CTEP/IPS Threat Content Update Release Notes 88.0.1.87
Refer to the following summary of signatures deployed with the IPS content release:
Total signatures: 20748
Signatures added: 77
Signatures removed: 06
Signature modified: 03
Signatures Added
SID | Description | Reference |
---|---|---|
57820 | MALWARE-OTHER ASPXSpy webshell download attempt | |
57681 | MALWARE-OTHER Sliver HTTP implant outbound poll attempt | |
57824 | MALWARE-CNC ASPXSpy webshell outbound connection attempt | abs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/ |
57782 | MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt | labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/ |
57780 | MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt | labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/ |
57781 | MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt | labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/ |
57786 | MALWARE-OTHER Win.Packed.SmokeLoader ransomware executable download attempt | |
57743 | MALWARE-CNC Java.Backdoor.StrRAT outbound connection attempt | |
57694 | MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt | |
57691 | MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt | microsoft.com/securit y/blog/2021/05/27/ne w-sophisticated-emai l-based-attack-from-n obelium/ |
57693 | MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt | |
57702 | MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt | |
57700 | MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt | |
57706 | MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt | |
57704 | MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt | |
57708 | MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt | |
57721 | MALWARE-BACKDOOR Win.Trojan.Moserpass outbound request attempt | www.virustotal.com/g ui/file/c2169ab4a392 20d21709964d57e2e afe4b68c115061cbb6 4507cfbbddbe635c6/ |
6407 | APP-DETECT Gizmo register VOIP state | |
57696 | MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt | |
57697 | MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt | |
57690 | MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt | microsoft.com/securit y/blog/2021/05/27/ne w-sophisticated-emai l-based-attack-from-n obelium/ |
57816 | MALWARE-OTHER ASPXSpy webshell download attempt | |
57817 | MALWARE-OTHER ASPXSpy webshell upload attempt | |
57814 | MALWARE-OTHER Win.Trojan.Deadwood download attempt | |
57815 | MALWARE-OTHER Win.Trojan.Apostle download attempt | |
57818 | MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt | |
57819 | MALWARE-OTHER ASPXSpy webshell upload attempt | |
57858 | MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt | |
57852 | MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt | |
57870 | MALWARE-CNC Netfilter rootkit outbound connection attempt | msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/ |
57871 | MALWARE-CNC Netfilter rootkit download attempt | msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/ |
57874 | MALWARE-OTHER Win.Ransomware.Babuk payload download attempt | |
57826 | MALWARE-CNC ASPXSpy webshell inbound connection attempt | labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/ |
57676 | MALWARE-OTHER Sliver HTTP implant outbound public key request attempt | |
57677 | MALWARE-OTHER Sliver HTTP implant outbound session initialization attempt | |
57675 | MALWARE-OTHER Sliver HTTP implant outbound public key request attempt | |
57678 | MALWARE-OTHER Sliver HTTP implant outbound message attempt | |
57679 | MALWARE-OTHER Sliver HTTP implant outbound message attempt | |
57797 | INDICATOR-OBFUSCATION Javascript obfuscation using parseInt | |
57788 | MALWARE-OTHER Win.Trojan.Lazagne malicious executable download attempt | |
57787 | MALWARE-OTHER Win.Malware.Agent malicious executable download attempt | |
57838 | BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt | |
57832 | OS-OTHER Apple macOS Gatekeeper bypass attempt | CVE-2021-30657 |
57682 | MALWARE-OTHER Sliver HTTP implant outbound public key request attempt | |
57773 | MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected | |
57710 | MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt | |
57712 | MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt | |
57715 | MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt | |
57714 | MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt | |
57717 | MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt | |
57716 | MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt | |
57739 | MALWARE-OTHER Win.Trojan.C3Framework payload download attempt | |
57840 | BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt | |
57846 | MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection | |
57680 | MALWARE-OTHER Sliver HTTP implant outbound message attempt | |
57687 | MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt | |
57850 | MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt | |
57851 | MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt | |
57740 | MALWARE-OTHER Win.Trojan.C3Framework payload download attempt | |
57823 | MALWARE-CNC ASPXSpy webshell outbound connection attempt | labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/ |
57827 | MALWARE-CNC ASPXSpy webshell inbound connection attempt | labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/ |
57825 | MALWARE-CNC ASPXSpy webshell inbound connection attempt | labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/ |
57828 | MALWARE-CNC ASPXSpy webshell outbound connection attempt | labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/ |
57849 | MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection | |
57848 | MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection | |
57843 | MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection | |
57842 | MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection | |
57845 | MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection | |
57844 | MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection | |
57847 | MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection | |
57867 | MALWARE-CNC Netfilter rootkit download attempt | msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/ |
57866 | MALWARE-CNC Netfilter rootkit outbound connection attempt | msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/ |
57865 | MALWARE-CNC Netfilter rootkit download attempt | msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/ |
57864 | MALWARE-CNC Netfilter rootkit outbound connection attempt | msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/ |
57869 | MALWARE-CNC Netfilter rootkit outbound connection attempt | msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/ |
57868 | MALWARE-CNC Netfilter rootkit outbound connection attempt | msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/ |
57998 | BROWSER-IE Microsoft Internet Explorer memory corruption attempt | CVE-2021-34480 |
Signatures Modified
SID | Description | Reference |
---|---|---|
26527 | EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt | blog.sucuri.net/2013/ 04/apache-binary-ba ckdoors-on-cpanel-b ased-servers.html |
57429 | BROWSER-CHROME Google Chrome Math.max memory corruption attempt | CVE-2021-21224 |
3816 | SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt | CVE-2005-0595 |
Signatures Removed
SID | Description | Reference |
---|---|---|
57901 | MALWARE-CNC Doc.Downloader.Emotet variant outbound connection attempt | |
57890 | OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt | CVE-2021-34449 |
57894 | OS-WINDOWS Microsoft Windows Kernel privilege escalation attempt | CVE-2021-31979 |
57896 | OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt | CVE-2021-33771 |
57893 | MALWARE-CNC Win.Trojan.TrickBot outbound connection attempt |