├── APT31 └── apt31.rules ├── CVE-2016-0800 ├── cve-2016-0800.rules └── pcap.zip ├── CVE-2016-1285 ├── cve-2016-1285.rules └── pcap.zip ├── CVE-2016-2208 ├── cve-2016-2208.rules └── pcap.zip ├── CVE-2016-2386 └── cve-2016-2386.rules ├── CVE-2016-3078 ├── cve-2016-3078.rules └── pcap.zip ├── CVE-2016-3087 ├── cve-2016-3087.rules └── pcap.zip ├── CVE-2016-4010 ├── cve-2016-4010.rules └── pcap.zip ├── CVE-2016-4971 ├── cve-2016-4971.rules └── pcap.zip ├── CVE-2016-6304 ├── CVE-2016-6304.rules └── pcap.zip ├── CVE-2016-6366 └── cve-2016-6366.rules ├── CVE-2016-6367 ├── cve-2016-6367.rules └── pcaps.zip ├── CVE-2016-6662 └── CVE-2016-6662.rules ├── CVE-2016-7237 ├── CVE-2016-7237.rules └── pcap.zip ├── CVE-2016-7636 └── CVE-2016-7636.rules ├── CVE-2016-9147 └── CVE-2016-9147.rules ├── CVE-2016-9565 └── CVE-2016-9565.rules ├── CVE-2017-13089 └── cve-2017-13089.rules ├── CVE-2017-14492 └── cve-2017-14492.rules ├── CVE-2017-14493 └── cve-2017-14493.rules ├── CVE-2017-14494 └── cve-2017-14494.rules ├── CVE-2017-16943 └── cve-2017-16943.rules ├── CVE-2017-2491 └── CVE-2017-2491.rules ├── CVE-2017-3143 ├── cve-2017-3143.rules └── pcap.zip ├── CVE-2017-5638 └── CVE-2017-5638.rules ├── CVE-2017-7269 └── CVE-2017-7269.rules ├── CVE-2017-7494 ├── CVE-2017-7494.rules └── pcap.zip ├── CVE-2017-8045 └── CVE-2017-8045.rules ├── CVE-2017-9798 ├── CVE-2017-9798.rules └── pcap.zip ├── CVE-2018-0171 └── cve-2018-0171.rules ├── CVE-2018-0886 └── cve-2018-0886.rules ├── CVE-2018-1000006 └── cve-2018-1000006.rules ├── CVE-2018-1000207 └── cve-2018-1000207.rules ├── CVE-2018-1111 └── cve-2018-1111.rules ├── CVE-2018-1306 └── cve-2018-1306.rules ├── CVE-2018-14847 └── cve-2018-14847.rules ├── CVE-2018-15379 └── cve-2018-15379.rules ├── CVE-2018-15442 └── cve-2018-15442.rules ├── CVE-2018-15454 └── cve-2018-15454.rules ├── CVE-2018-17245 └── cve-2018-17245.rules ├── CVE-2018-5955 └── cve-2018-5955.rules ├── CVE-2018-6789 └── cve-2018-6789.rules ├── CVE-2018-7445 ├── cve-2018-7445.rules └── pcap.zip ├── CVE-2018-7600 └── cve-2018-7600.rules ├── CVE-2018-7602 └── cve-2018-7602.rules ├── CVE-2018-8495 └── cve-2018-8495.rules ├── CVE-2018-8581 └── cve-2018-8581.rules ├── CVE-2019-0227 └── cve-2019-0227.rules ├── CVE-2019-0232 └── cve-2019-0232.rules ├── CVE-2019-0708 └── cve-2019-0708.rules ├── CVE-2019-1003001 └── cve-2019-1003001.rules ├── CVE-2019-2618 └── cve-2019-2618.rules ├── CVE-2019-2725 ├── cve-2019-2725.rules └── pcap.zip ├── CVE-2019-3396 └── cve-2019-3396.rules ├── CVE-2019-3924 └── cve-2019-3924.rules ├── CVE-2019-3978 └── cve-2019-3978.rules ├── CVE-2019-6340 └── cve-2019-6340.rules ├── CVE-2020-0601 └── cve-2020-0601.rules ├── CVE-2020-0796 └── cve-2020-0796.rules ├── CVE-2020-1350 └── cve-2020-1350.rules ├── CVE-2020-14882 └── cve-2020-14882.rules ├── CVE-2021-41773 └── cve-2021-41773.rules ├── CVE-2022-23131 └── cve-2022-23131.rules ├── DNS Rebinding └── dns_rebinding.rules ├── DarkHVNC └── darkhvnc.rules ├── Dridex ├── dridex.rules └── pcap.zip ├── FreePBX_13_14_rce ├── FreePBX_13_14_rce.rules └── pcap.zip ├── GraphicsMagick_shell_vulnerability └── GraphicsMagick.rules ├── LICENSE ├── Log4Shell └── log4shell.rules ├── MS17-010 └── ms17-010.rules ├── Microtik Router OS Stack Clash └── microtik_router_os_stack_clash.rules ├── Neutrino └── neutrino.rules ├── Omnivista_8770_RCE └── omnivista_8770_rce.rules ├── PetitPotam └── petitpotam.rules ├── PowerShell Empire ├── pcap.zip └── power_shell_empire.rules ├── PrintNightmare └── printnightmare.rules ├── README.md ├── SilentTrinity └── silenttrinity.rules ├── Spring4Shell └── Spring4Shell.rules ├── Squid 3.5 http cache poisoning └── squid.rules ├── Suricon2018 ├── Detect_Malicious_Communications_Even_Under_TLS.rules └── readme.md ├── SystemNightmare └── systemnightmare.rules ├── Telegram └── telegram.rules ├── ThePrinterBug └── theprinterbug.rules ├── aes.ddos.dofloo └── aes.ddos.dofloo.rules ├── apache_continuum_cmd_injection ├── continuum_cmd_injection.rules └── pcap.zip ├── badtunnel └── badtunnel.rules ├── carbanak_pegasus └── carbanak_pegasus.rules ├── dcshadow ├── dcshadow.rules └── pcap.zip ├── eternalblue(WannaCry,Petya) └── eternalblue(WannaCry,Petya).rules ├── httpoxy ├── httpoxy.rules └── pcap.zip ├── ios 10.1.x remote memory corruption └── ios_10.1.x_remote_memory_corruption.rules ├── nfcapd ├── nfcapd.rules └── pcap.zip ├── phpggc └── phpggc.rules ├── policy └── policy.rules ├── pt.rules.tar.gz ├── pt.rules.tar.gz.md5 ├── rConfig_rce └── rconfig_rce.rules ├── raisecom_gpon_rce └── raisecom_gpon_rce.rules ├── redis_replication_rce └── redis_replication_rce.rules ├── scm_tools_rce └── scm_tools_rce.rules ├── tools └── burp_suite.rules ├── vBulletin_5.x_rce └── vbulletin_5.x_rce.rules ├── wannamine ├── pcap.zip └── wannamine.rules ├── wordpress LearnDash plugin arbitrary file upload └── wordpress_learnlash_plugin_arbitrary_file_upload.rules └── xfreerdp └── xfreerdp.rules /APT31/apt31.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/APT31/apt31.rules -------------------------------------------------------------------------------- /CVE-2016-0800/cve-2016-0800.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-0800/cve-2016-0800.rules -------------------------------------------------------------------------------- /CVE-2016-0800/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-0800/pcap.zip -------------------------------------------------------------------------------- /CVE-2016-1285/cve-2016-1285.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-1285/cve-2016-1285.rules -------------------------------------------------------------------------------- /CVE-2016-1285/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-1285/pcap.zip -------------------------------------------------------------------------------- /CVE-2016-2208/cve-2016-2208.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-2208/cve-2016-2208.rules -------------------------------------------------------------------------------- /CVE-2016-2208/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-2208/pcap.zip -------------------------------------------------------------------------------- /CVE-2016-2386/cve-2016-2386.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-2386/cve-2016-2386.rules -------------------------------------------------------------------------------- /CVE-2016-3078/cve-2016-3078.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-3078/cve-2016-3078.rules -------------------------------------------------------------------------------- /CVE-2016-3078/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-3078/pcap.zip -------------------------------------------------------------------------------- /CVE-2016-3087/cve-2016-3087.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-3087/cve-2016-3087.rules -------------------------------------------------------------------------------- /CVE-2016-3087/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-3087/pcap.zip -------------------------------------------------------------------------------- /CVE-2016-4010/cve-2016-4010.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-4010/cve-2016-4010.rules -------------------------------------------------------------------------------- /CVE-2016-4010/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-4010/pcap.zip -------------------------------------------------------------------------------- /CVE-2016-4971/cve-2016-4971.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-4971/cve-2016-4971.rules -------------------------------------------------------------------------------- /CVE-2016-4971/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-4971/pcap.zip -------------------------------------------------------------------------------- /CVE-2016-6304/CVE-2016-6304.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-6304/CVE-2016-6304.rules -------------------------------------------------------------------------------- /CVE-2016-6304/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-6304/pcap.zip -------------------------------------------------------------------------------- /CVE-2016-6366/cve-2016-6366.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-6366/cve-2016-6366.rules -------------------------------------------------------------------------------- /CVE-2016-6367/cve-2016-6367.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-6367/cve-2016-6367.rules -------------------------------------------------------------------------------- /CVE-2016-6367/pcaps.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-6367/pcaps.zip -------------------------------------------------------------------------------- /CVE-2016-6662/CVE-2016-6662.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-6662/CVE-2016-6662.rules -------------------------------------------------------------------------------- /CVE-2016-7237/CVE-2016-7237.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-7237/CVE-2016-7237.rules -------------------------------------------------------------------------------- /CVE-2016-7237/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-7237/pcap.zip -------------------------------------------------------------------------------- /CVE-2016-7636/CVE-2016-7636.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-7636/CVE-2016-7636.rules -------------------------------------------------------------------------------- /CVE-2016-9147/CVE-2016-9147.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-9147/CVE-2016-9147.rules -------------------------------------------------------------------------------- /CVE-2016-9565/CVE-2016-9565.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2016-9565/CVE-2016-9565.rules -------------------------------------------------------------------------------- /CVE-2017-13089/cve-2017-13089.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-13089/cve-2017-13089.rules -------------------------------------------------------------------------------- /CVE-2017-14492/cve-2017-14492.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-14492/cve-2017-14492.rules -------------------------------------------------------------------------------- /CVE-2017-14493/cve-2017-14493.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-14493/cve-2017-14493.rules -------------------------------------------------------------------------------- /CVE-2017-14494/cve-2017-14494.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-14494/cve-2017-14494.rules -------------------------------------------------------------------------------- /CVE-2017-16943/cve-2017-16943.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-16943/cve-2017-16943.rules -------------------------------------------------------------------------------- /CVE-2017-2491/CVE-2017-2491.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-2491/CVE-2017-2491.rules -------------------------------------------------------------------------------- /CVE-2017-3143/cve-2017-3143.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-3143/cve-2017-3143.rules -------------------------------------------------------------------------------- /CVE-2017-3143/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-3143/pcap.zip -------------------------------------------------------------------------------- /CVE-2017-5638/CVE-2017-5638.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-5638/CVE-2017-5638.rules -------------------------------------------------------------------------------- /CVE-2017-7269/CVE-2017-7269.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-7269/CVE-2017-7269.rules -------------------------------------------------------------------------------- /CVE-2017-7494/CVE-2017-7494.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-7494/CVE-2017-7494.rules -------------------------------------------------------------------------------- /CVE-2017-7494/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-7494/pcap.zip -------------------------------------------------------------------------------- /CVE-2017-8045/CVE-2017-8045.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-8045/CVE-2017-8045.rules -------------------------------------------------------------------------------- /CVE-2017-9798/CVE-2017-9798.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-9798/CVE-2017-9798.rules -------------------------------------------------------------------------------- /CVE-2017-9798/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2017-9798/pcap.zip -------------------------------------------------------------------------------- /CVE-2018-0171/cve-2018-0171.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-0171/cve-2018-0171.rules -------------------------------------------------------------------------------- /CVE-2018-0886/cve-2018-0886.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-0886/cve-2018-0886.rules -------------------------------------------------------------------------------- /CVE-2018-1000006/cve-2018-1000006.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-1000006/cve-2018-1000006.rules -------------------------------------------------------------------------------- /CVE-2018-1000207/cve-2018-1000207.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-1000207/cve-2018-1000207.rules -------------------------------------------------------------------------------- /CVE-2018-1111/cve-2018-1111.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-1111/cve-2018-1111.rules -------------------------------------------------------------------------------- /CVE-2018-1306/cve-2018-1306.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-1306/cve-2018-1306.rules -------------------------------------------------------------------------------- /CVE-2018-14847/cve-2018-14847.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-14847/cve-2018-14847.rules -------------------------------------------------------------------------------- /CVE-2018-15379/cve-2018-15379.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-15379/cve-2018-15379.rules -------------------------------------------------------------------------------- /CVE-2018-15442/cve-2018-15442.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-15442/cve-2018-15442.rules -------------------------------------------------------------------------------- /CVE-2018-15454/cve-2018-15454.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-15454/cve-2018-15454.rules -------------------------------------------------------------------------------- /CVE-2018-17245/cve-2018-17245.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-17245/cve-2018-17245.rules -------------------------------------------------------------------------------- /CVE-2018-5955/cve-2018-5955.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-5955/cve-2018-5955.rules -------------------------------------------------------------------------------- /CVE-2018-6789/cve-2018-6789.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-6789/cve-2018-6789.rules -------------------------------------------------------------------------------- /CVE-2018-7445/cve-2018-7445.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-7445/cve-2018-7445.rules -------------------------------------------------------------------------------- /CVE-2018-7445/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-7445/pcap.zip -------------------------------------------------------------------------------- /CVE-2018-7600/cve-2018-7600.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-7600/cve-2018-7600.rules -------------------------------------------------------------------------------- /CVE-2018-7602/cve-2018-7602.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-7602/cve-2018-7602.rules -------------------------------------------------------------------------------- /CVE-2018-8495/cve-2018-8495.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-8495/cve-2018-8495.rules -------------------------------------------------------------------------------- /CVE-2018-8581/cve-2018-8581.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2018-8581/cve-2018-8581.rules -------------------------------------------------------------------------------- /CVE-2019-0227/cve-2019-0227.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2019-0227/cve-2019-0227.rules -------------------------------------------------------------------------------- /CVE-2019-0232/cve-2019-0232.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2019-0232/cve-2019-0232.rules -------------------------------------------------------------------------------- /CVE-2019-0708/cve-2019-0708.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2019-0708/cve-2019-0708.rules -------------------------------------------------------------------------------- /CVE-2019-1003001/cve-2019-1003001.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2019-1003001/cve-2019-1003001.rules -------------------------------------------------------------------------------- /CVE-2019-2618/cve-2019-2618.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2019-2618/cve-2019-2618.rules -------------------------------------------------------------------------------- /CVE-2019-2725/cve-2019-2725.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2019-2725/cve-2019-2725.rules -------------------------------------------------------------------------------- /CVE-2019-2725/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2019-2725/pcap.zip -------------------------------------------------------------------------------- /CVE-2019-3396/cve-2019-3396.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2019-3396/cve-2019-3396.rules -------------------------------------------------------------------------------- /CVE-2019-3924/cve-2019-3924.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2019-3924/cve-2019-3924.rules -------------------------------------------------------------------------------- /CVE-2019-3978/cve-2019-3978.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2019-3978/cve-2019-3978.rules -------------------------------------------------------------------------------- /CVE-2019-6340/cve-2019-6340.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2019-6340/cve-2019-6340.rules -------------------------------------------------------------------------------- /CVE-2020-0601/cve-2020-0601.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2020-0601/cve-2020-0601.rules -------------------------------------------------------------------------------- /CVE-2020-0796/cve-2020-0796.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2020-0796/cve-2020-0796.rules -------------------------------------------------------------------------------- /CVE-2020-1350/cve-2020-1350.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2020-1350/cve-2020-1350.rules -------------------------------------------------------------------------------- /CVE-2020-14882/cve-2020-14882.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2020-14882/cve-2020-14882.rules -------------------------------------------------------------------------------- /CVE-2021-41773/cve-2021-41773.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2021-41773/cve-2021-41773.rules -------------------------------------------------------------------------------- /CVE-2022-23131/cve-2022-23131.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/CVE-2022-23131/cve-2022-23131.rules -------------------------------------------------------------------------------- /DNS Rebinding/dns_rebinding.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/DNS Rebinding/dns_rebinding.rules -------------------------------------------------------------------------------- /DarkHVNC/darkhvnc.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/DarkHVNC/darkhvnc.rules -------------------------------------------------------------------------------- /Dridex/dridex.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/Dridex/dridex.rules -------------------------------------------------------------------------------- /Dridex/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/Dridex/pcap.zip -------------------------------------------------------------------------------- /FreePBX_13_14_rce/FreePBX_13_14_rce.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/FreePBX_13_14_rce/FreePBX_13_14_rce.rules -------------------------------------------------------------------------------- /FreePBX_13_14_rce/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/FreePBX_13_14_rce/pcap.zip -------------------------------------------------------------------------------- /GraphicsMagick_shell_vulnerability/GraphicsMagick.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/GraphicsMagick_shell_vulnerability/GraphicsMagick.rules -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/LICENSE -------------------------------------------------------------------------------- /Log4Shell/log4shell.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/Log4Shell/log4shell.rules -------------------------------------------------------------------------------- /MS17-010/ms17-010.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/MS17-010/ms17-010.rules -------------------------------------------------------------------------------- /Microtik Router OS Stack Clash/microtik_router_os_stack_clash.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/Microtik Router OS Stack Clash/microtik_router_os_stack_clash.rules -------------------------------------------------------------------------------- /Neutrino/neutrino.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/Neutrino/neutrino.rules -------------------------------------------------------------------------------- /Omnivista_8770_RCE/omnivista_8770_rce.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/Omnivista_8770_RCE/omnivista_8770_rce.rules -------------------------------------------------------------------------------- /PetitPotam/petitpotam.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/PetitPotam/petitpotam.rules -------------------------------------------------------------------------------- /PowerShell Empire/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/PowerShell Empire/pcap.zip -------------------------------------------------------------------------------- /PowerShell Empire/power_shell_empire.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/PowerShell Empire/power_shell_empire.rules -------------------------------------------------------------------------------- /PrintNightmare/printnightmare.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/PrintNightmare/printnightmare.rules -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/README.md -------------------------------------------------------------------------------- /SilentTrinity/silenttrinity.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/SilentTrinity/silenttrinity.rules -------------------------------------------------------------------------------- /Spring4Shell/Spring4Shell.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/Spring4Shell/Spring4Shell.rules -------------------------------------------------------------------------------- /Squid 3.5 http cache poisoning/squid.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/Squid 3.5 http cache poisoning/squid.rules -------------------------------------------------------------------------------- /Suricon2018/Detect_Malicious_Communications_Even_Under_TLS.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/Suricon2018/Detect_Malicious_Communications_Even_Under_TLS.rules -------------------------------------------------------------------------------- /Suricon2018/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/Suricon2018/readme.md -------------------------------------------------------------------------------- /SystemNightmare/systemnightmare.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/SystemNightmare/systemnightmare.rules -------------------------------------------------------------------------------- /Telegram/telegram.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/Telegram/telegram.rules -------------------------------------------------------------------------------- /ThePrinterBug/theprinterbug.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/ThePrinterBug/theprinterbug.rules -------------------------------------------------------------------------------- /aes.ddos.dofloo/aes.ddos.dofloo.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/aes.ddos.dofloo/aes.ddos.dofloo.rules -------------------------------------------------------------------------------- /apache_continuum_cmd_injection/continuum_cmd_injection.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/apache_continuum_cmd_injection/continuum_cmd_injection.rules -------------------------------------------------------------------------------- /apache_continuum_cmd_injection/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/apache_continuum_cmd_injection/pcap.zip -------------------------------------------------------------------------------- /badtunnel/badtunnel.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/badtunnel/badtunnel.rules -------------------------------------------------------------------------------- /carbanak_pegasus/carbanak_pegasus.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/carbanak_pegasus/carbanak_pegasus.rules -------------------------------------------------------------------------------- /dcshadow/dcshadow.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/dcshadow/dcshadow.rules -------------------------------------------------------------------------------- /dcshadow/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/dcshadow/pcap.zip -------------------------------------------------------------------------------- /eternalblue(WannaCry,Petya)/eternalblue(WannaCry,Petya).rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/eternalblue(WannaCry,Petya)/eternalblue(WannaCry,Petya).rules -------------------------------------------------------------------------------- /httpoxy/httpoxy.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/httpoxy/httpoxy.rules -------------------------------------------------------------------------------- /httpoxy/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/httpoxy/pcap.zip -------------------------------------------------------------------------------- /ios 10.1.x remote memory corruption/ios_10.1.x_remote_memory_corruption.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/ios 10.1.x remote memory corruption/ios_10.1.x_remote_memory_corruption.rules -------------------------------------------------------------------------------- /nfcapd/nfcapd.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/nfcapd/nfcapd.rules -------------------------------------------------------------------------------- /nfcapd/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/nfcapd/pcap.zip -------------------------------------------------------------------------------- /phpggc/phpggc.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/phpggc/phpggc.rules -------------------------------------------------------------------------------- /policy/policy.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/policy/policy.rules -------------------------------------------------------------------------------- /pt.rules.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/pt.rules.tar.gz -------------------------------------------------------------------------------- /pt.rules.tar.gz.md5: -------------------------------------------------------------------------------- 1 | 63013cd0640a3f95c5f6010b5691c49c 2 | -------------------------------------------------------------------------------- /rConfig_rce/rconfig_rce.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/rConfig_rce/rconfig_rce.rules -------------------------------------------------------------------------------- /raisecom_gpon_rce/raisecom_gpon_rce.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/raisecom_gpon_rce/raisecom_gpon_rce.rules -------------------------------------------------------------------------------- /redis_replication_rce/redis_replication_rce.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/redis_replication_rce/redis_replication_rce.rules -------------------------------------------------------------------------------- /scm_tools_rce/scm_tools_rce.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/scm_tools_rce/scm_tools_rce.rules -------------------------------------------------------------------------------- /tools/burp_suite.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/tools/burp_suite.rules -------------------------------------------------------------------------------- /vBulletin_5.x_rce/vbulletin_5.x_rce.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/vBulletin_5.x_rce/vbulletin_5.x_rce.rules -------------------------------------------------------------------------------- /wannamine/pcap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/wannamine/pcap.zip -------------------------------------------------------------------------------- /wannamine/wannamine.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/wannamine/wannamine.rules -------------------------------------------------------------------------------- /wordpress LearnDash plugin arbitrary file upload/wordpress_learnlash_plugin_arbitrary_file_upload.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/wordpress LearnDash plugin arbitrary file upload/wordpress_learnlash_plugin_arbitrary_file_upload.rules -------------------------------------------------------------------------------- /xfreerdp/xfreerdp.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ptresearch/AttackDetection/HEAD/xfreerdp/xfreerdp.rules --------------------------------------------------------------------------------