CTEP/IPS Threat Content Update Release Notes 100.0.0.283
Refer to the following summary of signatures deployed on 17th January, 2023 with the IPS content release:
Total signatures: 20312
Signatures added : 164
Signatures modified: 04
Signatures removed: 04
Signatures Added
SID | Description | Reference |
|---|---|---|
150188 | MALWARE-CNC github.Bloodhound.Download traffic detected | No Reference |
150189 | MALWARE-CNC github.Winpeas.Download traffic detected | No Reference |
150190 | MALWARE-CNC Shellsting.Beacon traffic detected | No Reference |
150191 | MALWARE-CNC Shellsting.Beacon traffic detected | No Reference |
150192 | MALWARE-CNC Shellsting.Payload traffic detected | No Reference |
150282 | MALWARE-CNC Command and Control - HIDDENVALUE C2 Beacon Variant2 detected | No Reference |
150284 | MALWARE-CNC Command and Control - HALFSHELL C2 Beacon detected | No Reference |
150285 | MALWARE-CNC Command and Control - APT30 BACKSPACE C2 Communication Variant3 Detected | No Reference |
150286 | MALWARE-CNC Command and Control - LOKIBOT C2 Communication Variant3 detected | No Reference |
150287 | MALWARE-CNC Command and Control - MAZE C2 Beacon Variant2 detected | No Reference |
150288 | MALWARE-CNC Command and Control - CRYPTOWALL Beacon detected | No Reference |
150503 | MALWARE-CNC Redisland.C2 traffic detected | No Reference |
150509 | MALWARE-CNC Armageddon.Weirdbird.Exfiltration detected | No Reference |
150510 | MALWARE-CNC Chepro.C2.Beacon traffic detected | No Reference |
150511 | MALWARE-CNC APT29.Get.Request traffic detected | No Reference |
150512 | MALWARE-CNC Lockload.C2 traffic detected | No Reference |
150513 | MALWARE-CNC Lockload.C2 traffic detected | No Reference |
150514 | MALWARE-CNC Lockload.C2 traffic detected | No Reference |
150515 | MALWARE-CNC Lockload.C2 traffic detected | No Reference |
150516 | MALWARE-CNC Lockload.C2 traffic detected | No Reference |
150517 | MALWARE-CNC Matanbuchus.C2 traffic detected | No Reference |
150518 | MALWARE-CNC Matanbuchus.Exfiltration.C2 traffic detected | No Reference |
150519 | MALWARE-CNC UNC3443.Emotet.Download traffic detected | No Reference |
150520 | MALWARE-CNC UNC3443.Emotet.Download traffic detected | No Reference |
150521 | MALWARE-CNC UNC3443.Emotet.Download traffic detected | No Reference |
150522 | MALWARE-CNC UNC3443.Emotet.Download traffic detected | No Reference |
150523 | MALWARE-CNC UNC3443.Emotet.Beacon traffic detected | No Reference |
150524 | MALWARE-CNC UNC3443.Emotet.Beacon traffic detected | No Reference |
150525 | MALWARE-CNC curl.privesc.download traffic detected | No Reference |
150526 | MALWARE-CNC Koadic.C2 traffic detected | No Reference |
150527 | MALWARE-CNC Evora.C2 traffic detected | No Reference |
150528 | MALWARE-CNC Armageddon.Playdate.C2.Beacon detected | No Reference |
150529 | MALWARE-CNC Doublepipe.C2 traffic detected | No Reference |
150530 | MALWARE-CNC Pearldown.C2.Get detected | No Reference |
150531 | MALWARE-CNC Pearldown.C2.Get detected | No Reference |
150532 | MALWARE-CNC UNC3840.Fruitbird.C2.Beacon detected | No Reference |
150533 | MALWARE-CNC Kwampires.C2 detected | No Reference |
150534 | MALWARE-CNC UNC3443.Emotet.C2 detected | No Reference |
150535 | MALWARE-CNC UNC3443.Emotet.C2 detected | No Reference |
150546 | MALWARE-CNC Sevenminus.Initial.Checkin variant detected | No Reference |
150547 | MALWARE-CNC Armedcloud.C2 traffic detected | No Reference |
150548 | MALWARE-CNC Psixbot.DoH.Tunneling traffic detected | No Reference |
150549 | MALWARE-CNC Trevor.Generic.C2 instruction retrieval traffic detected | No Reference |
150551 | MALWARE-CNC Servu.C2 traffic detected | No Reference |
150552 | MALWARE-CNC PutterPanda.HTTPBeacon C2 traffic detected | No Reference |
150553 | MALWARE-CNC Valefor.C2 beacon traffic detected | No Reference |
150554 | MALWARE-CNC Infostealer.Discord.C2 traffic detected | No Reference |
150555 | MALWARE-CNC Questdown.Exfiltration.C2 traffic detected | No Reference |
150556 | MALWARE-CNC Questdown.Exfiltration.C2 traffic detected | No Reference |
150557 | MALWARE-CNC Questdown.Exfiltration.C2 traffic detected | No Reference |
150558 | MALWARE-CNC UNC4027.C2.Beacon traffic detected | No Reference |
150559 | MALWARE-CNC HAVANACRYPT.Data.Exfilteration traffic detected | No Reference |
150560 | MALWARE-CNC UNC3443.Emotet.Dropper.Beacon traffic detected | No Reference |
150561 | MALWARE-CNC URSNIF.C2.Communication varient traffic detected | No Reference |
150562 | MALWARE-CNC URSNIF.C2.traffic detected | No Reference |
150563 | MALWARE-CNC FIN8.Rumpunch.Check-in traffic detected | No Reference |
150564 | MALWARE-CNC FIN8.Rumpunch.Check-in traffic detected | No Reference |
150565 | MALWARE-CNC TurlaTeam.CRUTCHv3.DropboxUploadCall traffic detected | No Reference |
150566 | MALWARE-CNC TurlaTeam.CRUTCHv3.DropboxListFolder traffic detected | No Reference |
150567 | MALWARE-CNC TurlaTeam.CRUTCHv3.DropboxDownload traffic detected | No Reference |
150568 | MALWARE-CNC TurlaTeam.CRUTCHv3.DropboxDeletev2 traffic detected | No Reference |
150569 | MALWARE-CNC APT37.Slowdrift.Login traffic detected | No Reference |
150570 | MALWARE-CNC Subtlelime.Beacon traffic detected | No Reference |
160001 | FILE-PDF Adobe Acrobat out of bounds write attempt | CVE-2023-21606 |
160002 | FILE-PDF Adobe Acrobat out of bounds read attempt | CVE-2023-21613 |
160003 | FILE-PDF Adobe Acrobat out of bounds read attempt | CVE-2023-21614 |
160101 | FILE-PDF Adobe Acrobat integer overflow attempt | CVE-2023-21604 |
160102 | FILE-PDF Adobe Acrobat NULL Pointer Dereference attempt | CVE-2023-21586 |
160103 | FILE-PDF FILE-PDF Adobe Acrobat Out-of-bounds Read attempt | CVE-2023-21585 |
160104 | FILE-PDF Adobe Acrobat Heap-based Buffer Overflow attempt | CVE-2023-21605 |
160105 | FILE-PDF Adobe Acrobat Improper Input Validation attempt | CVE-2023-21607 |
60459 | MALWARE-CNC Win.Malware.VSingle variant outbound connection | www.virustotal.com/gui/file/586f30907c3849c363145bfdcdabe3e2e4688cbd5688ff968e984b201b474730 |
60460 | MALWARE-CNC Win.Malware.VSingle variant outbound connection | www.virustotal.com/gui/file/586f30907c3849c363145bfdcdabe3e2e4688cbd5688ff968e984b201b474730 |
60461 | MALWARE-CNC Win.Malware.VSingle variant outbound connection | www.virustotal.com/gui/file/586f30907c3849c363145bfdcdabe3e2e4688cbd5688ff968e984b201b474730 |
60462 | MALWARE-CNC Win.Backdoor.YamaBot variant outbound connection | www.virustotal.com/gui/file/f226086b5959eb96bd30dec0ffcbf0f09186cd11721507f416f1c39901addafb |
60463 | MALWARE-CNC Win.Backdoor.TigerRAT variant outbound connection | www.virustotal.com/gui/file/bffe910904efd1f69544daa9b72f2a70fb29f73c51070bde4ea563de862ce4b1 |
60464 | MALWARE-CNC Win.Backdoor.TigerRAT variant outbound connection | www.virustotal.com/gui/file/1f8dcfaebbcd7e71c2872e0ba2fc6db81d651cf654a21d33c78eae6662e62392 |
60465 | MALWARE-CNC Win.Backdoor.MagicRAT variant outbound connection | www.virustotal.com/gui/file/90fb0cd574155fd8667d20f97ac464eca67bdb6a8ee64184159362d45d79b6a4 |
60466 | MALWARE-CNC Win.Backdoor.MagicRAT variant outbound connection | www.virustotal.com/gui/file/8ce219552e235dcaf1c694be122d6339ed4ff8df70bf358cd165e6eb487ccfc5 |
60468 | BROWSER-CHROME Google Chrome V8 engine IterateElements out-of-bounds read attempt | CVE-2016-1646 |
60469 | MALWARE-OTHER Php.Webshell.CmdShell upload attempt | |
60470 | MALWARE-OTHER Php.Webshell.CmdShell download attempt | |
60471 | MALWARE-OTHER Php.Webshell.CmdShell outbound connection attempt | |
60479 | OS-WINDOWS Microsoft Windows Runtime remote code execution attempt | CVE-2022-21971 |
60483 | BROWSER-CHROME Google Chrome V8 JSON.stringify remote code execution attempt | CVE-2021-38003 |
60489 | MALWARE-OTHER PacketWhisper decloakify.py download attempt | No Reference |
60491 | MALWARE-OTHER PacketWhisper cloakify.py download attempt | No Reference |
60493 | MALWARE-OTHER PacketWhisper download attempt | No Reference |
60494 | MALWARE-OTHER Php.Webshell.Exoshell upload attempt | |
60495 | MALWARE-OTHER Php.Webshell.Exoshell download attempt | |
60496 | MALWARE-CNC Php.Webshell.Exoshell inbound connection attempt | |
60497 | MALWARE-CNC Php.Webshell.Exoshell inbound connection attempt | |
60498 | MALWARE-CNC Php.Webshell.Exoshell outbound connection attempt | |
60503 | SERVER-WEBAPP Dojo Toolkit JavaScript prototype pollution attempt | CVE-2021-23450 |
60505 | OS-LINUX Sudo heap-based buffer overflow attempt | CVE-2021-3156 |
60506 | MALWARE-OTHER Php.Webshell.FTPSearch outbound connection attempt | |
60507 | MALWARE-CNC Win.Trojan.Matanbuchus payload download attempt | www.virustotal.com/gui/file/af356a39a298f6a48f8091afc2f2fc0639338b11813f4f4bd05aba4e65d2bbe3 |
60512 | MALWARE-OTHER Win.Trojan.Matanbuchus variant Cobalt Strike inbound connection | isc.sans.edu/diary/malspam+pushes+matanbuchus+malware%2c+leads+to+cobalt+strike/28752 |
60513 | MALWARE-OTHER Win.Trojan.Matanbuchus variant Cobalt Strike inbound connection | isc.sans.edu/diary/malspam+pushes+matanbuchus+malware%2c+leads+to+cobalt+strike/28752 |
60514 | MALWARE-CNC Unix.Backdoor.KeyPlug variant outbound connection | |
60515 | MALWARE-CNC Unix.Backdoor.KeyPlug variant outbound connection | |
60516 | MALWARE-CNC Win.Trojan.IcedID download attempt | No Reference |
60517 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/ |
60518 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/ |
60519 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/ |
60520 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/ |
60521 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/be79d470c081975528c0736a0aa10214e10e182c8948bc4526138846512f19e7/analysis/ |
60522 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/a9916af0476243e6e0dbef9c45b955959772c4d18b7d1df583623e06414e53b7/analysis/ |
60523 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/8294815c2342ff11739aff5a55c993f5dd23c6c7caff2ee770e69e88a7c4cb6a/analysis/ |
60524 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/78c6b489ac6cebf846aab3687bbe64801fdf924f36f312802c6bb815ed6400ba/analysis/ |
60525 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/78c6b489ac6cebf846aab3687bbe64801fdf924f36f312802c6bb815ed6400ba/analysis/ |
60526 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/581ed090237b314a9f5cd65076cd876c229e1d51328a24effd9c8d812eaebe6a/analysis/ |
60527 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/5264e8a8571fe0ef689933b8bc2ebe46b985c9263b24ea34e306d54358380cbb/analysis/ |
60528 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/34bf1a232870df28809597d49a70d9b549d776e1e4beb3308ff6d169a59ecd02/analysis/ |
60529 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/1cb2d299508739ae85d655efd6470c7402327d799eb4b69974e2efdb9226e447/analysis/ |
60530 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/ |
60531 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/be79d470c081975528c0736a0aa10214e10e182c8948bc4526138846512f19e7/analysis/ |
60532 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/a9916af0476243e6e0dbef9c45b955959772c4d18b7d1df583623e06414e53b7/analysis/ |
60533 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/8294815c2342ff11739aff5a55c993f5dd23c6c7caff2ee770e69e88a7c4cb6a/analysis/ |
60534 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/78c6b489ac6cebf846aab3687bbe64801fdf924f36f312802c6bb815ed6400ba/analysis/ |
60535 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/581ed090237b314a9f5cd65076cd876c229e1d51328a24effd9c8d812eaebe6a/analysis/ |
60536 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/5264e8a8571fe0ef689933b8bc2ebe46b985c9263b24ea34e306d54358380cbb/analysis/ |
60537 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/34bf1a232870df28809597d49a70d9b549d776e1e4beb3308ff6d169a59ecd02/analysis/ |
60538 | MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/1cb2d299508739ae85d655efd6470c7402327d799eb4b69974e2efdb9226e447/analysis/ |
60539 | MALWARE-CNC Doc.Dropper.Gamaredon malicious download attempt | virustotal.com/en/file/4aa2c783ae3d2d58f12d5e89282069533a80a7ba6f7fe6c548c6230a9601e650/analysis/ |
60558 | OS-WINDOWS Windows Common Log File System driver escalation of privileges attempt | CVE-2022-35803 |
60569 | SERVER-WEBAPP QNAP Photo Station combine.php remote code execution attempt | CVE-2022-27593 |
60570 | MALWARE-TOOLS Win.Trojan.Amadey malware tools download attempt | www.virustotal.com/gui/file/02989f6664dd6098efe0d9717187cd57fd2ab9d7c1fc9fd8d49817aa81d80caa |
60571 | MALWARE-TOOLS Win.Trojan.Amadey malware tools download attempt | www.virustotal.com/gui/file/02989f6664dd6098efe0d9717187cd57fd2ab9d7c1fc9fd8d49817aa81d80caa |
60572 | MALWARE-TOOLS Win.Trojan.Amadey malware tools download attempt | www.virustotal.com/gui/file/02989f6664dd6098efe0d9717187cd57fd2ab9d7c1fc9fd8d49817aa81d80caa |
60575 | OS-OTHER Apple OS X rootpipe privilege escalation attempt | CVE-2015-1130 |
60577 | OS-MOBILE GingerBreak escalation of privilege attempt | CVE-2011-1823 |
60579 | BROWSER-CHROME Google Chromium security bypass attempt | CVE-2021-30533 |
60582 | MALWARE-OTHER Perl.Webshell.GammaShell upload attempt | |
60583 | MALWARE-OTHER Perl.Webshell.GammaShell download attempt | |
60584 | MALWARE-CNC Perl.Webshell.GammaShell inbound connection attempt | |
60585 | MALWARE-CNC Perl.Webshell.GammaShell inbound connection attempt | |
60586 | MALWARE-CNC Perl.Webshell.GammaShell inbound connection attempt | |
60587 | MALWARE-CNC Perl.Webshell.GammaShell outbound connection attempt | |
60588 | MALWARE-OTHER Perl.Webshell.GoShell upload attempt | |
60589 | MALWARE-OTHER Php.Webshell.GoShell download attempt | |
60590 | MALWARE-CNC Perl.Webshell.GoShell inbound connection attempt | |
60591 | MALWARE-CNC Perl.Webshell.GoShell outbound connection attempt | |
60600 | MALWARE-TOOLS Win.Trojan.Mansabo Cobalt Strike download attempt | www.virustotal.com/gui/file/c6a948be6c714e8dcce8f0fc9c2dce8b3d1f22fee9246089dbbbe1046aed8c03 |
60603 | OS-MOBILE Mali GPU memory alias privilege escalation attempt | CVE-2022-20186 |
60614 | OS-WINDOWS Windows DACL privilege escalation attempt | CVE-2019-0841 |
60622 | MALWARE-TOOLS Win.Trojan.LockBit variant binary download attempt | www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/ |
60626 | OS-OTHER Apple Mac iOS IOKit keyboard driver privilege escalation attempt | CVE-2014-4404 |
60637 | MALWARE-OTHER MultiOS.Backdoor.antSword inbound connection attempt | |
60638 | MALWARE-CNC Win.Backdoor.Agent inbound connection attempt | |
60639 | MALWARE-CNC Win.Backdoor.Agent inbound connection attempt | |
60640 | MALWARE-OTHER MultiOS.Backdoor.Agent implant attempt | |
60641 | MALWARE-CNC MultiOS.Backdoor.Agent inbound connection attempt | |
60644 | OS-LINUX Linux kernel route4_change use after free attempt | CVE-2022-2588 |
60648 | BROWSER-CHROME Chrome IPC memory dump attempt | CVE-2021-37976 |
60666 | OS-MOBILE Android ACDB driver ioctl overflow attempt | CVE-2013-2597 |
60669 | OS-WINDOWS Virtual Box kernel address tampering attempt | CVE-2008-3431 |
60682 | OS-MOBILE Android sk_buff use-after-free attempt | CVE-2021-0920 |
60684 | BROWSER-WEBKIT Apple Safari WebCore command cross site scripting attempt | CVE-2019-8720 |
60697 | SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt | CVE-2022-34878 |
60703 | BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt | CVE-2014-2817 |
61061 | OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt | CVE-2023-21552 |
61063 | OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt | CVE-2023-21674 |
61065 | OS-WINDOWS Microsoft Windows AFD.sys privilege escalation attempt | CVE-2023-21768 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
40062
48577
25530
58701