Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

What are the different RepFeed exploit categories?

    • Updated:
    • 12 Sep 2017
    • Product/Version:
    • TippingPoint SMS All
    • TippingPoint Virtual SMS
    • Platform:
Summary
This article explains the meaning of the different exploit category names present in the Reputation Feed (RepFeed) component of the Threat Digital Vaccine (ThreatDV).
Details
Public
ExploitExplanation
Blended ThreatIP Address or DNS Name known to attack using several different attack vectors. An example of hosts which fall into this category could be a host which is infected with slammer, and is also hosting Malware.
BotnetIP Address or DNS Name known to participate as a Botnet Command and Control device. Many newer botnets communicate with nodes in a Peer to Peer fashion. In such cases the RepFeed may contain the individual nodes in the botnet.
MalwareIP Address or DNS Name known to be a distribution point for malware on the internet. Websites hosting malicious software are the most common hosts in this category.
MiscellaneousIP Address or DNS Name does not fit into any category but are known to be malicious.
Misuse and AbuseIP Address or DNS Name known to misuse resources. Hosts using click fraud, or sites misrepresenting themselves might fall into this category.
MobileIP Address or DNS Name known to host malicious/suspicious mobile applications or participate in CnC-related communication with infected mobile devices.
Network WormIP Address or DNS Name known to be infected with a network worm. Hosts infected with SQL Slammer/code red fall into this category
P2PIP Address known to be a central node for a Peer 2 Peer protocol.
PhishingIP Address or DNS Name known to have executed multiple Phishing attacks.
SpamIP Address or DNS Name known to be sending very large amounts of verified Spam traffic. This entry only contains devices sending very large amounts of spam.
SpywareIP Address or DNS Name known to be hosting significant amounts of Spyware. Spyware such as "Hotbar" and "wildtangent" fall into this category
TOR ExitIP Address or DNS Name known to be a node in an anonymous network, a gateway where encrypted Tor traffic communicates with the Internet. This tag consists of both published and unpublished Tor nodes.
Web Application Attackers IP Address or DNS Name known to attack using attacks against vulnerabilities in web application vulnerabilities. Attackers using SQL Injection, PHP File Include, and Cross Site Scripting all fall into these categories.
WormThese entries are known to be actively distribution self-replicating code, otherwise known as a network worm.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000089440
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.