An up-to-date user guide is bundled with every appliance. The guide can be accessed via the question mark icon in the upper right corner of the web interface.
Quick Start Guide
The document contains a step-by-step guide describing the deployment of Kemp Flowmon ADS.
Detection methods and 3rd party flow data
The document describes which detection methods can work using high-quality flow data and which require Flowmon Probes.
BPATTERNS Description
A set of description documents for 39 BPATTERNS available in Flowmon ADS.
Individual documents:
BlackOasis is delivered through a Microsoft Office document and the final payload is the latest version of FinSpy malware.
Mining malware infects victims computer and borrows its CPU and graphics card resources - without informing the user - to mine cryptocurrency.
Website borrows its visitor's CPU and graphics card resources - without informing the user - to mine cryptocurrency.
Victims of interest are infected with malware to steal credentials to cryptocurrency wallets and exchanges.
DNSMessenger, Hancitor and Necurs Botnets use the same attacking method - DDE exploit.
DNSChanger malware typically changes DNS server settings on infected computers, allowing attackers to route internet traffic through malicious servers and intercept sensitive information.
Malicious campaign targeting Mexico, designated to steal different financial information, but can be easily deployed in any part of the world.
Internet users can access Tor Onion Services without using Tor Browser.
This botnet was used to inject ads and cryptocurrency mining code into websites the victim would visit and also to abuse legitimate session replay libraries to violate the user's privacy.
Malicious Edge or Chrome extension that is spread through spam emails and can hijack the infected system.
Threats that are spreading through email campaigns and mostly involve malicious Microsoft Word document with macro, which is capable of executing PowerShell scripts leading to a backdoor payload.
EternalRocks is a ransomware trojan and worm on Microsoft Windows.
New ransomware as a service (RaaS) product named Fatboy.
A new zero-day Flash Player exploit has reportedly been spotted in the wild by North Korean hackers.
This virus is designed to steal data, but can also download and run files from the command server and run commands via ShellExecute.
Gazer uses advanced methods to spy on its intended targets, remain persistent on infected devices, attempts to steal information for a long period of time.
Fileless attack targeting organizations involved with the Pyeongchang Olympics.
Malicious version of CCleaner contains a multi-stage malware payload that steals data from infected computers and sends it to attacker's remote command-and-control servers.
Malware programs stealing information from different types of industries, usually to gather information about competitors or as a preparation to other types of attack.
Malware targeting IoT and routers - can infect DNS settings and can turn victims into a proxy and use them for other attacks.
Malicious campaign that infects WordPress websites with a malicious script.
Leviathan is targeting organizations and high-value targets in defense and government. It uses email attachments and URLs. FinSpy uses Microsoft Word documents with code injection.
Locky is a notorious ransomware, spreads through spam mail. Fakeglobe ransomware appends the .crypt extension to files.
Monetizer - Adware program which randomly opens browser popups while browsing internet.
Panda is primarily focused on financial services, but is expanding on cryptocurrency and social media sites. Has different C&Cs for each campaign.
Pegasus is Android and iPhone spyware program developed by NSO Group, known for selling their tools to intelligence agencies around the world.
Detects Petya or Bad Rabbit ransomware communication from compromised hosts in network.
Princess Evolution is used as a ransomware as a service. It encrypts files on computers and can also earn profit through cryptocurrency mining.
Detects financial malware which targets businesses in order to control their online banking accounts. This malware is able to replicate itself through shared drives.
Trojanized version of the REMCOS remote access tool (RAT) from the (C&C) server.
Fake Flash and Chrome updates that lead to Ramnit trojan.
This pattern detects various types of ransomware.
Banking trojan Retefe targets banks in Switzerland.
New security vulnerability affecting Microsoft's Domain Name System (DNS) implementation of Windows Server versions from 2003 to 2019. Exploitation of this vulnerability may lead to the crash of the vulnerable DNS server or arbitrary code execution.
Cyberspionage campaigns targeting public sector agencies, telecommunications and other high-technology industries.
SyncCrypt is being distributed by spam attachments containing WSF files. When installed these attachments will encrypt computer and append the .kk extension to encrypted files.
Malware programs, that are using TOR network to client-server communication.
Torii is an IoT botnet developed for multiple CPU architectures. Its communication with C&C is encrypted and it is capable of exfiltration and command execution.
Banking Trojan URSNIF is spread through spam campaign targeting North American Taxpayers. It can inject its malicious payload into the victim's browser and harvests users usernames, passwords and credit card information.
