.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015296 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fqyyxagzkrpvxtki.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015297 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain owldagkyzrkhqnjo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015298 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rccjvgsgffokiwze.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015299 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain blorcdyiipxcwyxv.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015300 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain dpewaddpoewiycnj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015301 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain nwpykqeizraqthry.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015302 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain pchgijctfprxhnje.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015303 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain zisiiogqigzzqqeq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015304 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain cpittmwbqtjrjpql.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015305 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mvuvchtcxxibeubd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015306 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain oblcasnhxbbocpfj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015307 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xixftoplsduqqorx.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015308 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bpnqmxkpxxgbdnby.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015309 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain kvzstpqmeoxtcwko.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015310 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain nbqypqrjiqxlfvdj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015311 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain whddmvrxufbkkoew.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015312 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ymrhcvphevonympo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015313 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jveqgnmjxkocqifr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015314 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lavvckpordclbduy.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015315 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vhhzcvbegxbjsxke.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015316 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xmwettbvtbhvrjuo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015317 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain iujniiokeyjbmerc.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015318 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain kzxrowftdocgyghs.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015319 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gacdiuwnhonuulpe.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015320 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ifrhgnqeeotnzrmz.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015321 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rmdlgyreitjsjkfq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015322 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain uqspvdwyltgcyhft.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015323 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ezfydrexncoidbus.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015324 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hfveiooumeyrpchg.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015325 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qlihxnncwioxkdls.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015326 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain sqwlonyduvpowdgy.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015327 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain dyjvewshptsboygd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015328 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain febcbuyswmishvpl.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015329 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain plmekaayiholtevt.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015330 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rpckbgrziwbdrmhr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015331 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain cyosongjihugkjbg.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015332 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain eefysywrvkgxuqdf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015333 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain nkrbvqxzfwicmhwb.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015334 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qphhsudsmeftdaht.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015335 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain axtopsbtntqnfdyk.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015336 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ddkudnuklgiwtdyw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015337 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mkwwclogcvgeekws.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015338 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain opldkflyvlkywuec.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015339 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain yvxfekhokspfuwqr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015340 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bdprvpxdejpohqpt.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015341 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ljbvfrsvcevyfhor.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015342 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain noqzuukouyfuyrmd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015343 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xvcewyydwsmdgaju.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015344 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain zatiscwwtipqlycd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015345 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jjgshrjdcynohyuk.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015346 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mouwwvcwwlilnxub.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015347 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vuhaojpwxgsxuitu.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015348 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain yayfefhrwawquwcw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015349 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain iiloishkjwvqldlq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015350 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain knauycqgsdhgbwjo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015351 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain uumwyzhctrwdsrdp.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015352 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain wzbdwenwshfzglwt.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015353 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hiplksflttfkpsxn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015354 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jnfrqmekhoevppvw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015355 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ttqtkmthptxvwiku.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015356 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vygzhvfiuommkqfj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015357 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fhuidtlqttqxgjvn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015358 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain imjosxuhbcdonrco.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015359 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rtvqcdpbqxgwnrcn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015360 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain tykvyflnjhbnqpnr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015361 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ehyewyqydfpidbdp.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015362 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gmokuosvnbkshdtd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015363 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qsbourrdxgxgwepy.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015364 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain sxpskxdgoczvcjgp.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015365 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain dhedppigtpbwrmpc.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015366 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain flthmyjeuhdygshf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015367 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain osflhkaowydftniw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015368 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rxupwhkznihnxzqx.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015369 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bgjzhlasdrwwnenj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015370 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain elxegvkalqvkyoxc.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015371 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain nrkhysgoltauclop.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015372 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain pwyloytoagndnrex.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015373 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain zenquqdskekaudbe.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015374 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain cldcrgtnuwvgnbfd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015375 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mroeqjdaukskbgua.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015376 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain owekhoeuhmdiehrw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015377 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ydrngsmrdiiyvoiy.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015378 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bkhyiqitpoxewhmt.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015379 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain krtbityuhlewigfe.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015380 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain nvjgyermzsmynaeq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015381 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jwkpdxqbemsmclal.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015382 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lccwpflcdjrdfjib.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015383 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain uinyjmxfqinkxbda.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015384 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xndfbivuonkxfxrq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015385 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hvpmffxpfnlquqxo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015386 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain kbgsbqjugdqrgtdw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015387 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain tisubmfvqrgnloxr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015388 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vmibswhnpqhqwyih.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015389 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gvujhzvjxwptrtdg.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015390 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain iblpdiqdmmsbnuxb.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015391 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain shxrsvasoncjnxpn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015392 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ummxjwieppswcnrg.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015393 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fuyfrockpfclxccd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015394 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain haqmuqqukywrcxfa.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015395 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qhcplcuugevvyham.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015396 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain tmrtbcienxrbnsjc.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015397 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain dueebwwdllfburag.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015398 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fzsirujgdbvabrjm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015399 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain pghnrmkoeoetfwsm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015400 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rlvqmipovrqbmvqd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015401 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ctjbmgjudwisgshv.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015402 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain eyxejlabqaytqmjx.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015403 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ogmjjmqdhlbyabzg.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015404 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qlbpfyrupyadvjsl.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015405 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain atnwerhvttvbivra.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015406 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain dydderasilekaegh.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015407 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mfqfrnqllqcrayiw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015408 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain pkglwwwmjxokzzfq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015409 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain yrrnrgliojezjctg.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015410 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bxhzugppnulxghvm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015411 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lfvcngdbzjrzgyby.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015412 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain nkkijjyioljbfysn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015413 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xqwkdyjydkggsppd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015414 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain axmvnmubgwlmqfrp.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015415 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain keabgwmpzqhpmlng.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015416 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mjpflkwqskuqbjnk.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015417 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vqcicnuhtwhxmtjd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015418 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain yvqnltydqtpresfu.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015419 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain iefwvulgninlkoxe.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015420 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ljubdldgqwbarplc.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015421 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain upgghggmbusopaxv.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015422 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain wuvjdexaqtmqkvgk.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015423 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hektxucstnbuncix.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015424 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jiyxdlvawkranmin.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015425 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain tplczomvebjmhsgk.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015426 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vuaivypissryzhij.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015427 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gdoqznfilmtulxxv.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015428 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain iiewprjomieydnix.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015429 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ropypfmcqjjfdiel.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015430 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain utfenjxpvwtroioi.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015431 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain edtmjcvfnfcbweed.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015432 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hhishrpjdixwtctz.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015433 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qouubrmdxtgnnjvm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015434 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain stkbtccbckhdkbii.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015435 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain dcyjurmfwhgvyoio.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015436 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fhnpjsnknkuvhazm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015437 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain pozrtgdmhvhvdscn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015438 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rsoxjlibxohdcyov.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015439 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ccdifvomwhtynpay.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015440 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ehsmldxnregnruez.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015441 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lsvdxjpwykxxvryd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015442 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain oxkjnvhjnvnegtyb.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015443 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xfymtpavzblzbknq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015444 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bloxgsfzinxmdspt.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015445 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ksacasnubklrikdl.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015446 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mxpgggggukxqteoy.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015447 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain wedkgpdcxlrunbmu.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015448 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain yjsovtnpgbwqcbbd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015449 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jrfyaswntteouafv.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015450 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lwtcxuzbdrsnpqfb.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015451 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain veihxoqukuetxqbn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015452 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xiwlnutkxsqxwjge.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015453 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hrkusbnevtmyisab.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015454 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain kwyyhhqtwxupnhyu.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015455 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain tdndpphrtyniynvz.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015456 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain wicjgufeimlbmcus.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015457 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gqortbbbsnksxpmm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015458 || 2 || trojan-activity || 0 || ET TROJAN Win32/Pift Checkin 1 || url,kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23873/en_US/McAfee%20Labs%20Threat%20Advisory-W32-Pift.pdf || md5,d3c6af8284276b11c2f693c1195b4735 1 || 2015459 || 2 || trojan-activity || 0 || ET TROJAN Win32/Pift Checkin 2 || url,kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23873/en_US/McAfee%20Labs%20Threat%20Advisory-W32-Pift.pdf || md5,d3c6af8284276b11c2f693c1195b4735 1 || 2015460 || 3 || trojan-activity || 0 || ET TROJAN Win32/Pift DNS TXT CnC Lookup ppift.net || url,kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23873/en_US/McAfee%20Labs%20Threat%20Advisory-W32-Pift.pdf || md5,d3c6af8284276b11c2f693c1195b4735 1 || 2015461 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fjgtmicxtlxynlpf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015462 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ppsvcvrcgkllplyn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015463 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ruhctasjmpqbyvhm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015464 || 2 || attempted-user || 0 || ET ACTIVEX Possible AdminStudio Activex Control LaunchProcess Method Access Arbitrary Code Execution || url,packetstormsecurity.org/files/114564/AdminStudio-LaunchHelp.dll-ActiveX-Arbitrary-Code-Execution.html 1 || 2015465 || 3 || attempted-user || 0 || ET ACTIVEX Possible Oracle AutoVue ActiveX SetMarkupMode Method Access Remote Code Execution || url,packetstormsecurity.org/files/114364/Oracle-AutoVue-ActiveX-SetMarkupMode-Remote-Code-Execution.html 1 || 2015466 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Leaflet plugin(leaflet_marker) id parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112699/WordPress-Leaflet-0.0.1-Cross-Site-Scripting.html 1 || 2015467 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Leaflet plugin(leaflet_layer) id parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112699/WordPress-Leaflet-0.0.1-Cross-Site-Scripting.html 1 || 2015468 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_jstore controller parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/94689/Joomla-JStore-Local-File-Inclusion.html 1 || 2015469 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Help Center Live file parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/88998/Help-Center-Live-2.0.6-Local-File-Inclusion.html 1 || 2015470 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpPollScript include_class Parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/81376/phpPollScript-1.3-Remote-File-Inclusion.html 1 || 2015471 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_edir controller parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/95604/Joomla-eDir-Local-File-Inclusion.html 1 || 2015472 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_connect controller parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/95590/Joomla-Connect-Local-File-Inclusion.html 1 || 2015473 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress CataBlog plugin category parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112710/WordPress-CataBlog-1.6-Cross-Site-Scripting.html 1 || 2015474 || 2 || trojan-activity || 0 || ET TROJAN ZeroAccess udp traffic detected 1 || 2015475 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole TKR Landing Page /last/index.php 1 || 2015476 || 5 || trojan-activity || 0 || ET DELETED BlackHole Landing Page /upinv.html 1 || 2015477 || 6 || trojan-activity || 0 || ET DELETED Blackhole Eval Split String Obfuscation In Brackets 1 || 2015478 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Unknown TDS /top2.html || url,blog.unmaskparasites.com/2012/07/11/whats-in-your-wp-head/ 1 || 2015479 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Unknown TDS /rem2.html || url,blog.unmaskparasites.com/2012/07/11/whats-in-your-wp-head/ 1 || 2015480 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Compromised WordPress Server pulling Malicious JS || url,blog.unmaskparasites.com/2012/07/11/whats-in-your-wp-head/ 1 || 2015481 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Compromised Wordpress Install Serving Malicious JS || url,blog.unmaskparasites.com/2012/07/11/whats-in-your-wp-head/ 1 || 2015482 || 8 || trojan-activity || 0 || ET TROJAN ZeroAccess Outbound udp traffic detected 1 || 2015483 || 3 || bad-unknown || 0 || ET INFO Java .jar request to dotted-quad domain 1 || 2015484 || 2 || attempted-recon || 0 || ET SCAN w3af User-Agent 2 1 || 2015485 || 2 || policy-violation || 0 || ET POLICY TuneIn Internet Radio Usage Detected || url,tunein.com/support/get-started 1 || 2015486 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (1) 1 || 2015487 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (2) 1 || 2015488 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (3) 1 || 2015489 || 2 || trojan-activity || 0 || ET TROJAN W32/OnlineGame.DaGame Variant CnC Checkin 1 || 2015490 || 2 || attempted-user || 0 || ET ACTIVEX Possible beSTORM ActiveX (WinGraphviz.dll) Remote Heap Overflow || url,exploit-db.com/exploits/19861/ 1 || 2015491 || 2 || attempted-user || 0 || ET ACTIVEX Possible CA BrightStor ARCserve Backup ActiveX AddColumn Method Access Buffer Overflow || url,packetstormsecurity.org/files/82950/CA-BrightStor-ARCserve-Backup-AddColumn-ActiveX-Buffer-Overflow.html 1 || 2015492 || 3 || attempted-user || 0 || ET ACTIVEX Possible CA BrightStor ARCserve Backup ActiveX AddColumn Method Access Buffer Overflow 2 || url,packetstormsecurity.org/files/82950/CA-BrightStor-ARCserve-Backup-AddColumn-ActiveX-Buffer-Overflow.html 1 || 2015493 || 2 || attempted-user || 0 || ET ACTIVEX Possible CommuniCrypt Mail SMTP ActiveX AddAttachments Method Access Stack Buffer Overflow || url,packetstormsecurity.org/files/89856/CommuniCrypt-Mail-1.16-SMTP-ActiveX-Stack-Buffer-Overflow.html 1 || 2015494 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Plugin PICA Photo Gallery imgname parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/113404/WordPress-PICA-Photo-Gallery-1.0-File-Disclosure.html 1 || 2015495 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Edition mod parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/99789/Web-Edition-6.1.0.2-Local-File-Inclusion.html 1 || 2015496 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress church_admin Plugin id parameter Cross-Site Scripting Attempt || url,securityfocus.com/bid/54329 1 || 2015497 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Download Manager cid parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112708/WordPress-Download-Manager-2.2.2-Cross-Site-Scripting.html 1 || 2015498 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_hello controller parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/114893/Joomla-Hello-Local-File-Inclusion.html 1 || 2015499 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Plugin Newsletter data parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/113413/WordPress-Newsletter-1.5-File-Disclosure.html 1 || 2015500 || 3 || policy-violation || 0 || ET POLICY Geo Location IP info online service (geoiptool.com) || md5,04f02d7fea812ef78d2340015c5d768e 1 || 2015501 || 4 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - Checkin Response || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2 1 || 2015502 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox -ProxyBotCommand - CHECK_ME || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2 1 || 2015503 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - .com.tw/check_version.php || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2 1 || 2015504 || 4 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - POST 1-letter.php || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2 1 || 2015505 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - getiplist.php || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2 1 || 2015506 || 3 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - get_servers.php || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2 1 || 2015508 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - botinfo.php || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2 1 || 2015509 || 3 || trojan-activity || 0 || ET DELETED ProxyBox - HTTP CnC - proxy_info.php || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2 1 || 2015510 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox - ProxyBotCommand - I_AM || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2 1 || 2015511 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox - ProxyBotCommand - FORCE_AUTHENTICATION* || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2 1 || 2015512 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Urlzone/Bebloh/Bublik Checkin /was/vas.php || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B || url,www.threatexpert.com/report.aspx?md5=3ccc73f049a1de731baf7ea8915c92a8 || url,www.threatexpert.com/report.aspx?md5=91ce41376a5b33059744cb58758213bb || url,www.threatexpert.com/report.aspx?md5=21880326089f2eab466128974fc70d24 1 || 2015513 || 3 || trojan-activity || 0 || ET EXPLOIT Potential RoaringBeast ProFTPd Exploit Specific config files upload || url,www.exploit-db.com/exploits/18181/ || url,stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html 1 || 2015514 || 2 || trojan-activity || 0 || ET EXPLOIT Potential RoaringBeast ProFTPd Exploit nsswitch.conf Upload || url,www.exploit-db.com/exploits/18181/ || url,stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html 1 || 2015515 || 2 || trojan-activity || 0 || ET EXPLOIT Potential RoaringBeast ProFTPd Exploit Specific (CHMOD 777) || url,www.exploit-db.com/exploits/18181/ || url,stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html 1 || 2015516 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit PluginDetect Rename Saigon 1 || 2015517 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS .HTM being served from WP 1-flash-gallery Upload DIR (likely malicious) 1 || 2015518 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS .PHP being served from WP 1-flash-gallery Upload DIR (likely malicious) 1 || 2015519 || 6 || trojan-activity || 0 || ET DELETED Blackhole Landing Page Split String Obfuscated Math Floor - July 19th 2012 1 || 2015520 || 4 || trojan-activity || 0 || ET DELETED Blackhole Landing Page Applet Structure 1 || 2015521 || 2 || trojan-activity || 0 || ET TROJAN Pakes2 - Server Hello 1 || 2015522 || 2 || trojan-activity || 0 || ET TROJAN Pakes2 - Client Alive 1 || 2015523 || 3 || trojan-activity || 0 || ET TROJAN Pakes2 - Checkin - /test.php 1 || 2015524 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 3) || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ 1 || 2015525 || 4 || trojan-activity || 0 || ET DELETED Blackhole try eval prototype string splitting evasion Jul 24 2012 1 || 2015526 || 3 || bad-unknown || 0 || ET WEB_SERVER Fake Googlebot UA 1 Inbound || url,www.incapsula.com/the-incapsula-blog/item/369-was-that-really-a-google-bot-crawling-my-site || url,support.google.com/webmasters/bin/answer.py?hl=en&answer=1061943 1 || 2015527 || 2 || network-scan || 0 || ET WEB_SERVER Fake Googlebot UA 2 Inbound || url,www.incapsula.com/the-incapsula-blog/item/369-was-that-really-a-google-bot-crawling-my-site || url,support.google.com/webmasters/bin/answer.py?hl=en&answer=1061943 1 || 2015528 || 4 || trojan-activity || 0 || ET TROJAN Win32.Agent2.fher Related User-Agent (Microsoft Internet Updater) || md5,2c832d51e4e72dc3939c224cc282152c 1 || 2015529 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Googlebot User-Agent Outbound (likely malicious) 1 || 2015530 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to RunForestRun DGA Domain 16-alpha.waw.pl || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015531 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to RunForestRun DGA Domain 16-alpha.waw.pl || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/ 1 || 2015532 || 2 || trojan-activity || 0 || ET TROJAN Generic - ProxyJudge Reverse Proxy Scoring Activity 1 || 2015533 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Karagany checkin (sid5 1) 1 || 2015534 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Karagany checkin (sid5 2) 1 || 2015535 || 3 || trojan-activity || 0 || ET TROJAN ZeroAccess HTTP GET request 1 || 2015536 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress featurific-for-wordpress plugin snum parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/107256/WordPress-Featurific-Cross-Site-Scripting.html 1 || 2015537 || 2 || attempted-user || 0 || ET ACTIVEX Possible Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute || url,packetstormsecurity.org/files/82969/Symantec-AppStream-LaunchObj-ActiveX-Control-Arbitrary-File-Download-and-Execute..html 1 || 2015538 || 2 || attempted-user || 0 || ET ACTIVEX Possible WinZip FileView ActiveX CreateNewFolderFromName Method Access Buffer Overflow || url,packetstormsecurity.org/files/83024/WinZip-FileView-WZFILEVIEW.FileViewCtrl.61-ActiveX-Buffer-Overflow.html 1 || 2015539 || 2 || attempted-user || 0 || ET ACTIVEX Possible WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow 2 || url,packetstormsecurity.org/files/83024/WinZip-FileView-WZFILEVIEW.FileViewCtrl.61-ActiveX-Buffer-Overflow.html 1 || 2015540 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_picasa2gallery controller parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/90915/Joomla-Picasa2Gallery-1.2.8-Local-File-Inclusion.html 1 || 2015541 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Commentics id parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/113996/Commentics-2.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html 1 || 2015542 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress clickdesk-live-support-chat plugin cdwidgetid parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/107255/WordPress-Clickdesk-Live-Support-Chat-Cross-Site-Scripting.html 1 || 2015543 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpProfiles menu Parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/114971/phpProfiles-4.5.4-Beta-XSS-RFI-SQL-Injection.html 1 || 2015544 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpProfiles topic_title parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/114971/phpProfiles-4.5.4-Beta-XSS-RFI-SQL-Injection.html 1 || 2015545 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla PollXT component Itemid parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/94681/Joomla-PollXT-Local-File-Inclusion.html 1 || 2015546 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan Cridex checkin || url,blog.webroot.com/2012/07/13/spamvertised-american-airlines-themed-emails-lead-to-black-hole-exploit-kit/ || url,stopmalvertising.com/rootkits/analysis-of-cridex.html 1 || 2015547 || 3 || trojan-activity || 0 || ET TROJAN Pakes2 - EXE Download Request 1 || 2015548 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack Exploit Kit Landing Page 1 || 2015549 || 5 || trojan-activity || 0 || ET DELETED g01pack Exploit Kit Landing Page 2 1 || 2015550 || 1 || bad-unknown || 0 || ET DNS Query for a Suspicious *.upas.su domain 1 || 2015551 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.upas.su domain 1 || 2015552 || 2 || trojan-activity || 0 || ET SCAN HTExploit Method || url,www.mkit.com.ar/labs/htexploit/download.php 1 || 2015553 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Fake-AV Conditional Redirect (Blackmuscats) || url,blog.sucuri.net/2012/07/blackmuscats-conditional-redirections-to-faveav.html/ 1 || 2015554 || 19 || attempted-admin || 0 || ET WEB_CLIENT Potential MSXML2.DOM Document.3.0 Uninitialized Memory Corruption Attempt || cve,CVE-2012-1889 1 || 2015555 || 18 || attempted-admin || 0 || ET WEB_CLIENT Potential MSXML2.DOMDocument.4-6.0 Uninitialized Memory Corruption CVE-2012-1889 || cve,CVE-2012-1889 1 || 2015556 || 20 || attempted-user || 0 || ET WEB_CLIENT Potential MSXML2.DOMDocument ActiveXObject Uninitialized Memory Corruption Attempt || cve,CVE-2012-1889 1 || 2015557 || 6 || attempted-user || 0 || ET WEB_CLIENT Potential MSXML2.FreeThreadedDOMDocument Uninitialized Memory Corruption Attempt || cve,2012-1889 1 || 2015558 || 4 || trojan-activity || 0 || ET DELETED g01pack Exploit Kit Landing Page 3 1 || 2015559 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Cridex Self Signed SSL Certificate (TR, Some-State, Internet Widgits) 1 || 2015560 || 3 || bad-unknown || 0 || ET TROJAN Suspicious Self Signed SSL Certificate to (MyCompany Ltd) likely Shylock CnC 1 || 2015561 || 2 || bad-unknown || 0 || ET INFO PDF Using CCITTFax Filter || url,nakedsecurity.sophos.com/2012/04/05/ccittfax-pdf-malware/ || url,blog.fireeye.com/research/2012/07/analysis-of-a-different-pdf-malware.html#more 1 || 2015562 || 2 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Jorik.Totem.vg HTTP request || md5,cf5df13f8498326f1c6407749b3fe160 1 || 2015563 || 3 || attempted-user || 0 || ET ACTIVEX Possible BarCodeWiz BarcodeWiz.dll ActiveX Control Barcode Method Remote Buffer Overflow Attempt || url,securityfocus.com/bid/54701 1 || 2015564 || 2 || attempted-user || 0 || ET ACTIVEX Possible BarCodeWiz (BARCODEWIZLib.BarCodeWiz) ActiveX Control Buffer Overflow || url,securityfocus.com/bid/54701 1 || 2015565 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ManageEngine Applications Manager attributeToSelect parameter Cross-Site Script Attempt || url,securityfocus.com/bid/54759/ 1 || 2015566 || 2 || attempted-user || 0 || ET ACTIVEX Possible AOL ICQ ActiveX Control DownloadAgent Method Access Arbitrary File Download and Execute || url,packetstormsecurity.org/files/83020/America-Online-ICQ-ActiveX-Control-Arbitrary-File-Download-and-Execute..html 1 || 2015567 || 2 || attempted-user || 0 || ET ACTIVEX Possible AOL ICQ ActiveX Control DownloadAgent Method Access Arbitrary File Download and Execute 2 || url,packetstormsecurity.org/files/83020/America-Online-ICQ-ActiveX-Control-Arbitrary-File-Download-and-Execute..html 1 || 2015568 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jeformcr view parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/94549/Joomla-Jeformcr-Local-File-Inclusion.html 1 || 2015569 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Bsadv controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/94540/Joomla-Basdv-Local-File-Inclusion-Directory-Traversal.html 1 || 2015570 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_mailchimpccnewsletter controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/95332/Joomla-MailChimpCCNewsletter-Local-File-Inclusion.html 1 || 2015571 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pragmaMx img_url parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/113035/pragmaMx-1.12.1-Cross-Site-Scripting.html 1 || 2015572 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TEMENOS T24 skin parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/115126/Temenos-T24-R07.03-Cross-Site-Scripting.html 1 || 2015573 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Yszz JS/Encryption (Used in KaiXin Exploit Kit) || url,kahusecurity.com/2012/new-chinese-exploit-pack/ 1 || 2015574 || 4 || attempted-user || 0 || ET CURRENT_EVENTS DoSWF Flash Encryption (Used in KaiXin Exploit Kit) || url,kahusecurity.com/2012/new-chinese-exploit-pack/ 1 || 2015575 || 11 || attempted-user || 0 || ET CURRENT_EVENTS KaiXin Exploit Kit Java Class || url,kahusecurity.com/2012/new-chinese-exploit-pack/ 1 || 2015576 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to tor2web.org Domain (.onion proxy) || url,tor2web.org 1 || 2015577 || 3 || trojan-activity || 0 || ET TROJAN W32/Lile.A DoS Outbound || url,symantec.com/security_response/writeup.jsp?docid=2005-101311-0945-99&tabid=2 || md5,d6d0cd7eca2cef5aad66efbd312a7987 1 || 2015578 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Obfuscated Javascript redirecting to badness August 6 2012 1 || 2015579 || 10 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Landing Page Structure 1 || 2015580 || 5 || trojan-activity || 0 || ET DELETED Blackhole Replace JavaScript Large Obfuscated Blob - August 3rd 2012 1 || 2015581 || 1 || trojan-activity || 0 || ET TROJAN Atadommoc.C - HTTP CnC 1 || 2015582 || 5 || trojan-activity || 0 || ET DELETED Blackhole Redirection Page You Will Be Forwarded - 7th August 2012 1 || 2015583 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FoxxySoftware - Comments || url,blog.eset.com/2012/08/07/foxxy-software-outfoxed 1 || 2015584 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS FoxxySoftware - Comments(2) || url,blog.eset.com/2012/08/07/foxxy-software-outfoxed 1 || 2015585 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FoxxySoftware - Hit Counter Access || url,blog.eset.com/2012/08/07/foxxy-software-outfoxed 1 || 2015586 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Redirection Page Try Math.Round Catch - 7th August 2012 1 || 2015587 || 2 || trojan-activity || 0 || ET TROJAN MP-FormGrabber Checkin || url,www.xylibox.com/2012/08/mp-formgrabber.html?spref=tw 1 || 2015588 || 5 || misc-activity || 0 || ET POLICY Suspicious Windows Executable WriteProcessMemory || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 || url,jessekornblum.livejournal.com/284641.html || url,msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx 1 || 2015589 || 5 || misc-activity || 0 || ET POLICY Suspicious Windows Executable CreateRemoteThread || url,sans.org/reading_room/whitepapers/malicious/rss_33649 || url,jessekornblum.livejournal.com/284641.html || url,msdn.microsoft.com/en-us/library/windows/desktop/ms682437%28v=vs.85%29.aspx 1 || 2015590 || 7 || trojan-activity || 0 || ET DELETED Blackhole Landing Page Intial Structure - 8th August 2012 1 || 2015591 || 4 || trojan-activity || 0 || ET DELETED Potential Blackhole Zeus Drop - 8th August 2012 1 || 2015592 || 4 || trojan-activity || 0 || ET DELETED Blackhole Specific JavaScript Replace hwehes - 8th August 2012 1 || 2015593 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sutra TDS /simmetry || url,blog.sucuri.net/2012/08/very-good-malware-redirection.html 1 || 2015594 || 2 || trojan-activity || 0 || ET TROJAN FinFisher Malware Connection Initialization || url,community.rapid7.com/community/infosec/blog/2012/08/08/finfisher 1 || 2015595 || 2 || trojan-activity || 0 || ET TROJAN FinFisher Malware Connection Handshake || url,community.rapid7.com/community/infosec/blog/2012/08/08/finfisher 1 || 2015596 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown .rr.nu Malware landing page || url,isc.sans.edu/diary.html?storyid=13864 1 || 2015597 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.gowin7.com || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution 1 || 2015598 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.secuurity.net || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution 1 || 2015599 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.bestcomputeradvisor.com || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution 1 || 2015600 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.dotnetadvisor.info || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution 1 || 2015601 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.dataspotlight.net || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution 1 || 2015602 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.guest-access.net || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution 1 || 2015603 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY SPL - Java Exploit Requested - /spl_data/ 1 || 2015604 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY SPL - Java Exploit Requested .jar Naming Pattern 1 || 2015605 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY SPL - Landing Page Received 1 || 2015606 || 2 || attempted-user || 0 || ET ACTIVEX Possible HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution || url,1337day.com/exploits/17395 1 || 2015607 || 2 || attempted-user || 0 || ET ACTIVEX Possible HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution 2 || url,1337day.com/exploits/17395 1 || 2015608 || 2 || attempted-user || 0 || ET ACTIVEX Possible Kazaa Altnet Download Manager ActiveX Control Install Method Access Buffer Overflow || url,packetstormsecurity.org/files/83086/Kazaa-Altnet-Download-Manager-ActiveX-Control-Buffer-Overflow.html 1 || 2015609 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Advanced Text Widget plugin page parameter Cross-Site Script Attempt || url,packetstormsecurity.org/files/107192/WordPress-Advanced-Text-Widget-Cross-Site-Scripting.html 1 || 2015610 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Lanoba Social plugin action parameter Cross-Site Script Attempt || url,packetstormsecurity.org/files/107191/WordPress-Lanoba-Social-Cross-Site-Scripting.html 1 || 2015611 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla je-media-player view parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/91171/Joomla-JE-Media-Player-Local-File-Inclusion.html 1 || 2015612 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dirLIST show_scaled_image.php Local File Inclusion Attempt || url,packetstormsecurity.org/files/115381/dirLIST-0.3.0-Local-File-Inclusion.html 1 || 2015613 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dirLIST thumb_gen.php Local File Inclusion Attempt || url,packetstormsecurity.org/files/115381/dirLIST-0.3.0-Local-File-Inclusion.html 1 || 2015614 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BaglerCMS articleID parameter Cross-Site Script Attempt || url,1337day.com/exploits/18221 1 || 2015615 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress LiveGrounds plugin uid parameter Cross-Site Script Attempt || url,1337day.com/exploits/18932 1 || 2015616 || 3 || trojan-activity || 0 || ET TROJAN DOCHTML C&C http directive in HTML comments || url,blog.accuvantlabs.com/blog/dgrif/anatomy-targeted-attack 1 || 2015617 || 2 || trojan-activity || 0 || ET TROJAN Smardf/Boaxxe GET to cc.php3 || md5,f856b4c526c3e5cee9d47df59295d2e1 || md5,232b4dbed0453e2a952630fb1076248f 1 || 2015618 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.datajunction.org || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution 1 || 2015619 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole/Cool jnlp URI Struct 1 || 2015620 || 5 || trojan-activity || 0 || ET DELETED Blackhole Landing Page JavaScript Replace - 13th August 2012 1 || 2015621 || 4 || trojan-activity || 0 || ET DELETED Blackhole Landing Page ChildNodes.Length - August 13th 2012 1 || 2015622 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Hwehes String - August 13th 2012 1 || 2015623 || 2 || trojan-activity || 0 || ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B || url,www.threatexpert.com/report.aspx?md5=3ccc73f049a1de731baf7ea8915c92a8 || url,www.threatexpert.com/report.aspx?md5=91ce41376a5b33059744cb58758213bb || url,www.threatexpert.com/report.aspx?md5=21880326089f2eab466128974fc70d24 1 || 2015625 || 2 || web-application-attack || 0 || ET WEB_SERVER Magento XMLRPC-Exploit Attempt || url,www.magentocommerce.com/blog/comments/important-security-update-zend-platform-vulnerability/ || url,www.magentocommerce.com/blog/update-zend-framework-vulnerability-security-update || url,www.exploit-db.com/exploits/19793/ 1 || 2015627 || 4 || trojan-activity || 0 || ET DELETED Backdoor.Win32.Gh0st Checkin (6 Byte keyword) || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || url,labs.alienvault.com/labs/index.php/2012/new-macontrol-variant-targeting-uyghur-users-the-windows-version-using-gh0st-rat/ || url,www.infowar-monitor.net/2009/09/tracking-ghostnet-investigating-a-cyber-espionage-network/ || url,blogs.rsa.com/will-gragido/lions-at-the-watering-hole-the-voho-affair/ 1 || 2015628 || 4 || trojan-activity || 0 || ET DELETED Backdoor.Win32.Gh0st Checkin (7 Byte keyword) || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || url,labs.alienvault.com/labs/index.php/2012/new-macontrol-variant-targeting-uyghur-users-the-windows-version-using-gh0st-rat/ || url,www.infowar-monitor.net/2009/09/tracking-ghostnet-investigating-a-cyber-espionage-network/ || url,blogs.rsa.com/will-gragido/lions-at-the-watering-hole-the-voho-affair/ 1 || 2015629 || 5 || trojan-activity || 0 || ET TROJAN Cridex Response from exfiltrated data upload || url,www.virustotal.com/file/00bf5b6f32b6a8223b8e55055800ef7870f8acaed334cb12484e44489b2ace24/analysis/ || url,www.packetninjas.net 1 || 2015630 || 5 || trojan-activity || 0 || ET DELETED Possible XDocCrypt/Dorifel CnC IP || url,www.fox-it.com/en/blog/xdoccryptdorifel-document-encrypting-and-network-spreading-virus 1 || 2015631 || 6 || trojan-activity || 0 || ET DELETED Possible XDocCrypt/Dorifel Checkin || url,www.fox-it.com/en/blog/xdoccryptdorifel-document-encrypting-and-network-spreading-virus 1 || 2015632 || 4 || trojan-activity || 0 || ET TROJAN Shamoon/Wiper/DistTrack Checkin || url,www.symantec.com/connect/blogs/shamoon-attacks || url,www.securelist.com/en/blog/208193786/Shamoon_the_Wiper_Copycats_at_Work || url,kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23936/en_US/McAfee_Labs_Threat_Advisory_W32_DistTrack.pdf 1 || 2015633 || 2 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to Abused Domain *.mooo.com 1 || 2015634 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to Abused Domain *.mooo.com 1 || 2015635 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Briba Checkin || url,labs.alienvault.com/labs/index.php/2012/cve-2012-1535-adobe-flash-being-exploited-in-the-wild/ 1 || 2015636 || 4 || attempted-user || 0 || ET ACTIVEX Possible CA eTrust PestPatrol ActiveX Control Buffer Overflow || url,exploit-db.com/exploits/16630/ 1 || 2015637 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MindTouch Deki Wiki link.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/115479/MindTouch-Deki-Wiki-10.1.3-Local-File-Inclusion-Remote-File-Inclusion.html 1 || 2015638 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MindTouch Deki Wiki deki_plugin.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/115479/MindTouch-Deki-Wiki-10.1.3-Local-File-Inclusion-Remote-File-Inclusion.html 1 || 2015639 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MindTouch Deki Wiki wgDekiPluginPath parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/115479/MindTouch-Deki-Wiki-10.1.3-Local-File-Inclusion-Remote-File-Inclusion.html 1 || 2015640 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MindTouch Deki Wiki link.php Local File Inclusion Attempt || url,packetstormsecurity.org/files/115479/MindTouch-Deki-Wiki-10.1.3-Local-File-Inclusion-Remote-File-Inclusion.html 1 || 2015641 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MindTouch Deki Wiki deki_plugin.php Local File Inclusion Attempt || url,packetstormsecurity.org/files/115479/MindTouch-Deki-Wiki-10.1.3-Local-File-Inclusion-Remote-File-Inclusion.html 1 || 2015642 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MindTouch Deki Wiki wgDekiPluginPath parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/115479/MindTouch-Deki-Wiki-10.1.3-Local-File-Inclusion-Remote-File-Inclusion.html 1 || 2015643 || 4 || attempted-user || 0 || ET ACTIVEX Possible Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow || url,exploit-db.com/exploits/16609/ || url,kb.cert.org/vuls/id/179281 1 || 2015644 || 3 || attempted-user || 0 || ET ACTIVEX Possible Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow 2 || url,exploit-db.com/exploits/16609/ 1 || 2015645 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_g2bridge controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/90150/Joomla-G2Bridge-Local-File-Inclusion.html 1 || 2015646 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Kit seen with O1/O2.class /form 1 || 2015647 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Kit seen with O1/O2.class /search 1 || 2015648 || 7 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Landing - Aug 21 2012 1 || 2015649 || 3 || trojan-activity || 0 || ET DELETED Fake AV base64 affid initial Landing or owned Check-In, asset owned if /callback/ in URI 1 || 2015651 || 3 || trojan-activity || 0 || ET DELETED Blackhole Javascript 23 Aug 2012 split join split applet 1 || 2015652 || 5 || trojan-activity || 0 || ET DELETED Blackhole Java applet with obfuscated URL 23 Aug 2012 1 || 2015653 || 4 || trojan-activity || 0 || ET TROJAN Rogue.Win32/Winwebsec Install || md5,c527fb441e204baa28a7dcbcd3d91cd1 1 || 2015654 || 5 || bad-unknown || 0 || ET DELETED Blackhole Landing try catch try catch math eval Aug 27 2012 1 || 2015655 || 5 || trojan-activity || 0 || ET DELETED 0day JRE 17 exploit Class 1 || url,blog.sucuri.net/2012/08/java-zero-day-in-the-wild.html 1 || 2015656 || 4 || trojan-activity || 0 || ET DELETED 0day JRE 17 exploit Class 2 || url,blog.sucuri.net/2012/08/java-zero-day-in-the-wild.html 1 || 2015657 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Metasploit Java Payload || url,blog.sucuri.net/2012/08/java-zero-day-in-the-wild.html || url,metasploit.com/modules/exploit/multi/browser/java_jre17_exec 1 || 2015658 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Metasploit Java Exploit || url,blog.sucuri.net/2012/08/java-zero-day-in-the-wild.html || url,metasploit.com/modules/exploit/multi/browser/java_jre17_exec 1 || 2015659 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Blackhole Admin bhadmin.php access Outbound 1 || 2015660 || 2 || attempted-user || 0 || ET CURRENT_EVENTS - Blackhole Admin Login Outbound 1 || 2015661 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Blackhole Admin bhadmin.php access Inbound 1 || 2015662 || 2 || attempted-user || 0 || ET CURRENT_EVENTS - Blackhole Admin Login Inbound 1 || 2015663 || 4 || attempted-user || 0 || ET DELETED NeoSploit - Obfuscated Payload Requested 1 || 2015664 || 3 || attempted-user || 0 || ET DELETED NeoSploit - PDF Exploit Requested 1 || 2015665 || 2 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - TDS 1 || 2015666 || 4 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - Version Enumerated - Java 1 || 2015667 || 2 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - Version Enumerated - null 1 || 2015668 || 6 || attempted-user || 0 || ET CURRENT_EVENTS FlimKit/Other - Landing Page - 100HexChar value and applet 1 || 2015669 || 10 || attempted-user || 0 || ET CURRENT_EVENTS Malicious Redirect n.php h=*&s=* || url,0xicf.wordpress.com/category/security-updates/ || url,support.clean-mx.de/clean-mx viruses.php?domain=rr.nu&sort=first%20desc || url,urlquery.net/report.php?id=111302 1 || 2015670 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown Exploit Kit suspected Blackhole 1 || 2015671 || 9 || not-suspicious || 0 || ET INFO Adobe PDF in HTTP Flowbit Set || cve,CVE-2008-2992 || bugtraq,30035 || secunia,29773 1 || 2015672 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown Exploit Kit redirect 1 || 2015673 || 3 || trojan-activity || 0 || ET TROJAN Trojan.JS.QLP Checkin 1 || 2015674 || 3 || misc-activity || 0 || ET INFO 3XX redirect to data URL 1 || 2015675 || 3 || trojan-activity || 0 || ET INFO SimpleTDS go.php (sid) 1 || 2015676 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit Payload Download Request - Sep 04 2012 1 || 2015677 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura exploit kit binary download request /out.php 1 || 2015678 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura exploit kit exploit download request /view.php 1 || 2015679 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Probable Sakura exploit kit landing page with obfuscated URLs 1 || 2015680 || 9 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Nov 09 2012 1 || 2015681 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit with fast-flux like behavior hostile FQDN - Sep 05 2012 1 || 2015682 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit with fast-flux like behavior static initial landing - Sep 05 2012 1 || 2015683 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit with fast-flux like behavior hostile java archive - Sep 05 2012 1 || 2015684 || 4 || attempted-user || 0 || ET DELETED Blackhole alt URL request Sep 05 2012 bv6rcs3v1ithi.php?w= || url,urlquery.net/report.php?id=158608 1 || 2015686 || 2 || misc-activity || 0 || ET POLICY Signed TLS Certificate with md5WithRSAEncryption || url,www.win.tue.nl/hashclash/rogue-ca/ || url,ietf.org/rfc/rfc3280.txt || url,jensign.com/JavaScience/GetTBSCert/index.html || url,luca.ntop.org/Teaching/Appunti/asn1.html || url,news.netcraft.com/archives/2012/08/31/governments-and-banks-still-using-weak-md5-signed-ssl-certificates.html 1 || 2015687 || 2 || attempted-recon || 0 || ET POLICY Inbound /uploadify.php Access || url,blog.sucuri.net/2012/06/uploadify-uploadify-and-uploadify-the-new-timthumb.html 1 || 2015688 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Possible Remote PHP Code Execution (php.pjpg) || url,exploitsdownload.com/search/Arbitrary%20File%20Upload/27 1 || 2015689 || 2 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY NeoSploit - Java Exploit Requested 1 || 2015690 || 2 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - Obfuscated Payload Requested 1 || 2015691 || 2 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - PDF Exploit Requested 1 || 2015692 || 3 || attempted-user || 0 || ET DELETED NeoSploit - TDS 1 || 2015693 || 2 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - Version Enumerated - Java 1 || 2015694 || 2 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - Version Enumerated - null 1 || 2015695 || 4 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY Generic - 8Char.JAR Naming Algorithm 1 || 2015696 || 4 || trojan-activity || 0 || ET DELETED g01pack Exploit Kit Landing Page 4 1 || 2015697 || 3 || trojan-activity || 0 || ET DELETED Blackhole repetitive applet/code tag 1 || 2015698 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SPL Landing Page Requested 1 || 2015699 || 3 || trojan-activity || 0 || ET DELETED Unknown base64-style Java-based Exploit Kit using github as initial director 1 || 2015700 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Blackhole2 - URI Structure 1 || 2015701 || 3 || attempted-user || 0 || ET DELETED Blackhole2 - Landing Page Received 1 || 2015702 || 3 || attempted-recon || 0 || ET SCAN Brutus Scan Outbound 1 || 2015703 || 3 || attempted-recon || 0 || ET WEB_SERVER Brutus Scan Inbound 1 || 2015704 || 6 || attempted-user || 0 || ET CURRENT_EVENTS DoSWF Flash Encryption Banner 1 || 2015705 || 4 || trojan-activity || 0 || ET DELETED g01pack Exploit Kit Landing Page 6 1 || 2015706 || 4 || trojan-activity || 0 || ET DELETED g01pack Exploit Kit Landing Page 5 1 || 2015707 || 2 || misc-activity || 0 || ET INFO JAVA - document.createElement applet 1 || 2015708 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS - Applet Tag In Edwards Packed JavaScript 1 || 2015709 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Blackhole Landing to 7-8 chr folder plus index.htm or index.html 1 || 2015710 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole2 - Landing Page Received 1 || 2015711 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Internet Explorer execCommand function Use after free Vulnerability 0day || url,eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/ || cve,CVE-2012-4969 1 || 2015712 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Internet Explorer execCommand function Use after free Vulnerability 0day Metasploit || url,eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/ || cve,CVE-2012-4969 1 || 2015713 || 3 || trojan-activity || 0 || ET TROJAN Dapato Checkin 8 || md5,de7c781205d31f58a04d5acd13ff977d 1 || 2015714 || 2 || trojan-activity || 0 || ET TROJAN Mirage Campaign checkin || md5,ce1cdc9c95a6808945f54164b2e4d9d2 || url,secureworks.com/research/threats/the-mirage-campaign/ 1 || 2015716 || 4 || attempted-user || 0 || ET DELETED Blackhole2 - Client reporting targeted software versions 1 || 2015717 || 3 || trojan-activity || 0 || ET TROJAN SSL Cert Used In Unknown Exploit Kit (ashburn) 1 || 2015718 || 2 || trojan-activity || 0 || ET TROJAN SSL Cert Used In Unknown Exploit Kit 1 || 2015719 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain palauone.com 09/20/12 1 || 2015720 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain traindiscover.com 09/20/12 1 || 2015721 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain manymanyd.com 09/20/12 1 || 2015722 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain whatandwhyeh.com 09/20/12 1 || 2015723 || 3 || trojan-activity || 0 || ET TROJAN ZeroAccess Checkin || url,sophos.com/en-us/medialibrary/PDFs/technical%20papers/Sophos_ZeroAccess_Botnet.pdf 1 || 2015724 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS pamdql Exploit Kit 09/25/12 Sending Jar 1 || 2015725 || 8 || trojan-activity || 0 || ET DELETED pamdql Exploit Kit 09/25/12 Sending PDF 1 || 2015726 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Access To mm-forms-community upload dir (Outbound) || url,www.exploit-db.com/exploits/18997/ || cve,2012-3574 1 || 2015727 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Access To mm-forms-community upload dir (Inbound) || url,www.exploit-db.com/exploits/18997/ || cve,2012-3574 1 || 2015728 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain bktwenty.com 09/20/12 1 || 2015729 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Unknown CnC DGA Domain adbullion.com 09/20/12 1 || 2015730 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain sleeveblouse.com 09/20/12 1 || 2015731 || 3 || trojan-activity || 0 || ET DELETED g01pack Exploit Kit Landing Page 7 1 || 2015732 || 3 || trojan-activity || 0 || ET DELETED Blackhole2 - Landing Page Received - classid 1 || 2015733 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura exploit kit exploit download request /sarah.php 1 || 2015734 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura exploit kit exploit download request /nano.php 1 || 2015735 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Probable Sakura Java applet with obfuscated URL Sep 21 2012 1 || 2015736 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain defmaybe.com 09/25/12 1 || 2015737 || 5 || attempted-admin || 0 || ET CURRENT_EVENTS PHPMyAdmin BackDoor Access || url,www.phpmyadmin.net/home_page/security/PMASA-2012-5.php 1 || 2015738 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS pamdql obfuscated javascript --- padding 1 || 2015739 || 6 || bad-unknown || 0 || ET DELETED pamdql applet with obfuscated URL 1 || 2015740 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS MALVERTISING - Redirect To Blackhole - Push JavaScript 1 || 2015741 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain adbullion.com 09/26/12 1 || 2015742 || 1 || trojan-activity || 0 || ET TROJAN SSL Cert Used In Unknown Exploit Kit 1 || 2015743 || 1 || policy-violation || 0 || ET CURRENT_EVENTS Revoked Adobe Code Signing Certificate Seen || url,www.adobe.com/support/security/advisories/apsa12-01.html 1 || 2015744 || 2 || misc-activity || 0 || ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) 1 || 2015745 || 2 || misc-activity || 0 || ET INFO EXE CheckRemoteDebuggerPresent (Used in Malware Anti-Debugging) 1 || 2015747 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible JBoss/JMX InvokerServlet Auth Bypass Attempt || cve,CVE-2007-1036 || url,exploit-db.com/exploits/21080/ 1 || 2015748 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Anti-Hacking Tool || md5,93443e59c473b89b5afad940a843982a || url,eff.org/deeplinks/2012/08/syrian-malware-post 1 || 2015749 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible Oracle SQL Injection utl_inaddr call in URI 1 || 2015750 || 4 || trojan-activity || 0 || ET DELETED SofosFO/NeoSploit possible landing page 10/01/12 1 || 2015751 || 4 || trojan-activity || 0 || ET DELETED SofosFO/NeoSploit possible landing page 10/01/12 (2) 1 || 2015752 || 3 || trojan-activity || 0 || ET DELETED Windows EXE with alternate byte XOR 51 - possible SofosFO/NeoSploit download 1 || 2015753 || 3 || trojan-activity || 0 || ET TROJAN Pincav.cjvb Checkin || md5,1e5499640ca31e4b1f113b97a0cae08b 1 || 2015754 || 2 || attempted-recon || 0 || ET SCAN Nessus Netbios Scanning || url,www.tenable.com/products/nessus/nessus-product-overview 1 || 2015755 || 3 || attempted-user || 0 || ET WEB_SERVER Image Content-Type with Obfuscated PHP (Seen with C99 Shell) || url,malwaremustdie.blogspot.jp/2012/10/how-far-phpc99shell-malware-can-go-from.html 1 || 2015756 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan Downloader GetBooks UA 1 || 2015757 || 2 || policy-violation || 0 || ET POLICY AskSearch Toolbar Spyware User-Agent (AskTBar) 2 1 || 2015758 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack Exploit Kit Landing Page (2) 1 || 2015759 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (4) 1 || 2015780 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Zbot UA 1 || 2015781 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit 32-32 byte hex initial landing 1 || 2015782 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Other Java Exploit Kit 32-32 byte hex hostile jar 1 || 2015783 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS BegOp Exploit Kit Payload 1 || 2015785 || 4 || bad-unknown || 0 || ET DELETED pamdql obfuscated javascript _222_ padding 1 || 2015786 || 3 || trojan-activity || 0 || ET TROJAN Ransom.Win32.Birele.gsg Checkin || md5,116aaaa5765228d61501322b02a6a3b1 || md5,2e66f39a263cb2e95425847b60ee2a93 || md5,0ea9b34e9d77b5a4ef5170406ed1aaed 1 || 2015787 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole/Cool eot URI Struct 1 || 2015788 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS BegOpEK - Landing Page 1 || 2015789 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS BegOpEK - TDS - icon.php 1 || 2015790 || 2 || attempted-user || 0 || ET WEB_CLIENT Microsoft Rich Text File download - SET || cve,2012-0183 1 || 2015791 || 4 || trojan-activity || 0 || ET POLICY archive.org heritix Crawler User-Agent (Outbound) || md5,9fcbd8ebbbafdb0f64805f2c9a53fb7b || url,crawler.archive.org/index.html 1 || 2015792 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Scalaxy Secondary Landing Page 10/11/12 1 || 2015793 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Scalaxy Java Exploit 10/11/12 1 || 2015794 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PhpTax Possible Remote Code Exec 1 || 2015796 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole/Cool Jar URI Struct 1 || 2015797 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 2 Landing Page (3) 1 || 2015798 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole/Cool EXE URI Struct 1 || 2015799 || 6 || trojan-activity || 0 || ET TROJAN Win32.Fareit.A/Pony Downloader Checkin (2) || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS%3aWin32%2fFareit.A || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS%3aWin32%2fFareit || url,www.threatexpert.com/report.aspx?md5=99fab94fd824737393f5184685e8edf2 || url,www.threatexpert.com/report.aspx?md5=9544c681ae5c4fe3fdbd4d5c6c90e38e || url,www.threatexpert.com/report.aspx?md5=d50c39753ba88daa00bc40848f174168 || url,www.threatexpert.com/report.aspx?md5=bf422f3aa215d896f55bbe2ebcd25d17 1 || 2015800 || 7 || trojan-activity || 0 || ET TROJAN Dorkbot GeoIP Lookup to wipmania 1 || 2015801 || 4 || bad-unknown || 0 || ET DELETED pamdql obfuscated javascript -_-- padding 1 || 2015802 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 2 Landing Page (5) 1 || 2015803 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Blackhole/Cool Landing URI Struct || url,fortknoxnetworks.blogspot.com/2012/10/blackhhole-exploit-kit-v-20-url-pattern.html 1 || 2015804 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole 2 PDF Exploit || url,fortknoxnetworks.blogspot.com/2012/10/blackhhole-exploit-kit-v-20-url-pattern.html 1 || 2015805 || 2 || trojan-activity || 0 || ET TROJAN Mini-Flame v 4.x C2 HTTP request || url,www.securelist.com/en/analysis/204792247/miniFlame_aka_SPE_Elvis_and_his_friends 1 || 2015806 || 2 || trojan-activity || 0 || ET TROJAN Mini-Flame v 5.x C2 HTTP request || url,www.securelist.com/en/analysis/204792247/miniFlame_aka_SPE_Elvis_and_his_friends 1 || 2015807 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Pushdo.s Checkin || md5,58ffe2b79be4e789be80f92b7f96e20c 1 || 2015808 || 3 || trojan-activity || 0 || ET TROJAN Taidoor Checkin 1 || 2015809 || 5 || trojan-activity || 0 || ET WEB_CLIENT Adobe Flash Vuln (CVE-2012-1535 Uncompressed) Exploit Specific 1 || 2015810 || 2 || trojan-activity || 0 || ET WEB_CLIENT Adobe Flash Vuln (CVE-2012-1535 Uncompressed) Exploit Specific 1 || 2015811 || 2 || web-application-activity || 0 || ET WEB_SERVER FaTaLisTiCz_Fx Webshell Detected 1 || 2015812 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO Jar file 10/17/12 1 || 2015813 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Torpig Sinkhole Domain (Possible Infected Host) || url,www.sysenter-honeynet.org/?p=269 1 || 2015814 || 12 || trojan-activity || 0 || ET TROJAN Win32/Fujacks Activity 1 || 2015815 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Font File Download (32-bit Host) Dec 11 2012 1 || 2015816 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Font File Download (64-bit Host) Dec 11 2012 1 || 2015817 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole2 Non-Vulnerable Client Fed Fake Flash Executable || url,research.zscaler.com/2012/10/blackhole-exploit-kit-v2-on-rise.html 1 || 2015818 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack Exploit Kit .homeip. Landing Page 1 || 2015819 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack Exploit Kit .homelinux. Landing Page 1 || 2015820 || 3 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 7 User-Agent 1 || 2015821 || 3 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 8 User-Agent 1 || 2015822 || 3 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 9 User-Agent 1 || 2015823 || 6 || bad-unknown || 0 || ET DELETED Blackhole Java applet with obfuscated URL Oct 19 2012 1 || 2015824 || 6 || trojan-activity || 0 || ET TROJAN GeckaSeka User-Agent 1 || 2015825 || 8 || trojan-activity || 0 || ET TROJAN Zeus/Citadel Control Panel Access (Outbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html 1 || 2015826 || 8 || trojan-activity || 0 || ET TROJAN Zeus/Citadel Control Panel Access (Inbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html 1 || 2015827 || 6 || trojan-activity || 0 || ET TROJAN Citadel API Access Iframer Controller (Outbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html 1 || 2015828 || 7 || trojan-activity || 0 || ET TROJAN Citadel API Access IFramer Controller (Inbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html 1 || 2015829 || 6 || trojan-activity || 0 || ET TROJAN Citadel API Access VNC Controller (Outbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html 1 || 2015830 || 6 || trojan-activity || 0 || ET TROJAN Citadel API Access VNC Controller (Inbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html 1 || 2015831 || 6 || trojan-activity || 0 || ET TROJAN Citadel API Access Bot Controller (Outbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html 1 || 2015832 || 6 || trojan-activity || 0 || ET TROJAN Citadel API Access Bot Controller (Inbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html 1 || 2015833 || 6 || trojan-activity || 0 || ET TROJAN Citadel API Access Video Controller (Outbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html 1 || 2015834 || 7 || trojan-activity || 0 || ET TROJAN Citadel API Access Video Controller (Inbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html 1 || 2015835 || 6 || trojan-activity || 0 || ET TROJAN Smoke Loader C2 Response 1 || 2015836 || 6 || successful-user || 0 || ET CURRENT_EVENTS Blackhole 2.0 Binary Get Request || url,fortknoxnetworks.blogspot.be/2012/10/blackhole-20-binary-get-request.html 1 || 2015837 || 2 || trojan-activity || 0 || ET TROJAN SSL Cert Used In Unknown Exploit Kit 1 || 2015840 || 3 || successful-user || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Landing Page 1 || 2015841 || 3 || successful-user || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Landing Page 1 || 2015842 || 2 || misc-activity || 0 || ET INFO LLNMR query response to wpad 1 || 2015843 || 5 || trojan-activity || 0 || ET DELETED Blackhole request for file containing Java payload URIs (1) 1 || 2015844 || 4 || trojan-activity || 0 || ET DELETED Blackhole file containing obfuscated Java payload URIs 1 || 2015845 || 4 || bad-unknown || 0 || ET DELETED pamdql obfuscated javascript __-_ padding 1 || 2015846 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS NeoSploit Jar with three-letter class names 1 || 2015847 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO/NeoSploit possible second stage landing page 1 || 2015848 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Imposter USPS Domain 1 || 2015849 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Metasploit CVE-2012-1723 Path (Seen in Unknown EK) 10/29/12 1 || 2015850 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Georgian Targeted Attack - Trojan Checkin || md5,d4af87ba30c59d816673df165511e466 || url,dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf 1 || 2015851 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Georgian Targeted Attack - Client Request || md5,d4af87ba30c59d816673df165511e466 || url,dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf 1 || 2015852 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Georgian Targeted Attack - Server Response || md5,d4af87ba30c59d816673df165511e466 || url,dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf 1 || 2015853 || 2 || trojan-activity || 0 || ET TROJAN Georbot requesting update 1 || 2015854 || 2 || trojan-activity || 0 || ET TROJAN Georbot initial checkin 1 || 2015855 || 2 || trojan-activity || 0 || ET TROJAN Georbot checkin 1 || 2015856 || 5 || policy-violation || 0 || ET SNMP Attempt to retrieve Cisco Config via TFTP (CISCO-CONFIG-COPY) 1 || 2015857 || 4 || policy-violation || 0 || ET TFTP Outbound TFTP Data Transfer with Cisco config 1 || 2015858 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Sakura/RedKit obfuscated URL 1 || 2015859 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Metasploit CVE-2012-1723 Attacker.class (Seen in Unknown EK) 11/01/12 1 || 2015860 || 8 || trojan-activity || 0 || ET TROJAN System Progressive Detection FakeAV (INTEL) || md5,76bea2200601172ebc2374e4b418c63a 1 || 2015861 || 7 || trojan-activity || 0 || ET TROJAN System Progressive Detection FakeAV (AMD) || md5,76bea2200601172ebc2374e4b418c63a 1 || 2015862 || 3 || trojan-activity || 0 || ET TROJAN Potentially Unwanted Program RebateInformerSetup.exe Download Reporting || url,www.ripoffreport.com/directory/rebategiant-com.aspx 1 || 2015863 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole request for file containing Java payload URIs (2) 1 || 2015864 || 3 || attempted-user || 0 || ET DELETED Blackhole 2.0 PDF GET request || url,fortknoxnetworks.blogspot.com/2012/11/deeper-into-blackhole-urls-and-dialects.html 1 || 2015865 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Self-Singed SSL Cert Used in Conjunction with Neosploit 1 || 2015866 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sophos PDF Standard Encryption Key Length Buffer Overflow 1 || 2015867 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sophos PDF Standard Encryption Key Length Buffer Overflow 1 || 2015868 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.ADDNEW (DarKDdoser) CnC 1 || url,blog.fireeye.com/research/2012/11/backdooraddnew-darkddoser-and-gh0st-a-match-made-in-heaven.html || md5,691305b05ae75389526aa7c15b319c3b 1 || 2015869 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.ADDNEW (DarKDdoser) CnC 2 || url,blog.fireeye.com/research/2012/11/backdooraddnew-darkddoser-and-gh0st-a-match-made-in-heaven.html || md5,691305b05ae75389526aa7c15b319c3b 1 || 2015870 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.ADDNEW (DarKDdoser) CnC 3 || url,blog.fireeye.com/research/2012/11/backdooraddnew-darkddoser-and-gh0st-a-match-made-in-heaven.html || md5,691305b05ae75389526aa7c15b319c3b 1 || 2015871 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole request for file containing Java payload URIs (3) 1 || 2015872 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole request for Payload 1 || 2015873 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Cool Exploit Kit Requesting Payload 1 || 2015874 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Known Reveton Domain HTTP whatwillber.com 1 || 2015875 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Known Reveton Domain whatwillber.com 1 || 2015876 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO Jar file 09 Nov 12 1 || 2015877 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16/32-hex/a-z.php Landing Page URI 1 || 2015878 || 2 || policy-violation || 0 || ET POLICY Maxmind geoip check to /app/geoip.js 1 || 2015881 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS KaiXin Exploit Kit Landing Page NOP String || url,ondailybasis.com/blog/?p=1610 1 || 2015882 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS KaiXin Exploit Kit Landing Page parseInt Javascript Replace || url,ondailybasis.com/blog/?p=1610 1 || 2015883 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Java Exploit Campaign SetAttribute Java Applet || url,ondailybasis.com/blog/?p=1593 1 || 2015884 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack Landing Page 1 || 2015885 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack - No Java URI - Dot.class 1 || 2015886 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CirtXPack - No Java URI - /a.Test 1 || 2015887 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible exploitation of CVE-2012-5076 by an exploit kit Nov 13 2012 1 || 2015888 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit Kit 32 byte hex with trailing digit java payload request 1 || 2015889 || 9 || trojan-activity || 0 || ET DELETED SofosFO/NeoSploit possible second stage landing page (1) 1 || 2015890 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - Landing Page - FlashExploit 1 || 2015891 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - Landing Page - Title 1 || 2015892 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - PDF Exploit - pdf_new.php 1 || 2015893 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - PDF Exploit - pdf_old.php 1 || 2015894 || 2 || trojan-activity || 0 || ET TROJAN Unknown FakeAV - /get/*.crp 1 || 2015895 || 2 || trojan-activity || 0 || ET TROJAN Unknown_comee.pl - POST with stpfu in http_client_body 1 || 2015896 || 3 || trojan-activity || 0 || ET TROJAN Andromeda Check-in Response 1 || 2015897 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Possible TDS Exploit Kit /flow redirect at .ru domain 1 || 2015898 || 5 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 1 User-Agent 1 || 2015899 || 3 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 2 User-Agent 1 || 2015900 || 4 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 3 User-Agent 1 || 2015901 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) - Landing Page - Java ClassID and 32HexChar.jar 1 || 2015902 || 7 || trojan-activity || 0 || ET TROJAN Win32/Kuluoz.B CnC || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf 1 || 2015903 || 5 || trojan-activity || 0 || ET TROJAN Win32/Kuluoz.B CnC 2 || md5,a88ba0c2b30afba357ebb38df9898f9e || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf 1 || 2015904 || 5 || trojan-activity || 0 || ET TROJAN Win32/Kuluoz.B CnC 3 || md5,a88ba0c2b30afba357ebb38df9898f9e || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf 1 || 2015905 || 2 || attempted-user || 0 || ET CURRENT_EVENTS WSO - WebShell Activity - WSO Title 1 || 2015906 || 2 || attempted-user || 0 || ET CURRENT_EVENTS WSO - WebShell Activity - POST structure 1 || 2015907 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS BoA -Account Phished 1 || 2015908 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS BoA - PII Phished 1 || 2015909 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS - BoA - Creds Phished 1 || 2015910 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Remax - AOL Creds 1 || 2015911 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Remax - Yahoo Creds 1 || 2015912 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Remax - Gmail Creds 1 || 2015913 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Remax - Hotmail Creds 1 || 2015914 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Remax - Other Creds 1 || 2015915 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Landing Pattern (1) 1 || 2015916 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Landing Pattern (2) 1 || 2015917 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - D.K - Title 1 || 2015918 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - Generic - c99shell based header 1 || 2015919 || 3 || attempted-user || 0 || ET WEB_SERVER WebShell - Generic - c99shell based header w/colons 1 || 2015920 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - Generic - c99shell based POST structure w/multipart 1 || 2015921 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Spam Campaign JPG CnC Link || url,blog.fireeye.com/research/2012/11/more-phish.html 1 || 2015922 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Glazunov Java exploit request /9-10-/4-5-digit 1 || 2015923 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Glazunov Java payload request /5-digit 1 || 2015924 || 2 || web-application-activity || 0 || ET WEB_SERVER WebShell - PHP eMailer 1 || 2015925 || 2 || web-application-activity || 0 || ET WEB_SERVER WebShell - Unknown - self-kill 1 || 2015926 || 2 || web-application-activity || 0 || ET WEB_SERVER WebShell - Unknown - .php?x=img&img= 1 || 2015927 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit /h***.htm(l) Landing Page - Set 1 || 2015928 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit Exploit Kit Java Request to Recent jar (1) 1 || 2015929 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit Exploit Kit Java Request to Recent jar (2) 1 || 2015930 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit Exploit Kit Vulnerable Java Payload Request URI (1) 1 || 2015931 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit Exploit Kit vulnerable Java Payload Request to URI (2) 1 || 2015932 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 2 Landing Page (7) 1 || 2015933 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole/Cool txt URI Struct 1 || 2015936 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear Exploit Kit HTTP Off-port Landing Page Request 1 || 2015937 || 7 || misc-activity || 0 || ET WEB_SERVER WebShell - PostMan 1 || 2015938 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Banking PHISH - Login.php?LOB=RBG 1 || 2015939 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack Exploit Kit .blogsite. Landing Page 1 || 2015940 || 2 || attempted-recon || 0 || ET SCAN SFTP/FTP Password Exposure via sftp-config.json || url,blog.sucuri.net/2012/11/psa-sftpftp-password-exposure-via-sftp-config-json.html 1 || 2015941 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Java Exploit - Recent Jar (1) 1 || 2015942 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Java Exploit - Recent Jar (2) 1 || 2015943 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Crimeboss - Java Exploit - Recent Jar (3) 1 || 2015944 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Stats Access 1 || 2015945 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Stats Java On 1 || 2015946 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Setup 1 || 2015947 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Piwik Backdoor Access || url,blog.sucuri.net/2012/11/piwik-org-webserver-hacked-and-backdoor-added-to-piwik.html 1 || 2015948 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Piwik Backdoor Access 2 || url,blog.sucuri.net/2012/11/piwik-org-webserver-hacked-and-backdoor-added-to-piwik.html 1 || 2015949 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Propack Recent Jar (1) 1 || 2015950 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Propack Payload Request 1 || 2015951 || 17 || trojan-activity || 0 || ET CURRENT_EVENTS SibHost Jar Request 1 || 2015952 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS PHISH Generic -SSN - ssn1 ssn2 ssn3 1 || 2015953 || 4 || web-application-attack || 0 || ET WEB_SERVER PIWIK Backdored Version calls home || url,piwik.org/blog/2012/11/security-report-piwik-org-webserver-hacked-for-a-few-hours-on-2012-nov-26th/ || url,forum.piwik.org/read.php?2,97666 1 || 2015954 || 2 || trojan-activity || 0 || ET INFO PDF /FlateDecode and PDF version 1.0 1 || 2015955 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS PDF /FlateDecode and PDF version 1.1 (seen in pamdql EK) 1 || 2015956 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Serenity Exploit Kit Landing Page HTML Header 1 || 2015957 || 7 || trojan-activity || 0 || ET TROJAN Lyposit Ransomware Checkin 1 1 || 2015958 || 3 || trojan-activity || 0 || ET TROJAN Lyposit Ransomware Checkin 2 1 || 2015959 || 2 || attempted-admin || 0 || ET SNMP Samsung Printer SNMP Hardcode RW Community String || url,www.l8security.com/post/36715280176/vu-281284-samsung-printer-snmp-backdoor 1 || 2015960 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack Jar Request 1 || 2015961 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack PDF Request 1 || 2015962 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack Payload Request 1 || 2015963 || 3 || bad-unknown || 0 || ET INFO PHISH Generic - Bank and Routing 1 || 2015964 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Landing URL 1 || 2015965 || 4 || misc-activity || 0 || ET INFO EXE SCardForgetReaderGroupA (Used in Malware Anti-Debugging) || url,www.trusteer.com/blog/evading-malware-researchers-shylock%E2%80%99s-new-trick 1 || 2015968 || 8 || trojan-activity || 0 || ET TROJAN WORM_VOBFUS Checkin 1 || md5,f127ed76dc5e48f69a1070f314488ce2 || url,blog.trendmicro.com/trendlabs-security-intelligence/watch-out-for-worm_vobfus/ 1 || 2015969 || 11 || trojan-activity || 0 || ET TROJAN WORM_VOBFUS Requesting exe || md5,f127ed76dc5e48f69a1070f314488ce2 || url,blog.trendmicro.com/trendlabs-security-intelligence/watch-out-for-worm_vobfus/ 1 || 2015970 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS Zuponcic EK Payload Request 1 || 2015971 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Zuponcic EK Java Exploit Jar 1 || 2015972 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS PHISH PayPal - Account Phished 1 || 2015973 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS PHISH Gateway POST to gateway-p 1 || 2015974 || 14 || trojan-activity || 0 || ET CURRENT_EVENTS Sibhost Status Check 1 || 2015975 || 5 || attempted-user || 0 || ET EXPLOIT MySQL Stack based buffer overrun Exploit Specific || url,seclists.org/fulldisclosure/2012/Dec/4 1 || 2015976 || 2 || trojan-activity || 0 || ET TROJAN WORM_VOBFUS Checkin Generic || md5,f127ed76dc5e48f69a1070f314488ce2 || url,blog.trendmicro.com/trendlabs-security-intelligence/watch-out-for-worm_vobfus/ || url,blog.dynamoo.com/2012/11/vobfus-sites-to-block.html 1 || 2015977 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS probable malicious Glazunov Javascript injection 1 || 2015978 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Dec 03 2012 1 || 2015979 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS CritXPack - Landing Page 1 || 2015980 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS PHISH Google - Account Phished 1 || 2015981 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Zuponcic Hostile Jar 1 || 2015982 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Zuponcic Hostile JavaScript 1 || 2015983 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS PHISH Bank - York - Creds Phished 1 || 2015984 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS Joomla Component SQLi Attempt 1 || 2015985 || 4 || trojan-activity || 0 || ET TROJAN Win32/Kuluoz.B Request || md5,0282bc929bae27ef95733cfa390b10e0 1 || 2015986 || 5 || protocol-command-decode || 0 || ET SCAN MYSQL MySQL Remote FAST Account Password Cracking || url,www.securityfocus.com/archive/1/524927/30/0/threaded 1 || 2015987 || 2 || attempted-user || 0 || ET EXPLOIT MySQL Heap based buffer overrun Exploit Specific || url,archives.neohapsis.com/archives/fulldisclosure/2012-12/0006.html 1 || 2015988 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS CrimeBoss - Stats Load Fail 1 || 2015989 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS RedKit - Potential Java Exploit Requested - 3 digit jar 1 || 2015990 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS RedKit - Potential Payload Requested - /2Digit.html 1 || 2015991 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Robopak - Landing Page Received 1 || 2015992 || 6 || attempted-user || 0 || ET EXPLOIT MySQL (Linux) Database Privilege Elevation (Exploit Specific) || cve,2012-5613 || url,seclists.org/fulldisclosure/2012/Dec/6 1 || 2015993 || 2 || protocol-command-decode || 0 || ET ATTACK_RESPONSE MySQL User Account Enumeration || url,seclists.org/fulldisclosure/2012/Dec/att-9/ 1 || 2015994 || 2 || misc-activity || 0 || ET INFO MySQL Database Query Version OS compile 1 || 2015995 || 4 || attempted-user || 0 || ET EXPLOIT MySQL Server for Windows Remote SYSTEM Level Exploit (Stuxnet Techique DUMP INTO executable) || url,seclists.org/fulldisclosure/2012/Dec/att-13/ 1 || 2015996 || 2 || attempted-user || 0 || ET EXPLOIT MySQL Server for Windows Remote SYSTEM Level Exploit (Stuxnet Techique) || url,seclists.org/fulldisclosure/2012/Dec/att-13/ 1 || 2015997 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Google Chrome Update/Install || url,www.barracudanetworks.com/blogs/labsblog?bid=3108 || url,www.bluecoat.com/security-blog/2012-12-05/blackhole-kit-doesnt-chrome 1 || 2015998 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack Landing Pattern 1 || 2015999 || 2 || trojan-activity || 0 || ET TROJAN W32/Quarian HTTP Proxy Header || url,vrt-blog.snort.org/2012/12/quarian.html 1 || 2016000 || 2 || trojan-activity || 0 || ET TROJAN Win32/Necurs || md5,871ecf11ddd7ffe294cab82bcaf9c310 || url,blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx 1 || 2016001 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS PDF /XFA and PDF-1.[0-4] Spec Violation (seen in pamdql and other EKs) 1 || 2016002 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ViArt Shop Evaluation admin_header.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/116871/ViArt-Shop-Evaluation-4.1-Remote-File-Inclusion.html 1 || 2016003 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ViArt Shop Evaluation ajax_list_tree.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/116871/ViArt-Shop-Evaluation-4.1-Remote-File-Inclusion.html 1 || 2016004 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ViArt Shop Evaluation previews_functions.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/116871/ViArt-Shop-Evaluation-4.1-Remote-File-Inclusion.html 1 || 2016005 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Achievo atknodetype parameter Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/117822/Achievo-1.4.5-XSS-LFI-SQL-Injection.html 1 || 2016006 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PRADO PHP Framework functional_tests.php Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/118348/PRADO-PHP-Framework-3.2.0-File-Read.html 1 || 2016007 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PRADO PHP Framework functional.php Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/118348/PRADO-PHP-Framework-3.2.0-File-Read.html 1 || 2016008 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Inventory consulta_fact.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/117683/Inventory-1.0-Cross-Site-Scripting.html 1 || 2016009 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Inventory newinventario.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/117683/Inventory-1.0-Cross-Site-Scripting.html 1 || 2016010 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Inventory newtransact.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/117683/Inventory-1.0-Cross-Site-Scripting.html 1 || 2016011 || 4 || trojan-activity || 0 || ET TROJAN SmokeBot grab data plaintext 1 || 2016012 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack PDF Request (2) 1 || 2016013 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack Jar Request (2) 1 || 2016014 || 2 || trojan-activity || 0 || ET TROJAN Win32/Trojan.Agent.AXMO CnC Beacon || url,contagiodump.blogspot.co.uk/2012/12/osxdockstera-and-win32trojanagentaxmo.html 1 || 2016015 || 3 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Nagios XI Network Monitor - OS Command Injection || url,exchange.nagios.org/directory/Addons/Components/Graph-Explorer-Component/details 1 || 2016016 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Amplification Attack Inbound 1 || 2016017 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Amplification Attack Outbound 1 || 2016018 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Embedded Open Type Font file .eot seeing at Cool Exploit Kit || cve,2011-3402 1 || 2016019 || 5 || trojan-activity || 0 || ET TROJAN Win32.boCheMan-A/Dexter || md5,ccc99c9f07e7be0f408ef3a68a9da298 1 || 2016020 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FakeScan - Landing Page - Title - Microsoft Antivirus 2013 1 || 2016021 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS FakeScan - Payload Download Received 1 || 2016022 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING FlashPost - Redirection IFRAME 1 || 2016023 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING FlashPost - POST to *.stats 1 || 2016024 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole - TDS Redirection To Exploit Kit - Loading 1 || 2016025 || 3 || bad-unknown || 0 || ET DELETED Blackhole - TDS Redirection To Exploit Kit - /head/head1.html 1 || 2016026 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS NuclearPack - Landing Page Received - applet and 32HexChar.jar 1 || 2016027 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS g01pack - Landing Page Received - applet and 32AlphaNum.jar 1 || 2016028 || 2 || bad-unknown || 0 || ET EXPLOIT Metasploit -Java Atomic Exploit Downloaded 1 || 2016029 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Kelihos.K Executable Download DGA 1 || 2016030 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS LOIC POST 1 || 2016031 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS LOIC GET 1 || 2016032 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS JCE Joomla Scanner 1 || 2016033 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Simple Slowloris Flooder || url,www.imperva.com/docs/HII_Denial_of_Service_Attacks-Trends_Techniques_and_Technologies.pdf 1 || 2016034 || 3 || trojan-activity || 0 || ET TROJAN Faked Russian Opera UA without Accept - probable downloader 1 || 2016035 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible SibHost PDF Request 1 || 2016036 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simplemachines view parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/117618/SMF-2.0.2-Cross-Site-Scripting.html 1 || 2016037 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress FSML Plugin fsml-admin.js.php Remote File Inclusion Attempt || url,secunia.com/advisories/51346 1 || 2016038 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress FSML Plugin fsml-hideshow.js.php Remote File Inclusion Attempt || url,secunia.com/advisories/51346 1 || 2016039 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Havalite userId parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/118714/Havalite-1.1.7-Cross-Site-Scripting-Shell-Upload.html 1 || 2016040 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpleInvoices having parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/118737/SimpleInvoices-2011.1-Cross-Site-Scripting.html 1 || 2016041 || 3 || attempted-user || 0 || ET ACTIVEX Possible NVIDIA Install Application ActiveX Control AddPackages Unicode Buffer Overflow || url,packetstormsecurity.org/files/118648/NVIDIA-Install-Application-2.1002.85.551-Buffer-Overflow.html 1 || 2016042 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Manhali download.php Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/116724/Manhali-1.8-Local-File-Inclusion.html 1 || 2016043 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RIPS code.php Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/111164/RIPS-0.53-Local-File-Inclusion.html 1 || 2016044 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RIPS function.php Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/111164/RIPS-0.53-Local-File-Inclusion.html 1 || 2016045 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Admidio headline parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/116155/Admidio-2.3.5-Cross-Site-Scripting-SQL-Injection.html 1 || 2016046 || 6 || trojan-activity || 0 || ET DELETED SofosFO/NeoSploit possible second stage landing page (2) 1 || 2016047 || 2 || trojan-activity || 0 || ET TROJAN W32/Prinimalka Get Task CnC Beacon || url,ddos.arbornetworks.com/2012/10/trojan-prinimalka-bits-and-pieces/ 1 || 2016048 || 2 || trojan-activity || 0 || ET TROJAN W32/Prinimalka Configuration Update Request || url,ddos.arbornetworks.com/2012/10/trojan-prinimalka-bits-and-pieces/ 1 || 2016049 || 2 || trojan-activity || 0 || ET TROJAN W32/Prinimalka Prinimalka.py Script In CnC Beacon || url,ddos.arbornetworks.com/2012/10/trojan-prinimalka-bits-and-pieces/ 1 || 2016050 || 3 || trojan-activity || 0 || ET TROJAN W32.Daws/Sanny CnC Initial Beacon || url,blog.fireeye.com/research/2012/12/to-russia-with-apt.html || url,contagiodump.blogspot.co.uk/2012/12/end-of-year-presents-continue.html 1 || 2016051 || 5 || trojan-activity || 0 || ET TROJAN W32.Daws/Sanny CnC POST || url,blog.fireeye.com/research/2012/12/to-russia-with-apt.html || url,contagiodump.blogspot.co.uk/2012/12/end-of-year-presents-continue.html 1 || 2016052 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_gmf EK - Payload Download Requested 1 || 2016053 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_gmf EK - Payload Download Received 1 || 2016054 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_gmf EK - Server Response - Application Error 1 || 2016055 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_gmf EK - pdfx.html 1 || 2016056 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_gmf EK - flsh.html 1 || 2016057 || 8 || trojan-activity || 0 || ET DELETED CoolEK Font File Download Dec 18 2012 1 || 2016058 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - New PDF Exploit - Dec 18 2012 1 || 2016059 || 13 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - Old PDF Exploit - Dec 18 2012 1 || 2016060 || 18 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - Jar - Jun 05 2013 1 || 2016061 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible WordpressPingbackPortScanner detected || url,seclists.org/bugtraq/2012/Dec/101 || url,github.com/FireFart/WordpressPingbackPortScanner/ || url,www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/ 1 || 2016062 || 2 || trojan-activity || 0 || ET TROJAN Linux/Chapro.A Malicious Apache Module CnC Beacon || url,blog.eset.com/2012/12/18/malicious-apache-module-used-for-content-injection-linuxchapro-a 1 || 2016063 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS PHISH PayPal - Account Phished 1 || 2016064 || 5 || attempted-user || 0 || ET DELETED Popads Exploit Kit font request 32hex digit .eot 1 || 2016065 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Embedded Open Type Font file .eot || cve,2011-3402 1 || 2016066 || 3 || trojan-activity || 0 || ET DELETED CoolEK - Landing Page (2) 1 || 2016067 || 3 || trojan-activity || 0 || ET POLICY Possible BitCoin Miner User-Agent (miner) || url,abcpool.co/mining-software-comparison.php 1 || 2016068 || 3 || trojan-activity || 0 || ET POLICY poclbm BitCoin miner || url,abcpool.co/mining-software-comparison.php 1 || 2016069 || 3 || bad-unknown || 0 || ET MALWARE suspicious User-Agent (vb wininet) 1 || 2016070 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS SofosFO obfuscator string 19 Dec 12 - possible landing 1 || 2016071 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO 20 Dec 12 - .jar file request 1 || 2016072 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO 20 Dec 12 - .pdf file request 1 || 2016073 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO - possible second stage landing page 1 || 2016074 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Skill.gk User-Agent 1 || 2016075 || 3 || trojan-activity || 0 || ET DELETED FakeAV Checkin || md5,527e115876d0892c9a0ddfc96e852a16 1 || 2016076 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Video Lead Form plugin errMsg parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/118466/WordPress-Video-Lead-Form-0.5-Cross-Site-Scripting.html 1 || 2016077 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Amateur Photographer Image Gallery albumid parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/117463/Amateur-Photographers-Image-Gallery-0.9a-XSS-SQL-Injection.html 1 || 2016078 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Amateur Photographer Image Gallery file parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/117463/Amateur-Photographers-Image-Gallery-0.9a-XSS-SQL-Injection.html 1 || 2016079 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS simple machines forum include parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/116709/SMF-2.0.2-Local-File-Inclusion.html 1 || 2016080 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Cloudsafe365 file parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/115972/WordPress-Cloudsafe365-Local-File-Inclusion.html 1 || 2016081 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zenphoto date parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/117067/Zenphoto-1.4.3.2-Cross-Site-Scripting.html 1 || 2016082 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Token Manager Plugin tokenmanageredit page XSS Attempt || url,packetstormsecurity.org/files/116837/Wordpress-Plugin-Token-Manager-Cross-Site-Scripting.html 1 || 2016083 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Token Manager Plugin tokenmanagertypeedit page XSS Attempt || url,packetstormsecurity.org/files/116837/Wordpress-Plugin-Token-Manager-Cross-Site-Scripting.html 1 || 2016084 || 3 || attempted-user || 0 || ET ACTIVEX Possible HP ALM XGO.ocx ActiveX Control SetShapeNodeType method Remote Code Execution || url,packetstormsecurity.org/files/116848/HP-ALM-Remote-Code-Execution.html 1 || 2016085 || 3 || attempted-user || 0 || ET ACTIVEX Possible Cyme ChartFX client server ActiveX Control ShowPropertiesDialog arbitrary code execution || url,packetstormsecurity.org/files/117137/Cyme-ChartFX-Client-Server-Array-Indexing.html 1 || 2016086 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SonicWALL SonicOS searchStr XML Tag Script Insertion Attempt || url,securelist.com/en/advisories/51615 || url,seclists.org/bugtraq/2012/Dec/110 1 || 2016087 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS TROJAN Unk_Banker - Check In 1 || 2016088 || 2 || trojan-activity || 0 || ET TROJAN SmokeLoader - Init 0x 1 || 2016089 || 4 || trojan-activity || 0 || ET TROJAN FakeAV checkin || md5,dd4d18c07e93c34d082dab57a38f1b86 || md5,5a864ccfeee9c0c893cfdc35dd8820a6 1 || 2016090 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Hostile Gate landing seen with pamdql/Sweet Orange /in.php?q= 1 || 2016091 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Hostile Gate landing seen with pamdql/Sweet Orange base64 1 || 2016092 || 3 || trojan-activity || 0 || ET DELETED pamdql/Sweet Orange delivering hostile XOR trojan payload from robots.php 1 || 2016093 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS pamdql/Sweet Orange delivering exploit kit payload 1 || 2016094 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Updtkiller Sending Device Information || url,www.symantec.com/ja/jp/security_response/writeup.jsp?docid=2012-082308-1823-99&tabid=2 1 || 2016095 || 2 || trojan-activity || 0 || ET TROJAN W32/Dexter Infostealer CnC POST || url,contagiodump.blogspot.co.uk/2012/12/dexter-pos-infostealer-samples-and.html 1 || 2016096 || 4 || trojan-activity || 0 || ET DELETED W32/Stabuniq CnC POST || url,contagiodump.blogspot.co.uk/2012/12/dec-2012-trojanstabuniq-samples.html || url,www.symantec.com/connect/blogs/trojanstabuniq-found-financial-institution-servers 1 || 2016097 || 4 || trojan-activity || 0 || ET TROJAN Unknown - Loader - Check .exe Updated 1 || 2016098 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Drupal Mass Injection Campaign Inbound 1 || 2016099 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Drupal Mass Injection Campaign Outbound 1 || 2016100 || 2 || trojan-activity || 0 || ET WEB_SPECIFIC_APPS Request to Wordpress W3TC Plug-in dbcache Directory || url,seclists.org/fulldisclosure/2012/Dec/242 1 || 2016101 || 2 || trojan-activity || 0 || ET TROJAN DNS Reply Sinkhole - Microsoft - 131.253.18.0/24 1 || 2016102 || 2 || trojan-activity || 0 || ET TROJAN DNS Reply Sinkhole - Microsoft - 199.2.137.0/24 1 || 2016103 || 2 || trojan-activity || 0 || ET TROJAN DNS Reply Sinkhole - Microsoft - 207.46.90.0/24 1 || 2016104 || 3 || trojan-activity || 0 || ET TROJAN DNS Reply for unallocated address space - Potentially Malicious 1.1.1.0/24 1 || 2016105 || 3 || trojan-activity || 0 || ET DELETED DNS Reply Sinkhole - zeus.redheberg.com - 95.130.14.32 1 || 2016106 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Landing Page 1 || 2016107 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Topic EK Requesting Jar 1 || 2016108 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Topic EK Requesting PDF 1 || 2016109 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress WP-Property Plugin uploadify.php Arbitrary File Upload Vulnerability || url,www.securityfocus.com/bid/53787/info || url,downloads.securityfocus.com/vulnerabilities/exploits/53787.php 1 || 2016110 || 3 || trojan-activity || 0 || ET TROJAN FakeAV Download antivirus-installer.exe 1 || 2016111 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Java payload request (1) 1 || 2016112 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Java obfuscated binary (1) 1 || 2016113 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit encrypted binary (1) 1 || 2016114 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gpEasy CMS section parameter XSS Attempt || url,1337day.com/exploit/19949 1 || 2016115 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gpEasy CMS index.php file XSS Attempt || url,1337day.com/exploit/19949 1 || 2016116 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gpEasy CMS key parameter XSS Attempt || url,1337day.com/exploit/19949 1 || 2016117 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Mailing List plugin wpabspath parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/105236/WordPress-Mailing-List-1.3.2-Remote-File-Inclusion.html 1 || 2016118 || 3 || attempted-user || 0 || ET ACTIVEX Possible Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Attempt || url,securityfocus.com/bid/47596 1 || 2016119 || 3 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Symantec Messaging Gateway 9.5.3-3 - Arbitrary file download 2 || url,www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 1 || 2016120 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wiki Web Help configpath parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/116202/Wiki-Web-Help-0.3.11-Remote-File-Inclusion.html 1 || 2016121 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Relocate Upload plugin abspath parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/105239/WordPress-Relocate-Upload-0.14-Remote-File-Inclusion.html 1 || 2016122 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LogAnalyzer asktheoracle.php file XSS Attempt || url,packetstormsecurity.org/files/119015/Loganalyzer-3.6.0-Cross-Site-Scripting.html 1 || 2016123 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Myflash path parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/118400/WordPress-Myflash-Local-File-Inclusion.html 1 || 2016124 || 2 || trojan-activity || 0 || ET TROJAN W32/Downloader.FakeFlashPlayer Clientregister.php CnC Beacon 1 || 2016125 || 2 || trojan-activity || 0 || ET TROJAN W32/Downloader.FakeFlashPlayer Status.Php CnC Beacon 1 || 2016126 || 2 || trojan-activity || 0 || ET TROJAN W32/Downloader.FakeFlashPlayer Bitensiteler CnC Beacon 1 || 2016127 || 2 || trojan-activity || 0 || ET TROJAN W32/Downloader.FakeFlashPlayer Kelimeid CnC Beacon 1 || 2016128 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Landing Page 1 || 2016129 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_gmf/Styx EK - fnts.html 1 || 2016130 || 3 || trojan-activity || 0 || ET TROJAN Stabuniq Checkin || url,www.symantec.com/connect/blogs/trojanstabuniq-found-financial-institution-servers || url,www.symantec.com/security_response/writeup.jsp?docid=2012-121809-2437-99&tabid=2 || url,contagiodump.blogspot.com/2012/12/dec-2012-trojanstabuniq-samples.html 1 || 2016131 || 3 || trojan-activity || 0 || ET DELETED Stabuniq Observed C&C POST Target /rss.php || url,www.symantec.com/connect/blogs/trojanstabuniq-found-financial-institution-servers || url,www.symantec.com/security_response/writeup.jsp?docid=2012-121809-2437-99&tabid=2 || url,contagiodump.blogspot.com/2012/12/dec-2012-trojanstabuniq-samples.html 1 || 2016132 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Escaped Unicode Char in Window Location CVE-2012-4792 EIP || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/ 1 || 2016133 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Escaped Unicode Char in Location CVE-2012-4792 EIP (Exploit Specific replace) || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/ 1 || 2016134 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Escaped Unicode Char in Location CVE-2012-4792 EIP % Hex Encode || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/ 1 || 2016135 || 2 || attempted-user || 0 || ET CURRENT_EVENTS CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/ 1 || 2016136 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Metasploit CVE-2012-4792 EIP in URI IE 8 || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/ 1 || 2016137 || 2 || attempted-user || 0 || ET CURRENT_EVENTS CVE-2012-4792 EIP in URI (1) || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/ 1 || 2016138 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Possible Exodus Intel IE HTML+TIME EIP Control Technique || cve,2012-4792 || url,blog.exodusintel.com/2013/01/02/happy-new-year-analysis-of-cve-2012-4792/ 1 || 2016139 || 3 || trojan-activity || 0 || ET TROJAN TR/Spy.55808.201 1 || 2016140 || 5 || trojan-activity || 0 || ET DELETED Suspicious User Agent (iexplorer) 1 || 2016141 || 3 || trojan-activity || 0 || ET INFO Exectuable Download from dotted-quad Host 1 || 2016142 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Java payload request (2) 1 || 2016143 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Java obfuscated binary (2) 1 || 2016144 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Injected iframe leading to Redkit Jan 02 2013 1 || 2016145 || 2 || protocol-command-decode || 0 || ET INFO PTUNNEL OUTBOUND || url,github.com/madeye/ptunnel || url,cs.uit.no/~daniels/PingTunnel/#protocol 1 || 2016146 || 3 || protocol-command-decode || 0 || ET INFO PTUNNEL INBOUND || url,github.com/madeye/ptunnel || url,cs.uit.no/~daniels/PingTunnel/#protocol 1 || 2016147 || 2 || trojan-activity || 0 || ET TROJAN Request for fake postal receipt from e-mail link 1 || 2016148 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS WordPress Plugin Advanced Custom Fields Remote File Inclusion 1 || 2016151 || 3 || attempted-user || 0 || ET WEB_SERVER WebShell - JSP RAT 1 || 2016152 || 4 || attempted-user || 0 || ET WEB_SERVER WebShell - JSP File Admin 1 || 2016153 || 3 || attempted-user || 0 || ET WEB_SERVER WebShell - JSP File Admin - POST Structure - dir 1 || 2016154 || 1 || policy-violation || 0 || ET CURRENT_EVENTS Possible TURKTRUST Spoofed Google Cert 1 || 2016155 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) - Font Exploit - 32HexChar.eot 1 || 2016156 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mahara query Parameter Cross Site Scripting Attempt || url,securityfocus.com/bid/56718 1 || 2016157 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WHM filtername Parameter Cross Site Scripting Attempt || url,securityfocus.com/bid/57061 1 || 2016158 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Google Doc Embedder plugin file parameter Local File Inclusion Attempt || url,secunia.com/advisories/50832 1 || 2016159 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Machines Forum ssi_function parameter path disclosure vulnerability || url,packetstormsecurity.com/files/119240/Simple-Machines-Forum-2.0.3-Path-Disclosure.html 1 || 2016160 || 3 || attempted-user || 0 || ET ACTIVEX Possible Sony PC Companion Load method Stack-based Unicode Buffer Overload SEH || url,packetstormsecurity.com/files/119022/Sony-PC-Companion-2.1-Load-Unicode-Buffer-Overflow.html 1 || 2016161 || 3 || attempted-user || 0 || ET ACTIVEX Possible Sony PC Companion CheckCompatibility method Stack-based Unicode Buffer Overload || url,packetstormsecurity.com/files/119023/Sony-PC-Companion-2.1-CheckCompatibility-Unicode-Buffer-Overflow.html 1 || 2016162 || 3 || attempted-user || 0 || ET ACTIVEX Possible Sony PC Companion Admin_RemoveDirectory Stack-based Unicode Buffer Overload SEH || url,packetstormsecurity.com/files/119024/Sony-PC-Companion-2.1-Admin_RemoveDirectory-Unicode-Buffer-Overflow.html 1 || 2016163 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SiteGo get_templet.php of green Remote File Inclusion Attempt || url,packetstormsecurity.com/files/116412/SiteGo-Remote-File-Inclusion.html 1 || 2016164 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SiteGo get_templet.php of blue Remote File Inclusion Attempt || url,packetstormsecurity.com/files/116412/SiteGo-Remote-File-Inclusion.html 1 || 2016165 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cPanel dir Parameter Cross Site Scripting Attempt || url,securityfocus.com/bid/57064 1 || 2016166 || 6 || attempted-user || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit PluginDetect FromCharCode Jan 04 2013 1 || 2016167 || 3 || trojan-activity || 0 || ET TROJAN Poison Ivy.2013Jan04 victim beacon || md5,62f20326e0f08c0786df6886f0427ea7 1 || 2016168 || 4 || trojan-activity || 0 || ET TROJAN Poison Ivy.2013Jan04 server response || md5,62f20326e0f08c0786df6886f0427ea7 1 || 2016169 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Possible CrimeBoss Generic URL Structure 1 || 2016170 || 2 || attempted-user || 0 || ET CURRENT_EVENTS CVE-2012-4792 EIP in URI (2) || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/ 1 || 2016171 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - proxy_info.php 1 || 2016172 || 8 || bad-unknown || 0 || ET TROJAN Generic -POST To file.php w/Extended ASCII Characters 1 || 2016173 || 8 || bad-unknown || 0 || ET TROJAN Generic -POST To gate.php w/Extended ASCII Characters 1 || 2016174 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY RedKit - Landing Page 1 || 2016175 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Possible CVE-2013-0156 Ruby On Rails XML POST to Disallowed Type YAML || url,groups.google.com/forum/?hl=en&fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ 1 || 2016176 || 3 || web-application-activity || 0 || ET CURRENT_EVENTS Possible CVE-2013-0156 Ruby On Rails XML POST to Disallowed Type SYMBOL || url,groups.google.com/forum/?hl=en&fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ 1 || 2016177 || 2 || trojan-activity || 0 || ET TROJAN FakeAV security_scanner.exe 1 || 2016178 || 2 || misc-attack || 0 || ET SNMP missing community string attempt 1 || bugtraq,2112 || cve,1999-0517 1 || 2016179 || 2 || misc-attack || 0 || ET SNMP missing community string attempt 2 || bugtraq,2112 || cve,1999-0517 1 || 2016180 || 2 || misc-attack || 0 || ET SNMP missing community string attempt 3 || bugtraq,2112 || cve,1999-0517 1 || 2016181 || 2 || misc-attack || 0 || ET SNMP missing community string attempt 4 || bugtraq,2112 || cve,1999-0517 1 || 2016182 || 6 || web-application-attack || 0 || ET WEB_SERVER ColdFusion componentutils access || url,www.adobe.com/support/security/advisories/apsa13-01.html 1 || 2016183 || 4 || web-application-attack || 0 || ET WEB_SERVER ColdFusion adminapi access || url,www.adobe.com/support/security/advisories/apsa13-01.html 1 || 2016184 || 5 || web-application-attack || 0 || ET WEB_SERVER ColdFusion administrator access || url,www.adobe.com/support/security/advisories/apsa13-01.html 1 || 2016185 || 2 || trojan-activity || 0 || ET TROJAN Unknown Ransomware Checkin 1 || 2016186 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Tobfy.Ransomware CnC Request - status.php || url,blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html 1 || 2016187 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Tobfy.Ransomware Invalid URI CnC Request - || url,blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html 1 || 2016188 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Potential Zeus Binary Download - Specific PE Sections Structure || url,ioactive.com/pdfs/ZeusSpyEyeBankingTrojanAnalysis.pdf 1 || 2016189 || 2 || trojan-activity || 0 || ET TROJAN Midhos/Medfos downloader 1 || 2016190 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SPL - Landing Page Received 1 || 2016191 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS CoolEK - Landing Page Received 1 || 2016192 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Unknown - Please wait... 1 || 2016193 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Unknown - Landing Page Requested - /?Digit 1 || 2016194 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress NextGEN Gallery plugin test-head parameter XSS Attempt || url,packetstormsecurity.com/files/119360/WordPress-NextGEN-Gallery-1.9.10-Cross-Site-Scripting.html 1 || 2016195 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Browser Rejector Plugin wppath Remote File Inclusion Attempt || url,secunia.com/advisories/51739/ 1 || 2016196 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dell OpenManage Server Administrator topic parameter XSS Attempt || url,kb.cert.org/vuls/id/950172 1 || 2016197 || 3 || attempted-user || 0 || ET ACTIVEX Possible Honeywell Tema Remote Installer ActiveX DownloadFromURL method Remote Code Execution || url,packetstormsecurity.com/files/119427/Honeywell-Tema-Remote-Installer-ActiveX-Remote-Code-Execution.html 1 || 2016198 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Free Blog Arbitrary File Deletion Attempt || url,packetstormsecurity.com/files/119385/Free-Blog-1.0-Shell-Upload-Arbitrary-File-Deletion.html 1 || 2016199 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adiscon LogAnalyzer viewid Cross-Site Scripting Attempt || url,secunia.com/advisories/51816/ 1 || 2016200 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TinyBrowser tinybrowser.php file Script Execution Attempt || url,securityfocus.com/bid/57230/ 1 || 2016201 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TinyBrowser edit.php file Script Execution Attempt || url,securityfocus.com/bid/57230/ 1 || 2016202 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TinyBrowser upload.php file Script Execution Attempt || url,securityfocus.com/bid/57230/ 1 || 2016203 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Gallery Plugin filename_1 Parameter Remote File Access Attempt || url,securityfocus.com/bid/57256/ 1 || 2016204 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Possible CVE-2013-0156 Ruby On Rails XML YAML tag with !ruby || url,groups.google.com/forum/?hl=en&fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ 1 || 2016205 || 3 || trojan-activity || 0 || ET TROJAN W32/Zemra.DDoS.Bot Variant CnC Beacon || url,thegoldenmessenger.blogspot.de/2012/09/2-disclosure-of-interesting-botnet-part-1.html || url,thegoldenmessenger.blogspot.de/2012/09/2-disclosure-of-interesting-botnet-part-2.html 1 || 2016206 || 3 || trojan-activity || 0 || ET TROJAN W32/Iyus.H Initial CnC Beacon || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Iyus-H/detailed-analysis.aspx 1 || 2016207 || 3 || trojan-activity || 0 || ET TROJAN W32/Iyus.H work_troy.php CnC Request || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Iyus-H/detailed-analysis.aspx 1 || 2016208 || 3 || trojan-activity || 0 || ET TROJAN W32/Downloader Secondary Download Request - W32/Hupigon.Backdoor Likely Secondary Payload || url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml 1 || 2016209 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/CoolPaperLeak Sending Information To CnC || url,www.symantec.com/connect/blogs/androidcoolpaperleak-million-download-baby 1 || 2016210 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request || url,blogs.mcafee.com/mcafee-labs/red-kit-an-emerging-exploit-pack || cve,2010-0188 1 || 2016211 || 5 || trojan-activity || 0 || ET TROJAN W32/Karagany.Downloader CnC Beacon || url,malwaremustdie.blogspot.co.uk/2013/01/once-upon-time-with-cool-exploit-kit.html || url,www.fortiguard.com/latest/av/4057936 || md5,92899c20da4d9db5627af89998aadc58 1 || 2016212 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS BroBot POST 1 || 2016213 || 3 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit encoded PluginDetect Jan 15 2013 1 || 2016214 || 3 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/nt/th || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation 1 || 2016215 || 3 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/nt/sk || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation 1 || 2016216 || 6 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/dllhost/ac || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation 1 || 2016217 || 3 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/ms/check || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation 1 || 2016218 || 3 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/ms/flush || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation 1 || 2016219 || 3 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/win/wcx || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation 1 || 2016220 || 3 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/win/cab || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation 1 || 2016221 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download 1 || 2016222 || 2 || web-application-attack || 0 || ET SCAN GET with HTML tag in start of URI seen with PHPMyAdmin scanning 1 || 2016223 || 8 || trojan-activity || 0 || ET TROJAN Andromeda Checkin || md5,50a538221e015d77cf4794ae78978ce2 1 || 2016224 || 3 || trojan-activity || 0 || ET TROJAN Possible Red October proxy CnC 1 1 || 2016225 || 2 || trojan-activity || 0 || ET TROJAN Possible Red October proxy CnC 2 1 || 2016226 || 2 || trojan-activity || 0 || ET TROJAN Possible Red October proxy CnC 3 1 || 2016227 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Metasploit CVE-2013-0422 Landing Page 1 || 2016228 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Metasploit CVE-2013-0422 Jar 1 || 2016229 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16/32-hex/a-z.php Jar Download 1 || 2016230 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Age Verification plugin redirect_to Parameter URI Redirection || url,securityfocus.com/bid/51357/ 1 || 2016231 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cartweaver 3 Local File Inclusion Attempt || url,packetstormsecurity.com/files/117370/Cartweaver-3-Local-File-Inclusion.html 1 || 2016232 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_bit controller parameter Local File Inclusion Attempt || url,packetstormsecurity.com/files/118943/Joomla-Bit-Local-File-Inclusion.html 1 || 2016233 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_ztautolink controller parameter Local File Inclusion Attempt || url,packetstormsecurity.com/files/118944/Joomla-ZtAutoLink-Local-File-Inclusion.html 1 || 2016234 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mu Perspectives Cms id parameter Cross-Site Scripting Attempt || url,packetstormsecurity.com/files/116148/Mu-Perspectives-CMS-Cross-Site-Scripting.html 1 || 2016235 || 3 || attempted-user || 0 || ET ACTIVEX Possible KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability 2 || url,packetstormsecurity.com/files/117293/KeyHelp-ActiveX-LaunchTriPane-Remote-Code-Execution.html 1 || 2016236 || 3 || attempted-user || 0 || ET ACTIVEX Possible KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability || url,packetstormsecurity.com/files/117293/KeyHelp-ActiveX-LaunchTriPane-Remote-Code-Execution.html 1 || 2016237 || 3 || attempted-user || 0 || ET ACTIVEX Possible Samsung Kies ActiveX PrepareSync method Buffer overflow || url,packetstormsecurity.com/files/119423/Samsung-Kies-2.5.0.12114_1-Buffer-Overflow.html 1 || 2016238 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Incapsula component Security.php XSS Attempt || url,packetstormsecurity.com/files/119364/Joomla-Incapsula-1.4.6_b-Cross-Site-Scripting.html 1 || 2016239 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Incapsula component Performance.php file XSS Attempt || url,packetstormsecurity.com/files/119364/Joomla-Incapsula-1.4.6_b-Cross-Site-Scripting.html 1 || 2016240 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Impact Exploit Kit Class Download 1 || 2016241 || 4 || trojan-activity || 0 || ET DELETED SofosFO - Landing Page 1 || 2016242 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Jan 21 2012 1 || 2016243 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Request for FakeAV Binary /two/data.exe Infection Campaign 1 || 2016244 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - Symlink_Sa 1 || 2016245 || 3 || bad-unknown || 0 || ET WEB_SERVER WebShell - Generic - c99shell based header 1 || 2016247 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS StyX Landing Page 1 || 2016248 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS StyX Landing Page 1 || 2016249 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS Redkit Class Request (1) 1 || 2016250 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS Redkit Class Request (2) 1 || 2016251 || 4 || trojan-activity || 0 || ET TROJAN Win32/Emold.C Checkin || url,www.threatexpert.com/report.aspx?md5=49205774f0ff7605c226828e080238f3 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FEmold.C 1 || 2016252 || 3 || trojan-activity || 0 || ET TROJAN Unknown POST of Windows PW Hashes to External Site 1 || 2016253 || 3 || trojan-activity || 0 || ET TROJAN Unknown POST of System Info 1 || 2016254 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Red Dot Exploit Kit Single Character JAR Request || url,malware.dontneedcoffee.com/ 1 || 2016255 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Red Dot Exploit Kit Binary Payload Request || url,malware.dontneedcoffee.com/ 1 || 2016256 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Gondad Exploit Kit Post Exploitation Request 1 || 2016257 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 1 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016258 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 2 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016259 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 3 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016260 || 4 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 4 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016261 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 5 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016262 || 4 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 6 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016263 || 4 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 7 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016264 || 4 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 8 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016265 || 4 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 9 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016266 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 10 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016267 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 11 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016268 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 12 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016270 || 2 || trojan-activity || 0 || ET TROJAN Poison Ivy Variant Jan 24 2013 || url,blog.avast.com/2013/01/22/reporters-without-borders-website-misused-in-wateringhole-attack/ 1 || 2016271 || 2 || trojan-activity || 0 || ET TROJAN Poison Ivy Variant Jan 24 2013 || url,blog.avast.com/2013/01/22/reporters-without-borders-website-misused-in-wateringhole-attack/ 1 || 2016272 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS TDS - in.php 1 || 2016273 || 2 || trojan-activity || 0 || ET TROJAN W32/Bilakip.A Downloader API Ping CnC Beacon || url,about-threats.trendmicro.com/Malware.aspx?id=50100&name=TROJ_DLOADR.BKM&language=au 1 || 2016274 || 2 || trojan-activity || 0 || ET TROJAN W32/Bilakip.A Downloader Viruslist Download For Populating FakeAV || url,about-threats.trendmicro.com/Malware.aspx?id=50100&name=TROJ_DLOADR.BKM&language=au 1 || 2016275 || 9 || trojan-activity || 0 || ET TROJAN Win32/Xtrat.A Checkin || url,threatexpert.com/report.aspx?md5=f45b1b82c849fbbea3374ae7e9200092 1 || 2016276 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS MetaSploit CVE-2012-1723 Class File (seen in live EKs) 1 || 2016277 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS MetaSploit CVE-2012-1723 Class File (seen in live EKs) 1 || 2016278 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - New PDF Exploit - Jan 24 2013 1 || 2016279 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (2) 1 || 2016280 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (3) 1 || 2016281 || 4 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 13 || md5,56e0e87e64299f5bb91d2183bbff7cfa 1 || 2016282 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openconstructor CMS result Parameter Cross Site Scripting Attempt || url,packetstormsecurity.com/files/115284/Openconstructor-CMS-3.12.0-Reflected-XSS.html 1 || 2016283 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openconstructor CMS keyword Parameter Cross Site Scripting Attempt || url,packetstormsecurity.com/files/115284/Openconstructor-CMS-3.12.0-Reflected-XSS.html 1 || 2016284 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart loc parameter Local File Inclusion Attempt || url,packetstormsecurity.com/files/119082/CubeCart-4.4.6-Local-File-Inclusion.html 1 || 2016285 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GetSimple CMS path parameter Local File Inclusion Attempt || url,packetstormsecurity.com/files/115302/GetSimple-CMS-3.1.2-Local-File-Inclusion-Path-Disclosure.html 1 || 2016286 || 3 || attempted-user || 0 || ET ACTIVEX Possible Aloaha PDF Crypter activex SaveToFile method arbitrary file overwrite || url,exploit-db.com/exploits/24319/ 1 || 2016287 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Banana Dance name Parameter Local File Inclusion Attempt || url,packetstormsecurity.com/files/118964/Banana-Dance-B.2.6-Inclusion-Access-Control-SQL-Injection.html 1 || 2016288 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_collector Component Arbitrary File Upload Vulnerability || url,exploit-db.com/exploits/24228/ 1 || 2016289 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS web wiz forums ForumID Parameter Cross Site Scripting Attempt || url,packetstormsecurity.com/files/115886/Web-Wiz-Forums-10.03-Cross-Site-Scripting.html 1 || 2016290 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS web wiz forums ThreadPage Parameter Cross Site Scripting Attempt || url,packetstormsecurity.com/files/115886/Web-Wiz-Forums-10.03-Cross-Site-Scripting.html 1 || 2016291 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMiniAdmin db Parameter Cross Site Scripting Attempt || url,cxsecurity.com/issue/WLB-2013010179 1 || 2016292 || 6 || trojan-activity || 0 || ET TROJAN Mashigoom/Tranwos/RevProxy ClickFraud - hello 1 || 2016293 || 2 || trojan-activity || 0 || ET TROJAN RevProxy - ClickFraud - MIDUIDEND 1 || 2016294 || 10 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Jenkins Script Console Usage (Can be Used to Spawn Shell) 1 || 2016295 || 7 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Jenkins Script Console Usage (Metasploit Windows CMD Shell) 1 || 2016296 || 7 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Jenkins Script Console Usage (Metasploit Unix Shell) 1 || 2016297 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious iframe 1 || 2016298 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious iframe 1 || 2016299 || 10 || bad-unknown || 0 || ET CURRENT_EVENTS Redkit Class Request (3) 1 || 2016300 || 4 || trojan-activity || 0 || ET TROJAN Simda.C Checkin || md5,10642e1067aca9f04ca874c02aabda5c 1 || 2016302 || 5 || successful-recon-limited || 0 || ET INFO UPnP Discovery Search Response vulnerable UPnP device 1 || url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play || url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf || cve,2013-0229 1 || 2016303 || 4 || successful-recon-limited || 0 || ET INFO UPnP Discovery Search Response vulnerable UPnP device 2 || url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play || url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf || cve,2012-5958 || cve,2012-5959 1 || 2016304 || 2 || successful-recon-limited || 0 || ET INFO UPnP Discovery Search Response vulnerable UPnP device 3 || url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play || url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf || cve,2012-5958 || cve,2012-5959 1 || 2016305 || 6 || web-application-activity || 0 || ET CURRENT_EVENTS Ruby on Rails CVE-2013-0333 Attempt || url,gist.github.com/4660248 1 || 2016306 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS JDB Exploit Kit Landing URL structure 1 || 2016307 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS JDB Exploit Kit Landing Page 1 || 2016308 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JDB Exploit Kit Class Request 1 || 2016309 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS JDB Exploit Kit JAR Download 1 || 2016310 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS JDB Exploit Kit Fake Adobe Download 1 || 2016311 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Non-Standard HTML page in Joomla /com_content/ dir (Observed in Recent Pharma Spam) 1 || 2016312 || 2 || trojan-activity || 0 || ET TROJAN W32/DownloaderAgent.fajk Successful Infection CnC Beacon || url,www.securelist.com/en/descriptions/15316120/Trojan.Win32.Agent.fajk 1 || 2016313 || 3 || trojan-activity || 0 || ET TROJAN W32/DownloaderAgent.fajk Second Stage Download List Requested || url,www.securelist.com/en/descriptions/15316120/Trojan.Win32.Agent.fajk 1 || 2016314 || 2 || trojan-activity || 0 || ET TROJAN Linux/SSHDoor.A Reporting Backdoor CnC Beacon || url,blog.eset.com/2013/01/24/linux-sshdoor-a-backdoored-ssh-daemon-that-steals-passwords 1 || 2016315 || 3 || trojan-activity || 0 || ET DELETED Linux/SSHDoor.A User Login CnC Beacon || url,blog.eset.com/2013/01/24/linux-sshdoor-a-backdoored-ssh-daemon-that-steals-passwords 1 || 2016316 || 3 || trojan-activity || 0 || ET TROJAN W32/StartPage.eba Dropper Checkin || url,www.securelist.com/en/descriptions/24621847/Trojan-Dropper.Win32.StartPage.eba 1 || 2016317 || 2 || trojan-activity || 0 || ET TROJAN Suspicious user-agent (f**king) 1 || 2016318 || 6 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Ksapp.A Checkin || md5,e6d9776113b29680aec73ac2d1445946 || md5,13e6ce4aac7e60b10bfde091c09b9d88 || url,anubis.iseclab.org/?action=result&task_id=16b7814b794cd728435e122ca2c2fcdd3 || url,www.fortiguard.com/latest/mobile/4158213 || url,symantec.com/connect/blogs/mdk-largest-mobile-botnet-china 1 || 2016319 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Impact Exploit Kit Landing Page 1 || 2016320 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Kit Java gif download 1 || 2016321 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible g01pack Jar download 1 || 2016322 || 1 || attempted-dos || 0 || ET DOS LibuPnP CVE-2012-5958 ST DeviceType Buffer Overflow || cve,CVE_2012-5958 || cve,CVE-2012-5962 1 || 2016323 || 1 || attempted-dos || 0 || ET DOS LibuPnP CVE-2012-5963 ST UDN Buffer Overflow || cve,CVE-2012-5963 1 || 2016324 || 1 || attempted-dos || 0 || ET DOS LibuPnP CVE-2012-5964 ST URN ServiceType Buffer Overflow || cve,CVE-2012-5964 1 || 2016325 || 1 || attempted-dos || 0 || ET DOS LibuPnP CVE-2012-5965 ST URN DeviceType Buffer Overflow || cve,CVE-2012-5965 1 || 2016326 || 1 || attempted-dos || 0 || ET DOS LibuPnP CVE-2012-5961 ST UDN Buffer Overflow || cve,CVE-2012-5961 1 || 2016327 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS PHISH Generic - POST to myform.php 1 || 2016328 || 1 || trojan-activity || 0 || ET TROJAN ZeuS Post to C&C footer.php 1 || 2016329 || 4 || trojan-activity || 0 || ET TROJAN W32/SecVerif.Downloader Initial Checkin || url,anubis.iseclab.org/?action=result&task_id=19f379c075627c7b44d0a0db154394f63 1 || 2016330 || 3 || trojan-activity || 0 || ET TROJAN W32/SecVerif.Downloader Second Stage Download Request || url,anubis.iseclab.org/?action=result&task_id=19f379c075627c7b44d0a0db154394f63 1 || 2016331 || 1 || trojan-activity || 0 || ET TROJAN W32/Jabberbot.A Trednet XMPP CnC Beacon || url,blog.eset.com/2013/01/30/walking-through-win32jabberbot-a-instant-messaging-cc 1 || 2016333 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible g01pack Landing Page 1 || 2016334 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSClass file Parameter Remote File Access Attempt || url,securityfocus.com/bid/51721/ 1 || 2016335 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSClass id parameter data access Attempt 1 || url,securityfocus.com/bid/51721/ 1 || 2016336 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSClass id parameter data access Attempt 2 || url,securityfocus.com/bid/51721/ 1 || 2016337 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Chocolate WP Theme src Cross Site Scripting Attempt || url,securityfocus.com/bid/57541/ 1 || 2016338 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Chocolate WP Theme src Remote File Inclusion Attempt || url,securityfocus.com/bid/57541/ 1 || 2016339 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMSQLITE id parameter Cross Site Scripting Attempt || url,securityfocus.com/bid/56132/ 1 || 2016340 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMSQLITE mediaAdmin.php file Local File Inclusion Attempt || url,securityfocus.com/bid/56132/ 1 || 2016341 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Feb 04 2012 1 || 2016342 || 2 || trojan-activity || 0 || ET TROJAN W32/Beebus HTTP POST CnC Beacon || url,blog.fireeye.com/research/2013/02/operation-beebus.html 1 || 2016343 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE Android TrojanFakeLookout.A || url,blog.trustgo.com/fakelookout/ || md5,65baecf1fe1ec7b074a5255dc5014beb 1 || 2016344 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Fakelash.A!tr.spy Checkin || md5,7dec1c9174d0f688667f6c34c0fa66c2 || url,blog.fortiguard.com/android-malware-distributed-by-malicious-sms-in-france/ 1 || 2016345 || 5 || trojan-activity || 0 || ET MOBILE_MALWARE DroidKungFu Variant 1 || 2016347 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Styx Exploit Kit Secondary Landing 1 || 2016348 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS WhiteHole Exploit Landing Page 1 || 2016349 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS WhiteHole Exploit Kit Jar Request 1 || 2016350 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS WhiteHole Exploit Kit Payload Download 1 || 2016352 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit Jerk.cgi TDS || url,malwaremustdie.blogspot.co.uk/2013/02/the-infection-of-styx-exploit-kit.html 1 || 2016353 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Getmyfile.exe Payload || url,malwaremustdie.blogspot.co.uk/2013/02/the-infection-of-styx-exploit-kit.html 1 || 2016354 || 3 || attempted-user || 0 || ET CURRENT_EVENTS WSO WebShell Activity POST structure 2 1 || 2016355 || 2 || trojan-activity || 0 || ET TROJAN W32/ServStart.Variant CnC Beacon 1 || 2016356 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack - Landing Page - Received 1 || 2016357 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack - URI - jpfoff.php 1 || 2016358 || 4 || trojan-activity || 0 || ET TROJAN W32/ZeroAccess Counter.img Checkin || url,malwaremustdie.blogspot.co.uk/2013/02/blackhole-of-closest-version-with.html 1 || 2016359 || 3 || trojan-activity || 0 || ET TROJAN Request for fake postal receipt from e-mail link 1 || 2016360 || 2 || misc-activity || 0 || ET INFO JAVA - ClassID 1 || 2016361 || 2 || misc-activity || 0 || ET INFO JAVA - ClassID 1 || 2016363 || 2 || attempted-dos || 0 || ET DOS Miniupnpd M-SEARCH Buffer Overflow CVE-2013-0229 || url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play || url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf || cve,CVE-2013-0229 1 || 2016365 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack Jar Request (3) 1 || 2016366 || 3 || trojan-activity || 0 || ET TROJAN Umbra/Multibot Loader User-Agent (umbra) || url,malware.dontneedcoffee.com/2013/02/inside-multi-botnet-ver4-c-panel.html 1 || 2016367 || 3 || trojan-activity || 0 || ET TROJAN Umbra/MultiBot Plugin access || url,malware.dontneedcoffee.com/2013/02/inside-multi-botnet-ver4-c-panel.html 1 || 2016368 || 3 || trojan-activity || 0 || ET TROJAN Win32/Toby.N Multilocker Checkin || url,malware.dontneedcoffee.com/2013/02/inside-multi-botnet-ver4-c-panel.html 1 || 2016369 || 4 || trojan-activity || 0 || ET TROJAN Win32/Toby.N Multilocker Request || url,malware.dontneedcoffee.com/2013/02/inside-multi-botnet-ver4-c-panel.html 1 || 2016370 || 3 || trojan-activity || 0 || ET TROJAN Win32/Toby.N Multilocker Image Request || url,malware.dontneedcoffee.com/2013/02/inside-multi-botnet-ver4-c-panel.html 1 || 2016371 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Kit Java jpg download 1 || 2016373 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM EK - Landing Page 1 || 2016374 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM - Java Exploit - jaxws.jar 1 || 2016375 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM - Java Exploit - jre.jar 1 || 2016377 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM - Payload Download 1 || 2016378 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM EK - Java Exploit - fbyte.jar 1 || 2016379 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic - JAR Containing Windows Executable 1 || 2016380 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura Exploit Kit Encrypted Binary (1) 1 || 2016381 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress WP ecommerce Shop Styling Plugin dompdf RFI Attempt || url,secunia.com/advisories/51707/ 1 || 2016382 || 3 || attempted-user || 0 || ET ACTIVEX Possible Ecava IntegraXor save method Remote ActiveX Buffer Overflow || url,1337day.org/exploit/15398 1 || 2016383 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Audio Player Plugin playerID parameter XSS attempt in swf || url,packetstormsecurity.com/files/120129/WordPress-Audio-Player-SWF-Cross-Site-Scripting.html 1 || 2016384 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress CommentLuv Plugin _ajax_nonce Parameter XSS Attempt || url,securityfocus.com/bid/57771/ 1 || 2016385 || 3 || trojan-activity || 0 || ET DELETED Android/DNightmare - Task Killer Checkin 1 || url,anubis.iseclab.org/index.php?action=result&task_id=4fdbf09e9bb20824658cfd45b63a309e 1 || 2016386 || 4 || trojan-activity || 0 || ET DELETED Android/DNightmare - Task Killer Checkin 2 || md5,745513a53af2befe3dc00d0341d80ca6 1 || 2016387 || 4 || trojan-activity || 0 || ET DELETED Android/DNightmare -Task Killer Checkin 3 || md5,745513a53af2befe3dc00d0341d80ca6 1 || 2016388 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SiteGo file parameter Local File Inclusion Attempt || url,securityfocus.com/bid/57845/ 1 || 2016389 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SiteGo OpenFolder parameter Local File Inclusion Attempt || url,securityfocus.com/bid/57845/ 1 || 2016390 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossword gw_admin.php Cross Site Scripting Attempt || url,packetstormsecurity.com/files/120045/Glossword-1.8.12-XSS-CSRF-Shell-Upload-Database-Disclosure.html 1 || 2016391 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Adobe Flash Zero Day LadyBoyle Infection Campaign || md5,3de314089db35af9baaeefc598f09b23 || md5,2568615875525003688839cb8950aeae || url,blog.fireeye.com/research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html || url,www.adobe.com/go/apsb13-04 || cve,2013-0633 || cve,2013-0633 1 || 2016393 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Impact Exploit Kit Landing Page 1 || 2016394 || 5 || trojan-activity || 0 || ET WEB_CLIENT Adobe Flash Uncompressed 1 || 2016395 || 7 || protocol-command-decode || 0 || ET WEB_CLIENT Microsoft OLE Compound File With Flash 1 || 2016396 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Specific Uncompressed Flash CVE-2013-0634 1 || 2016397 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Specific Uncompressed Flash Inside of OLE CVE-2013-0634 1 || 2016398 || 8 || trojan-activity || 0 || ET TROJAN Variant.Graftor.5628 CnC Traffic || md5,81687637b7bf2b90258a5006683e781c || url,www.fireeye.com/blog/technical/cyber-exploits/2013/08/the-sunshop-campaign-continues.html 1 || 2016399 || 3 || trojan-activity || 0 || ET TROJAN W32/FloatingCloud.Banker CnC Beacon || url,www.securelist.com/en/blog/798/God_horses_are_floating_clouds_The_story_of_a_Chinese_banker_Trojan 1 || 2016400 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Flash Action Script Invalid Regex CVE-2013-0634 || cve,2013-0634 1 || 2016401 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Flash Action Script Invalid Regex CVE-2013-0634 || cve,2013-0364 1 || 2016402 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Kit Java png download 1 || 2016403 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload - obfuscated binary base 0 1 || 2016404 || 3 || not-suspicious || 0 || ET INFO MPEG Download Over HTTP (1) 1 || 2016405 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - PDF Exploit - Feb 12 2013 1 || 2016406 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK landing applet plus class Feb 12 2013 1 || 2016407 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Cool Java Exploit Recent Jar (1) 1 || 2016408 || 13 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (4) 1 || 2016409 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Adobe PDF Zero Day Trojan.666 Payload libarhlp32.dll Second Stage Download POST || url,blog.fireeye.com/research/2013/02/the-number-of-the-beast.html 1 || 2016410 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Adobe PDF Zero Day Trojan.666 Payload libarext32.dll Second Stage Download POST || url,blog.fireeye.com/research/2013/02/the-number-of-the-beast.html 1 || 2016411 || 3 || trojan-activity || 0 || ET TROJAN PDF 0day Communication - agent UA Feb 14 2013 || url,www.joesecurity.org/reports/report-f3b9663a01a73c5eca9d6b2a0519049e.html 1 || 2016412 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS TDS Vdele 1 || 2016413 || 4 || trojan-activity || 0 || ET DNS Reply Sinkhole - sinkhole.cert.pl 148.81.111.111 1 || 2016414 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (5) 1 || 2016415 || 3 || bad-unknown || 0 || ET WEB_SERVER PHP tag in UA || url,blog.spiderlabs.com/2013/02/honeypot-alert-user-agent-field-php-injection-attacks.html 1 || 2016416 || 3 || bad-unknown || 0 || ET WEB_SERVER base64_decode in UA || url,blog.spiderlabs.com/2013/02/honeypot-alert-user-agent-field-php-injection-attacks.html 1 || 2016417 || 2 || trojan-activity || 0 || ET TROJAN W32/Vundo.Downloader Reporting User Website Session Information || url,www.lavasoft.com/mylavasoft/malware-descriptions/blog/trojandownloaderwin32vundojd 1 || 2016418 || 5 || trojan-activity || 0 || ET DNS Reply Sinkhole - Dr. Web || url,virustracker.info 1 || 2016419 || 5 || trojan-activity || 0 || ET DNS Reply Sinkhole - Zinkhole.org 1 || 2016420 || 5 || trojan-activity || 0 || ET DNS Reply Sinkhole - German Company || url,virustracker.info 1 || 2016421 || 5 || trojan-activity || 0 || ET DNS Reply Sinkhole - 1and1 Internet AG || url,virustracker.info 1 || 2016422 || 5 || trojan-activity || 0 || ET DNS Reply Sinkhole - Georgia Tech (1) || url,virustracker.info 1 || 2016423 || 6 || trojan-activity || 0 || ET DNS Reply Sinkhole - Georgia Tech (2) || url,virustracker.info 1 || 2016424 || 5 || trojan-activity || 0 || ET TROJAN Win32/Vundo.OD Checkin || url,www.threatexpert.com/report.aspx?md5=8840a0d9d7f4dba3953ccb68b17b2d6c || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FVundo.OD 1 || 2016425 || 5 || trojan-activity || 0 || ET TROJAN Win32.Zbot.ivgw Downloading EXE || md5,e8e3d22203f9549d6c5f361dfe51f8c6 1 || 2016426 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK landing applet plus class Feb 18 2013 1 || 2016427 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Possible Java Payload Download 1 || 2016428 || 7 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Likseput.B Checkin 2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fLikseput.B 1 || 2016429 || 4 || trojan-activity || 0 || ET TROJAN Shady Rat/HTran style HTTP Header Pattern Request UHCa and Google MSIE UA || url,www.secureworks.com/research/threats/htran/ 1 || 2016430 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Downloader.Win32.Agent.vhvw Checkin MINIASP || md5,e4a4e2a3b3adaf3a31e34cd2844a3374 || url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=1042762#none 1 || 2016431 || 4 || trojan-activity || 0 || ET TROJAN Win32/Tosct.B UA Mandiant APT1 Related || url,www.mandiant.com/apt1 || md5,5bcaa2f4bc7567f6ffd5507a161e221a 1 || 2016432 || 4 || trojan-activity || 0 || ET TROJAN Likseput.B Checkin || md5,95d85aa629a786bb67439a064c4349ec 1 || 2016433 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32/Likseput.A Checkin Windows Vista/7/8 || md5,b5e9ce72771217680efaeecfafe3da3f || url,threatexpert.com/report.aspx?md5=4b6f5e62d7913fc1ab6c71b5b909ecbf 1 || 2016434 || 3 || trojan-activity || 0 || ET TROJAN Win32/COOKIEBAG Cookie APT1 Related || url,www.mandiant.com/apt1 1 || 2016435 || 5 || trojan-activity || 0 || ET TROJAN WEBC2-TABLE Checkin 1 - APT1 Related || md5,7a7a46e8fbc25a624d58e897dee04ffa || md5,110160e9d6e1483192653d4bfdcbb609 || url,www.mandiant.com/apt1 1 || 2016436 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-TABLE Checkin 2 - APT1 Related || md5,7a7a46e8fbc25a624d58e897dee04ffa || md5,110160e9d6e1483192653d4bfdcbb609 || url,www.mandiant.com/apt1 1 || 2016437 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-TABLE Checkin 3 - APT1 Related || md5,7a7a46e8fbc25a624d58e897dee04ffa || md5,110160e9d6e1483192653d4bfdcbb609 || url,www.mandiant.com/apt1 1 || 2016438 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-TABLE Checkin Response - Embedded CnC APT1 Related || url,www.mandiant.com/apt1 || md5,7a7a46e8fbc25a624d58e897dee04ffa || md5,110160e9d6e1483192653d4bfdcbb609 1 || 2016439 || 3 || trojan-activity || 0 || ET TROJAN Win32/Namsoth.A Checkin/NEWSREELS APT1 Related || md5,a2cd1189860b9ba214421aab86ecbc8a || url,www.mandiant.com/apt1 1 || 2016440 || 2 || trojan-activity || 0 || ET TROJAN SEASALT HTTP Checkin || md5,5e0df5b28a349d46ac8cc7d9e5e61a96 || url,www.mandiant.com/apt1 1 || 2016441 || 2 || trojan-activity || 0 || ET TROJAN SEASALT Client Checkin || md5,5e0df5b28a349d46ac8cc7d9e5e61a96 || url,www.mandiant.com/apt1 1 || 2016442 || 2 || trojan-activity || 0 || ET TROJAN SEASALT Server Response || md5,5e0df5b28a349d46ac8cc7d9e5e61a96 || url,www.mandiant.com/apt1 1 || 2016443 || 2 || trojan-activity || 0 || ET TROJAN STARSYPOUND Client Checkin || md5,8442ae37b91f279a9f06de4c60b286a3 || url,www.mandiant.com/apt1 1 || 2016444 || 3 || trojan-activity || 0 || ET TROJAN STARSYPOUND Client Checkin || md5,8442ae37b91f279a9f06de4c60b286a3 || url,www.mandiant.com/apt1 1 || 2016445 || 2 || trojan-activity || 0 || ET TROJAN SWORD Sending Sword Marker || md5,052f5da1734464a985dcd669bff62f93 || url,www.mandiant.com/apt1 1 || 2016446 || 4 || trojan-activity || 0 || ET TROJAN TABMSGSQL/Sluegot.C Checkin || url,www.cyberesi.com/2011/06/15/trojan-letsgo-analysis/ || url,www.mandiant.com/apt1 || md5,052ec04866e4a67f31845d656531830d 1 || 2016447 || 2 || trojan-activity || 0 || ET TROJAN WARP Win32/Barkiofork.A || url,www.mandiant.com/apt1 || md5,7acb0d1df51706536f33bbdb990041d3 1 || 2016448 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-ADSPACE Server Response || url,www.mandiant.com/apt1 1 || 2016449 || 3 || trojan-activity || 0 || ET TROJAN WEBC2-AUSOV Checkin Response - Embedded CnC APT1 Related || url,www.mandiant.com/apt1 || md5,0cf9e999c574ec89595263446978dc9f || md5,0cf9e999c574ec89595263446978dc9f 1 || 2016450 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32/Likseput.A Checkin || url,threatexpert.com/report.aspx?md5=4b6f5e62d7913fc1ab6c71b5b909ecbf 1 || 2016451 || 3 || trojan-activity || 0 || ET TROJAN WEBC2-QBP Checkin Response 1 - Embedded CnC APT1 Related || url,intelreport.mandiant.com || md5,0cf9e999c574ec89595263446978dc9f || md5,fcdaa67e33357f64bc4ce7b57491fc53 1 || 2016452 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-CLOVER Checkin APT1 Related || url,www.mandiant.com/apt1 || md5,29c691978af80dc23c4df96b5f6076bb 1 || 2016453 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-CLOVER Download UA || url,www.mandiant.com/apt1 || md5,29c691978af80dc23c4df96b5f6076bb 1 || 2016454 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-DIV UA || url,www.mandiant.com/apt1 || md5,1e5ec6c06e4f6bb958dcbb9fc636009d 1 || 2016455 || 3 || trojan-activity || 0 || ET TROJAN Possible WEBC2-GREENCAT Response - Embedded CnC APT1 Related || url,www.mandiant.com/apt1 || md5,1014af80798518864d5d3dfa4e1cd079e 1 || 2016456 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-KT3 Intial Connection Beacon APT1 Related || url,www.mandiant.com/apt1 || md5,ec3a2197ca6b63ee1454d99a6ae145ab 1 || 2016457 || 3 || trojan-activity || 0 || ET TROJAN WEBC2-KT3 Intial Connection Beacon Server Response APT1 Related || url,www.mandiant.com/apt1 || md5,ec3a2197ca6b63ee1454d99a6ae145ab 1 || 2016458 || 3 || trojan-activity || 0 || ET TROJAN WEBC2-RAVE UA || url,www.mandiant.com/apt1 || md5,5bcaa2f4bc7567f6ffd5507a161e221a 1 || 2016459 || 5 || trojan-activity || 0 || ET TROJAN Win32/Small.XR Checkin 2 WEBC2-CSON APT1 Related || url,www.threatexpert.com/report.aspx?md5=ba45339da92ca4622b472ac458f4c8f2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FSmall.XR || url,www.mandiant.com/apt1 1 || 2016460 || 6 || trojan-activity || 0 || ET TROJAN WEBC2-CSON Checkin - APT1 Related || url,www.threatexpert.com/report.aspx?md5=ba45339da92ca4622b472ac458f4c8f2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FSmall.XR || url,intelreport.mandiant.com/ || md5, 8dd6a7fe83bd9682187d956f160ffb47 1 || 2016461 || 4 || trojan-activity || 0 || ET TROJAN Win32.Sluegot.A Checkin WEBC2-YAHOO APT1 Related || url,www.securelist.com/en/descriptions/24052976/Trojan.Win32.Scar.ddxe || md5,0149b7bd7218aab4e257d28469fddb0d || md5,6f9992c486195edcf0bf2f6ee6c3ec74 || url,www.mandiant.com/apt1 1 || 2016462 || 3 || trojan-activity || 0 || ET TROJAN Fake Virtually SSL Cert APT1 || url,www.mandiant.com/apt1 1 || 2016463 || 3 || trojan-activity || 0 || ET TROJAN Fake IBM SSL Cert APT1 || url,www.mandiant.com/apt1 1 || 2016464 || 3 || trojan-activity || 0 || ET TROJAN EMAIL SSL Cert APT1 || url,www.mandiant.com/apt1 1 || 2016465 || 3 || trojan-activity || 0 || ET TROJAN LAME SSL Cert APT1 || url,www.mandiant.com/apt1 1 || 2016466 || 3 || trojan-activity || 0 || ET TROJAN NS SSL Cert APT1 || url,www.mandiant.com/apt1 1 || 2016467 || 3 || trojan-activity || 0 || ET TROJAN SERVER SSL Cert APT1 || url,www.mandiant.com/apt1 1 || 2016468 || 4 || trojan-activity || 0 || ET TROJAN SUR SSL Cert APT1 || url,www.mandiant.com/apt1 1 || 2016469 || 3 || trojan-activity || 0 || ET TROJAN FAKE AOL SSL Cert APT1 || url,www.mandiant.com/apt1 1 || 2016470 || 3 || trojan-activity || 0 || ET TROJAN FAKE YAHOO SSL Cert APT1 || url,www.mandiant.com/apt1 1 || 2016471 || 3 || trojan-activity || 0 || ET TROJAN WEBC2-UGX User-Agent (Windows+NT+5.x) APT1 || url,www.mandiant.com/apt1 1 || 2016472 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-UGX Embedded CnC Response APT1 || md5,ae45648a8fc01b71214482d35cf8da54 || url,www.mandiant.com/apt1 1 || 2016473 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible DNS Data Exfiltration to SSHD Rootkit Last Resort CnC || url,isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229 1 || 2016474 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew UGX Backdoor initial connection 1 || 2016475 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew downloader without user-agent string exe download without User Agent 1 || 2016476 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications get system 1 || 2016477 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications html return 1 1 || 2016478 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications sleep 1 || 2016479 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications sleep2 1 || 2016480 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications sleep3 1 || 2016482 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications sleep5 1 || 2016483 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications download client.png 1 || 2016484 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT crabdance backdoor base64 head 2 1 || 2016485 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT crabdance backdoor base64 head 1 || 2016486 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT backdoor stage 2 download base64 update.gif 1 || 2016487 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT backdoor download logo.png 1 || 2016488 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications get command client key 1 || 2016489 || 4 || trojan-activity || 0 || ET TROJAN CBeplay Downloading Design 1 || 2016490 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class Request (1) 1 || 2016491 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class Request (2) 1 || 2016492 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class Request (3) 1 || 2016493 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class Request (3) 1 || 2016494 || 5 || trojan-activity || 0 || ET INFO Serialized Java Applet (Used by some EKs in the Wild) 1 || 2016495 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Kit Java .psd download 1 || 2016496 || 4 || trojan-activity || 0 || ET TROJAN Gimemo Ransomware Checkin 1 || 2016497 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS StyX Landing Page (2) 1 || 2016498 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Payload || url,malwaremustdie.blogspot.co.uk/2013/02/the-infection-of-styx-exploit-kit.html 1 || 2016499 || 11 || bad-unknown || 0 || ET CURRENT_EVENTS Styx Exploit Kit Payload Download 1 || 2016500 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Nicepack EK Landing (Anti-VM) 1 || 2016501 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - zecmd - Form 1 || 2016502 || 2 || trojan-activity || 0 || ET INFO Java Serialized Data via vulnerable client 1 || 2016503 || 2 || trojan-activity || 0 || ET INFO Java Serialized Data 1 || 2016504 || 4 || bad-unknown || 0 || ET INFO Serialized Data request 1 || 2016505 || 2 || trojan-activity || 0 || ET INFO file possibly containing Serialized Data file 1 || 2016506 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Kit Java jpeg download 1 || 2016507 || 5 || trojan-activity || 0 || ET TROJAN W32/Caphaw Requesting Additional Modules From CnC || url,www.welivesecurity.com/2013/02/25/caphaw-attacking-major-european-banks-with-webinject-plugin/ 1 || 2016508 || 2 || trojan-activity || 0 || ET TROJAN W32/Caphaw CnC Configuration File Request || url,www.welivesecurity.com/2013/02/25/caphaw-attacking-major-european-banks-with-webinject-plugin/ 1 || 2016509 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Zbot.Variant Fake MSIE 6.0 UA 1 || 2016510 || 4 || trojan-activity || 0 || ET INFO Serialized Java Applet (Used by some EKs in the Wild) 1 || 2016511 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Successful Compromise svchost.jpg Beacon - Java Zeroday || url,blog.fireeye.com/research/2013/02/yaj0-yet-another- java-zero-day-2.html 1 || 2016512 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Smsilence.A Successful Install Report || url,blogs.mcafee.com/mcafee-labs/sms-trojan-targets-south-korean-android-devices 1 || 2016513 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Smsilence.A Sending SMS Messages CnC Beacon || url,blogs.mcafee.com/mcafee-labs/sms-trojan-targets-south-korean-android-devices 1 || 2016514 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Java Exploit - jhan.jar 1 || 2016515 || 4 || trojan-activity || 0 || ET TROJAN Gimemo Activity 1 || 2016516 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - Generic - c99shell based POST structure 1 || 2016519 || 3 || attempted-user || 0 || ET EXPLOIT Metasploit js_property_spray sprayHeap || url,community.rapid7.com/community/metasploit/blog/2013/03/04/new-heap-spray-technique-for-metasploit-browser-exploitation 1 || 2016520 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Probable Sakura exploit kit landing page obfuscated applet tag Mar 1 2013 1 || 2016521 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Java Archive Request (Java-SPLOIT.jar) 1 || 2016522 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Payload Request 1 || 2016523 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Exploit Request 1 || 2016524 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole V2 Exploit Kit Landing Page Try Catch Body Specific - 4/3/2013 1 || 2016525 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole V2 Exploit Kit Landing Page Try Catch Body Style 2 Specific - 4/3/2013 1 || 2016526 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole V2 Exploit Kit Landing Page Try Catch False Specific - 4/3/2013 1 || 2016527 || 3 || trojan-activity || 0 || ET TROJAN W32/Asprox php.dll.crp POST CnC Beacon || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf 1 || 2016528 || 3 || trojan-activity || 0 || ET TROJAN W32/Asprox CnC Beacon || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf 1 || 2016529 || 2 || trojan-activity || 0 || ET TROJAN W32/Asprox Passgrub POST CnC Beacon || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf 1 || 2016530 || 2 || trojan-activity || 0 || ET TROJAN W32/Asprox.FakeAV Affiliate Second Stage Download Location Request || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf 1 || 2016531 || 2 || trojan-activity || 0 || ET TROJAN W32/Asprox.FakeAV Affiliate Download Location Response - Likely Pay-Per-Install For W32/Papras.Spy or W32/ZeroAccess || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf 1 || 2016533 || 2 || trojan-activity || 0 || ET TROJAN W32/TrojanSpy.MSIL Fetch Time CnC Beacon || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B 1 || 2016534 || 2 || trojan-activity || 0 || ET TROJAN W32/TrojanSpy.MSIL Get New MAC CnC Beacon || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B 1 || 2016535 || 2 || trojan-activity || 0 || ET TROJAN W32/TrojanSpy.MSIL Set Done Day CnC Beacon || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B 1 || 2016536 || 2 || trojan-activity || 0 || ET TROJAN W32/TrojanSpy.MSIL Fetch Header CnC Beacon || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B 1 || 2016537 || 2 || bad-unknown || 0 || ET INFO GET Minimal HTTP Headers Flowbit Set 1 || 2016538 || 3 || bad-unknown || 0 || ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download 1 || 2016539 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Java Download non Jar file 1 || 2016540 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS JAR Download by Java UA with non JAR EXT matches various EKs 1 || 2016541 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Cool landing applet plus class Mar 03 2013 1 || 2016542 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Portal TDS Kit GET || url,ondailybasis.com/blog/?p=1867 1 || 2016543 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Portal TDS Kit GET (2) || url,ondailybasis.com/blog/?p=1867 1 || 2016544 || 4 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal Mar 6 2013 1 || 2016546 || 3 || trojan-activity || 0 || ET MALWARE W32/Eorezo.Adware CnC Beacon || url,www.symantec.com/security_response/writeup.jsp?docid=2012-061213-2441-99 1 || 2016547 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (6) 1 || 2016548 || 3 || trojan-activity || 0 || ET DELETED W32/Ponik.Downloader Randomware Download || url,www.symantec.com/connect/blogs/fake-adobe-flash-update-installs-ransomware-performs-click-fraud || url,www.symantec.com/security_response/writeup.jsp?docid=2012-110915-5758-99 1 || 2016549 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Base64 http argument in applet (Neutrino/Angler) 1 || 2016550 || 5 || trojan-activity || 0 || ET TROJAN Win32/Fareit Checkin 2 || md5,10baa5250610fc2b5b2cdf932f2007c0 1 || 2016551 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Downloading Jar 1 || 2016552 || 2 || trojan-activity || 0 || ET TROJAN W32/Trustezeb.C CnC Beacon || url,www.abuse.ch/?p=5175 || url,www.virusradar.com/Win32_Trustezeb.C/description 1 || 2016553 || 3 || trojan-activity || 0 || ET TROJAN Win32/Urausy.C Checkin || md5,09462f13d7e6aaa0bff2788158343829 || md5,b18f80d665f340af91003226a2b974b6 || md5,1494b8b9f42753a4bc1762d8f3287db6 1 || 2016554 || 7 || trojan-activity || 0 || ET DELETED Possible FiestaEK CVE-2013-0431 Artifact (1) Mar 07 2013 1 || 2016555 || 7 || trojan-activity || 0 || ET DELETED Possible FiestaEK CVE-2013-0431 Artifact (2) Mar 07 2013 1 || 2016556 || 6 || trojan-activity || 0 || ET DELETED Possible FiestaEK CVE-2013-0431 Artifact (3) Mar 07 2013 1 || 2016557 || 6 || trojan-activity || 0 || ET DELETED Possible FiestaEK CVE-2013-0431 Artifact (4) Mar 07 2013 1 || 2016558 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Possible CrimeBoss Generic URL Structure 1 || 2016559 || 14 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (7) 1 || 2016560 || 10 || attempted-user || 0 || ET CURRENT_EVENTS GonDadEK Plugin Detect March 11 2013 || url,kahusecurity.com/2012/new-chinese-exploit-pack/ 1 || 2016561 || 3 || trojan-activity || 0 || ET DELETED W32/Asprox Spam Module CnC Beacon || url,www.welivesecurity.com/2013/03/08/sinkholing-trojan-downloader-zortob-b-reveals-fast-growing-malware-threat/ || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf 1 || 2016562 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Posting Plugin-Detect Data 1 || 2016563 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16-hex/q.php Landing Page/Java exploit URI 1 || 2016564 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16-hex/q.php Jar Download 1 || 2016566 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS SNET EK Downloading Payload 1 || 2016567 || 4 || trojan-activity || 0 || ET TROJAN Win32/Urausy.C Checkin 2 || md5,09462f13d7e6aaa0bff2788158343829 || md5,b18f80d665f340af91003226a2b974b6 || md5,1494b8b9f42753a4bc1762d8f3287db6 1 || 2016568 || 2 || trojan-activity || 0 || ET TROJAN W32/LetsGo.APT Sleep CnC Beacon || url,www.fireeye.com/blog/technical/targeted-attack/2013/03/the-dingo-and-the-baby.html 1 || 2016569 || 3 || bad-unknown || 0 || ET DNS APT_NGO_wuaclt C2 Domain micorsofts.net || url,labs.alienvault.com 1 || 2016570 || 2 || bad-unknown || 0 || ET DNS APT_NGO_wuaclt C2 Domain micorsofts.com || url,labs.alienvault.com 1 || 2016571 || 1 || bad-unknown || 0 || ET DNS APT_NGO_wuaclt C2 Domain hotmal1.com || url,labs.alienvault.com 1 || 2016572 || 2 || trojan-activity || 0 || ET TROJAN APT_NGO_wuaclt C2 Check-in || url,labs.alienvault.com 1 || 2016573 || 2 || trojan-activity || 0 || ET TROJAN APT_NGO_wuaclt || url,labs.alienvault.com 1 || 2016574 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - MySQL Interface - Database List 1 || 2016575 || 3 || bad-unknown || 0 || ET WEB_SERVER WebShell - MySQL Interface - Client Cookie mysql_web_admin*= 1 || 2016576 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - MySQL Interface - Server Set Cookie mysql_web_admin*= 1 || 2016577 || 4 || bad-unknown || 0 || ET WEB_SERVER WebShell - Romanian Webshell 1 || 2016578 || 4 || trojan-activity || 0 || ET TROJAN Dorkbot Loader Payload Request || md5, 3452c20fd0df69ccfdea520a6515208a 1 || 2016579 || 2 || trojan-activity || 0 || ET TROJAN APT_NGO_wuaclt PDF file || url,labs.alienvault.com/labs/index.php/2013/latest-adobe-pdf-exploit-used-to-target-uyghur-and-tibetan-activists/ 1 || 2016580 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to DynDNS Pro Dynamic DNS Domain 1 || 2016581 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to ChangeIP Dynamic DNS Domain 1 || 2016582 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to NOIP Dynamic DNS Domain 1 || 2016583 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to DNSDynamic Dynamic DNS Domain 1 || 2016584 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to DtDNS Dynamic DNS Domain 1 || 2016585 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange applet with obfuscated URL March 03 2013 1 || 2016586 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Query to a *.opengw.net Open VPN Relay Domain || url,www.vpngate.net 1 || 2016587 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit Landing Page URL March 03 2013 1 || 2016588 || 14 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit Jar Naming Pattern March 03 2013 1 || 2016589 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit URI Struct Flowbit 1 || 2016591 || 5 || trojan-activity || 0 || ET DNS Reply Sinkhole - 46.149.18.14 blacklistthisdomain.com 1 || 2016592 || 3 || trojan-activity || 0 || ET TROJAN RevProxy Java Settings 1 || 2016593 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS RedDotv2 Java Check-in 1 || 2016594 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS RedDotv2 Jar March 18 2013 1 || 2016595 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to cd.am Dynamic DNS Domain 1 || 2016596 || 6 || attempted-admin || 0 || ET WEB_SERVER Possible SQL Injection (varchar2) || url,doc.emergingthreats.net/2008175 1 || 2016597 || 5 || trojan-activity || 0 || ET DELETED CrimeBoss - Java Exploit - m11.jar 1 || 2016598 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Java Exploit - jmx.jar 1 || 2016599 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Xtrat Checkin 2 || md5,fea70e818984b82c9a6bbdc5157d4a40 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fXtrat.A 1 || 2016600 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain peocity.com 1 || 2016601 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain rusview.net 1 || 2016602 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain skyruss.net 1 || 2016603 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain commanal.net 1 || 2016604 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain natareport.com 1 || 2016605 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain photogellrey.com 1 || 2016606 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain photogalaxyzone.com 1 || 2016607 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain insdet.com 1 || 2016608 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain creditrept.com 1 || 2016609 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain pollingvoter.org 1 || 2016610 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain dfasonline.com 1 || 2016611 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain hudsoninst.com 1 || 2016612 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain wsurveymaster.com 1 || 2016613 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain nhrasurvey.org 1 || 2016614 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain pdi2012.org 1 || 2016615 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain nceba.org 1 || 2016616 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain linkedin-blog.com 1 || 2016617 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain aafbonus.com 1 || 2016618 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain milstars.org 1 || 2016619 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain vatdex.com 1 || 2016620 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain insightpublicaffairs.org 1 || 2016621 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain applesea.net 1 || 2016622 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain appledmg.net 1 || 2016623 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain appleintouch.net 1 || 2016624 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain seyuieyahooapis.com 1 || 2016625 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain appledns.net 1 || 2016626 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain emailserverctr.com 1 || 2016627 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain dailynewsjustin.com 1 || 2016628 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain hi-tecsolutions.org 1 || 2016629 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain slashdoc.org 1 || 2016630 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain photosmagnum.com 1 || 2016631 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain resume4jobs.net 1 || 2016632 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain searching-job.net 1 || 2016633 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain servagency.com 1 || 2016634 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain gsasmartpay.org 1 || 2016635 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain tech-att.com 1 || 2016636 || 3 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal -2 Mar 13 2013 1 || 2016637 || 3 || trojan-activity || 0 || ET TROJAN W32/GameThief Initial CnC Beacon 1 || 2016638 || 2 || trojan-activity || 0 || ET TROJAN W32/Depyot.Downloader CnC Beacon || url,www.fireeye.com/blog/technical/targeted-attack/2013/03/internet-explorer-8-exploit-found-in-watering-hole-campaign-targeting-chinese-dissidents.html || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanDownloader%3AWin32%2FDepyot.A&ThreatID=-2147288740 1 || 2016639 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Watering Hole applet name AppletHigh.jar || url,www.fireeye.com/blog/technical/targeted-attack/2013/03/internet-explorer-8-exploit-found-in-watering-hole-campaign-targeting-chinese-dissidents.html 1 || 2016640 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Watering Hole applet name AppletLow.jar || url,www.fireeye.com/blog/technical/targeted-attack/2013/03/internet-explorer-8-exploit-found-in-watering-hole-campaign-targeting-chinese-dissidents.html 1 || 2016641 || 6 || web-application-attack || 0 || ET WEB_SERVER Possible Perl Shell in HTTP POST || url,isc.sans.edu/diary.html?storyid=9478 1 || 2016642 || 6 || web-application-attack || 0 || ET WEB_SERVER Possible Perl Shell in HTTP POST || url,isc.sans.edu/diary.html?storyid=9478 1 || 2016643 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible RedDotv2 applet with 32hex value Landing Page 1 || 2016644 || 2 || trojan-activity || 0 || ET TROJAN Galock Ransomware Check-in || url,twitter.com/kafeine/status/314859973064667136/photo/1 1 || 2016645 || 2 || trojan-activity || 0 || ET TROJAN Galock Ransomware Command || url,twitter.com/kafeine/status/314859973064667136/photo/1 1 || 2016646 || 3 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Acrobat Web Capture [8-9].0 || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html 1 || 2016647 || 3 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Adobe LiveCycle Designer ES 8.2 || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html 1 || 2016648 || 3 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Python PDF Library || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html 1 || 2016649 || 2 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Acrobat Distiller 9.0.0 (Windows) || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html 1 || 2016650 || 2 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Acrobat Distiller 6.0.1 (Windows) || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html 1 || 2016651 || 2 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator pdfeTeX-1.21a || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html 1 || 2016652 || 2 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Adobe Acrobat 9.2.0 || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html 1 || 2016653 || 2 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Adobe PDF Library 9.0 || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html 1 || 2016654 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Postal Reciept EXE in Zip 1 || 2016655 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Java obfuscated binary (3) 1 || 2016656 || 2 || trojan-activity || 0 || ET TROJAN [CrowdStrike] ANCHOR PANDA - Adobe Gh0st Beacon || url,blog.crowdstrike.com/whois-anchor-panda/index.html 1 || 2016657 || 3 || trojan-activity || 0 || ET DELETED [CrowdStrike] ANCHOR PANDA - Poison Ivy Keep-Alive - From Controller || url,blog.crowdstrike.com/whois-anchor-panda/index.html 1 || 2016658 || 5 || trojan-activity || 0 || ET DELETED [CrowdStrike] ANCHOR PANDA - Poison Ivy Keep-Alive - From Victim || url,blog.crowdstrike.com/whois-anchor-panda/index.html 1 || 2016659 || 2 || trojan-activity || 0 || ET TROJAN [CrowdStrike] ANCHOR PANDA Torn RAT Beacon Message Header Local || url,blog.crowdstrike.com/whois-anchor-panda/index.html 1 || 2016660 || 2 || trojan-activity || 0 || ET TROJAN [CrowdStrike] ANCHOR PANDA Torn RAT Beacon Message || url,blog.crowdstrike.com/whois-anchor-panda/index.html 1 || 2016661 || 3 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal -4 Mar 22 2013 1 || 2016662 || 3 || policy-violation || 0 || ET P2P Possible Bittorrent Activity - Multiple DNS Queries For tracker hosts 1 || 2016663 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Karagany encrypted binary (1) 1 || 2016664 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (mssql_query) 1 || 2016665 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (mssql_query) 1 || 2016666 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (pgsql_query) 1 || 2016667 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (pgsql_query) 1 || 2016668 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (mysql_query) 1 || 2016669 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (mysql_query) 1 || 2016670 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (SqlException) 1 || 2016671 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (SqlException) 1 || 2016672 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (error in your SQL syntax) 1 || 2016673 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (error in your SQL syntax) 1 || 2016674 || 3 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (ERROR syntax error at or near) 1 || 2016675 || 3 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (ERROR syntax error at or near) 1 || 2016676 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (ORA-) 1 || 2016677 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (ORA-) 1 || 2016678 || 4 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal -5 Mar 26 2013 1 || 2016679 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - Simple - Title 1 || 2016680 || 5 || bad-unknown || 0 || ET WEB_SERVER WebShell Generic - net user 1 || 2016681 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell Generic - netsh firewall 1 || 2016682 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell Generic - reg HKEY_LOCAL_MACHINE 1 || 2016683 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell Generic - wget http - POST 1 || 2016684 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - JSPCMD - Form 1 || 2016685 || 2 || trojan-activity || 0 || ET TROJAN Win32/Delfinject Check-in || md5,90f8b934c541966aede75094cfef27ed || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=VirTool%3AWin32%2FDelfInject 1 || 2016686 || 4 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal -7 Mar 30 2013 1 || 2016687 || 3 || misc-activity || 0 || ET FTP Outbound Java Anonymous FTP Login 1 || 2016688 || 2 || misc-activity || 0 || ET FTP Outbound Java Downloading jar over FTP 1 || 2016689 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - MySQL Interface - Auth Prompt 1 || 2016690 || 12 || trojan-activity || 0 || ET TROJAN Kovter Ransomware Check-in || url,www.botnets.fr/index.php/Kovter || md5,82d0e4f8b34d6d39ee4ff59d0816ec05 1 || 2016692 || 4 || bad-unknown || 0 || ET INFO SUSPICIOUS UA starting with Mozilla/7 1 || 2016693 || 4 || bad-unknown || 0 || ET INFO SUSPICIOUS UA starting with Mozilla/8 1 || 2016694 || 4 || bad-unknown || 0 || ET INFO SUSPICIOUS UA starting with Mozilla/9 1 || 2016695 || 2 || bad-unknown || 0 || ET INFO SUSPICIOUS UA starting with Mozilla/0 1 || 2016696 || 13 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS svchost.exe in URI Probable Process Dump/Trojan Download 1 || 2016697 || 13 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS winlogon.exe in URI || md5,fd95cc0bb7d3ea5a0c86d45570df5228 || md5,09330c596a33689a610a1b183a651118 1 || 2016698 || 13 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS services.exe in URI || md5,145c06300d61b3a0ce2c944fe7cdcb96 1 || 2016699 || 13 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS lsass.exe in URI || md5,d929747212309559cb702dd062fb3e5d 1 || 2016700 || 13 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS explorer.exe in URI || md5,de1bc32ad135b14ad3a5cf72566a63ff 1 || 2016701 || 12 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS smss.exe in URI || md5,450dbe96d7f4108474071aca5826fc43 1 || 2016702 || 12 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS csrss.exe in URI || md5,21a069667a6dba38f06765e414e48824 1 || 2016703 || 12 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS rundll32.exe in URI || md5,ea3dec87f79ff97512c637a5c8868a7e 1 || 2016704 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Probable Sakura exploit kit landing page obfuscated applet tag Mar 28 2013 1 || 2016705 || 19 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange applet with obfuscated URL April 01 2013 1 || 2016706 || 19 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO/NeoSploit possible second stage landing page (1) 1 || 2016707 || 4 || trojan-activity || 0 || ET TROJAN Win32/Enchanim Checkin || md5,539d3b15e9c3882ac70bb1ac7f90a837 1 || 2016708 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss Recent Jar (3) 1 || 2016709 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss Recent Jar (4) 1 || 2016710 || 3 || trojan-activity || 0 || ET TROJAN Zeus User-Agent(z00sAgent) || md5,e94fb19f3a38f9b2a775b925e4c0abe3 1 || 2016711 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Targeted Tibetan Android Malware C2 Domain || url,citizenlab.org/2013/04/permission-to-spy-an-analysis-of-android-malware-targeting-tibetans/ 1 || 2016712 || 3 || bad-unknown || 0 || ET DELETED Empty HTTP Content Type Server Response - Potential CnC Server 1 || 2016713 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32/BaneChant.APT Winword.pkg Redirect || url,www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html 1 || 2016714 || 2 || bad-unknown || 0 || ET SHELLCODE Possible Backslash Escaped UTF-8 0c0c Heap Spray 1 || 2016715 || 2 || bad-unknown || 0 || ET SHELLCODE Possible Backslash Escaped UTF-16 0c0c Heap Spray 1 || 2016716 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS BHEK q.php iframe inbound || url,blog.sucuri.net/2013/02/web-server-compromise-debian-distro-identify-and-remove-corrupt-apache-modules.html 1 || 2016717 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS BHEK ff.php iframe inbound || url,blog.sucuri.net/2013/02/web-server-compromise-debian-distro-identify-and-remove-corrupt-apache-modules.html 1 || 2016718 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS BHEK q.php iframe outbound || url,blog.sucuri.net/2013/02/web-server-compromise-debian-distro-identify-and-remove-corrupt-apache-modules.html 1 || 2016719 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS BHEK ff.php iframe outbound || url,blog.sucuri.net/2013/02/web-server-compromise-debian-distro-identify-and-remove-corrupt-apache-modules.html 1 || 2016720 || 5 || trojan-activity || 0 || ET DELETED Sakura Jar Download SET 1 || 2016721 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sakura Jar Download 1 || 2016722 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 32-hex/ff.php Landing Page/Java exploit URI 1 || 2016723 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 32-hex/ff.php Jar Download 1 || 2016724 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16-hex/ff.php Landing Page/Java exploit URI 1 || 2016725 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16-hex/ff.php Jar Download 1 || 2016726 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Potential Fiesta Flash Exploit 1 || 2016727 || 2 || trojan-activity || 0 || ET TROJAN W32/BaneChant.APT Data Exfiltration POST to CnC || url,www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html 1 || 2016728 || 2 || trojan-activity || 0 || ET TROJAN W32/BaneChant.APT Initial CnC Beacon || url,www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html 1 || 2016729 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS Reversed Applet Observed in Sakura/Blackhole Landing 1 || 2016730 || 13 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal 1 || 2016731 || 4 || trojan-activity || 0 || ET TROJAN Revoyem Ransomware Check-in || url,www.botnets.fr/index.php/Revoyem 1 || 2016732 || 4 || trojan-activity || 0 || ET TROJAN Revoyem Ransomware Activity || url,www.botnets.fr/index.php/Revoyem 1 || 2016733 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura encrypted binary (2) 1 || 2016734 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit applet + obfuscated URL Apr 7 2013 1 || 2016735 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS GonDadEK Java Exploit Requested 1 || 2016736 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS GonDadEK Java Exploit Requested 1 || 2016737 || 11 || attempted-user || 0 || ET CURRENT_EVENTS GonDadEK Kit Jar || url,kahusecurity.com/2012/new-chinese-exploit-pack/ 1 || 2016738 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Citadel Infection or Config URL Request || url,malwaremustdie.blogspot.co.uk/2013/04/wireshark-analysis-of-citadel-trojan.html || url,seifreed.es/docs/Citadel%20Trojan%20Report_eng.pdf 1 || 2016739 || 2 || trojan-activity || 0 || ET TROJAN W32/Citadel File.php CnC POST || url,malwaremustdie.blogspot.co.uk/2013/04/wireshark-analysis-of-citadel-trojan.html || url,seifreed.es/docs/Citadel%20Trojan%20Report_eng.pdf 1 || 2016740 || 2 || trojan-activity || 0 || ET TROJAN W32/Citadel Content.php CnC POST || url,malwaremustdie.blogspot.co.uk/2013/04/wireshark-analysis-of-citadel-trojan.html || url,seifreed.es/docs/Citadel%20Trojan%20Report_eng.pdf 1 || 2016741 || 2 || trojan-activity || 0 || ET TROJAN W32/Citadel Pro File.php CnC POST || url,malwaremustdie.blogspot.co.uk/2013/04/wireshark-analysis-of-citadel-trojan.html || url,seifreed.es/docs/Citadel%20Trojan%20Report_eng.pdf 1 || 2016742 || 6 || trojan-activity || 0 || ET TROJAN Possible W32/Citadel Download From CnC Server Self Referenced /files/ attachment || url,malwaremustdie.blogspot.co.uk/2013/04/wireshark-analysis-of-citadel-trojan.html || url,seifreed.es/docs/Citadel%20Trojan%20Report_eng.pdf 1 || 2016743 || 2 || trojan-activity || 0 || ET TROJAN W32/Citadel Conf.bin Download From CnC Server || url,malwaremustdie.blogspot.co.uk/2013/04/wireshark-analysis-of-citadel-trojan.html || url,seifreed.es/docs/Citadel%20Trojan%20Report_eng.pdf 1 || 2016744 || 5 || trojan-activity || 0 || ET POLICY NSISDL Iplookup.php IPCheck 1 || 2016746 || 2 || trojan-activity || 0 || ET TROJAN W32/NSISDL.Downloader CnC Server Response 1 || 2016748 || 2 || trojan-activity || 0 || ET TROJAN RansomCrypt Intial Check-in 1 || 2016749 || 2 || trojan-activity || 0 || ET TROJAN RansomCrypt Getting Template 1 || 2016751 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit/Sakura applet + obfuscated URL Apr 10 2013 1 || 2016752 || 3 || trojan-activity || 0 || ET DELETED W32/Nymaim Checkin || md5,b904ce55532582a6ea516399d8e4b410 1 || 2016753 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Posting Plugin-Detect Data April 12 2013 1 || 2016754 || 2 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via myip.dnsomatic.com - Possible Infection 1 || 2016755 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 2 Landing Page (9) 1 || 2016756 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino EK Plugin-Detect April 12 2013 1 || 2016757 || 5 || trojan-activity || 0 || ET TROJAN W32/Nymaim Checkin (2) 1 || 2016758 || 4 || policy-violation || 0 || ET POLICY Bitcoin Mining Extensions Header 1 || 2016759 || 1 || trojan-activity || 0 || ET TROJAN Win32/Redyms.A Checkin 1 || 2016760 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - PHPShell - Comment 1 || 2016761 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - PHPShell - Haxplorer URI 1 || 2016762 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - PHPShell - PHPKonsole URI 1 || 2016763 || 6 || network-scan || 0 || ET SCAN Non-Malicious SSH/SSL Scanner on the run || url,pki.net.in.tum.de/node/21 || url,isc.sans.edu/diary/SSH%2bscans%2bfrom%2b188.95.234.6/15532 1 || 2016764 || 14 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO PDF Payload Download 1 || 2016765 || 2 || misc-activity || 0 || ET INFO PDF - Acrobat Enumeration - pdfobject.js 1 || 2016766 || 2 || misc-activity || 0 || ET INFO PDF - Acrobat Enumeration - var PDFObject 1 || 2016767 || 3 || bad-unknown || 0 || ET INFO EXE - SCR in PKZip Compressed Data Download 1 || 2016768 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Dorkbot.AR Join IRC channel || url,microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32/Dorkbot.AR || md5,7e76c7db8706511fc59508af4aef27fa 1 || 2016769 || 2 || trojan-activity || 0 || ET TROJAN Win32/Enchanim Check-in Response || md5,2642999a085443e9055b292c4d405e64 || md5,37066ed52cd7510bf04808c332599f1c || url,www.seculert.com/blog/2013/04/magic-persistent-threat.html 1 || 2016770 || 2 || trojan-activity || 0 || ET TROJAN Win32/Enchanim Process List Dump || md5,2642999a085443e9055b292c4d405e64 || md5,37066ed52cd7510bf04808c332599f1c || url,www.seculert.com/blog/2013/04/magic-persistent-threat.html 1 || 2016771 || 4 || trojan-activity || 0 || ET TROJAN Win32/Enchanim C2 Injection Download || md5,2642999a085443e9055b292c4d405e64 || md5,37066ed52cd7510bf04808c332599f1c || url,www.seculert.com/blog/2013/04/magic-persistent-threat.html 1 || 2016773 || 2 || trojan-activity || 0 || ET TROJAN Mutter Backdoor Checkin || url,fireeye.com/blog/technical/malware-research/2013/04/the-mutter-backdoor-operation-beebus-with-new-targets.html 1 || 2016774 || 2 || misc-activity || 0 || ET INFO Generic HTTP EXE Upload Inbound 1 || 2016775 || 2 || misc-activity || 0 || ET INFO Generic HTTP EXE Upload Outbound 1 || 2016776 || 3 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal Apr 18 2013 1 || 2016777 || 10 || bad-unknown || 0 || ET INFO HTTP Request to a *.pw domain 1 || 2016778 || 3 || bad-unknown || 0 || ET INFO DNS Query to a *.pw domain - Likely Hostile 1 || 2016779 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Fake DHL Kuluoz.B URI 1 || 2016780 || 4 || trojan-activity || 0 || ET MALWARE Adware.Win32/SProtector.A Client Checkin || md5,38f61d046e575971ed83c4f71accd132 1 || 2016781 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura obfuscated javascript Apr 21 2013 1 || 2016782 || 15 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (8) 1 || 2016784 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Fiesta - Payload - flashplayer11 1 || 2016785 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Java Exploit Recievied 1 || 2016786 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Payload Requested 1 || 2016787 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Payload Downloaded 1 || 2016788 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Possible Wordpress Super Cache Plugin PHP Injection mfunc 1 || 2016789 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Possible Wordpress Super Cache Plugin PHP Injection mclude 1 || 2016790 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Possible Wordpress Super Cache Plugin PHP Injection dynamic-cached-content 1 || 2016791 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Landing Page - Received 1 || 2016792 || 3 || attempted-user || 0 || ET WEB_SERVER Plesk Panel Possible HTTP_AUTH_LOGIN SQLi CVE-2012-1557 || cve,CVE-2012-1557 1 || 2016793 || 5 || trojan-activity || 0 || ET TROJAN Linux Backdoor Linux/Cdorked.A Redirect 1 || url,welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/ 1 || 2016794 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Possible Linux/Cdorked.A Incoming Command 1 || 2016795 || 4 || trojan-activity || 0 || ET TROJAN ET TROJAN TROJ_NAIKON.A SSL Cert || url,blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-campaign-hides-behind-ssl-communication/ 1 || 2016796 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html 1 || 2016797 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated Click To Run Bypass || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html 1 || 2016798 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java JNLP Requested 1 || 2016799 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Flash Exploit Requested 1 || 2016800 || 6 || misc-activity || 0 || ET TROJAN Medfos Connectivity Check 1 || 2016801 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear landing with obfuscated plugindetect Apr 29 2013 1 || 2016802 || 4 || misc-activity || 0 || ET INFO myobfuscate.com Encoded Script Calling home 1 || 2016803 || 4 || trojan-activity || 0 || ET TROJAN Known Sinkhole Response Header 1 || 2016804 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM - Java Exploit - jreg.jar 1 || 2016805 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK UAC Disable in Uncompressed JAR 1 || 2016806 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Tor2Web .onion Proxy Service SSL Cert (1) || url,uscyberlabs.com/blog/2013/04/30/tor-exploit-pak/ 1 || 2016807 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Eval With Base64.decode seen in DOL Watering Hole Attack 05/01/13 1 || 2016808 || 2 || trojan-activity || 0 || ET TROJAN Cookies/Cookiebag Checkin || md5,840BD11343D140916F45223BA05ABACB 1 || 2016809 || 5 || trojan-activity || 0 || ET TROJAN Win32/Urausy.C Checkin 3 || md5,09462f13d7e6aaa0bff2788158343829 || md5,b18f80d665f340af91003226a2b974b6 || md5,1494b8b9f42753a4bc1762d8f3287db6 1 || 2016810 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Tor2Web .onion Proxy Service SSL Cert (2) || url,uscyberlabs.com/blog/2013/04/30/tor-exploit-pak/ 1 || 2016811 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS - Possible Redkit 1-4 char JNLP request 1 || 2016812 || 4 || trojan-activity || 0 || ET TROJAN Greencat SSL Certificate 1 || 2016813 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS - Possible BlackHole request with decryption Base 1 || 2016814 || 4 || trojan-activity || 0 || ET TROJAN Linux Backdoor Linux/Cdorked.A Redirect 2 || url,welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/ 1 || 2016815 || 4 || trojan-activity || 0 || ET TROJAN Linux Backdoor Linux/Cdorked.A Redirect 3 || url,welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/ 1 || 2016816 || 3 || trojan-activity || 0 || ET TROJAN Variant.Zusy.45802 Checkin 1 || 2016817 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 2 || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html 1 || 2016818 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 3 || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html 1 || 2016819 || 5 || trojan-activity || 0 || ET TROJAN DEEP PANDA Checkin 1 || url,labs.alienvault.com/labs/index.php/2013/u-s-department-of-labor-website-hacked-and-redirecting-to-malicious-code/ || url,crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf 1 || 2016820 || 2 || trojan-activity || 0 || ET TROJAN DEEP PANDA Checkin 2 || url,labs.alienvault.com/labs/index.php/2013/u-s-department-of-labor-website-hacked-and-redirecting-to-malicious-code/ || url,crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf 1 || 2016821 || 3 || trojan-activity || 0 || ET TROJAN DEEP PANDA Checkin 3 || url,labs.alienvault.com/labs/index.php/2013/u-s-department-of-labor-website-hacked-and-redirecting-to-malicious-code/ || url,crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf 1 || 2016822 || 2 || attempted-user || 0 || ET WEB_CLIENT Possible CVE-2013-1347 IE 0-day used in DOL attack || cve,2013-1347 || url,labs.alienvault.com/labs/index.php/2013/u-s-department-of-labor-website-hacked-and-redirecting-to-malicious-code/ || url,technet.microsoft.com/en-us/security/advisory/2847140 1 || 2016823 || 4 || trojan-activity || 0 || ET TROJAN Suspicious Fake Opera 10 User-Agent || url,dev.opera.com/articles/view/opera-ua-string-changes || url,blog.avast.com/2013/05/03/regents-of-louisiana-spreading-sirefef-malware 1 || 2016824 || 3 || attempted-user || 0 || ET EXPLOIT Metasploit mstime_malloc no-spray || url,community.rapid7.com/community/metasploit/blog/2013/03/04/new-heap-spray-technique-for-metasploit-browser-exploitation 1 || 2016825 || 3 || misc-activity || 0 || ET INFO Suspicious Possible CollectGarbage in base64 1 1 || 2016826 || 3 || misc-activity || 0 || ET INFO Suspicious Possible CollectGarbage in base64 2 1 || 2016827 || 3 || misc-activity || 0 || ET INFO Suspicious Possible CollectGarbage in base64 3 1 || 2016828 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Requsting Payload 1 || 2016829 || 3 || trojan-activity || 0 || ET TROJAN Unknown Checkin 1 || 2016830 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Injection - var j=0 1 || 2016831 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CVE-2013-2423 IVKM PoC Seen in Unknown EK || url,weblog.ikvm.net/CommentView.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0 1 || 2016832 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS HellSpawn EK Requesting Jar 1 || 2016833 || 5 || attempted-user || 0 || ET CURRENT_EVENTS IE HTML+TIME ANIMATECOLOR with eval as seen in unknown EK || url,blog.exodusintel.com/2013/01/02/happy-new-year-analysis-of-cve-2012-4792/ 1 || 2016834 || 2 || trojan-activity || 0 || ET DELETED Unknown Trojan POST 1 || 2016835 || 2 || attempted-admin || 0 || ET EXPLOIT Exim/Dovecot Possible MAIL FROM Command Execution || url,redteam-pentesting.de/de/advisories/rt-sa-2013-001/-exim-with-dovecot-typical-misconfiguration-leads-to-remote-command-execution 1 || 2016836 || 3 || web-application-attack || 0 || ET WEB_SERVER ColdFusion password.properties access || url,cxsecurity.com/issue/WLB-2013050065 1 || 2016837 || 6 || trojan-activity || 0 || ET TROJAN Alina Checkin || url,blog.spiderlabs.com/2013/05/alina-shedding-some-light-on-this-malware-family.html 1 || 2016838 || 5 || trojan-activity || 0 || ET TROJAN Alina User-Agent(Alina) || url,blog.spiderlabs.com/2013/05/alina-shedding-some-light-on-this-malware-family.html 1 || 2016839 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit hex.zip Java Downloading Jar 1 || 2016840 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing 1 || 2016841 || 4 || web-application-attack || 0 || ET WEB_SERVER ColdFusion path disclosure to get the absolute path || url,www.exploit-db.com/exploits/25305/ 1 || 2016842 || 2 || web-application-attack || 0 || ET WEB_SERVER ColdFusion scheduletasks access || url,exploit-db.com/exploits/24946/ 1 || 2016843 || 2 || web-application-attack || 0 || ET WEB_SERVER ColdFusion scheduleedit access || url,exploit-db.com/exploits/24946/ 1 || 2016844 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Downloader.Win32.AutoIt.mj Checkin || url,threatexpert.com/report.aspx?md5=c4e923564c564163620959f23691cc26 || md5,4a77d3575845cf24b72400816d0b95c2 1 || 2016845 || 3 || policy-violation || 0 || ET WEB_SERVER HTTPing Usage Inbound || url,www.vanheusden.com/httping/ 1 || 2016846 || 4 || bad-unknown || 0 || ET INFO Possible Firefox Plugin install || url,research.zscaler.com/2012/09/how-to-install-silently-malicious.html 1 || 2016847 || 3 || bad-unknown || 0 || ET INFO Possible Chrome Plugin install || url,blogs.technet.com/b/mmpc/archive/2013/05/10/browser-extension-hijacks-facebook-profiles.aspx 1 || 2016848 || 12 || policy-violation || 0 || ET CURRENT_EVENTS BlackHole Java Exploit Artifact || url,vanheusden.com/httping/ 1 || 2016850 || 2 || trojan-activity || 0 || ET TROJAN Possible Linux/Cdorked.A CnC || url,code.google.com/p/malware-lu/wiki/en_malware_cdorked_A || url,welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/ 1 || 2016851 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Winwebsec/Zbot/Luder Checkin Response 1 || 2016852 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura obfuscated javascript May 10 2013 1 || 2016853 || 15 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Posting Plugin-Detect Data May 15 2013 1 || 2016854 || 3 || trojan-activity || 0 || ET TROJAN Embedded Android Dalvik Executable File With Fake Windows Executable Header - Possible AV Bypass Attempt || url,research.zscaler.com/2013/03/guess-who-am-i-pe-or-apk.html 1 || 2016855 || 2 || trojan-activity || 0 || ET TROJAN Embedded ZIP/APK File With Fake Windows Executable Header - Possible AV Bypass Attempt || url,research.zscaler.com/2013/03/guess-who-am-i-pe-or-apk.html 1 || 2016856 || 2 || policy-violation || 0 || ET POLICY Android Dalvik Executable File Download || url,source.android.com/tech/dalvik/dex-format.html 1 || 2016857 || 2 || trojan-activity || 0 || ET TROJAN W32/Pushdo CnC Server Fake JPEG Response || url,www.damballa.com/downloads/r_pubs/Damballa_mv20_case_study.pdf 1 || 2016858 || 9 || trojan-activity || 0 || ET TROJAN Generic - POST To .php w/Extended ASCII Characters 1 || 2016859 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM - Java Exploit - cee.jar 1 || 2016860 || 18 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing Page May 16 2013 1 || 2016861 || 2 || trojan-activity || 0 || ET TROJAN Hangover Campaign Keylogger Checkin || md5,023d82950ebec016cd4016d7a11be58d || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016862 || 3 || trojan-activity || 0 || ET TROJAN Hangover Campaign Keylogger 2 checkin || md5,0b38f87841ed347cc2a5ffa510a1c8f6 || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016863 || 2 || trojan-activity || 0 || ET TROJAN Trojan.Win32.VB.cefz Checkin || md5,0cace87b377a00df82839c659fc3adea || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016864 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Agent.bjjv Checkin || md5,06ba10a49c8cea32a51f0bbe8f5073f1 || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016865 || 2 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger.acqh User-Agent(EMSFRTCBVD) || md5,0e9e46d068fea834e12b2226cc8969fd || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016866 || 4 || trojan-activity || 0 || ET TROJAN Trojan-Spy.Win32.KeyLogger.acuj Checkin || md5,078d12eb9fc2b1665c0cc3001448b69b || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016867 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Pushdo.s Checkin 1 || 2016868 || 13 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino Plugin-Detect 2 May 20 2013 1 || 2016869 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Post Exploit Payload Download 1 || 2016870 || 8 || policy-violation || 0 || ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5. 1 || 2016871 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake Internet Explorer Version MSIE 4. 1 || 2016872 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake Internet Explorer Version MSIE 3. 1 || 2016873 || 5 || policy-violation || 0 || ET POLICY Unsupported/Fake Internet Explorer Version MSIE 2. 1 || 2016874 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake Internet Explorer Version MSIE 1. 1 || 2016875 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake FireFox Version 0. 1 || 2016876 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake FireFox Version 1. 1 || 2016877 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake FireFox Version 2. 1 || 2016878 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake Windows NT Version 4. 1 || 2016879 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake Windows NT Version 5.0 1 || 2016880 || 6 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 0 User-Agent 1 || 2016881 || 4 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(FMBVDFRESCT) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016882 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(DSMBVCTFRE) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016883 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(MBESCVDFRT) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016884 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(TCBFRVDEMS) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016885 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(DEMOMAKE) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016886 || 2 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(DEMO) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016887 || 5 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(UPHTTP) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016888 || 4 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(sendFile) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016889 || 5 || trojan-activity || 0 || ET DELETED TrojanSpy.KeyLogger Hangover Campaign User-Agent(wininetget/0.1) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016890 || 3 || trojan-activity || 0 || ET DELETED TrojanSpy.KeyLogger Hangover Campaign User-Agent(file) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016891 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(vbusers) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016892 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(folderwin) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016893 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(smaal) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016894 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(nento) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016895 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(bugmaal) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016896 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Requesting Payload 1 || 2016897 || 7 || trojan-activity || 0 || ET TROJAN Possible Win32/Gapz MSIE 9 on Windows NT 5 || url,windows.microsoft.com/en-us/internet-explorer/products/ie-9/system-requirements 1 || 2016898 || 6 || trojan-activity || 0 || ET INFO Suspicious MSIE 10 on Windows NT 5 1 || 2016899 || 4 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Registering Client || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi/ 1 || 2016900 || 5 || trojan-activity || 0 || ET DELETED Trojan.BlackRev Polling for DoS targets || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi/ 1 || 2016901 || 5 || trojan-activity || 0 || ET DELETED Trojan.BlackRev Download Executable || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi/ 1 || 2016902 || 5 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Download Executable || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi/ 1 || 2016903 || 4 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent (DownloadMR) || url,www.virustotal.com/en/file/93236b781e147e3ac983be1374a5f807fabd27ee2b92e6d99e293a6eb070ac2b/analysis/ || md5, 0da0d8e664f44400c19898b4c9e71456 1 || 2016904 || 3 || trojan-activity || 0 || ET USER_AGENTS User-Agent (ChilkatUpload) || url,chilkatsoft.com 1 || 2016905 || 3 || trojan-activity || 0 || ET MALWARE AdWare.MSIL.Solimba.b GET || url,virustotal.com/en/file/93236b781e147e3ac983be1374a5f807fabd27ee2b92e6d99e293a6eb070ac2b/analysis/ || md5, 0da0d8e664f44400c19898b4c9e71456 1 || 2016906 || 3 || trojan-activity || 0 || ET MALWARE AdWare.MSIL.Solimba.b POST || url,virustotal.com/en/file/93236b781e147e3ac983be1374a5f807fabd27ee2b92e6d99e293a6eb070ac2b/analysis/ || md5, 0da0d8e664f44400c19898b4c9e71456 1 || 2016907 || 5 || trojan-activity || 0 || ET TROJAN Trojan-Spy.Win32.Agent.byhm User-Agent (EMSCBVDFRT) 1 || 2016908 || 5 || trojan-activity || 0 || ET TROJAN Trojan.Win32.FresctSpy.A User-Agent (MBVDFRESCT) || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3AWin32%2FAgent.CZ 1 || 2016909 || 3 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Registration Rev3 || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi/ 1 || 2016910 || 3 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Get Command Rev3 || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi/ 1 || 2016911 || 3 || trojan-activity || 0 || ET TROJAN W32/Briba CnC POST Beacon || url,www.fireeye.com/blog/technical/cyber-exploits/2013/05/ready-for-summer-the-sunshop-campaign.html || url,citizenlab.org/wp-content/uploads/2012/09/IEXPL0RE_RAT.pdf || url,www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=PWS%3AWin32%2FBriba.A 1 || 2016912 || 4 || trojan-activity || 0 || ET TROJAN W32/KeyLogger.ACQH!tr Checkin || md5,eddce1a6c0cc0eb7b739cb758c516975 || md5,c0d9352ad82598362a426cd38a7ecf0e || url,www.fortiguard.com/av/VID4225990 || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf 1 || 2016913 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.Alsci/Dragon Eye RAT Checkin (sending user info) || url,www.threatexpert.com/report.aspx?md5=e7d9bc670d69ad8a6ad2784255324eec || url,www.threatexpert.com/report.aspx?md5=37207835e128516fe17af3dacc83a00c 1 || 2016914 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Antavmu.guw Checkin || md5,2b63ed542eb0e1a4547a2b6e91391dc0 || url,www.securelist.com/en/descriptions/16150989/Trojan.Win32.Antavmu.guw?print_mode=1 || url,www.threatexpert.com/report.aspx?md5=a80f33c94c44556caa2ef46cd5eb863c 1 || 2016915 || 4 || trojan-activity || 0 || ET MALWARE Suspicious User Agent Smart-RTP || url,www.threatexpert.com/report.aspx?md5=a80f33c94c44556caa2ef46cd5eb863c || url,www.drwebhk.com/en/virus_techinfo/Trojan.DownLoader8.25530.html || md5, 2b63ed542eb0e1a4547a2b6e91391dc0 1 || 2016916 || 3 || trojan-activity || 0 || ET MALWARE Suspicious User Agent Custom_56562_HttpClient/VER_STR_COMMA 1 || 2016917 || 2 || trojan-activity || 0 || ET MALWARE Adware pricepeep Adware.Shopper.297 || url,virustotal.com/en/file/1ea487b1507305f17a2cd2ab0dbcfac523419dbc27cde38e27cb5c4a8d3c9caf/analysis/ || url,lists.clean-mx.com/pipermail/viruswatch/20121222/037085.html || md5,0564e603f9ed646553933cb0d271f906 1 || 2016918 || 6 || attempted-admin || 0 || ET WEB_SERVER Possible NGINX Overflow CVE-2013-2028 Exploit Specific || url,www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/ || url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nginx_chunked_size.rb 1 || 2016919 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious Redirect URL 1 || 2016920 || 2 || attempted-admin || 0 || ET WEB_SERVER Apache Struts Possible xwork Disable Method Execution || url,struts.apache.org/development/2.x/docs/s2-013.html 1 || 2016921 || 5 || trojan-activity || 0 || ET INFO Suspicious Mozilla UA with no Space after colon 1 || 2016922 || 10 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || url,labs.alienvault.com/labs/index.php/2012/new-macontrol-variant-targeting-uyghur-users-the-windows-version-using-gh0st-rat/ || url,www.infowar-monitor.net/2009/09/tracking-ghostnet-investigating-a-cyber-espionage-network/ || url,blogs.rsa.com/will-gragido/lions-at-the-watering-hole-the-voho-affair/ || url,www.norman.com/about_norman/press_center/news_archive/2012/the_many_faces_of_gh0st_rat/en 1 || 2016923 || 13 || attempted-user || 0 || ET CURRENT_EVENTS KaiXin Exploit Kit Java Class 1 May 24 2013 || url,kahusecurity.com/2012/new-chinese-exploit-pack/ 1 || 2016924 || 11 || attempted-user || 0 || ET CURRENT_EVENTS KaiXin Exploit Kit Java Class 2 May 24 2013 || url,kahusecurity.com/2012/new-chinese-exploit-pack/ 1 || 2016925 || 2 || attempted-user || 0 || ET CURRENT_EVENTS KaiXin Exploit Landing Page 1 May 24 2013 || url,kahusecurity.com/2012/new-chinese-exploit-pack/ 1 || 2016926 || 2 || attempted-user || 0 || ET CURRENT_EVENTS KaiXin Exploit Landing Page 2 May 24 2013 || url,kahusecurity.com/2012/new-chinese-exploit-pack/ 1 || 2016927 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS HellSpawn EK Landing 1 May 24 2013 1 || 2016928 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HellSpawn EK Landing 2 May 24 2013 1 || 2016929 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS Possible HellSpawn EK Fake Flash May 24 2013 1 || 2016930 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible HellSpawn EK Java Artifact May 24 2013 1 || 2016931 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK JNLP request 1 || 2016932 || 2 || trojan-activity || 0 || ET TROJAN Spy/Infostealer.Win32.Embed.A Client Traffic || url,contagiodump.blogspot.no/2011/01/jan-6-cve-2010-3333-with-info-theft.html 1 || 2016933 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to Afraid.org Top 100 Dynamic DNS Domain May 28 2013 1 || 2016934 || 3 || trojan-activity || 0 || ET TROJAN W32/Safe User Agent Fantasia || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-safe-a-targeted-threat.pdf 1 || 2016935 || 2 || web-application-attack || 0 || ET WEB_SERVER SQL Injection Select Sleep Time Delay || url,pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet 1 || 2016936 || 2 || web-application-attack || 0 || ET WEB_SERVER SQL Injection Local File Access Attempt Using LOAD_FILE || url,dev.mysql.com/doc/refman/5.1/en/string-functions.html#function_load-file || url,pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet 1 || 2016937 || 3 || web-application-attack || 0 || ET WEB_SERVER SQL Injection List Priveleges Attempt || url,pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet 1 || 2016938 || 3 || trojan-activity || 0 || ET MALWARE Adware.Ezula Checkin || md5,dede600f1e78fd20e4515bea1f2bdf61 1 || 2016939 || 2 || trojan-activity || 0 || ET TROJAN Variant.Kazy.174106 Checkin || md5,ff7a263e89ff01415294470e1e52c010 1 || 2016940 || 3 || trojan-activity || 0 || ET TROJAN Vobfus Check-in 1 || 2016941 || 5 || trojan-activity || 0 || ET TROJAN W32/PolyCrypt.A Checkin || url,www.threatexpert.com/report.aspx?md5=44be7c6d4109ae5fb0ceb2824facf2dd 1 || 2016942 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Landing Page - Received May 29 2013 1 || 2016943 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Payload Requested 1 || 2016944 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP connection to net78.net Free Web Hosting (Used by Various Trojans) || url,www.net78.net 1 || 2016945 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura encrypted binary (2) 1 || 2016946 || 3 || trojan-activity || 0 || ET TROJAN Possible Win32.Bicololo Checkin || md5,252c95327ce556a21bdd7e9a322e206c || url,www.virusradar.com/Win32_Bicololo.A/description 1 || 2016947 || 2 || trojan-activity || 0 || ET TROJAN Win32.Bicololo Response 1 || md5,691bd07048b09c73f0a979529a66f6e3 1 || 2016948 || 2 || trojan-activity || 0 || ET TROJAN Win32.Bicololo Response 2 || md5,691bd07048b09c73f0a979529a66f6e3 1 || 2016949 || 3 || trojan-activity || 0 || ET TROJAN Possible Backdoor.Linux.Tsunami Outbound HTTP request || url,malwaremustdie.blogspot.jp/2013/05/story-of-unix-trojan-tsunami-ircbot-w.html 1 || 2016950 || 2 || trojan-activity || 0 || ET TROJAN Possible Win32/Hupigon ip.txt with a Non-Mozilla UA || md5,4d23395fcbab1dabef9afe6af81df558 1 || 2016951 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Trup.CX Checkin 1 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Agent.AAE 1 || 2016952 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS Probable Nuclear exploit kit landing page 1 || 2016953 || 3 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL Java Exec In URI 1 || 2016954 || 3 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL AllowStaticMethodAccess in client body 1 || 2016956 || 3 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL AllowStaticMethodAccess in URI || url,struts.apache.org/development/2.x/docs/s2-013.html 1 || 2016957 || 3 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL Java Exec in client body || url,struts.apache.org/development/2.x/docs/s2-013.html 1 || 2016958 || 3 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL Java WriteFile in client_body || url,struts.apache.org/development/2.x/docs/s2-013.html 1 || 2016959 || 3 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL Java WriteFile in URI || url,struts.apache.org/development/2.x/docs/s2-013.html 1 || 2016960 || 10 || trojan-activity || 0 || ET TROJAN System Progressive Detection FakeAV (AuthenticAMD) || md5,16d529fc48250571a9e667fb264c8497 1 || 2016961 || 11 || trojan-activity || 0 || ET TROJAN System Progressive Detection FakeAV (GenuineIntel) || md5,16d529fc48250571a9e667fb264c8497 1 || 2016962 || 2 || trojan-activity || 0 || ET DELETED Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 2 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 1 || 2016963 || 5 || trojan-activity || 0 || ET TROJAN Trojan.Win32/Mutopy.A Checkin || md5,2a0344bac492c65400eb944ac79ac3c3 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FMutopy.A&ThreatID=-2147312217 || url,blog.trendmicro.com/trendlabs-security-intelligence/header-spoofing-hides-malware-communication/ 1 || 2016964 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack Reporting Plugin Detect Data June 03 2013 1 || 2016965 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Metasploit Based Unknown EK Jar Download June 03 2013 1 || 2016966 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura obfuscated javascript Jun 1 2013 1 || 2016967 || 2 || trojan-activity || 0 || ET TROJAN W32/Symmi Remote File Injector Initial CnC Beacon || url,www.deependresearch.org/2013/05/under-this-rock-vulnerable.html 1 || 2016968 || 5 || trojan-activity || 0 || ET TROJAN Win32/Travnet.A Checkin || md5,d04a7f30c83290b86cac8d762dcc2df5 || md5,cb9cc50b18a7c91cf4a34c624b90db5d || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AWin32%2FTravnet.A || url,blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-sensitive-data || url,www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf 1 || 2016969 || 5 || trojan-activity || 0 || ET TROJAN Possible Win32/Travnet.A Internet Connection Check (microsoft.com) || md5,d04a7f30c83290b86cac8d762dcc2df5 || md5,cb9cc50b18a7c91cf4a34c624b90db5d || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AWin32%2FTravnet.A || url,blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-sensitive-data 1 || 2016970 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Karagany encrypted binary (3) 1 || 2016971 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 32-hex/a.php Landing Page/Java exploit URI 1 || 2016972 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 32-hex/a.php Jar Download 1 || 2016973 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16-hex/a.php Landing Page/Java exploit URI 1 || 2016974 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16-hex/a.php Jar Download 1 || 2016975 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino EK Landing URI Format 1 || 2016976 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (9) 1 || 2016977 || 3 || trojan-activity || 0 || ET WEB_SERVER allow_url_include PHP config option in uri || url,seclists.org/fulldisclosure/2013/Jun/21 1 || 2016978 || 3 || trojan-activity || 0 || ET WEB_SERVER safe_mode PHP config option in uri || url,seclists.org/fulldisclosure/2013/Jun/21 1 || 2016979 || 4 || trojan-activity || 0 || ET WEB_SERVER suhosin.simulation PHP config option in uri || url,seclists.org/fulldisclosure/2013/Jun/21 1 || 2016980 || 5 || trojan-activity || 0 || ET WEB_SERVER disable_functions PHP config option in uri || url,seclists.org/fulldisclosure/2013/Jun/21 1 || 2016981 || 4 || trojan-activity || 0 || ET WEB_SERVER open_basedir PHP config option in uri || url,seclists.org/fulldisclosure/2013/Jun/21 1 || 2016982 || 3 || trojan-activity || 0 || ET WEB_SERVER auto_prepend_file PHP config option in uri || url,seclists.org/fulldisclosure/2013/Jun/21 1 || 2016983 || 2 || trojan-activity || 0 || ET WEB_SERVER Access to /phppath/php Possible Plesk 0-day Exploit June 05 2013 || url,seclists.org/fulldisclosure/2013/Jun/21 1 || 2016984 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Initial Gate from Linked-In Mailing Campaign 1 || 2016985 || 2 || bad-unknown || 0 || ET INFO Executable Served From /tmp/ Directory - Malware Hosting Behaviour 1 || 2016986 || 2 || trojan-activity || 0 || ET TROJAN KeyBoy Backdoor Login || url,community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-tar geted-attacks-against-vietnam-and-india 1 || 2016987 || 2 || trojan-activity || 0 || ET TROJAN KeyBoy Backdoor SysInfo Response header || url,community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-tar geted-attacks-against-vietnam-and-india 1 || 2016988 || 3 || trojan-activity || 0 || ET TROJAN KeyBoy Backdoor File Manager Response Header || url,community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-tar geted-attacks-against-vietnam-and-india 1 || 2016989 || 2 || trojan-activity || 0 || ET TROJAN KeyBoy Backdoor File Download Response Header || url,community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-tar geted-attacks-against-vietnam-and-india 1 || 2016990 || 2 || trojan-activity || 0 || ET TROJAN KeyBoy Backdoor File Upload Response Header || url,community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-tar geted-attacks-against-vietnam-and-india 1 || 2016991 || 4 || trojan-activity || 0 || ET TROJAN Alina Server Response Code || url,blog.spiderlabs.com/2013/05/alina-shedding-some-light-on-this-malware-family.html || md5,7d6ec042a38d108899c8985ed7417e4a 1 || 2016992 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell Generic - *.tar.gz in POST body 1 || 2016993 || 3 || trojan-activity || 0 || ET TROJAN Connection to AnubisNetworks Sinkhole IP (Possible Infected Host) 1 || 2016994 || 2 || trojan-activity || 0 || ET TROJAN Connection to Georgia Tech Sinkhole IP (Possible Infected Host) 1 || 2016995 || 3 || trojan-activity || 0 || ET TROJAN Connection to 1&1 Sinkhole IP (Possible Infected Host) 1 || 2016996 || 2 || trojan-activity || 0 || ET TROJAN Connection to Zinkhole Sinkhole IP (Possible Infected Host) 1 || 2016997 || 2 || trojan-activity || 0 || ET TROJAN Connection to Dr Web Sinkhole IP(Possible Infected Host) 1 || 2016998 || 2 || trojan-activity || 0 || ET TROJAN Connection to Fitsec Sinkhole IP (Possible Infected Host) 1 || 2016999 || 3 || trojan-activity || 0 || ET TROJAN Connection to Microsoft Sinkhole IP (Possbile Infected Host) 1 || 2017000 || 3 || trojan-activity || 0 || ET TROJAN Connection to unallocated address space 1.1.1.0/24 1 || 2017001 || 2 || trojan-activity || 0 || ET TROJAN Connection to a cert.pl Sinkhole IP (Possible Infected Host) 1 || 2017002 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Kuluoz.B Shipping Label Spam Campaign 1 || 2017003 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Kuluoz.B Spam Campaign Shipment_Label.exe in Zip 1 || 2017004 || 4 || trojan-activity || 0 || ET TROJAN Win32/Tobfy.S || md5,ac03c5980e2019992b876798df2df9ab 1 || 2017005 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Possible Microsoft Office PNG overflow attempt invalid tEXt chunk length || cve,2013-1331 || url,blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx 1 || 2017006 || 5 || attempted-user || 0 || ET EXPLOIT CVE-2013-1331 Microsoft Office PNG Exploit plugin-detect script access || url,blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx 1 || 2017007 || 6 || attempted-user || 0 || ET EXPLOIT CVE-2013-1331 Microsoft Office PNG Exploit plugin-detect script access || url,blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx 1 || 2017008 || 5 || attempted-user || 0 || ET EXPLOIT CVE-2013-1331 Microsoft Office PNG Exploit Specific 1 || 2017009 || 5 || trojan-activity || 0 || ET TROJAN KimJongRAT cnc exe pull || url,malware.lu/Pro/RAP003_KimJongRAT-Stealer_Analysis.1.0.pdf 1 || 2017010 || 3 || bad-unknown || 0 || ET WEB_SERVER Possible SQLi xp_cmdshell POST body 1 || 2017011 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Glazunov EK Downloading Jar 1 || 2017012 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible 2012-1533 altjvm (jvm.dll) Requested Over WeBDAV || cve,2012-1533 1 || 2017013 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible 2012-1533 altjvm RCE via JNLP command injection || cve,2012-1533 1 || 2017014 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Landing (Payload Downloaded Via Dropbox) 1 || 2017015 || 6 || policy-violation || 0 || ET POLICY DropBox User Content Access over SSL || url,www.dropbox.com/help/201/en 1 || 2017016 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Jar 1 June 12 2013 1 || 2017017 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Jar 2 June 12 2013 1 || 2017018 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Jar 3 June 12 2013 1 || 2017019 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Dotka Chef EK .cache request 1 || 2017020 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS Dotka Chef EK exploit/payload URI request 1 || 2017021 || 5 || trojan-activity || 0 || ET TROJAN TripleNine RAT Checkin 1 || 2017022 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17 2013 1 || url,www.malwaresigs.com/2013/06/14/slight-change-in-flashpack-uri/ 1 || 2017023 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17 2013 2 || url,www.malwaresigs.com/2013/06/14/slight-change-in-flashpack-uri/ 1 || 2017024 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17 2013 3 || url,www.malwaresigs.com/2013/06/14/slight-change-in-flashpack-uri/ 1 || 2017025 || 3 || successful-user || 0 || ET ATTACK_RESPONSE Net User Command Response 1 || 2017026 || 2 || trojan-activity || 0 || ET TROJAN Unknown Webserver Backdoor || url,blog.sucuri.net/2013/06/apache-php-injection-to-javascript-files.html 1 || 2017027 || 2 || trojan-activity || 0 || ET TROJAN Unknown Webserver Backdoor Domain (google-analytcs) || url,blog.sucuri.net/2013/06/apache-php-injection-to-javascript-files.html 1 || 2017028 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS MALVERTISING Unknown_InIFRAME - RedTDS URI Structure 1 || 2017029 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_InIFRAME - URI Structure 1 || 2017030 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_InIFRAME - Redirect to /iniframe/ URI 1 || 2017031 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_InIFRAME - In Referrer 1 || 2017032 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS MALVERTISING Flash - URI - /loading?vkn= 1 || 2017034 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS NailedPack EK Landing June 18 2013 || url,www.basemont.com/june_2013_exploit_kit_2 1 || 2017035 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious Redirect June 18 2013 1 || 2017036 || 3 || trojan-activity || 0 || ET TROJAN Activity related to APT.Seinup Checkin 1 || url,fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html 1 || 2017037 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Javadoc API Redirect CVE-2013-1571 || cve,2013-1571 1 || 2017038 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit Jar Download June 20 2013 1 || 2017039 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS X20 EK Payload Download 1 || 2017040 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin Exploit Kit Landing URI Struct 1 || 2017041 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.7.x 1 || 2017042 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6 (Old) 1 || 2017043 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6 (New) 1 || 2017044 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6 (New) 1 || 2017045 || 3 || trojan-activity || 0 || ET TROJAN Possible Drive DDoS Check-in 1 || 2017046 || 3 || trojan-activity || 0 || ET TROJAN Drive Receiving GET DDoS instructions || url,ddos.arbornetworks.com/2013/06/dirtjumpers-ddos-engine-gets-a-tune-up-with-new-drive-variant/ 1 || 2017047 || 3 || trojan-activity || 0 || ET TROJAN Drive Receiving POST1 DDoS instructions || url,ddos.arbornetworks.com/2013/06/dirtjumpers-ddos-engine-gets-a-tune-up-with-new-drive-variant/ 1 || 2017048 || 3 || trojan-activity || 0 || ET TROJAN Drive Receiving POST2 DDoS instructions || url,ddos.arbornetworks.com/2013/06/dirtjumpers-ddos-engine-gets-a-tune-up-with-new-drive-variant/ 1 || 2017049 || 3 || trojan-activity || 0 || ET TROJAN Drive Receiving IP DDoS instructions || url,ddos.arbornetworks.com/2013/06/dirtjumpers-ddos-engine-gets-a-tune-up-with-new-drive-variant/ 1 || 2017050 || 4 || trojan-activity || 0 || ET TROJAN Drive Receiving IP2 DDoS instructions || url,ddos.arbornetworks.com/2013/06/dirtjumpers-ddos-engine-gets-a-tune-up-with-new-drive-variant/ 1 || 2017051 || 3 || trojan-activity || 0 || ET TROJAN Drive Receiving UDP DDoS instructions || url,ddos.arbornetworks.com/2013/06/dirtjumpers-ddos-engine-gets-a-tune-up-with-new-drive-variant/ 1 || 2017052 || 2 || trojan-activity || 0 || ET TROJAN Poison Ivy [victim beacon] 1 || 2017053 || 3 || trojan-activity || 0 || ET TROJAN Poison Ivy [server response] 1 || 2017054 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell Generic - ELF File Uploaded 1 || 2017055 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS AryaN IRC bot CnC1 1 || 2017056 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS AryaN IRC bot CnC2 1 || 2017057 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS AryaN IRC bot Download and Execute Scheduled file command 1 || 2017058 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS AryaN IRC bot Flood command 1 || 2017059 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS AryaN IRC bot Botkill command 1 || 2017060 || 3 || trojan-activity || 0 || ET EXPLOIT SolusVM 1.13.03 SQL injection 1 || 2017061 || 3 || trojan-activity || 0 || ET EXPLOIT SolusVM 1.13.03 Access to solusvmc-node setuid bin 1 || 2017063 || 3 || trojan-activity || 0 || ET EXPLOIT SolusVM WHMCS CURL Multi-part Boundary Issue || url,localhost.re/p/solusvm-whmcs-module-316-vulnerability 1 || 2017064 || 17 || trojan-activity || 0 || ET CURRENT_EVENTS Cool/BHEK Applet with Alpha-Numeric Encoded HTML entity 1 || 2017065 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Pony Loader default URI struct 1 || 2017066 || 7 || trojan-activity || 0 || ET TROJAN Win32/Comisproc Checkin || url,threatexpert.com/report.aspx?md5=9378ef5f2fb2e71e5eeed20f9f21d8dd || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Comisproc&ThreatID=-2147341910 || url,unixfreaxjp.blogspot.com.br/2012/11/ocjp-080-bootkitsoftbankbb.html 1 || 2017067 || 5 || trojan-activity || 0 || ET USER_AGENTS Suspicious user agent (Google page) 1 || 2017068 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino Exploit Kit Redirector To Landing Page || url,malwaremustdie.blogspot.co.uk/2013/06/knockin-on-neutrino-exploit-kits-door.html 1 || 2017069 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino Exploit Kit Clicker.php TDS || url,malwaremustdie.blogspot.co.uk/2013/06/knockin-on-neutrino-exploit-kits-door.html 1 || 2017070 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Applet tag in jjencode as (as seen in Dotka Chef EK) 1 || 2017071 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino Exploit Kit XOR decodeURIComponent 1 || 2017072 || 3 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal Jun 26 2013 1 || 2017073 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Cool Exploit Kit iframe with obfuscated Java version check Jun 26 2013 1 || 2017074 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload || bugtraq,57082 || cve,2012-6081 || url,packetstormsecurity.com/files/122079/moinmoin_twikidraw.rb.txt || url,exploit-db.com/exploits/25304/ 1 || 2017075 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange applet structure June 27 2013 1 || 2017076 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Variant Payload Download 1 || 2017077 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Redirect to DotkaChef EK Landing 1 || 2017078 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Lucky7 Java Exploit URI Struct June 28 2013 1 || 2017079 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sibhost Status Check GET Jul 01 2013 1 || 2017080 || 2 || policy-violation || 0 || ET INFO ClearTextAuth - HTTP - http_client_body contains pasa= 1 || 2017081 || 2 || policy-violation || 0 || ET INFO ClearTextAuth - HTTP - http_uri contains pasa= 1 || 2017082 || 2 || policy-violation || 0 || ET INFO ClearTextAuth - HTTP - http_client_body contains pasa form 1 || 2017083 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - GODSpy - GOD Hacker 1 || 2017084 || 3 || trojan-activity || 0 || ET WEB_SERVER WebShell - GODSpy - GODSpy title 1 || 2017085 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - GODSpy - Cookie 1 || 2017086 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - GODSpy - MySQL 1 || 2017087 || 3 || trojan-activity || 0 || ET WEB_SERVER WebShell - GODSpy - Auth Prompt 1 || 2017088 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - GODSPy - Auth Creds 1 || 2017089 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - Pouya - Pouya_Server Shell 1 || 2017090 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - Pouya - URI - raiz 1 || 2017091 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - Pouya - URI - action= 1 || 2017092 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack/FlashPack Jar Download Jul 01 2013 || url,www.malwaresigs.com/2013/06/14/slight-change-in-flashpack-uri/ 1 || 2017093 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack/FlashPack EXE Download Jul 01 2013 || url,www.malwaresigs.com/2013/06/14/slight-change-in-flashpack-uri/ 1 || 2017094 || 3 || attempted-admin || 0 || ET EXPLOIT IPMI Cipher 0 Authentication mode set || url,www.intel.com/content/dam/www/public/us/en/documents/product-briefs/second-gen-interface-spec-v2.pdf || url,community.rapid7.com/community/metasploit/blog/2013/06/23/a-penetration-testers-guide-to-ipmi 1 || 2017095 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar pipe.class 1 || 2017096 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar app.jar 1 || 2017097 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar cm2.jar 1 || 2017098 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Lucky7 EK Landing Encoded Plugin-Detect 1 || 2017099 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Lucky7 EK IE Exploit 1 || 2017100 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS /Styx EK - /jlnp.html || url,blogs.mcafee.com/mcafee-labs/styx-exploit-kit-takes-advantage-of-vulnerabilities 1 || 2017101 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS /Styx EK - /jovf.html || url,blogs.mcafee.com/mcafee-labs/styx-exploit-kit-takes-advantage-of-vulnerabilities 1 || 2017102 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS /Styx EK - /jorg.html || url,blogs.mcafee.com/mcafee-labs/styx-exploit-kit-takes-advantage-of-vulnerabilities 1 || 2017104 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino EK Landing URI Format July 04 2013 1 || 2017106 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing Applet Jul 05 2013 1 || 2017107 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FlashPlayerSetup.x86.exe pull || url,blog.avast.com/2013/07/03/fake-flash-player-installer 1 || 2017108 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FlashPlayerSetup.x86.exe checkin UA || url,blog.avast.com/2013/07/03/fake-flash-player-installer 1 || 2017109 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FlashPlayerSetup.x86.exe checkin response 2 || url,blog.avast.com/2013/07/03/fake-flash-player-installer 1 || 2017110 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange applet structure Jul 05 2013 1 || 2017111 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS VBulletin Backdoor CMD inbound || url,blog.sucuri.net/2013/07/vbulletin-infections-from-adabeupdate.html 1 || 2017112 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS VBulletin Backdoor C2 URI Structure || url,blog.sucuri.net/2013/07/vbulletin-infections-from-adabeupdate.html 1 || 2017113 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS VBulletin Backdoor C2 Domain || url,blog.sucuri.net/2013/07/vbulletin-infections-from-adabeupdate.html 1 || 2017114 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Styx iframe with obfuscated Java version check Jul 04 2013 1 || 2017115 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange applet July 08 2013 1 || 2017116 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing with Applet July 08 2013 1 || 2017117 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Cool Exploit Kit Plugin-Detect July 08 2013 1 || 2017118 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sibhost Zip as Applet Archive July 08 2013 1 || 2017119 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack Java Exploit Payload June 03 2013 1 || 2017122 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Adobe Flash Player update warning enticing clicks to malware payload 1 || 2017123 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Adobe Flash Player malware binary requested 1 || 2017124 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Redirection - Wordpress Injection 1 || 2017125 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Probable FlimKit Redirect July 10 2013 1 || 2017126 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing July 10 2013 1 || 2017127 || 2 || bad-unknown || 0 || ET INFO JJEncode Encoded Script 1 || 2017128 || 5 || trojan-activity || 0 || ET TROJAN Expiro Trojan Check-in 1 || 2017129 || 3 || attempted-user || 0 || ET WEB_CLIENT Potential Interent Explorer Use After Free CVE-2013-3163 || cve,2013-3163 || url,blogs.technet.com/b/srd/archive/2013/07/10/running-in-the-wild-not-for-so-long.aspx 1 || 2017130 || 2 || attempted-user || 0 || ET WEB_CLIENT Potential Interent Explorer Use After Free CVE-2013-3163 2 || cve,2013-3163 || url,blogs.technet.com/b/srd/archive/2013/07/10/running-in-the-wild-not-for-so-long.aspx 1 || 2017131 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Potential Interent Explorer Use After Free CVE-2013-3163 Exploit URI Struct 1 || url,blogs.technet.com/b/srd/archive/2013/07/10/running-in-the-wild-not-for-so-long.aspx 1 || 2017133 || 3 || attempted-user || 0 || ET WEB_CLIENT Microsoft Internet Explorer Use-After-Free CVE-2013-3163 || cve,2013-3163 1 || 2017134 || 4 || trojan-activity || 0 || ET WEB_SERVER WebShell - Generic - GIF Header With HTML Form 1 || 2017135 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS PHISH Remax - function Validate 1 || 2017136 || 3 || trojan-activity || 0 || ET MALWARE Adware.Gamevance.AV Checkin || url,virustotal.com/en/file/21e04ef285d9df2876bab83dd91a8bd78ecdf0d47a8e4693e2ec1924f642bfc8/analysis/ || md5,0134997dff945fbfe62f343bcba782bc 1 || 2017137 || 2 || trojan-activity || 0 || ET TROJAN Cryptmen FakAV page Title 1 || 2017138 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack - Java JNLP Requested 1 || 2017139 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DotkaChef JJencode Script URI Struct 1 || 2017140 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Blackhole EK Jar Download URI Struct 1 || 2017141 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole EK Plugin-Detect July 12 2013 1 || 2017142 || 2 || attempted-recon || 0 || ET SCAN Arachni Web Scan || url,www.arachni-scanner.com/ 1 || 2017143 || 3 || web-application-attack || 0 || ET WEB_SERVER CRLF Injection - Newline Characters in URL || url,www.owasp.org/index.php/CRLF_Injection 1 || 2017146 || 3 || web-application-attack || 0 || ET WEB_SERVER HTTP Request Smuggling Attempt - Double Content-Length Headers || url,www.owasp.org/index.php/HTTP_Request_Smuggling 1 || 2017147 || 2 || web-application-attack || 0 || ET WEB_SERVER HTTP Request Smuggling Attempt - Two Transfer-Encoding Values Specified || url,www.owasp.org/index.php/HTTP_Request_Smuggling 1 || 2017148 || 3 || successful-admin || 0 || ET ATTACK_RESPONSE Non-Local Burp Proxy Error || url,portswigger.net/burp/proxy.html 1 || 2017149 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Redirection - phpBB Injection 1 || 2017150 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS Cool PDF July 15 2013 1 || 2017151 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS Styx PDF July 15 2013 1 || 2017152 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Jar URI Struct 1 || 2017153 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit JNLP URI Struct 1 || 2017154 || 2 || attempted-dos || 0 || ET DOS Squid-3.3.5 DoS 1 || 2017155 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect || url,struts.apache.org/release/2.3.x/docs/s2-016.html 1 || 2017156 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirectAction || url,struts.apache.org/release/2.3.x/docs/s2-016.html 1 || 2017157 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 action || url,struts.apache.org/release/2.3.x/docs/s2-016.html 1 || 2017161 || 1 || attempted-recon || 0 || ET SCAN SipCLI VOIP Scan - TCP || url,www.yasinkaplan.com/SipCli/ 1 || 2017162 || 2 || attempted-recon || 0 || ET SCAN SipCLI VOIP Scan || url,www.yasinkaplan.com/SipCli/ 1 || 2017163 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE signed-unsigned integer mismatch code-verification bypass || url,sophos.com/2013/07/17/anatomy-of-another-android-hole-chinese-researchers-claim-new-code-verification-bypass/ 1 || 2017164 || 4 || trojan-activity || 0 || ET DELETED BlackHole EK Non-standard base64 Key 1 || 2017165 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS JS Browser Based Ransomware || url,blog.malwarebytes.org/intelligence/2013/07/fbi-ransomware-now-targeting-apples-mac-os-x-users/ || url,www.f-secure.com/weblog/archives/00002577.html 1 || 2017166 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sibhost Zip as Applet Archive July 08 2013 1 || 2017167 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS X20 EK Landing July 22 2013 1 || 2017168 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing 07/22/13 1 || 2017169 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing 07/22/13 2 1 || 2017170 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing 07/22/13 3 1 || 2017171 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing 07/22/13 4 1 || 2017172 || 4 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL Java ProcessBuilder URI 1 || 2017173 || 4 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL Java ProcessBuilder in client body || url,struts.apache.org/development/2.x/docs/s2-013.html 1 || 2017174 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect || url,struts.apache.org/release/2.3.x/docs/s2-016.html 1 || 2017175 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirectAction || url,struts.apache.org/release/2.3.x/docs/s2-016.html 1 || 2017176 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 action || url,struts.apache.org/release/2.3.x/docs/s2-016.html 1 || 2017177 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Rawin - Landing Page Received 1 || 2017178 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Rawin - Java Exploit -dubspace.jar 1 || 2017179 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Payload Download 1 || 2017180 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Payload Download 2 1 || 2017181 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Sibhost/FlimKit/Glazunov Jar with lowercase class names 1 || 2017182 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Possible CritXPack - Landing Page - jnlp_embedded 1 || 2017183 || 3 || trojan-activity || 0 || ET WEB_SERVER WebShell ASPXShell - Title 1 || 2017184 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Inbound) 1 1 || 2017185 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Inbound) 2 1 || 2017186 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Inbound) 3 1 || 2017187 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 1 1 || 2017188 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 2 1 || 2017189 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 3 1 || 2017190 || 5 || trojan-activity || 0 || ET TROJAN Win32/Kelihos.F exe Download 2 || md5,1303188d039076998b170fffe48e4cc0 1 || 2017191 || 3 || trojan-activity || 0 || ET TROJAN Win32/Kelihos.F Checkin || md5,00db349caf2eefc3be5ee30b8b8947a2 1 || 2017192 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response Octal (Outbound) 1 || 2017193 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response Hex (Outbound) 1 || 2017194 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response Octal (Inbound) 1 || 2017195 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response Hex (Inbound) 1 || 2017196 || 4 || trojan-activity || 0 || ET MALWARE Crossrider Spyware Checkin 1 || 2017197 || 3 || bad-unknown || 0 || ET INFO JNLP embedded file 1 || 2017198 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Reversed Embedded JNLP Observed in Sakura/Blackhole Landing 1 || 2017199 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Java UA Requesting Numeric.ext From Base Dir (Observed in Redkit/Sakura) 1 || 2017200 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sakura Jar Download 1 || 2017201 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 (Reversed) || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html 1 || 2017202 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated Click To Run Bypass (Reversed) || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html 1 || 2017203 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 2 (Reversed) || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html 1 || 2017204 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 3 (Reversed) || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html 1 || 2017205 || 2 || attempted-user || 0 || ET EXPLOIT Wscript Shell Run Attempt - Likely Hostile 1 || 2017206 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 1 1 || 2017207 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 2 1 || 2017208 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 3 1 || 2017209 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 4 1 || 2017210 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 5 1 || 2017211 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 6 1 || 2017212 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 1 1 || 2017213 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 2 1 || 2017214 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 3 1 || 2017215 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 4 1 || 2017216 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 5 1 || 2017217 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 6 1 || 2017218 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 7 1 || 2017219 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 7 1 || 2017220 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 1 1 || 2017221 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 2 1 || 2017222 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 3 1 || 2017223 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 4 1 || 2017224 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 5 1 || 2017225 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 6 1 || 2017226 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 7 1 || 2017227 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 8 1 || 2017228 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 9 1 || 2017229 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 10 1 || 2017230 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 11 1 || 2017231 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 12 1 || 2017232 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 13 1 || 2017233 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 1 1 || 2017234 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 2 1 || 2017235 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 3 1 || 2017236 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 4 1 || 2017237 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 5 1 || 2017238 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 6 1 || 2017239 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 7 1 || 2017240 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 8 1 || 2017241 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 9 1 || 2017242 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 10 1 || 2017243 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 11 1 || 2017244 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 12 1 || 2017245 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 13 1 || 2017246 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 4 1 || 2017247 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Inbound) 4 1 || 2017248 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS PluginDetect plus Java version check 1 || 2017249 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS %Hex Encoded Applet (Observed in Sakura) 1 || 2017250 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in Sakura) 1 || 2017251 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS %Hex Encoded applet_ssv_validated (Observed in Sakura) 1 || 2017252 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS %Hex Encoded/base64 1 applet_ssv_validated (Observed in Sakura) 1 || 2017253 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS %Hex Encoded/base64 2 applet_ssv_validated (Observed in Sakura) 1 || 2017254 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS %Hex Encoded/base64 3 applet_ssv_validated (Observed in Sakura) 1 || 2017257 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake FedEX/Pony spam campaign URI Struct 2 1 || 2017258 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Fake FedEX/Pony spam campaign URI Struct 1 || 2017259 || 11 || trojan-activity || 0 || ET TROJAN Generic - POST To .php w/Extended ASCII Characters 1 || 2017260 || 11 || trojan-activity || 0 || ET WEB_SERVER WebShell Generic - ASP File Uploaded 1 || 2017261 || 2 || trojan-activity || 0 || ET TROJAN TrojanDownloader.Win32/Dofoil.U Trojan Checkin 1 || 2017262 || 5 || trojan-activity || 0 || ET TROJAN Comfoo Checkin || url,www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/ 1 || 2017263 || 2 || trojan-activity || 0 || ET TROJAN StealRat Checkin 1 || 2017264 || 2 || trojan-activity || 0 || ET TROJAN CBReplay Checkin 1 || 2017265 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Non-standard base64 Key 1 || 2017266 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino EK Landing URI Format Sep 30 2013 1 || 2017267 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Exploit Download Sep 30 2013 1 || 2017268 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Payload Download Sep 30 2013 1 || 2017269 || 2 || trojan-activity || 0 || ET TROJAN CBReplay.P Ransomware 1 || 2017270 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Payload Aug 02 2013 || url,malwaremustdie.blogspot.co.uk/2013/02/the-infection-of-styx-exploit-kit.html 1 || 2017271 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Plugin-Detect with global % replace on unescaped string (Sakura) 1 || 2017272 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin EK Java (Old) /golem.jar 1 || 2017273 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin EK Java 1.7 /caramel.jar 1 || 2017274 || 2 || trojan-activity || 0 || ET TROJAN W32/StealRat.SpamBot Configuration File Request || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-stealrat.pdf 1 || 2017275 || 2 || trojan-activity || 0 || ET TROJAN W32/StealRat.SpamBot CnC Server Configuration File Response || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-stealrat.pdf 1 || 2017276 || 2 || trojan-activity || 0 || ET TROJAN W32/StealRat.SpamBot Email Template Request || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-stealrat.pdf 1 || 2017277 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL in Dynamic Action || cve,2013-2135 || bugtraq,60345 || url,cwiki.apache.org/confluence/display/WW/S2-015 1 || 2017278 || 2 || web-application-attack || 0 || ET WEB_SERVER Possible Apache Struts OGNL Expression Injection || cve,2013-2135 || bugtraq,60345 || url,cwiki.apache.org/confluence/display/WW/S2-015 1 || 2017279 || 3 || trojan-activity || 0 || ET TROJAN Win32.Rovnix.I Checkin || md5,605daaa9662b82c0d5982ad3a742d2e7 1 || 2017280 || 3 || trojan-activity || 0 || ET WEB_SERVER Possible OpenX Backdoor Backdoor Access POST to flowplayer || url,blog.sucuri.net/2013/08/openx-org-compromised-and-downloads-injected-with-a-backdoor.html 1 || 2017281 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Ransom.Win32.Blocker.bjat 1 || 2017282 || 3 || trojan-activity || 0 || ET INFO Microsoft Script Encoder Encoded File 1 || 2017283 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - net user - PRIVMSG Command 1 || 2017284 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - net localgroup - PRIVMSG Command 1 || 2017285 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - net add PRIVMSG Command 1 || 2017286 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - netsh - PRIVMSG Command 1 || 2017287 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - ipconfig - PRIVMSG Command 1 || 2017288 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - reg - PRIVMSG Command 1 || 2017289 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - The command completed successfully - PRIVMSG Response 1 || 2017290 || 3 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - PRIVMSG Response - Directory Listing 1 || 2017291 || 5 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - PRIVMSG Response - net command output 1 || 2017292 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - PRIVMSG Response - ipconfig command output 1 || 2017293 || 2 || bad-unknown || 0 || ET WEB_SERVER - EXE File Uploaded - Hex Encoded 1 || 2017294 || 3 || misc-activity || 0 || ET INFO Adobe PKG Download Flowbit Set 1 || 2017295 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Styx iframe with obfuscated Java version check Jul 04 2013 1 || 2017296 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CritX/SafePack/FlashPack Jar Download 1 || 2017297 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CritX/SafePack/FlashPack EXE Download 1 || 2017298 || 3 || attempted-user || 0 || ET WEB_CLIENT Possible Firefox CVE-2013-1690 || cve,2013-1690 1 || 2017299 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS X20 EK Download Aug 07 2013 1 || 2017300 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin -TDS - POST w/Java Version 1 || 2017301 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Trojan Dropper purporting to be missing application page landing 1 || 2017302 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Trojan Dropper purporting to be missing application - findloader 1 || 2017303 || 5 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - PRIVMSG Response - Directory Listing *nix 1 || 2017305 || 3 || trojan-activity || 0 || ET TROJAN Win32/Cridex Checkin || md5,94e496decf90c4ba2fb3e7113a081726 1 || 2017306 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS 0f2490 Hacked Site Response (Inbound) 1 || 2017307 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS 0f2490 Hacked Site Response (Outbound) 1 || 2017308 || 3 || trojan-activity || 0 || ET TROJAN W32/PornoAsset.Ransomware CnC Checkin || url,anubis.iseclab.org/?action=result&task_id=19e3b6cbfdf8d6bd429ecc75ed016fb91 || url,blog.avast.com/2013/11/21/ransomware-annoys-its-victims-by-displaying-child-pornography-pictures/#more-20393 || url,blog.avast.com/2013/10/24/what-to-do-if-your-computer-is-attacked-by-ransomware/ 1 || 2017309 || 3 || trojan-activity || 0 || ET TROJAN FortDisco Reporting Status || url,www.arbornetworks.com/asert/2013/08/fort-disco-bruteforce-campaign/ || md5,722a1809bd4fd75743083f3577e1e6a4 1 || 2017310 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible FortDisco Wordpress Brute-force Site list download 10+ wp-login.php || url,www.arbornetworks.com/asert/2013/08/fort-disco-bruteforce-campaign/ || md5,722a1809bd4fd75743083f3577e1e6a4 1 || 2017311 || 3 || trojan-activity || 0 || ET TROJAN Possible FortDisco Reporting Hacked Accounts || url,www.arbornetworks.com/asert/2013/08/fort-disco-bruteforce-campaign/ 1 || 2017312 || 4 || trojan-activity || 0 || ET TROJAN Win32/Pift DNS TXT CnC Lookup ppidn.net || url,kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23873/en_US/McAfee%20Labs%20Threat%20Advisory-W32-Pift.pdf || md5,d3c6af8284276b11c2f693c1195b4735 1 || 2017313 || 3 || trojan-activity || 0 || ET TROJAN China Chopper Command Struct || url,www.fireeye.com/blog/technical/botnet-activities-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html 1 || 2017314 || 2 || trojan-activity || 0 || ET TROJAN PRISM Backdoor 1 || 2017315 || 2 || trojan-activity || 0 || ET TROJAN Unknown Covert Channel (VERSONEX and Mr.Black) 1 || 2017317 || 2 || trojan-activity || 0 || ET ATTACK_RESPONSE python shell spawn attempt 1 || 2017318 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS IRC - PRIVMSG *.(exe|tar|tgz|zip) download command 1 || 2017319 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and 3 Letter Country Code 1 || 2017321 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and Possible Windows XP/7 1 || 2017322 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and Win 1 || 2017323 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and -PC 1 || 2017324 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit obfuscated hex-encoded jnlp_embedded Aug 08 2013 1 || 2017325 || 4 || trojan-activity || 0 || ET TROJAN Yayih.A Checkin 2 || md5,832f5e01be536da71d5b3f7e41938cfb || url,fireeye.com/blog/technical/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html 1 || 2017326 || 2 || trojan-activity || 0 || ET TROJAN Yayih.A Checkin 3 || md5,832f5e01be536da71d5b3f7e41938cfb || url,fireeye.com/blog/technical/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html 1 || 2017327 || 2 || attempted-user || 0 || ET WEB_SERVER Joomla Upload File Filter Bypass 1 || 2017328 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK setSecurityManager hex August 14 2013 || url,piratebrowser.com 1 || 2017329 || 2 || policy-violation || 0 || ET POLICY Pirate Browser Download || url,piratebrowser.com 1 || 2017330 || 2 || attempted-admin || 0 || ET WEB_SERVER SQLi - SELECT and sysobject 1 || 2017333 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Styx EK - /jvvn.html 1 || 2017334 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Reassigned Eval Function 1 1 || 2017335 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Reassigned Eval Function 2 1 || 2017336 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Reassigned Eval Function 3 1 || 2017337 || 2 || attempted-user || 0 || ET WEB_SERVER ATTACKER SQLi - SELECT and Schema Columns 1 || 2017340 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Shrift.php Microsoft OpenType Font Exploit Request || cve,2011-3402 1 || 2017341 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Microsoft OpenType Font Exploit || cve,2011-3402 1 || 2017342 || 3 || bad-unknown || 0 || ET INFO Iframe For IP Address Site 1 || 2017343 || 2 || trojan-activity || 0 || ET TROJAN W32/Spy.KeyLogger.OCI CnC Checkin || url,www.virusradar.com/en/Win32_Spy.KeyLogger.OCI/description || url,www.virustotal.com/en/file/ec19e12e5dafc7aafaa0f582cd714ee5aa3615b89fe2f36f7851d96ec55e3344/analysis/ 1 || 2017344 || 3 || trojan-activity || 0 || ET TROJAN Proxychecker Lookup || url,www.virustotal.com/en/file/ec19e12e5dafc7aafaa0f582cd714ee5aa3615b89fe2f36f7851d96ec55e3344/analysis 1 || 2017345 || 4 || shellcode-detect || 0 || ET SHELLCODE Possible UTF-16 u9090 NOP SLED || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.windowsecurity.com/articles/Obfuscated-Shellcode-Part1.html 1 || 2017346 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole/Cool obfuscated plugindetect in charcodes w/o sep Jul 10 2013 1 || 2017347 || 4 || trojan-activity || 0 || ET TROJAN Trojan Related Lame Updater User-Agent 1 || 2017348 || 5 || trojan-activity || 0 || ET USER_AGENTS Trojan.Win32.VBKrypt.cugq Checkin || url,www.securelist.com/en/descriptions/10316591/Trojan.Win32.VBKrypt.cugq || url,www.mcafee.com/threat-intelligence/malware/default.aspx?id=456326 || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-RDK/detailed-analysis.aspx || md5,79e24434a74a985e1c64925fd0ac4b28 1 || 2017349 || 3 || trojan-activity || 0 || ET TROJAN Win32.Troj.Cidox Checkin || md5,0ce7f9dde5c273d7e71c9f1301fe505d 1 || 2017350 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.admin@388 Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf 1 || 2017351 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.th3bug Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf 1 || 2017352 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.keaidestone Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf 1 || 2017353 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.suzuki Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf 1 || 2017354 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.happyyongzi Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf 1 || 2017355 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.key@123 Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf 1 || 2017356 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.gwx@123 Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf 1 || 2017357 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.wwwst@Admin Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf 1 || 2017358 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.xiaoxiaohuli Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf 1 || 2017359 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.smallfish Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf 1 || 2017360 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.XGstone Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf 1 || 2017361 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.fishplay Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf 1 || 2017362 || 2 || trojan-activity || 0 || ET TROJAN Win32/Napolar.A Getting URL || md5,9a8cee88d7440f25be8404b71cb584de || md5,b70f8d0afa82c222f55f7a18d2ad0b81 1 || 2017363 || 2 || bad-unknown || 0 || ET INFO InetSim Response from External Source Possible SinkHole 1 || 2017364 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole obfuscated base64 key string 1 || 2017365 || 8 || bad-unknown || 0 || ET TROJAN SUSPICIOUS UA (iexplore) || md5,b0e8ce16c42dee20d2c1dfb1b87b3afc 1 || 2017366 || 2 || attempted-user || 0 || ET WEB_SERVER Coldfusion 9 Auth Bypass CVE-2013-0632 || url,www.exploit-db.com/exploits/27755/ || cve,2013-0632 1 || 2017367 || 2 || trojan-activity || 0 || ET TROJAN Possible Win32/Napolar.A URL Response || md5,9a8cee88d7440f25be8404b71cb584de || md5,b70f8d0afa82c222f55f7a18d2ad0b81 1 || 2017368 || 2 || trojan-activity || 0 || ET TROJAN Possible Avatar RootKit Yahoo Group Search || md5,7b6409fc32c70908a9468eaac845bdaa || md5,b647a4af77b2fad3f40c6769c22ebf74 || url,www.welivesecurity.com/2013/08/20/avatar-rootkit-the-continuing-saga/ 1 || 2017369 || 2 || trojan-activity || 0 || ET TROJAN Bitcoin variant Checkin || url,blog.avast.com/2013/08/01/malicious-bitcoin-miners-target-czech-republic/ || md5,15cb65409f9b935cfdff72c22c358e34 1 || 2017370 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS AutoIT C&C Check-In 2013-08-23 URL || url,malwr.com/analysis/MWM3NDA2NTdhM2U4NGE0NjgwY2IzN2Y3ZDk4ZTcyMmM/ 1 || 2017371 || 10 || trojan-activity || 0 || ET TROJAN Win32/Neurevt.A checkin || md5,c447d364a9dad369ff07dcc14f5fbefb || md5,a0a66dfbdf1ce76782ba20a07a052976 1 || 2017372 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing with Applet Aug 26 2013 1 || 2017373 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CookieBomb Generic JavaScript Format 1 || 2017374 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS CookieBomb Generic PHP Format 1 || 2017375 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS CookieBomb Generic HTML Format 1 || 2017376 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Possible BHEK Landing URI Format 1 || 2017377 || 2 || trojan-activity || 0 || ET TROJAN Win64/Vabushky.A Malicious driver download || url,welivesecurity.com/2013/08/27/the-powerloader-64-bit-update-based-on-leaked-exploits/ 1 || 2017378 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool get command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/ 1 || 2017379 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool long command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/ 1 || 2017380 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool smart command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/ 1 || 2017381 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool post1 command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/ 1 || 2017382 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool post2 command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/ 1 || 2017383 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool byte command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/ 1 || 2017384 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool byte command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/ 1 || 2017385 || 2 || trojan-activity || 0 || ET TROJAN Trojan.Dirtjump Checkin || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/ || md5,50a538221e015d77cf4794ae78978ce2 1 || 2017386 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible APT-12 Related C2 || url,community.rapid7.com/community/infosec/blog/2013/08/26/upcoming-g20-summit-fuels-espionage-operations 1 || 2017387 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Landing Aug 27 2013 1 || 2017388 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sweet Orange Payload Download Aug 28 2013 1 || 2017389 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - ASPyder - Auth Creds 1 || 2017390 || 3 || trojan-activity || 0 || ET WEB_SERVER WebShell - ASPyder - File Browser - Interface 1 || 2017391 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - ASPyder - Auth Prompt 1 || 2017392 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - ASPyder - File Browser - POST Structure 1 || 2017393 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - ASPyder -File Upload - POST Structure 1 || 2017394 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - ASPyder - File Upload - Response 1 || 2017395 || 3 || trojan-activity || 0 || ET TROJAN Likely Bot Nick in IRC ([country|so version|CPU]) 1 || 2017396 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Landing Aug 29 2013 1 || 2017397 || 2 || bad-unknown || 0 || ET DOS Apple CoreText Exploit Specific string || url,techcrunch.com/2013/08/29/bug-in-apples-coretext-allows-specific-string-of-characters-to-crash-ios-6-os-x-10-8-apps/ 1 || 2017398 || 2 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via icanhazip.com - Possible Infection 1 || 2017399 || 7 || trojan-activity || 0 || ET WEB_SERVER WebShell Generic eval of base64_decode 1 || 2017400 || 7 || trojan-activity || 0 || ET WEB_SERVER WebShell Generic eval of gzinflate 1 || 2017401 || 7 || trojan-activity || 0 || ET WEB_SERVER WebShell Generic eval of str_rot13 1 || 2017402 || 7 || trojan-activity || 0 || ET WEB_SERVER WebShell Generic eval of gzuncompress 1 || 2017403 || 7 || trojan-activity || 0 || ET WEB_SERVER WebShell Generic eval of convert_uudecode 1 || 2017404 || 3 || trojan-activity || 0 || ET WORM W32/Njw0rm CnC Beacon || url,www.fireeye.com/blog/technical/malware-research/2013/08/njw0rm-brother-from-the-same-mother.html || md5,4c60493b14c666c56db163203e819272 || md5,b0e1d20accd9a2ed29cdacb803e4a89d 1 || 2017405 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing with Applet Aug 30 2013 1 || 2017406 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin EK Java /victoria.jar 1 || 2017407 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura Landing with Applet Aug 30 2013 1 || 2017408 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS GondadEK Landing Sept 03 2013 || url,www.kahusecurity.com/2013/deobfuscating-the-ck-exploit-kit 1 || 2017409 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible MHTML CVE-2012-0158 Vulnerable CLSID+b64 Office Doc Magic 1 || url,www.antiy.net/wp-content/uploads/The-Latest-APT-Attack-by-Exploiting-CVE2012-0158-Vulnerability.pdf || url,contagiodump.blogspot.com/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html 1 || 2017410 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible MHTML CVE-2012-0158 Vulnerable CLSID+b64 Office Doc Magic 2 || url,www.antiy.net/wp-content/uploads/The-Latest-APT-Attack-by-Exploiting-CVE2012-0158-Vulnerability.pdf || url,contagiodump.blogspot.com/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html 1 || 2017411 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible MHTML CVE-2012-0158 Vulnerable CLSID+b64 Office Doc Magic 3 || url,www.antiy.net/wp-content/uploads/The-Latest-APT-Attack-by-Exploiting-CVE2012-0158-Vulnerability.pdf || url,contagiodump.blogspot.com/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html 1 || 2017412 || 7 || trojan-activity || 0 || ET TROJAN Gh0st_Apple Checkin || url,contagiodump.blogspot.com.br/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html || md5,f4d4076dff760eb92e4ae559c2dc4525 1 || 2017413 || 2 || trojan-activity || 0 || ET TROJAN NJRat-backdoor Checkin || url,contagiodump.blogspot.com.br/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html 1 || 2017414 || 3 || trojan-activity || 0 || ET DELETED Unknown Malware CnC response with exe file || url,contagiodump.blogspot.com.br/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html 1 || 2017415 || 4 || trojan-activity || 0 || ET DELETED Taidoor Checkin || url,contagiodump.blogspot.com.br/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html 1 || 2017416 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Variant PDF Download 1 || 2017417 || 8 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Keep-Alive (INBOUND) || md5,0ae2261385c482d55519be9b0e4afef3 || url,anubis.iseclab.org/?action=result&task_id=1043e1f5f61319b944d51d0d6d7e23f2e || md5,41a0a4c0831dbcbbfd877c7d37b671e0 || url,blog.fireeye.com/research/2012/09/the-story-behind-backdoorlv.html 1 || 2017418 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Keep-Alive (OUTBOUND) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017419 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Checkin || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017420 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (File Manager) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017421 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command Response (File Manager) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017422 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Remote Desktop) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017423 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command Response (Remote Desktop) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017424 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Remote Cam) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017425 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command Response (Remote Cam) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017426 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Remote Shell) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017427 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command Response (Process listing) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017428 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Kill Process) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017429 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Registry) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017430 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Keylogger) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017431 || 3 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Get Passwords) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017432 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command Response (Get Passwords) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html 1 || 2017433 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura EK Landing Sep 06 2013 1 || 2017434 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Bleeding EK Variant Landing Sep 06 2013 1 || 2017435 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Bleeding EK Variant Landing JAR Sep 06 2013 1 || 2017436 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP SERVER SuperGlobal in URI || url,imperva.com/download.asp?id=421 1 || 2017437 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP GET SuperGlobal in URI || url,imperva.com/download.asp?id=421 1 || 2017438 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP POST SuperGlobal in URI || url,imperva.com/download.asp?id=421 1 || 2017439 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP COOKIE SuperGlobal in URI || url,imperva.com/download.asp?id=421 1 || 2017440 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP SESSION SuperGlobal in URI || url,imperva.com/download.asp?id=421 1 || 2017441 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP REQUEST SuperGlobal in URI || url,imperva.com/download.asp?id=421 1 || 2017442 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP ENV SuperGlobal in URI || url,imperva.com/download.asp?id=421 1 || 2017443 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP SERVER SuperGlobal in POST || url,imperva.com/download.asp?id=421 1 || 2017444 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP GET SuperGlobal in POST || url,imperva.com/download.asp?id=421 1 || 2017445 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP POST SuperGlobal in POST || url,imperva.com/download.asp?id=421 1 || 2017446 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP COOKIE SuperGlobal in POST || url,imperva.com/download.asp?id=421 1 || 2017447 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP SESSION SuperGlobal in POST || url,imperva.com/download.asp?id=421 1 || 2017448 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP REQUEST SuperGlobal in POST || url,imperva.com/download.asp?id=421 1 || 2017449 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP ENV SuperGlobal in POST || url,imperva.com/download.asp?id=421 1 || 2017450 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura Sep 10 2013 1 || 2017451 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing Page 1 || 2017452 || 3 || trojan-activity || 0 || ET DELETED Blackhole hex and wordlist initial landing and exploit path 1 || 2017453 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Redirection - Forum Injection 1 || 2017454 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Payload Download Sep 11 2013 1 || 2017455 || 6 || trojan-activity || 0 || ET TROJAN Waledac FACEPUNCH Traffic Detected || url,trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_infiltrating_the_waledac_botnet_v2.pdf 1 || 2017456 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Variant PDF Download Sep 11 2013 1 || 2017457 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Java request to UNI.ME Domain Set 1 1 || 2017458 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Java request to UNI.ME Domain Set 2 1 || 2017459 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Java request to UNI.ME Domain Set 3 1 || 2017460 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Java request to UNI.ME Domain Set 4 1 || 2017461 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole obfuscated base64 decoder Sep 12 2013 1 || 2017462 || 2 || trojan-activity || 0 || ET TROJAN ZeroAccess P2P Module v6 Reporting || url,dnsamplificationattacks.blogspot.gr/p/blog-page.html 1 || 2017463 || 2 || attempted-user || 0 || ET WEB_CLIENT MS13-055 CAnchorElement Use-After-Free 1 || 2017464 || 2 || trojan-activity || 0 || ET TROJAN W32/Hesperus.Banker Tr-mail Variant Sending Data To CnC || url,blogs.mcafee.com/mcafee-labs/hesperus-evening-star-shines-as-latest-banker-trojan 1 || 2017465 || 3 || trojan-activity || 0 || ET TROJAN W32/Hesperus.Banker Nlog.php Variant Sending Data To CnC || url,blogs.mcafee.com/mcafee-labs/hesperus-evening-star-shines-as-latest-banker-trojan 1 || 2017466 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/FakeAhnAV.A CnC Beacon || url,blogs.mcafee.com/mcafee-labs/android-fake-av-hosted-in-google-code-targets-south-koreans 1 || 2017467 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Reversed Country Code and 32 hex Jar Sep 16 2013 1 || 2017468 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Fake Microsoft Security Update Applet Sep 16 2013 1 || 2017469 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible SNET EK VBS Download 1 || 2017470 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SNET EK Encoded VBS 1 1 || 2017471 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SNET EK Encoded VBS 2 1 || 2017472 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SNET EK Encoded VBS 3 1 || 2017473 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CoolEK Variant Payload Download Sep 16 2013 1 || 2017474 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Variant Landing Page - Applet Sep 16 2013 1 || 2017475 || 2 || trojan-activity || 0 || ET TROJAN Win32/Dipverdle.A Activity || md5,182ea2f564f6211d37a6c35a4bd99ee6 1 || 2017476 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY SweetOrange - Java Exploit Downloaded 1 || 2017477 || 5 || attempted-user || 0 || ET WEB_CLIENT CVE-2013-3893 Possible IE Memory Corruption Vulnerability with HXDS ASLR Bypass || cve,2013-3893 || url,blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx 1 || 2017478 || 4 || attempted-user || 0 || ET WEB_CLIENT CVE-2013-3893 IE Memory Corruption Vulnerability || cve,2013-3893 || url,blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx 1 || 2017479 || 5 || attempted-user || 0 || ET WEB_CLIENT CVE-2013-3893 IE Memory Corruption Vulnerability || cve,2013-3893 || url,blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx 1 || 2017480 || 5 || attempted-user || 0 || ET WEB_CLIENT CVE-2013-3893 IE Memory Corruption Vulnerability || cve,2013-3893 || url,blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx 1 || 2017481 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole initial landing/gate 1 || 2017482 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Styx - TDS - Redirect To Landing Page 1 || 2017483 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass 1 || 2017484 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass 1 || 2017485 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass 1 || 2017486 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass 1 || 2017487 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass 1 || 2017488 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass 1 || 2017489 || 2 || trojan-activity || 0 || ET TROJAN W32/Zzinfor.A Retrieving Instructions From CnC Server || md5,7e37a407a8fb0df3b2835419ad16f500 || md5,422b926dbbe03d0e4555328282c8f32b 1 || 2017490 || 2 || trojan-activity || 0 || ET TROJAN W32/Downloader.Mevade.FBV CnC Beacon || url,blog.trendmicro.com/trendlabs-security-intelligence/us-taiwan-most-affected-by-mevade-malware/ || url,blog.damballa.com/archives/2135 1 || 2017491 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino EK Landing URI Format Sep 19 2013 1 || 2017492 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Java Exploit Download Sep 19 2013 1 || 2017493 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Java Payload Download Sep 19 2013 1 || 2017494 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Possible JavaFX Click To Run Bypass 1 || url,seclists.org/bugtraq/2013/Jul/41 1 || 2017495 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible JavaFX Click To Run Bypass 2 || url,seclists.org/bugtraq/2013/Jul/41 1 || 2017496 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible JavaFX Click To Run Bypass 3 || url,seclists.org/bugtraq/2013/Jul/41 1 || 2017497 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin EK - Java Exploit - bona.jar 1 || 2017498 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blatantly Evil JS Function 1 || 2017499 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Probably Evil Long Unicode string only string and unescape 1 1 || 2017500 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Probably Evil Long Unicode string only string and unescape 2 1 || 2017501 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Probably Evil Long Unicode string only string and unescape 3 1 || 2017502 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Probably Evil Long Unicode string only string and unescape 3 1 || 2017503 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Used in various watering hole attacks 1 || 2017504 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic - *.com.exe HTTP Attachment 1 || 2017505 || 2 || trojan-activity || 0 || ET TROJAN Gh0st Trojan CnC 2 1 || 2017506 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Java Exploit Recieved - Atomic 1 || 2017507 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Cushion Redirection || url,malwaremustdie.blogspot.co.uk/2013/09/302-redirector-new-cushion-attempt-to.html 1 || 2017508 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Styx J7u21 click2play bypass 1 || 2017509 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Possible J7u21 click2play bypass 1 || 2017510 || 2 || attempted-user || 0 || ET EXPLOIT Metasploit CVE-2013-3205 Exploit Specific 1 || 2017511 || 2 || trojan-activity || 0 || ET TROJAN DeputyDog callback || url,www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html 1 || 2017512 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Caphaw DriveBy Campaign Statistic.js || url,research.zscaler.com/2013/09/a-new-wave-of-win32caphaw-attacks.html || url,blog.damballa.com/archives/2147 1 || 2017513 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Caphaw DriveBy Campaign Ping.html || url,research.zscaler.com/2013/09/a-new-wave-of-win32caphaw-attacks.html || url,blog.damballa.com/archives/2147 1 || 2017515 || 4 || attempted-recon || 0 || ET INFO User-Agent (python-requests) Inbound to Webserver 1 || 2017516 || 3 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr Checkin 1 || md5,d2e799904582f03281060689f5447585 1 || 2017517 || 4 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr Checkin 2 || md5,d2e799904582f03281060689f5447585 1 || 2017518 || 2 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr CnC command (/iam-ready) || url,www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-houdini.html 1 || 2017519 || 2 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr CnC command (is-enum-driver) || url,www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-houdini.html 1 || 2017520 || 3 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr CnC command (is-enum-folder) || url,www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-houdini.html 1 || 2017521 || 2 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr CnC command (is-enum-process) || url,www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-houdini.html 1 || 2017522 || 2 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr CnC command (is-cmd-shell) || url,www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-houdini.html 1 || 2017523 || 5 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr CnC command response || url,www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-houdini.html 1 || 2017524 || 3 || trojan-activity || 0 || ET TROJAN DATA-BROKER BOT Activity || url,krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/ || md5,adcfe50aaaa0928adf2785fefe7307cc 1 || 2017525 || 2 || trojan-activity || 0 || ET TROJAN OSX/Leverage.A Checkin 1 || 2017526 || 3 || trojan-activity || 0 || ET TROJAN Hiloti/Mufanom CnC Response 1 || 2017527 || 3 || trojan-activity || 0 || ET TROJAN W32/Napolar Checkin || url,blog.avast.com/2013/09/25/win3264napolar-new-trojan-shines-on-the-cyber-crime-scene/ || url,www.welivesecurity.com/2013/09/25/win32napolar-a-new-bot-on-the-block/ || md5,2c344add2ee6201f4e2cdf604548408b 1 || 2017528 || 4 || bad-unknown || 0 || ET WEB_SERVER UA WordPress, probable DDOS-Attack || url,thehackernews.com/2013/09/thousands-of-wordpress-blogs.html || url,pastebin.com/NP64hTQr 1 || 2017529 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS LightsOut EK Payload Download || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017530 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK info3i.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017531 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK info3i.php || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017532 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK inden2i.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017533 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK sort.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017534 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK leks.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017535 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK negc.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017536 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK negq.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017537 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK leks.jar || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017538 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK start.jar || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017539 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK stoq.jar || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017540 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK erno_rfq.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017541 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK inden2i.php || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017542 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK gami.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017543 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK gami.jar || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017544 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS LightsOut EK POST Compromise POST || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector 1 || 2017545 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing with Applet Sep 30 2013 1 || 2017546 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible FortDisco POP3 Site list download || md5,538a4cedad8791e27088666a4a6bf9c5 || md5,87c21bc9c804cefba6bb4148dbe4c4de || url,www.abuse.ch/?p=5813 1 || 2017547 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Jar Download Sep 30 2013 || md5,d58fea2d0f791e65c6aae8e52f7089c1 1 || 2017548 || 4 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 3 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 1 || 2017549 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake MS Security Update (Jar) 1 || 2017550 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK Landing Oct 1 2013 1 || 2017551 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Obfuscated http 2 digit sep in applet (Seen in HiMan EK) 1 || 2017552 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Cushion Redirection || url,malwaremustdie.blogspot.co.uk/2013/09/302-redirector-new-cushion-attempt-to.html 1 || 2017553 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK Reporting Host/Exploit Info 1 || 2017554 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS BHEK Payload Download (java only alternate method may overlap with 2017454) 1 || 2017555 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DotkaChef EK initial landing from Oct 02 2013 mass-site compromise EK campaign 1 || 2017556 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Variant PDF Download 1 || 2017557 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible Java CVE-2013-1488 java.sql.Drivers Service Object in JAR || cve,2013-1488 || url,www.contextis.com/research/blog/java-pwn2own/ || url,www.rapid7.com/db/modules/exploit/multi/browser/java_jre17_driver_manager 1 || 2017558 || 2 || misc-activity || 0 || ET TROJAN Mevade Checkin 1 || 2017559 || 2 || trojan-activity || 0 || ET TROJAN SSH Connection on 443 - Mevade Banner 1 || 2017560 || 3 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS Possible WHMCS SQLi AES_ENCRYPT at start of value || url,localhost.re/p/whmcs-527-vulnerability 1 || 2017561 || 3 || trojan-activity || 0 || ET MALWARE W32/Wajam.Adware Sucessful Install 1 || 2017562 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing with Applet Oct 4 2013 1 || 2017563 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible Java CVE-2013-2465 Based on PoC || cve,2013-2465 || url,seclists.org/fulldisclosure/2013/Aug/134 || url,malwageddon.blogspot.com/2013/10/unknown-ek-i-wanna-be-billionaire-so.html 1 || 2017564 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Unknown EK Landing || cve,2013-2465 || url,malwageddon.blogspot.com/2013/10/unknown-ek-i-wanna-be-billionaire-so.html || url,seclists.org/fulldisclosure/2013/Aug/134 1 || 2017565 || 4 || bad-unknown || 0 || ET INFO Obfuscated fromCharCode 1 || 2017566 || 5 || bad-unknown || 0 || ET INFO Obfuscated fromCharCode 1 || 2017567 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FiestaEK js-redirect 1 || 2017568 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible Metasploit Java CVE-2013-2465 Class Name Sub Algo || cve,2013-2465 || url,seclists.org/fulldisclosure/2013/Aug/134 || url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_storeimagearray.rb 1 || 2017569 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Landing Page 1 || 2017570 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Exploit Download 1 || 2017571 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Payload Download 1 || 2017572 || 5 || attempted-user || 0 || ET WEB_CLIENT Possible Microsoft Internet Explorer Use-After-Free CVE-2013-3897 || cve,2013-3897 1 || 2017573 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible JBoss/JMX InvokerServlet RCE Using Marshalled Object || url,www.exploit-db.com/exploits/28713/ 1 || 2017574 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible JBoss/JMX EJBInvokerServlet RCE Using Marshalled Object || url,www.exploit-db.com/exploits/28713/ 1 || 2017575 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible VBulletin Unauthorized Admin Account Creation || url,blog.imperva.com/2013/10/threat-advisory-a-vbulletin-exploit-administrator-injection.html 1 || 2017576 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Styx EK jply.html 1 || 2017577 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Fiesta EK Landing Oct 09 2013 1 || 2017578 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake MS Security Update EK (Payload Download) 1 || 2017579 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS Possible Secondary Indicator of Java Exploit (Artifact Observed mostly in EKs/a few mis-configured apps) 1 || 2017580 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DotkaChef Payload October 09 1 || 2017582 || 3 || trojan-activity || 0 || ET TROJAN CryptoLocker Ransomware check-in 2 || md5,a354873df6dbce59e801380cee39ac17 1 || 2017583 || 4 || trojan-activity || 0 || ET TROJAN CryptoLocker EXE Download 1 || 2017584 || 5 || trojan-activity || 0 || ET TROJAN CryptoLocker Ransomware check-in || md5,6afc848066d274d8632c742340560a67 1 || 2017585 || 3 || trojan-activity || 0 || ET TROJAN Possible W32/KanKan tools.ini Request || url,www.welivesecurity.com/2013/10/11/win32kankan-chinese-drama/ 1 || 2017586 || 2 || trojan-activity || 0 || ET TROJAN Possible W32/KanKan Update officeaddinupdate.xml Request || url,www.welivesecurity.com/2013/10/11/win32kankan-chinese-drama/ 1 || 2017587 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Opfake.A GetTask CnC Beacon || url,quequero.org/2013/09/android-opfake-malware-analysis/ 1 || 2017588 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Opfake.A Country CnC Beacon || url,quequero.org/2013/09/android-opfake-malware-analysis/ 1 || 2017589 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Initial Payload Internet Connectivity Check || url,malwageddon.blogspot.fi/2013/09/unknown-ek-it-aint-no-trick-to-get-rich.html 1 || 2017590 || 3 || attempted-admin || 0 || ET CURRENT_EVENTS D-LINK Router Backdoor via Specific UA || url,www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/ 1 || 2017591 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Malvertising Related EK Landing Oct 14 2013 || url,www.malwaresigs.com/2013/10/14/unknown-ek/ 1 || 2017592 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Malvertising Related EK Redirect Oct 14 2013 || url,malwageddon.blogspot.fi/2013/09/unknown-ek-it-aint-no-trick-to-get-rich.html 1 || 2017593 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino EK Landing URI Format Oct 15 2013 1 || 2017594 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Exploit Download Oct 15 2013 1 || 2017595 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Payload Download Oct 15 2013 1 || 2017596 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino XORed pluginDetect 1 1 || 2017597 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino XORed pluginDetect 2 1 || 2017598 || 5 || trojan-activity || 0 || ET TROJAN Possible Kelihos.F EXE Download Common Structure 1 || 2017599 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Egobot Checkin || url,symantec.com/connect/blogs/backdooregobot-how-effectively-execute-targeted-campaign 1 || 2017600 || 2 || trojan-activity || 0 || ET TROJAN W32.Nemim Checkin || url,symantec.com/connect/blogs/infostealernemim-how-pervasive-infostealer-continues-evolve 1 || 2017601 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 IE Exploit URI Struct 1 || 2017602 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK - Landing Page - Java ClassID and 32/32 archive Oct 16 2013 1 || 2017603 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit 32-32 byte hex java payload request Oct 16 2013 1 || 2017604 || 2 || successful-admin || 0 || ET WEB_SERVER PHP WebShell Embedded In GIF (OUTBOUND) || url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html 1 || 2017605 || 2 || successful-admin || 0 || ET WEB_SERVER PHP WebShell Embedded In JPG (OUTBOUND) || url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html 1 || 2017606 || 2 || successful-admin || 0 || ET WEB_SERVER PHP WebShell Embedded In PNG (OUTBOUND) || url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html 1 || 2017607 || 2 || successful-admin || 0 || ET WEB_SERVER PHP WebShell Embedded In GIF (INBOUND) || url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html 1 || 2017608 || 2 || successful-admin || 0 || ET WEB_SERVER PHP WebShell Embedded In JPG (INBOUND) || url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html 1 || 2017609 || 3 || successful-admin || 0 || ET WEB_SERVER PHP WebShell Embedded In PNG (INBOUND) || url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html 1 || 2017610 || 2 || web-application-attack || 0 || ET DELETED vBulletin Administrator Injection Attempt || url,blog.imperva.com/2013/10/threat-advisory-a-vbulletin-exploit-administrator-injection.html 1 || 2017611 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt || url,security.coverity.com/advisory/2013/Oct/two-path-traversal-defects-in-oracles-jsf2-implementation.html || cve,2013-3815 1 || 2017612 || 5 || trojan-activity || 0 || ET DELETED Kelihos p2p traffic detected via byte_test - SET 1 || 2017613 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Magnitude EK (formerly Popads) IE Exploit with IE UA Oct 16 2013 1 || 2017614 || 2 || trojan-activity || 0 || ET DELETED Kelihos p2p traffic detected via byte_test CnC Response 1 || 2017615 || 4 || network-scan || 0 || ET SCAN NETWORK Outgoing Masscan detected || url,blog.erratasec.com/2013/10/that-dlink-bug-masscan.html || url,blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html 1 || 2017616 || 4 || network-scan || 0 || ET SCAN NETWORK Incoming Masscan detected || url,blog.erratasec.com/2013/10/that-dlink-bug-masscan.html || url,blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html 1 || 2017617 || 3 || trojan-activity || 0 || ET TROJAN W32/Onkod.Downloader Executable Download || url,blog.fortinet.com/Avoiding-Heuristic-Detection/ 1 || 2017620 || 3 || trojan-activity || 0 || ET TROJAN Kuluoz Activity || md5,c71416a9ec5414fe487167b5bfd921ec 1 || 2017621 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Cutwail Redirect to Magnitude EK || url,www.secureworks.com/resources/blog/research/cutwail-spam-swapping-blackhole-for-magnitude-exploit-kit/ 1 || 2017622 || 5 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS WHMCS lt 5.2.8 SQL Injection || url,localhost.re/res/whmcs2.py 1 || 2017623 || 3 || attempted-admin || 0 || ET CURRENT_EVENTS Tenda Router Backdoor 1 || url,www.devttys0.com/2013/10/from-china-with-love/ 1 || 2017624 || 3 || attempted-admin || 0 || ET CURRENT_EVENTS Tenda Router Backdoor 2 || url,www.devttys0.com/2013/10/from-china-with-love/ 1 || 2017625 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS 81a338 Hacked Site Response (Outbound) 1 || 2017626 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS 81a338 Hacked Site Response (Inbound) 1 || 2017628 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sakura Jar Download Oct 22 2013 1 || 2017629 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS FlashPack Oct 23 2013 1 || 2017630 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK encrypted binary (1) 1 || 2017631 || 2 || attempted-admin || 0 || ET CURRENT_EVENTS Netgear WNDR4700 Auth Bypass || url,securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp 1 || 2017632 || 2 || attempted-admin || 0 || ET CURRENT_EVENTS Netgear WNDR3700 Auth Bypass || url,shadow-file.blogspot.ro/2013/10/complete-persistent-compromise-of.html 1 || 2017633 || 3 || trojan-activity || 0 || ET TROJAN Athena DDoS Bot Checkin || md5,19ca0d830cd7b44e5de1ab85f4e17d82 1 || 2017634 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing Page Oct 25 2013 1 || 2017635 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Landing Page Oct 25 2013 1 || 2017636 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK PDF URI Struct 1 || 2017637 || 2 || bad-unknown || 0 || ET INFO Java File Sent With X-Powered By HTTP Header - Common In Exploit Kits 1 || 2017638 || 2 || attempted-admin || 0 || ET CURRENT_EVENTS Alpha Networks ADSL2/2+ router remote administration password disclosure || url,packetstorm.foofus.com/1208-exploits/asl26555_pass_disclosure.txt 1 || 2017639 || 6 || bad-unknown || 0 || ET INFO JAR Size Under 30K Size - Potentially Hostile 1 || 2017640 || 2 || bad-unknown || 0 || ET WEB_SERVER Possible Encrypted Webshell Download || url,blog.sucuri.net/2013/10/backdoor-evasion-using-encrypted-content.html 1 || 2017641 || 3 || bad-unknown || 0 || ET WEB_SERVER Possible Encrypted Webshell in POST || url,blog.sucuri.net/2013/10/backdoor-evasion-using-encrypted-content.html 1 || 2017642 || 3 || trojan-activity || 0 || ET TROJAN Linux/Ssemgrvd sshd Backdoor HTTP CNC 1 1 || 2017643 || 3 || trojan-activity || 0 || ET TROJAN Linux/Ssemgrvd sshd Backdoor HTTP CNC 2 1 || 2017644 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Host Domain .bit || url,www.normanshark.com/blog/necurs-cc-domains-non-censorable/ 1 || 2017645 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Domain .bit || url,www.normanshark.com/blog/necurs-cc-domains-non-censorable/ 1 || 2017646 || 4 || trojan-activity || 0 || ET TROJAN possible TRAT proxy component user agent detected || url,www.fireeye.com/blog/technical/malware-research/2013/10/evasive-tactics-terminator-rat.html 1 || 2017647 || 2 || trojan-activity || 0 || ET TROJAN FakeAV Install || md5,d1663e13314a6722db7cb7549b470c64 1 || 2017648 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sweet Orange payload Request 1 || 2017649 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange encrypted payload 1 || 2017650 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO/Grandsoft Plugin-Detect 1 || 2017652 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Landing URI Format Nov 1 2013 1 || 2017653 || 13 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Exploit/Payload Download Nov 1 2013 || url,pastebin.com/194D8UuK 1 || 2017654 || 4 || trojan-activity || 0 || ET DELETED W32/Badur.Spy User Agent HWMPro || md5,234c47b5b29a2cfcc00900bbc13ea181 1 || 2017655 || 3 || trojan-activity || 0 || ET TROJAN W32/Badur.Spy User Agent lawl || md5,4f5d28c43795b9c4e6257bf26c52bdfe 1 || 2017656 || 3 || trojan-activity || 0 || ET TROJAN W32/InstallMonster.Downloader Checkin || md5,70a6d9cb37e346b4dfd28bd4ea1f8671 1 || 2017657 || 6 || attempted-user || 0 || ET WEB_CLIENT SUSPICIOUS JS Multiple Debug Math.atan2 calls with CollectGarbage || url,blog.exodusintel.com/2013/01/02/happy-new-year-analysis-of-cve-2012-4792/ || url,cyvera.com/cve-2013-3897-analysis-of-yet-another-ie-0-day/ 1 || 2017658 || 5 || trojan-activity || 0 || ET TROJAN Unknown Trojan Secondary Download || md5,3a2c3b422a7ec78f88a939d20ed07615 1 || 2017659 || 5 || trojan-activity || 0 || ET TROJAN Unknown Trojan Download || md5,3a2c3b422a7ec78f88a939d20ed07615 1 || 2017660 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious Cookie Set By Flash Malvertising || md5,cce9dcad030c4cba605a8ee65572136a 1 || 2017661 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Redirect to Neutrino goi.php Nov 4 2013 1 || 2017662 || 2 || trojan-activity || 0 || ET TROJAN Known Sinkhole Response Header || md5,723a90462a417337355138cc6aba2290 1 || 2017663 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS Fredcot campaign php5-cgi initial exploit || cve,2012-1823 || url,eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ 1 || 2017664 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Fredcot campaign payload download || md5,e69bbd29f2822c1846d569ace710c9d5 || url,permalink.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/20243 1 || 2017665 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Fredcot campaign IRC CnC || md5,e69bbd29f2822c1846d569ace710c9d5 || url,permalink.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/20243 1 || 2017666 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK JAR URI Struct Nov 05 2013 1 || 2017667 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 05 2013 1 || 2017668 || 4 || attempted-user || 0 || ET TROJAN Possible Backdoor.Adwind Download || url,www.symantec.com/security_response/writeup.jsp?docid=2013-070113-1904-99&tabid=3 1 || 2017669 || 5 || misc-activity || 0 || ET INFO Zip File 1 || 2017670 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS Word DOCX with Many ActiveX Objects and Media || url,blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2 1 || 2017671 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CVE-2013-3906 CnC Checkin || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets 1 || 2017672 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS msctcd.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets 1 || 2017673 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS taskmgr.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets 1 || 2017674 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS wsqmocn.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets 1 || 2017675 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS connhost.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets 1 || 2017676 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS lgfxsrvc.exe in URI Probable Process Dump/Trojan Download 1 || 2017677 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS wimhost.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets 1 || 2017678 || 3 || trojan-activity || 0 || ET DELETED SUSPICIOUS lgfxsrvc.exe in URI Probable Process Dump/Trojan Download 1 || 2017679 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS winlog.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets 1 || 2017680 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS waulct.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets 1 || 2017681 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS alg.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets 1 || 2017682 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS mssrs.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets 1 || 2017683 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS winhosts.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets 1 || 2017684 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible SUPERMICRO IPMI login.cgi Name Parameter Buffer Overflow Attempt CVE-2013-3621 || cve,CVE-2013-3621 || url,community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities 1 || 2017685 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible SUPERMICRO IPMI login.cgi PWD Parameter Buffer Overflow Attempt CVE-2013-3621 || cve,CVE-2013-3621 || url,community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities 1 || 2017686 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible SUPERMICRO IPMI close_window.cgi sess_sid Parameter Buffer Overflow Attempt CVE-2013-3623 || cve,CVE-2013-3623 || url,community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities 1 || 2017687 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible SUPERMICRO IPMI close_window.cgi ACT Parameter Buffer Overflow Attempt CVE-2013-3623 || cve,CVE-2013-3623 || url,community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities 1 || 2017688 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible SUPERMICRO IPMI url_redirect.cgi Directory Traversal Attempt || url,community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities 1 || 2017689 || 2 || trojan-activity || 0 || ET TROJAN Possible Schneebly Posting ScreenShot || url,www.alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets 1 || 2017690 || 2 || trojan-activity || 0 || ET TROJAN W32/Citadel.Arx Variant CnC Beacon 1 || url,botnetlegalnotice.com/citadel/files/Patel_Decl_Ex20.pdf || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/the-dual-use-exploit-cve-2013-3906-used-in-both-targeted-attacks-and-crimeware-campaigns.html 1 || 2017691 || 2 || trojan-activity || 0 || ET TROJAN W32/Citadel.Arx Varient CnC Beacon 2 || url,botnetlegalnotice.com/citadel/files/Patel_Decl_Ex20.pdf || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/the-dual-use-exploit-cve-2013-3906-used-in-both-targeted-attacks-and-crimeware-campaigns.html 1 || 2017693 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Styx iframe with obfuscated CVE-2013-2551 1 || 2017694 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Magnitude IE EK Payload Nov 8 2013 1 || 2017695 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Angler EK Flash Exploit 1 || 2017696 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FaceBook IM & Web Driven Facebook Trojan Download || url,pastebin.com/raw.php?i=tdATTg7L 1 || 2017697 || 5 || trojan-activity || 0 || ET TROJAN FaceBook IM & Web Driven Facebook Trojan Posting Data || url,pastebin.com/raw.php?i=tdATTg7L 1 || 2017698 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude Landing Nov 11 2013 1 || 2017699 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Grandsoft/SofosFO EK PDF URI Struct 1 || 2017700 || 3 || trojan-activity || 0 || ET TROJAN Possible Stitur Secondary Download 1 || 2017701 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS webr00t WebShell Access || url,blog.sucuri.net/2013/11/case-study-analyzing-a-wordpress-attack-dissecting-the-webr00t-cgi-shell-part-i.html 1 || 2017702 || 2 || trojan-activity || 0 || ET TROJAN Possible Trojan.APT.9002 POST || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html 1 || 2017703 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Possible Flash/IE Payload 1 || 2017704 || 3 || attempted-user || 0 || ET WEB_CLIENT Possible IE 0day CVE-2013-3918 1 || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html 1 || 2017705 || 3 || attempted-user || 0 || ET WEB_CLIENT Possible IE 0day CVE-2013-3918 2 || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html 1 || 2017706 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sweet Orange IE Payload Request 1 || 2017707 || 1 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 4 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 1 || 2017708 || 3 || attempted-user || 0 || ET WEB_CLIENT Possible IE 0day CVE-2013-3918 3 || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html 1 || 2017709 || 3 || attempted-user || 0 || ET WEB_CLIENT Possible IE 0day CVE-2013-3918 4 || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html 1 || 2017710 || 3 || trojan-activity || 0 || ET TROJAN Bamital checkin 1 || 2017711 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Fake Codec Download 1 || 2017712 || 10 || attempted-admin || 0 || ET EXPLOIT Microsoft Outlook/Crypto API X.509 oid id-pe-authorityInfoAccessSyntax design bug allow blind HTTP requests attempt || cve,2013-3870 || url,www.microsoft.com/technet/security/bulletin/MS13-068.mspx || url,blog.nruns.com/blog/2013/11/12/A-portscan-by-email-Alex 1 || 2017713 || 6 || trojan-activity || 0 || ET TROJAN Taidoor Checkin || url,fireeye.com/blog/technical/cyber-exploits/2013/11/exploit-proliferation-additional-threat-groups-acquire-cve-2013-3906.html || md5,17f9f999e1814b99601446f8ce7eb816 1 || 2017714 || 5 || trojan-activity || 0 || ET TROJAN PlugX Checkin || url,fireeye.com/blog/technical/cyber-exploits/2013/11/exploit-proliferation-additional-threat-groups-acquire-cve-2013-3906.html || md5,17f9f999e1814b99601446f8ce7eb816 1 || 2017715 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Angler EK SilverLight Exploit 1 || 2017716 || 3 || trojan-activity || 0 || ET TROJAN Athena Bot Nick in IRC || url,arbornetworks.com/asert/2013/11/athena-a-ddos-malware-odyssey/ || md5,859c2fec50ba1212dca9f00aa4a64ec4 1 || 2017717 || 3 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Botnet Monitor Request CnC Beacon || url,www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/ 1 || 2017718 || 4 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Botnet Login Request CnC Beacon || url,www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/ 1 || 2017721 || 3 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev V1.Botnet HTTP Login POST Flood Traffic Outbound || url,www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/ 1 || 2017722 || 3 || attempted-dos || 0 || ET DOS Trojan.BlackRev V1.Botnet HTTP Login POST Flood Traffic Inbound || url,www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/ 1 || 2017723 || 2 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Botnet Command Request CnC Beacon || url,www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/ 1 || 2017724 || 3 || trojan-activity || 0 || ET TROJAN PWS Win32/Lmir.BMQ checkin || md5,0fe0cf9a2d8c3ccd1c92acbb81ff6343 || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=PWS%3AWin32%2FLmir.BMQ 1 || 2017725 || 5 || trojan-activity || 0 || ET TROJAN Sisproc update || md5,f8b3fb4e5f8f1b3bd643e58f1015f9fc 1 || 2017726 || 4 || trojan-activity || 0 || ET TROJAN Downloader (P2P Zeus dropper UA) 1 || 2017727 || 6 || trojan-activity || 0 || ET TROJAN Possible SSH Linux.Fokirtor backchannel command || url,www.symantec.com/connect/blogs/linux-back-door-uses-covert-communication-protocol 1 || 2017728 || 2 || trojan-activity || 0 || ET TROJAN Trojan.Dropper.Win32.Dapato.braa.AMN CnC traffic || md5,6ef66c2336b2b5aaa697c2d0ab2b66e2 1 || 2017729 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Angler Landing Nov 18 2013 1 || 2017730 || 4 || attempted-user || 0 || ET EXPLOIT JavaX Toolkit Posting Plugin-Detect Data || url,github.com/MrXors/Javax/ 1 || 2017731 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Styx EK SilverLight Payload 1 || 2017732 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Styx/Angler SilverLight Exploit 1 || 2017733 || 2 || trojan-activity || 0 || ET DELETED Possible Upatre Downloader SSL certificate 1 || 2017734 || 4 || attempted-admin || 0 || ET WEB_SERVER WEBSHELL pwn.jsp shell || url,nickhumphreyit.blogspot.co.il/2013/10/jboss-42-hacked-by-pwnjsp.html || url,blog.imperva.com/2013/11/threat-advisory-a-jboss-as-exploit-web-shell-code-injection.html 1 || 2017735 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS WhiteLotus EK PluginDetect Nov 20 2013 1 || 2017736 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible WhiteLotus EK 2013-2551 Exploit 1 1 || 2017737 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible WhiteLotus EK 2013-2551 Exploit 2 1 || 2017738 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible WhiteLotus EK 2013-2551 Exploit 3 1 || 2017739 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible WhiteLotus Java Payload 1 || 2017740 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing Page Nov 21 2013 1 || 2017741 || 3 || attempted-user || 0 || ET TROJAN Kryptik Check-in 1 || 2017742 || 2 || trojan-activity || 0 || ET TROJAN Solarbot Check-in 1 || 2017743 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible WhiteLotus IE Payload 1 || 2017744 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS StyX EK Payload Cookie 1 || 2017745 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Media Player malware binary requested 1 || 2017746 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Downloader Win32.Genome.AV || md5,d14314ceb74c8c1a8e1e8ca368d75501 1 || 2017747 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Downloader Win32.Genome.AV server response || md5,d14314ceb74c8c1a8e1e8ca368d75501 1 || 2017748 || 6 || misc-activity || 0 || ET INFO Java Downloading Archive flowbit no alert 1 || 2017749 || 6 || misc-activity || 0 || ET INFO Java Downloading Class flowbit no alert 1 || 2017750 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible PHISH Remax - AOL Creds 1 || 2017751 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible PHISH Remax - Yahoo Creds 1 || 2017752 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible PHISH Remax - GMail Creds 1 || 2017753 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible PHISH Remax - Hotmail Creds 1 || 2017754 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible PHISH Remax - Other Creds 1 || 2017755 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Goon EK Java Payload 1 || 2017756 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Goon EK Jar Download 1 || 2017757 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Lang Runtime in B64 Observed in Goon EK 1 1 || 2017758 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Lang Runtime in B64 Observed in Goon EK 2 1 || 2017759 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Lang Runtime in B64 Observed in Goon EK 3 1 || 2017760 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class file Accessing Security Manager 1 || 2017761 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class file Importing Protection Domain 1 || 2017762 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Accessing Importing glassfish 1 || 2017763 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class B64 encoded class 1 || 2017764 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing jmx mbeanserver 1 || 2017765 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing mbeanserver Introspector 1 || 2017766 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing glassfish external statistics impl 1 || 2017767 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing management MBeanServer 1 || 2017768 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Mozilla JS Class Creation 1 || 2017769 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Hex Encoded Class file 1 || 2017770 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing tracing Provider Factory 1 || 2017771 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing Classes used in awt exploits 1 || 2017772 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing Classe used in CVE-2013-2471/2472/2473 1 || 2017773 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing Classe used in CVE-2013-2465/2463 1 || 2017774 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 URI Struct Nov 26 2013 1 || 2017775 || 7 || trojan-activity || 0 || ET TROJAN Darkness DDoS HTTP Target/EXE 1 || 2017776 || 7 || trojan-activity || 0 || ET TROJAN Darkness DDoS Common Intial Check-in Response wtf || md5,a9af388f5a627aa66c34074ef45db1b7 1 || 2017777 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access takeCameraPicture || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html 1 || 2017778 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access getGalleryImage || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html 1 || 2017779 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access makeCall || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html 1 || 2017780 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access postToSocial || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html 1 || 2017781 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access sendMail || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html 1 || 2017782 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access sendSMS || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html 1 || 2017783 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access registerMicListener || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html 1 || 2017784 || 3 || trojan-activity || 0 || ET TROJAN WORM_VOBFUS Checkin Generic 2 || md5,f127ed76dc5e48f69a1070f314488ce2 || url,blog.trendmicro.com/trendlabs-security-intelligence/watch-out-for-worm_vobfus/ || url,blog.dynamoo.com/2012/11/vobfus-sites-to-block.html 1 || 2017785 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK IE Exploit CVE-2013-2551 1 || 2017786 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SNET EK Activity Nov 27 2013 1 || 2017787 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.KorBanker Fake Banking App Install CnC Beacon || url,www.fireeye.com/blog/technical/targeted-attack/2013/11/dissecting-android-korbanker.html || md5,a68bbfe91fab666daaf2c070db00022f || md5,a68bbfe91fab666daaf2c070db00022f 1 || 2017788 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.KorBanker Sucessful Fake Banking App Install CnC Server Acknowledgement || url,www.fireeye.com/blog/technical/targeted-attack/2013/11/dissecting-android-korbanker.html || md5,a68bbfe91fab666daaf2c070db00022f || md5,a68bbfe91fab666daaf2c070db00022f 1 || 2017789 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS JJEncode Encoded Script Inside of PDF Likely Evil || md5,6776bda19a3a8ed4c2870c34279dbaa9 1 || 2017790 || 2 || attempted-user || 0 || ET EXPLOIT Adobe PDF CVE-2013-0640 || url,www.exploit-db.com/exploits/29881/ 1 || 2017791 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Polling/Check-in/Compromise from fake DHL mailing campaign 1 || 2017792 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Hostile fake DHL mailing campaign 1 || 2017793 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK - Payload Requested 1 || 2017794 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK - Flash Exploit 1 || 2017795 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK - Payload Downloaded - EXE in ZIP Downloaded by Java 1 || 2017796 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK - Landing Page 1 || 2017797 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK - TDS - POST hyt= 1 || 2017798 || 2 || trojan-activity || 0 || ET EXPLOIT Zollard PHP Exploit UA || url,deependresearch.org/2013/12/hey-zollard-leave-my-internet-of-things.html 1 || 2017801 || 3 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS PeopleSoft Portal Command with Default Creds || url,media.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs-and-Business-Applications-Slides.pdf 1 || 2017802 || 3 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS SAP Possible CTC Auth/HTTP Verb Bypass Attempt || url,media.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs-and-Business-Applications-Slides.pdf 1 || 2017803 || 4 || attempted-admin || 0 || ET WEB_SERVER Possible WebLogic Admin Login With Default Creds || url,media.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs-and-Business-Applications-Slides.pdf 1 || 2017804 || 3 || attempted-admin || 0 || ET WEB_SERVER Possible WebLogic Admin Login With Default Creds || url,media.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs-and-Business-Applications-Slides.pdf 1 || 2017805 || 3 || attempted-user || 0 || ET WEB_SERVER Possible WebLogic Monitor Login With Default Creds || url,media.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs-and-Business-Applications-Slides.pdf 1 || 2017806 || 2 || attempted-user || 0 || ET WEB_SERVER Possible WebLogic Operator Login With Default Creds || url,media.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs-and-Business-Applications-Slides.pdf 1 || 2017807 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible MySQL SQLi User-Dump Attempt || url,pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet 1 || 2017808 || 2 || web-application-attack || 0 || ET WEB_SERVER Possible MySQL SQLi Attempt Information Schema Access || url,pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet 1 || 2017809 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK XOR'd Payload 1 || 2017810 || 2 || trojan-activity || 0 || ET EXPLOIT Metasploit Browser Exploit Server Plugin Detect 1 || 2017811 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Jar Download 1 || 2017812 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Safe/CritX/FlashPack URI with Windows Plugin-Detect Data 1 || 2017813 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Safe/CritX/FlashPack SilverLight Payload 1 || 2017814 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Safe/CritX/FlashPack URI Struct .php?id=Hex 1 || 2017815 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Safe/CritX/FlashPack Edwards Packed PluginDetect 1 || 2017816 || 4 || trojan-activity || 0 || ET TROJAN Possible Upatre Downloader SSL certificate || url,blogs.technet.com/b/mmpc/archive/2013/10/31/upatre-emerging-up-d-at-er-in-the-wild.aspx 1 || 2017817 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013 1 || 2017818 || 2 || trojan-activity || 0 || ET TROJAN Common Zbot EXE filename Dec 09 2013 1 || 2017819 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Styx EK iexp.html 1 || 2017820 || 5 || trojan-activity || 0 || ET WEB_SERVER IIS ISN BackDoor Command GetLog || url,blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module.html 1 || 2017821 || 5 || trojan-activity || 0 || ET WEB_SERVER IIS ISN BackDoor Command Delete Log || url,blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module.html 1 || 2017822 || 5 || trojan-activity || 0 || ET WEB_SERVER IIS ISN BackDoor Command Get Logpath || url,blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module.html 1 || 2017823 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS heapSpray in jjencode || url,www.invincea.com/2013/12/e-k-i-a-adobe-reader-exploit-cve-2013-3346-kernel-ndproxy-sys-zero-day-eop/ 1 || 2017824 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino Landing Page Dec 09 2013 1 || 2017825 || 2 || trojan-activity || 0 || ET EXPLOIT Zollard PHP Exploit UA Outbound || cve,2012-1823 || url,blogs.cisco.com/security/the-internet-of-everything-including-malware/ 1 || 2017826 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SPL2 EK Landing Dec 09 2013 1 || 2017827 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS SPL2 EK Dec 09 2013 Java Request 1 || 2017828 || 2 || trojan-activity || 0 || ET WEB_SERVER Perl/Mambo.WebShell Spreader IRC Scanning Message 1 || 2017829 || 2 || trojan-activity || 0 || ET WEB_SERVER Perl/Mambo.WebShell Spreader IRC Open Ports Message 1 || 2017830 || 1 || trojan-activity || 0 || ET WEB_SERVER Perl/Mambo.WebShell Spreader IRC No Open Ports Message 1 || 2017831 || 2 || trojan-activity || 0 || ET WEB_SERVER Mambo.PerlBot Spreader IRC DDOS Attacking Message 1 || 2017832 || 1 || trojan-activity || 0 || ET WEB_SERVER Mambo.PerlBot Spreader IRC DDOS Attack Done Message 1 || 2017833 || 2 || trojan-activity || 0 || ET WEB_SERVER Mambo.PerlBot Spreader IRC DDOS PerlBot Version Message 1 || 2017834 || 2 || trojan-activity || 0 || ET WEB_SERVER Mambo.PerlBot Spreader IRC DDOS Mambo Scanning Message 1 || 2017835 || 3 || trojan-activity || 0 || ET WEB_SERVER Mambo.PerlBot Spreader IRC DDOS Exploited Message 1 || 2017836 || 3 || trojan-activity || 0 || ET TROJAN Possible Zbot Activity Common Download Struct 1 || 2017837 || 3 || trojan-activity || 0 || ET TROJAN Possible Zbot Activity Common Download Struct 1 || 2017838 || 2 || trojan-activity || 0 || ET TROJAN HTTP Connection To Known Sinkhole Domain sinkdns.org 1 || 2017839 || 2 || trojan-activity || 0 || ET TROJAN Vawtrak/NeverQuest Checkin 1 || 2017840 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit - JAR Exploit 1 || 2017841 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit - HTML 1 || 2017842 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS winhost(32|64).exe in URI 1 || 2017843 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS pony.exe in URI 1 || 2017844 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit - EOT Exploit 1 || 2017845 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY FakeUpdate - URI - /styles/javaupdate.css 1 || 2017846 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY FakeUpdate - URI - Payload Requested 1 || 2017847 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Browlock Landing Page URI Struct 1 || 2017848 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SPL2 EK SilverLight 1 || 2017849 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CVE-2013-2551 As seen in SPL2 EK 1 || 2017850 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SPL2 PluginDetect Data Hash 1 || 2017851 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK Exploit URI Struct 1 || 2017852 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK Secondary Landing 1 || 2017853 || 2 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS Wordpress OptimizePress Arbitratry File Upload || url,blog.sucuri.net/2013/12/wordpress-optimizepress-theme-file-upload-vulnerability.html 1 || 2017854 || 2 || attempted-admin || 0 || ET CURRENT_EVENTS PHP script in OptimizePress Upload Directory Possible WebShell Access || url,blog.sucuri.net/2013/12/wordpress-optimizepress-theme-file-upload-vulnerability.html 1 || 2017855 || 2 || trojan-activity || 0 || ET TROJAN W32/Ke3chang.MovieStar.APT Campaign CnC Beacon || url,www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf || url,www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html 1 || 2017856 || 2 || trojan-activity || 0 || ET TROJAN W32/Ke3chang.Snake.APT Campaign CnC Beacon || url,www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf || url,www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html 1 || 2017857 || 2 || trojan-activity || 0 || ET TROJAN W32/Ke3chang.MyWeb.APT Campaign CnC Beacon || url,www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf || url,www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html 1 || 2017858 || 2 || trojan-activity || 0 || ET TROJAN W32/Ke3chang.BMW.APT Campaign CnC Beacon || url,www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf || url,www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html 1 || 2017859 || 2 || trojan-activity || 0 || ET TROJAN W32/Ke3chang.Dream.APT Campaign CnC Beacon 2 || url,www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf || url,www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html 1 || 2017860 || 2 || trojan-activity || 0 || ET TROJAN W32/Ke3chang.MyWeb.APT Eourdegh Campaign CnC Beacon || url,www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf || url,jsunpack.jeek.org/dec/go?report=e5f9dae61673a75db6dcb2475cb6ea8f22f66e9a 1 || 2017861 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Grandsoft/SofosFO EK Java Payload URI Struct 1 || 2017862 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CrimePack PDF Exploit 1 || 2017863 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CrimePack Java Exploit 1 || 2017864 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CrimePack HCP Exploit 1 || 2017865 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CrimePack Jar 1 Dec 16 2013 1 || 2017866 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CrimePack Jar 2 Dec 16 2013 1 || 2017867 || 2 || trojan-activity || 0 || ET TROJAN W32/Liftoh.Downloader Feed404 CnC Beacon || url,www.secureworks.com/cyber-threat-intelligence/threats/spam-campaign-delivers-liftoh-downloader/ 1 || 2017868 || 2 || trojan-activity || 0 || ET TROJAN W32/Liftoh.Downloader Images CnC Beacon || url,www.secureworks.com/cyber-threat-intelligence/threats/spam-campaign-delivers-liftoh-downloader/ 1 || 2017869 || 2 || trojan-activity || 0 || ET TROJAN W32/Liftoh.Downloader Final.html Payload Request || url,www.secureworks.com/cyber-threat-intelligence/threats/spam-campaign-delivers-liftoh-downloader/ 1 || 2017870 || 3 || trojan-activity || 0 || ET TROJAN W32/Liftoh.Downloader Get Final Payload Request || url,www.secureworks.com/cyber-threat-intelligence/threats/spam-campaign-delivers-liftoh-downloader/ 1 || 2017871 || 4 || trojan-activity || 0 || ET POLICY W32/BitCoinMiner.MultiThreat Subscribe/Authorize Stratum Protocol Message || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html || url,www.btcguild.com/new_protocol.php || url,mining.bitcoin.cz/stratum-mining 1 || 2017872 || 2 || trojan-activity || 0 || ET POLICY W32/BitCoinMiner.MultiThreat Stratum Protocol Mining.Notify Initial Connection Server Response || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html || url,www.btcguild.com/new_protocol.php || url,mining.bitcoin.cz/stratum-mining 1 || 2017873 || 3 || trojan-activity || 0 || ET POLICY W32/BitCoinMiner.MultiThreat Stratum Protocol Mining.Notify Work Server Response || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html || url,www.btcguild.com/new_protocol.php || url,mining.bitcoin.cz/stratum-mining 1 || 2017874 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32/BitCoinMiner Fake Flash Player Distribution Campaign - December 2013 || url,blog.malwarebytes.org/fraud-scam/2013/12/fake-flash-player-wants-to-go-mining/ || url,esearch.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 1 || 2017875 || 2 || attempted-user || 0 || ET WEB_SERVER Coldfusion cfcexplorer Directory Traversal || url,blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module-prologue-method-of-entry-analysis.html 1 || 2017876 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 5 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 1 || 2017877 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 6 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 1 || 2017878 || 3 || trojan-activity || 0 || ET POLICY W32/BitCoinMiner.MultiThreat Getblocktemplate Protocol Server Connection || url,en.bitcoin.it/wiki/Getblocktemplate 1 || 2017879 || 3 || trojan-activity || 0 || ET POLICY W32/BitCoinMiner.MultiThreat Getblocktemplate Protocol Server Coinbasetxn Begin Mining Response || url,en.bitcoin.it/wiki/Getblocktemplate 1 || 2017880 || 4 || trojan-activity || 0 || ET MALWARE W32/Linkular.Adware Sucessful Install Beacon || md5,7cc162a2ba136baaa38a9ccf46d97a06 1 || 2017881 || 3 || trojan-activity || 0 || ET MALWARE W32/Linkular.Adware Icons.dat Second Stage Download || md5,7cc162a2ba136baaa38a9ccf46d97a06 1 || 2017882 || 2 || attempted-user || 0 || ET WEB_SERVER Apache Solr Arbitrary XSLT inclusion attack || cve,CVE-2013-6397 || url,www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html 1 || 2017883 || 3 || trojan-activity || 0 || ET DELETED W32/Ferret DDOS Bot CnC Beacon || md5,c49e3411294521d63c7cc28e08cf8a77 || url,www.arbornetworks.com/asert/2013/12/a-business-of-ferrets/ 1 || 2017884 || 5 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - ZIP file with .exe filename inside (Inbound) 1 || 2017885 || 5 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - RAR file with .exe filename inside 1 || 2017886 || 2 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - EXE SMTP Attachment 1 || 2017887 || 2 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - ZIP file with .com filename inside 1 || 2017888 || 2 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - RAR file with .com filename inside 1 || 2017889 || 2 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - ZIP file with .scr filename inside 1 || 2017890 || 2 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - RAR file with .scr filename inside 1 || 2017891 || 2 || trojan-activity || 0 || ET TROJAN W32/GMUnpacker.Downloader Download Instructions Response From CnC || md5,43e89125ad40b18d22e01f997da8929a 1 || 2017892 || 2 || trojan-activity || 0 || ET MALWARE GMUnpackerInstaller.A Checkin || md5,43e89125ad40b18d22e01f997da8929a 1 || 2017893 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS DotkaChef Landing URI Struct || url,www.kahusecurity.com/2013/analyzing-dotkachef-exploit-pack/ 1 || 2017894 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DotkaChef Payload Dec 20 2013 || url,www.kahusecurity.com/2013/analyzing-dotkachef-exploit-pack/ 1 || 2017895 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Kuluoz/Asprox Activity Dec 23 2013 || md5,a3e0f51356d48124fba25485d1871b28 || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf 1 || 2017896 || 4 || trojan-activity || 0 || ET EXPLOIT Metasploit Plugin-Detect Posting Data 1 || url,github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer 1 || 2017897 || 4 || trojan-activity || 0 || ET EXPLOIT Metasploit Plugin-Detect Posting Data 2 || url,github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer 1 || 2017898 || 4 || trojan-activity || 0 || ET EXPLOIT Metasploit Plugin-Detect Posting Data 3 || url,github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer 1 || 2017899 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible PDF Dictionary Entry with Hex/Ascii replacement 1 || 2017900 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Metasploit 2013-3346 1 || 2017901 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Angler EK Flash Exploit Dec 24 2013 1 || 2017902 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Possible Flash/IE Payload Dec 24 2013 1 || 2017903 || 2 || trojan-activity || 0 || ET TROJAN Win32/Urausy.C Checkin 4 || md5,0032856449dbef5e63b8ed2f7a61fff9 1 || 2017904 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Angler EK Flash Exploit Dec 26 2013 1 || 2017905 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO/GrandSoft PDF 1 || 2017906 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Unknown_.aso - URI - IP.aso 1 || 2017907 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS GoonEK Landing with CVE-2013-2551 Dec 29 2013 1 || 2017908 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS GoonEK encrypted binary (1) 1 || 2017909 || 3 || trojan-activity || 0 || ET INFO suspicious - uncompressed pack200-ed JAR 1 || 2017910 || 3 || trojan-activity || 0 || ET INFO suspicious - gzipped file via JAVA - could be pack200-ed JAR 1 || 2017911 || 2 || trojan-activity || 0 || ET MALWARE W32/InstallRex.Adware Initial CnC Beacon || md5,9abbb5ea3f55b5182687db69af6cba66 1 || 2017912 || 2 || trojan-activity || 0 || ET MALWARE W32/InstallRex.Adware Report CnC Beacon || md5,9abbb5ea3f55b5182687db69af6cba66 1 || 2017913 || 3 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 7 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/PcClient.ZR&ThreatID=-2147325231 || md5,a2469f4913f1607e4207ba0a8768491c 1 || 2017914 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 8 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/PcClient.ZR&ThreatID=-2147325231 || md5,be92836bee1e8abc1d19d1c552e6c115 1 || 2017915 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 9 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/PcClient.ZR&ThreatID=-2147325231 || md5,a88e0e5a2c8fd31161b5e4a31e1307a0 1 || 2017916 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 10 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,a88e0e5a2c8fd31161b5e4a31e1307a0 1 || 2017917 || 5 || trojan-activity || 0 || ET TROJAN W32/Ferret DDOS Bot CnC Beacon 2 || md5,f582667d5ce743436fb24771eb22a0e8 || url,www.arbornetworks.com/asert/2013/12/a-business-of-ferrets/ 1 || 2017918 || 2 || attempted-dos || 0 || ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x02 || url,www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks 1 || 2017919 || 2 || attempted-dos || 0 || ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x03 || url,www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks 1 || 2017920 || 2 || attempted-dos || 0 || ET DOS Possible NTP DDoS Multiple MON_LIST Seq 0 Response Spanning Multiple Packets IMPL 0x02 || url,www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks 1 || 2017921 || 2 || attempted-dos || 0 || ET DOS Possible NTP DDoS Multiple MON_LIST Seq 0 Response Spanning Multiple Packets IMPL 0x03 || url,www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks 1 || 2017922 || 3 || trojan-activity || 0 || ET TROJAN Win32.Morix.B checkin || md5,25623fa3a64f6bed301822f8fe6aa9b5 1 || 2017923 || 2 || web-application-attack || 0 || ET EXPLOIT MMCS service (Little Endian) || url,github.com/elvanderb/TCP-32764 1 || 2017924 || 2 || web-application-attack || 0 || ET EXPLOIT MMCS service (Big Endian) || url,github.com/elvanderb/TCP-32764 1 || 2017925 || 3 || policy-violation || 0 || ET POLICY DNS lookup for bridges.torproject.org IP lookup/Tor Usage check || url,www.torproject.org/docs/bridges.html.en || md5,2e3f7f9b3b4c29aceccab693aeccfa5a 1 || 2017926 || 2 || policy-violation || 0 || ET POLICY DNS lookup for check.torproject.org IP lookup/Tor Usage check || md5,e87f0db605517e851d571af2e78c5966 1 || 2017927 || 2 || policy-violation || 0 || ET POLICY check.torproject.org IP lookup/Tor Usage check over HTTP || md5,e87f0db605517e851d571af2e78c5966 1 || 2017928 || 2 || policy-violation || 0 || ET POLICY check.torproject.org IP lookup/Tor Usage check over TLS with SNI 1 || 2017929 || 2 || policy-violation || 0 || ET POLICY bridges.torproject.org over TLS with SNI || url,www.torproject.org/docs/bridges.html.en 1 || 2017930 || 9 || trojan-activity || 0 || ET TROJAN Trojan Generic - POST To gate.php with no referer 1 || 2017931 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Redirection - Injection - Modified Edwards Packer Script 1 || 2017933 || 2 || policy-violation || 0 || ET POLICY TraceMyIP IP lookup 1 || 2017934 || 3 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 11 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,a2469f4913f1607e4207ba0a8768491c 1 || 2017935 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 12 SET || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,a2469f4913f1607e4207ba0a8768491c 1 || 2017936 || 3 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 12 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,a2469f4913f1607e4207ba0a8768491c 1 || 2017937 || 3 || trojan-activity || 0 || ET TROJAN Fake/Short Google Search Appliance UA Win32/Ranbyus and Others || url,developers.google.com/search-appliance/documentation/50/help_mini/crawl_headers || md5,98b58bd8a5138a31105e118e755a3773 || md5,c07a6035e9c7fed2467afab1a9dbcf40 1 || 2017938 || 3 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 13 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,6a6ef7b4c7e8300a73b206e32e14ce3c 1 || 2017940 || 2 || trojan-activity || 0 || ET TROJAN Zbot Variant SSL cert for whoismama.ru || md5,cca1713888b0534954234cf31dd5a7d4 1 || 2017941 || 3 || trojan-activity || 0 || ET TROJAN Zbot Variant SSL cert for dewart.ru || md5,6e0a6c4a06a446f70ae1463129711122 1 || 2017942 || 1 || trojan-activity || 0 || ET TROJAN Zbot Variant SSL cert for anlogtewron.ru || md5,c13c3e331f05d61a7204fb4599b07709 1 || 2017943 || 1 || trojan-activity || 0 || ET TROJAN Zbot Variant SSL cert for erjentronem.ru || md5,05ddaa5b6b56123e792fd67bb03376bc 1 || 2017944 || 5 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 14 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,9fae15fa8ab6bb8d78d609bdceafe28e 1 || 2017945 || 2 || trojan-activity || 0 || ET TROJAN Adware.PUQD Checkin || md5,e44962d7dec79c09a767a1d3e8ce02d8 || url,www.virustotal.com/en/file/1a1ff0fc6af6f7922bae906728e1919957998157f3a0cf1f1a0d3292f0eecd85/analysis/ 1 || 2017946 || 3 || trojan-activity || 0 || ET TROJAN Agent.BAAB Checkin || md5,406fea6262d8ee05e0ab4247c1083443 || url,www.virustotal.com/en/file/b0baed750f09ff058e5bd28d6443da833496dc1d1ed674ee6b2caf91889f648e/analysis/1389133969/ 1 || 2017947 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Styx Kein Landing URI Struct 1 || 2017948 || 2 || trojan-activity || 0 || ET TROJAN LDPinch Checkin Post 1 || 2017949 || 5 || attempted-recon || 0 || ET USER_AGENTS FOCA User-Agent || url,blog.bannasties.com/2013/08/vulnerability-scans/ 1 || 2017950 || 3 || attempted-recon || 0 || ET SCAN FOCA uri || url,blog.bannasties.com/2013/08/vulnerability-scans/ 1 || 2017951 || 3 || web-application-attack || 0 || ET WEB_SERVER ATTACKER WebShell - PHP Offender - Title 1 || 2017952 || 2 || web-application-attack || 0 || ET WEB_SERVER ATTACKER WebShell - PHP Offender - POST Command 1 || 2017953 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Landing Jan 10 2014 1 || 2017954 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Landing Jan 10 2014 1 1 || 2017955 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Landing Jan 10 2014 2 1 || 2017956 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Landing Jan 10 2014 3 1 || 2017957 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS GoonEK Landing Jan 10 2014 1 || 2017958 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK SilverLight Exploit Jan 11 2014 1 || 2017959 || 2 || trojan-activity || 0 || ET TROJAN W32/Mevade.Variant CnC POST || url,labs.umbrella.com/2013/10/24/mysterious-dga-lets-investigate-sgraph/ || url,www.anubisnetworks.com/unknowndga17-the-mevade-connection/ 1 || 2017960 || 2 || policy-violation || 0 || ET POLICY Bitcoin Mining Server Stratum Protocol HTTP Header || url,www.anubisnetworks.com/unknowndga17-the-mevade-connection/ 1 || 2017961 || 5 || trojan-activity || 0 || ET DELETED PE EXE or DLL Windows file download disguised as ASCII - SET 1 || 2017962 || 4 || trojan-activity || 0 || ET TROJAN PE EXE or DLL Windows file download disguised as ASCII 1 || 2017963 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino/Fiesta SilverLight Exploit Jan 13 2014 DLL Naming Convention 1 || 2017964 || 2 || trojan-activity || 0 || ET TROJAN Kishop.A checkin || md5,bad7cd3c534c95867f5dbe5c5169a4da 1 || 2017965 || 3 || attempted-dos || 0 || ET DOS Likely NTP DDoS In Progress MON_LIST Response to Non-Ephemeral Port IMPL 0x02 || url,www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks || url,en.wikipedia.org/wiki/Ephemeral_port 1 || 2017967 || 3 || trojan-activity || 0 || ET TROJAN StartPage jsp checkin || md5,bb7bbb0646e705ab036d73d920983256 1 || 2017968 || 4 || trojan-activity || 0 || ET INFO Suspicious Possible Process Dump in POST body || url,www.securelist.com/en/blog/208214213/The_Icefog_APT_Hits_US_Targets_With_Java_Backdoor 1 || 2017969 || 2 || attempted-admin || 0 || ET CURRENT_EVENTS Netgear N150 passwordrecovered.cgi attempt || url,www.securityfocus.com/archive/1/530743/30/0/threaded 1 || 2017970 || 3 || trojan-activity || 0 || ET TROJAN PWS.Win32/Daceluw.A Checkin || url,xylibox.com/2014/01/trojwowspy-a.html 1 || 2017971 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino IE/Silverlight Payload Download 1 || 2017972 || 4 || trojan-activity || 0 || ET TROJAN ICEFOG JAVAFOG JAR checkin || url,www.securelist.com/en/blog/208214213/The_Icefog_APT_Hits_US_Targets_With_Java_Backdoor || url,jsunpack.jeek.org/dec/go?report=6b63068d3259f5032a301e0d3f935b4d3f2e2998 1 || 2017973 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK CVE-2013-3918 1 || 2017974 || 1 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 15 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,edd8c8009fc1ce2991eef6069ae6bf82 1 || 2017975 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible AnglerEK Landing URI Struct 1 || 2017976 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS Possible AnglerEK Java Exploit/Payload Structure Jan 16 2014 1 || 2017977 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Updatre SSL Certificate cardiffpower 1 || 2017978 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate marchsf 1 || 2017979 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate california89 1 || 2017980 || 4 || misc-activity || 0 || ET INFO InformationCardSigninHelper ClassID (Vulnerable ActiveX Control in CVE-2013-3918) 1 || 2017981 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate thebostonshaker 1 || 2017982 || 3 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent 100 non-printable char || md5,176638536e926019e3e79370777d5e03 1 || 2017983 || 3 || trojan-activity || 0 || ET TROJAN Java/Jacksbot Check-in || md5,6d93fc6132ae6938013cdd95354bff4e 1 || 2017984 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK encrypted binary (1) Jan 17 2013 1 || 2017985 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK encrypted binary (2) Jan 17 2013 1 || 2017986 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK encrypted binary (3) Jan 17 2013 1 || 2017987 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Upatre SSL Compromised site appsredeeem 1 || 2017988 || 5 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 16 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,ece8808981043f830bacc4133d68e394 1 || 2017989 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK encrypted binary (4) 1 || 2017990 || 11 || trojan-activity || 0 || ET TROJAN Cybergate/Rebhip/Spyrat Backdoor Keepalive 1 || 2017991 || 6 || trojan-activity || 0 || ET TROJAN Cybergate/Rebhip/Spyrat Backdoor Keepalive Response 1 || 2017992 || 4 || trojan-activity || 0 || ET TROJAN Win32/OutBrowse.G Variant Checkin || md5,d75055c45e2c5293c3e0fbffb299ea6d || url,www.virustotal.com/en/file/95e0eaaee080f2c167464ed6da7e4b7a27937ac64fd3e1792a1aa84c1aed488e analysis/ 1 || 2017993 || 8 || trojan-activity || 0 || ET TROJAN GoonEK Jan 21 2013 1 || 2017994 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS VBSAutorun_VBS_Jenxcus Check-in UA || url,kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24761/en_US/McAfee%20Labs%20Threat%20Advisory-VBSAutorun%20Worm.pdf || url, www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?ThreatId=-2147283579&mstLocPickShow=False#tab=2 1 || 2017995 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 1 1 || 2017996 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 2 1 || 2017997 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 3 1 || 2017998 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible IE/SilverLight GoonEK Payload Download 1 || 2017999 || 5 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HeHe.Spy getLastVersion CnC Beacon || url,www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html 1 || 2018000 || 5 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HeHe.Spy RegisterRequest CnC Beacon || url,www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html 1 || 2018001 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HeHe.Spy LoginRequest CnC Beacon || url,www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html 1 || 2018002 || 5 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HeHe.Spy ReportRequest CnC Beacon || url,www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html 1 || 2018003 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HeHe.Spy GetTaskRequest CnC Beacon || url,www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html 1 || 2018004 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HeHe.Spy ReportMessageRequest CnC Beacon || url,www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html 1 || 2018005 || 3 || trojan-activity || 0 || ET TROJAN Possible Upatre Downloader SSL certificate (fake org) 1 || 2018006 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Browlock Hostname Format US 1 || 2018007 || 3 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 17 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 1 || 2018008 || 3 || trojan-activity || 0 || ET TROJAN DNS Query Possible Zbot Infection Query for networksecurityx.hopto.org || md5,37782108e8b7f331a6fdeabef9c8a774 || md5,10fa9c6c27e6eb512d12dee8181e182f 1 || 2018009 || 3 || bad-unknown || 0 || ET DELETED SUSPICIOUS HTTP Request to .bit domain || url,normanshark.com/blog/necurs-cc-domains-non-censorable/ || md5,243dda18666ae2a64685e51d82c5ad69 1 || 2018010 || 3 || trojan-activity || 0 || ET TROJAN Suspicious UA (^IE[\d\s]) || md5,209e6701da137084c2f60c90d64505f2 1 || 2018011 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Fiesta EK Landing Jan 24 2013 1 || 2018012 || 2 || policy-violation || 0 || ET P2P Vagaa peer-to-peer (Transfer) || url,en.wikipedia.org/wiki/Vagaa 1 || 2018013 || 3 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 18 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/PcClient.ZR&ThreatID=-2147325231 || md5,1f46b1e0a7fe83d24352e98b3ab3fc3f 1 || 2018014 || 1 || policy-violation || 0 || ET POLICY PrimeCoinMiner.Protominer || md5,4cab48eec2b882ec33db2e2a13ecffe6 1 || 2018015 || 2 || trojan-activity || 0 || ET TROJAN Limitless Logger Sending Data over SMTP || md5,243dda18666ae2a64685e51d82c5ad69 1 || 2018016 || 2 || trojan-activity || 0 || ET TROJAN Limitless Logger Sending Data over SMTP 2 || md5,243dda18666ae2a64685e51d82c5ad69 1 || 2018017 || 2 || trojan-activity || 0 || ET TROJAN Predator Logger Sending Data over SMTP || md5,91f885e08d627097fb1116a3d4634b82 1 || 2018018 || 2 || trojan-activity || 0 || ET TROJAN Win32/Antilam.2_0 Sending Data over SMTP || md5,d95845c510ec1f5ad38cb9ccab16c38b 1 || 2018019 || 2 || trojan-activity || 0 || ET TROJAN Win32.WinSpy.pob Sending Data over SMTP || md5,d95845c510ec1f5ad38cb9ccab16c38b 1 || 2018020 || 2 || trojan-activity || 0 || ET TROJAN Win32.WinSpy.pob Sending Data over SMTP 2 || md5,d95845c510ec1f5ad38cb9ccab16c38b 1 || 2018021 || 4 || policy-violation || 0 || ET POLICY myip.ru IP lookup 1 || 2018022 || 4 || trojan-activity || 0 || ET TROJAN Possible Win32/Dimegup.A Downloading Image Common URI Struct || md5,914c58df5d868f7c3438921d682f7fe5 1 || 2018023 || 2 || trojan-activity || 0 || ET TROJAN W32/LockscreenBEI.Scareware Cnc Beacon || md5,04948b6045730d4ec626f79504c7f9ad || md5,9fff65c23fe403d25c08a5cdd3dc775d 1 || 2018024 || 3 || trojan-activity || 0 || ET MALWARE W32/BettrExperience.Adware Initial Checkin || md5,b2651071fbd14bff5fb39bd90f447d27 1 || 2018025 || 3 || trojan-activity || 0 || ET MALWARE W32/BettrExperience.Adware POST Checkin || md5,b2651071fbd14bff5fb39bd90f447d27 1 || 2018026 || 1 || trojan-activity || 0 || ET MALWARE W32/BettrExperience.Adware Update Checkin || md5,b2651071fbd14bff5fb39bd90f447d27 1 || 2018027 || 2 || trojan-activity || 0 || ET TROJAN Win32/Xtrat C2 Response || url,threatexpert.com/report.aspx?md5=f45b1b82c849fbbea3374ae7e9200092 1 || 2018028 || 3 || trojan-activity || 0 || ET TROJAN W32/Madness Checkin || url,www.arbornetworks.com/asert/2014/01/can-i-play-with-madness/ || md5,3e4107ccf956e2fc7af171adf3c18f0a 1 || 2018029 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS ehow/livestrong Malicious Flash 10/11 1 || 2018030 || 2 || trojan-activity || 0 || ET TROJAN Limitless Logger RAT HTTP Activity 1 || 2018031 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Hostile _dsgweed.class JAR exploit 1 || 2018032 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 19 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,2b0f0479b14069b378fb454c92086897 1 || 2018033 || 3 || trojan-activity || 0 || ET TROJAN Win32.Genome.boescz Checkin || md5,313535d09865f3629423cd0e9b2903b2 || url,www.virustotal.com/en/file/75c454bbcfc06375ad1e8b45d4167d7830083202f06c6309146e9a4870cddfba/analysis/ 1 || 2018034 || 1 || trojan-activity || 0 || ET TROJAN W32/Banker.AALV checkin || md5,74bfd81b345a6ef36be5fcf6964af6e1 1 || 2018035 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS StyX Landing Jan 29 2014 1 || 2018036 || 4 || trojan-activity || 0 || ET TROJAN SolarBot Plugin Download Server Response 1 || 2018037 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CookieBomb 2.0 In Server Response Jan 29 2014 || url,malwaremustdie.blogspot.jp/2014/01/and-another-detonating-method-of-todays.html 1 || 2018038 || 2 || trojan-activity || 0 || ET TROJAN SolarBot Plugin Download MessageBox 1 || 2018039 || 2 || trojan-activity || 0 || ET TROJAN SolarBot Plugin Download ComputerInfo 1 || 2018040 || 2 || trojan-activity || 0 || ET TROJAN SolarBot Plugin Download WalletSteal 1 || 2018041 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Current Asprox Spam Campaign 1 || 2100110 || 5 || misc-activity || 0 || GPL DELETED netbus getinfo || arachnids,403 1 || 2100116 || 6 || misc-activity || 0 || GPL TROJAN BackOrifice access || arachnids,399 1 || 2100144 || 10 || suspicious-login || 0 || GPL FTP ADMw0rm ftp login attempt || arachnids,01 1 || 2100252 || 9 || attempted-recon || 0 || GPL DNS named iquery attempt || bugtraq,134 || cve,1999-0009 || url,www.rfc-editor.org/rfc/rfc1035.txt 1 || 2100253 || 5 || bad-unknown || 0 || GPL DNS SPOOF query response PTR with TTL of 1 min. and no authority 1 || 2100254 || 5 || bad-unknown || 0 || GPL DNS SPOOF query response with TTL of 1 min. and no authority 1 || 2100255 || 14 || attempted-recon || 0 || GPL DNS zone transfer TCP || arachnids,212 || cve,1999-0532 || nessus,10595 1 || 2100256 || 8 || attempted-recon || 0 || GPL DNS named authors attempt || nessus,10728 1 || 2100257 || 10 || attempted-recon || 0 || GPL DNS named version attempt || arachnids,278 || nessus,10028 1 || 2100258 || 7 || attempted-admin || 0 || GPL DNS EXPLOIT named 8.2->8.2.1 || bugtraq,788 || cve,1999-0833 1 || 2100259 || 8 || attempted-admin || 0 || GPL DNS named overflow ADM || bugtraq,788 || cve,1999-0833 1 || 2100261 || 7 || attempted-admin || 0 || GPL DNS named overflow attempt || url,www.cert.org/advisories/CA-1998-05.html 1 || 2100268 || 5 || attempted-dos || 0 || GPL DOS Jolt attack || cve,1999-0345 1 || 2100270 || 7 || attempted-dos || 0 || GPL MISC Teardrop attack || bugtraq,124 || cve,1999-0015 || nessus,10279 || url,www.cert.org/advisories/CA-1997-28.html 1 || 2100272 || 11 || attempted-dos || 0 || GPL DOS IGMP dos attack || bugtraq,514 || cve,1999-0918 || url,www.microsoft.com/technet/security/bulletin/MS99-034.mspx 1 || 2100281 || 6 || attempted-dos || 0 || GPL MISC Ascend Route || bugtraq,714 || cve,1999-0060 1 || 2100286 || 13 || attempted-admin || 0 || GPL POP3 x86 BSD overflow || bugtraq,133 || cve,1999-0006 || nessus,10196 1 || 2100287 || 8 || attempted-admin || 0 || GPL POP3 x86 BSD overflow 2 1 || 2100288 || 8 || attempted-admin || 0 || GPL POP3 x86 Linux overflow 1 || 2100289 || 11 || attempted-admin || 0 || GPL POP3 x86 SCO overflow || bugtraq,156 || cve,1999-0006 1 || 2100290 || 11 || attempted-admin || 0 || GPL DELETED qpopper overflow || bugtraq,830 || cve,1999-0822 || nessus,10184 1 || 2100291 || 13 || attempted-user || 0 || GPL DELETED Cassandra Overflow || arachnids,274 || bugtraq,1156 || cve,2000-0341 1 || 2100292 || 9 || attempted-admin || 0 || GPL NETBIOS x86 Linux samba overflow || bugtraq,1816 || bugtraq,536 || cve,1999-0182 || cve,1999-0811 1 || 2100293 || 8 || attempted-admin || 0 || GPL IMAP Overflow Attempt 1 || 2100302 || 10 || attempted-admin || 0 || GPL EXPLOIT Redhat 7.0 lprd overflow || bugtraq,1712 || cve,2000-0917 1 || 2100304 || 10 || attempted-admin || 0 || GPL DELETED SCO calserver overflow || bugtraq,2353 || cve,2000-0306 1 || 2100308 || 11 || attempted-user || 0 || GPL FTP NextFTP client overflow || bugtraq,572 || cve,1999-0671 1 || 2100312 || 7 || attempted-admin || 0 || GPL EXPLOIT ntpdx overflow attempt || bugtraq,2540 || cve,2001-0414 1 || 2100315 || 7 || attempted-admin || 0 || GPL EXPLOIT x86 Linux mountd overflow || bugtraq,121 || cve,1999-0002 1 || 2100319 || 6 || attempted-admin || 0 || GPL EXPLOIT bootp x86 linux overflow || cve,1999-0389 || cve,1999-0798 || cve,1999-0799 1 || 2100321 || 7 || attempted-recon || 0 || GPL SCAN Finger Account Enumeration Attempt || nessus,10788 1 || 2100322 || 12 || attempted-recon || 0 || GPL SCAN Finger Search Query || arachnids,375 || cve,1999-0259 1 || 2100323 || 7 || attempted-recon || 0 || GPL SCAN Finger Root Query || arachnids,376 1 || 2100324 || 7 || attempted-recon || 0 || GPL SCAN Finger Null Request || arachnids,377 1 || 2100325 || 6 || attempted-recon || 0 || GPL SCAN Finger Probe 0 Attempt || arachnids,378 1 || 2100326 || 11 || attempted-user || 0 || GPL MISC Finger remote command execution attempt || arachnids,379 || bugtraq,974 || cve,1999-0150 1 || 2100327 || 10 || attempted-user || 0 || GPL MISC Finger remote command pipe execution attempt || arachnids,380 || bugtraq,2220 || cve,1999-0152 1 || 2100328 || 10 || attempted-dos || 0 || GPL MISC Finger bomb attempt || arachnids,381 || cve,1999-0106 1 || 2100329 || 9 || attempted-recon || 0 || GPL SCAN cybercop redirection || arachnids,11 1 || 2100330 || 11 || attempted-recon || 0 || GPL SCAN Finger Redirection Attempt || arachnids,251 || cve,1999-0105 || nessus,10073 1 || 2100331 || 11 || attempted-recon || 0 || GPL SCAN cybercop query || arachnids,132 || cve,1999-0612 1 || 2100332 || 10 || attempted-recon || 0 || GPL SCAN Finger 0 Query || arachnids,131 || arachnids,378 || cve,1999-0197 || nessus,10069 1 || 2100333 || 10 || attempted-recon || 0 || GPL SCAN Finger . query || arachnids,130 || cve,1999-0198 || nessus,10072 1 || 2100334 || 7 || suspicious-filename-detect || 0 || GPL FTP .forward || arachnids,319 1 || 2100335 || 6 || suspicious-filename-detect || 0 || GPL FTP .rhosts || arachnids,328 1 || 2100336 || 11 || bad-unknown || 0 || GPL FTP CWD ~root attempt || arachnids,318 || cve,1999-0082 1 || 2100337 || 13 || attempted-admin || 0 || GPL FTP CEL overflow attempt || arachnids,257 || bugtraq,679 || cve,1999-0789 || nessus,10009 1 || 2100338 || 11 || attempted-user || 0 || GPL FTP SITE EXEC format string || arachnids,453 || bugtraq,1387 || cve,2000-0573 1 || 2100339 || 11 || attempted-user || 0 || GPL FTP OpenBSD x86 ftpd || arachnids,446 || bugtraq,2124 || cve,2001-0053 1 || 2100340 || 9 || attempted-admin || 0 || GPL FTP PWD overflow 1 || 2100341 || 9 || attempted-admin || 0 || GPL FTP XXXXX overflow 1 || 2100342 || 11 || attempted-user || 0 || GPL FTP wu-ftpd 2.6.0 site exec format string overflow Solaris 2.8 || arachnids,451 || bugtraq,1387 || cve,2000-0573 1 || 2100343 || 12 || attempted-admin || 0 || GPL FTP wu-ftpd 2.6.0 site exec format string overflow FreeBSD || arachnids,228 || bugtraq,1387 || cve,2000-0573 1 || 2100344 || 12 || attempted-admin || 0 || GPL FTP wu-ftpd 2.6.0 site exec format string overflow Linux || arachnids,287 || bugtraq,1387 || cve,2000-0573 1 || 2100345 || 13 || attempted-admin || 0 || GPL FTP wu-ftpd 2.6.0 site exec format string overflow generic || arachnids,285 || bugtraq,1387 || cve,2000-0573 || nessus,10452 1 || 2100346 || 11 || attempted-recon || 0 || GPL FTP wu-ftpd 2.6.0 site exec format string check || arachnids,286 || bugtraq,1387 || cve,2000-0573 1 || 2100348 || 9 || attempted-user || 0 || GPL FTP wu-ftpd 2.6.0 || arachnids,440 || bugtraq,1387 1 || 2100349 || 13 || attempted-admin || 0 || GPL FTP MKD overflow || bugtraq,113 || bugtraq,2242 || cve,1999-0368 1 || 2100353 || 7 || suspicious-login || 0 || GPL SCAN adm scan || arachnids,332 1 || 2100354 || 7 || suspicious-login || 0 || GPL FTP iss scan || arachnids,331 1 || 2100355 || 7 || suspicious-login || 0 || GPL FTP pass wh00t || arachnids,324 1 || 2100356 || 7 || suspicious-filename-detect || 0 || GPL FTP passwd retrieval attempt || arachnids,213 1 || 2100357 || 7 || suspicious-login || 0 || GPL FTP piss scan 1 || 2100358 || 7 || suspicious-login || 0 || GPL FTP saint scan || arachnids,330 1 || 2100359 || 7 || suspicious-login || 0 || GPL FTP satan scan || arachnids,329 1 || 2100360 || 9 || bad-unknown || 0 || GPL FTP serv-u directory transversal || bugtraq,2052 || cve,2001-0054 1 || 2100361 || 17 || bad-unknown || 0 || GPL FTP SITE EXEC attempt || arachnids,317 || bugtraq,2241 || cve,1999-0080 || cve,1999-0955 1 || 2100362 || 14 || bad-unknown || 0 || GPL FTP tar parameters || arachnids,134 || bugtraq,2240 || cve,1999-0202 || cve,1999-0997 1 || 2100363 || 8 || misc-activity || 0 || GPL ICMP_INFO IRDP router advertisement || arachnids,173 || bugtraq,578 || cve,1999-0875 1 || 2100364 || 8 || misc-activity || 0 || GPL ICMP_INFO IRDP router selection || arachnids,174 || bugtraq,578 || cve,1999-0875 1 || 2100365 || 9 || misc-activity || 0 || GPL ICMP PING undefined code 1 || 2100366 || 8 || misc-activity || 0 || GPL ICMP_INFO PING *NIX 1 || 2100368 || 7 || misc-activity || 0 || GPL ICMP_INFO PING BSDtype || arachnids,152 1 || 2100369 || 7 || misc-activity || 0 || GPL ICMP_INFO PING BayRS Router || arachnids,438 || arachnids,444 1 || 2100370 || 8 || misc-activity || 0 || GPL ICMP_INFO PING BeOS4.x || arachnids,151 1 || 2100371 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Cisco Type.x || arachnids,153 1 || 2100372 || 8 || misc-activity || 0 || GPL SCAN PING Delphi-Piette Windows || arachnids,155 1 || 2100373 || 7 || misc-activity || 0 || GPL ICMP_INFO PING Flowpoint2200 or Network Management Software || arachnids,156 1 || 2100374 || 8 || misc-activity || 0 || GPL ICMP_INFO PING IP NetMonitor Macintosh || arachnids,157 1 || 2100375 || 7 || misc-activity || 0 || GPL ICMP_INFO PING LINUX/*BSD || arachnids,447 1 || 2100376 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Microsoft Windows || arachnids,159 1 || 2100377 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Network Toolbox 3 Windows || arachnids,161 1 || 2100378 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Ping-O-MeterWindows || arachnids,164 1 || 2100379 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Pinger Windows || arachnids,163 1 || 2100380 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Seer Windows || arachnids,166 1 || 2100381 || 7 || misc-activity || 0 || GPL ICMP_INFO PING Sun Solaris || arachnids,448 1 || 2100382 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Windows || arachnids,169 1 || 2100384 || 6 || misc-activity || 0 || GPL ICMP_INFO PING 1 || 2100385 || 5 || attempted-recon || 0 || GPL ICMP_INFO traceroute || arachnids,118 1 || 2100386 || 6 || misc-activity || 0 || GPL ICMP_INFO Address Mask Reply 1 || 2100387 || 8 || misc-activity || 0 || GPL ICMP Address Mask Reply undefined code 1 || 2100388 || 6 || misc-activity || 0 || GPL ICMP_INFO Address Mask Request 1 || 2100389 || 8 || misc-activity || 0 || GPL ICMP Address Mask Request undefined code 1 || 2100390 || 6 || misc-activity || 0 || GPL ICMP_INFO Alternate Host Address 1 || 2100391 || 9 || misc-activity || 0 || GPL ICMP Alternate Host Address undefined code 1 || 2100392 || 6 || misc-activity || 0 || GPL ICMP Datagram Conversion Error 1 || 2100393 || 9 || misc-activity || 0 || GPL ICMP Datagram Conversion Error undefined code 1 || 2100394 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Destination Host Unknown 1 || 2100395 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Destination Network Unknown 1 || 2100396 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Fragmentation Needed and DF bit was set 1 || 2100397 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Host Precedence Violation 1 || 2100398 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Host Unreachable for Type of Service 1 || 2100399 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Host Unreachable 1 || 2100400 || 8 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Network Unreachable for Type of Service 1 || 2100401 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Network Unreachable 1 || 2100402 || 8 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Port Unreachable 1 || 2100403 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Precedence Cutoff in effect 1 || 2100404 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Protocol Unreachable 1 || 2100405 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Source Host Isolated 1 || 2100406 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Source Route Failed 1 || 2100407 || 9 || misc-activity || 0 || GPL ICMP Destination Unreachable undefined code 1 || 2100408 || 6 || misc-activity || 0 || GPL ICMP_INFO Echo Reply 1 || 2100409 || 8 || misc-activity || 0 || GPL ICMP Echo Reply undefined code 1 || 2100410 || 6 || misc-activity || 0 || GPL ICMP_INFO Fragment Reassembly Time Exceeded 1 || 2100411 || 6 || misc-activity || 0 || GPL ICMP_INFO IPV6 I-Am-Here 1 || 2100412 || 8 || misc-activity || 0 || GPL ICMP IPV6 I-Am-Here undefined code 1 || 2100413 || 6 || misc-activity || 0 || GPL ICMP_INFO IPV6 Where-Are-You 1 || 2100414 || 8 || misc-activity || 0 || GPL ICMP IPV6 Where-Are-You undefined code 1 || 2100415 || 6 || misc-activity || 0 || GPL ICMP_INFO Information Reply 1 || 2100416 || 8 || misc-activity || 0 || GPL ICMP Information Reply undefined code 1 || 2100417 || 6 || misc-activity || 0 || GPL ICMP_INFO Information Request 1 || 2100418 || 8 || misc-activity || 0 || GPL ICMP Information Request undefined code 1 || 2100419 || 6 || misc-activity || 0 || GPL ICMP_INFO Mobile Host Redirect 1 || 2100420 || 8 || misc-activity || 0 || GPL ICMP Mobile Host Redirect undefined code 1 || 2100421 || 6 || misc-activity || 0 || GPL ICMP_INFO Mobile Registration Reply 1 || 2100422 || 8 || misc-activity || 0 || GPL ICMP Mobile Registration Reply undefined code 1 || 2100423 || 6 || misc-activity || 0 || GPL ICMP_INFO Mobile Registration Request 1 || 2100424 || 8 || misc-activity || 0 || GPL ICMP Mobile Registration Request undefined code 1 || 2100425 || 7 || misc-activity || 0 || GPL ICMP Parameter Problem Bad Length 1 || 2100426 || 8 || misc-activity || 0 || GPL ICMP Parameter Problem Missing a Required Option 1 || 2100427 || 7 || misc-activity || 0 || GPL ICMP Parameter Problem Unspecified Error 1 || 2100428 || 8 || misc-activity || 0 || GPL ICMP Parameter Problem undefined Code 1 || 2100429 || 7 || misc-activity || 0 || GPL ICMP Photuris Reserved 1 || 2100430 || 7 || misc-activity || 0 || GPL ICMP Photuris Unknown Security Parameters Index 1 || 2100431 || 7 || misc-activity || 0 || GPL ICMP Photuris Valid Security Parameters, But Authentication Failed 1 || 2100432 || 7 || misc-activity || 0 || GPL ICMP Photuris Valid Security Parameters, But Decryption Failed 1 || 2100433 || 9 || misc-activity || 0 || GPL ICMP Photuris undefined code! 1 || 2100436 || 7 || misc-activity || 0 || GPL ICMP_INFO Redirect for TOS and Host 1 || 2100437 || 7 || misc-activity || 0 || GPL ICMP_INFO Redirect for TOS and Network 1 || 2100438 || 10 || misc-activity || 0 || GPL ICMP Redirect undefined code 1 || 2100439 || 7 || misc-activity || 0 || GPL ICMP Reserved for Security Type 19 1 || 2100440 || 8 || misc-activity || 0 || GPL ICMP Reserved for Security Type 19 undefined code 1 || 2100441 || 7 || misc-activity || 0 || GPL ICMP_INFO Router Advertisement || arachnids,173 1 || 2100443 || 6 || misc-activity || 0 || GPL ICMP_INFO Router Selection || arachnids,174 1 || 2100445 || 6 || misc-activity || 0 || GPL ICMP_INFO SKIP 1 || 2100446 || 8 || misc-activity || 0 || GPL ICMP SKIP undefined code 1 || 2100448 || 8 || misc-activity || 0 || GPL ICMP Source Quench undefined code 1 || 2100449 || 7 || misc-activity || 0 || GPL MISC Time-To-Live Exceeded in Transit 1 || 2100450 || 9 || misc-activity || 0 || GPL ICMP Time-To-Live Exceeded in Transit undefined code 1 || 2100451 || 6 || misc-activity || 0 || GPL ICMP_INFO Timestamp Reply 1 || 2100452 || 8 || misc-activity || 0 || GPL ICMP Timestamp Reply undefined code 1 || 2100453 || 6 || misc-activity || 0 || GPL ICMP_INFO Timestamp Request 1 || 2100454 || 8 || misc-activity || 0 || GPL ICMP Timestamp Request undefined code 1 || 2100455 || 8 || misc-activity || 0 || GPL ICMP_INFO Traceroute ipopts || arachnids,238 1 || 2100456 || 6 || misc-activity || 0 || GPL ICMP_INFO Traceroute 1 || 2100457 || 8 || misc-activity || 0 || GPL ICMP Traceroute undefined code 1 || 2100458 || 8 || misc-activity || 0 || GPL ICMP_INFO unassigned type 1 1 || 2100459 || 8 || misc-activity || 0 || GPL ICMP unassigned type 1 undefined code 1 || 2100460 || 8 || misc-activity || 0 || GPL ICMP_INFO unassigned type 2 1 || 2100461 || 8 || misc-activity || 0 || GPL ICMP unassigned type 2 undefined code 1 || 2100462 || 8 || misc-activity || 0 || GPL ICMP_INFO unassigned type 7 1 || 2100463 || 8 || misc-activity || 0 || GPL ICMP unassigned type 7 undefined code 1 || 2100465 || 4 || attempted-recon || 0 || GPL SCAN ISS Pinger || arachnids,158 1 || 2100466 || 5 || attempted-recon || 0 || GPL ICMP L3retriever Ping || arachnids,311 1 || 2100467 || 5 || attempted-recon || 0 || GPL SCAN Nemesis v1.1 Echo || arachnids,449 1 || 2100469 || 4 || attempted-recon || 0 || GPL SCAN PING NMAP || arachnids,162 1 || 2100471 || 4 || attempted-recon || 0 || GPL SCAN icmpenum v1.1.1 || arachnids,450 1 || 2100472 || 5 || bad-unknown || 0 || GPL ICMP_INFO redirect host || arachnids,135 || cve,1999-0265 1 || 2100473 || 5 || bad-unknown || 0 || GPL ICMP_INFO redirect net || arachnids,199 || cve,1999-0265 1 || 2100474 || 5 || attempted-recon || 0 || GPL SCAN superscan echo 1 || 2100475 || 4 || attempted-recon || 0 || GPL ICMP_INFO traceroute ipopts || arachnids,238 1 || 2100476 || 5 || attempted-recon || 0 || GPL SCAN webtrends scanner || arachnids,307 1 || 2100477 || 3 || bad-unknown || 0 || GPL ICMP_INFO Source Quench 1 || 2100478 || 4 || attempted-recon || 0 || GPL SCAN Broadscan Smurf Scanner 1 || 2100480 || 6 || misc-activity || 0 || GPL ICMP_INFO PING speedera 1 || 2100481 || 6 || misc-activity || 0 || GPL ICMP_INFO TJPingPro1.1Build 2 Windows || arachnids,167 1 || 2100482 || 6 || misc-activity || 0 || GPL ICMP_INFO PING WhatsupGold Windows || arachnids,168 1 || 2100483 || 6 || misc-activity || 0 || GPL SCAN PING CyberKit 2.2 Windows || arachnids,154 1 || 2100484 || 5 || misc-activity || 0 || GPL SCAN PING Sniffer Pro/NetXRay network scan 1 || 2100485 || 5 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Communication Administratively Prohibited 1 || 2100486 || 5 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Communication with Destination Host is Administratively Prohibited 1 || 2100487 || 5 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Communication with Destination Network is Administratively Prohibited 1 || 2100488 || 5 || unknown || 0 || GPL MISC Connection Closed MSG from Port 80 1 || 2100489 || 9 || unknown || 0 || GPL FTP FTP no password || arachnids,322 1 || 2100491 || 10 || bad-unknown || 0 || GPL FTP FTP Bad login 1 || 2100492 || 10 || bad-unknown || 0 || GPL TELNET TELNET login failed 1 || 2100494 || 12 || bad-unknown || 0 || GPL ATTACK_RESPONSE command completed || bugtraq,1806 1 || 2100495 || 10 || bad-unknown || 0 || GPL ATTACK_RESPONSE command error 1 || 2100497 || 14 || bad-unknown || 0 || GPL ATTACK_RESPONSE file copied ok || bugtraq,1806 || cve,2000-0884 1 || 2100498 || 7 || bad-unknown || 0 || GPL ATTACK_RESPONSE id check returned root 1 || 2100499 || 5 || bad-unknown || 0 || GPL ICMP Large ICMP Packet || arachnids,246 1 || 2100502 || 3 || bad-unknown || 0 || GPL MISC source route ssrr || arachnids,422 1 || 2100503 || 8 || bad-unknown || 0 || GPL MISC Source Port 20 to <1024 || arachnids,06 1 || 2100504 || 8 || bad-unknown || 0 || GPL MISC source port 53 to <1024 || arachnids,07 1 || 2100507 || 5 || attempted-admin || 0 || GPL POLICY PCAnywhere Attempted Administrator Login 1 || 2100511 || 6 || unsuccessful-user || 0 || GPL MISC Invalid PCAnywhere Login 1 || 2100512 || 5 || unsuccessful-user || 0 || GPL POLICY PCAnywhere Failed Login || arachnids,240 1 || 2100516 || 7 || attempted-recon || 0 || GPL SNMP SNMP NT UserList || nessus,10546 1 || 2100517 || 2 || attempted-recon || 0 || GPL MISC xdmcp query 1 || 2100518 || 8 || bad-unknown || 0 || GPL TFTP Put || cve,1999-0183 1 || 2100519 || 7 || bad-unknown || 0 || GPL TFTP parent directory || cve,1999-0183 || cve,2002-1209 1 || 2100520 || 6 || bad-unknown || 0 || GPL TFTP root directory || cve,1999-0183 1 || 2100523 || 6 || misc-activity || 0 || GPL MISC ip reserved bit set 1 || 2100524 || 9 || misc-activity || 0 || GPL POLICY tcp port 0 traffic 1 || 2100525 || 10 || misc-activity || 0 || GPL POLICY udp port 0 traffic || bugtraq,576 || cve,1999-0675 || nessus,10074 1 || 2100527 || 9 || bad-unknown || 0 || GPL SCAN same SRC/DST || bugtraq,2666 || cve,1999-0016 || url,www.cert.org/advisories/CA-1997-28.html 1 || 2100528 || 6 || bad-unknown || 0 || GPL SCAN loopback traffic || url,rr.sans.org/firewall/egress.php 1 || 2100529 || 8 || attempted-dos || 0 || GPL NETBIOS DOS RFPoison || arachnids,454 1 || 2100530 || 11 || attempted-recon || 0 || GPL NETBIOS NT NULL session || arachnids,204 || bugtraq,1163 || cve,2000-0347 1 || 2100532 || 14 || protocol-command-decode || 0 || GPL NETBIOS SMB ADMIN$ share access 1 || 2100533 || 17 || protocol-command-decode || 0 || GPL NETBIOS SMB C$ share access 1 || 2100534 || 7 || attempted-recon || 0 || GPL NETBIOS SMB CD.. || arachnids,338 1 || 2100535 || 7 || attempted-recon || 0 || GPL NETBIOS SMB CD... || arachnids,337 1 || 2100536 || 13 || protocol-command-decode || 0 || GPL NETBIOS SMB D$ share access 1 || 2100537 || 17 || protocol-command-decode || 0 || GPL NETBIOS SMB IPC$ share access 1 || 2100538 || 17 || protocol-command-decode || 0 || GPL NETBIOS SMB IPC$ unicode share access 1 || 2100540 || 12 || policy-violation || 0 || GPL CHAT MSN message 1 || 2100541 || 13 || policy-violation || 0 || GPL CHAT ICQ access 1 || 2100543 || 7 || misc-activity || 0 || GPL FTP FTP 'STOR 1MB' possible warez site 1 || 2100544 || 7 || misc-activity || 0 || GPL FTP FTP 'RETR 1MB' possible warez site 1 || 2100545 || 6 || misc-activity || 0 || GPL FTP FTP 'CWD / ' possible warez site 1 || 2100546 || 7 || misc-activity || 0 || GPL FTP FTP 'CWD ' possible warez site 1 || 2100547 || 10 || misc-activity || 0 || GPL FTP MKD space space possible warez site 1 || 2100548 || 7 || misc-activity || 0 || GPL FTP FTP 'MKD .' possible warez site 1 || 2100553 || 8 || misc-activity || 0 || GPL FTP FTP anonymous login attempt 1 || 2100554 || 9 || misc-activity || 0 || GPL FTP MKD / possible warez site 1 || 2100556 || 6 || policy-violation || 0 || GPL P2P Outbound GNUTella client request 1 || 2100557 || 7 || policy-violation || 0 || GPL P2P GNUTella client request 1 || 2100558 || 6 || misc-activity || 0 || GPL DELETED Outbound GNUTella client request 1 || 2100559 || 7 || misc-activity || 0 || GPL DELETED Inbound GNUTella client request 1 || 2100560 || 7 || misc-activity || 0 || GPL POLICY VNC server response 1 || 2100566 || 5 || misc-activity || 0 || GPL POLICY PCAnywhere server response 1 || 2100567 || 12 || misc-activity || 0 || GPL SMTP SMTP relaying denied || arachnids,249 || url,mail-abuse.org/tsi/ar-fix.html 1 || 2100569 || 15 || attempted-admin || 0 || GPL RPC snmpXdmi overflow attempt TCP || bugtraq,2417 || cve,2001-0236 || url,www.cert.org/advisories/CA-2001-05.html 1 || 2100570 || 11 || attempted-admin || 0 || GPL EXPLOIT EXPLOIT ttdbserv solaris overflow || arachnids,242 || bugtraq,122 || cve,1999-0003 || url,www.cert.org/advisories/CA-2001-27.html 1 || 2100571 || 9 || attempted-admin || 0 || GPL EXPLOIT ttdbserv Solaris overflow || arachnids,242 || bugtraq,122 || cve,1999-0003 || url,www.cert.org/advisories/CA-2001-27.html 1 || 2100574 || 9 || attempted-recon || 0 || GPL RPC mountd TCP export request || arachnids,26 1 || 2100575 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap admind request UDP || arachnids,18 1 || 2100576 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap amountd request UDP || arachnids,19 1 || 2100577 || 14 || rpc-portmap-decode || 0 || GPL RPC portmap bootparam request UDP || arachnids,16 || cve,1999-0647 1 || 2100578 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap cmsd request UDP || arachnids,17 1 || 2100579 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap mountd request UDP || arachnids,13 1 || 2100580 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap nisd request UDP || arachnids,21 1 || 2100581 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap pcnfsd request UDP || arachnids,22 1 || 2100582 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap rexd request UDP || arachnids,23 1 || 2100583 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap rstatd request UDP || arachnids,10 1 || 2100584 || 12 || rpc-portmap-decode || 0 || GPL RPC portmap rusers request UDP || arachnids,133 || cve,1999-0626 1 || 2100585 || 8 || rpc-portmap-decode || 0 || GPL RPC portmap sadmind request UDP || arachnids,20 1 || 2100586 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap selection_svc request UDP || arachnids,25 1 || 2100587 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap status request UDP || arachnids,15 1 || 2100588 || 18 || rpc-portmap-decode || 0 || GPL RPC portmap ttdbserv request UDP || arachnids,24 || bugtraq,122 || bugtraq,3382 || cve,1999-0003 || cve,1999-0687 || cve,1999-1075 || cve,2001-0717 || url,www.cert.org/advisories/CA-2001-05.html 1 || 2100589 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap yppasswd request UDP || arachnids,14 1 || 2100590 || 13 || rpc-portmap-decode || 0 || GPL RPC portmap ypserv request UDP || arachnids,12 || bugtraq,5914 || bugtraq,6016 || cve,2000-1042 || cve,2000-1043 || cve,2002-1232 1 || 2100591 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap ypupdated request TCP || arachnids,125 1 || 2100593 || 19 || rpc-portmap-decode || 0 || GPL RPC portmap snmpXdmi request TCP || bugtraq,2417 || cve,2001-0236 || url,www.cert.org/advisories/CA-2001-05.html 1 || 2100595 || 17 || rpc-portmap-decode || 0 || GPL RPC portmap espd request TCP || bugtraq,2714 || cve,2001-0331 1 || 2100598 || 13 || rpc-portmap-decode || 0 || GPL RPC portmap listing TCP 111 || arachnids,428 1 || 2100600 || 8 || attempted-admin || 0 || GPL EXPLOIT EXPLOIT statdx || arachnids,442 1 || 2100601 || 7 || bad-unknown || 0 || GPL RPC rlogin LinuxNIS 1 || 2100602 || 6 || attempted-user || 0 || GPL MISC rlogin bin || arachnids,384 1 || 2100603 || 6 || bad-unknown || 0 || GPL MISC rlogin echo++ || arachnids,385 1 || 2100604 || 6 || attempted-admin || 0 || GPL EXPLOIT rsh froot || arachnids,387 1 || 2100605 || 7 || unsuccessful-user || 0 || GPL RPC rlogin login failure || arachnids,393 1 || 2100606 || 6 || attempted-admin || 0 || GPL MISC rlogin root || arachnids,389 1 || 2100607 || 6 || attempted-user || 0 || GPL EXPLOIT rsh bin || arachnids,390 1 || 2100608 || 6 || attempted-user || 0 || GPL MISC rsh echo + + || arachnids,388 1 || 2100609 || 6 || attempted-admin || 0 || GPL MISC rsh froot || arachnids,387 1 || 2100610 || 6 || attempted-admin || 0 || GPL MISC rsh root || arachnids,391 1 || 2100611 || 8 || unsuccessful-user || 0 || GPL RPC rlogin login failure || arachnids,392 1 || 2100612 || 7 || attempted-recon || 0 || GPL SCAN rusers query UDP || cve,1999-0626 1 || 2100613 || 7 || attempted-recon || 0 || GPL SCAN myscan || arachnids,439 1 || 2100615 || 10 || attempted-recon || 0 || GPL POLICY SOCKS Proxy attempt || url,help.undernet.org/proxyscan/ 1 || 2100616 || 5 || attempted-recon || 0 || GPL MISC ident version request || arachnids,303 1 || 2100617 || 5 || attempted-recon || 0 || GPL SCAN ssh-research-scanner 1 || 2100619 || 7 || attempted-recon || 0 || GPL SCAN cybercop os probe || arachnids,146 1 || 2100623 || 7 || attempted-recon || 0 || GPL SCAN NULL || arachnids,4 1 || 2100624 || 8 || attempted-recon || 0 || GPL SCAN SYN FIN || arachnids,198 1 || 2100625 || 8 || attempted-recon || 0 || GPL SCAN XMAS || arachnids,144 1 || 2100626 || 9 || attempted-recon || 0 || GPL SCAN cybercop os PA12 attempt || arachnids,149 1 || 2100627 || 9 || attempted-recon || 0 || GPL SCAN cybercop os SFU12 probe || arachnids,150 1 || 2100628 || 8 || attempted-recon || 0 || GPL SCAN nmap TCP || arachnids,28 1 || 2100629 || 7 || attempted-recon || 0 || GPL SCAN nmap fingerprint attempt || arachnids,05 1 || 2100631 || 7 || protocol-command-decode || 0 || GPL SMTP ehlo cybercop attempt || arachnids,372 1 || 2100632 || 6 || protocol-command-decode || 0 || GPL SMTP expn cybercop attempt || arachnids,371 1 || 2100637 || 4 || attempted-recon || 0 || GPL SCAN Webtrends Scanner UDP Probe 1 || 2100638 || 6 || shellcode-detect || 0 || GPL SHELLCODE SGI NOOP || arachnids,356 1 || 2100639 || 6 || shellcode-detect || 0 || GPL SHELLCODE SGI NOOP || arachnids,357 1 || 2100640 || 7 || shellcode-detect || 0 || GPL SHELLCODE AIX NOOP 1 || 2100641 || 7 || shellcode-detect || 0 || GPL SHELLCODE Digital UNIX NOOP || arachnids,352 1 || 2100642 || 7 || shellcode-detect || 0 || GPL SHELLCODE HP-UX NOOP || arachnids,358 1 || 2100643 || 8 || shellcode-detect || 0 || GPL SHELLCODE HP-UX NOOP || arachnids,359 1 || 2100644 || 6 || shellcode-detect || 0 || GPL SHELLCODE sparc NOOP || arachnids,345 1 || 2100645 || 6 || shellcode-detect || 0 || GPL SHELLCODE sparc NOOP || arachnids,353 1 || 2100646 || 6 || shellcode-detect || 0 || GPL SHELLCODE sparc NOOP || arachnids,355 1 || 2100647 || 7 || system-call-detect || 0 || GPL SHELLCODE sparc setuid 0 || arachnids,282 1 || 2100649 || 9 || system-call-detect || 0 || GPL SHELLCODE x86 setgid 0 || arachnids,284 1 || 2100650 || 9 || system-call-detect || 0 || GPL SHELLCODE x86 setuid 0 || arachnids,436 1 || 2100651 || 9 || shellcode-detect || 0 || GPL SHELLCODE x86 stealth NOOP || arachnids,291 1 || 2100652 || 10 || shellcode-detect || 0 || GPL SHELLCODE Linux shellcode || arachnids,343 1 || 2100654 || 17 || attempted-admin || 0 || GPL SMTP RCPT TO overflow || bugtraq,2283 || bugtraq,9696 || cve,2001-0260 1 || 2100655 || 9 || attempted-admin || 0 || GPL DELETED sendmail 8.6.9 exploit || arachnids,140 || bugtraq,2311 || cve,1999-0204 1 || 2100659 || 10 || attempted-recon || 0 || GPL SMTP expn decode || arachnids,32 || cve,1999-0096 || nessus,10248 1 || 2100660 || 13 || attempted-recon || 0 || GPL SMTP expn root || arachnids,31 || cve,1999-0531 || nessus,10249 1 || 2100672 || 10 || attempted-recon || 0 || GPL SMTP vrfy decode || arachnids,373 || bugtraq,10248 || cve,1999-0096 1 || 2100673 || 6 || attempted-user || 0 || GPL SQL sp_start_job - program execution 1 || 2100674 || 9 || attempted-user || 0 || GPL DELETED xp_displayparamstmt possible buffer overflow || bugtraq,2030 || cve,2000-1081 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100675 || 10 || attempted-user || 0 || GPL DELETED xp_setsqlsecurity possible buffer overflow || bugtraq,2043 || cve,2000-1088 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100676 || 7 || attempted-user || 0 || GPL EXPLOIT sp_start_job - program execution 1 || 2100677 || 7 || attempted-user || 0 || GPL SQL sp_password password change 1 || 2100678 || 7 || attempted-user || 0 || GPL SQL sp_delete_alert log file deletion 1 || 2100679 || 7 || attempted-user || 0 || GPL EXPLOIT sp_adduser database user creation 1 || 2100680 || 10 || attempted-user || 0 || GPL SQL sa login failed || bugtraq,4797 || cve,2000-1209 1 || 2100681 || 7 || attempted-user || 0 || GPL SQL xp_cmdshell program execution 1 || 2100682 || 11 || attempted-user || 0 || GPL DELETED xp_enumresultset possible buffer overflow || bugtraq,2031 || cve,2000-1082 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100683 || 6 || attempted-user || 0 || GPL SQL sp_password - password change 1 || 2100684 || 6 || attempted-user || 0 || GPL SQL sp_delete_alert log file deletion 1 || 2100685 || 6 || attempted-user || 0 || GPL SQL sp_adduser - database user creation 1 || 2100686 || 11 || attempted-user || 0 || GPL NETBIOS xp_reg* - registry access || bugtraq,5205 || cve,2002-0642 || nessus,10642 || url,www.microsoft.com/technet/security/bulletin/MS02-034 1 || 2100687 || 6 || attempted-user || 0 || GPL EXPLOIT xp_cmdshell - program execution 1 || 2100688 || 11 || unsuccessful-user || 0 || GPL SQL sa login failed || bugtraq,4797 || cve,2000-1209 || nessus,10673 1 || 2100689 || 12 || attempted-user || 0 || GPL NETBIOS xp_reg* registry access || bugtraq,5205 || cve,2002-0642 || nessus,10642 || url,www.microsoft.com/technet/security/bulletin/MS02-034 1 || 2100690 || 10 || attempted-user || 0 || GPL SQL xp_printstatements possible buffer overflow || bugtraq,2041 || cve,2000-1086 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100691 || 7 || shellcode-detect || 0 || GPL SHELLCODE MSSQL shellcode attempt 1 || 2100692 || 7 || shellcode-detect || 0 || GPL SQL shellcode attempt 1 || 2100693 || 7 || shellcode-detect || 0 || GPL SQL MSSQL shellcode attempt 2 1 || 2100694 || 7 || attempted-user || 0 || GPL SQL shellcode attempt 1 || 2100695 || 10 || attempted-user || 0 || GPL EXPLOIT xp_sprintf possible buffer overflow || bugtraq,1204 || url,www.microsoft.com/technet/security/bulletin/MS01-060.mspx 1 || 2100696 || 11 || attempted-user || 0 || GPL DELETED xp_showcolv possible buffer overflow || bugtraq,2038 || cve,2000-1083 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100697 || 11 || attempted-user || 0 || GPL DELETED xp_peekqueue possible buffer overflow || bugtraq,2040 || cve,2000-1085 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100698 || 11 || attempted-user || 0 || GPL DELETED xp_proxiedmetadata possible buffer overflow || bugtraq,2042 || cve,2000-1087 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100699 || 10 || attempted-user || 0 || GPL DELETED xp_printstatements possible buffer overflow || bugtraq,2041 || cve,2000-1086 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100700 || 11 || attempted-user || 0 || GPL DELETED xp_updatecolvbm possible buffer overflow || bugtraq,2039 || cve,2000-1084 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100701 || 10 || attempted-user || 0 || GPL DELETED xp_updatecolvbm possible buffer overflow || bugtraq,2039 || cve,2000-1084 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100702 || 11 || attempted-user || 0 || GPL DELETED xp_displayparamstmt possible buffer overflow || bugtraq,2030 || cve,2000-1081 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100703 || 11 || attempted-user || 0 || GPL DELETED xp_setsqlsecurity possible buffer overflow || bugtraq,2043 || cve,2000-1088 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100704 || 10 || attempted-user || 0 || GPL DELETED xp_sprintf possible buffer overflow || bugtraq,1204 || cve,2001-0542 || url,www.microsoft.com/technet/security/bulletin/MS01-060.mspx 1 || 2100705 || 10 || attempted-user || 0 || GPL DELETED xp_showcolv possible buffer overflow || bugtraq,2038 || cve,2000-1083 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100706 || 10 || attempted-user || 0 || GPL DELETED xp_peekqueue possible buffer overflow || bugtraq,2040 || cve,2000-1085 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100707 || 11 || attempted-user || 0 || GPL DELETED xp_proxiedmetadata possible buffer overflow || bugtraq,2024 || cve,1999-0287 || cve,2000-1087 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100708 || 11 || attempted-user || 0 || GPL DELETED xp_enumresultset possible buffer overflow || bugtraq,2031 || cve,2000-1082 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 1 || 2100716 || 14 || not-suspicious || 0 || GPL TELNET TELNET access || arachnids,08 || cve,1999-0619 || nessus,10280 1 || 2100717 || 9 || bad-unknown || 0 || GPL TELNET Telnet Root not on console || arachnids,365 1 || 2100719 || 8 || suspicious-login || 0 || GPL TELNET root login 1 || 2100721 || 10 || suspicious-filename-detect || 0 || GPL SMTP OUTBOUND bad file attachment 1 || 2100824 || 15 || attempted-recon || 0 || GPL EXPLOIT php.cgi access || arachnids,232 || bugtraq,2250 || bugtraq,712 || cve,1999-0238 || cve,1999-058 || nessus,10178 1 || 2100884 || 17 || web-application-activity || 0 || GPL EXPLOIT formmail access || arachnids,226 || bugtraq,1187 || bugtraq,2079 || cve,1999-0172 || cve,2000-0411 || nessus,10076 || nessus,10782 1 || 2100909 || 7 || web-application-attack || 0 || GPL WEB_SERVER datasource username attempt || bugtraq,550 1 || 2100915 || 7 || attempted-recon || 0 || GPL DELETED evaluate.cfm access || bugtraq,550 1 || 2100919 || 9 || web-application-attack || 0 || GPL WEB_SERVER datasource password attempt || bugtraq,550 1 || 2100920 || 8 || web-application-attack || 0 || GPL WEB_SERVER datasource attempt || bugtraq,550 1 || 2100923 || 8 || web-application-attack || 0 || GPL WEB_SERVER getodbcin attempt || bugtraq,550 1 || 2100937 || 13 || web-application-activity || 0 || GPL WEB_SERVER _vti_rpc access || bugtraq,2144 || cve,2001-0096 || nessus,10585 1 || 2100951 || 13 || web-application-activity || 0 || GPL WEB_SERVER authors.pwd access || bugtraq,989 || cve,1999-0386 || nessus,10078 1 || 2100952 || 9 || web-application-activity || 0 || GPL WEB_SERVER author.exe access 1 || 2100953 || 9 || web-application-activity || 0 || GPL EXPLOIT administrators.pwd access || bugtraq,1205 1 || 2100958 || 12 || web-application-activity || 0 || GPL WEB_SERVER service.cnf access || bugtraq,4078 || nessus,10575 1 || 2100959 || 9 || web-application-activity || 0 || GPL WEB_SERVER service.pwd || bugtraq,1205 1 || 2100961 || 12 || web-application-activity || 0 || GPL WEB_SERVER services.cnf access || bugtraq,4078 || nessus,10575 1 || 2100965 || 12 || web-application-activity || 0 || GPL WEB_SERVER writeto.cnf access || bugtraq,4078 || nessus,10575 1 || 2100971 || 13 || web-application-activity || 0 || GPL WEB_SERVER ISAPI .printer access || arachnids,533 || bugtraq,2674 || cve,2001-0241 || nessus,10661 || url,www.microsoft.com/technet/security/bulletin/MS01-023.mspx 1 || 2100975 || 14 || web-application-attack || 0 || GPL EXPLOIT Alternate Data streams ASP file access attempt || bugtraq,149 || cve,1999-0278 || nessus,10362 || url,support.microsoft.com/default.aspx?scid=kb#-#-EN-US#-#-q188806 1 || 2100977 || 13 || web-application-activity || 0 || GPL EXPLOIT .cnf access || bugtraq,4078 || nessus,10575 1 || 2100981 || 14 || web-application-attack || 0 || GPL EXPLOIT unicode directory traversal attempt || bugtraq,1806 || cve,2000-0884 || nessus,10537 1 || 2100982 || 12 || web-application-attack || 0 || GPL EXPLOIT unicode directory traversal attempt || bugtraq,1806 || cve,2000-0884 || nessus,10537 1 || 2100983 || 19 || web-application-attack || 0 || GPL EXPLOIT unicode directory traversal attempt || bugtraq,1806 || cve,2000-0884 || nessus,10537 1 || 2100987 || 16 || web-application-activity || 0 || GPL EXPLOIT .htr access || bugtraq,1488 || cve,2000-0630 || nessus,10680 1 || 2100988 || 9 || web-application-attack || 0 || GPL WEB_SERVER SAM Attempt || url,www.ciac.org/ciac/bulletins/h-45.shtml 1 || 2100989 || 13 || web-application-activity || 0 || GPL SCAN sensepost.exe command shell attempt || nessus,11003 1 || 2100993 || 13 || web-application-attack || 0 || GPL WEB_SERVER iisadmin access || bugtraq,189 || cve,1999-1538 || nessus,11032 1 || 2100994 || 10 || web-application-attack || 0 || GPL WEB_SERVER /scripts/iisadmin/default.htm access 1 || 2101002 || 10 || web-application-attack || 0 || GPL DELETED cmd.exe access 1 || 2101003 || 11 || web-application-attack || 0 || GPL EXPLOIT cmd? access 1 || 2101008 || 9 || web-application-attack || 0 || GPL ATTACK_RESPONSE del attempt 1 || 2101009 || 8 || web-application-attack || 0 || GPL ATTACK_RESPONSE directory listing || nessus,10573 1 || 2101013 || 11 || web-application-activity || 0 || GPL EXPLOIT fpcount access || bugtraq,2252 || cve,1999-1376 1 || 2101016 || 15 || web-application-activity || 0 || GPL WEB_SERVER global.asa access || cve,2000-0778 || nessus,10491 || nessus,10991 1 || 2101018 || 12 || web-application-attack || 0 || GPL EXPLOIT iisadmpwd attempt || bugtraq,2110 || cve,1999-0407 1 || 2101023 || 13 || web-application-activity || 0 || GPL WEB_SERVER msadcs.dll access || bugtraq,529 || cve,1999-1011 || nessus,10357 1 || 2101046 || 11 || web-application-activity || 0 || GPL EXPLOIT site/iisamples access || nessus,10370 1 || 2101055 || 12 || web-application-attack || 0 || GPL WEB_SERVER Tomcat directory traversal attempt || bugtraq,2518 1 || 2101056 || 10 || web-application-attack || 0 || GPL WEB_SERVER Tomcat view source attempt || bugtraq,2527 || cve,2001-0590 1 || 2101058 || 7 || web-application-attack || 0 || GPL DELETED xp_enumdsn attempt 1 || 2101059 || 7 || web-application-attack || 0 || GPL EXPLOIT xp_filelist attempt 1 || 2101060 || 8 || web-application-attack || 0 || GPL DELETED xp_availablemedia attempt 1 || 2101061 || 7 || web-application-attack || 0 || GPL DELETED xp_cmdshell attempt 1 || 2101069 || 7 || web-application-activity || 0 || GPL DELETED xp_regread attempt 1 || 2101071 || 8 || web-application-attack || 0 || GPL WEB_SERVER .htpasswd access 1 || 2101099 || 9 || web-application-activity || 0 || GPL SCAN cybercop scan || arachnids,374 1 || 2101102 || 10 || web-application-attack || 0 || GPL SCAN nessus 1.X 404 probe || arachnids,301 1 || 2101108 || 13 || attempted-recon || 0 || GPL WEB_SERVER Tomcat server snoop access || bugtraq,1532 || cve,2000-0760 1 || 2101110 || 12 || attempted-recon || 0 || GPL WEB_SERVER apache source.asp file access || bugtraq,1457 || cve,2000-0628 || nessus,10480 1 || 2101111 || 13 || attempted-recon || 0 || GPL EXPLOIT Tomcat server exploit access || bugtraq,1548 || cve,2000-0672 || nessus,10477 1 || 2101118 || 7 || attempted-recon || 0 || GPL WEB_SERVER ls%20-l 1 || 2101122 || 8 || attempted-recon || 0 || GPL WEB_SERVER /etc/passwd 1 || 2101129 || 8 || attempted-recon || 0 || GPL WEB_SERVER .htaccess access 1 || 2101132 || 9 || attempted-recon || 0 || GPL DELETED Netscape Unixware overflow || arachnids,180 || bugtraq,908 || cve,1999-0744 1 || 2101133 || 13 || attempted-recon || 0 || GPL SCAN cybercop os probe || arachnids,145 1 || 2101139 || 8 || attempted-recon || 0 || GPL SCAN whisker HEAD/./ || url,www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html 1 || 2101145 || 10 || attempted-recon || 0 || GPL WEB_SERVER /~root access 1 || 2101156 || 12 || attempted-dos || 0 || GPL WEB_SERVER apache directory disclosure attempt || bugtraq,2503 1 || 2101193 || 13 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS oracle web arbitrary command execution attempt || bugtraq,1053 || cve,2000-0169 || nessus,10348 1 || 2101199 || 13 || web-application-attack || 0 || GPL WEB_SERVER Compaq Insight directory traversal || arachnids,244 || bugtraq,282 || cve,1999-0771 1 || 2101200 || 12 || attempted-recon || 0 || GPL ATTACK_RESPONSE Invalid URL || url,www.microsoft.com/technet/security/bulletin/MS00-063.mspx 1 || 2101201 || 10 || attempted-recon || 0 || GPL WEB_SERVER 403 Forbidden 1 || 2101228 || 8 || attempted-recon || 0 || GPL SCAN nmap XMAS || arachnids,30 1 || 2101229 || 8 || bad-unknown || 0 || GPL FTP CWD ... || bugtraq,9237 1 || 2101236 || 9 || attempted-recon || 0 || GPL WEB_SERVER Tomcat sourcecode view attempt 3 1 || 2101237 || 8 || attempted-recon || 0 || GPL WEB_SERVER Tomcat sourcecode view attempt 2 1 || 2101238 || 7 || attempted-recon || 0 || GPL WEB_SERVER Tomcat sourcecode view attempt 1 1 || 2101239 || 10 || attempted-recon || 0 || GPL NETBIOS RFParalyze Attempt || bugtraq,1163 || cve,2000-0347 || nessus,10392 1 || 2101242 || 13 || web-application-activity || 0 || GPL EXPLOIT ISAPI .ida access || arachnids,552 || bugtraq,1065 || cve,2000-0071 1 || 2101243 || 13 || web-application-attack || 0 || GPL EXPLOIT ISAPI .ida attempt || arachnids,552 || bugtraq,1065 || cve,2000-0071 1 || 2101244 || 16 || web-application-attack || 0 || GPL EXPLOIT ISAPI .idq attempt || arachnids,553 || bugtraq,1065 || bugtraq,968 || cve,2000-0071 || cve,2000-0126 || nessus,10115 1 || 2101245 || 12 || web-application-activity || 0 || GPL EXPLOIT ISAPI .idq access || arachnids,553 || bugtraq,1065 || cve,2000-0071 1 || 2101251 || 9 || bad-unknown || 0 || GPL TELNET Bad Login 1 || 2101256 || 10 || web-application-attack || 0 || GPL EXPLOIT CodeRed v2 root.exe access || url,www.cert.org/advisories/CA-2001-19.html 1 || 2101261 || 12 || attempted-user || 0 || GPL EXPLOIT AIX pdnsd overflow || bugtraq,3237 || bugtraq,590 || cve,1999-0745 1 || 2101262 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap admind request TCP || arachnids,18 1 || 2101263 || 12 || rpc-portmap-decode || 0 || GPL RPC portmap amountd request TCP || arachnids,19 1 || 2101264 || 14 || rpc-portmap-decode || 0 || GPL RPC portmap bootparam request TCP || arachnids,16 || cve,1999-0647 1 || 2101265 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap cmsd request TCP || arachnids,17 1 || 2101267 || 12 || rpc-portmap-decode || 0 || GPL RPC portmap nisd request TCP || arachnids,21 1 || 2101268 || 13 || rpc-portmap-decode || 0 || GPL RPC portmap pcnfsd request TCP || arachnids,22 1 || 2101269 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap rexd request TCP || arachnids,23 1 || 2101270 || 12 || rpc-portmap-decode || 0 || GPL RPC portmap rstatd request TCP || arachnids,10 1 || 2101271 || 15 || rpc-portmap-decode || 0 || GPL RPC portmap rusers request TCP || arachnids,133 || cve,1999-0626 1 || 2101272 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap sadmind request TCP || arachnids,20 1 || 2101273 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap selection_svc request TCP || arachnids,25 1 || 2101274 || 19 || rpc-portmap-decode || 0 || GPL RPC portmap ttdbserv request TCP || arachnids,24 || bugtraq,122 || bugtraq,3382 || cve,1999-0003 || cve,1999-0687 || cve,1999-1075 || cve,2001-0717 || url,www.cert.org/advisories/CA-2001-05.html 1 || 2101275 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap yppasswd request TCP || arachnids,14 1 || 2101276 || 15 || rpc-portmap-decode || 0 || GPL RPC portmap ypserv request TCP || arachnids,12 || bugtraq,5914 || bugtraq,6016 || cve,2000-1042 || cve,2000-1043 || cve,2002-1232 1 || 2101277 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap ypupdated request UDP 1 || 2101279 || 15 || rpc-portmap-decode || 0 || GPL RPC portmap snmpXdmi request UDP || bugtraq,2417 || cve,2001-0236 || url,www.cert.org/advisories/CA-2001-05.html 1 || 2101280 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap listing UDP 111 || arachnids,428 1 || 2101281 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap listing UDP 32771 1 || 2101285 || 10 || web-application-activity || 0 || GPL WEB_SERVER msdac access || nessus,11032 1 || 2101288 || 12 || web-application-activity || 0 || GPL WEB_SERVER /_vti_bin/ access || nessus,11032 1 || 2101289 || 5 || successful-admin || 0 || GPL TFTP GET Admin.dll || url,www.cert.org/advisories/CA-2001-26.html 1 || 2101292 || 10 || bad-unknown || 0 || GPL ATTACK_RESPONSE directory listing 1 || 2101311 || 9 || policy-violation || 0 || GPL INAPPROPRIATE hardcore anal 1 || 2101313 || 11 || policy-violation || 0 || GPL INAPPROPRIATE up skirt 1 || 2101315 || 9 || policy-violation || 0 || GPL INAPPROPRIATE hot young sex 1 || 2101316 || 9 || policy-violation || 0 || GPL INAPPROPRIATE fuck fuck fuck 1 || 2101317 || 9 || policy-violation || 0 || GPL INAPPROPRIATE anal sex 1 || 2101318 || 9 || policy-violation || 0 || GPL INAPPROPRIATE hardcore rape 1 || 2101320 || 9 || policy-violation || 0 || GPL INAPPROPRIATE fuck movies 1 || 2101321 || 9 || misc-activity || 0 || GPL MISC 0 ttl || url,support.microsoft.com/default.aspx?scid=kb#-#-EN-US#-#-q138268 || url,www.isi.edu/in-notes/rfc1122.txt 1 || 2101323 || 7 || misc-attack || 0 || GPL MISC rwhoisd format string attempt || bugtraq,3474 || cve,2001-0838 1 || 2101324 || 7 || shellcode-detect || 0 || GPL SHELLCODE ssh CRC32 overflow /bin/sh || bugtraq,2347 || cve,2001-0144 || cve,2001-0572 1 || 2101326 || 7 || shellcode-detect || 0 || GPL SHELLCODE ssh CRC32 overflow NOOP || bugtraq,2347 || cve,2001-0144 || cve,2001-0572 1 || 2101327 || 8 || shellcode-detect || 0 || GPL EXPLOIT ssh CRC32 overflow || bugtraq,2347 || cve,2001-0144 || cve,2001-0572 1 || 2101328 || 9 || web-application-attack || 0 || GPL WEB_SERVER /bin/ps command attempt 1 || 2101332 || 8 || web-application-attack || 0 || GPL WEB_SERVER /usr/bin/id command attempt 1 || 2101334 || 9 || web-application-attack || 0 || GPL EXPLOIT echo command attempt 1 || 2101340 || 8 || web-application-attack || 0 || GPL EXPLOIT tftp command attempt 1 || 2101349 || 7 || web-application-attack || 0 || GPL WEB_SERVER bin/python access attempt 1 || 2101350 || 10 || web-application-attack || 0 || GPL WEB_SERVER python access attempt 1 || 2101355 || 8 || web-application-attack || 0 || GPL WEB_SERVER /usr/bin/perl execution attempt 1 || 2101368 || 9 || web-application-attack || 0 || GPL WEB_SERVER /bin/ls| command attempt 1 || 2101369 || 8 || web-application-attack || 0 || GPL WEB_SERVER /bin/ls command attempt 1 || 2101370 || 8 || web-application-activity || 0 || GPL WEB_SERVER /etc/inetd.conf access 1 || 2101371 || 7 || web-application-activity || 0 || GPL WEB_SERVER /etc/motd access 1 || 2101372 || 7 || web-application-activity || 0 || GPL DELETED /etc/shadow access 1 || 2101377 || 17 || misc-attack || 0 || GPL FTP wu-ftp bad file completion attempt || bugtraq,3581 || bugtraq,3707 || cve,2001-0550 || cve,2001-0886 1 || 2101378 || 17 || misc-attack || 0 || GPL FTP wu-ftp bad file completion attempt with brace || bugtraq,3581 || bugtraq,3707 || cve,2001-0550 || cve,2001-0886 1 || 2101379 || 13 || attempted-admin || 0 || GPL FTP STAT overflow attempt || bugtraq,3507 || bugtraq,8542 || cve,2001-0325 || cve,2001-1021 || url,labs.defcom.com/adv/2001/def-2001-31.txt 1 || 2101384 || 9 || misc-attack || 0 || GPL MISC UPnP malformed advertisement || bugtraq,3723 || cve,2001-0876 || cve,2001-0877 || url,www.microsoft.com/technet/security/bulletin/MS01-059.mspx 1 || 2101388 || 14 || misc-attack || 0 || GPL MISC UPnP Location overflow || bugtraq,3723 || cve,2001-0876 1 || 2101390 || 6 || shellcode-detect || 0 || GPL SHELLCODE x86 inc ebx NOOP 1 || 2101393 || 13 || misc-attack || 0 || GPL DELETED AIM AddGame attempt || bugtraq,3769 || cve,2002-0005 || url,www.w00w00.org/files/w00aimexp/ 1 || 2101398 || 11 || misc-attack || 0 || GPL EXPLOIT CDE dtspcd exploit attempt || bugtraq,3517 || cve,2001-0803 || url,www.cert.org/advisories/CA-2002-01.html 1 || 2101401 || 10 || web-application-attack || 0 || GPL EXPLOIT /msadc/samples/ access || bugtraq,167 || cve,1999-0736 || nessus,1007 1 || 2101402 || 8 || web-application-attack || 0 || GPL EXPLOIT iissamples access || nessus,11032 1 || 2101403 || 11 || web-application-attack || 0 || GPL WEB_SERVER viewcode access || cve,1999-0737 || nessus,10576 || nessus,12048 1 || 2101409 || 11 || misc-attack || 0 || GPL SNMP SNMP community string buffer overflow attempt || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 || url,www.cert.org/advisories/CA-2002-03.html 1 || 2101411 || 12 || attempted-recon || 0 || GPL SNMP public access udp || bugtraq,2112 || bugtraq,4088 || bugtraq,4089 || cve,1999-0517 || cve,2002-0012 || cve,2002-0013 1 || 2101412 || 14 || attempted-recon || 0 || GPL SNMP public access tcp || bugtraq,2112 || bugtraq,4088 || bugtraq,4089 || bugtraq,7212 || cve,1999-0517 || cve,2002-0012 || cve,2002-0013 1 || 2101413 || 11 || attempted-recon || 0 || GPL SNMP private access udp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || bugtraq,7212 || cve,2002-0012 || cve,2002-0013 1 || 2101414 || 12 || attempted-recon || 0 || GPL SNMP private access tcp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1 || 2101415 || 10 || attempted-recon || 0 || GPL SNMP Broadcast request || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1 || 2101416 || 10 || attempted-recon || 0 || GPL SNMP broadcast trap || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1 || 2101417 || 11 || attempted-recon || 0 || GPL SNMP request udp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1 || 2101418 || 13 || attempted-recon || 0 || GPL SNMP request tcp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1 || 2101419 || 10 || attempted-recon || 0 || GPL SNMP trap udp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1 || 2101420 || 12 || attempted-recon || 0 || GPL SNMP trap tcp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1 || 2101422 || 11 || misc-attack || 0 || GPL SNMP community string buffer overflow attempt with evasion || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 || url,www.cert.org/advisories/CA-2002-03.html 1 || 2101424 || 8 || shellcode-detect || 0 || GPL SHELLCODE x86 0xEB0C NOOP 1 || 2101427 || 5 || misc-attack || 0 || GPL SNMP PROTOS test-suite-trap-app attempt || url,www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html 1 || 2101432 || 7 || policy-violation || 0 || GPL P2P GNUTella client request 1 || 2101435 || 8 || attempted-recon || 0 || GPL DNS named authors attempt || arachnids,480 || nessus,10728 1 || 2101437 || 13 || policy-violation || 0 || GPL POLICY Windows Media download 1 || 2101438 || 14 || policy-violation || 0 || GPL POLICY Windows Media Video download 1 || 2101441 || 5 || successful-admin || 0 || GPL TFTP GET nc.exe 1 || 2101442 || 5 || successful-admin || 0 || GPL TFTP GET shadow 1 || 2101443 || 5 || successful-admin || 0 || GPL TFTP GET passwd 1 || 2101444 || 4 || bad-unknown || 0 || GPL TFTP Get 1 || 2101445 || 7 || suspicious-filename-detect || 0 || GPL FTP FTP file_id.diz access possible warez site 1 || 2101446 || 7 || attempted-recon || 0 || GPL SMTP vrfy root 1 || 2101447 || 14 || protocol-command-decode || 0 || GPL POLICY MS Remote Desktop Request RDP || bugtraq,3099 || cve,2001-0540 || url,www.microsoft.com/technet/security/bulletin/MS01-040.mspx 1 || 2101449 || 9 || misc-activity || 0 || GPL FTP FTP anonymous ftp login attempt 1 || 2101450 || 6 || misc-attack || 0 || GPL SMTP expn *@ || cve,1999-1200 1 || 2101487 || 12 || web-application-activity || 0 || GPL EXPLOIT /iisadmpwd/aexp2.htr access || bugtraq,2110 || bugtraq,4236 || cve,1999-0407 || cve,2002-0421 || nessus,10371 1 || 2101489 || 10 || web-application-attack || 0 || GPL WEB_SERVER /~nobody access || nessus,10484 1 || 2101504 || 7 || misc-activity || 0 || GPL POLICY AFS access || nessus,10441 1 || 2101519 || 11 || web-application-activity || 0 || GPL WEB_SERVER apache ?M=D directory list attempt || bugtraq,3009 || cve,2001-0731 1 || 2101529 || 12 || attempted-admin || 0 || GPL FTP SITE overflow attempt || cve,1999-0838 || cve,2001-0755 || cve,2001-0770 1 || 2101530 || 14 || attempted-admin || 0 || GPL FTP format string attempt || nessus,10452 || bugtraq,1387 || bugtraq,2240 || bugtraq,726 || cve,2000-0573 || cve,1999-0997 1 || 2101538 || 14 || attempted-admin || 0 || GPL MISC AUTHINFO USER overflow attempt || arachnids,274 || bugtraq,1156 || cve,2000-0341 1 || 2101541 || 6 || attempted-recon || 0 || GPL SCAN Finger Version Query 1 || 2101562 || 13 || attempted-admin || 0 || GPL FTP SITE CHOWN overflow attempt || bugtraq,2120 || cve,2001-0065 1 || 2101603 || 13 || web-application-activity || 0 || GPL WEB_SERVER DELETE attempt || nessus,10498 1 || 2101610 || 13 || web-application-attack || 0 || GPL EXPLOIT formmail arbitrary command execution attempt || arachnids,226 || bugtraq,1187 || bugtraq,2079 || cve,1999-0172 || cve,2000-0411 || nessus,10076 || nessus,10782 1 || 2101616 || 9 || attempted-recon || 0 || GPL DNS named version attempt || nessus,10028 1 || 2101620 || 7 || non-standard-protocol || 0 || GPL POLICY TRAFFIC Non-Standard IP protocol 1 || 2101621 || 12 || attempted-admin || 0 || GPL FTP CMD overflow attempt 1 || 2101622 || 7 || misc-attack || 0 || GPL FTP RNFR ././ attempt 1 || 2101623 || 7 || protocol-command-decode || 0 || GPL FTP invalid MODE 1 || 2101624 || 9 || protocol-command-decode || 0 || GPL FTP large PWD command 1 || 2101625 || 8 || protocol-command-decode || 0 || GPL FTP large SYST command 1 || 2101627 || 4 || non-standard-protocol || 0 || GPL MISC Unassigned/Reserved IP protocol || url,www.iana.org/assignments/protocol-numbers 1 || 2101631 || 9 || policy-violation || 0 || GPL CHAT AIM login 1 || 2101632 || 7 || policy-violation || 0 || GPL CHAT AIM send message 1 || 2101633 || 7 || policy-violation || 0 || GPL CHAT AIM receive message 1 || 2101634 || 15 || attempted-admin || 0 || GPL POP3 POP3 PASS overflow attempt || bugtraq,791 || cve,1999-1511 || nessus,10325 1 || 2101635 || 14 || attempted-admin || 0 || GPL POP3 APOP overflow attempt || bugtraq,1652 || cve,2000-0840 || cve,2000-0841 || nessus,10559 1 || 2101638 || 6 || network-scan || 0 || GPL SCAN SSH Version map attempt 1 || 2101639 || 11 || policy-violation || 0 || GPL CHAT IRC DCC file transfer request 1 || 2101640 || 10 || policy-violation || 0 || GPL CHAT IRC DCC chat request 1 || 2101649 || 10 || attempted-recon || 0 || GPL WEB_SERVER perl command attempt || arachnids,219 || cve,1999-0509 || nessus,10173 || url,www.cert.org/advisories/CA-1996-11.html 1 || 2101661 || 5 || web-application-attack || 0 || GPL EXPLOIT cmd32.exe access 1 || 2101662 || 8 || attempted-recon || 0 || GPL WEB_SERVER /~ftp access 1 || 2101666 || 7 || bad-unknown || 0 || GPL ATTACK_RESPONSE index of /cgi-bin/ response || nessus,10039 1 || 2101672 || 12 || denial-of-service || 0 || GPL FTP CWD ~ attempt || bugtraq,2601 || bugtraq,9215 || cve,2001-0421 1 || 2101673 || 4 || system-call-detect || 0 || GPL SQL EXECUTE_SYSTEM attempt 1 || 2101674 || 6 || protocol-command-decode || 0 || GPL SQL connect_data remote version detection attempt 1 || 2101675 || 7 || suspicious-login || 0 || GPL SQL Oracle misparsed login response 1 || 2101698 || 5 || protocol-command-decode || 0 || GPL SQL execute_system attempt 1 || 2101699 || 11 || policy-violation || 0 || GPL P2P Fastrack kazaa/morpheus traffic || url,www.kazaa.com 1 || 2101728 || 9 || denial-of-service || 0 || GPL FTP CWD ~ attempt || bugtraq,2601 || cve,2001-0421 1 || 2101729 || 10 || policy-violation || 0 || GPL CHAT IRC Channel join 1 || 2101732 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap rwalld request UDP 1 || 2101733 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap rwalld request TCP 1 || 2101734 || 32 || attempted-admin || 0 || GPL FTP USER overflow attempt || bugtraq,10078 || bugtraq,1227 || bugtraq,1504 || bugtraq,1690 || bugtraq,4638 || bugtraq,7307 || bugtraq,8376 || cve,1999-1510 || cve,1999-1514 || cve,1999-1519 || cve,1999-1539 || cve,2000-0479 || cve,2000-0656 || cve,2000-0761 || cve,2000-0943 || cve,2000-1035 || cve,2000-1194 || cve,2001-0256 || cve,2001-0794 || cve,2001-0826 || cve,2002-0126 || cve,2002-1522 || cve,2003-0271 || cve,2004-0286 1 || 2101735 || 8 || web-application-attack || 0 || GPL WEB_CLIENT XMLHttpRequest attempt || bugtraq,4628 || cve,2002-0354 1 || 2101738 || 8 || web-application-attack || 0 || GPL WEB_SERVER global.inc access || bugtraq,4612 || cve,2002-0614 1 || 2101746 || 12 || rpc-portmap-decode || 0 || GPL RPC portmap cachefsd request UDP || bugtraq,4674 || cve,2002-0033 || cve,2002-0084 1 || 2101747 || 12 || rpc-portmap-decode || 0 || GPL RPC portmap cachefsd request TCP || bugtraq,4674 || cve,2002-0033 || cve,2002-0084 1 || 2101748 || 10 || protocol-command-decode || 0 || GPL FTP command overflow attempt || bugtraq,4638 || cve,2002-0606 1 || 2101751 || 8 || misc-attack || 0 || GPL EXPLOIT cachefsd buffer overflow attempt || bugtraq,4631 || cve,2002-0084 || nessus,10951 1 || 2101752 || 6 || misc-attack || 0 || GPL DELETED AIM AddExternalApp attempt || url,www.w00w00.org/files/w00aimexp/ 1 || 2101755 || 15 || misc-attack || 0 || GPL IMAP partial body buffer overflow attempt || bugtraq,4713 || cve,2002-0379 1 || 2101759 || 6 || attempted-user || 0 || GPL EXPLOIT xp_cmdshell program execution 445 1 || 2101771 || 7 || protocol-command-decode || 0 || GPL POLICY IPSec PGPNet connection attempt 1 || 2101775 || 4 || protocol-command-decode || 0 || GPL SQL MYSQL root login attempt 1 || 2101776 || 4 || protocol-command-decode || 0 || GPL SQL MYSQL show databases attempt 1 || 2101777 || 11 || attempted-dos || 0 || GPL FTP STAT * dos attempt || bugtraq,4482 || cve,2002-0073 || nessus,10934 || url,www.microsoft.com/technet/security/bulletin/MS02-018.mspx 1 || 2101778 || 11 || attempted-dos || 0 || GPL FTP STAT ? dos attempt || bugtraq,4482 || cve,2002-0073 || nessus,10934 || url,www.microsoft.com/technet/security/bulletin/MS02-018.mspx 1 || 2101779 || 5 || denial-of-service || 0 || GPL FTP CWD .... attempt || bugtraq,4884 1 || 2101780 || 10 || misc-attack || 0 || GPL IMAP EXPLOIT partial body overflow attempt || bugtraq,4713 || cve,2002-0379 1 || 2101792 || 10 || protocol-command-decode || 0 || GPL MISC return code buffer overflow attempt || bugtraq,4900 || cve,2002-0909 1 || 2101808 || 7 || web-application-activity || 0 || GPL EXPLOIT apache chunked encoding memory corruption exploit attempt || bugtraq,5033 || cve,2002-0392 1 || 2101809 || 10 || web-application-attack || 0 || GPL WEB_SERVER Apache Chunked-Encoding worm attempt || bugtraq,4474 || bugtraq,4485 || bugtraq,5033 || cve,2002-0071 || cve,2002-0079 || cve,2002-0392 1 || 2101817 || 8 || web-application-attack || 0 || GPL WEB_SERVER MS Site Server default login attempt || nessus,11018 1 || 2101818 || 5 || web-application-attack || 0 || GPL WEB_SERVER MS Site Server admin attempt || nessus,11018 1 || 2101821 || 9 || system-call-detect || 0 || GPL EXPLOIT LPD dvips remote command execution attempt || bugtraq,3241 || cve,2001-1002 || nessus,11023 1 || 2101833 || 6 || policy-violation || 0 || GPL INAPPROPRIATE naked lesbians 1 || 2101837 || 6 || policy-violation || 0 || GPL INAPPROPRIATE alt.binaries.pictures.tinygirls 1 || 2101838 || 9 || misc-attack || 0 || GPL EXPLOIT SSH server banner overflow || bugtraq,5287 || cve,2002-1059 1 || 2101840 || 9 || attempted-user || 0 || GPL WEB_CLIENT Javascript document.domain attempt || bugtraq,5346 || cve,2002-0815 1 || 2101842 || 16 || attempted-user || 0 || GPL IMAP login buffer overflow attempt || bugtraq,13727 || bugtraq,502 || cve,1999-0005 || cve,1999-1557 || cve,2005-1255 || nessus,10123 || cve,2007-2795 || nessus,10125 1 || 2101844 || 12 || misc-attack || 0 || GPL IMAP authenticate overflow attempt || bugtraq,12995 || bugtraq,130 || cve,1999-0005 || cve,1999-0042 || nessus,10292 1 || 2101845 || 16 || misc-attack || 0 || GPL IMAP list literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 1 || 2101846 || 5 || misc-activity || 0 || GPL POLICY vncviewer Java applet download attempt || nessus,10758 1 || 2101847 || 12 || web-application-activity || 0 || GPL WEB_SERVER webalizer access || bugtraq,3473 || cve,2001-0835 || nessus,10816 1 || 2101852 || 5 || web-application-activity || 0 || GPL WEB_SERVER robots.txt access || nessus,10302 1 || 2101857 || 5 || web-application-activity || 0 || GPL WEB_SERVER robot.txt access || nessus,10302 1 || 2101859 || 7 || default-login-attempt || 0 || GPL POLICY Sun JavaServer default password login attempt || cve,1999-0508 || nessus,10995 1 || 2101860 || 9 || default-login-attempt || 0 || GPL POLICY Linksys router default password login attempt || nessus,10999 1 || 2101861 || 12 || default-login-attempt || 0 || GPL POLICY Linksys router default username and password login attempt || nessus,10999 1 || 2101864 || 9 || attempted-dos || 0 || GPL FTP SITE NEWER attempt || cve,1999-0880 || nessus,10319 1 || 2101866 || 14 || attempted-admin || 0 || GPL POP3 USER overflow attempt || bugtraq,11256 || bugtraq,789 || cve,1999-0494 || nessus,10311 1 || 2101867 || 2 || attempted-recon || 0 || GPL RPC xdmcp info query || nessus,10891 1 || 2101874 || 5 || web-application-activity || 0 || GPL WEB_SERVER Oracle Java Process Manager access || nessus,10851 1 || 2101882 || 11 || bad-unknown || 0 || GPL ATTACK_RESPONSE id check returned userid 1 || 2101883 || 7 || bad-unknown || 0 || GPL ATTACK_RESPONSE id check returned nobody 1 || 2101884 || 8 || bad-unknown || 0 || GPL ATTACK_RESPONSE id check returned web 1 || 2101885 || 7 || bad-unknown || 0 || GPL ATTACK_RESPONSE id check returned http 1 || 2101886 || 7 || bad-unknown || 0 || GPL ATTACK_RESPONSE id check returned apache 1 || 2101888 || 9 || misc-attack || 0 || GPL FTP SITE CPWD overflow attempt || bugtraq,5427 || cve,2002-0826 1 || 2101891 || 9 || misc-attack || 0 || GPL RPC status GHBN format string attack || bugtraq,1480 || cve,2000-0666 1 || 2101892 || 7 || misc-attack || 0 || GPL SNMP null community string attempt || bugtraq,2112 || bugtraq,8974 || cve,1999-0517 1 || 2101893 || 5 || misc-attack || 0 || GPL SNMP missing community string attempt || bugtraq,2112 || cve,1999-0517 1 || 2101894 || 9 || shellcode-detect || 0 || GPL EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1 || 2101895 || 9 || shellcode-detect || 0 || GPL EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1 || 2101896 || 9 || shellcode-detect || 0 || GPL EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1 || 2101897 || 9 || shellcode-detect || 0 || GPL EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1 || 2101898 || 9 || shellcode-detect || 0 || GPL EXPLOIT kadmind buffer overflow attempt 2 || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1 || 2101899 || 9 || shellcode-detect || 0 || GPL EXPLOIT kadmind buffer overflow attempt 3 || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1 || 2101900 || 11 || successful-admin || 0 || GPL EXPLOIT successful kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1 || 2101901 || 11 || successful-admin || 0 || GPL EXPLOIT successful kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1 || 2101902 || 10 || misc-attack || 0 || GPL IMAP lsub literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 1 || 2101903 || 9 || misc-attack || 0 || GPL IMAP rename overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 1 || 2101904 || 8 || misc-attack || 0 || GPL IMAP find overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 1 || 2101907 || 11 || attempted-admin || 0 || GPL RPC CMSD UDP CMSD_CREATE buffer overflow attempt || bugtraq,524 || cve,1999-0696 1 || 2101908 || 10 || attempted-admin || 0 || GPL RPC CMSD TCP CMSD_CREATE buffer overflow attempt || bugtraq,524 || cve,1999-0696 1 || 2101909 || 13 || misc-attack || 0 || GPL RPC CMSD TCP CMSD_INSERT buffer overflow attempt || bugtraq,524 || cve,1999-0696 || url,www.cert.org/advisories/CA-99-08-cmsd.html 1 || 2101912 || 10 || attempted-admin || 0 || GPL RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt || bugtraq,0866 || bugtraq,866 || cve,1999-0977 1 || 2101913 || 11 || attempted-admin || 0 || GPL RPC STATD UDP stat mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666 1 || 2101914 || 11 || attempted-admin || 0 || GPL RPC STATD TCP stat mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666 1 || 2101915 || 10 || attempted-admin || 0 || GPL RPC STATD UDP monitor mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666 1 || 2101916 || 10 || attempted-admin || 0 || GPL RPC STATD TCP monitor mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666 1 || 2101917 || 7 || network-scan || 0 || GPL MISC UPnP service discover attempt 1 || 2101918 || 7 || network-scan || 0 || GPL SCAN SolarWinds IP scan attempt 1 || 2101919 || 24 || attempted-admin || 0 || GPL FTP CWD overflow attempt || bugtraq,11069 || bugtraq,1227 || bugtraq,1690 || bugtraq,6869 || bugtraq,7251 || bugtraq,7950 || cve,1999-0219 || cve,1999-1058 || cve,1999-1510 || cve,2000-1035 || cve,2000-1194 || cve,2001-0781 || cve,2002-0126 || cve,2002-0405 1 || 2101920 || 8 || attempted-admin || 0 || GPL FTP SITE NEWER overflow attempt || bugtraq,229 || cve,1999-0800 1 || 2101921 || 7 || attempted-admin || 0 || GPL FTP SITE ZIPCHK overflow attempt || cve,2000-0040 1 || 2101922 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap proxy attempt TCP 1 || 2101923 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap proxy attempt UDP 1 || 2101924 || 8 || attempted-recon || 0 || GPL RPC mountd UDP export request 1 || 2101925 || 7 || attempted-recon || 0 || GPL RPC mountd TCP exportall request || arachnids,26 1 || 2101926 || 8 || attempted-recon || 0 || GPL RPC mountd UDP exportall request 1 || 2101927 || 6 || suspicious-filename-detect || 0 || GPL FTP authorized_keys file transfered 1 || 2101928 || 7 || suspicious-filename-detect || 0 || GPL FTP shadow retrieval attempt 1 || 2101930 || 7 || misc-attack || 0 || GPL DELETED auth literal overflow attempt || cve,1999-0005 1 || 2101934 || 11 || attempted-admin || 0 || GPL DELETED FOLD overflow attempt || bugtraq,283 || cve,1999-0920 || nessus,10130 1 || 2101935 || 6 || misc-attack || 0 || GPL DELETED FOLD arbitrary file attempt 1 || 2101936 || 9 || attempted-admin || 0 || GPL POP3 AUTH overflow attempt || bugtraq,830 || cve,1999-0822 || nessus,10184 1 || 2101937 || 8 || attempted-admin || 0 || GPL POP3 LIST overflow attempt || bugtraq,948 || cve,2000-0096 || nessus,10197 1 || 2101938 || 5 || attempted-admin || 0 || GPL POP3 XTND overflow attempt 1 || 2101939 || 5 || misc-activity || 0 || GPL MISC bootp hardware address length overflow || cve,1999-0798 1 || 2101940 || 4 || misc-activity || 0 || GPL MISC bootp invalid hardware type || cve,1999-0798 1 || 2101941 || 10 || attempted-admin || 0 || GPL TFTP GET filename overflow attempt || bugtraq,5328 || cve,2002-0813 1 || 2101942 || 7 || attempted-admin || 0 || GPL FTP RMDIR overflow attempt || bugtraq,819 1 || 2101945 || 8 || web-application-attack || 0 || GPL WEB_SERVER unicode directory traversal attempt || bugtraq,1806 || cve,2000-0884 || nessus,10537 1 || 2101948 || 8 || attempted-recon || 0 || GPL DNS zone transfer UDP || cve,1999-0532 || nessus,10595 1 || 2101949 || 6 || rpc-portmap-decode || 0 || GPL RPC portmap SET attempt TCP 111 1 || 2101950 || 6 || rpc-portmap-decode || 0 || GPL RPC portmap SET attempt UDP 111 1 || 2101951 || 6 || attempted-recon || 0 || GPL RPC mountd TCP mount request 1 || 2101952 || 6 || attempted-recon || 0 || GPL RPC mountd UDP mount request 1 || 2101957 || 6 || attempted-admin || 0 || GPL RPC sadmind UDP PING || bugtraq,866 1 || 2101958 || 6 || attempted-admin || 0 || GPL RPC sadmind TCP PING || bugtraq,866 1 || 2101959 || 8 || rpc-portmap-decode || 0 || GPL RPC portmap NFS request UDP 1 || 2101960 || 8 || rpc-portmap-decode || 0 || GPL RPC portmap NFS request TCP 1 || 2101961 || 8 || rpc-portmap-decode || 0 || GPL RPC portmap RQUOTA request UDP 1 || 2101962 || 8 || rpc-portmap-decode || 0 || GPL RPC portmap RQUOTA request TCP 1 || 2101963 || 10 || misc-attack || 0 || GPL RPC RQUOTA getquota overflow attempt UDP || bugtraq,864 || cve,1999-0974 1 || 2101964 || 9 || misc-attack || 0 || GPL RPC tooltalk UDP overflow attempt || bugtraq,122 || cve,1999-0003 1 || 2101965 || 9 || misc-attack || 0 || GPL RPC tooltalk TCP overflow attempt || bugtraq,122 || cve,1999-0003 1 || 2101971 || 5 || bad-unknown || 0 || GPL FTP SITE EXEC format string attempt 1 || 2101972 || 18 || attempted-admin || 0 || GPL FTP PASS overflow attempt || bugtraq,10078 || bugtraq,10720 || bugtraq,1690 || bugtraq,3884 || bugtraq,8601 || bugtraq,9285 || cve,1999-1519 || cve,1999-1539 || cve,2000-1035 || cve,2002-0126 || cve,2002-0895 1 || 2101973 || 11 || attempted-admin || 0 || GPL FTP MKD overflow attempt || bugtraq,612 || bugtraq,7278 || bugtraq,9872 || cve,1999-0911 || nessus,12108 1 || 2101974 || 7 || attempted-admin || 0 || GPL FTP REST overflow attempt || bugtraq,2972 || cve,2001-0826 1 || 2101975 || 9 || attempted-admin || 0 || GPL FTP DELE overflow attempt || bugtraq,2972 || cve,2001-0826 || cve,2001-1021 1 || 2101976 || 10 || attempted-admin || 0 || GPL FTP RMD overflow attempt || bugtraq,2972 || cve,2000-0133 || cve,2001-0826 || cve,2001-1021 1 || 2101979 || 6 || web-application-attack || 0 || GPL WEB_SERVER perl post attempt || bugtraq,5520 || cve,2002-1436 || nessus,11158 1 || 2101986 || 7 || policy-violation || 0 || GPL CHAT MSN outbound file transfer request 1 || 2101987 || 8 || misc-activity || 0 || GPL EXPLOIT xfs overflow attempt || bugtraq,6241 || cve,2002-1317 || nessus,11188 1 || 2101988 || 6 || policy-violation || 0 || GPL CHAT MSN outbound file transfer accept 1 || 2101989 || 7 || policy-violation || 0 || GPL CHAT MSN outbound file transfer rejected 1 || 2101990 || 2 || policy-violation || 0 || GPL CHAT MSN user search 1 || 2101991 || 3 || policy-violation || 0 || GPL CHAT MSN login attempt 1 || 2101992 || 10 || protocol-command-decode || 0 || GPL FTP LIST directory traversal attempt || bugtraq,2618 || cve,2001-0680 || cve,2002-1054 || nessus,11112 1 || 2101993 || 5 || misc-attack || 0 || GPL IMAP login literal buffer overflow attempt || bugtraq,6298 1 || 2102003 || 9 || misc-attack || 0 || GPL SQL Slammer Worm propagation attempt || bugtraq,5310 || bugtraq,5311 || cve,2002-0649 || nessus,11214 || url,vil.nai.com/vil/content/v_99992.htm 1 || 2102004 || 8 || misc-attack || 0 || GPL WORM Slammer Worm propagation attempt OUTBOUND || bugtraq,5310 || bugtraq,5311 || cve,2002-0649 || nessus,11214 || url,vil.nai.com/vil/content/v_99992.htm 1 || 2102005 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap kcms_server request UDP || bugtraq,6665 || cve,2003-0027 || url,www.kb.cert.org/vuls/id/850785 1 || 2102006 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap kcms_server request TCP || bugtraq,6665 || cve,2003-0027 || url,www.kb.cert.org/vuls/id/850785 1 || 2102007 || 11 || misc-attack || 0 || GPL RPC kcms_server directory traversal attempt || bugtraq,6665 || cve,2003-0027 || url,www.kb.cert.org/vuls/id/850785 1 || 2102008 || 5 || misc-attack || 0 || GPL MISC CVS invalid user authentication response 1 || 2102009 || 3 || misc-attack || 0 || GPL MISC CVS invalid repository response 1 || 2102010 || 5 || misc-attack || 0 || GPL MISC CVS double free exploit attempt response || bugtraq,6650 || cve,2003-0015 1 || 2102011 || 5 || misc-attack || 0 || GPL MISC CVS invalid directory response || bugtraq,6650 || cve,2003-0015 1 || 2102012 || 3 || misc-attack || 0 || GPL MISC CVS missing cvsroot response 1 || 2102013 || 3 || misc-attack || 0 || GPL MISC CVS invalid module response 1 || 2102014 || 6 || rpc-portmap-decode || 0 || GPL RPC portmap UNSET attempt TCP 111 || bugtraq,1892 1 || 2102015 || 6 || rpc-portmap-decode || 0 || GPL RPC portmap UNSET attempt UDP 111 || bugtraq,1892 1 || 2102016 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap status request TCP || arachnids,15 1 || 2102017 || 13 || rpc-portmap-decode || 0 || GPL RPC portmap espd request UDP || bugtraq,2714 || cve,2001-0331 1 || 2102018 || 5 || attempted-recon || 0 || GPL RPC mountd TCP dump request 1 || 2102019 || 5 || attempted-recon || 0 || GPL RPC mountd UDP dump request 1 || 2102020 || 5 || attempted-recon || 0 || GPL RPC mountd TCP unmount request 1 || 2102021 || 5 || attempted-recon || 0 || GPL RPC mountd UDP unmount request 1 || 2102022 || 5 || attempted-recon || 0 || GPL RPC mountd TCP unmountall request 1 || 2102025 || 10 || rpc-portmap-decode || 0 || GPL RPC yppasswd username overflow attempt UDP || bugtraq,2763 || cve,2001-0779 1 || 2102026 || 10 || rpc-portmap-decode || 0 || GPL RPC yppasswd username overflow attempt TCP || bugtraq,2763 || cve,2001-0779 1 || 2102027 || 7 || rpc-portmap-decode || 0 || GPL RPC yppasswd old password overflow attempt UDP || bugtraq,2763 || cve,2001-0779 1 || 2102028 || 7 || rpc-portmap-decode || 0 || GPL RPC yppasswd old password overflow attempt TCP || bugtraq,2763 || cve,2001-0779 1 || 2102029 || 7 || rpc-portmap-decode || 0 || GPL RPC yppasswd new password overflow attempt UDP || bugtraq,2763 || cve,2001-0779 1 || 2102030 || 8 || rpc-portmap-decode || 0 || GPL RPC yppasswd new password overflow attempt TCP || bugtraq,2763 || cve,2001-0779 1 || 2102031 || 8 || rpc-portmap-decode || 0 || GPL RPC yppasswd user update UDP || bugtraq,2763 || cve,2001-0779 1 || 2102032 || 7 || rpc-portmap-decode || 0 || GPL RPC yppasswd user update TCP || bugtraq,2763 || cve,2001-0779 1 || 2102033 || 9 || rpc-portmap-decode || 0 || GPL RPC ypserv maplist request UDP || bugtraq,5914 || bugtraq,6016 || cve,2002-1232 1 || 2102034 || 8 || rpc-portmap-decode || 0 || GPL DELETED ypserv maplist request TCP || Cve,CAN-2002-1232 || bugtraq,5914 || bugtraq,6016 1 || 2102035 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap network-status-monitor request UDP 1 || 2102036 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap network-status-monitor request TCP 1 || 2102037 || 6 || rpc-portmap-decode || 0 || GPL DELETED network-status-monitor mon-callback request UDP 1 || 2102038 || 6 || rpc-portmap-decode || 0 || GPL DELETED network-status-monitor mon-callback request TCP 1 || 2102039 || 7 || misc-attack || 0 || GPL EXPLOIT bootp hostname format string attempt || bugtraq,4701 || cve,2002-0702 || nessus,11312 1 || 2102040 || 4 || misc-activity || 0 || GPL DELETED xtacacs login attempt 1 || 2102042 || 4 || misc-activity || 0 || GPL DELETED xtacacs accepted login response 1 || 2102043 || 3 || misc-activity || 0 || GPL ATTACK_RESPONSE isakmp login failed 1 || 2102044 || 6 || attempted-admin || 0 || GPL POLICY PPTP Start Control Request attempt 1 || 2102046 || 7 || misc-attack || 0 || GPL IMAP partial body.peek buffer overflow attempt || bugtraq,4713 || cve,2002-0379 1 || 2102047 || 3 || misc-activity || 0 || GPL EXPLOIT rsyncd module list access 1 || 2102048 || 7 || misc-activity || 0 || GPL MISC rsyncd overflow attempt || bugtraq,9153 || cve,2003-0962 || nessus,11943 1 || 2102049 || 5 || misc-activity || 0 || GPL SQL ping attempt || nessus,10674 1 || 2102056 || 6 || web-application-attack || 0 || GPL WEB_SERVER TRACE attempt || bugtraq,9561 || nessus,11213 || url,www.whitehatsec.com/press_releases/WH-PR-20030120.pdf 1 || 2102061 || 6 || web-application-attack || 0 || GPL WEB_SERVER Tomcat null byte directory listing attempt || bugtraq,2518 || bugtraq,6721 || cve,2003-0042 1 || 2102073 || 5 || web-application-activity || 0 || GPL WEB_SERVER globals.pl access || bugtraq,2671 || cve,2001-0330 1 || 2102079 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap nlockmgr request UDP || bugtraq,1372 || cve,2000-0508 1 || 2102080 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap nlockmgr request TCP || bugtraq,1372 || cve,2000-0508 1 || 2102081 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap rpc.xfsmd request UDP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359 1 || 2102082 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap rpc.xfsmd request TCP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359 1 || 2102083 || 9 || rpc-portmap-decode || 0 || GPL RPC rpc.xfsmd xfs_export attempt UDP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359 1 || 2102084 || 9 || rpc-portmap-decode || 0 || GPL RPC rpc.xfsmd xfs_export attempt TCP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359 1 || 2102088 || 6 || misc-attack || 0 || GPL RPC ypupdated arbitrary command attempt UDP 1 || 2102089 || 6 || misc-attack || 0 || GPL DELETED ypupdated arbitrary command attempt TCP 1 || 2102090 || 12 || attempted-admin || 0 || GPL EXPLOIT WEBDAV exploit attempt || bugtraq,7116 || bugtraq,7716 || cve,2003-0109 || nessus,11413 || url,www.microsoft.com/technet/security/bulletin/ms03-007.mspx 1 || 2102091 || 12 || attempted-admin || 0 || GPL WEB_SERVER WEBDAV nessus safe scan attempt || bugtraq,7116 || cve,2003-0109 || nessus,11412 || nessus,11413 || url,www.microsoft.com/technet/security/bulletin/ms03-007.mspx 1 || 2102092 || 6 || rpc-portmap-decode || 0 || GPL EXPLOIT portmap proxy integer overflow attempt UDP || bugtraq,7123 || cve,2003-0028 1 || 2102093 || 6 || rpc-portmap-decode || 0 || GPL RPC portmap proxy integer overflow attempt TCP || bugtraq,7123 || cve,2003-0028 1 || 2102094 || 7 || attempted-admin || 0 || GPL RPC CMSD UDP CMSD_CREATE array buffer overflow attempt || bugtraq,5356 || cve,2002-0391 1 || 2102095 || 7 || attempted-admin || 0 || GPL RPC CMSD TCP CMSD_CREATE array buffer overflow attempt || bugtraq,5356 || cve,2002-0391 1 || 2102101 || 12 || denial-of-service || 0 || GPL NETBIOS SMB SMB_COM_TRANSACTION Max Parameter and Max Count of 0 DOS Attempt || bugtraq,5556 || cve,2002-0724 || nessus,11110 || url,www.corest.com/common/showdoc.php?idx=262 || url,www.microsoft.com/technet/security/bulletin/MS02-045.mspx 1 || 2102102 || 10 || denial-of-service || 0 || GPL NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt || bugtraq,5556 || cve,2002-0724 || url,www.corest.com/common/showdoc.php?idx=262 || url,www.microsoft.com/technet/security/bulletin/MS02-045.mspx || nessus,11110 1 || 2102103 || 10 || attempted-admin || 0 || GPL NETBIOS SMB trans2open buffer overflow attempt || bugtraq,7294 || cve,2003-0201 || url,www.digitaldefense.net/labs/advisories/DDI-1013.txt 1 || 2102104 || 6 || unsuccessful-user || 0 || GPL RPC rexec username too long response || bugtraq,7459 1 || 2102105 || 6 || misc-attack || 0 || GPL IMAP authenticate literal overflow attempt || cve,1999-0042 || nessus,10292 1 || 2102106 || 8 || misc-attack || 0 || GPL IMAP lsub overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 1 || 2102107 || 4 || misc-attack || 0 || GPL IMAP create buffer overflow attempt || bugtraq,7446 1 || 2102108 || 4 || attempted-admin || 0 || GPL POP3 CAPA overflow attempt 1 || 2102109 || 4 || attempted-admin || 0 || GPL POP3 TOP overflow attempt 1 || 2102110 || 4 || attempted-admin || 0 || GPL POP3 STAT overflow attempt 1 || 2102111 || 4 || attempted-admin || 0 || GPL POP3 DELE overflow attempt 1 || 2102112 || 4 || attempted-admin || 0 || GPL POP3 RSET overflow attempt 1 || 2102113 || 4 || attempted-admin || 0 || GPL EXPLOIT rexec username overflow attempt 1 || 2102114 || 4 || attempted-admin || 0 || GPL RPC rexec password overflow attempt 1 || 2102118 || 7 || misc-attack || 0 || GPL IMAP list overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 1 || 2102119 || 6 || misc-attack || 0 || GPL IMAP rename literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 1 || 2102120 || 4 || misc-attack || 0 || GPL IMAP create literal buffer overflow attempt || bugtraq,7446 1 || 2102121 || 10 || misc-attack || 0 || GPL POP3 DELE negative argument attempt || bugtraq,6053 || bugtraq,7445 || cve,2002-1539 1 || 2102122 || 11 || misc-attack || 0 || GPL POP3 UIDL negative argument attempt || bugtraq,6053 || cve,2002-1539 || nessus,11570 1 || 2102123 || 7 || successful-admin || 0 || GPL EXPLOIT Microsoft cmd.exe banner || nessus,11633 1 || 2102124 || 4 || trojan-activity || 0 || GPL POLICY Remote PC Access connection attempt || nessus,11673 1 || 2102125 || 10 || protocol-command-decode || 0 || GPL FTP CWD Root directory transversal attempt || bugtraq,7674 || cve,2003-0392 || nessus,11677 1 || 2102131 || 4 || web-application-activity || 0 || GPL WEB_SERVER IISProtect access || nessus,11661 1 || 2102156 || 4 || web-application-activity || 0 || GPL WEB_SERVER mod_gzip_status access || nessus,11685 1 || 2102157 || 3 || web-application-activity || 0 || GPL DELETED IISProtect globaladmin.asp access || nessus,11661 1 || 2102158 || 9 || bad-unknown || 0 || GPL MISC BGP invalid length || bugtraq,6213 || cve,2002-1350 || url,sf.net/tracker/index.php?func=detail&aid=744523&group_id=53066&atid=469575 1 || 2102159 || 12 || bad-unknown || 0 || GPL MISC BGP invalid type 0 || bugtraq,6213 || cve,2002-1350 1 || 2102174 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg create tree attempt 1 || 2102175 || 10 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode create tree attempt 1 || 2102176 || 6 || attempted-recon || 0 || GPL NETBIOS SMB startup folder access 1 || 2102177 || 5 || attempted-recon || 0 || GPL NETBIOS SMB startup folder unicode access 1 || 2102178 || 17 || misc-attack || 0 || GPL FTP USER format string attempt || bugtraq,7474 || bugtraq,7776 || bugtraq,9262 || bugtraq,9402 || bugtraq,9600 || bugtraq,9800 || cve,2004-0277 || nessus,10041 || nessus,11687 1 || 2102179 || 7 || misc-attack || 0 || GPL FTP PASS format string attempt || bugtraq,7474 || bugtraq,9262 || bugtraq,9800 || cve,2000-0699 1 || 2102180 || 5 || policy-violation || 0 || GPL P2P BitTorrent announce request 1 || 2102181 || 3 || policy-violation || 0 || GPL P2P BitTorrent transfer 1 || 2102184 || 8 || misc-attack || 0 || GPL RPC mountd TCP mount path overflow attempt || bugtraq,8179 || cve,2003-0252 || nessus,11800 1 || 2102185 || 8 || misc-attack || 0 || GPL RPC mountd UDP mount path overflow attempt || bugtraq,8179 || cve,2003-0252 || nessus,11800 1 || 2102186 || 4 || non-standard-protocol || 0 || GPL MISC IP Proto 53 SWIPE || bugtraq,8211 || cve,2003-0567 1 || 2102187 || 4 || non-standard-protocol || 0 || GPL MISC IP Proto 55 IP Mobility || bugtraq,8211 || cve,2003-0567 1 || 2102188 || 4 || non-standard-protocol || 0 || GPL MISC IP Proto 77 Sun ND || bugtraq,8211 || cve,2003-0567 1 || 2102189 || 4 || non-standard-protocol || 0 || GPL MISC IP Proto 103 PIM || bugtraq,8211 || cve,2003-0567 1 || 2102190 || 5 || attempted-dos || 0 || GPL NETBIOS DCERPC invalid bind attempt 1 || 2102191 || 4 || attempted-dos || 0 || GPL NETBIOS SMB DCERPC invalid bind attempt 1 || 2102192 || 12 || protocol-command-decode || 0 || GPL NETBIOS DCERPC ISystemActivator bind attempt || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2102193 || 12 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS DCERPC ISystemActivator bind attempt || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2102230 || 10 || default-login-attempt || 0 || GPL SCAN NetGear router default password login attempt admin/password || nessus,11737 1 || 2102250 || 6 || attempted-admin || 0 || GPL POP3 USER format string attempt || bugtraq,10976 || bugtraq,7667 || cve,2003-0391 || nessus,11742 1 || 2102251 || 16 || attempted-admin || 0 || GPL NETBIOS DCERPC Remote Activation bind attempt || bugtraq,8234 || bugtraq,8458 || cve,2003-0528 || cve,2003-0605 || cve,2003-0715 || nessus,11798 || nessus,11835 || url,www.microsoft.com/technet/security/bulletin/MS03-039.mspx 1 || 2102252 || 15 || attempted-admin || 0 || GPL NETBIOS SMB-DS DCERPC Remote Activation bind attempt || bugtraq,8234 || bugtraq,8458 || cve,2003-0528 || cve,2003-0605 || cve,2003-0715 || nessus,11798 || nessus,11835 || url,www.microsoft.com/technet/security/bulletin/MS03-039.mspx 1 || 2102255 || 5 || misc-attack || 0 || GPL RPC sadmind query with root credentials attempt TCP 1 || 2102256 || 5 || misc-attack || 0 || GPL RPC sadmind query with root credentials attempt UDP 1 || 2102257 || 10 || attempted-admin || 0 || GPL NETBIOS DCERPC Messenger Service buffer overflow attempt || bugtraq,8826 || cve,2003-0717 || nessus,11888 || nessus,11890 || url,www.microsoft.com/technet/security/bulletin/MS03-043.mspx 1 || 2102258 || 10 || attempted-admin || 0 || GPL NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt || bugtraq,8826 || cve,2003-0717 || nessus,11888 || nessus,11890 || url,www.microsoft.com/technet/security/bulletin/MS03-043.mspx 1 || 2102259 || 9 || attempted-admin || 0 || GPL SMTP EXPN overflow attempt || bugtraq,6991 || bugtraq,7230 || cve,2002-1337 || cve,2003-0161 1 || 2102272 || 6 || misc-attack || 0 || GPL FTP LIST integer overflow attempt || bugtraq,8875 || cve,2003-0853 || cve,2003-0854 1 || 2102275 || 3 || suspicious-login || 0 || GPL SMTP AUTH LOGON brute force attempt 1 || 2102308 || 7 || misc-attack || 0 || GPL NETBIOS SMB DCERPC Workstation Service unicode bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx 1 || 2102309 || 7 || misc-attack || 0 || GPL NETBIOS SMB DCERPC Workstation Service bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx 1 || 2102310 || 9 || misc-attack || 0 || GPL NETBIOS SMB-DS DCERPC Workstation Service unicode bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx 1 || 2102311 || 8 || misc-attack || 0 || GPL NETBIOS SMB-DS DCERPC Workstation Service bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx 1 || 2102312 || 3 || shellcode-detect || 0 || GPL SHELLCODE x86 0x71FB7BAB NOOP 1 || 2102313 || 3 || shellcode-detect || 0 || GPL SHELLCODE x86 0x71FB7BAB NOOP unicode 1 || 2102314 || 3 || shellcode-detect || 0 || GPL SHELLCODE x86 0x90 NOOP unicode 1 || 2102315 || 7 || misc-attack || 0 || GPL NETBIOS DCERPC Workstation Service direct service bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx 1 || 2102316 || 7 || misc-attack || 0 || GPL NETBIOS DCERPC Workstation Service direct service access attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx 1 || 2102317 || 5 || misc-attack || 0 || GPL MISC CVS non-relative path error response || bugtraq,9178 || cve,2003-0977 1 || 2102318 || 5 || misc-attack || 0 || GPL EXPLOIT CVS non-relative path access attempt || bugtraq,9178 || cve,2003-0977 1 || 2102329 || 7 || attempted-user || 0 || GPL SQL probe response overflow attempt || bugtraq,9407 || cve,2003-0903 || url,www.microsoft.com/technet/security/bulletin/MS04-003.mspx 1 || 2102330 || 3 || misc-attack || 0 || GPL IMAP auth overflow attempt || bugtraq,8861 1 || 2102332 || 2 || misc-attack || 0 || GPL FTP MKDIR format string attempt || bugtraq,9262 1 || 2102333 || 2 || misc-attack || 0 || GPL FTP RENAME format string attempt || bugtraq,9262 1 || 2102335 || 3 || attempted-dos || 0 || GPL DELETED RMD / attempt || bugtraq,9159 1 || 2102336 || 4 || bad-unknown || 0 || GPL TFTP NULL command attempt || bugtraq,7575 1 || 2102337 || 9 || attempted-admin || 0 || GPL TFTP PUT filename overflow attempt || bugtraq,7819 || bugtraq,8505 || cve,2003-0380 1 || 2102338 || 14 || misc-attack || 0 || GPL FTP LIST buffer overflow attempt || bugtraq,10181 || bugtraq,6869 || bugtraq,7251 || bugtraq,7861 || bugtraq,8486 || bugtraq,9675 || cve,1999-0349 || cve,1999-1510 || cve,2000-0129 || url,www.microsoft.com/technet/security/bulletin/MS99-003.mspx 1 || 2102340 || 8 || attempted-admin || 0 || GPL FTP SITE CHMOD overflow attempt || bugtraq,10181 || bugtraq,9483 || bugtraq,9675 || cve,1999-0838 || nessus,12037 1 || 2102343 || 4 || attempted-admin || 0 || GPL FTP STOR overflow attempt || bugtraq,8668 || cve,2000-0133 1 || 2102344 || 4 || attempted-admin || 0 || GPL FTP XCWD overflow attempt || bugtraq,11542 || bugtraq,8704 1 || 2102348 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS DCERPC print spool bind attempt 1 || 2102349 || 7 || attempted-recon || 0 || GPL NETBIOS SMB-DS DCERPC enumerate printers request attempt 1 || 2102373 || 5 || attempted-admin || 0 || GPL FTP XMKD overflow attempt || bugtraq,7909 || cve,2000-0133 || cve,2001-1021 1 || 2102374 || 7 || attempted-admin || 0 || GPL FTP NLST overflow attempt || bugtraq,10184 || bugtraq,7909 || bugtraq,9675 || cve,1999-1544 1 || 2102376 || 4 || attempted-admin || 0 || GPL EXPLOIT ISAKMP first payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040 1 || 2102377 || 4 || attempted-admin || 0 || GPL EXPLOIT ISAKMP second payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040 1 || 2102379 || 7 || attempted-admin || 0 || GPL EXPLOIT ISAKMP forth payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040 1 || 2102380 || 5 || attempted-admin || 0 || GPL EXPLOIT ISAKMP fifth payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040 1 || 2102382 || 22 || protocol-command-decode || 0 || GPL NETBIOS SMB Session Setup NTMLSSP asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx 1 || 2102383 || 21 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx 1 || 2102384 || 11 || attempted-dos || 0 || GPL NETBIOS SMB NTLMSSP invalid mechlistMIC attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12054 || nessus,12065 1 || 2102385 || 12 || attempted-dos || 0 || GPL NETBIOS SMB-DS DCERPC NTLMSSP invalid mechlistMIC attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12054 || nessus,12065 1 || 2102386 || 11 || attempted-dos || 0 || GPL EXPLOIT NTLM ASN.1 vulnerability scan attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12055 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx 1 || 2102389 || 8 || attempted-admin || 0 || GPL FTP RNTO overflow attempt || bugtraq,8315 || cve,2000-0133 || cve,2001-1021 || cve,2003-0466 1 || 2102390 || 5 || attempted-admin || 0 || GPL FTP STOU overflow attempt || bugtraq,8315 || cve,2003-0466 1 || 2102391 || 11 || attempted-admin || 0 || GPL FTP APPE overflow attempt || bugtraq,8315 || bugtraq,8542 || cve,2000-0133 || cve,2003-0466 1 || 2102392 || 8 || attempted-admin || 0 || GPL FTP RETR overflow attempt || bugtraq,8315 || cve,2003-0466 || cve,2004-0287 || cve,2004-0298 1 || 2102401 || 5 || attempted-admin || 0 || GPL NETBIOS SMB Session Setup AndX request username overflow attempt || bugtraq,9752 || url,www.eeye.com/html/Research/Advisories/AD20040226.html 1 || 2102402 || 6 || attempted-admin || 0 || GPL NETBIOS SMB-DS Session Setup AndX request username overflow attempt || bugtraq,9752 || url,www.eeye.com/html/Research/Advisories/AD20040226.html 1 || 2102403 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB Session Setup AndX request unicode username overflow attempt || bugtraq,9752 || url,www.eeye.com/html/Research/Advisories/AD20040226.html 1 || 2102404 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt || bugtraq,9752 || url,www.eeye.com/html/Research/Advisories/AD20040226.html 1 || 2102409 || 2 || attempted-admin || 0 || GPL POP3 APOP USER overflow attempt || bugtraq,9794 1 || 2102413 || 10 || misc-attack || 0 || GPL EXPLOIT ISAKMP delete hash with empty hash attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164 1 || 2102414 || 10 || misc-attack || 0 || GPL EXPLOIT ISAKMP initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164 1 || 2102415 || 10 || misc-attack || 0 || GPL EXPLOIT ISAKMP second payload initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164 1 || 2102416 || 7 || attempted-admin || 0 || GPL FTP invalid MDTM command attempt || bugtraq,9751 || cve,2001-1021 || cve,2004-0330 1 || 2102417 || 2 || string-detect || 0 || GPL FTP format string attempt 1 || 2102424 || 6 || attempted-admin || 0 || GPL MISC NNTP sendsys overflow attempt || bugtraq,9382 || cve,2004-0045 1 || 2102425 || 6 || attempted-admin || 0 || GPL MISC NNTP senduuname overflow attempt || bugtraq,9382 || cve,2004-0045 1 || 2102426 || 6 || attempted-admin || 0 || GPL MISC NNTP version overflow attempt || bugtraq,9382 || cve,2004-0045 1 || 2102427 || 6 || attempted-admin || 0 || GPL MISC NNTP checkgroups overflow attempt || bugtraq,9382 || cve,2004-0045 1 || 2102428 || 6 || attempted-admin || 0 || GPL MISC NNTP ihave overflow attempt || bugtraq,9382 || cve,2004-0045 1 || 2102429 || 6 || attempted-admin || 0 || GPL MISC NNTP sendme overflow attempt || bugtraq,9382 || cve,2004-0045 1 || 2102430 || 6 || attempted-admin || 0 || GPL MISC NNTP newgroup overflow attempt || bugtraq,9382 || cve,2004-0045 1 || 2102431 || 6 || attempted-admin || 0 || GPL MISC Nntp rmgroup overflow attempt || bugtraq,9382 || cve,2004-0045 1 || 2102432 || 4 || attempted-admin || 0 || GPL MISC NNTP article post without path attempt 1 || 2102437 || 9 || attempted-user || 0 || GPL WEB_CLIENT RealPlayer arbitrary javascript command attempt || bugtraq,8453 || bugtraq,9378 || cve,2003-0726 1 || 2102438 || 7 || attempted-user || 0 || GPL DELETED RealPlayer playlist file URL overflow attempt || bugtraq,9579 || cve,2004-0258 1 || 2102439 || 6 || attempted-user || 0 || GPL DELETED RealPlayer playlist http URL overflow attempt || bugtraq,9579 || cve,2004-0258 1 || 2102440 || 7 || attempted-user || 0 || GPL DELETED RealPlayer playlist rtsp URL overflow attempt || bugtraq,9579 || cve,2004-0258 1 || 2102449 || 3 || attempted-admin || 0 || GPL FTP ALLO overflow attempt || bugtraq,9953 1 || 2102450 || 5 || policy-violation || 0 || GPL DELETED Yahoo IM successful logon 1 || 2102451 || 4 || policy-violation || 0 || GPL CHAT Yahoo IM voicechat 1 || 2102452 || 5 || policy-violation || 0 || GPL CHAT Yahoo IM ping 1 || 2102453 || 4 || policy-violation || 0 || GPL CHAT Yahoo IM conference invitation 1 || 2102454 || 4 || policy-violation || 0 || GPL CHAT Yahoo IM conference logon success 1 || 2102455 || 4 || policy-violation || 0 || GPL CHAT Yahoo IM conference message 1 || 2102456 || 5 || policy-violation || 0 || GPL CHAT Yahoo Messenger File Transfer Receive Request 1 || 2102458 || 5 || policy-violation || 0 || GPL CHAT Yahoo IM successful chat join 1 || 2102459 || 5 || policy-violation || 0 || GPL CHAT Yahoo IM conference offer invitation 1 || 2102460 || 5 || policy-violation || 0 || GPL CHAT Yahoo IM conference request 1 || 2102461 || 5 || policy-violation || 0 || GPL CHAT Yahoo IM conference watch 1 || 2102462 || 8 || attempted-admin || 0 || GPL EXPLOIT IGMP IGAP account overflow attempt || bugtraq,9952 || cve,2004-0176 || cve,2004-0367 1 || 2102463 || 8 || attempted-admin || 0 || GPL EXPLOIT IGMP IGAP message overflow attempt || bugtraq,9952 || cve,2004-0176 || cve,2004-0367 1 || 2102464 || 8 || attempted-admin || 0 || GPL EXPLOIT EIGRP prefix length overflow attempt || bugtraq,9952 || cve,2004-0176 || cve,2004-0367 1 || 2102465 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IPC$ share access 1 || 2102466 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IPC$ unicode share access 1 || 2102467 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB D$ unicode share access 1 || 2102468 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS D$ share access 1 || 2102469 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS D$ unicode share access 1 || 2102470 || 12 || protocol-command-decode || 0 || GPL NETBIOS SMB C$ unicode share access 1 || 2102471 || 12 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS C$ share access 1 || 2102472 || 11 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS C$ unicode share access 1 || 2102473 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB ADMIN$ unicode share access 1 || 2102474 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ADMIN$ share access 1 || 2102475 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ADMIN$ unicode share access 1 || 2102476 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg create tree attempt 1 || 2102477 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode create tree attempt 1 || 2102478 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg bind attempt 1 || 2102479 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode bind attempt 1 || 2102480 || 10 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown unicode attempt 1 || 2102481 || 10 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown unicode little endian attempt 1 || 2102482 || 10 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown attempt 1 || 2102483 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown little endian attempt 1 || 2102485 || 8 || attempted-admin || 0 || GPL ACTIVEX Norton antivirus sysmspam.dll load attempt || bugtraq,9916 || cve,2004-0363 1 || 2102486 || 6 || attempted-dos || 0 || GPL EXPLOIT ISAKMP invalid identification payload attempt || bugtraq,10004 || cve,2004-0184 1 || 2102491 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS DCERPC ISystemActivator unicode bind attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102496 || 9 || misc-attack || 0 || GPL NETBIOS SMB-DS DCEPRC ORPCThis request flood attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102507 || 8 || protocol-command-decode || 0 || GPL NETBIOS DCERPC LSASS bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102508 || 8 || attempted-admin || 0 || GPL NETBIOS DCERPC LSASS DsRolerUpgradeDownlevelServer Exploit attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102509 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB DCERPC LSASS unicode bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102510 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB DCERPC LSASS bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102511 || 10 || attempted-admin || 0 || GPL NETBIOS SMB DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102512 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS DCERPC LSASS bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102513 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS DCERPC LSASS unicode bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102514 || 8 || attempted-admin || 0 || GPL NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102523 || 8 || attempted-dos || 0 || GPL MISC BGP spoofed connection reset attempt || bugtraq,10183 || cve,2004-0230 || url,www.uniras.gov.uk/vuls/2004/236929/index.htm 1 || 2102524 || 8 || protocol-command-decode || 0 || GPL NETBIOS DCERPC LSASS direct bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102525 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB DCERPC LSASS direct bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102526 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS DCERPC LSASS direct bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 1 || 2102546 || 7 || attempted-admin || 0 || GPL FTP MDTM overflow attempt || bugtraq,9751 || cve,2001-1021 || cve,2004-0330 || nessus,12080 1 || 2102547 || 4 || web-application-activity || 0 || GPL MISC HP Web JetAdmin remote file upload attempt || bugtraq,9978 1 || 2102548 || 3 || web-application-activity || 0 || GPL MISC HP Web JetAdmin setinfo access || bugtraq,9972 1 || 2102549 || 2 || web-application-activity || 0 || GPL MISC HP Web JetAdmin file write attempt || bugtraq,9973 1 || 2102552 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache HEAD overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 1 || 2102553 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache PUT overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 1 || 2102554 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache POST overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 1 || 2102555 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache TRACE overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 1 || 2102556 || 6 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache DELETE overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 1 || 2102557 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache LOCK overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 1 || 2102558 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache MKCOL overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 1 || 2102559 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache COPY overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 1 || 2102560 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache MOVE overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 1 || 2102561 || 5 || string-detect || 0 || GPL MISC rsync backup-dir directory traversal attempt || bugtraq,10247 || cve,2004-0426 || nessus,12230 1 || 2102563 || 6 || attempted-admin || 0 || GPL NETBIOS NS lookup response name overflow attempt || bugtraq,10333 || bugtraq,10334 || cve,2004-0444 || cve,2004-0445 || url,www.eeye.com/html/Research/Advisories/AD20040512A.html 1 || 2102574 || 2 || attempted-admin || 0 || GPL FTP RETR format string attempt || bugtraq,9800 1 || 2102576 || 7 || attempted-user || 0 || GPL SQL dbms_repcat.generate_replication_support buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck93.html 1 || 2102577 || 7 || attempted-user || 0 || GPL WEB_CLIENT local resource redirection attempt || cve,2004-0549 || url,www.kb.cert.org/vuls/id/713878 1 || 2102578 || 4 || attempted-admin || 0 || GPL RPC kerberos principal name overflow UDP || url,web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt 1 || 2102579 || 4 || attempted-admin || 0 || GPL RPC kerberos principal name overflow TCP || url,web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt 1 || 2102580 || 12 || attempted-admin || 0 || GPL WEB_CLIENT server negative Content-Length attempt || cve,2004-0492 || url,www.guninski.com/modproxy1.html 1 || 2102583 || 3 || misc-attack || 0 || GPL DELETED CVS Max-dotdot integer overflow attempt || bugtraq,10499 || cve,2004-0417 1 || 2102584 || 5 || attempted-user || 0 || GPL P2P eMule buffer overflow attempt || bugtraq,10039 || nessus,12233 1 || 2102585 || 3 || attempted-recon || 0 || GPL SCAN nessus 2.x 404 probe || nessus,10386 1 || 2102586 || 3 || policy-violation || 0 || GPL P2P eDonkey transfer || url,www.kom.e-technik.tu-darmstadt.de/publications/abstracts/HB02-1.html 1 || 2102587 || 4 || policy-violation || 0 || GPL P2P eDonkey server response || url,www.emule-project.net 1 || 2102589 || 7 || attempted-user || 0 || GPL DELETED Content-Disposition CLSID command attempt || bugtraq,9510 || cve,2004-0420 || url,www.microsoft.com/technet/security/bulletin/ms04-024.mspx 1 || 2102590 || 5 || attempted-admin || 0 || GPL SMTP MAIL FROM overflow attempt || bugtraq,10290 || bugtraq,7506 || cve,2004-0399 || url,www.guninski.com/exim1.html 1 || 2102597 || 5 || web-application-attack || 0 || GPL DELETED Samba SWAT Authorization overflow attempt || bugtraq,10780 1 || 2102598 || 3 || web-application-attack || 0 || GPL DELETED Samba SWAT Authorization port 901 overflow attempt || bugtraq,10780 1 || 2102599 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_grouped_column buffer overflow attempt 1 || 2102600 || 3 || attempted-user || 0 || GPL SQL add_grouped_column ordered sname/oname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html 1 || 2102601 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.drop_master_repgroup buffer overflow attempt 1 || 2102602 || 3 || attempted-user || 0 || GPL SQL drop_master_repgroup ordered gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck87.html 1 || 2102603 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.create_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html 1 || 2102604 || 3 || attempted-user || 0 || GPL SQL create_mview_repgroup ordered fname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html 1 || 2102605 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.compare_old_values buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck91.html 1 || 2102606 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_repobject buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html 1 || 2102607 || 3 || attempted-user || 0 || GPL SQL comment_on_repobject ordered type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html 1 || 2102608 || 4 || attempted-user || 0 || GPL SQL sysdbms_repcat_rgt.check_ddl_text buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 1 || 2102609 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.cancel_statistics buffer overflow attempt 1 || 2102610 || 3 || attempted-user || 0 || GPL SQL cancel_statistics ordered sname/oname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html 1 || 2102612 || 4 || attempted-user || 0 || GPL SQL sys.dbms_repcat_auth.revoke_surrogate_repcat buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 1 || 2102614 || 3 || attempted-user || 0 || GPL SQL time_zone buffer overflow attempt || bugtraq,9587 || url,www.nextgenss.com/advisories/ora_time_zone.txt 1 || 2102615 || 4 || attempted-user || 0 || GPL SQL sys.dbms_repcat_auth.grant_surrogate_repcat buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 1 || 2102616 || 3 || attempted-user || 0 || GPL SQL grant_surrogate_repcat ordered userid buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 1 || 2102617 || 4 || attempted-user || 0 || GPL SQL sys.dbms_repcat.alter_mview_propagation buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html 1 || 2102618 || 3 || attempted-user || 0 || GPL SQL alter_mview_propagation ordered gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html 1 || 2102619 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.alter_master_repobject buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html 1 || 2102621 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_sna_utl.register_flavor_change buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 1 || 2102622 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_utl.drop_an_object buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 1 || 2102623 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_sna_utl.create_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 1 || 2102624 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_admin.unregister_user_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html 1 || 2102625 || 3 || attempted-user || 0 || GPL SQL unregister_user_repgroup ordered privilege_type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html 1 || 2102626 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.send_old_values buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck91.html 1 || 2102627 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.repcat_import_check buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html 1 || 2102628 || 3 || attempted-user || 0 || GPL SQL repcat_import_check ordered gowner/gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html 1 || 2102629 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_admin.register_user_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html 1 || 2102630 || 3 || attempted-user || 0 || GPL SQL register_user_repgroup ordered privilege_type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html 1 || 2102631 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.refresh_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html 1 || 2102632 || 3 || attempted-user || 0 || GPL SQL refresh_mview_repgroup ordered gowner buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html 1 || 2102633 || 4 || attempted-user || 0 || GPL SQL sys.dbms_rectifier_diff.rectify buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 1 || 2102634 || 3 || attempted-user || 0 || GPL SQL rectifier_diff ordered sname1 buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 1 || 2102635 || 4 || attempted-user || 0 || GPL SQL dbms_offline_snapshot.end_load buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html 1 || 2102636 || 3 || attempted-user || 0 || GPL SQL snapshot.end_load ordered gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html 1 || 2102637 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.drop_master_repobject buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html 1 || 2102638 || 3 || attempted-user || 0 || GPL SQL drop_master_repobject ordered type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html 1 || 2102639 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.drop_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html 1 || 2102640 || 3 || attempted-user || 0 || GPL SQL drop_mview_repgroup ordered gowner/gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html 1 || 2102641 || 5 || attempted-user || 0 || GPL SQL dbms_repcat_instantiate.drop_site_instantiation buffer overflow attempt 1 || 2102642 || 3 || attempted-user || 0 || GPL SQL drop_site_instantiate ordered refresh_template_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck629.html 1 || 2102643 || 4 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.ensure_not_published buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck96.html 1 || 2102644 || 4 || attempted-user || 0 || GPL SQL from_tz buffer overflow attempt || url,www.nextgenss.com/advisories/ora_from_tz.txt 1 || 2102645 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_instantiate.instantiate_offline buffer overflow attempt 1 || 2102646 || 3 || attempted-user || 0 || GPL SQL instantiate_offline ordered refresh_template_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck630.html 1 || 2102647 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_instantiate.instantiate_online buffer overflow attempt 1 || 2102648 || 3 || attempted-user || 0 || GPL SQL instantiate_online ordered refresh_template_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck631.html 1 || 2102649 || 3 || attempted-user || 0 || GPL SQL service_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck52.html 1 || 2102650 || 3 || attempted-user || 0 || GPL SQL user name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck62.html 1 || 2102652 || 4 || attempted-user || 0 || GPL SQL dbms_offline_og.begin_load buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html 1 || 2102653 || 3 || attempted-user || 0 || GPL SQL og.begin_load ordered gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html 1 || 2102654 || 4 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS PHPNuke Forum viewtopic SQL insertion attempt || bugtraq,7193 1 || 2102664 || 4 || attempted-admin || 0 || GPL DELETED login format string attempt || bugtraq,10976 1 || 2102665 || 3 || attempted-admin || 0 || GPL IMAP login literal format string attempt || bugtraq,10976 1 || 2102666 || 2 || attempted-admin || 0 || GPL POP3 PASS format string attempt || bugtraq,10976 1 || 2102671 || 6 || attempted-user || 0 || GPL WEB_CLIENT bitmap BitmapOffset integer overflow attempt || bugtraq,9663 || cve,2004-0566 1 || 2102673 || 6 || attempted-user || 0 || GPL WEB_CLIENT libpng tRNS overflow attempt || bugtraq,10872 || cve,2004-0597 1 || 2102674 || 2 || attempted-user || 0 || GPL SQL dbms_repcat.add_delete_resolution buffer overflow attempt 1 || 2102675 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_rgt.instantiate_offline buffer overflow attempt 1 || 2102676 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_rgt.drop_site_instantiation buffer overflow attempt 1 || 2102677 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_rgt.instantiate_online buffer overflow attempt 1 || 2102678 || 3 || attempted-user || 0 || GPL SQL ctx_output.start_log buffer overflow attempt 1 || 2102679 || 3 || attempted-user || 0 || GPL SQL sys.dbms_system.ksdwrt buffer overflow attempt 1 || 2102680 || 3 || attempted-user || 0 || GPL SQL ctxsys.driddlr.subindexpopulate buffer overflow attempt 1 || 2102681 || 3 || attempted-user || 0 || GPL SQL mdsys.sdo_admin.sdo_code_size buffer overflow attempt 1 || 2102682 || 3 || attempted-user || 0 || GPL SQL mdsys.md2.validate_geom buffer overflow attempt 1 || 2102683 || 3 || attempted-user || 0 || GPL SQL mdsys.md2.sdo_code_size buffer overflow attempt 1 || 2102684 || 3 || attempted-user || 0 || GPL SQL sys.ltutil.pushdeferredtxns buffer overflow attempt 1 || 2102685 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_rq.add_column buffer overflow attempt 1 || 2102686 || 3 || attempted-user || 0 || GPL SQL sys.dbms_rectifier_diff.differences buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 1 || 2102687 || 3 || attempted-user || 0 || GPL SQL sys.dbms_internal_repcat.validate buffer overflow attempt 1 || 2102688 || 3 || attempted-user || 0 || GPL SQL sys.dbms_internal_repcat.enable_receiver_trace buffer overflow attempt 1 || 2102689 || 3 || attempted-user || 0 || GPL SQL sys.dbms_internal_repcat.disable_receiver_trace buffer overflow attempt 1 || 2102690 || 3 || attempted-user || 0 || GPL SQL sys.dbms_defer_repcat.enable_propagation_to_dblink buffer overflow attempt 1 || 2102691 || 3 || attempted-user || 0 || GPL SQL sys.dbms_defer_internal_sys.parallel_push_recovery buffer overflow attempt 1 || 2102692 || 3 || attempted-user || 0 || GPL SQL sys.dbms_aqadm_sys.verify_queue_types buffer overflow attempt 1 || 2102693 || 3 || attempted-user || 0 || GPL SQL sys.dbms_aqadm.verify_queue_types_no_queue buffer overflow attempt 1 || 2102694 || 3 || attempted-user || 0 || GPL SQL sys.dbms_aqadm.verify_queue_types_get_nrp buffer overflow attempt 1 || 2102695 || 3 || attempted-user || 0 || GPL SQL sys.dbms_aq_import_internal.aq_table_defn_update buffer overflow attempt 1 || 2102696 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_utl.is_master buffer overflow attempt 1 || 2102697 || 3 || attempted-user || 0 || GPL SQL alter file buffer overflow attempt 1 || 2102698 || 3 || attempted-user || 0 || GPL SQL create file buffer overflow attempt 1 || 2102699 || 2 || attempted-user || 0 || GPL SQL TO_CHAR buffer overflow attempt 1 || 2102700 || 4 || attempted-user || 0 || GPL SQL numtoyminterval buffer overflow attempt 1 || 2102703 || 5 || web-application-attack || 0 || GPL SQL Oracle iSQLPlus login.uix username overflow attempt || bugtraq,10871 || url,www.nextgenss.com/advisories/ora-isqlplus.txt 1 || 2102708 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.begin_flavor_change buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102709 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.begin_instantiation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102710 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.begin_load buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102711 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.end_flavor_change buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102712 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.end_instantiation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102713 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.end_load buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102714 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.resume_subset_of_masters buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102715 || 3 || attempted-user || 0 || GPL SQL dbms_offline_snapshot.begin_load buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102716 || 3 || attempted-user || 0 || GPL SQL dbms_offline_snapshot.end_load buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102717 || 3 || attempted-user || 0 || GPL SQL dbms_rectifier_diff.differences buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102718 || 2 || attempted-user || 0 || GPL SQL dbms_rectifier_diff.rectify buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102719 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.abort_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102720 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_column_group_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102721 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_columns_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102722 || 2 || attempted-user || 0 || GPL SQL dbms_repcat.add_object_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102723 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102724 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102725 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102726 || 2 || attempted-user || 0 || GPL DELETED dbms_repcat.add_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102727 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102728 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102729 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102730 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102731 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102732 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102733 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_master_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102734 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_mview_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102735 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102736 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102737 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102738 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102739 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102740 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102741 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102742 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102743 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102744 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102745 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_snapshot_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102746 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_auth.revoke_surrogate_repcat buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102747 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.begin_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102748 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102749 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102750 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_mview_repsites buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102751 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_priority_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102752 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102753 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_repsites buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102754 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102755 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102756 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102757 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.create_master_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102758 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.create_master_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102759 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.create_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102760 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.define_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102761 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.define_priority_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102762 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.define_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102763 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.do_deferred_repcat_admin buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102764 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_column_group_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102765 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102766 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_columns_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102767 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102768 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_grouped_column buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102769 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_mview_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102770 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_object_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102771 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102772 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102773 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102774 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102775 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102776 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102777 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102778 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102779 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102780 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102781 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102782 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102783 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102784 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102785 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.execute_ddl buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102786 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.generate_replication_package buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102787 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_instantiate.instantiate_online buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102788 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.make_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102789 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.obsolete_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102790 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.publish_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102791 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.purge_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102792 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.purge_master_log buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102793 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.purge_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102794 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.refresh_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102795 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.refresh_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102796 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.register_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102797 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.register_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102798 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.register_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102799 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.relocate_masterdef buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102800 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.rename_shadow_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102801 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.resume_master_activity buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102802 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_rgt.check_ddl_text buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102803 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_rgt.drop_site_instantiation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102804 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.send_and_compare_old_values buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102805 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.set_columns buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102806 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.set_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102807 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.specify_new_masters buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102808 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.suspend_master_activity buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102809 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.unregister_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102810 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.unregister_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102811 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.validate_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102812 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.validate_for_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102813 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.abort_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102814 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.add_object_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102815 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.begin_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102816 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.drop_object_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102817 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.add_column_group_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102818 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.add_columns_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102819 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.drop_column_group_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102820 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.drop_columns_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102821 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.obsolete_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102822 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.publish_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102823 || 2 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.purge_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102824 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.set_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102825 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.validate_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102826 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.validate_for_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102827 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.alter_master_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102828 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.comment_on_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102829 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.comment_on_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102830 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.create_master_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102831 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.create_master_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102832 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.do_deferred_repcat_admin buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102833 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.drop_master_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102834 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.generate_replication_package buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102835 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.purge_master_log buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102836 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.relocate_masterdef buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102837 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.rename_shadow_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102838 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.resume_master_activity buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102839 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.suspend_master_activity buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102840 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.alter_snapshot_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102841 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.create_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102842 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.drop_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102843 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.drop_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102844 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.refresh_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102845 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.register_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102846 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.repcat_import_check buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102847 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.unregister_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102848 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_utl4.drop_master_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102849 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_utl.drop_an_object buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102850 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.create_mview_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102851 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.create_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102852 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.generate_mview_support buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102853 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.generate_replication_trigger buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102854 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.generate_snapshot_support buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102855 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.remove_master_databases buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102856 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.switch_mview_master buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102857 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.switch_snapshot_master buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102858 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102859 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102860 || 4 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102861 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102862 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102863 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102864 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102865 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102866 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102867 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102868 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102869 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102870 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102871 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102872 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102874 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102875 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102876 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102877 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102878 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102879 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.cancel_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102880 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.comment_on_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102881 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.comment_on_priority_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102882 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.comment_on_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102883 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.comment_on_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102884 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.comment_on_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102885 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.define_priority_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102886 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.define_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102887 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102888 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102889 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102890 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102891 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102892 || 5 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102893 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102894 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102895 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102896 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102897 || 4 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102898 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102899 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102900 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.purge_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102901 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.register_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102902 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.alter_snapshot_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102903 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.create_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102904 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.create_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102905 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.create_snapshot_repschema buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102906 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.drop_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102907 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.drop_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102908 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.drop_snapshot_repschema buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102909 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.generate_snapshot_support buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102910 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.refresh_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102911 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.refresh_snapshot_repschema buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102912 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.register_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102913 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.repcat_import_check buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102914 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.set_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102915 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.switch_snapshot_master buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102916 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.unregister_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102917 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.switch_snapshot_master buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102918 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.validate_for_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102919 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_untrusted.register_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html 1 || 2102923 || 4 || unsuccessful-user || 0 || GPL NETBIOS SMB repeated logon failure 1 || 2102924 || 4 || unsuccessful-user || 0 || GPL NETBIOS SMB-DS repeated logon failure 1 || 2102925 || 5 || misc-activity || 0 || GPL WEB_CLIENT web bug 0x0 gif attempt 1 || 2102927 || 5 || attempted-admin || 0 || GPL MISC NNTP XPAT pattern overflow attempt || cve,2004-0574 || url,www.microsoft.com/technet/security/bulletin/MS04-036.mspx 1 || 2102928 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi create tree attempt || bugtraq,11372 || cve,2004-0206 1 || 2102929 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi unicode create tree attempt || bugtraq,11372 || cve,2004-0206 1 || 2102930 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi create tree attempt || bugtraq,11372 || cve,2004-0206 1 || 2102931 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi unicode create tree attempt || bugtraq,11372 || cve,2004-0206 1 || 2102932 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi bind attempt || bugtraq,11372 || cve,2004-0206 1 || 2102933 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi unicode bind attempt || bugtraq,11372 || cve,2004-0206 1 || 2102934 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi bind attempt || bugtraq,11372 || cve,2004-0206 1 || 2102935 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi unicode bind attempt || bugtraq,11372 || cve,2004-0206 1 || 2102936 || 6 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102937 || 6 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW unicode overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102938 || 6 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102939 || 7 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102940 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg bind attempt 1 || 2102941 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode bind attempt 1 || 2102942 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown attempt 1 || 2102943 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown little endian attempt 1 || 2102944 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown unicode attempt 1 || 2102945 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown unicode little endian attempt 1 || 2102946 || 7 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW little endian overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102947 || 6 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102948 || 7 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102949 || 7 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102950 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB too many stacked requests 1 || 2102951 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS too many stacked requests 1 || 2102954 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IPC$ andx share access 1 || 2102955 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IPC$ unicode andx share access 1 || 2102956 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi andx create tree attempt || bugtraq,11372 || cve,2004-0206 1 || 2102957 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi unicode andx create tree attempt || bugtraq,11372 || cve,2004-0206 1 || 2102958 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi andx create tree attempt || bugtraq,11372 || cve,2004-0206 1 || 2102959 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi unicode andx create tree attempt || bugtraq,11372 || cve,2004-0206 1 || 2102960 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi andx bind attempt || bugtraq,11372 || cve,2004-0206 1 || 2102961 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi unicode andx bind attempt || bugtraq,11372 || cve,2004-0206 1 || 2102962 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi andx bind attempt || bugtraq,11372 || cve,2004-0206 1 || 2102963 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi unicode andx bind attempt || bugtraq,11372 || cve,2004-0206 1 || 2102964 || 5 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW andx overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102965 || 5 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW little endian andx overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102966 || 5 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW unicode andx overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102967 || 5 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian andx overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102968 || 5 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW andx overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102969 || 5 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian andx overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102970 || 5 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode andx overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102971 || 5 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian andx overflow attempt || bugtraq,11372 || cve,2004-0206 1 || 2102974 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS D$ andx share access 1 || 2102975 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS D$ unicode andx share access 1 || 2102978 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS C$ andx share access 1 || 2102979 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS C$ unicode andx share access 1 || 2102982 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ADMIN$ andx share access 1 || 2102983 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ADMIN$ unicode andx share access 1 || 2102984 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg andx create tree attempt 1 || 2102985 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode andx create tree attempt 1 || 2102986 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg andx create tree attempt 1 || 2102987 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode andx create tree attempt 1 || 2102988 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg andx bind attempt 1 || 2102989 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode andx bind attempt 1 || 2102990 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg andx bind attempt 1 || 2102991 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode andx bind attempt 1 || 2102992 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown andx attempt 1 || 2102993 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown little endian andx attempt 1 || 2102994 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown unicode andx attempt 1 || 2102995 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown unicode little endian andx attempt 1 || 2102996 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown andx attempt 1 || 2102997 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown little endian andx attempt 1 || 2102998 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown unicode andx attempt 1 || 2102999 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown unicode little endian andx attempt 1 || 2103000 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB Session Setup NTMLSSP unicode asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx 1 || 2103001 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB Session Setup NTMLSSP andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx 1 || 2103002 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB Session Setup NTMLSSP unicode andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx 1 || 2103003 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx 1 || 2103004 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx 1 || 2103005 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx 1 || 2103007 || 2 || misc-attack || 0 || GPL IMAP delete overflow attempt || bugtraq,11675 1 || 2103008 || 2 || misc-attack || 0 || GPL IMAP delete literal overflow attempt || bugtraq,11675 1 || 2103017 || 7 || misc-attack || 0 || GPL EXPLOIT WINS overflow attempt || bugtraq,11763 || cve,2004-1080 || url,www.immunitysec.com/downloads/instantanea.pdf || url,www.microsoft.com/technet/security/bulletin/MS04-045.mspx 1 || 2103018 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE oversized Security Descriptor attempt || cve,2004-1154 1 || 2103019 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt || cve,2004-1154 1 || 2103020 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode oversized Security Descriptor attempt || cve,2004-1154 1 || 2103021 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt || cve,2004-1154 1 || 2103022 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE oversized Security Descriptor attempt || cve,2004-1154 1 || 2103023 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt || cve,2004-1154 1 || 2103024 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode oversized Security Descriptor attempt || cve,2004-1154 1 || 2103025 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt || cve,2004-1154 1 || 2103026 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE SACL overflow attempt || cve,2004-1154 1 || 2103027 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt || cve,2004-1154 1 || 2103028 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode SACL overflow attempt || cve,2004-1154 1 || 2103029 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt || cve,2004-1154 1 || 2103030 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE SACL overflow attempt || cve,2004-1154 1 || 2103031 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt || cve,2004-1154 1 || 2103032 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt || cve,2004-1154 1 || 2103033 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt || cve,2004-1154 1 || 2103034 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE DACL overflow attempt || cve,2004-1154 1 || 2103035 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt || cve,2004-1154 1 || 2103036 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode DACL overflow attempt || cve,2004-1154 1 || 2103037 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt || cve,2004-1154 1 || 2103038 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE DACL overflow attempt || cve,2004-1154 1 || 2103039 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt || cve,2004-1154 1 || 2103040 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode DACL overflow attempt || cve,2004-1154 1 || 2103041 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt || cve,2004-1154 1 || 2103042 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt 1 || 2103043 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt 1 || 2103044 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt 1 || 2103045 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt 1 || 2103046 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt 1 || 2103047 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt 1 || 2103048 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt 1 || 2103049 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt 1 || 2103050 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt 1 || 2103051 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt 1 || 2103052 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt 1 || 2103053 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt 1 || 2103054 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt 1 || 2103055 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt 1 || 2103056 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt 1 || 2103057 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt 1 || 2103058 || 2 || misc-attack || 0 || GPL IMAP copy literal overflow attempt || bugtraq,1110 1 || 2103059 || 3 || protocol-command-decode || 0 || GPL DELETED TLSv1 Client_Hello via SSLv2 handshake request 1 || 2103061 || 3 || misc-activity || 0 || GPL DELETED distccd command execution attempt || url,distcc.samba.org/security.html 1 || 2103062 || 4 || web-application-activity || 0 || GPL WEB_SPECIFIC_APPS NetScreen SA 5000 delhomepage.cgi access || bugtraq,9791 1 || 2103063 || 4 || misc-activity || 0 || GPL DELETED Vampire 1.2 connection request 1 || 2103064 || 3 || misc-activity || 0 || GPL DELETED Vampire 1.2 connection confirmation 1 || 2103066 || 3 || misc-attack || 0 || GPL IMAP append overflow attempt || bugtraq,11775 1 || 2103067 || 2 || misc-attack || 0 || GPL IMAP examine literal overflow attempt || bugtraq,11775 1 || 2103068 || 2 || misc-attack || 0 || GPL IMAP examine overflow attempt || bugtraq,11775 1 || 2103069 || 2 || misc-attack || 0 || GPL IMAP fetch literal overflow attempt || bugtraq,11775 1 || 2103070 || 3 || misc-attack || 0 || GPL IMAP fetch overflow attempt || bugtraq,11775 1 || 2103071 || 2 || misc-attack || 0 || GPL IMAP status literal overflow attempt || bugtraq,11775 1 || 2103072 || 3 || misc-attack || 0 || GPL IMAP status overflow attempt || bugtraq,11775 || bugtraq,13727 || cve,2005-1256 1 || 2103073 || 2 || misc-attack || 0 || GPL IMAP subscribe literal overflow attempt || bugtraq,11775 1 || 2103074 || 2 || misc-attack || 0 || GPL IMAP subscribe overflow attempt || bugtraq,11775 1 || 2103075 || 2 || misc-attack || 0 || GPL IMAP unsubscribe literal overflow attempt || bugtraq,11775 1 || 2103076 || 2 || misc-attack || 0 || GPL IMAP unsubscribe overflow attempt || bugtraq,11775 1 || 2103077 || 2 || attempted-admin || 0 || GPL FTP RNFR overflow attempt 1 || 2103078 || 3 || attempted-admin || 0 || GPL MISC nntp SEARCH pattern overflow attempt || cve,2004-0574 || url,www.microsoft.com/technet/security/bulletin/MS04-036.mspx 1 || 2103079 || 5 || attempted-user || 0 || GPL WEB_CLIENT Microsoft ANI file parsing overflow || cve,2004-1049 1 || 2103080 || 3 || misc-attack || 0 || GPL GAMES Unreal Tournament secure overflow attempt || bugtraq,10570 || cve,2004-0608 1 || 2103088 || 2 || attempted-user || 0 || GPL WEB_CLIENT winamp .cda file name overflow attempt || bugtraq,11730 1 || 2103089 || 3 || attempted-user || 0 || GPL MISC squid WCCP I_SEE_YOU message overflow attempt || bugtraq,12275 || cve,2005-0095 1 || 2103090 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc create tree attempt 1 || 2103091 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc unicode create tree attempt 1 || 2103092 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc andx create tree attempt 1 || 2103093 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc unicode andx create tree attempt 1 || 2103094 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc create tree attempt 1 || 2103095 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc unicode create tree attempt 1 || 2103096 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc andx create tree attempt 1 || 2103097 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc unicode andx create tree attempt 1 || 2103098 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc bind attempt 1 || 2103099 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc little endian bind attempt 1 || 2103100 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc unicode bind attempt 1 || 2103101 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc unicode little endian bind attempt 1 || 2103102 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc andx bind attempt 1 || 2103103 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc little endian andx bind attempt 1 || 2103104 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc unicode andx bind attempt 1 || 2103105 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc unicode little endian andx bind attempt 1 || 2103106 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc bind attempt 1 || 2103107 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc little endian bind attempt 1 || 2103108 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc unicode bind attempt 1 || 2103109 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc unicode little endian bind attempt 1 || 2103110 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc andx bind attempt 1 || 2103111 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc little endian andx bind attempt 1 || 2103112 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc unicode andx bind attempt 1 || 2103113 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc unicode little endian andx bind attempt 1 || 2103114 || 5 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103115 || 5 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect little endian overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103116 || 5 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect unicode overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103117 || 5 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect unicode little endian overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103118 || 4 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103119 || 4 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect little endian andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103120 || 4 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect unicode andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103121 || 5 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect unicode little endian andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103122 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103123 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect little endian overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103124 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect unicode overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103125 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect unicode little endian overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103126 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103127 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect little endian andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103128 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect unicode andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103129 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect unicode little endian andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx 1 || 2103132 || 5 || attempted-user || 0 || GPL WEB_CLIENT PNG large image width download attempt || bugtraq,11523 || cve,2004-0990 || cve,2004-1244 || url,www.microsoft.com/technet/security/bulletin/MS05-009.mspx 1 || 2103133 || 6 || attempted-user || 0 || GPL WEB_CLIENT PNG large image height download attempt || bugtraq,11481 || bugtraq,11523 || cve,2004-0599 || cve,2004-0990 || cve,2004-1244 || url,www.microsoft.com/technet/security/bulletin/MS05-009.mspx 1 || 2103134 || 5 || attempted-user || 0 || GPL WEB_CLIENT PNG large colour depth download attempt || bugtraq,11523 || cve,2004-0990 || cve,2004-1244 || url,www.microsoft.com/technet/security/bulletin/MS05-009.mspx 1 || 2103135 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB Trans2 QUERY_FILE_INFO attempt 1 || 2103136 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt 1 || 2103137 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt 1 || 2103138 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt 1 || 2103139 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB Trans2 FIND_FIRST2 attempt 1 || 2103140 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB Trans2 FIND_FIRST2 andx attempt 1 || 2103141 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt 1 || 2103142 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt 1 || 2103143 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB Trans2 FIND_FIRST2 response overflow attempt || cve,2005-0045 || url,www.microsoft.com/technet/security/Bulletin/MS05-011.mspx 1 || 2103144 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB Trans2 FIND_FIRST2 response andx overflow attempt || cve,2005-0045 || url,www.microsoft.com/technet/security/Bulletin/MS05-011.mspx 1 || 2103145 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 response overflow attempt || cve,2005-0045 || url,www.microsoft.com/technet/security/Bulletin/MS05-011.mspx 1 || 2103146 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt || cve,2005-0045 || url,www.microsoft.com/technet/security/Bulletin/MS05-011.mspx 1 || 2103148 || 6 || attempted-user || 0 || GPL ACTIVEX winhelp clsid attempt || bugtraq,4857 || cve,2002-0823 || url,www.ngssoftware.com/advisories/ms-winhlp.txt 1 || 2103149 || 4 || attempted-user || 0 || GPL WEB_CLIENT object type overflow attempt || cve,2003-0344 || url,www.microsoft.com/technet/security/bulletin/MS03-020.mspx 1 || 2103151 || 5 || attempted-recon || 0 || GPL SCAN Finger / execution attempt || cve,1999-0612 || cve,2000-0915 1 || 2103152 || 4 || unsuccessful-user || 0 || GPL SQL sa brute force failed login attempt || bugtraq,4797 || cve,2000-1209 || nessus,10673 1 || 2103153 || 3 || attempted-admin || 0 || GPL DNS TCP inverse query overflow || bugtraq,134 || cve,1999-0009 1 || 2103154 || 3 || attempted-admin || 0 || GPL DNS UDP inverse query overflow || bugtraq,134 || cve,1999-0009 1 || 2103156 || 4 || protocol-command-decode || 0 || GPL NETBIOS DCERPC msqueue bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103157 || 4 || protocol-command-decode || 0 || GPL NETBIOS DCERPC msqueue little endian bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103158 || 6 || attempted-admin || 0 || GPL NETBIOS DCERPC CoGetInstanceFromFile little endian overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103159 || 4 || attempted-admin || 0 || GPL NETBIOS DCERPC CoGetInstanceFromFile overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103160 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103161 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue little endian bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103162 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue unicode bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103163 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue unicode little endian bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103164 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103165 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue little endian andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103166 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue unicode andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103167 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue unicode little endian andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103168 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103169 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue little endian bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103170 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue unicode bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103171 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue unicode little endian bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103172 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103173 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue little endian andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103174 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue unicode andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103175 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue unicode little endian andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103176 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103177 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile little endian overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103178 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103179 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103180 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103181 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile little endian andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103182 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103183 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103184 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103185 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103186 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103187 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103188 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103189 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103190 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103191 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103192 || 6 || attempted-user || 0 || GPL WEB_CLIENT Windows Media Player directory traversal via Content-Disposition attempt || bugtraq,7517 || cve,2003-0228 || url,www.microsoft.com/technet/security/bulletin/MS03-017.mspx 1 || 2103193 || 5 || web-application-attack || 0 || GPL EXPLOIT .cmd executable file parsing attack || bugtraq,1912 || cve,2000-0886 1 || 2103195 || 5 || attempted-admin || 0 || GPL NETBIOS name query overflow attempt TCP || bugtraq,9624 || cve,2003-0825 1 || 2103196 || 3 || attempted-admin || 0 || GPL NETBIOS name query overflow attempt UDP || bugtraq,9624 || cve,2003-0825 1 || 2103197 || 4 || attempted-admin || 0 || GPL NETBIOS DCERPC ISystemActivator path overflow attempt little endian || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103198 || 3 || attempted-admin || 0 || GPL NETBIOS DCERPC ISystemActivator path overflow attempt big endian || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 1 || 2103199 || 5 || attempted-admin || 0 || GPL EXPLOIT WINS name query overflow attempt TCP || bugtraq,9624 || cve,2003-0825 || url,www.microsoft.com/technet/security/bulletin/MS04-006.mspx 1 || 2103200 || 4 || attempted-admin || 0 || GPL NETBIOS WINS name query overflow attempt UDP || bugtraq,9624 || cve,2003-0825 || url,www.microsoft.com/technet/security/bulletin/MS04-006.mspx 1 || 2103202 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg bind attempt 1 || 2103203 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg little endian bind attempt 1 || 2103204 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode bind attempt 1 || 2103205 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode little endian bind attempt 1 || 2103206 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg andx bind attempt 1 || 2103207 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg little endian andx bind attempt 1 || 2103208 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode andx bind attempt 1 || 2103209 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode little endian andx bind attempt 1 || 2103210 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg bind attempt 1 || 2103211 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg little endian bind attempt 1 || 2103212 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode bind attempt 1 || 2103213 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode little endian bind attempt 1 || 2103214 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg andx bind attempt 1 || 2103215 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg little endian andx bind attempt 1 || 2103216 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode andx bind attempt 1 || 2103217 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode little endian andx bind attempt 1 || 2103218 || 5 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey overflow attempt || bugtraq,1331 || cve,2000-0377 || url,www.microsoft.com/technet/security/bulletin/MS00-040.mspx 1 || 2103219 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey little endian overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103220 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey unicode overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103221 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey unicode little endian overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103222 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey andx overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103223 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey little endian andx overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103224 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey unicode andx overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103225 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey unicode little endian andx overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103226 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103227 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey little endian overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103228 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey unicode overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103229 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey unicode little endian overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103230 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey andx overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103231 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey little endian andx overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103232 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey unicode andx overflow attempt || bugtraq,1331 || cve,2000-0377 1 || 2103233 || 5 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey unicode little endian andx overflow attempt || bugtraq,1331 || cve,2000-0377 || url,www.microsoft.com/technet/security/bulletin/MS00-040.mspx 1 || 2103234 || 3 || attempted-admin || 0 || GPL NETBIOS Messenger message little endian overflow attempt || bugtraq,8826 || cve,2003-0717 1 || 2103235 || 3 || attempted-admin || 0 || GPL NETBIOS Messenger message overflow attempt || bugtraq,8826 || cve,2003-0717 1 || 2103236 || 3 || protocol-command-decode || 0 || GPL NETBIOS DCERPC irot bind attempt 1 || 2103237 || 3 || protocol-command-decode || 0 || GPL NETBIOS DCERPC irot little endian bind attempt 1 || 2103238 || 4 || protocol-command-decode || 0 || GPL NETBIOS DCERPC IrotIsRunning attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103239 || 4 || protocol-command-decode || 0 || GPL NETBIOS DCERPC IrotIsRunning little endian attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103240 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot bind attempt 1 || 2103241 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot little endian bind attempt 1 || 2103242 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot unicode bind attempt 1 || 2103243 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot unicode little endian bind attempt 1 || 2103244 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot andx bind attempt 1 || 2103245 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot little endian andx bind attempt 1 || 2103246 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot unicode andx bind attempt 1 || 2103247 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot unicode little endian andx bind attempt 1 || 2103248 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot bind attempt 1 || 2103249 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot little endian bind attempt 1 || 2103250 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot unicode bind attempt 1 || 2103251 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot unicode little endian bind attempt 1 || 2103252 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot andx bind attempt 1 || 2103253 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot little endian andx bind attempt 1 || 2103254 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot unicode andx bind attempt 1 || 2103255 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot unicode little endian andx bind attempt 1 || 2103256 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103257 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning little endian attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103258 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning unicode attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103259 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning unicode little endian attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103260 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103261 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning little endian andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103262 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning unicode andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103263 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning unicode little endian andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103264 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103265 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning little endian attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103266 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning unicode attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103267 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning unicode little endian attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103268 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103269 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning little endian andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103270 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning unicode andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103271 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning unicode little endian andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx 1 || 2103272 || 3 || trojan-activity || 0 || GPL WORM mydoom.a backdoor upload/execute attempt 1 || 2103273 || 4 || unsuccessful-user || 0 || GPL SQL sa brute force failed login unicode attempt || bugtraq,4797 || cve,2000-1209 || nessus,10673 1 || 2103274 || 4 || attempted-admin || 0 || GPL EXPLOIT login buffer non-evasive overflow attempt || bugtraq,3681 || cve,2001-0797 1 || 2103275 || 3 || protocol-command-decode || 0 || GPL NETBIOS DCERPC IActivation bind attempt 1 || 2103276 || 3 || protocol-command-decode || 0 || GPL NETBIOS DCERPC IActivation little endian bind attempt 1 || 2103377 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation bind attempt 1 || 2103378 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation little endian bind attempt 1 || 2103379 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation unicode bind attempt 1 || 2103380 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation unicode little endian bind attempt 1 || 2103381 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation andx bind attempt 1 || 2103382 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation little endian andx bind attempt 1 || 2103383 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation unicode andx bind attempt 1 || 2103384 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation unicode little endian andx bind attempt 1 || 2103385 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation bind attempt 1 || 2103386 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation little endian bind attempt 1 || 2103387 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation unicode bind attempt 1 || 2103388 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation unicode little endian bind attempt 1 || 2103389 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation andx bind attempt 1 || 2103390 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation little endian andx bind attempt 1 || 2103391 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation unicode andx bind attempt 1 || 2103392 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation unicode little endian andx bind attempt 1 || 2103393 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator bind attempt 1 || 2103394 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator little endian bind attempt 1 || 2103395 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator unicode bind attempt 1 || 2103396 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator unicode little endian bind attempt 1 || 2103397 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator andx bind attempt 1 || 2103398 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator little endian andx bind attempt 1 || 2103399 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator unicode andx bind attempt 1 || 2103400 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator unicode little endian andx bind attempt 1 || 2103401 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator bind attempt 1 || 2103402 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator little endian bind attempt 1 || 2103403 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator unicode bind attempt 1 || 2103404 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator unicode little endian bind attempt 1 || 2103405 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator andx bind attempt 1 || 2103406 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator little endian andx bind attempt 1 || 2103407 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator unicode andx bind attempt 1 || 2103408 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator unicode little endian andx bind attempt 1 || 2103409 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation attempt 1 || 2103410 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation little endian attempt 1 || 2103411 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation unicode attempt 1 || 2103412 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation unicode little endian attempt 1 || 2103413 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation andx attempt 1 || 2103414 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation little endian andx attempt 1 || 2103415 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation unicode andx attempt 1 || 2103416 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation unicode little endian andx attempt 1 || 2103417 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation attempt 1 || 2103418 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation little endian attempt 1 || 2103419 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation unicode attempt 1 || 2103420 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation unicode little endian attempt 1 || 2103421 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation andx attempt 1 || 2103422 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation little endian andx attempt 1 || 2103423 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation unicode andx attempt 1 || 2103424 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation unicode little endian andx attempt 1 || 2103425 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile attempt 1 || 2103426 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile little endian attempt 1 || 2103427 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode attempt 1 || 2103428 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian attempt 1 || 2103429 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile andx attempt 1 || 2103430 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile little endian andx attempt 1 || 2103431 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode andx attempt 1 || 2103432 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian andx attempt 1 || 2103433 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile attempt 1 || 2103434 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian attempt 1 || 2103435 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode attempt 1 || 2103436 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian attempt 1 || 2103437 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile andx attempt 1 || 2103438 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian andx attempt 1 || 2103439 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode andx attempt 1 || 2103440 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian andx attempt 1 || 2103441 || 2 || misc-attack || 0 || GPL FTP PORT bounce attempt 1 || 2103453 || 2 || attempted-recon || 0 || GPL EXPLOIT Arkeia client backup system info probe || bugtraq,12594 1 || 2103460 || 3 || attempted-recon || 0 || GPL FTP REST with numeric argument || bugtraq,7825 1 || 2104469 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole eval haha || url,community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.aspx 1 || 2200000 || 1 || NOCLASS || 0 || SURICATA IPv4 packet too small 1 || 2200001 || 1 || NOCLASS || 0 || SURICATA IPv4 header size too small 1 || 2200002 || 1 || NOCLASS || 0 || SURICATA IPv4 total length smaller than header size 1 || 2200003 || 1 || NOCLASS || 0 || SURICATA IPv4 truncated packet 1 || 2200004 || 1 || NOCLASS || 0 || SURICATA IPv4 invalid option 1 || 2200005 || 1 || NOCLASS || 0 || SURICATA IPv4 invalid option length 1 || 2200006 || 1 || NOCLASS || 0 || SURICATA IPv4 malformed option 1 || 2200007 || 1 || NOCLASS || 0 || SURICATA IPv4 padding required 1 || 2200008 || 1 || NOCLASS || 0 || SURICATA IPv4 option end of list required 1 || 2200009 || 1 || NOCLASS || 0 || SURICATA IPv4 duplicated IP option 1 || 2200010 || 1 || NOCLASS || 0 || SURICATA IPv4 unknown IP option 1 || 2200011 || 1 || NOCLASS || 0 || SURICATA IPv4 wrong IP version 1 || 2200012 || 1 || NOCLASS || 0 || SURICATA IPv6 packet too small 1 || 2200013 || 1 || NOCLASS || 0 || SURICATA IPv6 truncated packet 1 || 2200014 || 1 || NOCLASS || 0 || SURICATA IPv6 truncated extension header 1 || 2200015 || 1 || NOCLASS || 0 || SURICATA IPv6 duplicated Fragment extension header 1 || 2200016 || 1 || NOCLASS || 0 || SURICATA IPv6 duplicated Routing extension header 1 || 2200017 || 1 || NOCLASS || 0 || SURICATA IPv6 duplicated Hop-By-Hop Options extension header 1 || 2200018 || 1 || NOCLASS || 0 || SURICATA IPv6 duplicated Destination Options extension header 1 || 2200019 || 1 || NOCLASS || 0 || SURICATA IPv6 duplicated Authentication Header extension header 1 || 2200020 || 1 || NOCLASS || 0 || SURICATA IPv6 duplicate ESP extension header 1 || 2200021 || 1 || NOCLASS || 0 || SURICATA IPv6 invalid option length in header 1 || 2200022 || 1 || NOCLASS || 0 || SURICATA IPv6 wrong IP version 1 || 2200023 || 1 || NOCLASS || 0 || SURICATA ICMPv4 packet too small 1 || 2200024 || 1 || NOCLASS || 0 || SURICATA ICMPv4 unknown type 1 || 2200025 || 1 || NOCLASS || 0 || SURICATA ICMPv4 unknown code 1 || 2200026 || 1 || NOCLASS || 0 || SURICATA ICMPv4 truncated packet 1 || 2200027 || 1 || NOCLASS || 0 || SURICATA ICMPv4 unknown version 1 || 2200028 || 1 || NOCLASS || 0 || SURICATA ICMPv6 packet too small 1 || 2200029 || 1 || NOCLASS || 0 || SURICATA ICMPv6 unknown type 1 || 2200030 || 1 || NOCLASS || 0 || SURICATA ICMPv6 unknown code 1 || 2200031 || 1 || NOCLASS || 0 || SURICATA ICMPv6 truncated packet 1 || 2200032 || 1 || NOCLASS || 0 || SURICATA ICMPv6 unknown version 1 || 2200033 || 1 || NOCLASS || 0 || SURICATA TCP packet too small 1 || 2200034 || 1 || NOCLASS || 0 || SURICATA TCP header length too small 1 || 2200035 || 1 || NOCLASS || 0 || SURICATA TCP invalid option length 1 || 2200036 || 1 || NOCLASS || 0 || SURICATA TCP option invalid length 1 || 2200037 || 1 || NOCLASS || 0 || SURICATA TCP duplicated option 1 || 2200038 || 1 || NOCLASS || 0 || SURICATA UDP packet too small 1 || 2200039 || 1 || NOCLASS || 0 || SURICATA UDP header length too small 1 || 2200040 || 1 || NOCLASS || 0 || SURICATA UDP invalid header length 1 || 2200041 || 1 || NOCLASS || 0 || SURICATA SLL packet too small 1 || 2200042 || 1 || NOCLASS || 0 || SURICATA Ethernet packet too small 1 || 2200043 || 1 || NOCLASS || 0 || SURICATA PPP packet too small 1 || 2200044 || 1 || NOCLASS || 0 || SURICATA PPP VJU packet too small 1 || 2200045 || 1 || NOCLASS || 0 || SURICATA PPP IPv4 packet too small 1 || 2200046 || 1 || NOCLASS || 0 || SURICATA PPP IPv6 too small 1 || 2200047 || 1 || NOCLASS || 0 || SURICATA PPP wrong type 1 || 2200048 || 1 || NOCLASS || 0 || SURICATA PPP unsupported protocol 1 || 2200049 || 1 || NOCLASS || 0 || SURICATA PPPOE packet too small 1 || 2200050 || 1 || NOCLASS || 0 || SURICATA PPPOE wrong code 1 || 2200051 || 1 || NOCLASS || 0 || SURICATA PPPOE malformed tags 1 || 2200052 || 1 || NOCLASS || 0 || SURICATA GRE packet too small 1 || 2200053 || 1 || NOCLASS || 0 || SURICATA GRE wrong version 1 || 2200054 || 1 || NOCLASS || 0 || SURICATA GRE v0 recursion control 1 || 2200055 || 1 || NOCLASS || 0 || SURICATA GRE v0 flags 1 || 2200056 || 1 || NOCLASS || 0 || SURICATA GRE v0 header too big 1 || 2200057 || 1 || NOCLASS || 0 || SURICATA GRE v1 checksum present 1 || 2200058 || 1 || NOCLASS || 0 || SURICATA GRE v1 routing present 1 || 2200059 || 1 || NOCLASS || 0 || SURICATA GRE v1 strict source route 1 || 2200060 || 1 || NOCLASS || 0 || SURICATA GRE v1 recursion control 1 || 2200061 || 1 || NOCLASS || 0 || SURICATA GRE v1 flags 1 || 2200062 || 1 || NOCLASS || 0 || SURICATA GRE v1 no key present 1 || 2200063 || 1 || NOCLASS || 0 || SURICATA GRE v1 wrong protocol 1 || 2200064 || 1 || NOCLASS || 0 || SURICATA GRE v1 malformed Source Route Entry header 1 || 2200065 || 1 || NOCLASS || 0 || SURICATA GRE v1 header too big 1 || 2200066 || 1 || NOCLASS || 0 || SURICATA VLAN header too small 1 || 2200067 || 1 || NOCLASS || 0 || SURICATA VLAN unknown type 1 || 2200068 || 1 || NOCLASS || 0 || SURICATA IP raw invalid IP version 1 || 2200069 || 1 || NOCLASS || 0 || SURICATA FRAG IPv4 Packet size too large 1 || 2200070 || 1 || NOCLASS || 0 || SURICATA FRAG IPv4 Fragmentation overlap 1 || 2200071 || 1 || NOCLASS || 0 || SURICATA FRAG IPv6 Packet size too large 1 || 2200072 || 1 || NOCLASS || 0 || SURICATA FRAG IPv6 Fragmentation overlap 1 || 2200073 || 1 || NOCLASS || 0 || SURICATA IPv4 invalid checksum 1 || 2200074 || 1 || NOCLASS || 0 || SURICATA TCPv4 invalid checksum 1 || 2200075 || 1 || NOCLASS || 0 || SURICATA UDPv4 invalid checksum 1 || 2200076 || 1 || NOCLASS || 0 || SURICATA ICMPv4 invalid checksum 1 || 2200077 || 1 || NOCLASS || 0 || SURICATA TCPv6 invalid checksum 1 || 2200078 || 1 || NOCLASS || 0 || SURICATA UDPv6 invalid checksum 1 || 2200079 || 1 || NOCLASS || 0 || SURICATA ICMPv6 invalid checksum 1 || 2200080 || 1 || NOCLASS || 0 || SURICATA IPv6 useless Fragment extension header 1 || 2200081 || 1 || NOCLASS || 0 || SURICATA IPv6 AH reserved field not 0 1 || 2200082 || 1 || NOCLASS || 0 || SURICATA IPv4-in-IPv6 packet too short 1 || 2200083 || 1 || NOCLASS || 0 || SURICATA IPv4-in-IPv6 invalid protocol 1 || 2200084 || 1 || NOCLASS || 0 || SURICATA IPv6-in-IPv6 packet too short 1 || 2200085 || 1 || NOCLASS || 0 || SURICATA IPv6-in-IPv6 invalid protocol 1 || 2210000 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake with ack in wrong dir 1 || 2210001 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake async wrong sequence 1 || 2210002 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake right seq wrong ack evasion 1 || 2210003 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYNACK in wrong direction 1 || 2210004 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYNACK resend with different ack 1 || 2210005 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYNACK resend with different seq 1 || 2210006 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYNACK to server on SYN recv 1 || 2210007 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYNACK with wrong ack 1 || 2210008 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYN resend different seq on SYN recv 1 || 2210009 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYN to client on SYN recv 1 || 2210010 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake wrong seq wrong ack 1 || 2210011 || 1 || NOCLASS || 0 || SURICATA STREAM 4way handshake SYNACK with wrong ACK 1 || 2210012 || 1 || NOCLASS || 0 || SURICATA STREAM 4way handshake SYNACK with wrong SYN 1 || 2210013 || 1 || NOCLASS || 0 || SURICATA STREAM 4way handshake wrong seq 1 || 2210014 || 1 || NOCLASS || 0 || SURICATA STREAM 4way handshake invalid ack 1 || 2210015 || 1 || NOCLASS || 0 || SURICATA STREAM CLOSEWAIT ACK out of window 1 || 2210016 || 1 || NOCLASS || 0 || SURICATA STREAM CLOSEWAIT FIN out of window 1 || 2210017 || 1 || NOCLASS || 0 || SURICATA STREAM CLOSEWAIT invalid ACK 1 || 2210018 || 1 || NOCLASS || 0 || SURICATA STREAM CLOSING ACK wrong seq 1 || 2210019 || 1 || NOCLASS || 0 || SURICATA STREAM CLOSING invalid ACK 1 || 2210020 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED packet out of window 1 || 2210021 || 2 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED retransmission packet before last ack 1 || 2210022 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYNACK resend 1 || 2210023 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYNACK resend with different ACK 1 || 2210024 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYNACK resend with different seq 1 || 2210025 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYNACK to server 1 || 2210026 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYN resend 1 || 2210027 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYN resend with different seq 1 || 2210028 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYN to client 1 || 2210029 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED invalid ack 1 || 2210030 || 1 || NOCLASS || 0 || SURICATA STREAM FIN invalid ack 1 || 2210031 || 1 || NOCLASS || 0 || SURICATA STREAM FIN1 ack with wrong seq 1 || 2210032 || 1 || NOCLASS || 0 || SURICATA STREAM FIN1 FIN with wrong seq 1 || 2210033 || 1 || NOCLASS || 0 || SURICATA STREAM FIN1 invalid ack 1 || 2210034 || 1 || NOCLASS || 0 || SURICATA STREAM FIN2 ack with wrong seq 1 || 2210035 || 1 || NOCLASS || 0 || SURICATA STREAM FIN2 FIN with wrong seq 1 || 2210036 || 1 || NOCLASS || 0 || SURICATA STREAM FIN2 invalid ack 1 || 2210037 || 1 || NOCLASS || 0 || SURICATA STREAM FIN recv but no session 1 || 2210038 || 1 || NOCLASS || 0 || SURICATA STREAM FIN out of window 1 || 2210039 || 1 || NOCLASS || 0 || SURICATA STREAM Last ACK with wrong seq 1 || 2210040 || 1 || NOCLASS || 0 || SURICATA STREAM Last ACK invalid ACK 1 || 2210041 || 1 || NOCLASS || 0 || SURICATA STREAM RST recv but no session 1 || 2210042 || 1 || NOCLASS || 0 || SURICATA STREAM TIMEWAIT ACK with wrong seq 1 || 2210043 || 1 || NOCLASS || 0 || SURICATA STREAM TIMEWAIT invalid ack 1 || 2210044 || 1 || NOCLASS || 0 || SURICATA STREAM Packet with invalid timestamp 1 || 2210045 || 1 || NOCLASS || 0 || SURICATA STREAM Packet with invalid ack 1 || 2210046 || 1 || NOCLASS || 0 || SURICATA STREAM SHUTDOWN RST invalid ack 1 || 2210047 || 1 || NOCLASS || 0 || SURICATA STREAM reassembly segment before base seq 1 || 2210048 || 1 || NOCLASS || 0 || SURICATA STREAM reassembly sequence GAP -- missing packet(s) 1 || 2210049 || 1 || NOCLASS || 0 || SURICATA STREAM SYN resend 1 || 2220000 || 1 || protocol-command-decode || 0 || SURICATA SMTP invalid reply 1 || 2220001 || 1 || protocol-command-decode || 0 || SURICATA SMTP unable to match reply with request 1 || 2220002 || 1 || protocol-command-decode || 0 || SURICATA SMTP max command line len exceeded 1 || 2220003 || 1 || protocol-command-decode || 0 || SURICATA SMTP max reply line len exceeded 1 || 2220004 || 1 || protocol-command-decode || 0 || SURICATA SMTP invalid pipelined sequence 1 || 2220005 || 1 || protocol-command-decode || 0 || SURICATA SMTP bdat chunk len exceeded 1 || 2220006 || 1 || protocol-command-decode || 0 || SURICATA SMTP no server welcome message 1 || 2220007 || 1 || protocol-command-decode || 0 || SURICATA SMTP tls rejected 1 || 2220008 || 1 || protocol-command-decode || 0 || SURICATA SMTP data command rejected 1 || 2221000 || 1 || protocol-command-decode || 0 || SURICATA HTTP unknown error 1 || 2221001 || 1 || protocol-command-decode || 0 || SURICATA HTTP gzip decompression failed 1 || 2221002 || 1 || protocol-command-decode || 0 || SURICATA HTTP request field missing colon 1 || 2221003 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid request chunk len 1 || 2221004 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid response chunk len 1 || 2221005 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid transfer encoding value in request 1 || 2221006 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid transfer encoding value in response 1 || 2221007 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid content length field in request 1 || 2221008 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid content length field in response 1 || 2221009 || 1 || protocol-command-decode || 0 || SURICATA HTTP status 100-Continue already seen 1 || 2221010 || 1 || protocol-command-decode || 0 || SURICATA HTTP unable to match response to request 1 || 2221011 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid server port in request 1 || 2221012 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid authority port 1 || 2221013 || 1 || protocol-command-decode || 0 || SURICATA HTTP request header invalid 1 || 2221014 || 1 || protocol-command-decode || 0 || SURICATA HTTP missing Host header 1 || 2221015 || 1 || protocol-command-decode || 0 || SURICATA HTTP Host header ambiguous 1 || 2221016 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid request field folding 1 || 2221017 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid response field folding 1 || 2221018 || 1 || protocol-command-decode || 0 || SURICATA HTTP request field too long 1 || 2221019 || 1 || protocol-command-decode || 0 || SURICATA HTTP response field too long 1 || 2221020 || 1 || protocol-command-decode || 0 || SURICATA HTTP response field missing colon 1 || 2221021 || 1 || protocol-command-decode || 0 || SURICATA HTTP response header invalid 1 || 2221022 || 1 || protocol-command-decode || 0 || SURICATA HTTP multipart generic error 1 || 2221023 || 1 || protocol-command-decode || 0 || SURICATA HTTP multipart no filedata 1 || 2221024 || 1 || protocol-command-decode || 0 || SURICATA HTTP multipart invalid header 1 || 2221026 || 1 || protocol-command-decode || 0 || SURICATA HTTP request server port doesn't match TCP port 1 || 2230000 || 1 || protocol-command-decode || 0 || SURICATA TLS invalid SSLv2 header 1 || 2230001 || 1 || protocol-command-decode || 0 || SURICATA TLS invalid TLS header 1 || 2230002 || 1 || protocol-command-decode || 0 || SURICATA TLS invalid record type 1 || 2230003 || 1 || protocol-command-decode || 0 || SURICATA TLS invalid handshake message 1 || 2230004 || 1 || protocol-command-decode || 0 || SURICATA TLS invalid certificate 1 || 2230005 || 1 || protocol-command-decode || 0 || SURICATA TLS certificate missing element 1 || 2230006 || 1 || protocol-command-decode || 0 || SURICATA TLS certificate unknown element 1 || 2230007 || 1 || protocol-command-decode || 0 || SURICATA TLS certificate invalid length 1 || 2230008 || 1 || protocol-command-decode || 0 || SURICATA TLS certificate invalid string 1 || 2230009 || 1 || protocol-command-decode || 0 || SURICATA TLS error message encountered 1 || 2400000 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 1 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400001 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 2 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400002 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 3 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400003 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 4 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400004 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 5 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400005 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 6 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400006 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 7 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400007 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 8 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400008 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 9 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400009 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 10 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400010 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 11 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400011 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 12 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400012 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 13 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400013 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 14 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400014 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 15 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400015 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 16 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400016 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 17 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400017 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 18 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400018 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 19 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400019 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 20 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400020 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 21 || url,www.spamhaus.org/drop/drop.lasso 1 || 2400021 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 22 || url,www.spamhaus.org/drop/drop.lasso 1 || 2402000 || 3237 || misc-attack || 0 || ET DROP Dshield Block Listed Source group 1 || url,feed.dshield.org/block.txt 1 || 2403300 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 1 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403301 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 2 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403302 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 3 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403303 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 4 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403304 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 5 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403305 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 6 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403306 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 7 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403307 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 8 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403308 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 9 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403309 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 10 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403310 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 11 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403311 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 12 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403312 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 13 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403313 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 14 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403314 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 15 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403315 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 16 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403316 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 17 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403317 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 18 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403318 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 19 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403319 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 20 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403320 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 21 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403321 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 22 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403322 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 23 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403323 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 24 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403324 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 25 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403325 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 26 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403326 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 27 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403327 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 28 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2403328 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 29 || url,www.cinsscore.com || url,www.networkcloaking.com/cins 1 || 2404000 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404001 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 2 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404002 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 3 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404003 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 4 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404004 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 5 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404005 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 6 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404006 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 7 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404007 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 8 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404008 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 9 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404009 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 10 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404010 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 11 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404011 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 12 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404012 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 13 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404013 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 14 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404014 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 15 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404015 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 16 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404016 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 17 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404017 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 18 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404018 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 19 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404019 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 20 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404020 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 21 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404021 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 22 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404022 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 23 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404023 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 24 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404024 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 25 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404025 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 26 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404026 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 27 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404027 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 28 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404028 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 29 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404029 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 30 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404030 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 31 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404031 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 32 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404032 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 33 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404033 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 34 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404034 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 35 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404035 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 36 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404036 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 37 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404037 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 38 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404038 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 39 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404039 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 40 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404040 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 41 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404041 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 42 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404042 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 43 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404043 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 44 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404044 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 45 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404045 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 46 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404046 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 47 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404047 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 48 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404048 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 49 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404049 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server group 50 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2404100 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404101 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 2 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404102 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 3 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404103 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 4 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404104 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 5 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404105 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 6 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404106 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 7 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404107 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 8 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404108 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 9 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404109 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 10 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404110 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 11 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404111 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 12 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404112 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 13 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404113 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 14 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404114 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 15 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404115 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 16 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404116 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 17 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404117 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 18 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404118 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 19 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404119 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 20 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404120 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 21 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404121 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 22 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404122 || 3351 || trojan-activity || 0 || ET CNC Zeus/Spyeye/Palevo Tracker Reported CnC Server group 23 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch 1 || 2404150 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404151 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 2 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404152 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 3 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404153 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 4 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404154 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 5 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404155 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 6 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404156 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 7 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404157 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 8 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404158 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 9 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404159 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 10 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404160 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 11 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404161 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 12 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404162 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 13 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404163 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 14 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404164 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 15 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404165 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 16 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404166 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 17 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404167 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 18 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404168 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 19 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404169 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 20 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404170 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 21 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404171 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 22 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404172 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 23 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch 1 || 2404200 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2404201 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 2 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2404202 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 3 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2404203 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 4 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2404204 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 5 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2404205 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 6 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2404206 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 7 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2404207 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 8 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2404208 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 9 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2404209 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 10 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2404210 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 11 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2404211 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 12 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2404212 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 13 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch 1 || 2405000 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 22 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405001 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 80 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405002 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 81 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405003 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 82 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405004 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 443 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405005 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 1023 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405006 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 1111 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405007 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405008 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 1863 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405009 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 1887 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405010 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 2211 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405011 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 2222 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405012 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405013 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 2525 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405014 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 3211 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405015 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 3305 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405016 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 3333 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405017 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 3463 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405018 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 3921 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405019 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4040 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405020 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405021 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4080 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405022 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4156 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405023 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4242 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405024 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405025 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4367 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405026 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4619 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405027 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4949 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405028 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 5050 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405029 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 5456 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405030 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 5612 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405031 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 5874 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405032 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 5900 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405033 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 5966 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405034 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6104 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405035 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6138 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405036 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6281 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405037 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405038 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405039 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6661 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405040 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405041 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405042 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405043 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405044 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405045 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405046 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405047 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405048 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405049 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405050 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405051 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405052 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405053 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405054 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 11 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405055 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 12 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405056 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 13 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405057 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405058 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405059 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6678 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405060 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6680 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405061 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6697 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405062 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405063 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6867 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405064 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6900 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405065 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6967 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405066 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6969 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405067 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405068 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7000 Group 2 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405069 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405070 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7106 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405071 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7486 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405072 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7500 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405073 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7649 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405074 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7771 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405075 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7999 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405076 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8002 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405077 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8070 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405078 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405079 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8484 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405080 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405081 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8685 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405082 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8754 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405083 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8782 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405084 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405085 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 9425 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405086 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 9595 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405087 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 9731 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405088 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 9999 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405089 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405090 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405091 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405092 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 17405 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405093 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405094 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 20560 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405095 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 23232 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405096 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 23765 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405097 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405098 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 34345 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405099 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 37894 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405100 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 38294 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405101 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 54321 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405102 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 58914 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2405103 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 61521 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org 1 || 2406000 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 1 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406002 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 2 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406004 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 3 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406006 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 4 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406008 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 5 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406010 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 6 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406012 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 7 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406014 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 8 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406016 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 9 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406018 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 10 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406020 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 11 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406022 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 12 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406024 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 13 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406026 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 14 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406028 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 15 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406030 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 16 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406032 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 17 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406034 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 18 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406036 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 19 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406038 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 20 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406040 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 21 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406042 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 22 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406044 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 23 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406046 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 24 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406048 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 25 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406050 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 26 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406052 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 27 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406054 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 28 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406056 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 29 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406058 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 30 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406060 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 31 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406062 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 32 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406064 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 33 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406066 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 34 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406068 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 35 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406070 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 36 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406072 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 37 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406074 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 38 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406076 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 39 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406078 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 40 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406080 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 41 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406082 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 42 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406084 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 43 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406086 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 44 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406088 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 45 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406090 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 46 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406092 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 47 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406094 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 48 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406096 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 49 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406098 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 50 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406100 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 51 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406102 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 52 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406104 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 53 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406106 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 54 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406108 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 55 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406110 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 56 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406112 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 57 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406114 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 58 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406116 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 59 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406118 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 60 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406120 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 61 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406122 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 62 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406124 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 63 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406126 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 64 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406128 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 65 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406130 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 66 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406132 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 67 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406134 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 68 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406136 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 69 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406138 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 70 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406140 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 71 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406142 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 72 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406144 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 73 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406146 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 74 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406148 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 75 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406150 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 76 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406152 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 77 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406154 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 78 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406156 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 79 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406158 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 80 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406160 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 81 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406162 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 82 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406164 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 83 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406166 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 84 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406168 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 85 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406170 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 86 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406172 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 87 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406174 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 88 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406176 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 89 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406178 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 90 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406180 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 91 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406182 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 92 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406184 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 93 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406186 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 94 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406188 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 95 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406190 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 96 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406192 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 97 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406194 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 98 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406196 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 99 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406198 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 100 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406200 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 101 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406202 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 102 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406204 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 103 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406206 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 104 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406208 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 105 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406210 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 106 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406212 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 107 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406214 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 108 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406216 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 109 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406218 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 110 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406220 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 111 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406222 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 112 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406224 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 113 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406226 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 114 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406228 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 115 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406230 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 116 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406232 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 117 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406234 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 118 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406236 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 119 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406238 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 120 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406240 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 121 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406242 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 122 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406244 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 123 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406246 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 124 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406248 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 125 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406250 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 126 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406252 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 127 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406254 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 128 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406256 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 129 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406258 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 130 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406260 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 131 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406262 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 132 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406264 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 133 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406266 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 134 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406268 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 135 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406270 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 136 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406272 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 137 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406274 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 138 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406276 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 139 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406278 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 140 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406280 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 141 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406282 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 142 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406284 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 143 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406286 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 144 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406288 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 145 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406290 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 146 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406292 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 147 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406294 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 148 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406296 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 149 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406298 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 150 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406300 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 151 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406302 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 152 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406304 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 153 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406306 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 154 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406308 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 155 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406310 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 156 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406312 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 157 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406314 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 158 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406316 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 159 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406318 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 160 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406320 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 161 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406322 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 162 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406324 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 163 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406326 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 164 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406328 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 165 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406330 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 166 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406332 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 167 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406334 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 168 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406336 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 169 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406338 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 170 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406340 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 171 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406342 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 172 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406344 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 173 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406346 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 174 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406348 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 175 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406350 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 176 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406352 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 177 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406354 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 178 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406356 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 179 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406358 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 180 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406360 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 181 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406362 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 182 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406364 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 183 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406366 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 184 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406368 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 185 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406370 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 186 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406372 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 187 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406374 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 188 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406376 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 189 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406378 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 190 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406380 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 191 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406382 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 192 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406384 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 193 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406386 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 194 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406388 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 195 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406390 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 196 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406392 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 197 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406394 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 198 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406396 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 199 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406398 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 200 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406400 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 201 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406402 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 202 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406404 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 203 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406406 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 204 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406408 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 205 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406410 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 206 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406412 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 207 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406414 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 208 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406416 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 209 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406418 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 210 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406420 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 211 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406422 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 212 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406424 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 213 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406426 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 214 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406428 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 215 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406430 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 216 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406432 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 217 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406434 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 218 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406436 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 219 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406438 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 220 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406440 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 221 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406442 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 222 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406444 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 223 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406446 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 224 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406448 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 225 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406450 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 226 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406452 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 227 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406454 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 228 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406456 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 229 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406458 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 230 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406460 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 231 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406462 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 232 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406464 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 233 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406466 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 234 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406468 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 235 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406470 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 236 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406472 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 237 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406474 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 238 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406476 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 239 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406478 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 240 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406480 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 241 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406482 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 242 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406484 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 243 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406486 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 244 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406488 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 245 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406490 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 246 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406492 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 247 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406494 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 248 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406496 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 249 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406498 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 250 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406500 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 251 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406502 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 252 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406504 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 253 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406506 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 254 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406508 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 255 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406510 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 256 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406512 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 257 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406514 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 258 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406516 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 259 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406518 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 260 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406520 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 261 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406522 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 262 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406524 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 263 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406526 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 264 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406528 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 265 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406530 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 266 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406532 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 267 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406534 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 268 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406536 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 269 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406538 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 270 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406540 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 271 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406542 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 272 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406544 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 273 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406546 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 274 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406548 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 275 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406550 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 276 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406552 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 277 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406554 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 278 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406556 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 279 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406558 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 280 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406560 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 281 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406562 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 282 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406564 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 283 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406566 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 284 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406568 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 285 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406570 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 286 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406572 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 287 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406574 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 288 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406576 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 289 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406578 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 290 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406580 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 291 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406582 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 292 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406584 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 293 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406586 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 294 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406588 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 295 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406590 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 296 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406592 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 297 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406594 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 298 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406596 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 299 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406598 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 300 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406600 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 301 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406602 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 302 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406604 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 303 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406606 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 304 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406608 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 305 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406610 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 306 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406612 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 307 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406614 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 308 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406616 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 309 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406618 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 310 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406620 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 311 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406622 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 312 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406624 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 313 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406626 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 314 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406628 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 315 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406630 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 316 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406632 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 317 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406634 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 318 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406636 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 319 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406638 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 320 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406640 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 321 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406642 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 322 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406644 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 323 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406646 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 324 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406648 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 325 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406650 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 326 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406652 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 327 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406654 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 328 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406656 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 329 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406658 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 330 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406660 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 331 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406662 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 332 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406664 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 333 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406666 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 334 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406668 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 335 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406670 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 336 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406672 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 337 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406674 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 338 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406676 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 339 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406678 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 340 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406680 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 341 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406682 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 342 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406684 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 343 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406686 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 344 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406688 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 345 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406690 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 346 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406692 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 347 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406694 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 348 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406696 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 349 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406698 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 350 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406700 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 351 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406702 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 352 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406704 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 353 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406706 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 354 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406708 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 355 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406710 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 356 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406712 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 357 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406714 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 358 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406716 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 359 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406718 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 360 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406720 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 361 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406722 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 362 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406724 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 363 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406726 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 364 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406728 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 365 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406730 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 366 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406732 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 367 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406734 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 368 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406736 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 369 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406738 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 370 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406740 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 371 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406742 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 372 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406744 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 373 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406746 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 374 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406748 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 375 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406750 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 376 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406752 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 377 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406754 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 378 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406756 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 379 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406758 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 380 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406760 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 381 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406762 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 382 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406764 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 383 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406766 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 384 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406768 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 385 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406770 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 386 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406772 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 387 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406774 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 388 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406776 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 389 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406778 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 390 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406780 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 391 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406782 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 392 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406784 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 393 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406786 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 394 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406788 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 395 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406790 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 396 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406792 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 397 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406794 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 398 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406796 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 399 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406798 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 400 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406800 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 401 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406802 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 402 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406804 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 403 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406806 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 404 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406808 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 405 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406810 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 406 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406812 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 407 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406814 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 408 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406816 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 409 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406818 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 410 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406820 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 411 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406822 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 412 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406824 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 413 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406826 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 414 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406828 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 415 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406830 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 416 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406832 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 417 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406834 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 418 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406836 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 419 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406838 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 420 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406840 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 421 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406842 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 422 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406844 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 423 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406846 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 424 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406848 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 425 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406850 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 426 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406852 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 427 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406854 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 428 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406856 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 429 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406858 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 430 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406860 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 431 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406862 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 432 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406864 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 433 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406866 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 434 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406868 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 435 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406870 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 436 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2406872 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 437 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408000 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 1 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408002 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 2 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408004 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 3 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408006 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 4 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408008 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 5 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408010 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 6 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408012 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 7 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408014 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 8 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408016 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 9 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408018 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 10 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408020 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 11 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408022 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 12 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408024 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 13 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408026 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 14 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408028 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 15 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408030 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 16 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408032 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 17 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408034 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 18 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408036 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 19 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408038 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 20 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408040 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 21 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408042 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 22 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408044 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 23 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408046 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 24 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408048 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 25 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408050 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 26 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408052 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 27 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408054 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 28 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408056 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 29 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408058 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 30 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408060 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 31 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408062 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 32 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408064 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 33 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2408066 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 34 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork 1 || 2500000 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 1 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500002 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 2 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500004 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 3 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500006 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 4 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500008 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 5 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500010 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 6 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500012 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 7 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500014 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 8 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500016 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 9 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500018 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 10 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500020 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 11 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500022 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 12 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500024 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 13 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500026 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 14 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500028 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 15 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500030 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 16 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500032 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 17 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500034 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500036 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 19 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500038 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 20 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500040 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 21 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500042 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 22 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500044 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 23 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500046 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 24 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500048 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 25 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500050 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 26 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500052 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 27 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500054 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 28 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500056 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 29 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500058 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 30 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500060 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 31 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500062 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 32 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500064 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 33 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500066 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 34 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500068 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 35 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500070 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 36 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500072 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 37 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500074 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 38 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500076 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 39 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500078 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 40 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500080 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 41 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500082 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 42 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500084 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 43 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500086 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 44 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500088 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 45 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500090 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 46 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500092 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 47 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500094 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 48 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500096 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 49 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500098 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 50 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500100 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 51 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500102 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 52 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2500104 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 53 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 1 || 2520000 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 1 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520002 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 2 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520004 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 3 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520006 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 4 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520008 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 5 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520010 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 6 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520012 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 7 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520014 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 8 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520016 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 9 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520018 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 10 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520020 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 11 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520022 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 12 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520024 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 13 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520026 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 14 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520028 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 15 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520030 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 16 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520032 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 17 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520034 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 18 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520036 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 19 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520038 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 20 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520040 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 21 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520042 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 22 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520044 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 23 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520046 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 24 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520048 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 25 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520050 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 26 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520052 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 27 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520054 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 28 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520056 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 29 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520058 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 30 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520060 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 31 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520062 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 32 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520064 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 33 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520066 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 34 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520068 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 35 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520070 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 36 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520072 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 37 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520074 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 38 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520076 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 39 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520078 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 40 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520080 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 41 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520082 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 42 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520084 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 43 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520086 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 44 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520088 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 45 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520090 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 46 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520092 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 47 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520094 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 48 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520096 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 49 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520098 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 50 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520100 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 51 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520102 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 52 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520104 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 53 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520106 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 54 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520108 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 55 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520110 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 56 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520112 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 57 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520114 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 58 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520116 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 59 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520118 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 60 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520120 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 61 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520122 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 62 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520124 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 63 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520126 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 64 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520128 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 65 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520130 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 66 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520132 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 67 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520134 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 68 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520136 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 69 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520138 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 70 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520140 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 71 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520142 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 72 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520144 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 73 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520146 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 74 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520148 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 75 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520150 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 76 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520152 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 77 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520154 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 78 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520156 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 79 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520158 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 80 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520160 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 81 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520162 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 82 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520164 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 83 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520166 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 84 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520168 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 85 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520170 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 86 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520172 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 87 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520174 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 88 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520176 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 89 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520178 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 90 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520180 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 91 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520182 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 92 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520184 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 93 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520186 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 94 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520188 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 95 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2520190 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 96 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522000 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 1 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522002 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 2 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522004 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 3 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522006 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 4 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522008 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 5 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522010 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 6 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522012 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 7 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522014 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 8 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522016 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 9 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522018 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 10 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522020 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 11 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522022 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 12 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522024 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 13 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522026 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 14 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522028 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 15 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522030 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 16 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522032 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 17 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522034 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 18 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522036 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 19 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522038 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 20 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522040 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 21 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522042 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 22 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522044 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 23 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522046 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 24 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522048 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 25 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522050 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 26 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522052 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 27 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522054 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 28 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522056 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 29 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522058 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 30 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522060 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 31 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522062 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 32 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522064 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 33 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522066 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 34 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522068 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 35 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522070 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 36 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522072 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 37 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522074 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 38 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522076 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 39 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522078 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 40 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522080 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 41 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522082 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 42 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522084 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 43 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522086 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 44 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522088 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 45 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522090 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 46 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522092 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 47 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522094 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 48 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522096 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 49 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522098 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 50 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522100 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 51 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522102 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 52 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522104 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 53 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522106 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 54 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522108 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 55 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522110 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 56 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522112 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 57 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522114 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 58 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522116 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 59 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522118 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 60 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522120 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 61 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522122 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 62 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522124 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 63 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522126 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 64 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522128 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 65 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522130 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 66 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522132 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 67 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522134 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 68 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522136 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 69 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522138 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 70 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522140 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 71 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522142 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 72 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522144 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 73 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522146 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 74 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522148 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 75 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522150 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 76 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522152 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 77 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522154 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 78 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522156 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 79 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522158 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 80 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522160 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 81 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522162 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 82 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522164 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 83 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522166 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 84 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522168 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 85 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522170 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 86 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522172 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 87 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522174 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 88 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522176 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 89 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522178 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 90 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522180 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 91 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522182 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 92 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522184 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 93 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522186 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 94 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522188 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 95 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522190 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 96 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522192 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 97 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522194 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 98 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522196 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 99 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522198 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 100 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522200 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 101 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522202 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 102 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522204 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 103 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522206 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 104 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522208 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 105 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522210 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 106 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522212 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 107 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522214 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 108 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522216 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 109 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522218 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 110 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522220 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 111 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522222 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 112 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522224 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 113 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522226 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 114 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522228 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 115 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522230 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 116 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522232 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 117 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522234 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 118 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522236 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 119 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522238 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 120 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522240 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 121 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522242 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 122 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522244 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 123 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522246 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 124 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522248 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 125 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522250 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 126 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522252 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 127 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522254 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 128 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522256 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 129 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522258 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 130 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522260 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 131 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522262 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 132 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522264 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 133 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522266 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 134 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522268 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 135 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522270 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 136 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522272 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 137 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522274 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 138 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522276 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 139 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522278 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 140 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522280 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 141 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522282 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 142 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522284 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 143 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522286 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 144 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522288 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 145 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522290 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 146 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522292 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 147 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522294 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 148 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522296 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 149 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522298 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 150 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522300 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 151 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522302 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 152 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522304 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 153 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522306 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 154 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522308 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 155 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522310 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 156 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522312 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 157 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522314 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 158 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522316 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 159 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522318 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 160 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522320 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 161 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522322 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 162 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522324 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 163 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522326 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 164 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522328 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 165 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522330 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 166 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522332 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 167 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522334 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 168 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522336 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 169 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522338 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 170 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522340 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 171 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522342 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 172 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522344 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 173 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522346 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 174 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522348 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 175 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522350 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 176 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522352 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 177 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522354 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 178 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522356 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 179 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522358 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 180 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522360 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 181 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522362 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 182 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522364 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 183 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522366 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 184 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522368 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 185 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522370 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 186 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522372 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 187 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522374 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 188 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522376 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 189 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522378 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 190 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522380 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 191 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522382 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 192 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522384 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 193 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522386 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 194 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522388 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 195 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522390 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 196 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522392 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 197 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522394 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 198 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522396 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 199 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522398 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 200 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522400 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 201 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522402 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 202 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522404 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 203 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522406 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 204 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522408 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 205 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522410 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 206 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522412 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 207 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522414 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 208 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522416 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 209 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522418 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 210 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522420 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 211 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522422 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 212 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522424 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 213 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522426 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 214 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522428 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 215 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522430 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 216 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522432 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 217 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522434 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 218 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522436 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 219 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522438 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 220 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522440 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 221 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522442 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 222 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522444 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 223 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522446 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 224 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522448 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 225 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522450 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 226 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522452 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 227 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522454 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 228 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522456 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 229 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522458 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 230 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522460 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 231 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522462 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 232 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522464 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 233 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522466 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 234 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522468 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 235 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522470 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 236 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522472 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 237 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522474 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 238 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522476 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 239 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522478 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 240 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522480 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 241 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522482 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 242 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522484 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 243 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522486 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 244 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522488 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 245 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522490 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 246 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522492 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 247 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522494 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 248 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522496 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 249 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522498 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 250 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522500 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 251 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522502 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 252 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522504 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 253 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522506 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 254 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522508 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 255 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522510 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 256 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522512 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 257 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522514 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 258 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522516 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 259 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522518 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 260 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522520 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 261 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522522 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 262 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522524 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 263 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522526 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 264 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522528 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 265 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522530 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 266 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522532 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 267 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522534 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 268 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522536 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 269 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522538 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 270 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522540 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 271 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522542 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 272 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522544 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 273 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522546 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 274 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522548 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 275 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522550 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 276 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522552 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 277 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522554 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 278 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522556 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 279 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522558 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 280 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522560 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 281 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522562 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 282 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522564 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 283 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522566 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 284 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522568 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 285 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522570 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 286 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522572 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 287 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522574 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 288 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522576 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 289 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522578 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 290 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522580 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 291 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522582 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 292 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522584 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 293 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522586 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 294 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522588 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 295 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522590 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 296 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522592 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 297 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522594 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 298 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522596 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 299 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522598 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 300 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522600 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 301 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522602 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 302 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522604 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 303 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522606 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 304 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522608 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 305 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522610 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 306 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522612 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 307 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522614 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 308 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522616 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 309 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522618 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 310 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522620 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 311 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522622 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 312 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522624 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 313 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522626 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 314 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522628 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 315 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522630 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 316 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522632 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 317 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522634 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 318 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522636 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 319 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522638 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 320 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522640 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 321 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522642 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 322 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522644 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 323 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522646 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 324 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522648 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 325 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522650 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 326 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522652 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 327 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522654 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 328 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522656 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 329 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522658 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 330 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522660 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 331 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522662 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 332 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522664 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 333 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522666 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 334 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522668 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 335 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522670 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 336 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522672 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 337 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522674 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 338 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522676 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 339 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522678 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 340 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522680 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 341 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522682 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 342 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522684 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 343 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522686 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 344 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522688 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 345 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522690 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 346 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522692 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 347 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522694 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 348 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522696 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 349 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522698 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 350 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522700 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 351 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522702 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 352 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522704 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 353 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522706 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 354 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522708 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 355 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522710 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 356 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522712 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 357 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522714 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 358 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522716 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 359 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522718 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 360 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522720 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 361 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522722 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 362 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522724 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 363 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522726 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 364 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522728 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 365 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522730 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 366 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522732 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 367 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522734 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 368 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522736 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 369 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522738 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 370 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522740 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 371 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522742 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 372 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522744 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 373 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522746 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 374 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522748 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 375 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522750 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 376 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522752 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 377 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522754 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 378 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522756 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 379 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522758 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 380 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522760 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 381 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522762 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 382 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522764 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 383 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522766 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 384 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522768 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 385 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522770 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 386 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522772 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 387 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522774 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 388 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522776 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 389 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522778 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 390 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522780 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 391 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522782 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 392 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522784 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 393 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522786 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 394 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522788 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 395 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522790 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 396 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522792 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 397 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522794 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 398 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522796 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 399 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522798 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 400 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522800 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 401 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522802 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 402 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522804 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 403 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522806 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 404 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522808 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 405 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522810 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 406 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522812 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 407 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522814 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 408 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522816 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 409 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522818 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 410 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522820 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 411 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522822 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 412 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522824 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 413 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522826 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 414 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522828 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 415 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522830 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 416 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522832 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 417 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522834 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 418 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522836 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 419 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522838 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 420 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522840 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 421 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522842 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 422 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522844 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 423 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522846 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 424 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522848 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 425 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522850 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 426 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522852 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 427 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522854 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 428 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522856 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 429 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522858 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 430 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522860 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 431 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522862 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 432 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522864 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 433 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522866 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 434 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522868 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 435 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522870 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 436 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522872 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 437 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522874 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 438 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522876 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 439 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522878 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 440 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522880 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 441 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522882 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 442 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522884 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 443 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522886 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 444 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522888 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 445 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522890 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 446 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522892 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 447 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522894 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 448 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522896 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 449 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522898 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 450 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522900 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 451 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522902 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 452 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522904 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 453 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522906 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 454 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522908 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 455 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522910 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 456 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522912 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 457 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522914 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 458 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522916 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 459 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522918 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 460 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522920 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 461 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522922 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 462 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522924 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 463 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522926 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 464 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522928 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 465 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522930 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 466 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522932 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 467 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522934 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 468 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522936 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 469 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522938 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 470 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522940 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 471 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522942 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 472 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522944 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 473 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522946 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 474 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522948 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 475 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522950 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 476 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522952 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 477 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522954 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 478 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522956 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 479 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522958 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 480 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522960 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 481 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522962 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 482 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522964 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 483 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522966 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 484 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522968 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 485 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522970 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 486 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522972 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 487 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522974 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 488 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522976 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 489 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522978 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 490 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522980 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 491 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522982 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 492 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522984 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 493 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522986 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 494 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522988 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 495 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522990 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 496 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522992 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 497 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522994 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 498 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522996 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 499 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2522998 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 500 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 2523000 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 501 || url,doc.emergingthreats.net/bin/view/Main/TorRules 1 || 100000102 || 2 || attempted-dos || 0 || GPL GAMES Halocon Denial of Service Empty UDP Packet || bugtraq,12281 1 || 100000103 || 2 || attempted-dos || 0 || GPL GAMES Breed Game Server Denial of Service Empty UDP Packet || bugtraq,12262 1 || 100000104 || 2 || attempted-dos || 0 || GPL GAMES Amp II 3D Game Server Denial of Service Empty UDP Packet || bugtraq,12192 1 || 100000119 || 3 || attempted-admin || 0 || GPL WEB_CLIENT Internet Explorer URLMON.DLL Content-Encoding Overflow Attempt || bugtraq,7419 || cve,2003-0113 || url,www.microsoft.com/technet/security/bulletin/MS03-015.mspx 1 || 100000136 || 3 || misc-attack || 0 || GPL DELETED GNU imapd search format string attempt || url,www.osvdb.org/displayvuln.php?osvdb_id=19306 || cve,2005-2878 1 || 100000139 || 3 || web-application-activity || 0 || GPL WEB_SERVER WEB-IIS Remote IIS Server Name spoof attempt loopback IP || cve,2005-2678 1 || 100000149 || 1 || attempted-recon || 0 || GPL EXPLOIT WEB-MISC Jboss % attempt || bugtraq,13985 || cve,2005-2006 || url,www.osvdb.org/displayvuln.php?osvdb_id=17403 1 || 100000152 || 3 || protocol-command-decode || 0 || GPL DELETED MDaemon authentication protocol decode 1 || 100000153 || 4 || attempted-admin || 0 || GPL IMAP MDaemon authentication multiple packet overflow attempt || bugtraq,14317 1 || 100000155 || 3 || attempted-admin || 0 || GPL DELETED MDaemon authentication overflow single packet attempt || bugtraq,14317 1 || 100000158 || 2 || attempted-dos || 0 || GPL VOIP SIP INVITE message flooding 1 || 100000162 || 2 || attempted-dos || 0 || GPL VOIP SIP 401 Unauthorized Flood 1 || 100000163 || 2 || attempted-dos || 0 || GPL VOIP SIP 407 Proxy Authentication Required Flood 1 || 100000166 || 1 || attempted-user || 0 || GPL SQL ORACLE TNS Listener shutdown via iSQLPlus attempt || bugtraq,15032 || url,www.red-database-security.com/advisory/oracle_isqlplus_shutdown.html 1 || 100000167 || 1 || misc-attack || 0 || GPL SMTP SMTP Hydra Activity Detected || url,www.thc.org/releases.php 1 || 100000172 || 4 || attempted-admin || 0 || GPL MISC NNTP Lynx overflow attempt || cve,2005-3120 || bugtraq,15117 || url,www.osvdb.org/displayvuln.php?osvdb_id=20019 || nessus,20035 1 || 100000176 || 1 || attempted-dos || 0 || GPL EXPLOIT EXPLOIT HPUX LPD overflow attempt || cve,2005-3277 || bugtraq,15136 1 || 100000177 || 6 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Linksys apply.cgi overflow attempt || bugtraq,14822 || cve,2005-2799 || nessus,20096 || url,www.osvdb.org/displayvuln.php?osvdb_id=19389 1 || 100000180 || 1 || attempted-dos || 0 || GPL EXPLOIT EXPLOIT SIP UDP spoof attempt || bugtraq,14174 || cve,2005-2182 || url,www.osvdb.org/displayvuln.php?osvdb_id=17838 1 || 100000181 || 2 || attempted-dos || 0 || GPL GAMES FlatFrag game dos exploit || bugtraq,15287 || cve,2005-3492 1 || 100000183 || 3 || web-application-activity || 0 || GPL WEB_SPECIFIC_APPS SAP WAS syscmd access || url,www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf 1 || 100000184 || 2 || misc-activity || 0 || GPL EXPLOIT WEB-MISC JBoss JMXInvokerServlet access || url,online.securityfocus.com/archive/1/415707 1 || 100000186 || 3 || successful-recon-limited || 0 || GPL WEB_SERVER WEB-PHP phpinfo access || bugtraq,5789 || cve,2002-1149 || url,www.osvdb.org/displayvuln.php?osvdb_id=3356 1 || 100000196 || 3 || misc-attack || 0 || GPL DELETED Qualcomm WorldMail SELECT dot dot attempt || cve,2005-3189 || bugtraq,15488 1 || 100000197 || 3 || misc-activity || 0 || GPL ICMP undefined code 1 || 100000207 || 3 || misc-attack || 0 || GPL IMAP GNU Mailutils imap4d hex attempt || cve,2005-2878 || bugtraq,14794 || nessus,19605 || url,www.osvdb.org/displayvuln.php?osvdb_id=19306 1 || 100000208 || 1 || policy-violation || 0 || GPL POLICY MISC Tunneling IP over DNS with NSTX || url,nstx.dereference.de/nstx/ || url,slashdot.org/articles/00/09/10/2230242.shtml 1 || 100000222 || 1 || attempted-admin || 0 || GPL TFTP MISC TFTP32 Get Format string attempt || url,www.securityfocus.com/archive/1/422405/30/0/threaded || url,www.critical.lt/?vulnerabilities/200 1 || 100000223 || 1 || misc-attack || 0 || GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt || bugtraq,16213 || cve,2006-0189 1 || 100000227 || 2 || attempted-recon || 0 || GPL SNMP SNMP trap Format String detected || bugtraq,16267 || cve,2006-0250 || url,www.osvdb.org/displayvuln.php?osvdb_id=22493 1 || 100000228 || 3 || attempted-admin || 0 || GPL WEB_CLIENT Winamp PlayList buffer overflow attempt || bugtraq,16410 || cve,2006-0476 || url,www.frsirt.com/english/advisories/2006/0361 1 || 100000229 || 2 || misc-attack || 0 || GPL EXPLOIT MISC Lotus Domino LDAP attack || bugtraq,16523 || cve,2006-0580 || url,lists.immunitysec.com/pipermail/dailydave/2006-February/002896.html 1 || 100000230 || 2 || policy-violation || 0 || GPL CHAT MISC Jabber/Google Talk Outgoing Traffic || url,www.google.com/talk/ 1 || 100000231 || 2 || policy-violation || 0 || GPL CHAT Jabber/Google Talk Outgoing Auth || url,www.google.com/talk/ 1 || 100000232 || 3 || policy-violation || 0 || GPL CHAT Google Talk Logon || url,www.google.com/talk/ 1 || 100000233 || 2 || policy-violation || 0 || GPL CHAT Jabber/Google Talk Outoing Message || url,www.google.com/talk/ 1 || 100000234 || 2 || policy-violation || 0 || GPL CHAT Jabber/Google Talk Log Out || url,www.google.com/talk/ 1 || 100000235 || 2 || policy-violation || 0 || GPL CHAT Jabber/Google Talk Logon Success || url,www.google.com/talk/ 1 || 100000236 || 2 || policy-violation || 0 || GPL CHAT Jabber/Google Talk Incoming Message || url,www.google.com/talk/ 1 || 100000284 || 5 || attempted-user || 0 || GPL DELETED RealMedia invalid chunk size heap overflow attempt || bugtraq,17202 || cve,2005-2922 || url,service.real.com/realplayer/security/03162006_player/en/ 1 || 100000356 || 6 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS BASE base_qry_common.php remote file include || url,secunia.com/advisories/20300/ 1 || 100000357 || 5 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS BASE base_stat_common.php remote file include || url,secunia.com/advisories/20300/ 1 || 100000358 || 6 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS BASE base_include.inc.php remote file include || url,secunia.com/advisories/20300/ 1 || 100000428 || 1 || web-application-attack || 0 || GPL EXPLOIT WEB-MISC JBoss RMI class download service directory listing attempt || url,marc.theaimsgroup.com/?l=bugtraq&m=111911095424496&w=2 1 || 100000429 || 3 || misc-activity || 0 || GPL WEB_SERVER WEB-MISC JBoss web-console access || url,www.jboss.org/wiki/Wiki.jsp?page=WebConsole 1 || 100000447 || 2 || attempted-user || 0 || GPL WEB_CLIENT Mozilla Firefox DOMNodeRemoved attack attempt || bugtraq,18228 || cve,2006-2779 1 || 100000692 || 3 || misc-activity || 0 || GPL WEB_CLIENT midi file download attempt || bugtraq,18507 1 || 100000693 || 3 || attempted-user || 0 || GPL WEB_CLIENT Winamp midi file header overflow attempt || bugtraq,18507 1 || 100000728 || 6 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog functions.inc remote file include || bugtraq,18740 1 || 100000729 || 5 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog functions.inc remote file include || bugtraq,18740 1 || 100000730 || 5 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog BlackList.Examine.class.php remote file include || bugtraq,18740 1 || 100000731 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog DeleteComment.Action.class.php remote file include || bugtraq,18740 1 || 100000732 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog EditIPofURL.Admin.class.php remote file include || bugtraq,18740 1 || 100000733 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog MTBlackList.Examine.class.php remote file include || bugtraq,18740 1 || 100000734 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog MassDelete.Admin.class.php remote file include || bugtraq,18740 1 || 100000735 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog MailAdmin.Action.class.php remote file include || bugtraq,18740 1 || 100000736 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog MassDelTrackback.Admin.class.php remote file include || bugtraq,18740 1 || 100000737 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog EditHeader.Admin.class.php remote file include || bugtraq,18740 1 || 100000738 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog EditIP.Admin.class.php remote file include || bugtraq,18740 1 || 100000739 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog IPofUrl.Examine.class.php remote file include || bugtraq,18740 1 || 100000740 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog Import.Admin.class.php remote file include || bugtraq,18740 1 || 100000741 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog LogView.Admin.class.php remote file include || bugtraq,18740 1 || 100000742 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog functions.inc remote file include || bugtraq,18740 1 || 100000864 || 5 || web-application-attack || 0 || GPL ACTIVEX WEB-CLIENT tsuserex.dll COM Object Instantiation Vulnerability || url,www.xsec.org/index.php?module=Releases&act=view&type=1&id=14 1 || 100000876 || 3 || policy-violation || 0 || GPL CHAT Google Talk Version Check 1 || 100000877 || 2 || policy-violation || 0 || GPL CHAT Google Talk Startup 1 || 100000892 || 2 || attempted-dos || 0 || GPL VOIP Q.931 Invalid Call Reference Length Buffer Overflow || url,www.ethereal.com/news/item_20050504_01.html || url,www.elook.org/internet/126.html 1 || 100000908 || 2 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS WEB-PHP phpMyWebmin create_file script remote file include || url,www.securityfocus.com/bid/20281/info