CTEP/IPS Threat Content Update Release Notes 95.0.1.199
Refer to the following summary of signatures deployed with the IPS content release:
Total signatures: 20949
Signatures added: 110
Signatures modified: 09
Signatures removed: 05
Signatures Added
SID | Description | Reference |
|---|---|---|
57487 | SERVER-WEBAPP Microsoft Exchange MeetingHandler remote code execution attempt | CVE-2021-28482 |
59625 | MALWARE-CNC Win.Downloader.PlugX download attempt | |
59624 | MALWARE-CNC Win.Downloader.PlugX outbound connection | |
59489 | SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt | CVE-2019-2615 |
59481 | SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt | CVE-2020-13945 |
59487 | FILE-IMAGE LibTIFF tiffcrop integer overflow attempt | CVE-2016-9537 |
59548 | FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt | CVE-2013-4298 |
57252 | SERVER-MAIL Microsoft Exchange Server arbitrary file write attempt | CVE-2021-27065 |
57253 | SERVER-MAIL Microsoft Exchange Server arbitrary file write attempt | CVE-2021-27065 |
59560 | FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt | CVE-2015-5212 |
140810 | MALWARE-CNC Communication with the Kelihos C&C Server over HTTP attempt | - |
57233 | SERVER-OTHER Microsoft Exchange Server Unified Messaging arbitrary code execution attempt | CVE-2021-26857 |
59505 | FILE-OTHER Symantec Norton Antivirus ccScanw.dll Unpack ShortLZ memory corruption attempt | CVE-2016-2207 |
59500 | PUA-OTHER XMRig cryptocurrency miner outbound connection | |
59501 | MALWARE-CNC Win.Infostealer.ZingoStealer outbound connection | |
59353 | MALWARE-OTHER Php.Webshell.SmallShell download attempt | |
59352 | MALWARE-OTHER Php.Webshell.SmallShelldownload attempt | |
140134 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | |
140131 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | |
140130 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | |
140133 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | |
140132 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | |
59623 | MALWARE-CNC Win.Downloader.PlugX outbound connection | |
59622 | MALWARE-CNC Win.Downloader.PlugX outbound connection | |
59268 | MALWARE-OTHER Win.Trojan.CaddyWiper download attempt | |
59480 | SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt | CVE-2020-13945 |
59556 | PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt | CVE-2019-10984 |
59553 | FILE-JAVA IBM Java SDK privilege escalation attempt | CVE-2012-4822 |
59424 | FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt | CVE-2018-18988 |
59348 | MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt | |
59582 | FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt | CVE-2019-10947 |
59543 | FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt | CVE-2019-10996 |
59492 | FILE-OTHER Microsoft Windows GDI memory corruption attempt | CVE-2018-8472 |
59503 | FILE-IMAGE Microsoft Windows asycfilt.dll malformed jpeg buffer overread attempt | CVE-2016-7212 |
59490 | SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt | CVE-2019-2615 |
59467 | FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt | CVE-2017-10953 |
59430 | MALWARE-OTHER Unix.Malware.B1txor20 download attempt | |
59347 | MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt | |
59349 | MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt | |
59431 | MALWARE-OTHER Unix.Malware.B1txor20 download attempt | |
140900 | MALWARE-CNC Lokibot c2c outbound connection attempt | virustotal.com/gui/file/c9038e31f798119d9e93e7eafbdd3e0f215e24ee2200fcd2a3ba460d549894ab/detection |
59405 | EXPLOIT-KIT Operation Dream Job profile attempt | virustotal.com/gui/file/03a41d29e3c9763093aca13f1cc8bcc41b201a6839c381aaaccf891204335685 |
59418 | SERVER-OTHER Git HTTP server submodule potential remote code execution attempt | CVE-2017-1000117 |
59419 | SERVER-OTHER Git HTTP server submodule potential remote code execution attempt | CVE-2017-1000117 |
59422 | FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt | CVE-2018-18986 |
59428 | FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt | CVE-2018-19027 |
59478 | FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt | CVE-2018-4904 |
59476 | SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt | CVE-2019-3975 |
59477 | SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt | CVE-2019-3953 |
59474 | FILE-OTHER FreeBSD bspatch utility remote code execution attempt | CVE-2014-9862 |
140876 | MALWARE-CNC Win.Trojan.OleAut32.Win.Trojan.Malicious Activity | www.virustotal.com/gui/file/152c4ed36cdcc5dc3c3f073b90041233a3a7b7b2953c0e21f6d90db393bc8257 |
59452 | FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt | CVE-2018-10115 |
59332 | SERVER-WEBAPP Car Rental Management System local file inclusion attempt | CVE-2020-29227 |
59545 | FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt | CVE-2015-5426 |
59552 | FILE-JAVA IBM Java SDK privilege escalation attempt | CVE-2012-4822 |
59632 | FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt | CVE-2014-9163 |
57243 | SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt | CVE-2021-26855 |
57242 | SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt | CVE-2021-26855 |
57241 | SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt | CVE-2021-26855 |
57246 | SERVER-WEBAPP Microsoft Exchange Server arbitrary file write attempt | CVE-2021-26858 |
57245 | SERVER-WEBAPP Microsoft Exchange Server arbitrary file write attempt | CVE-2021-26858 |
57244 | SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt | CVE-2021-26855 |
59575 | FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt | CVE-2011-2696 |
59580 | FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt | CVE-2019-10947 |
140809 | MALWARE-CNC Communication with the Kelihos C&C Server over HTTP attempt | - |
140808 | MALWARE-CNC Communication with aa20-301a using HTTP attempt | |
140801 | MALWARE-CNC Zeus C&C Connection attempt | |
140803 | MALWARE-CNC Ransom.CryptoBit C&C server outbound connection attempt | unit42.paloaltonetworks.com/unit42-cryptobit-another-ransomware-family-gets-an-update/ |
140802 | MALWARE-CNC Zeus C&C Connection attempt | |
140805 | MALWARE-CNC Communication with aa20-301a using HTTP attempt | |
140806 | MALWARE-CNC Communication with aa20-301a using HTTP attempt | |
59538 | BROWSER-OTHER Electronic Arts Origin Client template injection attempt | CVE-2019-11354 |
140128 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | |
140129 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | |
140124 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | |
140120 | SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt | |
140121 | SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt | - |
53063 | POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt | CVE-2020-0692 |
59273 | SERVER-WEBAPP DOTNETNUKE DNNPersonalization Cookie Deserialization RCE | CVE-2018-18326 |
59463 | INDICATOR-SHELLCODE Java object deserialization exploit attempt | CVE-2020-3280 |
59509 | FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt | CVE-2019-1788 |
59507 | FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt | CVE-2019-1788 |
140804 | MALWARE-CNC Communication with aa20-301a using HTTP attempt | |
140807 | MALWARE-CNC Communication with aa20-301a using HTTP attempt | |
59491 | SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt | CVE-2019-2615 |
59472 | FILE-OFFICE Microsoft JET Database remote code execution attempt | CVE-2018-1003 |
59354 | MALWARE-OTHER Php.Webshell.SmallShell upload attempt | |
59421 | MALWARE-CNC Win.Infostealer.MarsStealer outbound connection | |
59420 | MALWARE-CNC Win.Trojan.GraphSteel outbound connection | |
59351 | MALWARE-OTHER Php.Webshell.SmallShell upload attempt | |
59350 | MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt | |
59454 | FILE-OTHER Perl archive tar arbitrary file overwrite attempt | CVE-2018-12015 |
140126 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | |
140127 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | |
140125 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | |
140122 | SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt | |
140123 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | |
59400 | FILE-OFFICE Microsoft Word tblStylePr use after free attempt | CVE-2014-4117 |
59455 | FILE-OTHER Perl archive tar arbitrary file overwrite attempt | CVE-2018-12015 |
59469 | FILE-IMAGE JasPer jp2_decode out of bounds read attempt | CVE-2017-9782 |
59398 | FILE-OFFICE Microsoft Word tblStylePr use after free attempt | CVE-2014-4117 |
59396 | FILE-OFFICE Microsoft Word tblStylePr use after free attempt | CVE-2014-4117 |
59466 | FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt | CVE-2019-18240 |
59667 | SERVER-APACHE SVN URL command injection attempt | CVE-2017-9800 |
59664 | FILE-OFFICE Microsoft Word internal object auto update attempt | CVE-2017-0199 |
59447 | PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt | CVE-2020-16243 |
59446 | MALWARE-CNC Java.Trojan.Verblecon variant outbound connection | www.virustotal.com/gui/file/f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6 |
59445 | MALWARE-CNC Java.Trojan.Verblecon variant outbound connection | www.virustotal.com/gui/file/f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6 |
59607 | MALWARE-CNC Doc.Dropper.Lazarus variant outbound connection | |
59584 | FILE-OFFICE Microsoft Office XML nested num tag double-free attempt | CVE-2015-1650 |