ag九游会官方登录--Home

流量审计规矩库

###0234

泉源:ag九游会网络    公布工夫:###nbsp;   欣赏次数:
 

晋级包下载:


【增长规矩库概况】

优化以下宁静事情:
USER_AGENTS Observed Suspicious UA (NSISDL/1.2 (Mozilla))|主机提倡可疑用户署理(NSISDL/1.2 (Mozilla))
POLICY External IP Address Lookup via ifconfig .co|主机提倡ifconfig.co地点盘问哀求
TROJAN ELF/Mirai Variant Momentum User-Agent Observed Inbound|WEB办事器收到Mirai木马用户署理Momentum哀求
POLICY External IP Address Lookup via ident .me|主机提倡ident.me地点盘问哀求
POLICY External IP Lookup (whois .pconline .com .cn)|主机提倡whois.pconline.com.cn地点盘问哀求
POLICY Observed External IP Lookup Domain (api.ip .sb in TLS SNI)|主机提倡api.ip.sb域名盘问哀求
POLICY External IP Lookup www.trackip.net|主机提倡www.trackip.net地点盘问哀求
EXPLOIT Microsoft Exchange Pre-Auth Path Confusion M1 (CVE-2021-31207)|办事器蒙受Exchange预认证途径绕过打击
TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1|主机的Ransomware打单病毒提倡killswitch域名哀求
EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 1 Pattern Set Inbound (CVE-2022-22965)|WEB办事器遭到Spring Framework RCE打击(CVE-2022-22965)设置Pattern
EXPLOIT Possible Spring Cloud Connector RCE Inbound (CVE-2022-22963)|WEB办事器遭到Spring Cloud RCE打击(CVE-2022-22963)
EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 2 Suffix Set Inbound (CVE-2022-22965)|WEB办事器遭到Spring Framework RCE打击(CVE-2022-22965)设置Suffix
EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 3 Directory Set Inbound (CVE-2022-22965)|WEB办事器遭到Spring Framework RCE打击(CVE-2022-22965)设置Directory
EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 4 Prefix Set Inbound (CVE-2022-22965)|WEB办事器遭到Spring Framework RCE打击(CVE-2022-22965)设置Prefix
USER_AGENTS Observed Graftor/LoadMoney Related User-Agent|主机提倡Graftor木马的用户署理
USER_AGENTS Observed Graftor/LoadMoney Related User-Agent|主机提倡Graftor木马的用户署理
USER_AGENTS Observed Malicious User-Agent (FastInvoice)|主机提倡歹意用户署理(FastInvoice)
POLICY Suspicious Request for .bin with Terse Headers|主机提倡可疑的.bin哀求头
MALWARE pdfspeedup Initial CnC Checkin|主机的pdfspeedup东西初始化登录哀求
MALWARE pdfspeedup Keep-Alive|主机的pdfspeedup东西正在利用

删除以下宁静事情:
External IP Lookup SSL/TLS Certificate (ifconfig .me)
主机提倡可疑用户署理(NSISDL/1.2 (Mozilla))
Quad9 DNS经过TLS证书入站


【影响范畴】

1、支持在公布的任何版本上晋级
2、晋级完成后,设置装备摆设不会重启。偶现晋级后无法前往登录页面。请于晋级非常钟后革新登录页面
3、晋级包晋级完成后,版本号坚持稳定,战略库版本更新为Data.2022.10.26.010234

 
 

上一篇:csv_vul_plugins_202210

###

下一篇:俄罗斯联邦储备银行遭遇史上最大范围DDoS打击

###