Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Common Command & Control Inbound Detection in Apex One

    • Updated:
    • 16 May 2021
    • Product/Version:
    • Apex One All
    • Platform:
Summary

Adversaries are constantly performing mass-scan of the internet in search of vulnerable public-facing servers and IoT devices. Once they have found a list of vulnerable targets, they will now proceed in using the common exploits below to attempt gaining initial unauthorized access. It is typical on public-facing devices to encounter malicious inbound connections from external IP addresses. Below are the most common vulnerabilities and exploits that are being abused. These are only inbound connection attempts from the adversaries and don't necessarily mean that your environment is vulnerable and/or compromised.

Details
Public

The table below describes the most common C&C Inbound Detections of Apex One:

DetectionDescription
HTTP_HNAP1_RCE_EXPLOIT_NC_HNAP (Home Network Administration Protocol) is a network device management protocol for managing, configuring and identifying network devices. This is a proprietary network protocol invented by Pure Networks, Inc. and acquired by Cisco Systems. This is very common on home routers. Additional and detailed information regarding the vulnerabilities related to HNAP can be found here. Make sure to apply the latest security patch provided by your third-party vendor to fix these vulnerabilities.
CVE-2018-10562-HTTP_GPON_RCE_REQUEST_NC_This is a common remote code execution vulnerability on Dasan GPON home router Additional and detailed information regarding the vulnerabilities related to Dasan GPON can be found here. Make sure to apply the latest security patch provided by your third-party vendor to fix these vulnerabilities.
HTTP_JAWS_RCE_EXPLOIT_NC_This is a common remote code execution exploit on JAWS web application. Additional and detailed information regarding the vulnerabilities related to JAWS web application can be found here. Make sure to apply the latest security patch provided by your third-party vendor to fix these vulnerabilities.
Premium
Internal
Partner
Rating:
Category:
Remove a Malware / Virus
Solution Id:
000286494
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.