CTEP/IPS Threat Content Update Release Notes 94.1.1.190
CTEP/IPS Threat Content Update Release Notes 94.1.1.190
Refer to the following summary of signatures deployed with the IPS content release:
- Signatures added: 130
- Signatures modified: 0
- Signatures removed: 02
Signatures Added
SID | Description | Reference |
---|---|---|
59728 | OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt | CVE-2022-23279 |
59731 | OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt | CVE-2022-29104 |
59733 | OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt | CVE-2022-29142 |
59038 | MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt | virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection |
59039 | MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt | virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection |
59036 | MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt | virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection |
59037 | MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt | virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection |
59035 | MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt | virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection |
59262 | MALWARE-OTHER Php.Webshell.C0ders outbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59008 | OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt | CVE-2022-21996 |
59018 | MALWARE-CNC Php.Webshell.AyyildizTim outbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59019 | MALWARE-CNC Php.Webshell.AyyildizTim inbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59263 | MALWARE-OTHER Php.Webshell.C0ders inbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59260 | MALWARE-OTHER Php.Webshell.Generic outbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59207 | MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt | virustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection |
59201 | MALWARE-OTHER Win.Infostealer.Vidar download attempt | virustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection |
59200 | MALWARE-OTHER Win.Infostealer.Vidar download attempt | virustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection |
59203 | MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt | blog.minerva-labs.com/a-long-list-of-arkei-stealers-browser-crypto-wallets |
59209 | MALWARE-CNC Win.Trojan.Ursnif variant outbound connection | virustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection |
59147 | MALWARE-OTHER Win.Trojan.Redline variant download attempt | blogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update |
59195 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92 |
59196 | MALWARE-OTHER Win.Loader.Agent download attempt | virustotal.com/gui/file/a5833236a73c66add109c8b53adda6f998bf92d63955fa06787d66d670d7889e/detection |
59190 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/9757ab43e767fe86ac238615e761b76745bba3596f47c6dcffd0aa2 6fd9981a |
59198 | MALWARE-OTHER Win.Downloader.Saintbot download attempt | virustotal.com/gui/file/a5833236a73c66add109c8b53adda6f998bf92d63955fa06787d66d670d7889e/detection |
59223 | MALWARE-CNC Win.Trojan.TransparentTribe outbound connection attempt | virustotal.com/gui/file/011bcca8feebaed8a2aa0297051dfd59595c4c4e1ee001b11d8fc3d97395cc5c |
59222 | MALWARE-OTHER Win.Downloader.TransparentTribe outbound connection attempt | virustotal.com/gui/file/2bb2a640376a52b1dc9c2b7560a027f07829ae9c5398506dc506063a3e334c3a |
59227 | MALWARE-CNC Win.Trojan.MuddyWater download attempt | virustotal.com/en/file/a500e5ab8ce265d1dc8af1c00ea54a75b57ede933f64cea794f87ef1daf287a1/analysis/ |
59226 | MALWARE-CNC Win.Trojan.MuddyWater outbound connection attempt | virustotal.com/en/file/026868713d60e6790f41dc7046deb4e6795825faa903113d2f22b644f0d21141/analysis/ |
59229 | MALWARE-CNC Win.Trojan.MuddyWater outbound connection attempt | virustotal.com/en/file/fb69c821f14cb0d89d3df9eef2af2d87625f333535eb1552b0fcd1caba38281f/analysis/ |
59092 | MALWARE-OTHER Php.Webshell.Generic download attempt | attack.mitre.org/techniques/t1505/003/ |
59093 | MALWARE-OTHER Php.Webshell.Azrail outbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59095 | MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt | ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf |
59248 | FILE-PDF Adobe Acrobat PDF SMask height out of bounds write attempt | CVE-2021-39843 |
59240 | MALWARE-OTHER Win.Trojan.Generic download attempt | |
59243 | MALWARE-CNC Win.Trojan.Raccoon variant RC4 encryptedoutbound request attempt | virustotal.com/gui/file/c2cc34d159ec0122c7b5d106755477fc2f9ac6df23a9b0dc49f1657acf4a6d0e |
59266 | MALWARE-OTHER Php.Webshell.C0ders inbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59265 | MALWARE-OTHER Php.Webshell.C0ders upload attempt | attack.mitre.org/techniques/t1505/003/ |
59264 | MALWARE-OTHER Php.Webshell.C0ders inbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59261 | MALWARE-OTHER Php.Webshell.C0ders download attempt | attack.mitre.org/techniques/t1505/003/ |
59099 | MALWARE-OTHER Win.Malware.HermeticWiper binary download attempt | virustotal.com/gui/file/1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591 |
59091 | MALWARE-OTHER Php.Webshell.Azrail inbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59094 | MALWARE-OTHER Php.Webshell.Generic upload attempt | attack.mitre.org/techniques/t1505/003/ |
59096 | MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt | ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf |
59006 | OS-WINDOWS Windows Common log file system driver elevation of privilege attempt | CVE-2022-22000 |
59168 | MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt | virustotal.com/gui/file/a8fd0a5de66fa39056c0ddf2ec74ccd38b2ede147afa602aba00a3f0b55a88e0/detection |
59163 | MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt | virustotal.com/gui/file/13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033 |
59165 | MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt | virustotal.com/gui/file/7bf33b494c70bd0a0a865b5fbcee0c58fa9274b8741b03695b45998bcd459328/detection |
59115 | SERVER-APACHE Apache Druid JDBC connection remote code execution attempt | CVE-2021-26919 |
59111 | MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection | blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/ |
59110 | MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection | blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/ |
59113 | MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection | blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/ |
59112 | MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection | blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/ |
59138 | MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt | ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf |
59133 | MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt | virustotal.com/gui/file/a4d54f94d70dcb5a029d89dcd3bcda4bb5e3e0b909fbcad04bb5ed4d09459c7d/detection |
59131 | MALWARE-OTHER Win.Trojan.Generic download attempt | virustotal.com/gui/file/a4d54f94d70dcb5a029d89dcd3bcda4bb5e3e0b909fbcad04bb5ed4d09459c7d/detection |
59137 | MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt | ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf |
59136 | MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt | ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf |
59154 | MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt | virustotal.com/gui/file/4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382 |
59156 | MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt | virustotal.com/gui/file/4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382 |
59158 | MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt | virustotal.com/gui/file/4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382 |
15939 | SERVER-OTHER MSN Messenger IRC bot calling home attempt | |
59177 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907 |
59175 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78 |
59174 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d |
59173 | MALWARE-CNC Xls.Downloader.SunSeed payload download attempt | virustotal.com/gui/file/a1f7e9b76260c1be4fcd054e1d2ef000d0f58702927e4f29795e9cd5ae8a5a42/detection |
59171 | MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt | virustotal.com/gui/file/d7ce7d6de1aa23c9f54a11a84238ec07281745e4ba67ad1b548c71cc18158891/detection |
59202 | MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt | blog.minerva-labs.com/a-long-list-of-arkei-stealers-browser-crypto-wallets |
59208 | MALWARE-CNC Win.Trojan.Ursnif variant outbound connection | virustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection |
59043 | MALWARE-OTHER Php.Webshell.AK74 inbound connectionattempt | virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection |
59042 | MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt | virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection |
59041 | MALWARE-OTHER Php.Webshell.AK74 inbound connectionattempt | virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection |
59040 | MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt | virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection |
59047 | BROWSER-OTHER Slack command injection attempt | CVE-2018-1000006 |
59046 | BROWSER-OTHER Slack command injection attempt | CVE-2018-1000006 |
59045 | MALWARE-OTHER Php.Webshell.AK74 upload attempt | virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection |
59044 | MALWARE-OTHER Php.Webshell.AK74 download attempt | virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection |
59049 | MALWARE-OTHER Php.Webshell.Andela inbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59048 | MALWARE-OTHER Php.Webshell.Generic outbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59204 | MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt | virustotal.com/gui/file/e8207e8c31a8613112223d126d4f12e7a5f8caf4acaaf40834302ce49f37cc9c/detection |
59021 | MALWARE-OTHER Php.Webshell.Antichat download attempt | attack.mitre.org/techniques/t1505/003/ |
59023 | MALWARE-CNC Php.Webshell.Antichat outbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59022 | MALWARE-OTHER Php.Webshell.Antichat upload attempt | attack.mitre.org/techniques/t1505/003/ |
59025 | MALWARE-CNC Php.Webshell.Antichat inbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59024 | MALWARE-CNC Php.Webshell.Antichat outbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59114 | SERVER-APACHE Apache Druid JDBC connection remote code execution attempt | CVE-2021-26919 |
59116 | PROTOCOL-OTHER Git LFS clone arbitrary code executionattempt | CVE-2021-21300 |
59004 | OS-WINDOWS Microsoft Windows NPFS file system privilege escalation attempt | CVE-2022-22715 |
59001 | OS-WINDOWS Microsoft Windows Kernel privilege escalation attempt | CVE-2022-21989 |
59218 | MALWARE-OTHER Php.Webshell.C99Madnet outbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59219 | MALWARE-OTHER Php.Webshell.C99Madnet inbound connection attempt | ttack.mitre.org/techniques/t1505/003/ |
59186 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/c825afb0e994371ad88161d58989a1bf8686235acbcbd2cc9f9fd0dd76a7bfa9 |
59184 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/c1f55ec94719afbf2b057c1e84fe2c1e8f76f490ee86d1272fac305126c1fdd9 |
59182 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/d2b21cd01a1f68bca4b5186ee57234bd2595edec585f2b612ff377abbf60d582 |
59181 | MALWARE-OTHER Win.Trojan.WhisperGate backwards DLLdownload attempt | virustotal.com/gui/file/923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6 |
59188 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/87fc64935ce635388ca587082859b5d7dd316a9cfa358284ec5bc582d403f827 |
59239 | MALWARE-OTHER Win.Trojan.Generic download attempt | |
59230 | MALWARE-CNC Win.Trojan.MuddyWater outbound connection attempt | virustotal.com/en/file/fb69c821f14cb0d89d3df9eef2af2d87625f333535eb1552b0fcd1caba38281f/analysis/ |
59259 | MALWARE-OTHER Php.Webshell.Bypass inbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59252 | MALWARE-CNC Win.Infostealer.PhoenixStealer outbound connection | virustotal.com/gui/file/33e5d605c1c13a995d4a2d7cb9dca9facda4c97c1c7b41dc349cc756bfc0bd67/detection |
59253 | MALWARE-CNC Win.Infostealer.PhoenixStealer outboundconnection | virustotal.com/gui/file/33e5d605c1c13a995d4a2d7cb9dca9facda4c97c1c7b41dc349cc756bfc0bd67/detection |
59250 | MALWARE-TOOLS Win.Malware.HermeticWizard variant download attempt | |
59256 | OS-LINUX Linux Kernel Dirty Pipe privilege escalation attempt | CVE-2022-0847 |
59254 | MALWARE-OTHER Win.Infostealer.PhoenixStealer download attempt | virustotal.com/gui/file/8881b797c89c4349ccadca96d22ea9d26b5b5b490131fc2e1ab420da813a950b/detection |
59084 | FILE-PDF Adobe Acrobat PDF buttonGetIcon use-after-free attempt | CVE-2021-39836 |
24265 | MALWARE-OTHER Malicious UA detected on non-standard port | anubis.iseclab.org/?action=result&task_id=1691c3b8835221fa4692960681f39c736&format=html |
59105 | FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt | CVE-2021-28640 |
59101 | FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt | CVE-2021-28635 |
58992 | MALWARE-CNC User-Agent known malicious user-agent string – Mirai | virustotal.com/en/file/3908cc1d8001f926031fbe55ce104448dbc20c9795b7c3cfbd9abe7b789f899d/analysis/ |
58993 | OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attempt | CVE-2022-22718 |
58990 | MALWARE-CNC Win.Trojan.Saintbot variant outbound connection | |
58991 | MALWARE-OTHER Windows Defender disable script detected | |
58999 | OS-WINDOWS Microsoft Windows Desktop Window Manager type confusion attempt | CVE-2022-21994 |
59142 | MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt | ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf |
59143 | MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt | ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf |
59145 | MALWARE-OTHER Win.Trojan.Redline variant download attempt | blogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update |
59149 | MALWARE-CNC Win.Trojan.Redline variant outbound request detected | blogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update |
59244 | MALWARE-OTHER Win.Trojan.Raccoon download attempt | virustotal.com/gui/file/c2cc34d159ec0122c7b5d106755477fc2f9ac6df23a9b0dc49f1657acf4a6d0e |
59169 | MALWARE-CNC Win.Malware.SunSeed payload download attempt | virustotal.com/gui/file/31d765deae26fb5cb506635754c700c57f9bd0fc643a622dc0911c42bf93d18f/detection |
59160 | MALWARE-CNC Win.Trojan.Redline variant outbound request detected | blogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update |
59162 | MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt | virustotal.com/gui/file/a2d60af7bebac9b299db109f8162ed6335fb5dda08f57f00e9dc809d4f138428 |
59166 | MALWARE-CNC Xls.Downloader.SunSeed payload download attempt | virustotal.com/gui/file/a8fd0a5de66fa39056c0ddf2ec74ccd38b2ede147afa602aba00a3f0b55a88e0/detection |
59167 | MALWARE-CNC Xls.Downloader.SunSeed payload download attempt | virustotal.com/gui/file/d7ce7d6de1aa23c9f54a11a84238ec07281745e4ba67ad1b548c71cc18158891/detection |
59088 | SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt | CVE-2016-4437 |
59150 | MALWARE-CNC Win.Trojan.Redline variant outbound request detected | blogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update |
59054 | MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt | virustotal.com/gui/file/6f13fa5a8e42bfdd127f17410bde002872de149b47e9153fb5b36ba007341306/detection |
59055 | MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt | virustotal.com/gui/file/6f13fa5a8e42bfdd127f17410bde002872de149b47e9153fb5b36ba007341306/detection |
59056 | MALWARE-OTHER Php.Webshell.Generic download attempt | virustotal.com/gui/file/6f13fa5a8e42bfdd127f17410bde002872de149b47e9153fb5b36ba007341306/detection |
59057 | MALWARE-OTHER Php.Webshell.Generic upload attempt | virustotal.com/gui/file/6f13fa5a8e42bfdd127f17410bde002872de149b47e9153fb5b36ba007341306/detection |
59050 | MALWARE-OTHER Php.Webshell.Andela download attempt | attack.mitre.org/techniques/t1505/003/ |
59051 | MALWARE-OTHER Php.Webshell.Andela upload attempt | attack.mitre.org/techniques/t1505/003/ |