CTEP/IPS Threat Content Update Release Notes 92.0.1.157
Refer to the following summary of signatures deployed with the IPS content release:
Total signatures: 20703
Signatures added: 110
Signatures modified: 274
Signatures removed: 35
Signatures Added
SID | Description | Reference |
---|---|---|
58764 | MALWARE-OTHER Vbs.Downloader.Agent payload download attempt | www.virustotal.com/gui/file/48951f6847400dd39cba2f5ba0376e08bb4b7e36a4c3567792289734758b7bf9 |
58762 | MALWARE-OTHER Win.Downloader.Agent payload download attempt | www.virustotal.com/gui/file/44f5442b45a48365cdd6c7d1f16ba19dea4fb1865ea4e9178c5758929f59d0f7 |
58609 | OS-OTHER Apple macOS kernel memory leak attempt | CVE-2020-27950 |
59008 | OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt | CVE-2022-21996 |
58547 | BROWSER-IE Microsoft Internet Explorer memory corruption attempt | CVE-2021-26411 |
58556 | OS-MOBILE ARM Mali GPU kernel use-after-free attempt | CVE-2021-28663 |
58780 | MALWARE-CNC Win.Infostealer.RedLine outbound connection | |
58524 | FILE-OTHER Apple Safari Type 1 fonts RCE attempt | CVE-2020-27930 |
140835 | MALWARE-OTHER TA551 Bazarloader Infection Detected | www.virustotal.com/gui/file/4d1ba7c3d9cf95d861266734c00defbb10d3aae10aae1380029976a340a9e270 |
140837 | MALWARE-OTHER QAKBOT Distribution Detected | www.virustotal.com/gui/file/bd445bae74162f8e6b8d8e855b91d292df13fe28f41d08867edb2a8668d8c734 |
58631 | FILE-OTHER VMware Fusion privilege escalation attempt | CVE-2020-3950 |
140838 | MALWARE-OTHER Bazarloader CS Infection Detected | www.virustotal.com/gui/file/981cdead74b028ee7fb081f369abfde84e1e2ab1cd54ddd3b602ec937651904d |
58434 | MALWARE-OTHER Php.Webshell.Generic download attempt | |
58437 | MALWARE-OTHER Php.Webshell.Generic download attempt | |
58436 | MALWARE-OTHER Php.Webshell.Generic upload attempt | |
58431 | MALWARE-CNC Win.Trojan.MirrorBlast outbound connection | |
58430 | MALWARE-CNC Win.Trojan.MirrorBlast outbound connection | |
58433 | MALWARE-CNC Win.Trojan.MirrorBlast outbound connection | |
58432 | MALWARE-CNC Win.Trojan.MirrorBlast outbound connection | |
58439 | MALWARE-OTHER Php.Webshell.Generic download attempt | |
58438 | MALWARE-OTHER Php.Webshell.Generic upload attempt | |
58603 | OS-MOBILE Apple iOS voucher release privilege escalation attempt | CVE-2021-1782 |
58600 | BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt | CVE-2021-30632 |
58685 | FILE-OTHER HP Multi-Function Printer memory corruption attempt | CVE-2021-39238 |
58683 | BROWSER-CHROME Google Chrome ScriptProcessorNode race condition exploit attempt | CVE-2021-21166 |
59006 | OS-WINDOWS Windows Common log file system driver elevation of privilege attempt | CVE-2022-22000 |
58621 | FILE-OTHER Apple iOS Webkit universal XSS attempt | CVE-2021-1879 |
58865 | MALWARE-CNC Win.Trojan.Beacon outbound connection | |
58850 | MALWARE-OTHER Win.Ransomware.Rollcoast download attempt | |
58453 | MALWARE-OTHER Php.Webshell.Generic upload attempt | |
58451 | MALWARE-CNC Php.Webshell.Generic outbound connection attempt | |
58498 | MALWARE-CNC Win.Trojan.Kimsuky outbound connection | |
58493 | MALWARE-OTHER Tool.Webshell.Generic upload attempt | |
58491 | MALWARE-OTHER Tool.Webshell.Generic download attempt | |
58497 | MALWARE-CNC Win.Trojan.Kimsuky outbound connection | |
58496 | MALWARE-CNC Win.Trojan.Kimsuky outbound connection | |
58495 | MALWARE-CNC Win.Ransomware.Magniber variant beacon | www.virustotal.com/gui/file/10b9b1d8f6bafd9bb57ccfb1da4a658f10207d566781fa5fb3c4394d283e860e |
58494 | MALWARE-OTHER Tool.Webshell.Generic download attempt | |
58801 | INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt | CVE-2021-4104 |
58777 | MALWARE-CNC Win.Trojan.FormBook outbound connection attempt | |
58772 | MALWARE-CNC Rat.Trojan.Netwire variant cnc connection | www.virustotal.com/gui/file/574b348f67921ce34f660afe2ff75d0538bd5ea203739a77479dba7f026f0476 |
58773 | MALWARE-CNC Rat.Trojan.AsyncRAT variant cnc connection | www.virustotal.com/gui/file/1490f6303a675ded86c22841f87868c6f0867e922671e0426f499e46a72060d2 |
58770 | MALWARE-CNC Rat.Trojan.Nanocore variant cnc connection | www.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545 |
58778 | MALWARE-CNC Win.Infostealer.RedLine outbound connection | |
58779 | MALWARE-CNC Win.Infostealer.RedLine outbound connection | |
58759 | MALWARE-OTHER Win.Trojan.Agent variant payload download attempt | www.virustotal.com/gui/file/8abecb0f68492aae05022d5881c9db1c7964646101be27b70c8b1ae3df985590 |
140836 | MALWARE-OTHER QAKBOT Distribution Detected | www.virustotal.com/gui/file/ce1b3d798bfdcd7503d29ff5841039ef7cb3fec51d7dd56cd 3344b39a15fd4be |
58492 | MALWARE-OTHER Tool.Webshell.Generic upload attempt | |
140833 | MALWARE-OTHER Emotet Epoch-4 Infection | www.virustotal.com/gui/file/555dff455242a5f82f79eecb66539bfd1daa842481168f1f1df911ac05a1cfba |
58642 | FILE-PDF Adobe Acrobat Reader DC memory corruption attempt | CVE-2021-28639 |
58640 | FILE-PDF Adobe Acrobat Reader DC memory corruption attempt | CVE-2021-28639 |
58641 | FILE-PDF Adobe Acrobat Reader DC memory corruption attempt | CVE-2021-28639 |
58711 | MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt | |
58713 | MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt | |
58582 | POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt | CVE-2021-33044 |
58781 | MALWARE-CNC Win.Infostealer.RedLine outbound connection | ui/file/0051c204c64ac8bc73788990d397d2c12b931529208f33dd3693d6ef9ba1380/detection |
58452 | MALWARE-OTHER Php.Webshell.Generic download attempt | |
58527 | MALWARE-CNC Win.Trojan.STRRAT variant outbound connection | isc.sans.edu/forums/diary/strrat+a+javabased+rat+that+doesnt+care+if+you+have+java/27798/ |
58526 | MALWARE-CNC Win.Trojan.STRRAT variant outbound connection | virustotal.com/en/file/f148e9a2089039a66fa624e1ffff5ddc5ac5190ee9fdef35a0e973725b60fbc9/analysis/ |
59004 | OS-WINDOWS Microsoft Windows NPFS file system privilege escalation attempt | CVE-2022-22715 |
59001 | OS-WINDOWS Microsoft Windows Kernel privilege escalation attempt | CVE-2022-21989 |
140845 | MALWARE-OTHER Mirrorblast infection Detected-2 | www.virustotal.com/gui/file/4648edc370e61a52c95d3f525391e0154406fd661d01d091f2d9dba9f8a485f2 |
140844 | MALWARE-OTHER Mirrorblast infection Detected | www.virustotal.com/gui/file/f4891094d6623dadbf84486b85a29b4bd0badf28ee100bc0e44c550715614e62 |
140841 | MALWARE-OTHER Obama Infection with CS Detected | www.virustotal.com/gui/file/73f9a63b139bf560cbbec05febf73cebbf4ca9051e0c8e14d9d45098e138c34a |
140840 | MALWARE-OTHER Stolen Images Bazarloader Infection Detected-2 | www.virustotal.com/gui/file/a3d502012d1cded2d5a936372a08073db9b85dd2323908f9d55d802c24e8aa20 |
140842 | MALWARE-OTHER Obama Infection with CS Detected-2 | www.virustotal.com/gui/file/c4dfafbe698285e5f95e0e75a5bcda4642e9f6fcf826df51c90957a49cd2a4d1 |
57938 | BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt | CVE-2021-30602 |
58791 | MALWARE-OTHER Win.Ransomware.Blackbyte malicious javascript file download attempt | mcit.gov.ws/2021/08/06/cs-advisory-ca003-blackbyte-ransomware/ |
58792 | MALWARE-OTHER Win.Ransomware.Blackbyte malicious executable file download attempt | mcit.gov.ws/2021/08/06/cs-advisory-ca003-blackbyte-ransomware/ |
58796 | MALWARE-CNC Win.Backdoor.FatalRat variant beaconing attempt | www.virustotal.com/gui/file/e52af19dce25d51f9cf258613988b8edc583f7c7e134d3e1b834d9aab9c7c4c4 |
58571 | FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt | CVE-2021-30713 |
58580 | MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt | CVE-2019-18988 |
58619 | OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt | CVE-2021-30807 |
58615 | OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt | CVE-2004-0420 |
58617 | OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt | CVE-2004-0420 |
58616 | OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt | CVE-2004-0420 |
58611 | BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt | CVE-2019-17026 |
58613 | BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt | CVE-2021-30551 |
58429 | MALWARE-CNC Win.Trojan.MirrorBlast outbound connection | |
58586 | OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt | CVE-2020-0683 |
58651 | MALWARE-CNC Win.Trojan.MagnatExtension outbound connection | |
58650 | MALWARE-CNC Win.Backdoor.Magnat outbound connection | |
58655 | OS-WINDOWS Microsoft Windows file signature spoofing attempt | CVE-2020-1464 |
58658 | MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt | www.virustotal.com/gui/file/ac092962654b46a670b030026d07f5b8161cecd2abd6eece52b7892965aa521b |
140843 | MALWARE-OTHER Ursniff Malware Infection Detected | www.virustotal.com/gui/file/04c39c93147e33357d02235bfd7b2a095e82f558b78c2a3ce2bfafed896a564c |
58712 | MALWARE-OTHER Asp.Webshell.NewCon2 download attempt | |
58852 | MALWARE-CNC Win.Trojan.BazarLoader outbound connection | |
58993 | OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attempt | CVE-2022-22718 |
58999 | OS-WINDOWS Microsoft Windows Desktop Window Manager type confusion attempt | CVE-2022-21994 |
58448 | MALWARE-CNC Win.Trojan.STRRAT variant outbound request detected | |
58833 | SERVER-WEBAPP Nagios XI remote command execution attempt | CVE-2019-15949 |
58782 | FILE-PDF Adobe Reader Uninitialized object RCE attempt | no reference |
58815 | FILE-EXECUTABLE GIGABYTE GPCIDrv and GDrv driver privilege escalation attempt | CVE-2018-19323 |
58767 | MALWARE-CNC Rat.Trojan.Nanocore variant cnc connection | www.virustotal.com/ui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545 |
58766 | MALWARE-CNC Rat.Trojan.Nanocore variant cnc connection | www.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545 |
58761 | MALWARE-OTHER Win.Dropper.Agent HCrypt PowerShell payload download attempt | www.virustotal.com/gui/file/be02ba931ff61e5fb9ea332d41cf347d12fc84b4557ad28d82d2b2551406e4da |
58769 | MALWARE-CNC Rat.Trojan.Nanocore variant cnc connection | www.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545 |
58768 | MALWARE-CNC Rat.Trojan.Nanocore variant cnc connection | www.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c65754 5 |
140834 | MALWARE-OTHER Matanbuchus Qakbot Infection Detected | www.virustotal.com/gui/file/18bd1ae701ff57a6d1119f18c53350688f41cbac0ea1ad0cb73234f6ab733404 |
140831 | MALWARE-OTHER Emotet Epoch-5 Infection | www.virustotal.com/gui/file/4a1ea7affcba0788556ae5bd402178b65274dc2b8f1b7aea7b7813d9cc4346e5 |
140832 | MALWARE-OTHER Bazarloader Infection Detected | www.virustotal.com/gui/file/30d991153e4d40909ff95b5252ce6f82b7e4ab064214da4ff28f02bd45ffd6fa |
140839 | MALWARE-OTHER Stolen Images Bazarloader Infection Detected-1 | www.virustotal.com/gui/file/f136e8eebfa0c6caf9b0300ef18ed6a73fefa4e298e10620547692350c6a37c6 |
39242 | BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt | CVE-2016-3210 |
58702 | MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt | |
58701 | MALWARE-OTHER Php.Webshell.PhpJackal download attempt | |
58700 | MALWARE-OTHER Php.Webshell.PhpJackal upload attempt | |
58435 | MALWARE-OTHER Php.Webshell.Generic upload attempt | |
58585 | POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt | CVE-2021-33045 |
58814 | POLICY-OTHER Java User-Agent remote class download attempt | CVE-2021-44228 |
58564 | MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt | www.virustotal.com/gui/file/3c280f4b81ca4773f89dc4882c1c1e50ab1255e1975372109b37cf782974e96f |