CTEP/IPS Threat Content Update Release Notes 96.0.1.208
Refer to the following summary of signatures deployed with the IPS content release:
Total signatures : 21133
Signatures added : 146
Signatures modified : 01
Signatures removed : 02
Signatures Added
SID | Description | Reference |
|---|---|---|
59766 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59762 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59858 | FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt | CVE-2019-6556 |
140878 | MALWARE-CNC Metastealer communication channel identified | research.nccgroup.com/2022/05/20/metastealer-filling-the-racoon-void/ |
59786 | FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt | CVE-2014-1246 |
150123 | MALWARE-CNC Poshrat.Systeminfo information leakage C2 channel detected | - |
150122 | MALWARE-CNC Pony.check-in C2 communication traffic detected | - |
150121 | MALWARE-CNC Nutwaffle C2 communication traffic detected | - |
150120 | MALWARE-CNC Punchbuggy.check-in C2 communication traffic detected | - |
150127 | MALWARE-CNC Silenttrininty.C2 traffic detected | - |
150126 | MALWARE-CNC Scanbox.Check-in traffic detected | - |
150125 | MALWARE-CNC PutterPanda.HTTPBeacon C2 traffic detected | - |
150124 | MALWARE-CNC Powruner.PS1.check-in C2 traffic detected | - |
150129 | MALWARE-CNC Uppercut.check-in C2 traffic detected | - |
150128 | MALWARE-CNC Smokeloader.C2 traffic detected | - |
59764 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59768 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
150321 | MALWARE-CNC Command and Control - DOUBLEDROP variant 1 | - |
150320 | MALWARE-CNC Command and Control - DOUBLEBACK variant 6 | - |
150323 | MALWARE-CNC Command and Control - DOUBLEDROP variant 3 | - |
150322 | MALWARE-CNC Command and Control - DOUBLEDROP variant 2 | - |
59744 | SERVER-WEBAPP TuziCMS SQL injection attempt | CVE-2022-23882 |
59748 | SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt | CVE-2022-28818 |
59749 | SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt | CVE-2022-28818 |
150300 | MALWARE-CNC Command and Control - AZORULT C2 communication variant 1 | - |
150307 | MALWARE-CNC Command and Control AZORUL C2 communication variant 8 | - |
140135 | MALWARE OTHER JAVA JRE1.7 Applet Remote Code Execution | - |
140137 | MALWARE OTHER Java7 JRE/JDK Applet Remote Code Execution | CVE-2012-4681 |
140136 | MALWARE OTHER Firefox Proto crmf request | CVE-2012-3993 |
59722 | SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt | |
59723 | SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt | |
59720 | SERVER-WEBAPP Xinuos Openserver command injection attempt | CVE-2020-25494 |
59721 | SERVER-WEBAPP Xinuos Openserver command injection attempt | CVE-2020-25494 |
59701 | POLICY-OTHER Golang get remote command execution attempt | CVE-2018-16873 |
59704 | POLICY-OTHER Golang get remote command execution attempt | CVE-2018-16873 |
59848 | FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt | CVE-2020-7002 |
59830 | FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt | CVE-2014-0301 |
59700 | POLICY-OTHER Golang get remote command execution attempt | CVE-2018-16873 |
59698 | FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt | CVE-2011-3170 |
59795 | POLICY-OTHER IBM Data Risk Management administrative login attempt | CVE-2020-4427 |
140901 | MALWARE-CNC PowerShell Empire variant outbound connection | |
140902 | MALWARE-CNC Backdoor PUNCHBUGGY outbound connection detected | - |
140903 | MALWARE-CNC Suspected trojan outbound connection detected | - |
140904 | MALWARE-CNC Suspected malware outbound connection detected | - |
140905 | MALWARE-CNC greenflash sundown outbound connection detected | - |
59717 | FILE-IMAGE Directshow GIF logical width overflow attempt | CVE-2013-3174 |
59713 | FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt | CVE-2013-2460 |
150211 | MALWARE-CNC Command and Control - CRIDEX configuration download detected | - |
150210 | MALWARE-CNC Command and Control - CORESHELL HTTP Post detected | - |
150213 | MALWARE-CNC Command and Control - EGGHATCH C2 communication variant 4 | - |
150212 | MALWARE-CNC Command and Control - EGGHATCH C2 communication variant 3 detected | - |
150215 | MALWARE-CNC Command and Control - FORMBOOK C2 beacon variant 4 detected | - |
150214 | MALWARE-CNC Command and Control - EGREGOR GET DLL payload detected | - |
150217 | MALWARE-CNC Command and Control - CROSSWALK check-in detected | - |
150216 | MALWARE-CNC Command and Control - FORMBOOK C2 beacon variant 5 detected | - |
150219 | MALWARE-CNC Command and Control - GOOSECHASE Request FINETIDE payload detected | - |
150218 | MALWARE-CNC Command and Control - GOLDDRAGON C2 communication detected | - |
150136 | MALWARE-CNC BATELEUR.Generic C2 traffic detected | - |
150405 | MALWARE-CNC TEMP.Armageddon Russia-Ukraine Conflict Lure variant detected | - |
150406 | MALWARE-CNC TEMP.Armageddon Bomb Threat Lure variant detected | - |
150407 | MALWARE-CNC TEMP.Armageddon Bomb Threat Lure variant detected | - |
150408 | MALWARE-CNC TEMP.Armageddon Bomb Threat Lure variant detected | - |
150409 | MALWARE-CNC Troibomb.Check-in malware traffic detected | - |
150239 | MALWARE-CNC Command and Control - PENDOWN beacon variant 2 detected | - |
150238 | MALWARE-CNC Command and Control - PENDOWN beacon variant 1 detected | - |
150232 | MALWARE-CNC Command and Control - LOGCABIN Next Stage GET request detected | - |
150231 | MALWARE-CNC Command and Control - LOUDTRAWL C2 communication variant 1 detected | - |
150230 | MALWARE-CNC Command and Control - MAZE C2 beacon variant 1 detected | - |
150236 | MALWARE-CNC Command and Control - PENCILDOWN C2 check-in detected | - |
150235 | MALWARE-CNC Command and Control - NOKKI FinalstSpy ommunication over HTTP detected | - |
150234 | MALWARE-CNC Command and Control - NEWPOSTHINGS check-in detected | - |
59780 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59784 | FILE-PDF Adobe Acrobat DC memory corruption attempt | CVE-2019-7125 |
59789 | FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt | CVE-2018-10616 |
59794 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a |
59790 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a |
59851 | FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt | CVE-2020-10639 |
150134 | MALWARE-CNC Brickhouse.Get.Generic traffic detected | - |
150135 | MALWARE-CNC Beatdrop.Generic C2 traffic detected | - |
150137 | MALWARE-CNC Poshrat.Generic C2 traffic detected | - |
150130 | MALWARE-CNC Sixplus.check-in C2 traffic detected | - |
150131 | MALWARE-CNC Houseblend.Generic C2 traffic detected | - |
150132 | MALWARE-CNC Lifeboat.Generic C2 traffic detected | - |
150133 | MALWARE-CNC Meterpreter.Generic download detected | - |
150138 | MALWARE-CNC Powerhouse.Generic C2 traffic detected | - |
150139 | MALWARE-CNC Pyxie.Generic C2 traffic detected | - |
59778 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59770 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59772 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59754 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59756 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
150318 | MALWARE-CNC Command and Control - DOUBLEBACK variant 4 | - |
150319 | MALWARE-CNC Command and Control - DOUBLEBACK variant 5 | - |
150314 | MALWARE-CNC Command and Control - BEARHUT C2 beacon | - |
150315 | MALWARE-CNC Command and Control - DOUBLEBACK variant 1 | - |
150316 | MALWARE-CNC Command and Control - DOUBLEBACK variant 2 | - |
150317 | MALWARE-CNC Command and Control - DOUBLEBACK variant 3 | - |
150310 | MALWARE-CNC Command and Control BARTALEX instruction retrieval | - |
150311 | MALWARE-CNC Command and Control WINEKEY payload request | - |
150312 | MALWARE-CNC Command and Control beacon check-in | - |
150313 | MALWARE-CNC Command and Control - BAZARLOADER C2 traffic variant 3 | - |
59731 | OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt | CVE-2022-29104 |
59733 | OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt | CVE-2022-29142 |
59736 | MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection | |
59719 | SERVER-WEBAPP Xinuos Openserver command injection attempt | CVE-2020-25494 |
59718 | SERVER-WEBAPP Xinuos Openserver command injection attempt | CVE-2020-25494 |
59714 | FILE-IMAGE Directshow GIF logical height overflow attempt | CVE-2013-3174 |
59860 | FILE-MULTIMEDIA AVI file chunk length integer overflow attempt | CVE-2011-3834 |
59862 | FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt | CVE-2018-4899 |
59760 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59774 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59776 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59840 | FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt | CVE-2018-5056 |
59821 | OS-WINDOWS Microsoft Windows malicious LNK file download attempt | CVE-2020-0729 |
59827 | FILE-OTHER Adobe Acrobat malicious joboptions file download attempt | CVE-2019-7111 |
59856 | FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt | CVE-2020-16199 |
59831 | FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt | CVE-2014-0301 |
59758 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59681 | SERVER-WEBAPP Online Learning Management System SQL injection attempt | exploitdb:49326 |
59680 | SERVER-WEBAPP Online Learning Management System SQL injection attempt | exploitdb:49326 |
150242 | MALWARE-CNC Command and Control - FUNRUN check-in detected | - |
150240 | MALWARE-CNC Command and Control - PENDOWN beacon variant 3 detected | - |
150241 | MALWARE-CNC Command and Control - PENDOWN beacon variant 4 detected | - |
59745 | SERVER-WEBAPP TuziCMS SQL injection attempt | CVE-2022-23882 |
59702 | POLICY-OTHER Golang get remote command execution attempt | CVE-2018-16873 |
150233 | MALWARE-CNC Command and Control - LOCKLOAD check-in detected | - |
59724 | SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt | |
150209 | MALWARE-CNC Command and Control - APT38 RATANKBAPOS beacon variant 2 detected | - |
150228 | MALWARE-CNC Command and Control - MAZE C2 beacon variant 3 detected | - |
150229 | MALWARE-CNC Command and Control - MAZE C2 beacon variant 2 detected | - |
150224 | MALWARE-CNC Command and Control - HYTEOD beacon detected | - |
150225 | MALWARE-CNC Command and Control - MpCmdRun file download detected | - |
150226 | MALWARE-CNC Command and Control - METALJACK check-in detected | - |
150227 | MALWARE-CNC Command and Control - MAZE C2 check-in detected | - |
150220 | MALWARE-CNC Command and Control - HALFSHELL C2 beacon detected | - |
150221 | MALWARE-CNC Command and Control - NEUTRINO EK Afraidgate LOCKY callback detected | - |
150222 | MALWARE-CNC Command and Control - HIDDENVALUE C2 beacon variant 1 detected | - |
150223 | MALWARE-CNC Command and Control - HIDDENVALUE C2 beacon variant 2 detected | - |
150412 | MALWARE-CNC Zerot.Generic C2 beacon detected | - |
150411 | MALWARE-CNC Vawtrak.Generic instruction retrieval traffic detected | - |
150410 | MALWARE-CNC Ursnif.Generic C2 traffic detected | - |
150140 | MALWARE-CNC Quinstatus.Generic C2 traffic detected | - |
150142 | MALWARE-CNC Beatdrop.Generic C2 traffic detected | - |