CTEP/IPS Threat Content Update Release Notes 94.1.1.190

CTEP/IPS Threat Content Update Release Notes 94.1.1.190

Refer to the following summary of signatures deployed with the IPS content release:

  • Signatures added: 130
  • Signatures modified: 0
  • Signatures removed: 02
Signatures Added
SIDDescriptionReference
59728OS-WINDOWS Microsoft Windows ALPC privilege escalation attemptCVE-2022-23279
59731OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attemptCVE-2022-29104
59733OS-WINDOWS Microsoft Windows win32k local privilege escalation attemptCVE-2022-29142
59038MALWARE-OTHER Php.Webshell.AK74 inbound connection attemptvirustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection
59039MALWARE-OTHER Php.Webshell.AK74 inbound connection attemptvirustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection
59036MALWARE-OTHER Php.Webshell.AK74 outbound connection attemptvirustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection
59037MALWARE-OTHER Php.Webshell.AK74 inbound connection attemptvirustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection
59035MALWARE-OTHER Php.Webshell.AK74 inbound connection attemptvirustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection
59262MALWARE-OTHER Php.Webshell.C0ders outbound connection attemptattack.mitre.org/techniques/t1505/003/
59008OS-WINDOWS Microsoft Windows win32k local privilege escalation attemptCVE-2022-21996
59018MALWARE-CNC Php.Webshell.AyyildizTim outbound connection attemptattack.mitre.org/techniques/t1505/003/
59019MALWARE-CNC Php.Webshell.AyyildizTim inbound connection attemptattack.mitre.org/techniques/t1505/003/
59263MALWARE-OTHER Php.Webshell.C0ders inbound connection attemptattack.mitre.org/techniques/t1505/003/
59260MALWARE-OTHER Php.Webshell.Generic outbound connection attemptattack.mitre.org/techniques/t1505/003/
59207MALWARE-OTHER Win.Trojan.Ursnif variant binary download attemptvirustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection
59201MALWARE-OTHER Win.Infostealer.Vidar download attemptvirustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection
59200MALWARE-OTHER Win.Infostealer.Vidar download attemptvirustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection
59203MALWARE-CNC Win.Infostealer.Vidar outbound connection attemptblog.minerva-labs.com/a-long-list-of-arkei-stealers-browser-crypto-wallets
59209MALWARE-CNC Win.Trojan.Ursnif variant outbound connectionvirustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection
59147MALWARE-OTHER Win.Trojan.Redline variant download attemptblogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update
59195MALWARE-OTHER Win.Trojan.WhisperGate download attemptvirustotal.com/gui/file/a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92
59196MALWARE-OTHER Win.Loader.Agent download attemptvirustotal.com/gui/file/a5833236a73c66add109c8b53adda6f998bf92d63955fa06787d66d670d7889e/detection
59190MALWARE-OTHER Win.Trojan.WhisperGate download attemptvirustotal.com/gui/file/9757ab43e767fe86ac238615e761b76745bba3596f47c6dcffd0aa26fd9981a
59198MALWARE-OTHER Win.Downloader.Saintbot download attemptvirustotal.com/gui/file/a5833236a73c66add109c8b53adda6f998bf92d63955fa06787d66d670d7889e/detection
59223MALWARE-CNC Win.Trojan.TransparentTribe outbound connection attemptvirustotal.com/gui/file/011bcca8feebaed8a2aa0297051dfd59595c4c4e1ee001b11d8fc3d97395cc5c
59222MALWARE-OTHER Win.Downloader.TransparentTribe outbound connection attemptvirustotal.com/gui/file/2bb2a640376a52b1dc9c2b7560a027f07829ae9c5398506dc506063a3e334c3a
59227MALWARE-CNC Win.Trojan.MuddyWater download attemptvirustotal.com/en/file/a500e5ab8ce265d1dc8af1c00ea54a75b57ede933f64cea794f87ef1daf287a1/analysis/
59226MALWARE-CNC Win.Trojan.MuddyWater outbound connection attemptvirustotal.com/en/file/026868713d60e6790f41dc7046deb4e6795825faa903113d2f22b644f0d21141/analysis/
59229MALWARE-CNC Win.Trojan.MuddyWater outbound connection attemptvirustotal.com/en/file/fb69c821f14cb0d89d3df9eef2af2d87625f333535eb1552b0fcd1caba38281f/analysis/
59092MALWARE-OTHER Php.Webshell.Generic download attemptattack.mitre.org/techniques/t1505/003/
59093MALWARE-OTHER Php.Webshell.Azrail outbound connection attemptattack.mitre.org/techniques/t1505/003/
59095MALWARE-OTHER Unix.Trojan.CyclopsBlink download attemptncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf
59248FILE-PDF Adobe Acrobat PDF SMask height out of bounds write attemptCVE-2021-39843
59240MALWARE-OTHER Win.Trojan.Generic download attempt
59243MALWARE-CNC Win.Trojan.Raccoon variant RC4 encryptedoutbound request attemptvirustotal.com/gui/file/c2cc34d159ec0122c7b5d106755477fc2f9ac6df23a9b0dc49f1657acf4a6d0e
59266MALWARE-OTHER Php.Webshell.C0ders inbound connection attemptattack.mitre.org/techniques/t1505/003/
59265MALWARE-OTHER Php.Webshell.C0ders upload attemptattack.mitre.org/techniques/t1505/003/
59264MALWARE-OTHER Php.Webshell.C0ders inbound connection attemptattack.mitre.org/techniques/t1505/003/
59261MALWARE-OTHER Php.Webshell.C0ders download attemptattack.mitre.org/techniques/t1505/003/
59099MALWARE-OTHER Win.Malware.HermeticWiper binary download attemptvirustotal.com/gui/file/1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591
59091MALWARE-OTHER Php.Webshell.Azrail inbound connection attemptattack.mitre.org/techniques/t1505/003/
59094MALWARE-OTHER Php.Webshell.Generic upload attemptattack.mitre.org/techniques/t1505/003/
59096MALWARE-OTHER Unix.Trojan.CyclopsBlink download attemptncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf
59006OS-WINDOWS Windows Common log file system driver elevation of privilege attemptCVE-2022-22000
59168MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attemptvirustotal.com/gui/file/a8fd0a5de66fa39056c0ddf2ec74ccd38b2ede147afa602aba00a3f0b55a88e0/detection
59163MALWARE-TOOLS Win.Malware.IsaacWiper variant download attemptvirustotal.com/gui/file/13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033
59165MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attemptvirustotal.com/gui/file/7bf33b494c70bd0a0a865b5fbcee0c58fa9274b8741b03695b45998bcd459328/detection
59115SERVER-APACHE Apache Druid JDBC connection remote code execution attemptCVE-2021-26919
59111MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connectionblog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/
59110MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connectionblog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/
59113MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connectionblog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/
59112MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connectionblog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/
59138MALWARE-OTHER Unix.Trojan.CyclopsBlink download attemptncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf
59133MALWARE-CNC Win.Trojan.AgentTesla outbound connection attemptvirustotal.com/gui/file/a4d54f94d70dcb5a029d89dcd3bcda4bb5e3e0b909fbcad04bb5ed4d09459c7d/detection
59131MALWARE-OTHER Win.Trojan.Generic download attemptvirustotal.com/gui/file/a4d54f94d70dcb5a029d89dcd3bcda4bb5e3e0b909fbcad04bb5ed4d09459c7d/detection
59137MALWARE-OTHER Unix.Trojan.CyclopsBlink download attemptncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf
59136MALWARE-OTHER Unix.Trojan.CyclopsBlink download attemptncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf
59154MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attemptvirustotal.com/gui/file/4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382
59156MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attemptvirustotal.com/gui/file/4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382
59158MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attemptvirustotal.com/gui/file/4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382
15939SERVER-OTHER MSN Messenger IRC bot calling home attempt
59177MALWARE-OTHER Win.Trojan.WhisperGate download attemptvirustotal.com/gui/file/34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907
59175MALWARE-OTHER Win.Trojan.WhisperGate download attemptvirustotal.com/gui/file/dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78
59174MALWARE-OTHER Win.Trojan.WhisperGate download attemptvirustotal.com/gui/file/9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d
59173MALWARE-CNC Xls.Downloader.SunSeed payload download attemptvirustotal.com/gui/file/a1f7e9b76260c1be4fcd054e1d2ef000d0f58702927e4f29795e9cd5ae8a5a42/detection
59171MALWARE-OTHER Xls.Downloader.SunSeed payload download attemptvirustotal.com/gui/file/d7ce7d6de1aa23c9f54a11a84238ec07281745e4ba67ad1b548c71cc18158891/detection
59202MALWARE-CNC Win.Infostealer.Vidar outbound connection attemptblog.minerva-labs.com/a-long-list-of-arkei-stealers-browser-crypto-wallets
59208MALWARE-CNC Win.Trojan.Ursnif variant outbound connectionvirustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection
59043MALWARE-OTHER Php.Webshell.AK74 inbound connectionattemptvirustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection
59042MALWARE-OTHER Php.Webshell.AK74 inbound connection attemptvirustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection
59041MALWARE-OTHER Php.Webshell.AK74 inbound connectionattemptvirustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection
59040MALWARE-OTHER Php.Webshell.AK74 inbound connection attemptvirustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection
59047BROWSER-OTHER Slack command injection attemptCVE-2018-1000006
59046BROWSER-OTHER Slack command injection attemptCVE-2018-1000006
59045MALWARE-OTHER Php.Webshell.AK74 upload attemptvirustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection
59044MALWARE-OTHER Php.Webshell.AK74 download attemptvirustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection
59049MALWARE-OTHER Php.Webshell.Andela inbound connection attemptattack.mitre.org/techniques/t1505/003/
59048MALWARE-OTHER Php.Webshell.Generic outbound connection attemptattack.mitre.org/techniques/t1505/003/
59204MALWARE-OTHER Win.Trojan.Saintbot variant binary download attemptvirustotal.com/gui/file/e8207e8c31a8613112223d126d4f12e7a5f8caf4acaaf40834302ce49f37cc9c/detection
59021MALWARE-OTHER Php.Webshell.Antichat download attemptattack.mitre.org/techniques/t1505/003/
59023MALWARE-CNC Php.Webshell.Antichat outbound connection attemptattack.mitre.org/techniques/t1505/003/
59022MALWARE-OTHER Php.Webshell.Antichat upload attemptattack.mitre.org/techniques/t1505/003/
59025MALWARE-CNC Php.Webshell.Antichat inbound connection attemptattack.mitre.org/techniques/t1505/003/
59024MALWARE-CNC Php.Webshell.Antichat outbound connection attemptattack.mitre.org/techniques/t1505/003/
59114SERVER-APACHE Apache Druid JDBC connection remote code execution attemptCVE-2021-26919
59116PROTOCOL-OTHER Git LFS clone arbitrary code executionattemptCVE-2021-21300
59004OS-WINDOWS Microsoft Windows NPFS file system privilege escalation attemptCVE-2022-22715
59001 OS-WINDOWS Microsoft Windows Kernel privilege escalation attemptCVE-2022-21989
59218MALWARE-OTHER Php.Webshell.C99Madnet outbound connection attemptattack.mitre.org/techniques/t1505/003/
59219MALWARE-OTHER Php.Webshell.C99Madnet inbound connection attemptttack.mitre.org/techniques/t1505/003/
59186MALWARE-OTHER Win.Trojan.WhisperGate download attemptvirustotal.com/gui/file/c825afb0e994371ad88161d58989a1bf8686235acbcbd2cc9f9fd0dd76a7bfa9
59184MALWARE-OTHER Win.Trojan.WhisperGate download attemptvirustotal.com/gui/file/c1f55ec94719afbf2b057c1e84fe2c1e8f76f490ee86d1272fac305126c1fdd9
59182MALWARE-OTHER Win.Trojan.WhisperGate download attemptvirustotal.com/gui/file/d2b21cd01a1f68bca4b5186ee57234bd2595edec585f2b612ff377abbf60d582
59181MALWARE-OTHER Win.Trojan.WhisperGate backwards DLLdownload attemptvirustotal.com/gui/file/923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6
59188MALWARE-OTHER Win.Trojan.WhisperGate download attemptvirustotal.com/gui/file/87fc64935ce635388ca587082859b5d7dd316a9cfa358284ec5bc582d403f827
59239MALWARE-OTHER Win.Trojan.Generic download attempt
59230MALWARE-CNC Win.Trojan.MuddyWater outbound connection attemptvirustotal.com/en/file/fb69c821f14cb0d89d3df9eef2af2d87625f333535eb1552b0fcd1caba38281f/analysis/
59259MALWARE-OTHER Php.Webshell.Bypass inbound connection attemptattack.mitre.org/techniques/t1505/003/
59252MALWARE-CNC Win.Infostealer.PhoenixStealer outbound connectionvirustotal.com/gui/file/33e5d605c1c13a995d4a2d7cb9dca9facda4c97c1c7b41dc349cc756bfc0bd67/detection
59253MALWARE-CNC Win.Infostealer.PhoenixStealer outboundconnectionvirustotal.com/gui/file/33e5d605c1c13a995d4a2d7cb9dca9facda4c97c1c7b41dc349cc756bfc0bd67/detection
59250MALWARE-TOOLS Win.Malware.HermeticWizard variant download attempt
59256OS-LINUX Linux Kernel Dirty Pipe privilege escalation attemptCVE-2022-0847
59254MALWARE-OTHER Win.Infostealer.PhoenixStealer download attemptvirustotal.com/gui/file/8881b797c89c4349ccadca96d22ea9d26b5b5b490131fc2e1ab420da813a950b/detection
59084FILE-PDF Adobe Acrobat PDF buttonGetIcon use-after-free attemptCVE-2021-39836
24265MALWARE-OTHER Malicious UA detected on non-standard portanubis.iseclab.org/?action=result&task_id=1691c3b8835221fa4692960681f39c736&format=html
59105FILE-PDF Adobe Acrobat PDF thermometer use-after-free attemptCVE-2021-28640
59101FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attemptCVE-2021-28635
58992MALWARE-CNC User-Agent known malicious user-agent string – Miraivirustotal.com/en/file/3908cc1d8001f926031fbe55ce104448dbc20c9795b7c3cfbd9abe7b789f899d/analysis/
58993OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attemptCVE-2022-22718
58990MALWARE-CNC Win.Trojan.Saintbot variant outbound connection
58991MALWARE-OTHER Windows Defender disable script detected
58999OS-WINDOWS Microsoft Windows Desktop Window Manager type confusion attemptCVE-2022-21994
59142MALWARE-OTHER Unix.Trojan.CyclopsBlink download attemptncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf
59143MALWARE-OTHER Unix.Trojan.CyclopsBlink download attemptncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf
59145MALWARE-OTHER Win.Trojan.Redline variant download attemptblogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update
59149MALWARE-CNC Win.Trojan.Redline variant outbound request detectedblogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update
59244MALWARE-OTHER Win.Trojan.Raccoon download attemptvirustotal.com/gui/file/c2cc34d159ec0122c7b5d106755477fc2f9ac6df23a9b0dc49f1657acf4a6d0e
59169MALWARE-CNC Win.Malware.SunSeed payload download attemptvirustotal.com/gui/file/31d765deae26fb5cb506635754c700c57f9bd0fc643a622dc0911c42bf93d18f/detection
59160MALWARE-CNC Win.Trojan.Redline variant outbound request detectedblogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update
59162MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attemptvirustotal.com/gui/file/a2d60af7bebac9b299db109f8162ed6335fb5dda08f57f00e9dc809d4f138428
59166MALWARE-CNC Xls.Downloader.SunSeed payload download attemptvirustotal.com/gui/file/a8fd0a5de66fa39056c0ddf2ec74ccd38b2ede147afa602aba00a3f0b55a88e0/detection
59167MALWARE-CNC Xls.Downloader.SunSeed payload download attemptvirustotal.com/gui/file/d7ce7d6de1aa23c9f54a11a84238ec07281745e4ba67ad1b548c71cc18158891/detection
59088SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attemptCVE-2016-4437
59150MALWARE-CNC Win.Trojan.Redline variant outbound request detectedblogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update
59054MALWARE-OTHER Php.Webshell.Alpha inbound connection attemptvirustotal.com/gui/file/6f13fa5a8e42bfdd127f17410bde002872de149b47e9153fb5b36ba007341306/detection
59055MALWARE-OTHER Php.Webshell.Alpha outbound connection attemptvirustotal.com/gui/file/6f13fa5a8e42bfdd127f17410bde002872de149b47e9153fb5b36ba007341306/detection
59056MALWARE-OTHER Php.Webshell.Generic download attemptvirustotal.com/gui/file/6f13fa5a8e42bfdd127f17410bde002872de149b47e9153fb5b36ba007341306/detection
59057MALWARE-OTHER Php.Webshell.Generic upload attemptvirustotal.com/gui/file/6f13fa5a8e42bfdd127f17410bde002872de149b47e9153fb5b36ba007341306/detection
59050MALWARE-OTHER Php.Webshell.Andela download attemptattack.mitre.org/techniques/t1505/003/
59051MALWARE-OTHER Php.Webshell.Andela upload attemptattack.mitre.org/techniques/t1505/003/
Share this Doc

CTEP/IPS Threat Content Update Release Notes 94.1.1.190

Or copy link

In this topic ...