CTEP/IPS Threat Content Update Release Notes 88.0.1.87

CTEP/IPS Threat Content Update Release Notes 88.0.1.87

Refer to the following summary of signatures deployed with the IPS content release:

  • Total signatures: 20748
  • Signatures added: 77
  • Signatures removed: 06
  • Signature modified: 03

Signatures Added

SIDDescriptionReference
57820MALWARE-OTHER ASPXSpy webshell download attemptwww.virustotal.com/gui/file/e4ea1728e19699612b5614cc0b8829a4bf749870648be6efc1b8a88c036f3607/detection
57681MALWARE-OTHER Sliver HTTP implant outbound poll attemptgithub.com/bishopfox/sliver
57824MALWARE-CNC ASPXSpy webshell outbound connection attempt
57782MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
57780MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
57781MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt
57786MALWARE-OTHER Win.Packed.SmokeLoader ransomware executable download attemptwww.virustotal.com/gui/file/d21c71a090cd6759efc1f258b4d087e82c281ce65a9d76f20a24857901e694fc/detection
57743MALWARE-CNC Java.Backdoor.StrRAT outbound connection attemptwww.virustotal.com/gui/file/7c24d99685623b604aa4b2686e9c1b843a4243eb1b0b7b096d73bcae3d8d5a79/detection
57694MALWARE-TOOLS Py.Trojan.NecroBot malicious download attemptwww.virustotal.com/en/file/d58c3694832812bc168834e2b8b3bfcb92f85a9d4523140ad010497baabc2c3d/analysis/
57691MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon downloadattemptmicrosoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
57693MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attemptwww.virustotal.com/en/file/8797ce228b32d890773d5dbac71cefa505b788cc8b25929be9832db422d8239b/analysis/
57702MALWARE-TOOLS Win.Trojan.NecroBot malicious download attemptwww.virustotal.com/en/file/19c25ce4302050aec3c921dd5cac546e8200a7e951d570b52fe344c421105ea8/analysis/
57700MALWARE-TOOLS Js.Trojan.NecroBot malicious download attemptwww.virustotal.com/en/file/e884bd4015d1b97227074bcf6cb9e8134b7afcfb6a3db758ca4654088403430a/analysis/
57706MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attemptwww.virustotal.com/en/file/2b77b93b8e1b8ef8650957d15aaf336cf70a7df184da060f86b9892c54eefb65/analysis/
57704MALWARE-TOOLS Win.Trojan.NecroBot malicious download attemptwww.virustotal.com/en/file/606258f10519be325c39900504e50d79e551c7a9399efb9b22a7323da3f6aa7a/analysis/
57708MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attemptwww.virustotal.com/en/file/80659cc37cb7fb831866f7d7b0043edc6918a99590bd9122815e18abb68daa35/analysis/
57721MALWARE-BACKDOOR Win.Trojan.Moserpass outbound request attemptwww.virustotal.com/gui/file/c2169ab4a39220d21709964d57e2eafe4b68c115061cbb64507cfbbddbe635c6/
6407APP-DETECT Gizmo register VOIP state
57696MALWARE-TOOLS Py.Trojan.NecroBot malicious download attemptwww.virustotal.com/en/file/8797ce228b32d890773d5dbac71cefa505b788cc8b25929be9832db422d8239b/analysis/
57697MALWARE-TOOLS Html.Trojan.NecroBot malicious download attemptwww.virustotal.com/en/file/d6403b9c069f08939fc2f9669dc7d5165ed66a1cae07788c3b27fffb30e890a0/analysis/
57690MALWARE-OTHER Win.Trojan.Nobelium ISO download attemptmicrosoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
57816MALWARE-OTHER ASPXSpy webshell download attemptwww.virustotal.com/gui/file/e9c6f384b63ebeaa729b7c97a179d409cdd859315ee2f6372a2a550e567445f/detection
57817MALWARE-OTHER ASPXSpy webshell upload attemptwww.virustotal.com/gui/file/e9c6f384b63ebeaa729b7c97a179d409cdd859315ee2f6372a2a550e567445f/detection
57814MALWARE-OTHER Win.Trojan.Deadwood download attemptwww.virustotal.com/gui/file/5eb5922b467474dccc7ab8780e32697f5afd59e8108b0cdafefb627b02bbd9ba/detection
57815MALWARE-OTHER Win.Trojan.Apostle download attemptwww.virustotal.com/gui/file/19dbed996b1a814658bef433bad62b03e5c59c2bf2351b793d1a5d4a5216d27e/detection
57818MALWARE-OTHER Win.Backdoor.IPSecHelper download attemptwww.virustotal.com/gui/file/40f329d0aaba0d55fc657802761c78be74e19a553de6fd2df592bccf3119ec16/detection
57819MALWARE-OTHER ASPXSpy webshell upload attemptwww.virustotal.com/gui/file/e4ea1728e19699612b5614cc0b8829a4bf749870648be6efc1b8a88c036f3607/detection
57858MALWARE-CNC Win.Downloader.VictoryDll outbound connection attemptresearch.checkpoint.com/2021/chinese-apt-group-targets-southeast-asian-government-with-previously-unknown-backdoor/
57852MALWARE-OTHER Win.Downloader.VictoryDll variant download attemptwww.virustotal.com/gui/file/d198c4d82eba42cc3ae512e4a1d4ce85ed92f3e5fdff5c248acd7b32bd46dc75/detection
57870MALWARE-CNC Netfilter rootkit outbound connection attemptmsrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
57871MALWARE-CNC Netfilter rootkit download attemptmsrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
57874MALWARE-OTHER Win.Ransomware.Babuk payload download attemptwww.virustotal.com/gui/file/2138c8a34a1eff40ba3fc81b6e3b7564c6b695b140e82f3fcf23b2ec2bf291cf/detection
57826MALWARE-CNC ASPXSpy webshell inbound connection attempt
57676MALWARE-OTHER Sliver HTTP implant outbound public key request attemptgithub.com/bishopfox/sliver
57677MALWARE-OTHER Sliver HTTP implant outbound session initializationattemptgithub.com/bishopfox/sliver
57675MALWARE-OTHER Sliver HTTP implant outbound public key request attemptgithub.com/bishopfox/sliver
57678MALWARE-OTHER Sliver HTTP implant outbound message attemptgithub.com/bishopfox/sliver
57679MALWARE-OTHER Sliver HTTP implant outbound message attemptgithub.com/bishopfox/sliver
57797INDICATOR-OBFUSCATION Javascript obfuscation using parseInt
57788MALWARE-OTHER Win.Trojan.Lazagne malicious executable downloadattemptwww.virustotal.com/gui/file/5a2e947aace9e081ecd2cfa7bc2e485528238555c7eeb6bcca560576d4750a50/detection
57787MALWARE-OTHER Win.Malware.Agent malicious executable download attemptwww.virustotal.com/gui/file/234e4df3d9304136224f2a6c37cb6b5f6d8336c4e105afce857832015e97f27a/detection
57838BROWSER-CHROME Google Chrome NewFixedDoubleArray memorycorruption attempt
57832OS-OTHER Apple macOS Gatekeeper bypass attemptCVE-2021-30657
57682MALWARE-OTHER Sliver HTTP implant outbound public key request attemptgithub.com/bishopfox/sliver
57773MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected
57710MALWARE-TOOLS Win.Trojan.NecroBot malicious download attemptwww.virustotal.com/en/file/19269ce9a0a44aca9d6b2deed7de71cf576ac611787c2af46819ca2aff44ce2a/analysis/
57712MALWARE-TOOLS Win.Trojan.NecroBot malicious download attemptwww.virustotal.com/en/file/a8bb386fa3a6791e72f5ec6f1dc26359b00d0ee8cb0ce866f452b7fff6dbb319/analysis/
57715MALWARE-CNC Multios.Trojan.NecroBot outbound connection attemptwww.virustotal.com/en/file/8797ce228b32d890773d5dbac71cefa505b788cc8b25929be9832db422d8239b/analysis/
57714MALWARE-CNC Multios.Trojan.NecroBot outbound connection attemptwww.virustotal.com/en/file/8797ce228b32d890773d5dbac71cefa505b788cc8b25929be9832db422d8239b/analysis/
57717MALWARE-CNC Multios.Trojan.NecroBot outbound connection attemptwww.virustotal.com/en/file/8797ce228b32d890773d5dbac71cefa505b788cc8b25929be9832db422d8239b/analysis/
57716MALWARE-CNC Multios.Trojan.NecroBot outbound connection attemptwww.virustotal.com/en/file/8797ce228b32d890773d5dbac71cefa505b788cc8b25929be9832db422d8239b/analysis/
57739MALWARE-OTHER Win.Trojan.C3Framework payload download attemptwww.virustotal.com/gui/file/04e4d5038235157b0e708831ead40cc97eeb1e82cb8eb4be8357e3698ec2d51a/detection
57840BROWSER-CHROME Google Chrome NewFixedDoubleArray memorycorruption attempt
57846MALWARE-CNC Win.Trojan.ActionRAT variant outbound connectionwww.virustotal.com/gui/file/e53a25c5ee5de4c9dc4ca531293270d1aa921b9fc110ecb2a0afb57872c51324/detection
57680MALWARE-OTHER Sliver HTTP implant outbound message attemptgithub.com/bishopfox/sliver
57687MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
57850MALWARE-OTHER Win.Backdoor.VictoryDll variant download attemptwww.virustotal.com/gui/file/0e8fb748cd58ab2fa754e2fa16e4390327a10593ca72bb6a3b90a1885cbe5387/detection
57851MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attemptwww.virustotal.com/gui/file/d198c4d82eba42cc3ae512e4a1d4ce85ed92f3e5fdff5c248acd7b32bd46dc75/detection
57740MALWARE-OTHER Win.Trojan.C3Framework payload download attemptwww.virustotal.com/gui/file/04e4d5038235157b0e708831ead40cc97eeb1e82cb8eb4be8357e3698ec2d51a/detection
57823MALWARE-CNC ASPXSpy webshell outbound connection attempt
57827MALWARE-CNC ASPXSpy webshell inbound connection attempt
57825MALWARE-CNC ASPXSpy webshell inbound connection attempt
57828MALWARE-CNC ASPXSpy webshell outbound connection attempt
57849MALWARE-CNC Win.Trojan.CetaRAT variant outbound connectionwww.virustotal.com/gui/file/3f34c61025b5cf46075d79e68efb5da0f4ac01c113d8c1aaff3903ccd9a0fa3e/detection
57848MALWARE-CNC Win.Trojan.CetaRAT variant outbound connectionwww.virustotal.com/gui/file/19e680eaa52c0ad14274b04141a8e172d2ec1a01a3f429263090a990120ad9df/detection
57843MALWARE-CNC Win.Trojan.ActionRAT variant outbound connectionwww.virustotal.com/gui/file/45918acc04ad790445fd423b348aa88855570d57ebed870741603a7e5473d456/detection
57842MALWARE-CNC Win.Trojan.ActionRAT variant outbound connectionwww.virustotal.com/gui/file/120d1835df79b464dce91fd4151a69bae5ef5603e6eb4821a79f8a84767f7724/detection
57845MALWARE-CNC Win.Trojan.ActionRAT variant outbound connectionwww.virustotal.com/gui/file/433a3e3023179959f8d99d29a645f0c29ed86beb172c23b22ca311a767cfbb74/detection
57844MALWARE-CNC Win.Trojan.ActionRAT variant outbound connectionwww.virustotal.com/gui/file/3a435ad1c01335d31c05ca77a125d0162c223c135363c120071b7bac284a64e3/detection
57847MALWARE-CNC Win.Trojan.CetaRAT variant outbound connectionwww.virustotal.com/gui/file/fa02de1f2dbd29f19e8ab0ff2931b063bd8f8ccadf0d7e321f0a02d2e2f86419/detection
57867MALWARE-CNC Netfilter rootkit download attemptmsrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
57866MALWARE-CNC Netfilter rootkit outbound connection attemptmsrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
57865MALWARE-CNC Netfilter rootkit download attemptmsrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
57864MALWARE-CNC Netfilter rootkit outbound connection attemptmsrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
57869MALWARE-CNC Netfilter rootkit outbound connection attemptmsrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
57868MALWARE-CNC Netfilter rootkit outbound connection attemptmsrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
57998BROWSER-IE Microsoft Internet Explorer memory corruption attemptCVE-2021-34480

Signatures Modified

SIDDescriptionReference
26527EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attemptblog.sucuri.net/2013/04/apache-binary-backdoors-on-cpanel-based-servers.html
57429BROWSER-CHROME Google Chrome Math.max memory corruptionattemptCVE-2021-21224
3816SERVER-WEBAPP BadBlue ext.dll buffer overflow attemptCVE-2005-0595

Signatures Removed

SIDDescriptionReference
57901MALWARE-CNC Doc.Downloader.Emotet variant outbound connection attemptwww.virustotal.com/#/file/2cb81a1a59df4a4fd222fbcb946db3d653185c2e79cf4d3365b430b1988d485f/detection
57890OS-WINDOWS Microsoft Windows Win32k privilege escalation attemptCVE-2021-34449
57894OS-WINDOWS Microsoft Windows Kernel privilege escalation attemptCVE-2021-31979
57896OS-WINDOWS Microsoft Windows kernel elevation of privilege attemptCVE-2021-33771
57893MALWARE-CNC Win.Trojan.TrickBot outbound connection attemptwww.virustotal.com/gui/file/b33f1abe6c9011aa598fb679135f0b543be2cd4e1178cba8bcf70a5859cb2f5e/detection
Share this Doc

CTEP/IPS Threat Content Update Release Notes 88.0.1.87

Or copy link

In this topic ...