Deep Discovery Inspector Rules Parent topic

Deep Discovery Inspector Rules

Rule ID Description Confidence Level Risk Type
1 Suspicious file extension for an executable file High MALWARE
2 Suspicious file extension for a script file High MALWARE
3 Suspicious file extension for an executable file High MALWARE
4 Suspicious filename for a script file High MALWARE
5 Suspicious filename for an executable file High MALWARE
6 An IRC session on a nonstandard Direct Client to Client port sent an executable file High MALWARE
7 An IRC Bot command was detected High MALWARE
8 A packed executable file was copied to a network administrative shared space High MALWARE
9 Highly suspicious archive file detected High MALWARE
10 Medium level suspicious archive file detected Medium MALWARE
11 Highly suspicious archive file detected High MALWARE
12 Highly suspicious archive file detected High MALWARE
13 Highly suspicious archive file detected High MALWARE
14 File security override detected Medium OTHERS
15 Too many failed logon attempts Medium OTHERS
16 Suspicious URL detected in an instant message High MALWARE
17 Remote command shell detected High OTHERS
18 DNS query of a known IRC Command and Control Server High MALWARE
19 Failed host DNS A record query of a distrusted domain mail exchanger Medium OTHERS
20 Malware URL access attempted Medium MALWARE
22 Uniform Resource Identifier leaks internal IP addresses Low SPYWARE
23 The name of the downloaded file matches known malware High MALWARE
24 The name of the downloaded file matches known spyware High SPYWARE
25 Host DNS IAXFR/IXFR request from a distrusted source Low OTHERS
26 IRC session established with a known IRC Command and Control Server High MALWARE
27 Host DNS Mx record query of a distrusted domain Low OTHERS
28 Rogue service detected running on a nonstandard port Medium OTHERS
29 Suspicious email sent Medium OTHERS
30 Message contains a malicious URL High MALWARE
32 Suspicious file extension for an executable file Medium MALWARE
33 IRC session is using a nonstandard port Medium MALWARE
34 Direct Client to Client IRC session sends an executable file Medium MALWARE
35 An executable file was dropped on a network administrative shared space Medium MALWARE
36 Highly suspicious archive file detected High MALWARE
37 File transfer of a packed executable file detected through an Instant Messaging application Medium MALWARE
38 Multiple logon attempt failure Low OTHERS
39 Host DNS query to a distrusted DNS server Medium MALWARE
40 Rogue service detected Medium OTHERS
41 Email message matches a known malware subject and contains packed executable files High MALWARE
43 Email contains a URL with a hard-coded IP address Medium FRAUD
44 Suspicious filename detected Low MALWARE
45 File type does not match the file extension Low MALWARE
46 Suspicious URL detected in an instant message Low MALWARE
47 Suspicious packed executable files detected Medium MALWARE
48 Query of a distrusted domain mail exchanger using the host's DNS A record Low OTHERS
49 IRC protocol detected Low MALWARE
50 Host DNS MX record query of a trusted domain Low OTHERS
51 Email message matches a known malware subject and contains an executable file Low MALWARE
52 Email message sent through a distrusted SMTP server Low MALWARE
54 Email message contains an archive file with packed executable files High MALWARE
55 Suspicious filename detected High MALWARE
56 Malware user-agent detected in an HTTP request High MALWARE
57 Email message sent to a malicious recipient High MALWARE
58 Default account usage Low OTHERS
59 Web request from a malware application Medium MALWARE
60 Highly suspicious Peer-to-Peer activity detected. High OTHERS
61 JPEG Exploit High MALWARE
62 VCalender Exploit High MALWARE
63 Possible buffer overflow attempt detected Low MALWARE
64 Possible NOP sled detected High MALWARE
65 Superscan host enumeration detected Medium OTHERS
66 False HTTP response content-type header High MALWARE
67 Cross-Site Scripting (XSS) detected Low OTHERS
68 Oracle HTTP Exploit detected High OTHERS
70 Spyware user-agent detected in HTTP request High SPYWARE
71 Embedded executable detected in a Microsoft Office file Medium MALWARE
72 Email contains a suspicious link to a possible phishing site. High FRAUD
74 SWF exploit detected High MALWARE
75 ANI exploit detected High MALWARE
76 WMF exploit detected High MALWARE
77 ICO exploit detected High MALWARE
78 PNG exploit detected High MALWARE
79 BMP exploit detected High MALWARE
80 EMF exploit detected High MALWARE
81 Malicious DNS usage detected High MALWARE
82 Email harvesting High MALWARE
83 Browser-based exploit detected High MALWARE
85 Suspicious file download Low MALWARE
86 Suspicious file download High MALWARE
87 Exploit payload detected High MALWARE
88 Downloaded file matches a known malware filename High MALWARE
89 Downloaded file matches a known spyware filename High SPYWARE
90 Suspicious packed file transferred through TFTP High MALWARE
91 Executable file transferred through TFTP Medium MALWARE
92 Phishing site access attempted Medium MALWARE
93 Keylogged data uploaded High MALWARE
94 SQL Injection High MALWARE
95 Successful brute-force attack High OTHERS
96 Email message contains a suspicious link to a possible phishing site High FRAUD
97 Suspicious HTTP Post High OTHERS
98 Unidentified protocol is using the standard service port High OTHERS
99 Suspicious IFrame High MALWARE
100 BOT IRC nickname detected High MALWARE
101 Suspicious DNS Medium MALWARE
102 Successful logon made using a default email account High OTHERS
104 Possible Gpass tunneling detected Low OTHERS
105 Pseudorandom Domain name query Low MALWARE
106 Info-Stealing Malware detected Low MALWARE
107 Info-Stealing Malware detected Low MALWARE
108 Info-Stealing Malware detected Low MALWARE
109 Malware URL access attempted High MALWARE
110 Data Stealing Malware URL access attempted High MALWARE
111 Malware URL access attempted High MALWARE
112 Data Stealing Malware URL access attempted High MALWARE
113 Data Stealing Malware sent email High MALWARE
114 Data Stealing Malware sent email High MALWARE
115 Data Stealing Malware FTP connection attempted High MALWARE
116 DNS query of a known public IRC C&C domain Medium MALWARE
117 Data Stealing Malware IRC Channel detected High MALWARE
118 IRC connection established with known public IRC C&C IP address Medium MALWARE
119 Data Stealing Malware sent instant message High MALWARE
120 Malware IP address accessed High MALWARE
121 Malware IP address/Port pair accessed High MALWARE
122 Info-Stealing Malware detected Medium MALWARE
123 Possible malware HTTP request Low MALWARE
126 Possible malware HTTP request Medium MALWARE
127 Malware HTTP request High MALWARE
128 TROJ_MDROPPER HTTP request Low MALWARE
130 IRC Test pattern Low MALWARE
131 Malware HTTP request High MALWARE
135 Malware URL access attempted High MALWARE
136 Malware domain queried High MALWARE
137 Malware user-agent detected in HTTP request High MALWARE
138 Malware IP address accessed High MALWARE
139 Malware IP address/Port pair accessed High MALWARE
140 Network based exploit attempt detected High MALWARE
141 DCE/RPC Exploit attempt detected High MALWARE
142 Data Stealing Malware IRC Channel connection detected High MALWARE
143 Malicious remote command shell detected High OTHERS
144 Data Stealing Malware FTP connection attempted High MALWARE
145 Malicious email sent High MALWARE
150 Remote Command Shell Low OTHERS
151 Hacktool ASPXSpy for Webservers Low OTHERS
153 DOWNAD Encrypted TCP connection detected Low MALWARE
155 DHCP-DNS Changing Malware High MALWARE
158 FAKEAV URI detected High MALWARE
159 Possible FakeAV URL access attempted Low MALWARE
160 ZEUS HTTP request detected High MALWARE
161 CUTWAIL URI detected High MALWARE
162 DONBOT SPAM detected High MALWARE
163 HTTP Suspicious URL detected Medium MALWARE
164 PUSHDO URI detected High MALWARE
165 GOLDCASH HTTP response detected High MALWARE
167 MYDOOM Encrypted TCP connection detected High MALWARE
168 VUNDO HTTP request detected High MALWARE
169 HTTP Meta tag redirect to an executable detected Medium MALWARE
170 HTTP ActiveX Codebase Exploit detected Medium MALWARE
172 Malicious URL detected High MALWARE
173 PUBVED URI detected High MALWARE
178 FAKEAV HTTP response detected High MALWARE
179 FAKEAV HTTP response detected High MALWARE
182 FAKEAV HTTP response detected High MALWARE
183 MONKIF HTTP response detected High MALWARE
185 PALEVO HTTP response detected High MALWARE
189 KATES HTTP request detected High MALWARE
190 KATES HTTP response detected High MALWARE
191 BANKER HTTP response detected High MALWARE
195 DOWNAD HTTP request detected Medium MALWARE
196 GUMBLAR HTTP response detected Medium MALWARE
197 BUGAT HTTPS connection detected High MALWARE
199 GUMBLAR HTTP response detected High MALWARE
200 GUMBLAR HTTP response detected High MALWARE
206 BANDOK URI detected High MALWARE
207 RUSTOCK HTTP request detected High MALWARE
208 CUTWAIL HTTP request detected High MALWARE
209 NUWAR URI detected High MALWARE
210 KORGO URI detected High MALWARE
211 PRORAT URI detected High MALWARE
212 NYXEM HTTP request detected High MALWARE
213 KOOBFACE URI detected High MALWARE
214 BOT URI detected High MALWARE
215 ZEUS URI detected High MALWARE
216 PRORAT SMTP request detected High MALWARE
217 DOWNLOAD URI detected High MALWARE
218 SOHANAD HTTP request detected High MALWARE
219 RONTOKBRO HTTP request detected High MALWARE
220 HUPIGON HTTP request detected High MALWARE
221 FAKEAV HTTP request detected High MALWARE
224 AUTORUN URI detected High MALWARE
226 BANKER SMTP connection detected High MALWARE
227 AGENT User Agent detected High MALWARE
229 HTTPS Malicious Certificate detected Medium MALWARE
230 HTTPS Malicious Certificate detected Medium MALWARE
231 HTTPS Malicious Certificate detected Medium MALWARE
232 HTTPS Malicious Certificate detected Medium MALWARE
233 DAWCUN TCP connection detected High MALWARE
234 HELOAG TCP connection detected High MALWARE
235 AUTORUN HTTP request detected High MALWARE
236 TATERF URI detected High MALWARE
237 NUWAR HTTP request detected High MALWARE
238 EMOTI URI detected High MALWARE
239 FAKEAV HTTP response detected Medium MALWARE
240 HUPIGON User Agent detected High MALWARE
241 HTTP Suspicious response detected Medium MALWARE
246 BHO URI detected High MALWARE
247 ZBOT HTTP request detected High MALWARE
249 ZBOT URI detected High MALWARE
250 ZBOT IRC channel detected High MALWARE
251 KOOBFACE URI detected High MALWARE
252 BREDOLAB HTTP request detected High MALWARE
253 RUSTOCK URI detected High MALWARE
255 FAKEAV HTTP request detected High MALWARE
256 SILLY HTTP response detected High MALWARE
257 KOOBFACE HTTP request detected High MALWARE
258 FAKEAV HTTP request detected High MALWARE
259 FAKEAV HTTP request detected High MALWARE
260 FAKEAV HTTP request detected High MALWARE
261 FAKEAV HTTP request detected High MALWARE
262 FAKEAV URI detected High MALWARE
263 AUTORUN URI detected High MALWARE
264 ASPORX HTTP request detected High MALWARE
265 AUTORUN HTTP request detected High MALWARE
266 GOZI HTTP request detected High MALWARE
267 AUTORUN URI detected High MALWARE
268 KOOBFACE HTTP request detected High MALWARE
269 AUTORUN IRC nickname detected High MALWARE
270 VIRUT IRC response detected High MALWARE
271 AUTORUN HTTP request detected High MALWARE
272 AUTORUN HTTP request detected High MALWARE
273 AUTORUN HTTP request detected High MALWARE
274 CAOLYWA HTTP request detected High MALWARE
275 AUTORUN FTP connection detected High MALWARE
276 AUTORUN HTTP request detected High MALWARE
277 AUTORUN HTTP response detected High MALWARE
278 AUTORUN HTTP request detected High MALWARE
279 AUTORUN HTTP request detected High MALWARE
280 AUTORUN HTTP request detected High MALWARE
281 BUZUS HTTP request detected High MALWARE
282 FAKEAV HTTP request detected High MALWARE
283 FAKEAV HTTP request detected High MALWARE
284 AGENT HTTP request detected High MALWARE
285 AGENT TCP connection detected High MALWARE
286 KOLAB IRC nickname detected High MALWARE
287 VB MSSQL Query detected High MALWARE
288 PROXY URI detected High MALWARE
289 LDPINCH HTTP request detected High MALWARE
290 SWISYN URI detected High MALWARE
291 BUZUS HTTP request detected High MALWARE
292 BUZUS HTTP request detected High MALWARE
295 SCAR HTTP request detected High MALWARE
297 ZLOB HTTP request detected High MALWARE
298 HTTBOT URI detected High MALWARE
299 HTTBOTUser Agent detected High MALWARE
300 HTTBOT HTTP request detected High MALWARE
301 SASFIS URI detected High MALWARE
302 SWIZZOR HTTP request detected High MALWARE
304 PUSHDO TCP connection detected High MALWARE
306 BANKER HTTP request detected High MALWARE
307 GAOBOT IRC channel detected High MALWARE
308 SDBOT IRC nickname detected High MALWARE
309 DAGGER TCP connection detected High MALWARE
310 HACKATTACK TCP connection detected High MALWARE
312 CODECPAC HTTP request detected High MALWARE
313 BUTERAT HTTP request detected High MALWARE
314 FAKEAV HTTP request detected High MALWARE
315 CIMUZ URI detected High MALWARE
316 DEMTRANNC HTTP request detected High MALWARE
317 ENFAL HTTP request detected High MALWARE
318 WEMON HTTP request detected High MALWARE
319 VIRTUMONDE URI detected Medium MALWARE
320 DROPPER HTTP request detected High MALWARE
321 MISLEADAPP HTTP request detected High MALWARE
322 DLOADER HTTP request detected High MALWARE
323 SPYEYE HTTP request detected High MALWARE
324 SPYEYE HTTP response detected High MALWARE
325 SOPICLICK TCP connection detected High MALWARE
326 KOOBFACE HTTP request detected High MALWARE
327 PALEVO UDP connection detected High MALWARE
328 AGENT Malformed SSL detected High MALWARE
329 OTLARD TCP connection detected High MALWARE
330 VUNDO HTTP request detected High MALWARE
331 HTTP Suspicious User Agent detected Medium MALWARE
332 VBINJECT IRC connection detected High MALWARE
333 AMBLER HTTP request detected High MALWARE
334 RUNAGRY HTTP request detected High MALWARE
337 BUZUS IRC nickname detected High MALWARE
338 TEQUILA HTTP request detected High MALWARE
339 FAKEAV HTTP request detected High MALWARE
340 CUTWAIL SMTP connection detected High MALWARE
341 MUMA TCP connection detected High MALWARE
342 MEGAD SMTP response detected High MALWARE
343 WINWEBSE URI detected High MALWARE
344 VOBFUS TCP connection detected High MALWARE
345 BOT IRC nickname detected High MALWARE
347 BOT IRC nickname detected High MALWARE
348 TIDISERV HTTP request detected High MALWARE
349 BOT HTTP request detected High MALWARE
351 ZLOB HTTP request detected High MALWARE
352 SOHANAD HTTP request detected High MALWARE
353 GENETIK HTTP request detected High MALWARE
354 LEGMIR HTTP request detected High MALWARE
355 HUPIGON HTTP request detected High MALWARE
356 IEBOOOT UDP connection detected High MALWARE
357 FAKEAV HTTP request detected High MALWARE
358 FAKEAV HTTP request detected High MALWARE
359 STRAT HTTP request detected High MALWARE
360 STRAT HTTP request detected High MALWARE
361 STRAT HTTP request detected High MALWARE
362 SALITY URI detected High MALWARE
363 AUTORUN HTTP response detected High MALWARE
364 AUTORUN HTTP request detected High MALWARE
365 CODECPAC HTTP request detected High MALWARE
366 TRACUR HTTP request detected High MALWARE
367 KOLAB TCP connection detected High MALWARE
368 MAGANIA HTTP request detected High MALWARE
369 PAKES URI detected High MALWARE
370 POSADOR HTTP request detected High MALWARE
371 FAKEAV HTTP request detected High MALWARE
372 GHOSTNET TCP connection detected High MALWARE
373 CLICKER HTTP response detected High MALWARE
374 VIRUT HTTP request detected High MALWARE
375 FAKEAV HTTP request detected High MALWARE
376 DLOADER HTTP request detected High MALWARE
377 FAKEAV HTTP request detected High MALWARE
378 DLOADER HTTP request detected High MALWARE
379 GENOME HTTP request detected High MALWARE
380 GENOME HTTP request detected High MALWARE
381 GENOME HTTP request detected High MALWARE
382 GENOME HTTP request detected High MALWARE
383 GENOME HTTP request detected High MALWARE
384 GENOME HTTP request detected High MALWARE
385 FAKEAV URI detected High MALWARE
386 UTOTI URI detected High MALWARE
387 THINSTALL HTTP request detected High MALWARE
389 GERAL HTTP request detected High MALWARE
390 UNRUY HTTP request detected High MALWARE
392 BREDOLAB HTTP request detected High MALWARE
393 ZAPCHAST URI detected High MALWARE
395 KOOBFACE HTTP request detected High MALWARE
396 KOOBFACE URI detected High MALWARE
397 BIFROSE TCP connection detected High MALWARE
398 ZEUS HTTP request detected Medium MALWARE
399 MUFANOM HTTP request detected High MALWARE
400 STARTPAGE URI detected High MALWARE
401 Suspicious File transfer of an LNK file detected Medium MALWARE
402 TDSS URI detected High MALWARE
403 CODECPAC HTTP request detected High MALWARE
404 DOWNAD TCP connection detected High MALWARE
405 SDBOT HTTP request detected High MALWARE
406 MYDOOM HTTP request detected High MALWARE
407 GUMBLAR HTTP request detected Medium MALWARE
408 POEBOT IRC bot commands detected High MALWARE
409 SDBOT IRC connection detected High MALWARE
410 HTTP DLL inject detected Medium OTHERS
411 DANMEC HTTP request detected High MALWARE
412 MOCBBOT TCP connection detected High MALWARE
413 OSCARBOT IRC connection detected High MALWARE
414 STUXNET SMB connection detected High MALWARE
415 SALITY SMB connection detected Medium MALWARE
416 SALITY URI detected High MALWARE
417 BUZUS IRC nickname detected Medium MALWARE
418 VIRUT IRC channel detected Medium MALWARE
419 LICAT HTTP request detected Medium MALWARE
420 PROXY HTTP request detected High MALWARE
421 PROXY HTTP request detected High MALWARE
422 QAKBOT HTTP request detected High MALWARE
423 FAKEAV HTTP request detected Medium MALWARE
424 QAKBOT FTP dropsite detected High MALWARE
425 QAKBOT HTTP request detected High MALWARE
426 SALITY HTTP request detected Medium MALWARE
427 AURORA TCP connection detected Medium MALWARE
428 KOOBFACE HTTP request detected High MALWARE
429 KOOBFACE HTTP request detected High MALWARE
430 KOOBFACE HTTP request detected High MALWARE
431 SPYEYE HTTP request detected High MALWARE
432 KELIHOS HTTP request detected Medium MALWARE
433 KELIHOS TCP connection detected Medium MALWARE
434 BOHU URI detected Medium MALWARE
435 UTOTI HTTP request detected Medium MALWARE
436 CHIR UDP connection detected Medium MALWARE
437 REMOSH TCP connection detected High MALWARE
438 ALUREON URI detected Medium MALWARE
439 FRAUDPACK URI detected Medium MALWARE
440 FRAUDPACK URI detected Medium MALWARE
441 SMB DLL injection exploit detected Medium OTHERS
443 QDDOS HTTP request detected High MALWARE
444 QDDOS HTTP request detected High MALWARE
445 QDDOS TCP connection detected High MALWARE
446 OTORUN HTTP request detected Medium MALWARE
447 OTORUN HTTP request detected Medium MALWARE
448 QAKBOT HTTP request detected Medium MALWARE
450 FAKEAV HTTP request detected High MALWARE
451 FAKEAV URI detected High MALWARE
452 LIZAMOON HTTP response detected High MALWARE
453 Compromised site with malicious URL detected Medium OTHERS
454 Compromised site with malicious URL detected High OTHERS
455 HTTP SQL Injection detected High OTHERS
456 HTTPS_Malicious_Certificate3 Medium OTHERS
457 FAKEAV HTTP request detected Medium MALWARE
994 HTTP_REQUEST_BAD_URL_HASH Low MALWARE
1004 HTTP_REQUEST_MALWARE_URL Low MALWARE
1321 HTTP_REQUEST_TSPY_ONLINEG Low MALWARE
1342 HTTPS_Malicious_Certificate2 Low MALWARE
1343 HTTPS_Malicious_Certificate2 Low MALWARE
1344 HTTPS_Malicious_Certificate2 Low MALWARE
1345 HTTPS_Malicious_Certificate2 Low MALWARE
1365 REALWIN_LONG_USERNAME_EXPLOIT Low OTHERS
1366 REALWIN_STRING_STACK_OVERFLOW_EXPLOIT Low OTHERS
1367 REALWIN_FCS_LOGIN_STACK_OVERFLOW_EXPLOIT Low OTHERS
1368 REALWIN_FILENAME_STACK_OVERFLOW_EXPLOIT Low OTHERS
1369 REALWIN_MSG_STACK_OVERFLOW_EXPLOIT Low OTHERS
1370 REALWIN_TELEMETRY_STACK_OVERFLOW_EXPLOIT Low OTHERS
1371 REALWIN_STARTPROG_STACK_OVERFLOW_EXPLOIT Low OTHERS
1372 Interactive_Graphical_SCADA_System_Program_Execution_Exploit Low OTHERS
1373 Interactive_Graphical_SCADA_System_STDREP_Overflow_Exploit Low OTHERS
1374 Interactive_Graphical_SCADA_System_Shmemmgr_Overflow_Exploit Low OTHERS
1375 Interactive_Graphical_SCADA_System_RMS_Report_Overflow_Exploit Low OTHERS
1376 Interactive_Graphical_SCADA_System_File_Funcs_Overflow_Exploit Low OTHERS