Tags

Browse and search all threat intelligence tags

Admin Panel Hunt

Web-attack

Scanning for administrative interfaces

CGI Script Hunt

Web-attack

Scanning for vulnerable CGI scripts

CMS Enumeration

Web-attack

Content management system discovery and enumeration

Cisco UCM Exploit

Cve

CVE-2024-20253 Cisco Unified Communications Manager RCE

Config File Hunt

Web-attack

Scanning for exposed configuration files

Database Admin Hunt

Web-attack

Scanning for database admin interfaces (phpMyAdmin, etc.)

Directory Traversal Attempt

Web-attack

Path traversal attack attempting to access restricted files

Enterprise Software Probe

Web-attack

Probing for enterprise software (Confluence, Jenkins, etc.)

File Upload Attempt

Web-attack

Attempting to upload potentially malicious files

IoT Default Credential Attempt

Botnet

Default credential stuffing attempt on telnet

Ivanti EPMM Exploit

Cve

CVE-2026-1281/CVE-2026-1340 Ivanti Endpoint Manager Mobile pre-auth RCE via Bash arithmetic expansion in /mifs/c/appstore/fob/ and /mifs/c/aftstore/fob/ endpoints

Mirai Credential Spray

Botnet

Mirai-specific IoT default credentials detected in telnet payload

Mirai Scanner

Botnet

Mirai-style port 23/2323 dual scanning pattern detected

Path Traversal Attempt

Web-attack

Path traversal via encoded sequences

Port Scan

Recon

Scanning 5+ ports on target host

Router Exploit

Web-attack

Attempting router firmware exploits (Netgear, D-Link, etc.)

SIP Register Scanner

Activity

SIP VoIP registration scanning on port 5060

SQL Injection Attempt

Web-attack

SQL injection attack detected in request

SSH Bruteforcer

Brute-force

Multiple SSH authentication attempts detected

SSH Connection Attempt

Activity

SSH connection attempt detected on port 22 or 2222

SharePoint Active Exploitation

Cve

Active exploitation of SharePoint vulnerabilities

SharePoint Toolshell Exploit

Cve

SharePoint toolshell exploitation attempt

SharePoint Webshell Scanning

Cve

Scanning for SharePoint web shells

SolarWinds Probe

Web-attack

Probing for SolarWinds Orion endpoints

TLS/SSL Crawler

Activity

TLS/SSL connection fingerprinting detected via Suricata

Telnet Bruteforcer

Brute-force

Multiple telnet authentication attempts detected

Telnet Login Attempt

Activity

Telnet connection attempt on port 23 or 2323

URI Parsing Exploit

Web-attack

Exploiting URI parsing vulnerabilities

VNC Login Attempt

Activity

VNC remote desktop login attempt on port 5900/5901

Web Command Injection

Web-attack

Attempting OS command injection via web parameters

Web Crawler

Activity

HTTP web crawling activity detected on web honeypots

Web Shell Hunt

Web-attack

Scanning for web shells (WSO, c99, r57, etc.)

Web Vulnerability Exploit

Web-attack

Generic web application vulnerability exploit

WordPress Auth Bypass

Cve

WordPress authentication bypass attempt

WordPress Enumeration

Web-attack

WordPress user and plugin enumeration