CTEP/IPS Threat Content Update Release Notes 92.0.1.157

CTEP/IPS Threat Content Update Release Notes 92.0.1.157

Refer to the following summary of signatures deployed with the IPS content release:

  • Signatures added: 110
  • Signatures modified: 274
  • Signatures removed: 35
Signatures Added
SIDDescriptionReference
58764 MALWARE-OTHER Vbs.Downloader.Agent payload download attemptwww.virustotal.com/gui/file/48951f6847400dd39cba2f5ba0376e08bb4b7e36a4c3567792289734758b7bf9
58762MALWARE-OTHER Win.Downloader.Agent payload download attemptwww.virustotal.com/gui/file/44f5442b45a48365cdd6c7d1f16ba19dea4fb1865ea4e9178c5758929f59d0f7
58609OS-OTHER Apple macOS kernel memory leak attemptCVE-2020-27950
59008OS-WINDOWS Microsoft Windows win32k local privilege escalationattemptCVE-2022-21996
58547BROWSER-IE Microsoft Internet Explorer memory corruption attemptCVE-2021-26411
58556OS-MOBILE ARM Mali GPU kernel use-after-free attemptCVE-2021-28663
58780MALWARE-CNC Win.Infostealer.RedLine outbound connectionwww.virustotal.com/gui/file/2f394d52b952eeea2fdc7b06629711193524d15f0b8b6d6765f02345c7185f99 /detection
58524FILE-OTHER Apple Safari Type 1 fonts RCE attemptCVE-2020-27930
140835MALWARE-OTHER TA551 Bazarloader Infection Detectedwww.virustotal.com/gui/file/4d1ba7c3d9cf95d861266734c00defbb10d3aae10aae1380029976a340a9e270
140837MALWARE-OTHER QAKBOT Distribution Detectedwww.virustotal.com/gui/file/bd445bae74162f8e6b8d8e855b91d292df13fe28f41d08867edb2a8668d8c734
58631FILE-OTHER VMware Fusion privilege escalation attemptCVE-2020-3950
140838MALWARE-OTHER Bazarloader CS Infection Detectedwww.virustotal.com/gui/file/981cdead74b028ee7fb081f369abfde84e1e2ab1cd54ddd3b602ec937651904d
58434MALWARE-OTHER Php.Webshell.Generic download attemptwww.virustotal.com/gui/file/8cb4cf774c954dca6f0dcbacba4ff768c495b4c97861e0b4722f6b17fbc5294b/detection
58437MALWARE-OTHER Php.Webshell.Generic download attemptwww.virustotal.com/gui/file/8cb4cf774c954dca6f0dcbacba4ff768c495b4c97861e0b4722f6b17fbc5294b/detection
58436MALWARE-OTHER Php.Webshell.Generic upload attemptwww.virustotal.com/gui/file/8cb4cf774c954dca6f0dcbacba4ff768c495b4c97861e0b4722f6b17fbc5294b/detection
58431MALWARE-CNC Win.Trojan.MirrorBlast outbound connectionwww.virustotal.com/gui/file/a403eae5b12b909f4075e855f58d1742308d5e0d3450e79b60162fa9fb7caad7/detection
58430MALWARE-CNC Win.Trojan.MirrorBlast outbound connectionwww.virustotal.com/gui/file/e834acc3615f1b6ed00396d3db1e86770486f48433948a2a323b4f7bd99d9d19/detection
58433MALWARE-CNC Win.Trojan.MirrorBlast outbound connectionwww.virustotal.com/gui/file/a403eae5b12b909f4075e855f58d1742308d5e0d3450e79b60162fa9fb7caad7/detection
58432MALWARE-CNC Win.Trojan.MirrorBlast outbound connectionwww.virustotal.com/gui/file/a403eae5b12b909f4075e855f58d1742308d5e0d3450e79b60162fa9fb7caad7/detection
58439MALWARE-OTHER Php.Webshell.Generic download attemptwww.virustotal.com/gui/file/004a3928509cbaa3a789c1647c9fccd914e1c64afdd47d9c1b33d60c1817680d/detection
58438MALWARE-OTHER Php.Webshell.Generic upload attemptwww.virustotal.com/gui/file/004a3928509cbaa3a789c1647c9fccd914e1c64afdd47d9c1b33d60c1817680d/detection
58603OS-MOBILE Apple iOS voucher release privilege escalation attemptCVE-2021-1782
58600BROWSER-CHROME Google Chrome V8 kConstantType type confusionattemptCVE-2021-30632
58685FILE-OTHER HP Multi-Function Printer memory corruption attemptCVE-2021-39238
58683BROWSER-CHROME Google Chrome ScriptProcessorNode race condition exploit attemptCVE-2021-21166
59006OS-WINDOWS Windows Common log file system driver elevation ofprivilege attemptCVE-2022-22000
58621FILE-OTHER Apple iOS Webkit universal XSS attemptCVE-2021-1879
58865MALWARE-CNC Win.Trojan.Beacon outbound connectionwww.virustotal.com/gui/file/83c92f0d8db0545ebae13b9ddbc38f57a31650a6afd80b5fee2e0eae54e25495/detection
58850MALWARE-OTHER Win.Ransomware.Rollcoast download attemptmandiant.com/resources/sabbath-ransomware-affiliate
58453MALWARE-OTHER Php.Webshell.Generic upload attemptwww.virustotal.com/gui/file/1d4c1bc5afeca8d7755322dd900886f324e564d2969147bd90754438b63dab5f/detection
58451MALWARE-CNC Php.Webshell.Generic outbound connection attemptwww.virustotal.com/gui/file/1d4c1bc5afeca8d7755322dd900886f324e564d2969147bd90754438b63dab5f/detection
58498MALWARE-CNC Win.Trojan.Kimsuky outbound connectionwww.virustotal.com/gui/file/cdfbcae99a3af4dc4d0e54aba1b2e4571d06f01efc4d7e43df4a7ab9557cd402/detection
58493MALWARE-OTHER Tool.Webshell.Generic upload attemptwww.virustotal.com/gui/file/f0c6d7bae0139546de727a428d7ed5be1645177dbab0ef25b639336f271af606/detection
58491MALWARE-OTHER Tool.Webshell.Generic download attemptwww.virustotal.com/gui/file/f0c6d7bae0139546de727a428d7ed5be1645177dbab0ef25b639336f271af606/detection
58497MALWARE-CNC Win.Trojan.Kimsuky outbound connectionwww.virustotal.com/gui/file/cdfbcae99a3af4dc4d0e54aba1b2e4571d06f01efc4d7e43df4a7ab9557cd402/detection
58496MALWARE-CNC Win.Trojan.Kimsuky outbound connectionwww.virustotal.com/gui/file/cdfbcae99a3af4dc4d0e54aba1b2e4571d06f01efc4d7e43df4a7ab9557cd402/detection
58495MALWARE-CNC Win.Ransomware.Magniber variant beaconwww.virustotal.com/gui/file/10b9b1d8f6bafd9bb57ccfb1da4a658f10207d566781fa5fb3c4394d283e860e
58494MALWARE-OTHER Tool.Webshell.Generic download attemptwww.virustotal.com/gui/file/f0c6d7bae0139546de727a428d7ed5be1645177dbab0ef25b639336f271af606/detection
58801INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attemptCVE-2021-4104
58777MALWARE-CNC Win.Trojan.FormBook outbound connection attemptany.run/malware-trends/formbook
58772MALWARE-CNC Rat.Trojan.Netwire variant cnc connectionwww.virustotal.com/gui/file/574b348f67921ce34f660afe2ff75d0538bd5ea203739a77479dba7f026f0476
58773MALWARE-CNC Rat.Trojan.AsyncRAT variant cnc connectionwww.virustotal.com/gui/file/1490f6303a675ded86c22841f87868c6f0867e922671e0426f499e46a72060d2
58770MALWARE-CNC Rat.Trojan.Nanocore variant cnc connectionwww.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545
58778MALWARE-CNC Win.Infostealer.RedLine outbound connectionwww.virustotal.com/gui/file/2f394d52b952eeea2fdc7b06629711193524d15f0b8b6d6765f02345c7185f99 /detection
58779MALWARE-CNC Win.Infostealer.RedLine outbound connectionwww.virustotal.com/gui/file/2f394d52b952eeea2fdc7b06629711193524d15f0b8b6d6765f02345c7185f99/detection
58759MALWARE-OTHER Win.Trojan.Agent variant payload download attemptwww.virustotal.com/gui/file/8abecb0f68492aae05022d5881c9db1c7964646101be27b70c8b1ae3df985590
140836MALWARE-OTHER QAKBOT Distribution Detectedwww.virustotal.com/gui/file/ce1b3d798bfdcd7503d29ff5841039ef7cb3fec51d7dd56cd 3344b39a15fd4be
58492MALWARE-OTHER Tool.Webshell.Generic upload attemptwww.virustotal.com/gui/file/f0c6d7bae0139546de727a428d7ed5be1645177dbab0ef25b639336f271af606/detection
140833MALWARE-OTHER Emotet Epoch-4 Infectionwww.virustotal.com/gui/file/555dff455242a5f82f79eecb66539bfd1daa842481168f1f1df911ac05a1cfba
58642FILE-PDF Adobe Acrobat Reader DC memory corruption attemptCVE-2021-28639
58640FILE-PDF Adobe Acrobat Reader DC memory corruption attemptCVE-2021-28639
58641FILE-PDF Adobe Acrobat Reader DC memory corruption attemptCVE-2021-28639
58711MALWARE-OTHER Asp.Webshell.NewCon2 upload attemptwww.virustotal.com/gui/file/608a7c994916084ff0f91b3dbe31a52763eab03ee2dd35dbc14592cc7bf7a096/detection
58713MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attemptwww.virustotal.com/gui/file/608a7c994916084ff0f91b3dbe31a52763eab03ee2dd35dbc14592cc7bf7a096/detection
58582POLICY-OTHER Dahua Console NetKeyboard potential authenticationbypass attemptCVE-2021-33044
58781MALWARE-CNC Win.Infostealer.RedLine outbound connectionui/file/0051c204c64ac8bc73788990d397d2c12b931529208f33dd3693d6ef9ba1380/detection
58452MALWARE-OTHER Php.Webshell.Generic download attemptwww.virustotal.com/gui/file/1d4c1bc5afeca8d7755322dd900886f324e564d2969147bd90754438b63dab 5f/detection
58527MALWARE-CNC Win.Trojan.STRRAT variant outbound connectionisc.sans.edu/forums/diary/strrat+a+javabased+rat+that+doesnt+care+if+you+have+java/27798/
58526MALWARE-CNC Win.Trojan.STRRAT variant outbound connectionvirustotal.com/en/file/f148e9a2089039a66fa624e1ffff5ddc5ac5190ee9fdef35a0e973725b60fbc9/analysis/
59004OS-WINDOWS Microsoft Windows NPFS file system privilege escalationattemptCVE-2022-22715
59001OS-WINDOWS Microsoft Windows Kernel privilege escalation attemptCVE-2022-21989
140845MALWARE-OTHER Mirrorblast infection Detected-2www.virustotal.com/gui/file/4648edc370e61a52c95d3f525391e0154406fd661d01d091f2d9dba9f8a485f2
140844MALWARE-OTHER Mirrorblast infection Detectedwww.virustotal.com/gui/file/f4891094d6623dadbf84486b85a29b4bd0badf28ee100bc0e44c550715614e62
140841MALWARE-OTHER Obama Infection with CS Detectedwww.virustotal.com/gui/file/73f9a63b139bf560cbbec05febf73cebbf4ca9051e0c8e14d9d45098e138c34a
140840MALWARE-OTHER Stolen Images Bazarloader Infection Detected-2www.virustotal.com/gui/file/a3d502012d1cded2d5a936372a08073db9b85dd2323908f9d55d802c24e8aa20
140842MALWARE-OTHER Obama Infection with CS Detected-2www.virustotal.com/gui/file/c4dfafbe698285e5f95e0e75a5bcda4642e9f6fcf826df51c90957a49cd2a4d1
57938BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attemptCVE-2021-30602
58791MALWARE-OTHER Win.Ransomware.Blackbyte malicious javascript filedownload attemptmcit.gov.ws/2021/08/06/cs-advisory-ca003-blackbyte-ransomware/
58792MALWARE-OTHER Win.Ransomware.Blackbyte malicious executable file download attemptmcit.gov.ws/2021/08/06/cs-advisory-ca003-blackbyte-ransomware/
58796MALWARE-CNC Win.Backdoor.FatalRat variant beaconing attemptwww.virustotal.com/gui/file/e52af19dce25d51f9cf258613988b8edc583f7c7e134d3e1b834d9aab9c7c4c4
58571FILE-OTHER MacOS TTC bypass vulnerability exploit download attemptCVE-2021-30713
58580MALWARE-TOOLS TeamViewer shared AES key decryption tool downloadattemptCVE-2019-18988
58619OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attemptCVE-2021-30807
58615OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attemptCVE-2004-0420
58617OS-WINDOWS Microsoft Windows Content-Disposition CLSID commandattemptCVE-2004-0420
58616OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attemptCVE-2004-0420
58611BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attemptCVE-2019-17026
58613BROWSER-CHROME Google Chrome V8 JavaScript Engine typeconfusion attemptCVE-2021-30551
58429MALWARE-CNC Win.Trojan.MirrorBlast outbound connectionwww.virustotal.com/gui/file/a403eae5b12b909f4075e855f58d1742308d5e0d3450e79b60162fa9fb7caad 7/detection
58586OS-WINDOWS Microsoft Windows Installer elevation of privilege attemptCVE-2020-0683
58651MALWARE-CNC Win.Trojan.MagnatExtension outbound connectionwww.virustotal.com/gui/file/0cae9a4e0e73ff75f3ffa7f2d58ee67df34bc93e976609162cd6381ea9eb6f5b/detection
58650MALWARE-CNC Win.Backdoor.Magnat outbound connectionwww.virustotal.com/gui/file/0cae9a4e0e73ff75f3ffa7f2d58ee67df34bc93e976609162cd6381ea9eb6f5b/de tection
58655OS-WINDOWS Microsoft Windows file signature spoofing attemptCVE-2020-1464
58658MALWARE-CNC Win.Trojan.DarkSide outbound connection attemptwww.virustotal.com/gui/file/ac092962654b46a670b030026d07f5b8161cecd2abd6eece52b7892965aa521b
140843MALWARE-OTHER Ursniff Malware Infection Detectedwww.virustotal.com/gui/file/04c39c93147e33357d02235bfd7b2a095e82f558b78c2a3ce2bfafed896a564c
58712MALWARE-OTHER Asp.Webshell.NewCon2 download attemptwww.virustotal.com/gui/file/608a7c994916084ff0f91b3dbe31a52763eab03ee2dd35dbc14592cc7bf7a096/detection
58852MALWARE-CNC Win.Trojan.BazarLoader outbound connectionwww.virustotal.com/gui/file/c17e71c7ae15fdb02a4e22df4f50fb44215211755effd6e3fc56e7f3e586b299-2090773/detection
58993OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attemptCVE-2022-22718
58999OS-WINDOWS Microsoft Windows Desktop Window Manager typeconfusion attemptCVE-2022-21994
58448MALWARE-CNC Win.Trojan.STRRAT variant outbound request detectedwww.virustotal.com/gui/file/685549196c77e82e6273752a6fe522ee18da8076f0029ad8232c6e0d3685367 5/detection
58833SERVER-WEBAPP Nagios XI remote command execution attemptCVE-2019-15949
58782FILE-PDF Adobe Reader Uninitialized object RCE attemptno reference
58815FILE-EXECUTABLE GIGABYTE GPCIDrv and GDrv driver privilegeescalation attemptCVE-2018-19323
58767MALWARE-CNC Rat.Trojan.Nanocore variant cnc connectionwww.virustotal.com/ui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545
58766MALWARE-CNC Rat.Trojan.Nanocore variant cnc connectionwww.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545
58761MALWARE-OTHER Win.Dropper.Agent HCrypt PowerShell payload download attemptwww.virustotal.com/gui/file/be02ba931ff61e5fb9ea332d41cf347d12fc84b4557ad28d82d2b2551406e4da
58769MALWARE-CNC Rat.Trojan.Nanocore variant cnc connectionwww.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545
58768MALWARE-CNC Rat.Trojan.Nanocore variant cnc connectionwww.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c65754 5
140834MALWARE-OTHER Matanbuchus Qakbot Infection Detectedwww.virustotal.com/gui/file/18bd1ae701ff57a6d1119f18c53350688f41cbac0ea1ad0cb73234f6ab733404
140831MALWARE-OTHER Emotet Epoch-5 Infectionwww.virustotal.com/gui/file/4a1ea7affcba0788556ae5bd402178b65274dc2b8f1b7aea7b7813d9cc4346e5
140832MALWARE-OTHER Bazarloader Infection Detectedwww.virustotal.com/gui/file/30d991153e4d40909ff95b5252ce6f82b7e4ab064214da4ff28f02bd45ffd6fa
140839MALWARE-OTHER Stolen Images Bazarloader Infection Detected-1www.virustotal.com/gui/file/f136e8eebfa0c6caf9b0300ef18ed6a73fefa4e298e10620547692350c6a37c6
39242BROWSER-IE Microsoft Internet Explorer Typed Array use after freeattemptCVE-2016-3210
58702MALWARE-CNC Php.Webshell.PhpJackal outbound connection attemptwww.virustotal.com/gui/file/ed597809fdcb90dabc0a555c39353982bae3c99703b819 8a6e19923d0a75692/detection
58701MALWARE-OTHER Php.Webshell.PhpJackal download attemptwww.virustotal.com/gui/file/ed597809fdcb90dabc0a555c39353982bae3c99703b819 38a6e19923d0a75692/detection
58700MALWARE-OTHER Php.Webshell.PhpJackal upload attemptwww.virustotal.com/gui/file/ed597809fdcb90dabc0a555c39353982bae3c99703b819 38a6e19923d0a75692/detection
58435MALWARE-OTHER Php.Webshell.Generic upload attemptwww.virustotal.com/gui/file/8cb4cf774c954dca6f0dcbacba4ff768c495b4c97861e0b4722f6b17fbc5294b/detection
58585POLICY-OTHER Dahua Console Loopback potential authentication bypass attemptCVE-2021-33045
58814POLICY-OTHER Java User-Agent remote class download attemptCVE-2021-44228
58564MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attemptwww.virustotal.com/gui/file/3c280f4b81ca4773f89dc4882c1c1e50ab1255e1975372109b37cf782974e96f
Share this Doc

CTEP/IPS Threat Content Update Release Notes 92.0.1.157

Or copy link

In this topic ...