CTEP/IPS Threat Content Update Release Notes 96.1.1.221
CTEP/IPS Threat Content Update Release Notes 96.1.1.221
Refer to the following summary of signatures deployed on 22nd July, 2022 with the IPS content release:
- Signatures added: 74
- Signatures modified: 17
- Signatures removed: 04
Signatures Added
SID | Description | Reference |
---|---|---|
150169 | MALWARE-CNC Subtlelime.Generic.Beacon outgoing connection detected-5 | – |
150168 | MALWARE-CNC Subtlelime.Generic.Beacon outgoing connection detected-4 | – |
150167 | MALWARE-CNC Birdwatch.Generic connection detected-1 | – |
150166 | MALWARE-CNC Pyxie.Generic C2 traffic detected-1 | – |
150165 | MALWARE-CNC Brickhouse.Get.Generic traffic detected-1 | – |
150164 | MALWARE-CNC Emotet.Exfill C2 traffic detected | – |
150163 | MALWARE-CNC Emotet.Generic.DLL payload detected | – |
150162 | MALWARE-CNC Remcos.APT.bits traffic detected | – |
150161 | MALWARE-CNC Grimagent.Generic C2 traffic detected-3 | – |
150160 | MALWARE-CNC Newpass.Generic C2 traffic detected-1 | – |
150325 | MALWARE-CNC Command and Control BARTALEX instruction retrieval | – |
150324 | MALWARE-CNC Command and Control – AZORULT C2 communication variant1 | – |
150327 | MALWARE-CNC Command and Control – BEARHUT C2 beacon | – |
150326 | MALWARE-CNC Command and Control BARTALEX instruction retrieval | – |
150329 | MALWARE-CNC Command and Control – DOUBLEBACK variant 1 and 2 | – |
150328 | MALWARE-CNC Command and Control – AZORULT C2 communication variant 1 | – |
150308 | MALWARE-CNC Command and Control Banking Trojan Pinterest Checkin | – |
150259 | MALWARE-CNC Command and Control – APT41 DEADEYE C2 communication detected | – |
150258 | MALWARE-CNC Command and Control – APT41 MOPSLED POST check-in detected | – |
150255 | MALWARE-CNC Command and Control – GhostEmperor C2 communication detected | – |
150254 | MALWARE-CNC Command and Control – MIRAGE check-in detected | – |
150257 | MALWARE-CNC Command and Control – APT41 POISONPLUG C2 check-in detected | – |
150256 | MALWARE-CNC Command and Control – APT41 SOGU POST beacon variant 2 detected | – |
150251 | MALWARE-CNC Command and Control – EMOTET Malware C2 check-in variant 2 detected | – |
150250 | MALWARE-CNC Command and Control – IXESHEMECKLOW check-in detected | – |
150253 | MALWARE-CNC Command and Control – LITRECOLA check-in detected | – |
150252 | MALWARE-CNC Command and Control – FIN13 DRAWSTRING C2 communication detected | – |
150276 | MALWARE-CNC Command and Control – WSHRAT beacon variant 2 detected | – |
150275 | MALWARE-CNC Command and Control – TEMP.Armageddon Winter 2022 Bomb Threat Lure variant 4 detected | – |
150274 | MALWARE-CNC Command and Control – STILLBOT Hardcoded IP callout detected | – |
150273 | MALWARE-CNC Command and Control – NUGGETPHANTOM Post-exploitation traffic variant 3 detected | – |
150272 | MALWARE-CNC Command and Control – NUGGETPHANTOM Post-exploitation traffic variant 2 detected | – |
150270 | MALWARE-CNC Command and Control – APT34 TWOTONE check-in detected | – |
150156 | MALWARE-CNC Subtlelime.Generic.Beacon outgoing connection detected-1 | – |
150155 | MALWARE-CNC Birdwatch.Generic connection detected | – |
150152 | MALWARE-CNC Delimeat.Generic check-in traffic detected | – |
150158 | MALWARE-CNC Axeterror.Generic.Beacon outgoing connection detected-1 | – |
150159 | MALWARE-CNC Beacon.Dropper.Generic outgoing connection detected | – |
150271 | MALWARE-CNC Command and Control – NUGGETPHANTOM Post-exploitation traffic variant 1 detected | – |
150170 | MALWARE-CNC Beacon.Dropper.Generic outgoing connection detected-1 | – |
150171 | MALWARE-CNC Grimagent.Generic C2 traffic detected-4 | – |
150172 | MALWARE-CNC Remcos.APT.bits.Head traffic detected-1 | – |
150173 | MALWARE-CNC Remcos.APT.bits.Get traffic detected-1 | – |
150174 | MALWARE-CNC PowerShell Empire variant outbound connection | – |
150175 | MALWARE-CNC Uppercut.check-in C2 traffic detected-1 | – |
150332 | MALWARE-CNC Command and Control – DOUBLEDROP variant 1 | – |
150333 | MALWARE-CNC Command and Control – DOUBLEDROP variant 2 | – |
150330 | MALWARE-CNC Command and Control – DOUBLEBACK variant 3 and 4 | – |
150331 | MALWARE-CNC Command and Control – DOUBLEBACK variant 5 and 6 | – |
150336 | MALWARE-CNC Command and Control BEACON check-in | – |
150337 | MALWARE-CNC Command and Control – BAZARLOADER C2 traffic variant 3 | – |
150334 | MALWARE-CNC Command and Control – DOUBLEDROP variant 3 | – |
150335 | MALWARE-CNC Command and Control – Banking Trojan Pinterest check-in | – |
150338 | MALWARE-CNC Command and Control WINEKEY payload request | – |
150417 | MALWARE-CNC Emotet.Beacon C2 traffic detected-2 | – |
150416 | MALWARE-CNC Emotet.Beacon C2 traffic detected-1 | – |
150157 | MALWARE-CNC Subtlelime.Generic.Beacon outgoing connection detected-3 | – |
150154 | POLICY-OTHER Netskope test string upload test | – |
150268 | MALWARE-CNC Command and Control – APT28 LITTLENAME C2 communication detected | – |
150269 | MALWARE-CNC Command and Control – APT28 LITTLENAME C2 communication detected | – |
150260 | MALWARE-CNC Command and Control – APT41 BEACON C2 check-in detected | – |
150261 | MALWARE-CNC Command and Control – APT29 BEACON Dropper C2 communication variant 1 detected | – |
150262 | MALWARE-CNC Command and Control – APT28 SOFACY Janes Campaign February 2018 detected | – |
150263 | MALWARE-CNC Command and Control – ABCBOT C2 communication variant 1 detected | – |
150264 | MALWARE-CNC Command and Control – ABCBOT beacon detected | – |
150265 | MALWARE-CNC Command and Control – TEMP.Hermit ONESTEP check-in detected | – |
150266 | MALWARE-CNC Command and Control – KEGTAP update payload request detected | – |
150267 | MALWARE-CNC Command and Control – KEGTAP Second Stage payload request detected | – |
150413 | MALWARE-CNC Spicytuna.Generic.Post traffic detected | – |
150414 | MALWARE-CNC Temp.Armageddon.APT 2020 Campaign traffic detected-1 | – |
150141 | MALWARE-CNC Clubhouse.Generic C2 beacon detected | – |
150415 | MALWARE-CNC Emotet.Generic.Encrypted check-in traffic detected | – |
150419 | MALWARE-CNC Zerot.Generic C2 beacon detected | – |
150418 | MALWARE-CNS Emotet.Generic C2 check-in traffic detected | – |