Update Details
Update #3314 (09/10/2020)
8 new signatures:
| MEDIUM | HTTP:MAL-REDIRECT-VUL-118 | HTTP: MAL-REDIRECT Infection-118 |
| HIGH | HTTP:STC:DL:CVE-2020-1308-PE | HTTP: Microsoft Windows DirectX Kernel Driver CVE-2020-1308 Privilege Escalation |
| CRITICAL | HTTP:CTS:INTEL-AMT-CVE2020-8758 | HTTP: Intel AMT and ISM CVE-2020-8758 Privilege Escalation |
| MEDIUM | HTTP:SUSP-HDR-REDRCT-VUL-119 | HTTP: SUSP-HDR-REDRCT Infection-119 |
| CRITICAL | HTTP:STC:ADOBE:CVE-2020-9698-CE | HTTP: Adobe Acrobat and Reader CVE-2020-9698 Remote Code Execution |
| HIGH | HTTP:STC:DL:CVE-2020-1152-PE | HTTP: Microsoft Windows Win32k Kernel Driver CVE-2020-1152 Privilege Escalation |
| MEDIUM | HTTP:STC:ADOBE:CVE-2020-9694-CE | HTTP: Adobe Acrobat and Reader CVE-2020-9694 Remote Code Execution |
| CRITICAL | HTTP:STC:ADOBE:CVE-2020-9693-CE | HTTP: Adobe Acorabat Reader CVE-2020-9693 Remote Code Execution |
236 new application2 signatures:
| Multimedia:Video-Streaming:GRABOID | This signature detects Graboid, an application that searches the internet for videos and makes it simple to view them as a streaming video. |
| Gaming:INJUSTICE-2 | This plugin classify injustice 2 web site. Injustice 2 is an online game edited by NetherRealm Studios and published by Warner Bros. |
| Messaging:HIKE-MESSENGER | Hike Messenger is an Indian instant messaging application. |
| Web:INSKIN | Inskin is a media advertising company. |
| Gaming:MOBILE-LEGENDS | mobile_legends provide in-App communication cloud services for games. |
| Gaming:LOL-GAME | League of Legends is a popular Multiplayer Online Battle Arena video game developed by Riot Games. |
| Messaging:YOUME | Youme provides in-App communication cloud services for games. |
| Web:FULLSTORY | FullStory is a digital analytics platform. This plugin classifies website traffic |
| Web:IBM | IBM (International Business Machines Corporation) is an American multinational technology company. |
| Web:CIBN | China International Broadcasting Network (CIBN) is an internet TV platform. This plugin classifies website traffic. |
| Web:GAODE-MAP | Gaode Map is a chinese online mapping service. Gaode Map belongs to Alibaba Group which has acquired AutoNavi which offers its map services at Amap.com. It is also known as Gaode in China. |
| Web:GOOGLE-VIDEO | Google Video hosting service provides video streaming to Google Youtube applications (Youtube, Kids, Music and Google Program such Youtube Premium). |
| Web:APPNEXT | Appnext is mobile monetization, app marketing & re-engagement platform. |
| Infrastructure:CYBERGHOST | CyberGhost is a VPN service used to unblock sites and browse privately and anonymously. |
| Web:MONDIA-MEDIA | Mondia Media is a content and entertainment services provider. This plugin classifies website browsing. |
| Gaming:HARRY-POTTER-WU | Harry Potter: Wizards Unite is an online mobile game developed by Niantic Labs. |
| Infrastructure:DICOM | DICOM stands for Digital Imaging and Communications in Medicine, supported traffic on usual TCP port 104, 11112 (decrypted traffic, no support of DICOM-TLS or DICOM-ISCL). |
| Multimedia:RAKUTEN-VIDEO | Rakuten Video hosting service provides video streaming to Rakuten TV application. |
| Web:MONDAY-COM | Monday.com is a collaboration solution for enterprise. |
| Messaging:TRIBAIR | Tribair is an VoIP application for national and international audio calls. |
| Web:GOOGLE-BLOG | blog.google is the public blog of Google (products, news, ...). |
| Web:COINIMP | Classification of traffic related to cryptocurrency Monero (XMR) mining and web traffic from web site. |
| Messaging:MUMBLE | Mumble is an open source, low-latency, high quality voice chat software primarily intended for use while gaming. |
| Web:YOPMAIL | YOPmail is a disposable email platform. YOPmail provides a fake temporary and anonymous email address. |
| Messaging:COCO | Coco is an instant messaging application with VoIP feature. |
| Web:GOOGLE-ONE | Google One is a service for managing the storage paid plan for Google applications. |
| Web:9GAG | 9gag is a humorous website or application based on the sharing of images and videos. |
| Infrastructure:VPN-MASTER | This protocol plug-in is deprecated. |
| Messaging:TIKL | Tikl is a simple VoIP push-to-talk communication application. |
| Web:TIBBR | Tibbr is a social network for work. This plugin classifies traffic generated by the website browsing. |
| Web:ICF-TECHNOLOGY | ICF Technology is a provider of high-definition video streaming and credit card processing services. Numerous adult content services have icf_technology as a subflow. |
| Infrastructure:VPN-MONSTER | This protocol plug-in is deprecated. |
| Web:APPLE-NEWS | Apple News is a mobile app and news aggregator developed by Apple Inc. |
| Gaming:AGE-OF-MAGIC | Age of Magic is a single player video game for mobile platforms. |
| Gaming:DEMONWARE | DemonWare is a software development company and a subsidiary of Activision Blizzard, Inc. |
| Infrastructure:CISCO-IP-SLA | Cisco IP SLA is used to monitor IP applications by using active traffic. |
| Web:IBOOKS | Standard iOS application to buy, read and manage books and audio books. |
| Web:GRAMMARLY | Grammarly is a cloud-based English-language writing-enhancement platform. |
| Infrastructure:SPLUNK-CLOUD | Splunk Cloud is the data collection, indexing, and visualization service for operational intelligence. |
| Multimedia:FUZE | Fuze (formerly known as ThinkingPhones) is a provider of cloud-based Unified Communications as a Service (UCaaS). |
| Infrastructure:PCCC | PCCC stands for "Programmable Controller Communication Commands", it is used to control software running in Programmable Logic Controler (PLC). PCCC traffic can be hardware specific, this plugin addresses traffic generated by Rockwell/Allen-Bradley to talk to SLC5, PLC5E and MicroLogix PLC for service. |
| Web:OPEN-SIGNAL | OpenSignal is a company that specializes in wireless coverage mapping. This plugin classifies traffic of OpenSignal traffic on iOS and Android platform. |
| Gaming:DRAGON-BALL | The Dragon Ball video game series are based on the manga and anime. This plugin classifies traffic generated by DRAGON BALL FighterZ video game. |
| Multimedia:LIFESIZE | Lifesize is a video and audio telecommunications company. This plugin classifies traffic generated on Android and Chrome platforms. |
| Infrastructure:VPN-ROBOT | This protocol plug-in is deprecated. |
| Web:FUTURE-PLC | Future Plc is a British publisher media company. |
| Web:MINEXMR-COM | Mining pool for cryptocurrency named Monero (blockchain). |
| Messaging:VYKE | Vyke is an IM allowing to buy phone number from countries such US, UK, Canada and do VoIP, text messaging (SMS), and usual chat (File transfer/text). |
| Web:TVB | Television Broadcasts Limited is a Hong Kong audio-visual group. This plugin classifies only website browsing. |
| Infrastructure:EPROXY | Eproxy is a VPN for forward proxies with custom payload and optional ssh support. This plugin classifies automatically generated fake HTTP headers and the embedded ssh clients. |
| Messaging:DISCORD | Discord is a chat, audio and video call application for gaming. |
| Web:TRELLO | Trello is list making application. |
| Web:BIGO | BIGO Technology, a Singapore-based social media company. |
| Infrastructure:TWEAKWARE | Tweakware is a vpn application. |
| Web:MONERO | Classification of traffic related to cryptocurrency Monero (XMR) mining and web traffic from web site. |
| Infrastructure:HRPC | HPRC is used between client and NameNode machine. |
| Web:DUCKDUCKGO | DuckDuckGo is an Internet search engine and a web browser for mobile devices |
| Gaming:CALL-OF-DUTY | Call of duty (aka COD) is a video game First Personal Shooter (FPS) available on Xbox, PS4, Microsoft windows and published by Activision. This plugin classifies the World War II edition. |
| Web:BYTEDANCE | ByteDance is a Chinese company that publishes several applications including TikTok (aka Musically), BuzzVideo and Vigo Video. This plugin classifies traffic from web site. |
| Web:JIBE | Google provides a platform implementing Rich Communication Services (RCS) named Jibe Cloud. This plugin only handles traffic related to web page promoting Jibe Cloud, while Jibe Cloud platform is classified by jibe_cloud plugin. |
| Web:WEBRTC | WebRtc is a free, open-source project that provides real-time communication (RTC) API for web browsers and mobile applications. |
| Web:OPENLOAD | Openload is a file host combined with a streaming site. |
| Infrastructure:MODBUS-RTU | Traffic related to Modbus Remote Terminal Unit (RTU), a distributed control system used in industrial process control (Emerson Process Management). |
| Web:CISCO-CMX-CLOUD | Cisco Connected Mobile Experiences (CMX) Cloud is a cloud-delivered version of the on-premises CMX 10 software. CMX Cloud is used in the delivery of wireless services, integrating with the Cisco wireless infrastructure and creating out-of-the-box capabilities. |
| Web:LEARNET | Learnet2.ns.sg is an online training website for Singaporean soldiers. This plugin classifies only the SSL traffic on learnet2.ns.sg. |
| Infrastructure:BARRACUDA-VPN | Appliance edited by Barracuda and providing VPN service. This plugin classifies TINA protocol. |
| Infrastructure:CISCO-AMC | This plugin classifies the protocol of CUCAM (Cisco Unified Communications Alert Manager and Collector). This service is used by CUC (Cisco Unified Communications) or the RTMT (Real-Time Monitoring Tool) to provide performance monitoring, data collection, logging, and alerting. |
| Messaging:TALKRAY | Talkray is an instant messaging application. |
| Infrastructure:OPERA-VPN | Opera VPN is a feature provided by Opera Web Browser. This feature provides VPN fonctionalities. |
| Web:ACRONIS-CLOUD | Acronis Cloud is the cloud platform used by Acronis product, including Acronis Backup. |
| Web:TIM | Tim is an Italian telecommunication company. This plugin classifies the website browsing. |
| Infrastructure:KAFKA | High throughput distributed messaging system |
| Web:VISUAL-IQ | Visual IQ is a marketing solution provider. |
| Web:TENOR | Tenor is a GIF search engine. |
| Web:BARRACUDA | Barracuda Networks, Inc. is a company providing security, networking and storage products based on network appliances and cloud services. This plugin classifies traffic related to Barracuda web site and its Could Control service. |
| Multimedia:GAANA | Gaana is an application of musical streaming. |
| Web:TECH-RADAR | TechRadar is a technology news web site. |
| Web:RIPPLE | Ripple is a cryptocurrency but unlike other cryptocurrencies it is not based on a block chain. RippleNet design is more centralized. |
| Web:TIANGE-9158 | Tiange 9158 is a social network that provides streaming and broadcast live video feature. This plugin does not support the traffic of broadcast of live video workflow. |
| Infrastructure:ROCKWELL-RNA | Rockwell Network Applications (RNA) is Rockwell implementation of Windows DNA-M and is used for communication between Rockwell FactoryTalk products. |
| Messaging:TEXTPLUS | textPlus is an instant messaging application which can send and receive sms / text / MMS / group messages to anyone in the US or Canada. |
| Web:AWS-CONSOLE | AWS Console is a web application for managing Amazon Web Services. |
| Web:ACRONIS | This plugin classifies flows related to Acronis products. |
| Infrastructure:CODEMETER | Wibu Codemeter is a license server (Software Asset Management). This plugins classifies this product as used in FactoryTalk Activation Manager. |
| Web:QUALTRICS | Qualtrics is a major online survey platform. This plugin classifies web site browsing. |
| Messaging:VENTRILO | Ventrilo is a low-latency, encrypted voice chat software primarily intended for use while gaming. |
| Multimedia:GVCP | GVCP stands for Give Vision Control Protocol a standard for industrial cameras supported by several companies. This plugin classifies GVCP traffic related to control and discovery. |
| Web:ARTE-TV | Arte TV is a Franco-German television channel. This plugin classifies traffic generated by the website. |
| Web:TARGET-COM | Target Corporation is the department store retailer in the United States. This plugin classifies traffic generated by Target website and Android application. |
| Web:FOXNETWORKS | Fox Networks Group is a subsidiary of Fox Entertainment Group for television and cable. |
| Web:W3SCHOOLS | W3Schools is an educational website for learning web technologies online (content includes tutorials and references). |
| Gaming:WB-GAMES | This protocol plug-in classifies traffic related to Warner Bros Interactive Entertainment. Warner Bros. Interactive Entertainment (also known as WB Games) is the video game production arm of Warner Bros. |
| Web:ROCKYOU | RockYou is a full-service entertainment and media company. |
| Gaming:UBISOFT | Ubisoft is an online Game software editor and publisher (Far Cry, Assasin's Creed, Watchdogs...). |
| Messaging:RING-CENTRAL | This plugin classifies website traffic of RingCentral, an application for video/audio conferencing. |
| Web:PREZI | Prezi is a presentation software. This plugin classifies traffic generated by Individual Premium features. |
| Web:TIM-VISION | Tim Vision is a smartphone application and web application provided by TIM (Italian telecom company). |
| Web:YANDEX-TAXI | Yandex Taxi is a Russian online transportation network company which connects smartphone consumers looking for a trip with drivers. Yandex Taxi and Uber in Russia and East European countries had merged in 2017. |
| Messaging:LIBON | Libon is an application that provides international audio call feature. This application is owned by Orange. |
| Web:MYTV-SUPER | MyTV SUPER is an online video platform operated by TVB. This plugin classifies only website browsing. |
| Multimedia:STARZ | Starz is an American cable and satellite television network. This plugin classifies traffic generated by Starz which is a website and mobile app that featured original programming and feature film content from Starz available for streaming. |
| Infrastructure:HADOOP | Apache Hadoop is an open source tool that enables distributed parallel processing of huge amounts of data across servers that both store and process the data. |
| Infrastructure:HEXATECH | hexatech is a vpn to unblock anonymously any site or app. |
| Web:4SYNC | 4Sync is a cloud storage service. |
| Web:ALIBABA-GROUP | Alibaba Group Holding Limited is a Chinese multinational conglomerate specializing in e-commerce, retail, Internet, AI and technology. This plugin is the default classification of domain names owned by Alibaba Group. |
| Infrastructure:TOYO-PROTOCOL | This layer classifies only a limited number of protocols known to be used by Toyo hardware (PLC). |
| Web:GOOGLE-BOOKS | On-line file storage and sharing web-service by Google. Important: most of the traffic is encrypted with generic Google certificates. The classification of this service then needs non-encrypted traffic to be injected. Classification is also correct for traffic under a proxy and some limited workflows. |
| Web:FANDOM | A free Wiki website hosting service. |
| Web:VUNGLE | Vungle is a mobile advertising platform. |
| Infrastructure:DNS-CRYPT | The DNScrypt protocol is used to translate FQDN (Fully Qualified Domain Name) into address IP and vice versa with encrypted communication |
| Messaging:LINE2-COM | Line2 (formerly Toktumi) is a telecommunication company that provides a second phone number for USA or Canada. |
| Web:IRONSOURCE | IronSource is a digital content company. |
| Web:SIMPLI-FI | Simpli.fi is an advertising technology company. |
| Infrastructure:KODI | Kodi (formerly XBox Media Center) is a free media player sofware application. |
| Web:GOV-SG | Gov.sg is the web portal for Singapore Government. This plugin classifies the website traffic. |
| Web:BLUEHOST | Bluehost is a website hosting providers. This plugin classifies web site management traffic. |
| Web:MEDIUM | Medium is an online publishing platform. |
| Web:CISCO | Cisco Systems, Inc. is an American multinational technology. This plugin classifies the website browsing. |
| Multimedia:HOOQ | HOOQ is a video on demand streaming service deployed in Asia (2018). |
| Web:TIM-MUSIC | Tim Music is a smartphone application and web application provided by TIM (Italian telecom company). |
| Web:GLOBE-TELCO | Globe Telecom is a provider of telecommunications services in the Philippines. The plugin classifies website traffic. |
| Web:EVOZI | Evozi is an apk downloader website and also a mobile apps developer. This plugin classifies website traffic. |
| Web:MOODLE | Moodle is an open-source learning platform (MOOC). This plugin classifies Moodle website, Moodle cloud instances and HTTP only local instances. |
| Web:XMRPOOL-EU | Mining pool for cryptocurrency named Monero (blockchain). |
| Web:ALIBABA-CLOUD | Alibaba Cloud, also known as Aliyun, is a Chinese cloud computing company, a subsidiary of Alibaba Group. |
| Web:OPTIMICDN | OptimiCDN pilots multiple CDNs in an All-in-One Multi CDN service for optimized web performances & enhanced User Experience. |
| Infrastructure:EXPRESSVPN | ExpressVPN is a provider of VPN tunnels with servers located in over 140 countries, a wide range of supported clients, and several standards or obfuscated protocols. This plugin classifies the website, the provided software, and manual setups using the ExpressVPN's provided configuration file. |
| Web:LITRES-RU | This plugin classifies traffic generated by e-book reader applications Litres Audio and Listres Listen. |
| Infrastructure:CISCO-NMSP | This protocol is used for data exchange between the Cisco Mobility Service Engine (MSE) and the Cisco Wireless LAN Controller (WLC). |
| Web:PROTONMAIL | This plugin classifies ProtonMail website, webmail and mail applications. |
| Infrastructure:HTTP-INJECTOR | HTTP Injector is a VPN tool. This plugin classifies the ssh tunneling. high_entropy plugin must be enabled to get shadowsocks classification. |
| Web:WISH-COM | Wish is an e-commerce website and application. |
| Infrastructure:SPRINGTECH-VPN | This plugin classifies traffic relative to VPN applications distributed by SpringTech company (namely Guangzhou Quanyong Information Technology Company), like Hot VPN, Turbo VPN, VPN Robot, Snap VPN, VPN Master Pro, VPN Monster, VPN Master. |
| Infrastructure:WINDSCRIBE | Windscribe is a desktop application and browser extension that provide VPN and Ad blocker features. |
| Messaging:KEKU | KeKu provides virtual phone numbers to make and receive calls, send and receive SMS. |
| Web:NETIGATE | Netigate is an enterprise feedback management platform. This plugin classifies website traffic. |
| Multimedia:RAKUTEN-TV | Rakuten TV is a video-on-demand (VOD) streaming service. This plugin classifies traffic for Europe and Japan. |
| Gaming:BRAWLHALLA | Brawlhalla is a free to play battle arena on-line multiplayer game edited by Blue Mammoth Games and plublished by Ubisoft. |
| Web:AIR-WATCH | Air Watch is a Mobile Device Management solution (MDM). This plugin classifies traffic generated by the cloud solution. |
| Web:EASY-ANTI-CHEAT | Easy Anti-Cheat is an anti-cheat service for multiplayer PC games. |
| Web:FAST-COM | Fast is a web service allowing to assess Internet throughput. This service is provided by Netflix. |
| Web:PATREON | Patreon is a crowdfunding platform. |
| Web:ACCOUNTKIT | Account Kit is a product of Facebook that lets people quickly register for and log in to some registered apps by using just their phone numbers or email addresses without needing a password. |
| Web:24SEVENOFFICE | 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. |
| Web:HYPERS | HYPERS is a chinese cloud platform. This plugin classifies only website browsing. |
| Web:JIBE-CLOUD | Jibe Cloud is a platform implementing Rich Communication Services (RCS) distributed by google to telecom operators integrating RCS. |
| Messaging:TALKBOX | TalkBox is a mobile group chat application from Hong Kong with support for voice messages. |
| Infrastructure:FIREFOX-VPN | Firefox Private Network is a Firefox extension which provides a secure and encrypted tunnel. |
| Web:ROCKWELL | This plugin classifies the Rockwell Automation websites and related API. |
| APPROOT:GOLANG | This plug-in classifies some web sites developped with go language (https://golang.org/) |
| Web:FOXPLUS | Fox Plus is a streaming platform that let people watch Fox Networks' group latest TV series, documentaries, Hollywood & Asian movies. |
| Web:DWARFPOOL-COM | Mining pool for cryptocurrency named Monero (blockchain). |
| Infrastructure:COUCHBASE | Couchbase Server is a distributed, open source NoSQL database engine, storing key/values or JSON documents. |
| Web:YOLO | Yolo is an application to send questions and answers to Snapchat users. Currently only available on iOS. |
| Infrastructure:CISCO-SMARTPROBE | This are packets sent by Cisco PfRv3 enabled routers to measure link quality. |
| Web:MEGAPHONE-FM | Megaphone provides podcast technology for publishers and advertisers. This plugin classifies only website traffic. |
| Web:VPN1-COM | vpn1.com is a website hosting two popular anonymizing web proxies: Hoxx VPN and setupvpn. |
| Multimedia:DAZN | DAZN is a video streaming service for sports. |
| Web:GRAB | Grab Taxi is a company offering ride hailing service in South East of Asia. |
| Web:GOOGLE-NEWS | Google News is a news aggregator and application developed by Google. |
| Web:CODEPEN-IO | CodePen is an online community for testing and showcasing user-created HTML, CSS and JavaScript code snippets. This plugin classifies only traffic generated by the free plan. |
| Messaging:VOXER | Voxer is an instant messaging application that provides voice, text, photo, and video with walkie talkie messaging (Push-to-talk PTT) features in a secure messaging app. |
| Web:INMOJI | Inmoji provides advertising emojis. This plugin classifies traffic generated by the web site. |
| Web:JSCOUNT | JsCount is a real-time website monitoring service for web server performance measurement. This plugin classifies website traffic. |
| Web:MONEROHASH-COM | Mining pool for cryptocurrency named Monero (blockchain). |
| Messaging:MTALK | Mtalk is an instant messaging application that can provide a landline phone number. |
| Gaming:PLAYKOT | Playkot Ltd. is a mobile apps developer company |
| Infrastructure:SYMANTEC-SEP | Symantec Endpoint Protection, developed by Symantec, is a security software suite, which consists of anti-malware, intrusion prevention and firewall features for servers and desktops. It has the largest market-share of any product for endpoint security. |
| Web:AMAZON-COGNITO | Cognito is an Amazon AWS server allowing to keep track of user. |
| Remote-Access:ARD | Apple Remote Desktop allows to manage Mac computers remotely. |
| Infrastructure:REDIS | Redis is a data structure server. It is open-source, networked, in-memory, and stores keys with optional durability. |
| Messaging:OTO-GLOBAL | OTO Global is an instant messaging application that provides feature to make landline or international calls. |
| Multimedia:QUICKPLAY | Quickplay is a video service provider for IP connected devices. |
| Messaging:FREEPP | FreePP is an instant messaging application, that provides domestic and international calls feature. This plugin only classifies the instant messaging traffic. |
| Gaming:MOONTON | Moonton is a video game editor. |
| Web:ANONYTUN-VPN | AnonyTun is an android VPN client offering to their users to customize a few parameters related to tunnel. |
| Web:STOREBUFF | Storebuff tests and analyzes network traffic from a given URL. This plugin classifies traffic from web site. |
| Web:GCASH | Gcash is a mobile payment application. The plugin classifies website traffic. |
| Infrastructure:TURBO-VPN | This protocol plug-in is deprecated. |
| Web:FACE-APP | FaceApp is a mobile application to transform faces in photographs. This plugin classifies traffic from free version. Picture uploads to the mobile application use separate cloud storage services and are classified separately. |
| Web:MYNT | Mynt is a FinTech startup wholly-owned by Globe Telecom. The plugin classifies website traffic. |
| Multimedia:I-WANT-TV | IWant TV is an over-the-top content (OTT) platform exclusively available in the Philippines. |
| Web:BIGBIGCHANNEL | Big Big Channel is an online video platform operated by TVB. |
| Web:NS-SG | Ns.sg is the web portal for the National Service in Singapore. This plugin classifies the website traffic. |
| Multimedia:STAN | Stan is an Australian streaming company. Stan is owned by StreamCo. |
| Web:DISCOURSE | Discourse is an open source Internet forum and mailing list management software application. |
| Infrastructure:HOT-VPN | This protocol plug-in is deprecated. |
| Web:JUMPSHARE | Jumpshare is a file sharing service. This plugin classifies traffic generated by the basic offer. |
| Multimedia:STREAMCO-MEDIA | StreamCo Media, Ltd., is a streaming media solutions company. |
| Web:CAKE-HR | CakeHR is an online HR management software. |
| Multimedia:NETFLIX-VIDEO | Classify traffic related to Netflix Streaming service. Most of that traffic goes to Open Connect Appliances (https://openconnect.netflix.com) which are deployed on ISP/IXP side to speed up throughput and so user experience. Fast.com is a Netflix application using the same servers to assess quality of Internet connection to Netflix service. |
| Web:MOJOMARKETPLACE | MOJO Marketplace offers themes, plugins and professional services for website creation on wordpress. |
| Web:CRYPTO-POOL-FR | Mining pool for cryptocurrency named Monero (blockchain). |
| Infrastructure:X-VPN | x-vpn unblock the web securely, privately and anonymously on your Android devices. x-vpn was formely FastLemon VPN |
| Messaging:TEXTME | Text Me is an instant messaging application which can make texting and calling to any phone and make national and international calls. |
| Infrastructure:ERLANG-DISTRIBUTION | Erlang distribution protocol allows several node to communicate together and exchange information. |
| Infrastructure:CISCO-SDAVC | Cisco Software-Defined AVC (SD-AVC) is a component of Cisco Application Visibility and Control (AVC). It works as a centralized network service, operating with specific participating devices in a network. |
| Web:HOXX-VPN | Hoxx VPN is a popular anonymizing web proxy. |
| Web:CISCO-CORP-TV | Cisco Corporate TV is an interactive web streaming, and live studio shows platform. |
| Web:HBO | Home Box Office (or HBO) is an American pay TV channel. This plugin classifies website traffic. |
| Infrastructure:IEC61850-SV | IEC 61850 Sampled Measured Values (SMV or SV) is protocol used in Electrical substations to share data between Intelligent Electronic Device (IED) under hard real time constraints (IEC 61850-9-2). |
| Multimedia:IFLIX | Iflix is a video streaming application based on the Akamai cloud service. |
| Messaging:TIKTOK | TikTok is a social network application acquired by ByteDance and previously known as Musical.ly. It allows its users to share live stream video content. |
| Web:TESLA | Tesla, Inc. is an American automotive and energy company. This plugin classifies website traffic. |
| Infrastructure:TANIUM | This plugin classifies Tanium Client traffic. Tanium is an Endpoint Detection and Response (EDR) solution. It is Endpoint Management System to protect entreprise against cyber threats. |
| Infrastructure:SIGNIANT | Media Shuttle is a cloud based file sharing solution from Signiant targeting high volume transfers. It have enterprise work flows management capabilities. This plugin classifies Signiant web site, MediaShuttle web interface, Signiant file transfer protocol. |
| Multimedia:VIU | Viu is an Asian streaming application. |
| Web:TIBCO | This protocol is a generic layer used as a base for all the Tibco protocols. |
| Infrastructure:EPDG-TUNNEL | This plugin classifies the traffic coming from WLAN between a user equipment (UE) and the ePDG (evolved Packet Data Gateway) in order to access the IMS (IP Multimedia Subsytem). |
| Infrastructure:HDFS | Protocol used by Hadoop to store and exchange data across a cluster. |
| Infrastructure:UDT | This plugin supports fourth version of UDT (https://tools.ietf.org/html/draft-gg-udt-03) over UDP. This protocol is involved in GridFTP infrastructure. It is a protocol for high performance data transfer with multiplexing and session control. |
| Web:DIDI | Didi is a shared transport application. This plugin add classification of traffic generated by Android and iOS platforms. |
| Web:GOOGLE-TAKEOUT | Google Takeout allows users of Google products to export their data to a downloadable archive file. The download is classified as gstatic. |
| Web:MINERGATE-COM | Mining pool for cryptocurrency named Monero (blockchain). |
| Gaming:MOJANG | Mojang is a video game and software development corporation. |
| Messaging:CISCO-UCM | Cisco Unified Communication Manager is an IP PBX for enterprises. This plugin classify Cisco specific protocols between Cisco Unified Communication components and devices; and classifies the administration web interface. |
| Web:JSFIDDLE | JSFiddle is an Online web tools development. |
| Infrastructure:TUNNELBEAR | TunnelBear VPN is a desktop application and browser extension that provide VPN. |
| Infrastructure:HBASE | Hbase is a distributed database based on Google Bigtable. |
| Messaging:VONAGE-MOBILE | Vonage Mobile is an instant messaging application that provides feature to make landline or international calls. |
| Infrastructure:VPN-MASTERPRO | This protocol plug-in is deprecated. |
| Web:GOOGLE-API | Google APIs is a set of application programming interfaces (APIs) developed by Google which allow communication with Google Services and their integration to other services. |
| Web:PUBNUB | PubNub is a global Data Stream Network. This plugin classifies only website traffic. |
| Infrastructure:ANCHORFREE | AnchorFree is an anonymous VPN software released by Betternet (formerly vpnintouch) company. Betternet was bought by AnchorFree in 2015. |
| Gaming:UNITY | Unity is a 3D engine supported by more that 25 platforms. This plugin focuses on the video game services. |
| Gaming:SOURCE-ENGINE | This plugin classifies online games using Valve's Source engine, such as HalfLife, CounterStrike, TeamFortress. Some game servers will be classified as Steam protocol |
| Infrastructure:FTPS-DATA | FTP is a communication protocol made for share files in the network TCP/IP |
| Multimedia:CMORE | CMORE is a swedish distributor of paid videos on demand. |
| Infrastructure:HIDEMAN-VPN | Hideman VPN is an application and browser extension that provides VPN features. |
| Messaging:ALICALL | Alicall is a chinese application that provide International VoIP call feature. |
| Gaming:REALVNC | RealVNC is a company that provides remote access software. |
| Infrastructure:ACRONIS-BACKUP | Acronis Backup is a backup platform that use cloud or local storage and can save multiple hosts using agents. Online storage is classified as acronis_cloud. |
| Infrastructure:SNAP-VPN | This protocol plug-in is deprecated. |
| Infrastructure:ANYWHEREUSB | This layer classifies traffic from TCP/3422 related to actual data carried out by AnywhereUSB devices connected to it. Those data are in clear text. |
| Messaging:ETISALAT-C-ME | C'Me, developed by Etisalat, is a mobile application offering voice and video calls along with instant messaging. |
| Messaging:YAHOO-TOGETHER | Yahoo Together is a group messaging application. Known by its project name Squirrel, it replaces Yahoo web messenger. |
3 updated signatures:
| CRITICAL | HTTP:HPE-IMC-EXP-INJ | HTTP: HPE-Intelligent Management Center Remote Code Execution |
| MEDIUM | HTTP:SCRIPT-INJ-VUL-117 | HTTP: SCRIPT-INJ Infection-117 |
| MEDIUM | SHELLCODE:X86:BUFFER-SHELL | SHELLCODE: X86 Buffer Overflow HTTP-STC |
2 renamed application2 signatures:
| Web:Advertisements:google-adservices-ssl | -> | Web:Advertisements:google-ads |
| Infrastructure:ge-procify | -> | Infrastructure:ge-proficy |
9 deleted signatures:
| HTTP:HPE-CVE-2019-11941-EL | HTTP: HPE Intelligent Management Center CVE-2019-11941 Expression Language Injection |
| HTTP:CTS:HPE-IMC-EXP-LANG-INJ | HTTP: HPE IMC CustomReportTemplateSelectBean Expression Language Injection |
| HTTP:MISC:HPE-IMC-ELINJ | HTTP: HPE Intelligent Management Center SoapConfigBean Expression Language Injection |
| HTTP:CTS-HPE-IMC-RCE | HTTP: HPE Intelligent Management Center iccSelectCommand Expression Language Injection |
| HTTP:CTS:HPE-IMC-EXPINJ | HTTP: HPE IMC devGroupSelect Expression Language Injection |
| HTTP:HPE-IMCP-URL-RCE | HTTP: HPE Intelligent Management Center PlatNavigationToBean URL Expression Language Injection |
| HTTP:HPE-INJECTION-RCE | HTTP: HPE Intelligent Management Center wmiConfigContent Expression Language Injection |
| HTTP:CTS:HPE-IMC-FR-EL-CI | HTTP: HPE IMC ForwardRedirect Expression Language Injection |
| HTTP:MISC:HPE-IMC-OPETATOR-CE | HTTP: HPE IMC OperatorGroupTreeSelectBean Expression Language Injection |
Details of the signatures included within this bulletin:
Messaging:ETISALAT-C-ME - ETISALAT-C-ME
Description:
C'Me, developed by Etisalat, is a mobile application offering voice and video calls along with instant messaging.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
HTTP:HPE-INJECTION-RCE - HTTP: HPE Intelligent Management Center wmiConfigContent Expression Language Injection
Severity: HIGH
Description:
An Expression Language injection vulnerability has been reported in HPE Intelligent Management Center. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary code under the security context of the SYSTEM user
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- url: http://www.zerodayinitiative.com/advisories/zdi-17-690/
- url: https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03768en_us
- cve: CVE-2017-12526
Affected Products:
- Hp intelligent_management_center 7.3
HTTP:CTS:HPE-IMC-FR-EL-CI - HTTP: HPE IMC ForwardRedirect Expression Language Injection
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against HPE Intelligent Management Center. A successful attack can lead to command injection and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
HTTP:CTS:HPE-IMC-EXP-LANG-INJ - HTTP: HPE IMC CustomReportTemplateSelectBean Expression Language Injection
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against HPE IMC. A successful attack can lead to expression language injection and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- url: https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03930en_us&doclocale=en_u
- cve: CVE-2019-5373
Affected Products:
- Hp intelligent_management_center 7.2
- Hp intelligent_management_center 5.1
- Hp intelligent_management_center 7.0
- Hp intelligent_management_center 5.0
- Hp intelligent_management_center 7.3
- Hp intelligent_management_center 5.2
SHELLCODE:X86:BUFFER-SHELL - SHELLCODE: X86 Buffer Overflow HTTP-STC
Severity: MEDIUM
Description:
This signature scans HTTP data for a x86 shellcode instruction sequence, resulting in buffer overflow exploit.
Supported On:
idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1
HTTP:MISC:HPE-IMC-OPETATOR-CE - HTTP: HPE IMC OperatorGroupTreeSelectBean Expression Language Injection
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against HPE IMC. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2019-5374
Affected Products:
- Hp intelligent_management_center 7.2
- Hp intelligent_management_center 5.1
- Hp intelligent_management_center 7.0
- Hp intelligent_management_center 5.0
- Hp intelligent_management_center 7.3
- Hp intelligent_management_center 5.2
Web:Advertisements:GOOGLE-ADS - GOOGLE-ADS
Description:
Google Ads is the online ad service from Google.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
HTTP:CTS-HPE-IMC-RCE - HTTP: HPE Intelligent Management Center iccSelectCommand Expression Language Injection
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against HPE Intelligent Management Center. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Infrastructure:GE-PROFICY - GE-PROFICY
Description:
Proficy is a General Electric product for industrial environment allowing monitoring and data management from SCADA network. This plugin classifies traffic related to Proficy Gateway service (PR Gateway) and Proficy Licensing server (PR Licensing)
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:Video-Streaming:GRABOID - GRABOID
Description:
This signature detects Graboid, an application that searches the internet for videos and makes it simple to view them as a streaming video.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:INJUSTICE-2 - INJUSTICE-2
Description:
This plugin classify injustice 2 web site. Injustice 2 is an online game edited by NetherRealm Studios and published by Warner Bros.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:HIKE-MESSENGER - HIKE-MESSENGER
Description:
Hike Messenger is an Indian instant messaging application.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:INSKIN - INSKIN
Description:
Inskin is a media advertising company.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:MOBILE-LEGENDS - MOBILE-LEGENDS
Description:
mobile_legends provide in-App communication cloud services for games.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:LOL-GAME - LOL-GAME
Description:
League of Legends is a popular Multiplayer Online Battle Arena video game developed by Riot Games.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:YOUME - YOUME
Description:
Youme provides in-App communication cloud services for games.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:FULLSTORY - FULLSTORY
Description:
FullStory is a digital analytics platform. This plugin classifies website traffic
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:IBM - IBM
Description:
IBM (International Business Machines Corporation) is an American multinational technology company.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:CIBN - CIBN
Description:
China International Broadcasting Network (CIBN) is an internet TV platform. This plugin classifies website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GAODE-MAP - GAODE-MAP
Description:
Gaode Map is a chinese online mapping service. Gaode Map belongs to Alibaba Group which has acquired AutoNavi which offers its map services at Amap.com. It is also known as Gaode in China.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GOOGLE-VIDEO - GOOGLE-VIDEO
Description:
Google Video hosting service provides video streaming to Google Youtube applications (Youtube, Kids, Music and Google Program such Youtube Premium).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:APPNEXT - APPNEXT
Description:
Appnext is mobile monetization, app marketing & re-engagement platform.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:CYBERGHOST - CYBERGHOST
Description:
CyberGhost is a VPN service used to unblock sites and browse privately and anonymously.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:MONDIA-MEDIA - MONDIA-MEDIA
Description:
Mondia Media is a content and entertainment services provider. This plugin classifies website browsing.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:HARRY-POTTER-WU - HARRY-POTTER-WU
Description:
Harry Potter: Wizards Unite is an online mobile game developed by Niantic Labs.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:DICOM - DICOM
Description:
DICOM stands for Digital Imaging and Communications in Medicine, supported traffic on usual TCP port 104, 11112 (decrypted traffic, no support of DICOM-TLS or DICOM-ISCL).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:RAKUTEN-VIDEO - RAKUTEN-VIDEO
Description:
Rakuten Video hosting service provides video streaming to Rakuten TV application.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:MONDAY-COM - MONDAY-COM
Description:
Monday.com is a collaboration solution for enterprise.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:TRIBAIR - TRIBAIR
Description:
Tribair is an VoIP application for national and international audio calls.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GOOGLE-BLOG - GOOGLE-BLOG
Description:
blog.google is the public blog of Google (products, news, ...).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:COINIMP - COINIMP
Description:
Classification of traffic related to cryptocurrency Monero (XMR) mining and web traffic from web site.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:MUMBLE - MUMBLE
Description:
Mumble is an open source, low-latency, high quality voice chat software primarily intended for use while gaming.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:YOPMAIL - YOPMAIL
Description:
YOPmail is a disposable email platform. YOPmail provides a fake temporary and anonymous email address.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:COCO - COCO
Description:
Coco is an instant messaging application with VoIP feature.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GOOGLE-ONE - GOOGLE-ONE
Description:
Google One is a service for managing the storage paid plan for Google applications.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:9GAG - 9GAG
Description:
9gag is a humorous website or application based on the sharing of images and videos.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:VPN-MASTER - VPN-MASTER
Description:
This protocol plug-in is deprecated.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:TIKL - TIKL
Description:
Tikl is a simple VoIP push-to-talk communication application.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:TIBBR - TIBBR
Description:
Tibbr is a social network for work. This plugin classifies traffic generated by the website browsing.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:ICF-TECHNOLOGY - ICF-TECHNOLOGY
Description:
ICF Technology is a provider of high-definition video streaming and credit card processing services. Numerous adult content services have icf_technology as a subflow.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:VPN-MONSTER - VPN-MONSTER
Description:
This protocol plug-in is deprecated.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:APPLE-NEWS - APPLE-NEWS
Description:
Apple News is a mobile app and news aggregator developed by Apple Inc.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:AGE-OF-MAGIC - AGE-OF-MAGIC
Description:
Age of Magic is a single player video game for mobile platforms.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:DEMONWARE - DEMONWARE
Description:
DemonWare is a software development company and a subsidiary of Activision Blizzard, Inc.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:CISCO-IP-SLA - CISCO-IP-SLA
Description:
Cisco IP SLA is used to monitor IP applications by using active traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:IBOOKS - IBOOKS
Description:
Standard iOS application to buy, read and manage books and audio books.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GRAMMARLY - GRAMMARLY
Description:
Grammarly is a cloud-based English-language writing-enhancement platform.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:SPLUNK-CLOUD - SPLUNK-CLOUD
Description:
Splunk Cloud is the data collection, indexing, and visualization service for operational intelligence.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:FUZE - FUZE
Description:
Fuze (formerly known as ThinkingPhones) is a provider of cloud-based Unified Communications as a Service (UCaaS).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:PCCC - PCCC
Description:
PCCC stands for "Programmable Controller Communication Commands", it is used to control software running in Programmable Logic Controler (PLC). PCCC traffic can be hardware specific, this plugin addresses traffic generated by Rockwell/Allen-Bradley to talk to SLC5, PLC5E and MicroLogix PLC for service.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:OPEN-SIGNAL - OPEN-SIGNAL
Description:
OpenSignal is a company that specializes in wireless coverage mapping. This plugin classifies traffic of OpenSignal traffic on iOS and Android platform.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:DRAGON-BALL - DRAGON-BALL
Description:
The Dragon Ball video game series are based on the manga and anime. This plugin classifies traffic generated by DRAGON BALL FighterZ video game.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:LIFESIZE - LIFESIZE
Description:
Lifesize is a video and audio telecommunications company. This plugin classifies traffic generated on Android and Chrome platforms.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:VPN-ROBOT - VPN-ROBOT
Description:
This protocol plug-in is deprecated.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:FUTURE-PLC - FUTURE-PLC
Description:
Future Plc is a British publisher media company.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:MINEXMR-COM - MINEXMR-COM
Description:
Mining pool for cryptocurrency named Monero (blockchain).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:VYKE - VYKE
Description:
Vyke is an IM allowing to buy phone number from countries such US, UK, Canada and do VoIP, text messaging (SMS), and usual chat (File transfer/text).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:TVB - TVB
Description:
Television Broadcasts Limited is a Hong Kong audio-visual group. This plugin classifies only website browsing.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:EPROXY - EPROXY
Description:
Eproxy is a VPN for forward proxies with custom payload and optional ssh support. This plugin classifies automatically generated fake HTTP headers and the embedded ssh clients.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:DISCORD - DISCORD
Description:
Discord is a chat, audio and video call application for gaming.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:TRELLO - TRELLO
Description:
Trello is list making application.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:BIGO - BIGO
Description:
BIGO Technology, a Singapore-based social media company.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:TWEAKWARE - TWEAKWARE
Description:
Tweakware is a vpn application.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:MONERO - MONERO
Description:
Classification of traffic related to cryptocurrency Monero (XMR) mining and web traffic from web site.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:HRPC - HRPC
Description:
HPRC is used between client and NameNode machine.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:DUCKDUCKGO - DUCKDUCKGO
Description:
DuckDuckGo is an Internet search engine and a web browser for mobile devices
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:CALL-OF-DUTY - CALL-OF-DUTY
Description:
Call of duty (aka COD) is a video game First Personal Shooter (FPS) available on Xbox, PS4, Microsoft windows and published by Activision. This plugin classifies the World War II edition.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:BYTEDANCE - BYTEDANCE
Description:
ByteDance is a Chinese company that publishes several applications including TikTok (aka Musically), BuzzVideo and Vigo Video. This plugin classifies traffic from web site.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:JIBE - JIBE
Description:
Google provides a platform implementing Rich Communication Services (RCS) named Jibe Cloud. This plugin only handles traffic related to web page promoting Jibe Cloud, while Jibe Cloud platform is classified by jibe_cloud plugin.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:WEBRTC - WEBRTC
Description:
WebRtc is a free, open-source project that provides real-time communication (RTC) API for web browsers and mobile applications.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:OPENLOAD - OPENLOAD
Description:
Openload is a file host combined with a streaming site.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:MODBUS-RTU - MODBUS-RTU
Description:
Traffic related to Modbus Remote Terminal Unit (RTU), a distributed control system used in industrial process control (Emerson Process Management).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:CISCO-CMX-CLOUD - CISCO-CMX-CLOUD
Description:
Cisco Connected Mobile Experiences (CMX) Cloud is a cloud-delivered version of the on-premises CMX 10 software. CMX Cloud is used in the delivery of wireless services, integrating with the Cisco wireless infrastructure and creating out-of-the-box capabilities.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:LEARNET - LEARNET
Description:
Learnet2.ns.sg is an online training website for Singaporean soldiers. This plugin classifies only the SSL traffic on learnet2.ns.sg.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:BARRACUDA-VPN - BARRACUDA-VPN
Description:
Appliance edited by Barracuda and providing VPN service. This plugin classifies TINA protocol.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:CISCO-AMC - CISCO-AMC
Description:
This plugin classifies the protocol of CUCAM (Cisco Unified Communications Alert Manager and Collector). This service is used by CUC (Cisco Unified Communications) or the RTMT (Real-Time Monitoring Tool) to provide performance monitoring, data collection, logging, and alerting.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:TALKRAY - TALKRAY
Description:
Talkray is an instant messaging application.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:OPERA-VPN - OPERA-VPN
Description:
Opera VPN is a feature provided by Opera Web Browser. This feature provides VPN fonctionalities.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:ACRONIS-CLOUD - ACRONIS-CLOUD
Description:
Acronis Cloud is the cloud platform used by Acronis product, including Acronis Backup.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:TIM - TIM
Description:
Tim is an Italian telecommunication company. This plugin classifies the website browsing.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:KAFKA - KAFKA
Description:
High throughput distributed messaging system
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:VISUAL-IQ - VISUAL-IQ
Description:
Visual IQ is a marketing solution provider.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:TENOR - TENOR
Description:
Tenor is a GIF search engine.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:BARRACUDA - BARRACUDA
Description:
Barracuda Networks, Inc. is a company providing security, networking and storage products based on network appliances and cloud services. This plugin classifies traffic related to Barracuda web site and its Could Control service.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:GAANA - GAANA
Description:
Gaana is an application of musical streaming.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:TECH-RADAR - TECH-RADAR
Description:
TechRadar is a technology news web site.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:RIPPLE - RIPPLE
Description:
Ripple is a cryptocurrency but unlike other cryptocurrencies it is not based on a block chain. RippleNet design is more centralized.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:TIANGE-9158 - TIANGE-9158
Description:
Tiange 9158 is a social network that provides streaming and broadcast live video feature. This plugin does not support the traffic of broadcast of live video workflow.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:ROCKWELL-RNA - ROCKWELL-RNA
Description:
Rockwell Network Applications (RNA) is Rockwell implementation of Windows DNA-M and is used for communication between Rockwell FactoryTalk products.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:TEXTPLUS - TEXTPLUS
Description:
textPlus is an instant messaging application which can send and receive sms / text / MMS / group messages to anyone in the US or Canada.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:AWS-CONSOLE - AWS-CONSOLE
Description:
AWS Console is a web application for managing Amazon Web Services.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:ACRONIS - ACRONIS
Description:
This plugin classifies flows related to Acronis products.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:CODEMETER - CODEMETER
Description:
Wibu Codemeter is a license server (Software Asset Management). This plugins classifies this product as used in FactoryTalk Activation Manager.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:QUALTRICS - QUALTRICS
Description:
Qualtrics is a major online survey platform. This plugin classifies web site browsing.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:VENTRILO - VENTRILO
Description:
Ventrilo is a low-latency, encrypted voice chat software primarily intended for use while gaming.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:GVCP - GVCP
Description:
GVCP stands for Give Vision Control Protocol a standard for industrial cameras supported by several companies. This plugin classifies GVCP traffic related to control and discovery.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:ARTE-TV - ARTE-TV
Description:
Arte TV is a Franco-German television channel. This plugin classifies traffic generated by the website.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:TARGET-COM - TARGET-COM
Description:
Target Corporation is the department store retailer in the United States. This plugin classifies traffic generated by Target website and Android application.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:FOXNETWORKS - FOXNETWORKS
Description:
Fox Networks Group is a subsidiary of Fox Entertainment Group for television and cable.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:W3SCHOOLS - W3SCHOOLS
Description:
W3Schools is an educational website for learning web technologies online (content includes tutorials and references).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:WB-GAMES - WB-GAMES
Description:
This protocol plug-in classifies traffic related to Warner Bros Interactive Entertainment. Warner Bros. Interactive Entertainment (also known as WB Games) is the video game production arm of Warner Bros.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:ROCKYOU - ROCKYOU
Description:
RockYou is a full-service entertainment and media company.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:UBISOFT - UBISOFT
Description:
Ubisoft is an online Game software editor and publisher (Far Cry, Assasin's Creed, Watchdogs...).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:RING-CENTRAL - RING-CENTRAL
Description:
This plugin classifies website traffic of RingCentral, an application for video/audio conferencing.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:PREZI - PREZI
Description:
Prezi is a presentation software. This plugin classifies traffic generated by Individual Premium features.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:TIM-VISION - TIM-VISION
Description:
Tim Vision is a smartphone application and web application provided by TIM (Italian telecom company).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:YANDEX-TAXI - YANDEX-TAXI
Description:
Yandex Taxi is a Russian online transportation network company which connects smartphone consumers looking for a trip with drivers. Yandex Taxi and Uber in Russia and East European countries had merged in 2017.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:LIBON - LIBON
Description:
Libon is an application that provides international audio call feature. This application is owned by Orange.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:MYTV-SUPER - MYTV-SUPER
Description:
MyTV SUPER is an online video platform operated by TVB. This plugin classifies only website browsing.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:STARZ - STARZ
Description:
Starz is an American cable and satellite television network. This plugin classifies traffic generated by Starz which is a website and mobile app that featured original programming and feature film content from Starz available for streaming.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:HADOOP - HADOOP
Description:
Apache Hadoop is an open source tool that enables distributed parallel processing of huge amounts of data across servers that both store and process the data.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:HEXATECH - HEXATECH
Description:
hexatech is a vpn to unblock anonymously any site or app.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:4SYNC - 4SYNC
Description:
4Sync is a cloud storage service.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:ALIBABA-GROUP - ALIBABA-GROUP
Description:
Alibaba Group Holding Limited is a Chinese multinational conglomerate specializing in e-commerce, retail, Internet, AI and technology. This plugin is the default classification of domain names owned by Alibaba Group.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:TOYO-PROTOCOL - TOYO-PROTOCOL
Description:
This layer classifies only a limited number of protocols known to be used by Toyo hardware (PLC).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GOOGLE-BOOKS - GOOGLE-BOOKS
Description:
On-line file storage and sharing web-service by Google. Important: most of the traffic is encrypted with generic Google certificates. The classification of this service then needs non-encrypted traffic to be injected. Classification is also correct for traffic under a proxy and some limited workflows.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:FANDOM - FANDOM
Description:
A free Wiki website hosting service.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:VUNGLE - VUNGLE
Description:
Vungle is a mobile advertising platform.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:DNS-CRYPT - DNS-CRYPT
Description:
The DNScrypt protocol is used to translate FQDN (Fully Qualified Domain Name) into address IP and vice versa with encrypted communication
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:LINE2-COM - LINE2-COM
Description:
Line2 (formerly Toktumi) is a telecommunication company that provides a second phone number for USA or Canada.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:IRONSOURCE - IRONSOURCE
Description:
IronSource is a digital content company.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:SIMPLI-FI - SIMPLI-FI
Description:
Simpli.fi is an advertising technology company.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:KODI - KODI
Description:
Kodi (formerly XBox Media Center) is a free media player sofware application.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GOV-SG - GOV-SG
Description:
Gov.sg is the web portal for Singapore Government. This plugin classifies the website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:BLUEHOST - BLUEHOST
Description:
Bluehost is a website hosting providers. This plugin classifies web site management traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:MEDIUM - MEDIUM
Description:
Medium is an online publishing platform.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:CISCO - CISCO
Description:
Cisco Systems, Inc. is an American multinational technology. This plugin classifies the website browsing.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:HOOQ - HOOQ
Description:
HOOQ is a video on demand streaming service deployed in Asia (2018).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:TIM-MUSIC - TIM-MUSIC
Description:
Tim Music is a smartphone application and web application provided by TIM (Italian telecom company).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GLOBE-TELCO - GLOBE-TELCO
Description:
Globe Telecom is a provider of telecommunications services in the Philippines. The plugin classifies website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:EVOZI - EVOZI
Description:
Evozi is an apk downloader website and also a mobile apps developer. This plugin classifies website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:MOODLE - MOODLE
Description:
Moodle is an open-source learning platform (MOOC). This plugin classifies Moodle website, Moodle cloud instances and HTTP only local instances.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:XMRPOOL-EU - XMRPOOL-EU
Description:
Mining pool for cryptocurrency named Monero (blockchain).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:ALIBABA-CLOUD - ALIBABA-CLOUD
Description:
Alibaba Cloud, also known as Aliyun, is a Chinese cloud computing company, a subsidiary of Alibaba Group.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:OPTIMICDN - OPTIMICDN
Description:
OptimiCDN pilots multiple CDNs in an All-in-One Multi CDN service for optimized web performances & enhanced User Experience.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:EXPRESSVPN - EXPRESSVPN
Description:
ExpressVPN is a provider of VPN tunnels with servers located in over 140 countries, a wide range of supported clients, and several standards or obfuscated protocols. This plugin classifies the website, the provided software, and manual setups using the ExpressVPN's provided configuration file.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:LITRES-RU - LITRES-RU
Description:
This plugin classifies traffic generated by e-book reader applications Litres Audio and Listres Listen.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:CISCO-NMSP - CISCO-NMSP
Description:
This protocol is used for data exchange between the Cisco Mobility Service Engine (MSE) and the Cisco Wireless LAN Controller (WLC).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:PROTONMAIL - PROTONMAIL
Description:
This plugin classifies ProtonMail website, webmail and mail applications.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:HTTP-INJECTOR - HTTP-INJECTOR
Description:
HTTP Injector is a VPN tool. This plugin classifies the ssh tunneling. high_entropy plugin must be enabled to get shadowsocks classification.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:WISH-COM - WISH-COM
Description:
Wish is an e-commerce website and application.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:SPRINGTECH-VPN - SPRINGTECH-VPN
Description:
This plugin classifies traffic relative to VPN applications distributed by SpringTech company (namely Guangzhou Quanyong Information Technology Company), like Hot VPN, Turbo VPN, VPN Robot, Snap VPN, VPN Master Pro, VPN Monster, VPN Master.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:WINDSCRIBE - WINDSCRIBE
Description:
Windscribe is a desktop application and browser extension that provide VPN and Ad blocker features.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:KEKU - KEKU
Description:
KeKu provides virtual phone numbers to make and receive calls, send and receive SMS.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:NETIGATE - NETIGATE
Description:
Netigate is an enterprise feedback management platform. This plugin classifies website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:RAKUTEN-TV - RAKUTEN-TV
Description:
Rakuten TV is a video-on-demand (VOD) streaming service. This plugin classifies traffic for Europe and Japan.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:BRAWLHALLA - BRAWLHALLA
Description:
Brawlhalla is a free to play battle arena on-line multiplayer game edited by Blue Mammoth Games and plublished by Ubisoft.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:AIR-WATCH - AIR-WATCH
Description:
Air Watch is a Mobile Device Management solution (MDM). This plugin classifies traffic generated by the cloud solution.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:EASY-ANTI-CHEAT - EASY-ANTI-CHEAT
Description:
Easy Anti-Cheat is an anti-cheat service for multiplayer PC games.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:FAST-COM - FAST-COM
Description:
Fast is a web service allowing to assess Internet throughput. This service is provided by Netflix.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:PATREON - PATREON
Description:
Patreon is a crowdfunding platform.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:ACCOUNTKIT - ACCOUNTKIT
Description:
Account Kit is a product of Facebook that lets people quickly register for and log in to some registered apps by using just their phone numbers or email addresses without needing a password.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:24SEVENOFFICE - 24SEVENOFFICE
Description:
24SevenOffice is a web-based Enterprise resource planning (ERP) systems.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:HYPERS - HYPERS
Description:
HYPERS is a chinese cloud platform. This plugin classifies only website browsing.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:JIBE-CLOUD - JIBE-CLOUD
Description:
Jibe Cloud is a platform implementing Rich Communication Services (RCS) distributed by google to telecom operators integrating RCS.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:TALKBOX - TALKBOX
Description:
TalkBox is a mobile group chat application from Hong Kong with support for voice messages.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:FIREFOX-VPN - FIREFOX-VPN
Description:
Firefox Private Network is a Firefox extension which provides a secure and encrypted tunnel.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:ROCKWELL - ROCKWELL
Description:
This plugin classifies the Rockwell Automation websites and related API.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
APPROOT:GOLANG - GOLANG
Description:
This plug-in classifies some web sites developped with go language (https://golang.org/)
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:FOXPLUS - FOXPLUS
Description:
Fox Plus is a streaming platform that let people watch Fox Networks' group latest TV series, documentaries, Hollywood & Asian movies.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:DWARFPOOL-COM - DWARFPOOL-COM
Description:
Mining pool for cryptocurrency named Monero (blockchain).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:COUCHBASE - COUCHBASE
Description:
Couchbase Server is a distributed, open source NoSQL database engine, storing key/values or JSON documents.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:YOLO - YOLO
Description:
Yolo is an application to send questions and answers to Snapchat users. Currently only available on iOS.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:CISCO-SMARTPROBE - CISCO-SMARTPROBE
Description:
This are packets sent by Cisco PfRv3 enabled routers to measure link quality.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:MEGAPHONE-FM - MEGAPHONE-FM
Description:
Megaphone provides podcast technology for publishers and advertisers. This plugin classifies only website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:VPN1-COM - VPN1-COM
Description:
vpn1.com is a website hosting two popular anonymizing web proxies: Hoxx VPN and setupvpn.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:DAZN - DAZN
Description:
DAZN is a video streaming service for sports.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GRAB - GRAB
Description:
Grab Taxi is a company offering ride hailing service in South East of Asia.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GOOGLE-NEWS - GOOGLE-NEWS
Description:
Google News is a news aggregator and application developed by Google.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:CODEPEN-IO - CODEPEN-IO
Description:
CodePen is an online community for testing and showcasing user-created HTML, CSS and JavaScript code snippets. This plugin classifies only traffic generated by the free plan.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:VOXER - VOXER
Description:
Voxer is an instant messaging application that provides voice, text, photo, and video with walkie talkie messaging (Push-to-talk PTT) features in a secure messaging app.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:INMOJI - INMOJI
Description:
Inmoji provides advertising emojis. This plugin classifies traffic generated by the web site.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:JSCOUNT - JSCOUNT
Description:
JsCount is a real-time website monitoring service for web server performance measurement. This plugin classifies website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:MONEROHASH-COM - MONEROHASH-COM
Description:
Mining pool for cryptocurrency named Monero (blockchain).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:MTALK - MTALK
Description:
Mtalk is an instant messaging application that can provide a landline phone number.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:PLAYKOT - PLAYKOT
Description:
Playkot Ltd. is a mobile apps developer company
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:SYMANTEC-SEP - SYMANTEC-SEP
Description:
Symantec Endpoint Protection, developed by Symantec, is a security software suite, which consists of anti-malware, intrusion prevention and firewall features for servers and desktops. It has the largest market-share of any product for endpoint security.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:AMAZON-COGNITO - AMAZON-COGNITO
Description:
Cognito is an Amazon AWS server allowing to keep track of user.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Remote-Access:ARD - ARD
Description:
Apple Remote Desktop allows to manage Mac computers remotely.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:REDIS - REDIS
Description:
Redis is a data structure server. It is open-source, networked, in-memory, and stores keys with optional durability.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:OTO-GLOBAL - OTO-GLOBAL
Description:
OTO Global is an instant messaging application that provides feature to make landline or international calls.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:QUICKPLAY - QUICKPLAY
Description:
Quickplay is a video service provider for IP connected devices.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:FREEPP - FREEPP
Description:
FreePP is an instant messaging application, that provides domestic and international calls feature. This plugin only classifies the instant messaging traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:MOONTON - MOONTON
Description:
Moonton is a video game editor.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:ANONYTUN-VPN - ANONYTUN-VPN
Description:
AnonyTun is an android VPN client offering to their users to customize a few parameters related to tunnel.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:STOREBUFF - STOREBUFF
Description:
Storebuff tests and analyzes network traffic from a given URL. This plugin classifies traffic from web site.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GCASH - GCASH
Description:
Gcash is a mobile payment application. The plugin classifies website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:TURBO-VPN - TURBO-VPN
Description:
This protocol plug-in is deprecated.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:FACE-APP - FACE-APP
Description:
FaceApp is a mobile application to transform faces in photographs. This plugin classifies traffic from free version. Picture uploads to the mobile application use separate cloud storage services and are classified separately.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:MYNT - MYNT
Description:
Mynt is a FinTech startup wholly-owned by Globe Telecom. The plugin classifies website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:I-WANT-TV - I-WANT-TV
Description:
IWant TV is an over-the-top content (OTT) platform exclusively available in the Philippines.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:BIGBIGCHANNEL - BIGBIGCHANNEL
Description:
Big Big Channel is an online video platform operated by TVB.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:NS-SG - NS-SG
Description:
Ns.sg is the web portal for the National Service in Singapore. This plugin classifies the website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:STAN - STAN
Description:
Stan is an Australian streaming company. Stan is owned by StreamCo.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:DISCOURSE - DISCOURSE
Description:
Discourse is an open source Internet forum and mailing list management software application.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:HOT-VPN - HOT-VPN
Description:
This protocol plug-in is deprecated.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:JUMPSHARE - JUMPSHARE
Description:
Jumpshare is a file sharing service. This plugin classifies traffic generated by the basic offer.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:STREAMCO-MEDIA - STREAMCO-MEDIA
Description:
StreamCo Media, Ltd., is a streaming media solutions company.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:CAKE-HR - CAKE-HR
Description:
CakeHR is an online HR management software.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:NETFLIX-VIDEO - NETFLIX-VIDEO
Description:
Classify traffic related to Netflix Streaming service. Most of that traffic goes to Open Connect Appliances (https://openconnect.netflix.com) which are deployed on ISP/IXP side to speed up throughput and so user experience. Fast.com is a Netflix application using the same servers to assess quality of Internet connection to Netflix service.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:MOJOMARKETPLACE - MOJOMARKETPLACE
Description:
MOJO Marketplace offers themes, plugins and professional services for website creation on wordpress.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:CRYPTO-POOL-FR - CRYPTO-POOL-FR
Description:
Mining pool for cryptocurrency named Monero (blockchain).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:X-VPN - X-VPN
Description:
x-vpn unblock the web securely, privately and anonymously on your Android devices. x-vpn was formely FastLemon VPN
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:TEXTME - TEXTME
Description:
Text Me is an instant messaging application which can make texting and calling to any phone and make national and international calls.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:ERLANG-DISTRIBUTION - ERLANG-DISTRIBUTION
Description:
Erlang distribution protocol allows several node to communicate together and exchange information.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:CISCO-SDAVC - CISCO-SDAVC
Description:
Cisco Software-Defined AVC (SD-AVC) is a component of Cisco Application Visibility and Control (AVC). It works as a centralized network service, operating with specific participating devices in a network.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:HOXX-VPN - HOXX-VPN
Description:
Hoxx VPN is a popular anonymizing web proxy.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:CISCO-CORP-TV - CISCO-CORP-TV
Description:
Cisco Corporate TV is an interactive web streaming, and live studio shows platform.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:HBO - HBO
Description:
Home Box Office (or HBO) is an American pay TV channel. This plugin classifies website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:IEC61850-SV - IEC61850-SV
Description:
IEC 61850 Sampled Measured Values (SMV or SV) is protocol used in Electrical substations to share data between Intelligent Electronic Device (IED) under hard real time constraints (IEC 61850-9-2).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:IFLIX - IFLIX
Description:
Iflix is a video streaming application based on the Akamai cloud service.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:TIKTOK - TIKTOK
Description:
TikTok is a social network application acquired by ByteDance and previously known as Musical.ly. It allows its users to share live stream video content.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:TESLA - TESLA
Description:
Tesla, Inc. is an American automotive and energy company. This plugin classifies website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:TANIUM - TANIUM
Description:
This plugin classifies Tanium Client traffic. Tanium is an Endpoint Detection and Response (EDR) solution. It is Endpoint Management System to protect entreprise against cyber threats.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:SIGNIANT - SIGNIANT
Description:
Media Shuttle is a cloud based file sharing solution from Signiant targeting high volume transfers. It have enterprise work flows management capabilities. This plugin classifies Signiant web site, MediaShuttle web interface, Signiant file transfer protocol.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:VIU - VIU
Description:
Viu is an Asian streaming application.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:TIBCO - TIBCO
Description:
This protocol is a generic layer used as a base for all the Tibco protocols.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:EPDG-TUNNEL - EPDG-TUNNEL
Description:
This plugin classifies the traffic coming from WLAN between a user equipment (UE) and the ePDG (evolved Packet Data Gateway) in order to access the IMS (IP Multimedia Subsytem).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:HDFS - HDFS
Description:
Protocol used by Hadoop to store and exchange data across a cluster.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:UDT - UDT
Description:
This plugin supports fourth version of UDT (https://tools.ietf.org/html/draft-gg-udt-03) over UDP. This protocol is involved in GridFTP infrastructure. It is a protocol for high performance data transfer with multiplexing and session control.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:DIDI - DIDI
Description:
Didi is a shared transport application. This plugin add classification of traffic generated by Android and iOS platforms.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GOOGLE-TAKEOUT - GOOGLE-TAKEOUT
Description:
Google Takeout allows users of Google products to export their data to a downloadable archive file. The download is classified as gstatic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:MINERGATE-COM - MINERGATE-COM
Description:
Mining pool for cryptocurrency named Monero (blockchain).
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:MOJANG - MOJANG
Description:
Mojang is a video game and software development corporation.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:CISCO-UCM - CISCO-UCM
Description:
Cisco Unified Communication Manager is an IP PBX for enterprises. This plugin classify Cisco specific protocols between Cisco Unified Communication components and devices; and classifies the administration web interface.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:JSFIDDLE - JSFIDDLE
Description:
JSFiddle is an Online web tools development.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:TUNNELBEAR - TUNNELBEAR
Description:
TunnelBear VPN is a desktop application and browser extension that provide VPN.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:HBASE - HBASE
Description:
Hbase is a distributed database based on Google Bigtable.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:VONAGE-MOBILE - VONAGE-MOBILE
Description:
Vonage Mobile is an instant messaging application that provides feature to make landline or international calls.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:VPN-MASTERPRO - VPN-MASTERPRO
Description:
This protocol plug-in is deprecated.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:GOOGLE-API - GOOGLE-API
Description:
Google APIs is a set of application programming interfaces (APIs) developed by Google which allow communication with Google Services and their integration to other services.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Web:PUBNUB - PUBNUB
Description:
PubNub is a global Data Stream Network. This plugin classifies only website traffic.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:ANCHORFREE - ANCHORFREE
Description:
AnchorFree is an anonymous VPN software released by Betternet (formerly vpnintouch) company. Betternet was bought by AnchorFree in 2015.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:UNITY - UNITY
Description:
Unity is a 3D engine supported by more that 25 platforms. This plugin focuses on the video game services.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:SOURCE-ENGINE - SOURCE-ENGINE
Description:
This plugin classifies online games using Valve's Source engine, such as HalfLife, CounterStrike, TeamFortress. Some game servers will be classified as Steam protocol
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:FTPS-DATA - FTPS-DATA
Description:
FTP is a communication protocol made for share files in the network TCP/IP
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Multimedia:CMORE - CMORE
Description:
CMORE is a swedish distributor of paid videos on demand.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:HIDEMAN-VPN - HIDEMAN-VPN
Description:
Hideman VPN is an application and browser extension that provides VPN features.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Messaging:ALICALL - ALICALL
Description:
Alicall is a chinese application that provide International VoIP call feature.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Gaming:REALVNC - REALVNC
Description:
RealVNC is a company that provides remote access software.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:ACRONIS-BACKUP - ACRONIS-BACKUP
Description:
Acronis Backup is a backup platform that use cloud or local storage and can save multiple hosts using agents. Online storage is classified as acronis_cloud.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:SNAP-VPN - SNAP-VPN
Description:
This protocol plug-in is deprecated.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
Infrastructure:ANYWHEREUSB - ANYWHEREUSB
Description:
This layer classifies traffic from TCP/3422 related to actual data carried out by AnywhereUSB devices connected to it. Those data are in clear text.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
HTTP:STC:ADOBE:CVE-2020-9698-CE - HTTP: Adobe Acrobat and Reader CVE-2020-9698 Remote Code Execution
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Adobe acrobat_reader_dc 20.009.20074
- Adobe acrobat_dc 15.006.30523
- Adobe acrobat_dc 20.009.20074
- Adobe acrobat_reader_dc 17.011.30171
- Adobe acrobat_reader_dc 15.006.30523
- Adobe acrobat_dc 17.011.30171
- Adobe acrobat_reader_dc 17.012.20093
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30504
- Adobe acrobat_reader_dc 15.006.30434
- Adobe acrobat_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30416
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat_reader_dc 17.011.30078
- Adobe acrobat_reader_dc 17.011.30102
- Adobe acrobat_reader_dc 19.008.20074
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_dc 17.011.30106
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_dc 17.011.30166
- Adobe acrobat_reader_dc 20.006.20042
- Adobe acrobat_reader_dc 15.017.20050
- Adobe acrobat_dc 15.006.30413
- Adobe acrobat_reader_dc 15.006.30418
- Adobe acrobat_reader_dc 17.011.30059
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_dc 15.006.30498
- Adobe acrobat_dc 19.008.20074
- Adobe acrobat_reader_dc 17.011.30106
- Adobe acrobat_dc 17.011.30110
- Adobe acrobat_dc 17.011.30102
- Adobe acrobat_reader_dc 18.011.20038
- Adobe acrobat_dc 19.008.20081
- Adobe acrobat_dc 15.006.30417
- Adobe acrobat_reader_dc 15.010.20059
- Adobe acrobat_dc 18.011.20058
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_reader_dc 18.009.20050
- Adobe acrobat_reader_dc 15.006.30448
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_reader_dc 17.011.30166
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat_dc 15.006.30464
- Adobe acrobat_reader_dc 15.006.30475
- Adobe acrobat_dc 17.011.30059
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 18.009.20044
- Adobe acrobat_dc 15.006.30508
- Adobe acrobat_dc 19.010.20099
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_reader_dc 15.006.30498
- Adobe acrobat_dc 18.011.20038
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat_dc 17.011.30140
- Adobe acrobat_dc 19.010.20100
- Adobe acrobat_reader_dc 15.006.30508
- Adobe acrobat_reader_dc 17.011.30066
- Adobe acrobat_reader_dc 19.012.20036
- Adobe acrobat_dc 18.009.20050
- Adobe acrobat_dc 17.011.30105
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_reader_dc 17.011.30144
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 17.009.20058
- Adobe acrobat_reader_dc 19.010.20099
- Adobe acrobat_reader_dc 19.010.20100
- Adobe acrobat_reader_dc 19.012.20034
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_reader_dc 17.011.30142
- Adobe acrobat_dc 19.012.20034
- Adobe acrobat_reader_dc 17.012.20098
- Adobe acrobat_reader_dc 17.011.30080
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30140
- Adobe acrobat_dc 19.012.20036
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_reader_dc 17.011.30127
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_dc 17.011.30080
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_reader_dc 18.011.20040
- Adobe acrobat_dc 17.011.30127
- Adobe acrobat_dc 17.011.30142
- Adobe acrobat_dc 17.011.30068
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_reader_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30068
- Adobe acrobat_dc 15.006.30482
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_reader_dc 15.006.30355
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_reader_dc 15.006.30464
- Adobe acrobat_dc 17.012.20095
- Adobe acrobat_reader_dc 17.011.30110
- Adobe acrobat_dc 17.011.30099
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30099
- Adobe acrobat_reader_dc 15.006.30482
- Adobe acrobat_reader_dc 15.006.30518
- Adobe acrobat_dc 17.011.30079
- Adobe acrobat_dc 19.008.20071
- Adobe acrobat_dc 15.006.30355
- Adobe acrobat_dc 15.006.30457
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat_reader_dc 15.006.30457
- Adobe acrobat_reader_dc 19.008.20080
- Adobe acrobat_reader_dc 15.006.30497
- Adobe acrobat_dc 15.006.30518
- Adobe acrobat_dc 19.008.20080
- Adobe acrobat_reader_dc 18.011.20063
- Adobe acrobat_dc 15.006.30418
- Adobe acrobat_dc 15.006.30448
- Adobe acrobat_dc 17.011.30066
- Adobe acrobat_reader_dc 19.010.20069
- Adobe acrobat_reader_dc 15.006.30495
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30079
- Adobe acrobat_dc 19.010.20069
- Adobe acrobat_dc 15.006.30493
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_dc 17.012.20096
- Adobe acrobat_reader_dc 15.006.30493
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat_reader_dc 19.008.20081
- Adobe acrobat_reader_dc 15.006.30505
- Adobe acrobat_reader_dc 19.008.20071
- Adobe acrobat_dc 15.006.30495
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat_dc 17.012.20098
- Adobe acrobat_dc 18.011.20063
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 15.006.30475
- Adobe acrobat_reader_dc 17.012.20095
- Adobe acrobat_dc 15.006.30497
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_dc 17.011.30152
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat_reader_dc 17.011.30156
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_reader_dc 17.011.30105
- Adobe acrobat_dc 17.011.30150
- Adobe acrobat_reader_dc 17.011.30150
- Adobe acrobat_dc 17.011.30156
- Adobe acrobat_dc 15.006.30416
- Adobe acrobat_reader_dc 17.011.30113
- Adobe acrobat_dc 18.011.20040
- Adobe acrobat_reader_dc 17.011.30152
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat_dc 19.010.20098
- Adobe acrobat_reader_dc 20.001.30002
- Adobe acrobat_reader_dc 15.006.30461
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat_dc 18.011.20055
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_reader_dc 17.011.30065
- Adobe acrobat_reader_dc 15.006.30417
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_dc 17.011.30113
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 15.006.30504
- Adobe acrobat_dc 17.011.30143
- Adobe acrobat_reader_dc 19.012.20035
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_dc 20.001.30002
- Adobe acrobat_reader_dc 17.011.30143
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat_reader_dc 19.010.20098
- Adobe acrobat_reader_dc 18.011.20055
- Adobe acrobat_dc 20.006.20042
- Adobe acrobat_dc 17.011.30065
- Adobe acrobat_dc 19.012.20035
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 19.021.20058
- Adobe acrobat_reader_dc 17.011.30096
- Adobe acrobat_dc 17.011.30120
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 17.011.30096
- Adobe acrobat_reader_dc 19.021.20047
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_dc 17.011.30070
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_dc 19.021.20047
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat_reader_dc 17.011.30120
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 18.009.20044
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat_dc 19.010.20064
- Adobe acrobat_reader_dc 15.006.30354
- Adobe acrobat_dc 15.006.30352
- Adobe acrobat_reader_dc 19.021.20058
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_reader_dc 19.021.20056
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_reader_dc 17.011.30070
- Adobe acrobat_reader_dc 15.009.20071
- Adobe acrobat_dc 17.011.30155
- Adobe acrobat_reader_dc 15.006.30392
- Adobe acrobat_reader_dc 15.006.30452
- Adobe acrobat_dc 17.011.30078
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat_reader_dc 19.010.20064
- Adobe acrobat_dc 15.006.30394
- Adobe acrobat_dc 15.006.30456
- Adobe acrobat_reader_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_reader_dc 15.006.30394
- Adobe acrobat_reader_dc 17.011.30138
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_dc 15.006.30354
- Adobe acrobat_dc 15.006.30392
- Adobe acrobat_dc 15.006.30434
- Adobe acrobat_dc 19.021.20056
- Adobe acrobat_reader_dc 15.006.30456
- Adobe acrobat_dc 17.012.20093
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_dc 15.006.30452
- Adobe acrobat_dc 17.011.30138
Messaging:YAHOO-TOGETHER - YAHOO-TOGETHER
Description:
Yahoo Together is a group messaging application. Known by its project name Squirrel, it replaces Yahoo web messenger.
Supported On:
mx-11.4, srx-12.1, srx-branch-12.1, vsrx-15.1
HTTP:STC:ADOBE:CVE-2020-9694-CE - HTTP: Adobe Acrobat and Reader CVE-2020-9694 Remote Code Execution
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Adobe acrobat_reader_dc 20.009.20074
- Adobe acrobat_dc 15.006.30523
- Adobe acrobat_dc 20.009.20074
- Adobe acrobat_reader_dc 17.011.30171
- Adobe acrobat_reader_dc 15.006.30523
- Adobe acrobat_dc 17.011.30171
- Adobe acrobat_reader_dc 17.012.20093
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30504
- Adobe acrobat_reader_dc 15.006.30434
- Adobe acrobat_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30416
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat_reader_dc 17.011.30078
- Adobe acrobat_reader_dc 17.011.30102
- Adobe acrobat_reader_dc 19.008.20074
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_dc 17.011.30106
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_dc 17.011.30166
- Adobe acrobat_reader_dc 20.006.20042
- Adobe acrobat_reader_dc 15.017.20050
- Adobe acrobat_dc 15.006.30413
- Adobe acrobat_reader_dc 15.006.30418
- Adobe acrobat_reader_dc 17.011.30059
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_dc 15.006.30498
- Adobe acrobat_dc 19.008.20074
- Adobe acrobat_reader_dc 17.011.30106
- Adobe acrobat_dc 17.011.30110
- Adobe acrobat_dc 17.011.30102
- Adobe acrobat_reader_dc 18.011.20038
- Adobe acrobat_dc 19.008.20081
- Adobe acrobat_dc 15.006.30417
- Adobe acrobat_reader_dc 15.010.20059
- Adobe acrobat_dc 18.011.20058
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_reader_dc 18.009.20050
- Adobe acrobat_reader_dc 15.006.30448
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_reader_dc 17.011.30166
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat_dc 15.006.30464
- Adobe acrobat_reader_dc 15.006.30475
- Adobe acrobat_dc 17.011.30059
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 18.009.20044
- Adobe acrobat_dc 15.006.30508
- Adobe acrobat_dc 19.010.20099
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_reader_dc 15.006.30498
- Adobe acrobat_dc 18.011.20038
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_reader_dc 17.011.30144
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 17.009.20058
- Adobe acrobat_reader_dc 19.010.20099
- Adobe acrobat_reader_dc 19.010.20100
- Adobe acrobat_reader_dc 19.012.20034
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_reader_dc 17.011.30142
- Adobe acrobat_dc 19.012.20034
- Adobe acrobat_reader_dc 17.012.20098
- Adobe acrobat_reader_dc 17.011.30080
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30140
- Adobe acrobat_dc 19.012.20036
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_reader_dc 17.011.30127
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_dc 17.011.30080
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_reader_dc 18.011.20040
- Adobe acrobat_dc 17.011.30127
- Adobe acrobat_dc 17.011.30142
- Adobe acrobat_dc 17.011.30068
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_reader_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30068
- Adobe acrobat_dc 15.006.30482
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_reader_dc 15.006.30355
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_reader_dc 15.006.30464
- Adobe acrobat_dc 17.012.20095
- Adobe acrobat_reader_dc 17.011.30110
- Adobe acrobat_dc 17.011.30099
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30099
- Adobe acrobat_reader_dc 15.006.30482
- Adobe acrobat_reader_dc 15.006.30518
- Adobe acrobat_dc 17.011.30079
- Adobe acrobat_dc 19.008.20071
- Adobe acrobat_dc 15.006.30355
- Adobe acrobat_dc 15.006.30457
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat_reader_dc 15.006.30457
- Adobe acrobat_reader_dc 19.008.20080
- Adobe acrobat_reader_dc 15.006.30497
- Adobe acrobat_dc 15.006.30518
- Adobe acrobat_dc 19.008.20080
- Adobe acrobat_reader_dc 18.011.20063
- Adobe acrobat_dc 15.006.30418
- Adobe acrobat_dc 15.006.30448
- Adobe acrobat_dc 17.011.30066
- Adobe acrobat_reader_dc 19.010.20069
- Adobe acrobat_reader_dc 15.006.30495
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30079
- Adobe acrobat_dc 19.010.20069
- Adobe acrobat_dc 15.006.30493
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_dc 17.012.20096
- Adobe acrobat_reader_dc 15.006.30493
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat_reader_dc 19.008.20081
- Adobe acrobat_reader_dc 15.006.30505
- Adobe acrobat_reader_dc 19.008.20071
- Adobe acrobat_dc 15.006.30495
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat_dc 17.012.20098
- Adobe acrobat_dc 18.011.20063
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 15.006.30475
- Adobe acrobat_reader_dc 17.012.20095
- Adobe acrobat_dc 15.006.30497
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_dc 17.011.30152
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat_reader_dc 17.011.30156
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_reader_dc 17.011.30105
- Adobe acrobat_dc 17.011.30150
- Adobe acrobat_reader_dc 17.011.30150
- Adobe acrobat_dc 17.011.30156
- Adobe acrobat_dc 15.006.30416
- Adobe acrobat_reader_dc 17.011.30113
- Adobe acrobat_dc 18.011.20040
- Adobe acrobat_reader_dc 17.011.30152
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat_dc 19.010.20098
- Adobe acrobat_reader_dc 20.001.30002
- Adobe acrobat_reader_dc 15.006.30461
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat_dc 18.011.20055
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_reader_dc 17.011.30065
- Adobe acrobat_reader_dc 15.006.30417
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_dc 17.011.30113
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 15.006.30504
- Adobe acrobat_dc 17.011.30143
- Adobe acrobat_reader_dc 19.012.20035
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_dc 20.001.30002
- Adobe acrobat_reader_dc 17.011.30143
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat_reader_dc 19.010.20098
- Adobe acrobat_reader_dc 18.011.20055
- Adobe acrobat_dc 20.006.20042
- Adobe acrobat_dc 17.011.30065
- Adobe acrobat_dc 19.012.20035
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 19.021.20058
- Adobe acrobat_reader_dc 17.011.30096
- Adobe acrobat_dc 17.011.30120
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 17.011.30096
- Adobe acrobat_reader_dc 19.021.20047
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_dc 17.011.30070
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_dc 17.011.30140
- Adobe acrobat_dc 19.010.20100
- Adobe acrobat_reader_dc 15.006.30508
- Adobe acrobat_reader_dc 17.011.30066
- Adobe acrobat_reader_dc 19.012.20036
- Adobe acrobat_dc 18.009.20050
- Adobe acrobat_dc 17.011.30105
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_dc 19.021.20047
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat_reader_dc 17.011.30120
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 18.009.20044
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat_dc 19.010.20064
- Adobe acrobat_reader_dc 15.006.30354
- Adobe acrobat_dc 15.006.30352
- Adobe acrobat_reader_dc 19.021.20058
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_reader_dc 19.021.20056
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_reader_dc 17.011.30070
- Adobe acrobat_reader_dc 15.009.20071
- Adobe acrobat_dc 17.011.30155
- Adobe acrobat_reader_dc 15.006.30392
- Adobe acrobat_reader_dc 15.006.30452
- Adobe acrobat_dc 17.011.30078
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat_reader_dc 19.010.20064
- Adobe acrobat_dc 15.006.30394
- Adobe acrobat_dc 15.006.30456
- Adobe acrobat_reader_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_reader_dc 15.006.30394
- Adobe acrobat_reader_dc 17.011.30138
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_dc 15.006.30354
- Adobe acrobat_dc 15.006.30392
- Adobe acrobat_dc 15.006.30434
- Adobe acrobat_dc 19.021.20056
- Adobe acrobat_reader_dc 15.006.30456
- Adobe acrobat_dc 17.012.20093
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_dc 15.006.30452
- Adobe acrobat_dc 17.011.30138
HTTP:STC:ADOBE:CVE-2020-9693-CE - HTTP: Adobe Acorabat Reader CVE-2020-9693 Remote Code Execution
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Adobe acrobat_reader_dc 20.009.20074
- Adobe acrobat_dc 15.006.30523
- Adobe acrobat_dc 20.009.20074
- Adobe acrobat_reader_dc 17.011.30171
- Adobe acrobat_reader_dc 15.006.30523
- Adobe acrobat_dc 17.011.30171
- Adobe acrobat_reader_dc 17.012.20093
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30504
- Adobe acrobat_reader_dc 15.006.30434
- Adobe acrobat_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30416
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat_reader_dc 17.011.30078
- Adobe acrobat_reader_dc 17.011.30102
- Adobe acrobat_reader_dc 19.008.20074
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_dc 17.011.30106
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_dc 17.011.30166
- Adobe acrobat_reader_dc 20.006.20042
- Adobe acrobat_reader_dc 15.017.20050
- Adobe acrobat_dc 15.006.30413
- Adobe acrobat_reader_dc 15.006.30418
- Adobe acrobat_reader_dc 17.011.30059
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_dc 15.006.30498
- Adobe acrobat_dc 19.008.20074
- Adobe acrobat_reader_dc 17.011.30106
- Adobe acrobat_dc 17.011.30110
- Adobe acrobat_dc 17.011.30102
- Adobe acrobat_reader_dc 18.011.20038
- Adobe acrobat_dc 19.008.20081
- Adobe acrobat_dc 15.006.30417
- Adobe acrobat_reader_dc 15.010.20059
- Adobe acrobat_dc 18.011.20058
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_reader_dc 18.009.20050
- Adobe acrobat_reader_dc 15.006.30448
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_reader_dc 17.011.30166
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat_dc 15.006.30464
- Adobe acrobat_reader_dc 15.006.30475
- Adobe acrobat_dc 17.011.30059
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 18.009.20044
- Adobe acrobat_dc 15.006.30508
- Adobe acrobat_dc 19.010.20099
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_reader_dc 15.006.30498
- Adobe acrobat_dc 18.011.20038
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat_dc 17.011.30140
- Adobe acrobat_dc 19.010.20100
- Adobe acrobat_reader_dc 15.006.30508
- Adobe acrobat_reader_dc 17.011.30066
- Adobe acrobat_reader_dc 19.012.20036
- Adobe acrobat_dc 18.009.20050
- Adobe acrobat_dc 17.011.30105
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_reader_dc 17.011.30144
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 17.009.20058
- Adobe acrobat_reader_dc 19.010.20099
- Adobe acrobat_reader_dc 19.010.20100
- Adobe acrobat_reader_dc 19.012.20034
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_reader_dc 17.011.30142
- Adobe acrobat_dc 19.012.20034
- Adobe acrobat_reader_dc 17.012.20098
- Adobe acrobat_reader_dc 17.011.30080
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30140
- Adobe acrobat_dc 19.012.20036
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_reader_dc 17.011.30127
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_dc 17.011.30080
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_reader_dc 18.011.20040
- Adobe acrobat_dc 17.011.30127
- Adobe acrobat_dc 17.011.30142
- Adobe acrobat_dc 17.011.30068
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_reader_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30068
- Adobe acrobat_dc 15.006.30482
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_reader_dc 15.006.30355
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_reader_dc 15.006.30464
- Adobe acrobat_dc 17.012.20095
- Adobe acrobat_reader_dc 17.011.30110
- Adobe acrobat_dc 17.011.30099
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30099
- Adobe acrobat_reader_dc 15.006.30482
- Adobe acrobat_reader_dc 15.006.30518
- Adobe acrobat_dc 17.011.30079
- Adobe acrobat_dc 19.008.20071
- Adobe acrobat_dc 15.006.30355
- Adobe acrobat_dc 15.006.30457
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat_reader_dc 15.006.30457
- Adobe acrobat_reader_dc 19.008.20080
- Adobe acrobat_reader_dc 15.006.30497
- Adobe acrobat_dc 15.006.30518
- Adobe acrobat_dc 19.008.20080
- Adobe acrobat_reader_dc 18.011.20063
- Adobe acrobat_dc 15.006.30418
- Adobe acrobat_dc 15.006.30448
- Adobe acrobat_dc 17.011.30066
- Adobe acrobat_reader_dc 19.010.20069
- Adobe acrobat_reader_dc 15.006.30495
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30079
- Adobe acrobat_dc 19.010.20069
- Adobe acrobat_dc 15.006.30493
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_dc 17.012.20096
- Adobe acrobat_reader_dc 15.006.30493
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat_reader_dc 19.008.20081
- Adobe acrobat_reader_dc 15.006.30505
- Adobe acrobat_reader_dc 19.008.20071
- Adobe acrobat_dc 15.006.30495
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat_dc 17.012.20098
- Adobe acrobat_dc 18.011.20063
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 15.006.30475
- Adobe acrobat_reader_dc 17.012.20095
- Adobe acrobat_dc 15.006.30497
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_dc 17.011.30152
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat_reader_dc 17.011.30156
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_reader_dc 17.011.30105
- Adobe acrobat_dc 17.011.30150
- Adobe acrobat_reader_dc 17.011.30150
- Adobe acrobat_dc 17.011.30156
- Adobe acrobat_dc 15.006.30416
- Adobe acrobat_reader_dc 17.011.30113
- Adobe acrobat_dc 18.011.20040
- Adobe acrobat_reader_dc 17.011.30152
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat_dc 19.010.20098
- Adobe acrobat_reader_dc 20.001.30002
- Adobe acrobat_reader_dc 15.006.30461
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat_dc 18.011.20055
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_reader_dc 17.011.30065
- Adobe acrobat_reader_dc 15.006.30417
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_dc 17.011.30113
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 15.006.30504
- Adobe acrobat_dc 17.011.30143
- Adobe acrobat_reader_dc 19.012.20035
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_dc 20.001.30002
- Adobe acrobat_reader_dc 17.011.30143
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat_reader_dc 19.010.20098
- Adobe acrobat_reader_dc 18.011.20055
- Adobe acrobat_dc 20.006.20042
- Adobe acrobat_dc 17.011.30065
- Adobe acrobat_dc 19.012.20035
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 19.021.20058
- Adobe acrobat_reader_dc 17.011.30096
- Adobe acrobat_dc 17.011.30120
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 17.011.30096
- Adobe acrobat_reader_dc 19.021.20047
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_dc 17.011.30070
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_dc 19.021.20047
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat_reader_dc 17.011.30120
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 18.009.20044
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat_dc 19.010.20064
- Adobe acrobat_reader_dc 15.006.30354
- Adobe acrobat_dc 15.006.30352
- Adobe acrobat_reader_dc 19.021.20058
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_reader_dc 19.021.20056
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_reader_dc 17.011.30070
- Adobe acrobat_reader_dc 15.009.20071
- Adobe acrobat_dc 17.011.30155
- Adobe acrobat_reader_dc 15.006.30392
- Adobe acrobat_reader_dc 15.006.30452
- Adobe acrobat_dc 17.011.30078
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat_reader_dc 19.010.20064
- Adobe acrobat_dc 15.006.30394
- Adobe acrobat_dc 15.006.30456
- Adobe acrobat_reader_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_reader_dc 15.006.30394
- Adobe acrobat_reader_dc 17.011.30138
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_dc 15.006.30354
- Adobe acrobat_dc 15.006.30392
- Adobe acrobat_dc 15.006.30434
- Adobe acrobat_dc 19.021.20056
- Adobe acrobat_reader_dc 15.006.30456
- Adobe acrobat_dc 17.012.20093
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_dc 15.006.30452
- Adobe acrobat_dc 17.011.30138
HTTP:HPE-CVE-2019-11941-EL - HTTP: HPE Intelligent Management Center CVE-2019-11941 Expression Language Injection
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against HPE Intelligent Management Center. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2019-11941
Affected Products:
- Hp intelligent_management_center 7.2
- Hp intelligent_management_center 5.1
- Hp intelligent_management_center 7.0
- Hp intelligent_management_center 5.0
- Hp intelligent_management_center 7.3
- Hp intelligent_management_center 5.2
HTTP:CTS:HPE-IMC-EXPINJ - HTTP: HPE IMC devGroupSelect Expression Language Injection
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against HPE Intelligent Management Center. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
HTTP:STC:DL:CVE-2020-1152-PE - HTTP: Microsoft Windows Win32k Kernel Driver CVE-2020-1152 Privilege Escalation
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Win32k Kernel Driver. A successful attack can lead to elevation of privilege and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2020-1152
Affected Products:
- Microsoft windows_10 1607
- Microsoft windows_server_2016 1903
- Microsoft windows_rt_8.1 -
- Microsoft windows_10 1803
- Microsoft windows_10 1909
- Microsoft windows_10 1809
- Microsoft windows_server_2019 -
- Microsoft windows_server_2016 1909
- Microsoft windows_10 1903
- Microsoft windows_8.1 -
- Microsoft windows_server_2016 2004
- Microsoft windows_server_2012 -
- Microsoft windows_10 1709
- Microsoft windows_10 -
- Microsoft windows_server_2016 -
- Microsoft windows_10 2004
- Microsoft windows_server_2012 r2
HTTP:MAL-REDIRECT-VUL-118 - HTTP: MAL-REDIRECT Infection-118
Severity: MEDIUM
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
srx-17.3, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, vsrx-19.4, vsrx-15.1, srx-12.1
HTTP:STC:DL:CVE-2020-1308-PE - HTTP: Microsoft Windows DirectX Kernel Driver CVE-2020-1308 Privilege Escalation
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Windows DirectX Kernel Driver. A successful attack can lead to elevation of privilege and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2020-1308
HTTP:CTS:INTEL-AMT-CVE2020-8758 - HTTP: Intel AMT and ISM CVE-2020-8758 Privilege Escalation
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against Intel Active Management Technology and Intel Standard Manageability. A successful attack can lead to elevation of privilege and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2020-8758
Affected Products:
- Intel active_management_technology 12.0.5
- Intel active_management_technology 11.22.77
- Intel active_management_technology 12.0.64
- Intel active_management_technology 12.0
- Intel active_management_technology 14.0
- Intel active_management_technology 11.8.76
- Intel active_management_technology 12.0.63
- Intel active_management_technology 14.0.33
- Netapp steelstore_cloud_integrated_storage -
- Intel active_management_technology 11.22.76
- Intel active_management_technology 11.8.77
- Intel active_management_technology 14.0.32
HTTP:SUSP-HDR-REDRCT-VUL-119 - HTTP: SUSP-HDR-REDRCT Infection-119
Severity: MEDIUM
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
srx-17.3, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, vsrx-19.4, vsrx-15.1, srx-12.1
HTTP:HPE-IMC-EXP-INJ - HTTP: HPE-Intelligent Management Center Remote Code Execution
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against HPE Intelligent Management Center. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2019-5387
- cve: CVE-2019-11943
- cve: CVE-2019-5374
- cve: CVE-2017-12526
- cve: CVE-2019-5385
- url: http://www.zerodayinitiative.com/advisories/zdi-19-335/
- url: https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03930en_us
- cve: CVE-2019-5386
- cve: CVE-2019-5370
- url: https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03930en_us&doclocale=en_u
- url: http://www.zerodayinitiative.com/advisories/zdi-20-149/
- cve: CVE-2019-11941
- cve: CVE-2019-5373
Affected Products:
- Hp intelligent_management_center 7.2
- Hp intelligent_management_center 5.1
- Hp intelligent_management_center 7.0
- Hp intelligent_management_center 5.0
- Hp intelligent_management_center 7.3
- Hp intelligent_management_center 5.2
HTTP:MISC:HPE-IMC-ELINJ - HTTP: HPE Intelligent Management Center SoapConfigBean Expression Language Injection
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against HPE Intelligent Management Center. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- url: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us
- cve: CVE-2019-11943
Affected Products:
- Hp intelligent_management_center 7.2
- Hp intelligent_management_center 5.1
- Hp intelligent_management_center 7.0
- Hp intelligent_management_center 5.0
- Hp intelligent_management_center 7.3
- Hp intelligent_management_center 5.2
HTTP:SCRIPT-INJ-VUL-117 - HTTP: SCRIPT-INJ Infection-117
Severity: MEDIUM
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
srx-17.3, vsrx-17.4, srx-17.4, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, vsrx-19.2, srx-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, vsrx-19.4, vsrx-15.1, srx-12.1
HTTP:HPE-IMCP-URL-RCE - HTTP: HPE Intelligent Management Center PlatNavigationToBean URL Expression Language Injection
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against HPE Intelligent Management Center. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2019-5387
- url: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03930en_us
Affected Products:
- Hp intelligent_management_center 7.2
- Hp intelligent_management_center 5.1
- Hp intelligent_management_center 7.0
- Hp intelligent_management_center 5.0
- Hp intelligent_management_center 7.3
- Hp intelligent_management_center 5.2