CTEP/IPS Threat Content Update Release Notes 96.0.1.208
CTEP/IPS Threat Content Update Release Notes 96.0.1.208
Refer to the following summary of signatures deployed with the IPS content release:
- Signatures added : 146
- Signatures modified : 01
- Signatures removed : 02
Signatures Added
SID | Description | Reference |
---|---|---|
59766 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59762 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59858 | FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt | CVE-2019-6556 |
140878 | MALWARE-CNC Metastealer communication channel identified | research.nccgroup.com/2022/05/20/metastealer-filling-the-racoon-void/ |
59786 | FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt | CVE-2014-1246 |
150123 | MALWARE-CNC Poshrat.Systeminfo information leakage C2 channel detected | No Reference |
150122 | MALWARE-CNC Pony.check-in C2 communication traffic detected | No Reference |
150121 | MALWARE-CNC Nutwaffle C2 communication traffic detected | No Reference |
150120 | MALWARE-CNC Punchbuggy.check-in C2 communication traffic detected | No Reference |
150127 | MALWARE-CNC Silenttrininty.C2 traffic detected | No Reference |
150126 | MALWARE-CNC Scanbox.Check-in traffic detected | No Reference |
150125 | MALWARE-CNC PutterPanda.HTTPBeacon C2 traffic detected | No Reference |
150124 | MALWARE-CNC Powruner.PS1.check-in C2 traffic detected | No Reference |
150129 | MALWARE-CNC Uppercut.check-in C2 traffic detected | No Reference |
150128 | MALWARE-CNC Smokeloader.C2 traffic detected | No Reference |
59764 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59768 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
150321 | MALWARE-CNC Command and Control – DOUBLEDROP variant 1 | No Reference |
150320 | MALWARE-CNC Command and Control – DOUBLEBACK variant 6 | No Reference |
150323 | MALWARE-CNC Command and Control – DOUBLEDROP variant 3 | No Reference |
150322 | MALWARE-CNC Command and Control – DOUBLEDROP variant 2 | No Reference |
59744 | SERVER-WEBAPP TuziCMS SQL injection attempt | CVE-2022-23882 |
59748 | SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt | CVE-2022-28818 |
59749 | SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt | CVE-2022-28818 |
150300 | MALWARE-CNC Command and Control – AZORULT C2 communication variant 1 | No Reference |
150307 | MALWARE-CNC Command and Control AZORUL C2 communication variant 8 | No Reference |
140135 | MALWARE OTHER JAVA JRE1.7 Applet Remote Code Execution | No Reference |
140137 | MALWARE OTHER Java7 JRE/JDK Applet Remote Code Execution | CVE-2012-4681 |
140136 | MALWARE OTHER Firefox Proto crmf request | CVE-2012-3993 |
59722 | SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt | success.trendmicro.com/solution/1116750 |
59723 | SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt | success.trendmicro.com/solution/1116750 |
59720 | SERVER-WEBAPP Xinuos Openserver command injection attempt | CVE-2020-25494 |
59721 | SERVER-WEBAPP Xinuos Openserver command injection attempt | CVE-2020-25494 |
59701 | POLICY-OTHER Golang get remote command execution attempt | CVE-2018-16873 |
59704 | POLICY-OTHER Golang get remote command execution attempt | CVE-2018-16873 |
59848 | FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt | CVE-2020-7002 |
59830 | FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt | CVE-2014-0301 |
59700 | POLICY-OTHER Golang get remote command execution attempt | CVE-2018-16873 |
59698 | FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt | CVE-2011-3170 |
59795 | POLICY-OTHER IBM Data Risk Management administrative login attempt | CVE-2020-4427 |
140901 | MALWARE-CNC PowerShell Empire variant outbound connection | attack.mitre.org/techniques/T1086 |
140902 | MALWARE-CNC Backdoor PUNCHBUGGY outbound connection detected | No Reference |
140903 | MALWARE-CNC Suspected trojan outbound connection detected | No Reference |
140904 | MALWARE-CNC Suspected malware outbound connection detected | No Reference |
140905 | MALWARE-CNC greenflash sundown outbound connection detected | No Reference |
59717 | FILE-IMAGE Directshow GIF logical width overflow attempt | CVE-2013-3174 |
59713 | FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt | CVE-2013-2460 |
150211 | MALWARE-CNC Command and Control – CRIDEX configuration download detected | No Reference |
150210 | MALWARE-CNC Command and Control – CORESHELL HTTP Post detected | No Reference |
150213 | MALWARE-CNC Command and Control – EGGHATCH C2 communication variant 4 | No Reference |
150212 | MALWARE-CNC Command and Control – EGGHATCH C2 communication variant 3 detected | No Reference |
150215 | MALWARE-CNC Command and Control – FORMBOOK C2 beacon variant 4 detected | No Reference |
150214 | MALWARE-CNC Command and Control – EGREGOR GET DLL payload detected | No Reference |
150217 | MALWARE-CNC Command and Control – CROSSWALK check-indetected | No Reference |
150216 | MALWARE-CNC Command and Control – FORMBOOK C2 beacon variant 5 detected | No Reference |
150219 | MALWARE-CNC Command and Control – GOOSECHASE Request FINETIDE payload detected | No Reference |
150218 | MALWARE-CNC Command and Control – GOLDDRAGON C2 communication detected | No Reference |
150136 | MALWARE-CNC BATELEUR.Generic C2 traffic detected | No Reference |
150405 | MALWARE-CNC TEMP.Armageddon Russia-Ukraine Conflict Lure variant detected | No Reference |
150406 | MALWARE-CNC TEMP.Armageddon Bomb Threat Lure variant detected | No Reference |
150407 | MALWARE-CNC TEMP.Armageddon Bomb Threat Lure variant detected | No Reference |
150408 | MALWARE-CNC TEMP.Armageddon Bomb Threat Lure variant detected | No Reference |
150409 | MALWARE-CNC Troibomb.Check-in malware traffic detected | No Reference |
150239 | MALWARE-CNC Command and Control – PENDOWN beacon variant 2 detected | No Reference |
150238 | MALWARE-CNC Command and Control – PENDOWN beacon variant 1 detected | No Reference |
150232 | MALWARE-CNC Command and Control – LOGCABIN Next Stage GET request detected | No Reference |
150231 | MALWARE-CNC Command and Control – LOUDTRAWL C2 communication variant 1 detected | No Reference |
150230 | MALWARE-CNC Command and Control – MAZE C2 beacon variant 1 detected | No Reference |
150236 | MALWARE-CNC Command and Control – PENCILDOWN C2 check-in detected | No Reference |
150235 | MALWARE-CNC Command and Control – NOKKI FinalstSpy ommunication over HTTP detected | No Reference |
150234 | MALWARE-CNC Command and Control – NEWPOSTHINGS check-in detected | No Reference |
59780 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59784 | FILE-PDF Adobe Acrobat DC memory corruption attempt | CVE-2019-7125 |
59789 | FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt | CVE-2018-10616 |
59794 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a |
59790 | MALWARE-OTHER Win.Trojan.WhisperGate download attempt | virustotal.com/gui/file/35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a |
59851 | FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt | CVE-2020-10639 |
150134 | MALWARE-CNC Brickhouse.Get.Generic traffic detected | No Reference |
150135 | MALWARE-CNC Beatdrop.Generic C2 traffic detected | No Reference |
150137 | MALWARE-CNC Poshrat.Generic C2 traffic detected | No Reference |
150130 | MALWARE-CNC Sixplus.check-in C2 traffic detected | No Reference |
150131 | MALWARE-CNC Houseblend.Generic C2 traffic detected | No Reference |
150132 | MALWARE-CNC Lifeboat.Generic C2 traffic detected | No Reference |
150133 | MALWARE-CNC Meterpreter.Generic download detected | No Reference |
150138 | MALWARE-CNC Powerhouse.Generic C2 traffic detected | No Reference |
150139 | MALWARE-CNC Pyxie.Generic C2 traffic detected | No Reference |
59778 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59770 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59772 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59754 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59756 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
150318 | MALWARE-CNC Command and Control – DOUBLEBACK variant 4 | No Reference |
150319 | MALWARE-CNC Command and Control – DOUBLEBACK variant 5 | No Reference |
150314 | MALWARE-CNC Command and Control – BEARHUT C2 beacon | No Reference |
150315 | MALWARE-CNC Command and Control – DOUBLEBACK variant 1 | No Reference |
150316 | MALWARE-CNC Command and Control – DOUBLEBACK variant 2 | No Reference |
150317 | MALWARE-CNC Command and Control – DOUBLEBACK variant 3 | No Reference |
150310 | MALWARE-CNC Command and Control BARTALEX instruction retrieval | No Reference |
150311 | MALWARE-CNC Command and Control WINEKEY payload request | No Reference |
150312 | MALWARE-CNC Command and Control beacon check-in | No Reference |
150313 | MALWARE-CNC Command and Control – BAZARLOADER C2 traffic variant 3 | No Reference |
59731 | OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt | CVE-2022-29104 |
59733 | OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt | CVE-2022-29142 |
59736 | MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection | www.virustotal.com/gui/file/fa0ed2faa3da831976fee90860ac39d50484b20bee692ce7f0ec35a15670fa92/detection |
59719 | SERVER-WEBAPP Xinuos Openserver command injection attempt | CVE-2020-25494 |
59718 | SERVER-WEBAPP Xinuos Openserver command injection attempt | CVE-2020-25494 |
59714 | FILE-IMAGE Directshow GIF logical height overflow attempt | CVE-2013-3174 |
59860 | FILE-MULTIMEDIA AVI file chunk length integer overflow attempt | CVE-2011-3834 |
59862 | FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt | CVE-2018-4899 |
59760 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59774 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59776 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59840 | FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt | CVE-2018-5056 |
59821 | OS-WINDOWS Microsoft Windows malicious LNK file download attempt | CVE-2020-0729 |
59827 | FILE-OTHER Adobe Acrobat malicious joboptions file download attempt | CVE-2019-7111 |
59856 | FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt | CVE-2020-16199 |
59831 | FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt | CVE-2014-0301 |
59758 | FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt | CVE-2014-9636 |
59681 | SERVER-WEBAPP Online Learning Management System SQL injection attempt | exploitdb:49326 |
59680 | SERVER-WEBAPP Online Learning Management System SQL injection attempt | exploitdb:49326 |
150242 | MALWARE-CNC Command and Control – FUNRUN check-in detected | No Reference |
150240 | MALWARE-CNC Command and Control – PENDOWN beacon variant 3 detected | No Reference |
150241 | MALWARE-CNC Command and Control – PENDOWN beacon variant 4 detected | No Reference |
59745 | SERVER-WEBAPP TuziCMS SQL injection attempt | CVE-2022-23882 |
59702 | POLICY-OTHER Golang get remote command execution attempt | CVE-2018-16873 |
150233 | MALWARE-CNC Command and Control – LOCKLOAD check-in detected | No Reference |
59724 | SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt | success.trendmicro.com/solution/1116750 |
150209 | MALWARE-CNC Command and Control – APT38 RATANKBAPOS beacon variant 2 detected | No Reference |
150228 | MALWARE-CNC Command and Control – MAZE C2 beacon variant 3 detected | No Reference |
150229 | MALWARE-CNC Command and Control – MAZE C2 beacon variant 2 detected | No Reference |
150224 | MALWARE-CNC Command and Control – HYTEOD beacon detected | No Reference |
150225 | MALWARE-CNC Command and Control – MpCmdRun file download detected | No Reference |
150226 | MALWARE-CNC Command and Control – METALJACK check-in detected | No Reference |
150227 | MALWARE-CNC Command and Control – MAZE C2 check-in detected | No Reference |
150220 | MALWARE-CNC Command and Control – HALFSHELL C2 beacon detected | No Reference |
150221 | MALWARE-CNC Command and Control – NEUTRINO EK Afraidgate LOCKY callback detected | No Reference |
150222 | MALWARE-CNC Command and Control – HIDDENVALUE C2 beacon variant 1 detected | No Reference |
150223 | MALWARE-CNC Command and Control – HIDDENVALUE C2 beacon variant 2 detected | No Reference |
150412 | MALWARE-CNC Zerot.Generic C2 beacon detected | No Reference |
150411 | MALWARE-CNC Vawtrak.Generic instruction retrieval traffic detected | No Reference |
150410 | MALWARE-CNC Ursnif.Generic C2 traffic detected | No Reference |
150140 | MALWARE-CNC Quinstatus.Generic C2 traffic detected | No Reference |
150142 | MALWARE-CNC Beatdrop.Generic C2 traffic detected | No Reference |