CTEP/IPS Threat Content Update Release Notes 95.0.1.199
CTEP/IPS Threat Content Update Release Notes 95.0.1.199
Refer to the following summary of signatures deployed with the IPS content release:
- Signatures added: 110
- Signatures modified: 09
- Signatures removed: 05
Signatures Added
SID | Description | Reference |
---|---|---|
57487 | SERVER-WEBAPP Microsoft Exchange MeetingHandler remotecode execution attempt | CVE-2021-28482 |
59625 | MALWARE-CNC Win.Downloader.PlugX download attempt | www.virustotal.com/gui/file/bee9c438aced1fb1ca7402ef8665ebe42cab6f5167204933eaa07b11d44641bb/detection |
59624 | MALWARE-CNC Win.Downloader.PlugX outbound connection | www.virustotal.com/gui/file/709d693fafb10db63a0f27d3ca99ade4e3583359b873cb3abd80d48b604d9914/detection |
59489 | SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt | CVE-2019-2615 |
59481 | SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt | CVE-2020-13945 |
59487 | FILE-IMAGE LibTIFF tiffcrop integer overflow attempt | CVE-2016-9537 |
59548 | FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt | CVE-2013-4298 |
57252 | SERVER-MAIL Microsoft Exchange Server arbitrary file write attempt | CVE-2021-27065 |
57253 | SERVER-MAIL Microsoft Exchange Server arbitrary file write attempt | CVE-2021-27065 |
59560 | FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt | CVE-2015-5212 |
140810 | MALWARE-CNC Communication with the Kelihos C&C Server over HTTP attempt | – |
57233 | SERVER-OTHER Microsoft Exchange Server Unified Messaging arbitrary code execution attempt | CVE-2021-26857 |
59505 | FILE-OTHER Symantec Norton Antivirus ccScanw.dll Unpack ShortLZ memory corruption attempt | CVE-2016-2207 |
59500 | PUA-OTHER XMRig cryptocurrency miner outbound connection | github.com/xmrig/xmrig |
59501 | MALWARE-CNC Win.Infostealer.ZingoStealer outbound connection | www.virustotal.com/gui/file/265efd080e5100aadcd7874af4c756cee2887bc9eab3ed51e3306daf81021b16/detection |
59353 | MALWARE-OTHER Php.Webshell.SmallShell download attempt | attack.mitre.org/techniques/t1505/003/ |
59352 | MALWARE-OTHER Php.Webshell.SmallShelldownload attempt | attack.mitre.org/techniques/t1505/003/ |
140134 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
140131 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
140130 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
140133 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
140132 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
59623 | MALWARE-CNC Win.Downloader.PlugX outbound connection | www.virustotal.com/gui/file/709d693fafb10db63a0f27d3ca99ade4e3583359b873cb3abd80d48b604d9914/detection |
59622 | MALWARE-CNC Win.Downloader.PlugX outbound connection | www.virustotal.com/gui/file/492fd69150d0cb6765e5201c144e26783b785242f4cf807d3425f8b8df060062/detection |
59268 | MALWARE-OTHER Win.Trojan.CaddyWiper download attempt | www.virustotal.com/gui/file/a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea/detection |
59480 | SERVER-WEBAPP Apache APISIX default admin API backdoorusage attempt | CVE-2020-13945 |
59556 | PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt | CVE-2019-10984 |
59553 | FILE-JAVA IBM Java SDK privilege escalation attempt | CVE-2012-4822 |
59424 | FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt | CVE-2018-18988 |
59348 | MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59582 | FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt | CVE-2019-10947 |
59543 | FILE-OTHER Red Lion Crimson CD3 file port list type confusionattempt | CVE-2019-10996 |
59492 | FILE-OTHER Microsoft Windows GDI memory corruption attempt | CVE-2018-8472 |
59503 | FILE-IMAGE Microsoft Windows asycfilt.dll malformed jpeg buffer overread attempt | CVE-2016-7212 |
59490 | SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt | CVE-2019-2615 |
59467 | FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL commandinjection attempt | CVE-2017-10953 |
59430 | MALWARE-OTHER Unix.Malware.B1txor20 download attempt | blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/ |
59347 | MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59349 | MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59431 | MALWARE-OTHER Unix.Malware.B1txor20 download attempt | blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/ |
140900 | MALWARE-CNC Lokibot c2c outbound connection attempt | virustotal.com/gui/file/c9038e31f798119d9e93e7eafbdd3e0f215e24ee2200fcd2a3ba460d549894ab/detection |
59405 | EXPLOIT-KIT Operation Dream Job profile attempt | virustotal.com/gui/file/03a41d29e3c9763093aca13f1cc8bcc41b201a6839c381aaaccf891204335685 |
59418 | SERVER-OTHER Git HTTP server submodule potential remotecode execution attempt | CVE-2017-1000117 |
59419 | SERVER-OTHER Git HTTP server submodule potential remotecode execution attempt | CVE-2017-1000117 |
59422 | FILE-OTHER LAquis SCADA LGX report file parsingout-of-bounds write attempt | CVE-2018-18986 |
59428 | FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusionattempt | CVE-2018-19027 |
59478 | FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflowattempt | CVE-2018-4904 |
59476 | SERVER-OTHER Advantech WebAccess DCERPC stack bufferoverflow attempt | CVE-2019-3975 |
59477 | SERVER-OTHER Advantech WebAccess DCERPC stack bufferoverflow attempt | CVE-2019-3953 |
59474 | FILE-OTHER FreeBSD bspatch utility remote code executionattempt | CVE-2014-9862 |
140876 | MALWARE-CNC Win.Trojan.OleAut32.Win.Trojan.MaliciousActivity | www.virustotal.com/gui/file/152c4ed36cdcc5dc3c3f073b90041233a3a7b7b2953c0e21f6d90db393bc8257 |
59452 | FILE-OTHER 7-Zip crafted RAR solid compression memorycorruption attempt | CVE-2018-10115 |
59332 | SERVER-WEBAPP Car Rental Management System local fileinclusion attempt | CVE-2020-29227 |
59545 | FILE-OTHER HP LoadRunner Controller Scenario file stack bufferoverflow attempt | CVE-2015-5426 |
59552 | FILE-JAVA IBM Java SDK privilege escalation attempt | CVE-2012-4822 |
59632 | FILE-FLASH Adobe Flash Player parseFloat stack overflowremote code execution attempt | CVE-2014-9163 |
57243 | SERVER-WEBAPP Microsoft Exchange Server server siderequest forgery attempt | CVE-2021-26855 |
57242 | SERVER-WEBAPP Microsoft Exchange Server server siderequest forgery attempt | CVE-2021-26855 |
57241 | SERVER-WEBAPP Microsoft Exchange Server server siderequest forgery attempt | CVE-2021-26855 |
57246 | SERVER-WEBAPP Microsoft Exchange Server arbitrary file writeattempt | CVE-2021-26858 |
57245 | SERVER-WEBAPP Microsoft Exchange Server arbitrary file writeattempt | CVE-2021-26858 |
57244 | SERVER-WEBAPP Microsoft Exchange Server server siderequest forgery attempt | CVE-2021-26855 |
59575 | FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt | CVE-2011-2696 |
59580 | FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditordpb PanelName stack buffer overflow attempt | CVE-2019-10947 |
140809 | MALWARE-CNC Communication with the Kelihos C&C Server over HTTP attempt | – |
140808 | MALWARE-CNC Communication with aa20-301a using HTTP attempt | www.cisa.gov/uscert/ncas/alerts/aa20-301a |
140801 | MALWARE-CNC Zeus C&C Connection attempt | malpedia.caad.fkie.fraunhofer.de/details/win.zeus |
140803 | MALWARE-CNC Ransom.CryptoBit C&C server outbound connection attempt | unit42.paloaltonetworks.com/unit42-cryptobit-another-ransomware-family-gets-an-update/ |
140802 | MALWARE-CNC Zeus C&C Connection attempt | malpedia.caad.fkie.fraunhofer.de/details/win.zeus |
140805 | MALWARE-CNC Communication with aa20-301a using HTTPattempt | www.cisa.gov/uscert/ncas/alerts/aa20-301a |
140806 | MALWARE-CNC Communication with aa20-301a using HTTPattempt | www.cisa.gov/uscert/ncas/alerts/aa20-301a |
59538 | BROWSER-OTHER Electronic Arts Origin Client templateinjection attempt | CVE-2019-11354 |
140128 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
140129 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
140124 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
140120 | SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
140121 | SERVER-WEBAPP Microsoft Exchange Server server siderequest forgery attempt | – |
53063 | POLICY-OTHER Microsoft Windows Exchange Server remoteprivilege escalation attempt | CVE-2020-0692 |
59273 | SERVER-WEBAPP DOTNETNUKE DNNPersonalization CookieDeserialization RCE | CVE-2018-18326 |
59463 | INDICATOR-SHELLCODE Java object deserialization exploitattempt | CVE-2020-3280 |
59509 | FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt | CVE-2019-1788 |
59507 | FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt | CVE-2019-1788 |
140804 | MALWARE-CNC Communication with aa20-301a using HTTPattempt | www.cisa.gov/uscert/ncas/alerts/aa20-301a |
140807 | MALWARE-CNC Communication with aa20-301a using HTTPattempt | www.cisa.gov/uscert/ncas/alerts/aa20-301a |
59491 | SERVER-WEBAPP Oracle WebLogic ServerFileDistributionServlet information disclosure attempt | CVE-2019-2615 |
59472 | FILE-OFFICE Microsoft JET Database remote code executionattempt | CVE-2018-1003 |
59354 | MALWARE-OTHER Php.Webshell.SmallShell upload attempt | attack.mitre.org/techniques/t1505/003/ |
59421 | MALWARE-CNC Win.Infostealer.MarsStealer outboundconnection | www.virustotal.com/gui/file/f67ff70f862cdcb001763c69e88434d335b185a216e2944698f20807df28bdf2/detection |
59420 | MALWARE-CNC Win.Trojan.GraphSteel outbound connection | www.virustotal.com/gui/file/9e9fa8b3b0a59762b429853a36674608df1fa7d7f7140c8fccd7c1946070995a/detection |
59351 | MALWARE-OTHER Php.Webshell.SmallShell upload attempt | attack.mitre.org/techniques/t1505/003/ |
59350 | MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt | attack.mitre.org/techniques/t1505/003/ |
59454 | FILE-OTHER Perl archive tar arbitrary file overwrite attempt | CVE-2018-12015 |
140126 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
140127 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
140125 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
140122 | SERVER-WEBAPP Microsoft Exchange Server server siderequest forgery attempt | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
140123 | SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity | www.cisa.gov/uscert/ncas/alerts/aa21-062a |
59400 | FILE-OFFICE Microsoft Word tblStylePr use after free attempt | CVE-2014-4117 |
59455 | FILE-OTHER Perl archive tar arbitrary file overwrite attempt | CVE-2018-12015 |
59469 | FILE-IMAGE JasPer jp2_decode out of bounds read attempt | CVE-2017-9782 |
59398 | FILE-OFFICE Microsoft Word tblStylePr use after free attempt | CVE-2014-4117 |
59396 | FILE-OFFICE Microsoft Word tblStylePr use after free attempt | CVE-2014-4117 |
59466 | FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt | CVE-2019-18240 |
59667 | SERVER-APACHE SVN URL command injection attempt | CVE-2017-9800 |
59664 | FILE-OFFICE Microsoft Word internal object auto update attempt | CVE-2017-0199 |
59447 | PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt | CVE-2020-16243 |
59446 | MALWARE-CNC Java.Trojan.Verblecon variant outbound connection | www.virustotal.com/gui/file/f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6 |
59445 | MALWARE-CNC Java.Trojan.Verblecon variant outbound connection | www.virustotal.com/gui/file/f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6 |
59607 | MALWARE-CNC Doc.Dropper.Lazarus variant outbound connection | blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/ |
59584 | FILE-OFFICE Microsoft Office XML nested num tag double-free attempt | CVE-2015-1650 |