CTEP/IPS Threat Content Update Release Notes 95.0.1.199

CTEP/IPS Threat Content Update Release Notes 95.0.1.199

Refer to the following summary of signatures deployed with the IPS content release:

  • Signatures added: 110
  • Signatures modified: 09
  • Signatures removed: 05
Signatures Added
SIDDescriptionReference
57487 SERVER-WEBAPP Microsoft Exchange MeetingHandler remotecode execution attemptCVE-2021-28482
59625 MALWARE-CNC Win.Downloader.PlugX download attempt www.virustotal.com/gui/file/bee9c438aced1fb1ca7402ef8665ebe42cab6f5167204933eaa07b11d44641bb/detection
59624 MALWARE-CNC Win.Downloader.PlugX outbound connectionwww.virustotal.com/gui/file/709d693fafb10db63a0f27d3ca99ade4e3583359b873cb3abd80d48b604d9914/detection
59489SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attemptCVE-2019-2615
59481SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt CVE-2020-13945
59487 FILE-IMAGE LibTIFF tiffcrop integer overflow attemptCVE-2016-9537
59548 FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attemptCVE-2013-4298
57252 SERVER-MAIL Microsoft Exchange Server arbitrary file write attemptCVE-2021-27065
57253 SERVER-MAIL Microsoft Exchange Server arbitrary file write attemptCVE-2021-27065
59560 FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attemptCVE-2015-5212
140810 MALWARE-CNC Communication with the Kelihos C&C Server over HTTP attempt
57233 SERVER-OTHER Microsoft Exchange Server Unified Messaging arbitrary code execution attemptCVE-2021-26857
59505 FILE-OTHER Symantec Norton Antivirus ccScanw.dll Unpack ShortLZ memory corruption attemptCVE-2016-2207
59500 PUA-OTHER XMRig cryptocurrency miner outbound connectiongithub.com/xmrig/xmrig
59501 MALWARE-CNC Win.Infostealer.ZingoStealer outbound connectionwww.virustotal.com/gui/file/265efd080e5100aadcd7874af4c756cee2887bc9eab3ed51e3306daf81021b16/detection
59353 MALWARE-OTHER Php.Webshell.SmallShell download attemptattack.mitre.org/techniques/t1505/003/
59352 MALWARE-OTHER Php.Webshell.SmallShelldownload attemptattack.mitre.org/techniques/t1505/003/
140134 SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activitywww.cisa.gov/uscert/ncas/alerts/aa21-062a
140131 SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activitywww.cisa.gov/uscert/ncas/alerts/aa21-062a
140130 SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activitywww.cisa.gov/uscert/ncas/alerts/aa21-062a
140133 SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activitywww.cisa.gov/uscert/ncas/alerts/aa21-062a
140132 SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activitywww.cisa.gov/uscert/ncas/alerts/aa21-062a
59623 MALWARE-CNC Win.Downloader.PlugX outbound connectionwww.virustotal.com/gui/file/709d693fafb10db63a0f27d3ca99ade4e3583359b873cb3abd80d48b604d9914/detection
59622 MALWARE-CNC Win.Downloader.PlugX outbound connectionwww.virustotal.com/gui/file/492fd69150d0cb6765e5201c144e26783b785242f4cf807d3425f8b8df060062/detection
59268 MALWARE-OTHER Win.Trojan.CaddyWiper download attemptwww.virustotal.com/gui/file/a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea/detection
59480 SERVER-WEBAPP Apache APISIX default admin API backdoorusage attemptCVE-2020-13945
59556 PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attemptCVE-2019-10984
59553 FILE-JAVA IBM Java SDK privilege escalation attemptCVE-2012-4822
59424 FILE-OTHER LAquis SCADA LGX report arbitrary file write attemptCVE-2018-18988
59348 MALWARE-OTHER Php.Webshell.CWShell outbound connection attemptattack.mitre.org/techniques/t1505/003/
59582 FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attemptCVE-2019-10947
59543 FILE-OTHER Red Lion Crimson CD3 file port list type confusionattemptCVE-2019-10996
59492 FILE-OTHER Microsoft Windows GDI memory corruption attemptCVE-2018-8472
59503 FILE-IMAGE Microsoft Windows asycfilt.dll malformed jpeg buffer overread attemptCVE-2016-7212
59490 SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attemptCVE-2019-2615
59467 FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL commandinjection attemptCVE-2017-10953
59430 MALWARE-OTHER Unix.Malware.B1txor20 download attemptblog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
59347 MALWARE-OTHER Php.Webshell.CWShell inbound connection attemptattack.mitre.org/techniques/t1505/003/
59349 MALWARE-OTHER Php.Webshell.CWShell inbound connection attemptattack.mitre.org/techniques/t1505/003/
59431 MALWARE-OTHER Unix.Malware.B1txor20 download attemptblog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
140900 MALWARE-CNC Lokibot c2c outbound connection attemptvirustotal.com/gui/file/c9038e31f798119d9e93e7eafbdd3e0f215e24ee2200fcd2a3ba460d549894ab/detection
59405 EXPLOIT-KIT Operation Dream Job profile attemptvirustotal.com/gui/file/03a41d29e3c9763093aca13f1cc8bcc41b201a6839c381aaaccf891204335685
59418 SERVER-OTHER Git HTTP server submodule potential remotecode execution attemptCVE-2017-1000117
59419 SERVER-OTHER Git HTTP server submodule potential remotecode execution attemptCVE-2017-1000117
59422 FILE-OTHER LAquis SCADA LGX report file parsingout-of-bounds write attemptCVE-2018-18986
59428 FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusionattemptCVE-2018-19027
59478 FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflowattemptCVE-2018-4904
59476 SERVER-OTHER Advantech WebAccess DCERPC stack bufferoverflow attemptCVE-2019-3975
59477 SERVER-OTHER Advantech WebAccess DCERPC stack bufferoverflow attemptCVE-2019-3953
59474 FILE-OTHER FreeBSD bspatch utility remote code executionattemptCVE-2014-9862
140876 MALWARE-CNC Win.Trojan.OleAut32.Win.Trojan.MaliciousActivitywww.virustotal.com/gui/file/152c4ed36cdcc5dc3c3f073b90041233a3a7b7b2953c0e21f6d90db393bc8257
59452 FILE-OTHER 7-Zip crafted RAR solid compression memorycorruption attemptCVE-2018-10115
59332 SERVER-WEBAPP Car Rental Management System local fileinclusion attemptCVE-2020-29227
59545 FILE-OTHER HP LoadRunner Controller Scenario file stack bufferoverflow attemptCVE-2015-5426
59552 FILE-JAVA IBM Java SDK privilege escalation attemptCVE-2012-4822
59632 FILE-FLASH Adobe Flash Player parseFloat stack overflowremote code execution attemptCVE-2014-9163
57243 SERVER-WEBAPP Microsoft Exchange Server server siderequest forgery attemptCVE-2021-26855
57242 SERVER-WEBAPP Microsoft Exchange Server server siderequest forgery attemptCVE-2021-26855
57241 SERVER-WEBAPP Microsoft Exchange Server server siderequest forgery attemptCVE-2021-26855
57246 SERVER-WEBAPP Microsoft Exchange Server arbitrary file writeattemptCVE-2021-26858
57245 SERVER-WEBAPP Microsoft Exchange Server arbitrary file writeattemptCVE-2021-26858
57244 SERVER-WEBAPP Microsoft Exchange Server server siderequest forgery attemptCVE-2021-26855
59575 FILE-MULTIMEDIA libsndfile PAF file integer overflow attemptCVE-2011-2696
59580 FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditordpb PanelName stack buffer overflow attemptCVE-2019-10947
140809 MALWARE-CNC Communication with the Kelihos C&C Server over HTTP attempt
140808 MALWARE-CNC Communication with aa20-301a using HTTP attemptwww.cisa.gov/uscert/ncas/alerts/aa20-301a
140801 MALWARE-CNC Zeus C&C Connection attemptmalpedia.caad.fkie.fraunhofer.de/details/win.zeus
140803 MALWARE-CNC Ransom.CryptoBit C&C server outbound connection attemptunit42.paloaltonetworks.com/unit42-cryptobit-another-ransomware-family-gets-an-update/
140802 MALWARE-CNC Zeus C&C Connection attemptmalpedia.caad.fkie.fraunhofer.de/details/win.zeus
140805 MALWARE-CNC Communication with aa20-301a using HTTPattemptwww.cisa.gov/uscert/ncas/alerts/aa20-301a
140806 MALWARE-CNC Communication with aa20-301a using HTTPattemptwww.cisa.gov/uscert/ncas/alerts/aa20-301a
59538 BROWSER-OTHER Electronic Arts Origin Client templateinjection attemptCVE-2019-11354
140128 SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activitywww.cisa.gov/uscert/ncas/alerts/aa21-062a
140129 SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activitywww.cisa.gov/uscert/ncas/alerts/aa21-062a
140124 SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activitywww.cisa.gov/uscert/ncas/alerts/aa21-062a
140120 SERVER-WEBAPP Microsoft Exchange Server server side request forgery attemptwww.cisa.gov/uscert/ncas/alerts/aa21-062a
140121 SERVER-WEBAPP Microsoft Exchange Server server siderequest forgery attempt
53063 POLICY-OTHER Microsoft Windows Exchange Server remoteprivilege escalation attemptCVE-2020-0692
59273 SERVER-WEBAPP DOTNETNUKE DNNPersonalization CookieDeserialization RCECVE-2018-18326
59463 INDICATOR-SHELLCODE Java object deserialization exploitattemptCVE-2020-3280
59509 FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attemptCVE-2019-1788
59507 FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attemptCVE-2019-1788
140804 MALWARE-CNC Communication with aa20-301a using HTTPattemptwww.cisa.gov/uscert/ncas/alerts/aa20-301a
140807 MALWARE-CNC Communication with aa20-301a using HTTPattemptwww.cisa.gov/uscert/ncas/alerts/aa20-301a
59491 SERVER-WEBAPP Oracle WebLogic ServerFileDistributionServlet information disclosure attemptCVE-2019-2615
59472 FILE-OFFICE Microsoft JET Database remote code executionattemptCVE-2018-1003
59354 MALWARE-OTHER Php.Webshell.SmallShell upload attemptattack.mitre.org/techniques/t1505/003/
59421 MALWARE-CNC Win.Infostealer.MarsStealer outboundconnectionwww.virustotal.com/gui/file/f67ff70f862cdcb001763c69e88434d335b185a216e2944698f20807df28bdf2/detection
59420 MALWARE-CNC Win.Trojan.GraphSteel outbound connectionwww.virustotal.com/gui/file/9e9fa8b3b0a59762b429853a36674608df1fa7d7f7140c8fccd7c1946070995a/detection
59351 MALWARE-OTHER Php.Webshell.SmallShell upload attemptattack.mitre.org/techniques/t1505/003/
59350 MALWARE-OTHER Php.Webshell.CWShell inbound connection attemptattack.mitre.org/techniques/t1505/003/
59454 FILE-OTHER Perl archive tar arbitrary file overwrite attemptCVE-2018-12015
140126 SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activitywww.cisa.gov/uscert/ncas/alerts/aa21-062a
140127 SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activitywww.cisa.gov/uscert/ncas/alerts/aa21-062a
140125 SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activitywww.cisa.gov/uscert/ncas/alerts/aa21-062a
140122 SERVER-WEBAPP Microsoft Exchange Server server siderequest forgery attemptwww.cisa.gov/uscert/ncas/alerts/aa21-062a
140123 SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activitywww.cisa.gov/uscert/ncas/alerts/aa21-062a
59400 FILE-OFFICE Microsoft Word tblStylePr use after free attemptCVE-2014-4117
59455 FILE-OTHER Perl archive tar arbitrary file overwrite attemptCVE-2018-12015
59469 FILE-IMAGE JasPer jp2_decode out of bounds read attemptCVE-2017-9782
59398 FILE-OFFICE Microsoft Word tblStylePr use after free attemptCVE-2014-4117
59396 FILE-OFFICE Microsoft Word tblStylePr use after free attemptCVE-2014-4117
59466 FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attemptCVE-2019-18240
59667 SERVER-APACHE SVN URL command injection attemptCVE-2017-9800
59664 FILE-OFFICE Microsoft Word internal object auto update attemptCVE-2017-0199
59447 PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attemptCVE-2020-16243
59446 MALWARE-CNC Java.Trojan.Verblecon variant outbound connectionwww.virustotal.com/gui/file/f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6
59445 MALWARE-CNC Java.Trojan.Verblecon variant outbound connectionwww.virustotal.com/gui/file/f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6
59607 MALWARE-CNC Doc.Dropper.Lazarus variant outbound connectionblog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/
59584 FILE-OFFICE Microsoft Office XML nested num tag double-free attemptCVE-2015-1650
Share this Doc

CTEP/IPS Threat Content Update Release Notes 95.0.1.199

Or copy link

In this topic ...