CTEP/IPS Threat Content Update Release Notes 100.0.1.298
Refer to the following summary of signatures deployed on 7th February, 2023 with the IPS content release:
Total signatures: 20301
Signatures added : 19
Signatures modified: 03
Signatures removed: 30
Signatures Added
SID | Description | Reference |
|---|---|---|
140139 | MALWARE-CNC HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | No Reference |
150579 | MALWARE-CNC Roboto.C2.Web outbound traffic detected | No Reference |
150574 | MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection | No Reference |
150575 | MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection | No Reference |
150576 | MALWARE-CNC GhostMiner.Ccbot.Trojan.C2.Web variant outbound connection | No Reference |
150577 | MALWARE-CNC Echobot.C2.Web.Communication outbound traffic detected | No Reference |
150571 | MALWARE-CNC MAJIKPOS.Beacon traffic detected | No Reference |
150572 | MALWARE-CNC MODPOS.Beacon traffic detected | No Reference |
150573 | MALWARE-CNC PoisonPlug.checkin traffic detected | No Reference |
150290 | MALWARE-CNC A101-031 Command and Control - MAZE C2 Beacon Variant2 | No Reference |
140140 | MALWARE-CNC Win32/Suspected Reverse Shell Connection | |
140141 | MALWARE-CNC Cobalt Strike Beacon (Bing Profile) | |
150578 | MALWARE-CNC Ngioweb.Botnet.Communication outbound traffic detected | No Reference |
140144 | MALWARE-CNC Possible Metasploit Payload Common Construct Bind_API (from server) | No Reference |
140145 | MALWARE-CNC Cobalt Strike Malleable C2 (Unknown Profile) | No Reference |
140146 | MALWARE-CNC Cobalt Strike Beacon Observed | No Reference |
140142 | MALWARE-CNC Cobalt Strike Malleable C2 JQuery Custom Profile Response | No Reference |
140143 | MALWARE-CNC Cobalt Strike Malleable C2 JQuery Custom Profile M3 | No Reference |
150289 | MALWARE-CNC A100-277 Command and Control - APT35 SHAMOON C2 Beacon | virustotal.com/en/file/61c1c8fc8b268127751ac565ed4abd6bdab8d2d0f2ff6074291b2d54b0228842/analysis/ |
Signatures Removed
Removed the following signatures due to False Positives (FP):
50518
60483
59209
40073
34518