CTEP/IPS Threat Content Update Release Notes 93.0.1.165
CTEP/IPS Threat Content Update Release Notes 93.0.1.165
Refer to the following summary of signatures deployed with the IPS content release:
- Signatures added: 36
- Signatures modified: 0
- Signatures removed: 29
Signatures Added
| SID | DESCRIPTION | REFERENCE |
|---|---|---|
| 59107 | OS-WINDOWS Microsoft Windows RDP path redirection remotecode execution attempt | CVE-2022-21990 |
| 59213 | OS-WINDOWS Microsoft Windows Cloud Files Mini Filter driver elevation of privilege attempt | CVE-2022-23286 |
| 59210 | OS-WINDOWS Microsoft Windows PDEV escalation of privilegeattempt | CVE-2022-23299 |
| 59216 | BROWSER-IE Microsoft Internet Explorer security zone bypass attempt | CVE-2022-24502 |
| 59221 | OS-WINDOWS Microsoft Windows Winsock local privilegeescalation attempt | CVE-2022-24507 |
| 58933 | MALWARE-OTHER Xls.Dropper.MuddyWater variant download attempt | virustotal/fcdd38ff378605c66333429d9df2242fbce25a5f6 9f4d6d4c11d9613bcb409b0/ |
| 58938 | MALWARE-CNC Ps1.Malware.MuddyWater outbound cncconnection | – |
| 58946 | FILE-OTHER PEAR Archive Tar code deserialization attempt | CVE-2020-28949 |
| 58949 | MALWARE-CNC Win.Trojan.Qakbot variant outbound connection | securelist.com/qakbot-techni cal-analysis/103931/ |
| 58903 | MALWARE-CNC Win.Trojan.Qakbot variant beaconing attempt | virustotal/3ec118323b5c34ed63d56b7969a1cb2c605922 459210c174eb58a6cc19a863ea |
| 58904 | MALWARE-CNC Win.Trojan.Qakbot variant beaconing attempt | virustotal/3ec118323b5c34e d63d56b7969a1cb2c605922459210c174eb58a6cc19a86 3ea |
| 58925 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShelldownload attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c55a7bcd643db9a1c167728d6 cc6/ |
| 58923 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShellinbound connection attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c55a7bcd643db9a1c167728d6 cc6/ |
| 58941 | FILE-OTHER PEAR Archive TAR symbolic link file overwriteattempt | CVE-2020-36193 |
| 58957 | MALWARE-CNC Win.RAT.AridViper outbound connection | virustotal/1d4e54529feef538 50f97f39029a906d53f3d4b2aea8373e27c413324a55681 c/ |
| 58955 | OS-LINUX Polkit pkexec privilege escalation attempt | CVE-2021-4034 |
| 58958 | MALWARE-CNC Win.RAT.AridViper outbound connection | virustotal/1d4e54529feef53850f97f39029a906d53f3d4b2 aea8373e27c413324a55681c/ |
| 58918 | MALWARE-OTHER Php.Webshell.529 inbound connection attempt | virustotal/f1743a695b78e794a822f71601fbab666d72043 e06d36988289cd3d95d1c0c2d/ |
| 58919 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell outbound connection attempt | virustotal/b2197156b06c96890c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6cc6/ |
| 58912 | MALWARE-OTHER Php.Webshell.AcceptLanguage upload attempt | attack.mitre.org/techniques/t1505/003/ |
| 58913 | MALWARE-OTHER Php.Webshell.AcceptLanguage download attempt | attack.mitre.org/techniques/t1505/003/ |
| 58916 | MALWARE-OTHER Php.Webshell.529 inbound connection attempt | virustotal/f1743a695b78e794a822f71601fbab666d72043 e06d36988289cd3d95d1c0c2d/ |
| 58917 | MALWARE-OTHER Php.Webshell.529 upload attempt | virustotal/f0c6d7bae013954 6de727a428d7ed5be1645177dbab0ef25b639336f271af6 06/ |
| 58914 | MALWARE-OTHER Php.Webshell.529 outbound connectionattempt | virustotal/f1743a695b78e79 4a822f71601fbab666d72043e06d36988289cd3d95d1c0c 2d/ |
| 58915 | MALWARE-OTHER Php.Webshell.529 download attempt | virustotal/f0c6d7bae0139546de727a428d7ed5be164517 7dbab0ef25b639336f271af606/ |
| 58930 | MALWARE-OTHER Ps1.Downloader.MuddyWater payload download attempt | virustotal/c9931382f844b61a002f83db1ae475953bbab4 49529be737df1eee8b3065f6eb/ |
| 58931 | MALWARE-OTHER Ps1.Downloader.MuddyWater payload download attempt | virustotal/c9931382f844b61a002f83db1ae475953bbab4 49529be737df1eee8b3065f6eb/ |
| 58936 | MALWARE-OTHER Xls.Dropper.MuddyWater variant download attempt | virustotal/26ed7e89b3c5058836252e0a8ed9ec6b58f5f82 a2e543bc6a97b3fd17ae3e4ec/ |
| 58937 | MALWARE-CNC Ps1.Malware.MuddyWater outbound cnc connection | virustotal/b1e30cce6df16d83b82b751edca57aa17795d8d 0cdd960ecee7d90832b0ee76c/ |
| 58943 | MALWARE-CNC Win.Malware.Emotet cnc outbound connection attempt | isc.sans.edu/forums/diary/emotet+returns/28044/ |
| 140834 | MALWARE-OTHER Matanbuchus Qakbot Infection Detected | virustotal/18bd1ae701ff57a6 d1119f18c53350688f41cbac0ea1ad0cb73234f6ab73340 4 |
| 58924 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShellupload attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c55a7bcd643db9a1c167728d6 cc6/ |
| 58922 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShellinbound connection attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c55a7bcd643db9a1c167728d6 cc6/ |
| 58921 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShellinbound connection attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c55a7bcd643db9a1c167728d6 cc6/ |
| 58920 | MALWARE-OTHER Php.Webshell.AjaxPHPCommandShelloutbound connection attempt | virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c55a7bcd643db9a1c167728d6 cc6/ |
| 58929 | MALWARE-OTHER Pdf.Downloader.MuddyWater variantdownload attempt | virustotal/d7de68febbbdb72f f820f6554afb464b5c204c434faa6ffe9b4daf6b691d535f/ |
