CTEP/IPS Threat Content Update Release Notes 93.0.1.165
Refer to the following summary of signatures deployed with the IPS content release:
Total signatures: 20709
Signatures added: 36
Signatures modified: 0
Signatures removed: 29
Signatures Added
SID | DESCRIPTION | REFERENCE |
---|---|---|
59107 | OS-WINDOWS Microsoft Windows RDP path redirection remote code execution attempt | CVE-2022-21990 |
59213 | OS-WINDOWS Microsoft Windows Cloud Files Mini Filter driver elevation of privilege attempt | CVE-2022-23286 |
59210 | OS-WINDOWS Microsoft Windows PDEV escalation of privilege attempt | CVE-2022-23299 |
59216 | BROWSER-IE Microsoft Internet Explorer security zone bypass attempt | CVE-2022-24502 |
59221 | OS-WINDOWS Microsoft Windows Winsock local privilege escalation attempt | CVE-2022-24507 |
58933 | MALWARE-OTHER Xls.Dropper.MuddyWater variant download attempt | virustotal/fcdd38ff378605c66 333429d9df2242fbce25a5f6 9f4d6d4c11d9613bcb409b0/ |
58938 | MALWARE-CNC Ps1.Malware.MuddyWater outbound cnc connection | - |
58946 | FILE-OTHER PEAR Archive Tar code deserialization attempt | CVE-2020-28949 |
58949 | MALWARE-CNC Win.Trojan.Qakbot variant outbound connection | |
58903 | MALWARE-CNC Win.Trojan.Qakbot variant beaconing attempt | virustotal/3ec118323b5c34e d63d56b7969a1cb2c605922 459210c174eb58a6cc19a86 3ea |
58904 | MALWARE-CNC Win.Trojan.Qakbot variant beaconing attempt | virustotal/3ec118323b5c34e d63d56b7969a1cb2c605922 459210c174eb58a6cc19a86 3ea |
58925 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell download attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/ |
58923 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell inbound connection attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/ |
58941 | FILE-OTHER PEAR Archive TAR symbolic link file overwrite attempt | CVE-2020-36193 |
58957 | MALWARE-CNC Win.RAT.AridViper outbound connection | virustotal/1d4e54529feef538 50f97f39029a906d53f3d4b2 aea8373e27c413324a55681 c/ |
58955 | OS-LINUX Polkit pkexec privilege escalation attempt | CVE-2021-4034 |
58958 | MALWARE-CNC Win.RAT.AridViper outbound connection | virustotal/1d4e54529feef538 50f97f39029a906d53f3d4b2 aea8373e27c413324a55681 c/ |
58918 | MALWARE-OTHER Php.Webshell.529 inbound connection attempt | virustotal/f1743a695b78e79 4a822f71601fbab666d72043 e06d36988289cd3d95d1c0c 2d/ |
58919 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell outbound connection attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/ |
58912 | MALWARE-OTHER Php.Webshell.AcceptLanguage upload attempt | |
58913 | MALWARE-OTHER Php.Webshell.AcceptLanguage download attempt | |
58916 | MALWARE-OTHER Php.Webshell.529 inbound connection attempt | virustotal/f1743a695b78e79 4a822f71601fbab666d72043 e06d36988289cd3d95d1c0c 2d/ |
58917 | MALWARE-OTHER Php.Webshell.529 upload attempt | virustotal/f0c6d7bae013954 6de727a428d7ed5be164517 7dbab0ef25b639336f271af6 06/ |
58914 | MALWARE-OTHER Php.Webshell.529 outbound connection attempt | virustotal/f1743a695b78e79 4a822f71601fbab666d72043 e06d36988289cd3d95d1c0c 2d/ |
58915 | MALWARE-OTHER Php.Webshell.529 download attempt | virustotal/f0c6d7bae013954 6de727a428d7ed5be164517 7dbab0ef25b639336f271af6 06/ |
58930 | MALWARE-OTHER Ps1.Downloader.MuddyWater payload download attempt | virustotal/c9931382f844b61 a002f83db1ae475953bbab4 49529be737df1eee8b3065f6 eb/ |
58931 | MALWARE-OTHER Ps1.Downloader.MuddyWater payload download attempt | virustotal/c9931382f844b61 a002f83db1ae475953bbab4 49529be737df1eee8b3065f6 eb/ |
58936 | MALWARE-OTHER Xls.Dropper.MuddyWater variant download attempt | virustotal/26ed7e89b3c5058 836252e0a8ed9ec6b58f5f82 a2e543bc6a97b3fd17ae3e4 ec/ |
58937 | MALWARE-CNC Ps1.Malware.MuddyWater outbound cnc connection | virustotal/b1e30cce6df16d83 b82b751edca57aa17795d8d 0cdd960ecee7d90832b0ee7 6c/ |
58943 | MALWARE-CNC Win.Malware.Emotet cnc outbound connection attempt | |
140834 | MALWARE-OTHER Matanbuchus Qakbot Infection Detected | virustotal/18bd1ae701ff57a6 d1119f18c53350688f41cbac 0ea1ad0cb73234f6ab73340 4 |
58924 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell upload attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/ |
58922 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell inbound connection attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/ |
58921 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell inbound connection attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/ |
58920 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell outbound connection attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/ |
58929 | MALWARE-OTHER Pdf.Downloader.MuddyWater variant download attempt | virustotal/d7de68febbbdb72f f820f6554afb464b5c204c43 4faa6ffe9b4daf6b691d535f/ |