CTEP/IPS Threat Content Update Release Notes 96.1.1.221

CTEP/IPS Threat Content Update Release Notes 96.1.1.221

Refer to the following summary of signatures deployed on 22nd July, 2022 with the IPS content release:

  • Signatures added: 74
  • Signatures modified: 17
  • Signatures removed: 04
Signatures Added
SIDDescriptionReference
150169MALWARE-CNC Subtlelime.Generic.Beacon outgoing connection detected-5
150168MALWARE-CNC Subtlelime.Generic.Beacon outgoing connection detected-4
150167MALWARE-CNC Birdwatch.Generic connection detected-1
150166MALWARE-CNC Pyxie.Generic C2 traffic detected-1
150165MALWARE-CNC Brickhouse.Get.Generic traffic detected-1
150164MALWARE-CNC Emotet.Exfill C2 traffic detected
150163MALWARE-CNC Emotet.Generic.DLL payload detected
150162MALWARE-CNC Remcos.APT.bits traffic detected
150161MALWARE-CNC Grimagent.Generic C2 traffic detected-3
150160MALWARE-CNC Newpass.Generic C2 traffic detected-1
150325MALWARE-CNC Command and Control BARTALEX instruction retrieval
150324MALWARE-CNC Command and Control – AZORULT C2 communication variant1
150327MALWARE-CNC Command and Control – BEARHUT C2 beacon
150326MALWARE-CNC Command and Control BARTALEX instruction retrieval
150329MALWARE-CNC Command and Control – DOUBLEBACK variant 1 and 2
150328MALWARE-CNC Command and Control – AZORULT C2 communication variant 1
150308MALWARE-CNC Command and Control Banking Trojan Pinterest Checkin
150259MALWARE-CNC Command and Control – APT41 DEADEYE C2 communication detected
150258MALWARE-CNC Command and Control – APT41 MOPSLED POST check-in detected
150255MALWARE-CNC Command and Control – GhostEmperor C2 communication detected
150254MALWARE-CNC Command and Control – MIRAGE check-in detected
150257MALWARE-CNC Command and Control – APT41 POISONPLUG C2 check-in detected
150256MALWARE-CNC Command and Control – APT41 SOGU POST beacon variant 2 detected
150251MALWARE-CNC Command and Control – EMOTET Malware C2 check-in variant 2 detected
150250MALWARE-CNC Command and Control – IXESHEMECKLOW check-in detected
150253MALWARE-CNC Command and Control – LITRECOLA check-in detected
150252MALWARE-CNC Command and Control – FIN13 DRAWSTRING C2 communication detected
150276MALWARE-CNC Command and Control – WSHRAT beacon variant 2 detected
150275MALWARE-CNC Command and Control – TEMP.Armageddon Winter 2022 Bomb Threat Lure variant 4 detected
150274MALWARE-CNC Command and Control – STILLBOT Hardcoded IP callout detected
150273MALWARE-CNC Command and Control – NUGGETPHANTOM Post-exploitation traffic variant 3 detected
150272MALWARE-CNC Command and Control – NUGGETPHANTOM Post-exploitation traffic variant 2 detected
150270MALWARE-CNC Command and Control – APT34 TWOTONE check-in detected
150156MALWARE-CNC Subtlelime.Generic.Beacon outgoing connection detected-1
150155MALWARE-CNC Birdwatch.Generic connection detected
150152MALWARE-CNC Delimeat.Generic check-in traffic detected
150158MALWARE-CNC Axeterror.Generic.Beacon outgoing connection detected-1
150159MALWARE-CNC Beacon.Dropper.Generic outgoing connection detected
150271MALWARE-CNC Command and Control – NUGGETPHANTOM Post-exploitation traffic variant 1 detected
150170MALWARE-CNC Beacon.Dropper.Generic outgoing connection detected-1
150171MALWARE-CNC Grimagent.Generic C2 traffic detected-4
150172MALWARE-CNC Remcos.APT.bits.Head traffic detected-1
150173MALWARE-CNC Remcos.APT.bits.Get traffic detected-1
150174MALWARE-CNC PowerShell Empire variant outbound connection
150175MALWARE-CNC Uppercut.check-in C2 traffic detected-1
150332MALWARE-CNC Command and Control – DOUBLEDROP variant 1
150333MALWARE-CNC Command and Control – DOUBLEDROP variant 2
150330MALWARE-CNC Command and Control – DOUBLEBACK variant 3 and 4
150331MALWARE-CNC Command and Control – DOUBLEBACK variant 5 and 6
150336MALWARE-CNC Command and Control BEACON check-in
150337MALWARE-CNC Command and Control – BAZARLOADER C2 traffic variant 3
150334MALWARE-CNC Command and Control – DOUBLEDROP variant 3
150335MALWARE-CNC Command and Control – Banking Trojan Pinterest check-in
150338MALWARE-CNC Command and Control WINEKEY payload request
150417MALWARE-CNC Emotet.Beacon C2 traffic detected-2
150416MALWARE-CNC Emotet.Beacon C2 traffic detected-1
150157MALWARE-CNC Subtlelime.Generic.Beacon outgoing connection detected-3
150154POLICY-OTHER Netskope test string upload test
150268MALWARE-CNC Command and Control – APT28 LITTLENAME C2 communication detected
150269MALWARE-CNC Command and Control – APT28 LITTLENAME C2 communication detected
150260MALWARE-CNC Command and Control – APT41 BEACON C2 check-in detected
150261MALWARE-CNC Command and Control – APT29 BEACON Dropper C2 communication variant 1 detected
150262MALWARE-CNC Command and Control – APT28 SOFACY Janes Campaign February 2018 detected
150263MALWARE-CNC Command and Control – ABCBOT C2 communication variant 1 detected
150264MALWARE-CNC Command and Control – ABCBOT beacon detected
150265MALWARE-CNC Command and Control – TEMP.Hermit ONESTEP check-in detected
150266MALWARE-CNC Command and Control – KEGTAP update payload request detected
150267MALWARE-CNC Command and Control – KEGTAP Second Stage payload request detected
150413MALWARE-CNC Spicytuna.Generic.Post traffic detected
150414MALWARE-CNC Temp.Armageddon.APT 2020 Campaign traffic detected-1
150141MALWARE-CNC Clubhouse.Generic C2 beacon detected
150415MALWARE-CNC Emotet.Generic.Encrypted check-in traffic detected
150419MALWARE-CNC Zerot.Generic C2 beacon detected
150418MALWARE-CNS Emotet.Generic C2 check-in traffic detected
Share this Doc

CTEP/IPS Threat Content Update Release Notes 96.1.1.221

Or copy link

In this topic ...