CTEP/IPS Threat Content Update Release Notes 96.0.1.208

CTEP/IPS Threat Content Update Release Notes 96.0.1.208

Refer to the following summary of signatures deployed with the IPS content release:

  • Signatures added : 146
  • Signatures modified : 01
  • Signatures removed : 02
Signatures Added
SIDDescriptionReference
59766FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt CVE-2014-9636
59762 FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
59858FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attemptCVE-2019-6556
140878 MALWARE-CNC Metastealer communication channel identifiedresearch.nccgroup.com/2022/05/20/metastealer-filling-the-racoon-void/
59786 FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attemptCVE-2014-1246
150123MALWARE-CNC Poshrat.Systeminfo information leakage C2 channel detectedNo Reference
150122MALWARE-CNC Pony.check-in C2 communication traffic detectedNo Reference
150121 MALWARE-CNC Nutwaffle C2 communication traffic detectedNo Reference
150120 MALWARE-CNC Punchbuggy.check-in C2 communication traffic detectedNo Reference
150127 MALWARE-CNC Silenttrininty.C2 traffic detectedNo Reference
150126 MALWARE-CNC Scanbox.Check-in traffic detectedNo Reference
150125 MALWARE-CNC PutterPanda.HTTPBeacon C2 traffic detectedNo Reference
150124 MALWARE-CNC Powruner.PS1.check-in C2 traffic detectedNo Reference
150129 MALWARE-CNC Uppercut.check-in C2 traffic detectedNo Reference
150128 MALWARE-CNC Smokeloader.C2 traffic detectedNo Reference
59764FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
59768 FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
150321 MALWARE-CNC Command and Control – DOUBLEDROP variant 1No Reference
150320MALWARE-CNC Command and Control – DOUBLEBACK variant 6No Reference
150323 MALWARE-CNC Command and Control – DOUBLEDROP variant 3No Reference
150322 MALWARE-CNC Command and Control – DOUBLEDROP variant 2No Reference
59744 SERVER-WEBAPP TuziCMS SQL injection attemptCVE-2022-23882
59748 SERVER-WEBAPP Adobe ColdFusion cross-site scripting attemptCVE-2022-28818
59749 SERVER-WEBAPP Adobe ColdFusion cross-site scripting attemptCVE-2022-28818
150300MALWARE-CNC Command and Control – AZORULT C2 communication variant 1No Reference
150307 MALWARE-CNC Command and Control AZORUL C2 communication variant 8No Reference
140135 MALWARE OTHER JAVA JRE1.7 Applet Remote Code ExecutionNo Reference
140137 MALWARE OTHER Java7 JRE/JDK Applet Remote Code ExecutionCVE-2012-4681
140136 MALWARE OTHER Firefox Proto crmf requestCVE-2012-3993
59722SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attemptsuccess.trendmicro.com/solution/1116750
59723 SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attemptsuccess.trendmicro.com/solution/1116750
59720 SERVER-WEBAPP Xinuos Openserver command injection attemptCVE-2020-25494
59721 SERVER-WEBAPP Xinuos Openserver command injection attemptCVE-2020-25494
59701 POLICY-OTHER Golang get remote command execution attemptCVE-2018-16873
59704 POLICY-OTHER Golang get remote command execution attemptCVE-2018-16873
59848FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attemptCVE-2020-7002
59830 FILE-IMAGE Microsoft Windows DirectShow JPEG double free attemptCVE-2014-0301
59700 POLICY-OTHER Golang get remote command execution attemptCVE-2018-16873
59698 FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attemptCVE-2011-3170
59795 POLICY-OTHER IBM Data Risk Management administrative login attemptCVE-2020-4427
140901 MALWARE-CNC PowerShell Empire variant outbound connectionattack.mitre.org/techniques/T1086
140902 MALWARE-CNC Backdoor PUNCHBUGGY outbound connection detectedNo Reference
140903 MALWARE-CNC Suspected trojan outbound connection detectedNo Reference
140904 MALWARE-CNC Suspected malware outbound connection detectedNo Reference
140905 MALWARE-CNC greenflash sundown outbound connection detectedNo Reference
59717 FILE-IMAGE Directshow GIF logical width overflow attemptCVE-2013-3174
59713FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attemptCVE-2013-2460
150211MALWARE-CNC Command and Control – CRIDEX configuration download detectedNo Reference
150210MALWARE-CNC Command and Control – CORESHELL HTTP Post detectedNo Reference
150213 MALWARE-CNC Command and Control – EGGHATCH C2 communication variant 4No Reference
150212MALWARE-CNC Command and Control – EGGHATCH C2 communication variant 3 detectedNo Reference
150215 MALWARE-CNC Command and Control – FORMBOOK C2 beacon variant 4 detectedNo Reference
150214MALWARE-CNC Command and Control – EGREGOR GET DLL payload detectedNo Reference
150217 MALWARE-CNC Command and Control – CROSSWALK check-indetectedNo Reference
150216 MALWARE-CNC Command and Control – FORMBOOK C2 beacon variant 5 detectedNo Reference
150219MALWARE-CNC Command and Control – GOOSECHASE Request FINETIDE payload detectedNo Reference
150218 MALWARE-CNC Command and Control – GOLDDRAGON C2 communication detectedNo Reference
150136 MALWARE-CNC BATELEUR.Generic C2 traffic detectedNo Reference
150405MALWARE-CNC TEMP.Armageddon Russia-Ukraine Conflict Lure variant detectedNo Reference
150406 MALWARE-CNC TEMP.Armageddon Bomb Threat Lure variant detectedNo Reference
150407 MALWARE-CNC TEMP.Armageddon Bomb Threat Lure variant detectedNo Reference
150408 MALWARE-CNC TEMP.Armageddon Bomb Threat Lure variant detectedNo Reference
150409 MALWARE-CNC Troibomb.Check-in malware traffic detectedNo Reference
150239 MALWARE-CNC Command and Control – PENDOWN beacon variant 2 detectedNo Reference
150238MALWARE-CNC Command and Control – PENDOWN beacon variant 1 detectedNo Reference
150232 MALWARE-CNC Command and Control – LOGCABIN Next Stage GET request detectedNo Reference
150231MALWARE-CNC Command and Control – LOUDTRAWL C2 communication variant 1 detectedNo Reference
150230 MALWARE-CNC Command and Control – MAZE C2 beacon variant 1 detectedNo Reference
150236MALWARE-CNC Command and Control – PENCILDOWN C2 check-in detectedNo Reference
150235 MALWARE-CNC Command and Control – NOKKI FinalstSpy ommunication over HTTP detectedNo Reference
150234MALWARE-CNC Command and Control – NEWPOSTHINGS check-in detectedNo Reference
59780 FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
59784 FILE-PDF Adobe Acrobat DC memory corruption attemptCVE-2019-7125
59789FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attemptCVE-2018-10616
59794 MALWARE-OTHER Win.Trojan.WhisperGate download attemptvirustotal.com/gui/file/35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a
59790 MALWARE-OTHER Win.Trojan.WhisperGate download attemptvirustotal.com/gui/file/35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a
59851 FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attemptCVE-2020-10639
150134 MALWARE-CNC Brickhouse.Get.Generic traffic detectedNo Reference
150135 MALWARE-CNC Beatdrop.Generic C2 traffic detectedNo Reference
150137 MALWARE-CNC Poshrat.Generic C2 traffic detectedNo Reference
150130 MALWARE-CNC Sixplus.check-in C2 traffic detectedNo Reference
150131 MALWARE-CNC Houseblend.Generic C2 traffic detectedNo Reference
150132 MALWARE-CNC Lifeboat.Generic C2 traffic detectedNo Reference
150133 MALWARE-CNC Meterpreter.Generic download detectedNo Reference
150138 MALWARE-CNC Powerhouse.Generic C2 traffic detectedNo Reference
150139 MALWARE-CNC Pyxie.Generic C2 traffic detectedNo Reference
59778 FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
59770FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
59772 FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
59754 FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
59756FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
150318 MALWARE-CNC Command and Control – DOUBLEBACK variant 4No Reference
150319 MALWARE-CNC Command and Control – DOUBLEBACK variant 5No Reference
150314 MALWARE-CNC Command and Control – BEARHUT C2 beaconNo Reference
150315 MALWARE-CNC Command and Control – DOUBLEBACK variant 1No Reference
150316 MALWARE-CNC Command and Control – DOUBLEBACK variant 2No Reference
150317 MALWARE-CNC Command and Control – DOUBLEBACK variant 3No Reference
150310 MALWARE-CNC Command and Control BARTALEX instruction retrievalNo Reference
150311 MALWARE-CNC Command and Control WINEKEY payload requestNo Reference
150312 MALWARE-CNC Command and Control beacon check-inNo Reference
150313MALWARE-CNC Command and Control – BAZARLOADER C2 traffic variant 3No Reference
59731 OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attemptCVE-2022-29104
59733OS-WINDOWS Microsoft Windows win32k local privilege escalation attemptCVE-2022-29142
59736 MALWARE-CNC Win.Trojan.ZxxZ variant outbound connectionwww.virustotal.com/gui/file/fa0ed2faa3da831976fee90860ac39d50484b20bee692ce7f0ec35a15670fa92/detection
59719 SERVER-WEBAPP Xinuos Openserver command injection attemptCVE-2020-25494
59718 SERVER-WEBAPP Xinuos Openserver command injection attemptCVE-2020-25494
59714 FILE-IMAGE Directshow GIF logical height overflow attemptCVE-2013-3174
59860 FILE-MULTIMEDIA AVI file chunk length integer overflow attemptCVE-2011-3834
59862FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attemptCVE-2018-4899
59760 FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
59774FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
59776 FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
59840FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attemptCVE-2018-5056
59821 OS-WINDOWS Microsoft Windows malicious LNK file download attemptCVE-2020-0729
59827 FILE-OTHER Adobe Acrobat malicious joboptions file download attemptCVE-2019-7111
59856 FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attemptCVE-2020-16199
59831 FILE-IMAGE Microsoft Windows DirectShow JPEG double free attemptCVE-2014-0301
59758FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attemptCVE-2014-9636
59681 SERVER-WEBAPP Online Learning Management System SQL injection attemptexploitdb:49326
59680 SERVER-WEBAPP Online Learning Management System SQL injection attemptexploitdb:49326
150242 MALWARE-CNC Command and Control – FUNRUN check-in detectedNo Reference
150240MALWARE-CNC Command and Control – PENDOWN beacon variant 3 detectedNo Reference
150241 MALWARE-CNC Command and Control – PENDOWN beacon variant 4 detectedNo Reference
59745 SERVER-WEBAPP TuziCMS SQL injection attemptCVE-2022-23882
59702 POLICY-OTHER Golang get remote command execution attemptCVE-2018-16873
150233MALWARE-CNC Command and Control – LOCKLOAD check-in detectedNo Reference
59724 SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attemptsuccess.trendmicro.com/solution/1116750
150209MALWARE-CNC Command and Control – APT38 RATANKBAPOS beacon variant 2 detectedNo Reference
150228 MALWARE-CNC Command and Control – MAZE C2 beacon variant 3 detectedNo Reference
150229 MALWARE-CNC Command and Control – MAZE C2 beacon variant 2 detectedNo Reference
150224 MALWARE-CNC Command and Control – HYTEOD beacon detectedNo Reference
150225MALWARE-CNC Command and Control – MpCmdRun file download detectedNo Reference
150226 MALWARE-CNC Command and Control – METALJACK check-in detectedNo Reference
150227 MALWARE-CNC Command and Control – MAZE C2 check-in detectedNo Reference
150220MALWARE-CNC Command and Control – HALFSHELL C2 beacon detectedNo Reference
150221 MALWARE-CNC Command and Control – NEUTRINO EK Afraidgate LOCKY callback detectedNo Reference
150222MALWARE-CNC Command and Control – HIDDENVALUE C2 beacon variant 1 detectedNo Reference
150223 MALWARE-CNC Command and Control – HIDDENVALUE C2 beacon variant 2 detectedNo Reference
150412 MALWARE-CNC Zerot.Generic C2 beacon detectedNo Reference
150411 MALWARE-CNC Vawtrak.Generic instruction retrieval traffic detectedNo Reference
150410 MALWARE-CNC Ursnif.Generic C2 traffic detectedNo Reference
150140 MALWARE-CNC Quinstatus.Generic C2 traffic detectedNo Reference
150142 MALWARE-CNC Beatdrop.Generic C2 traffic detectedNo Reference
Share this Doc

CTEP/IPS Threat Content Update Release Notes 96.0.1.208

Or copy link

In this topic ...