CTEP/IPS Threat Content Update Release Notes 97.1.1.240
CTEP/IPS Threat Content Update Release Notes 97.1.1.240
Refer to the following summary of signatures deployed on 1st September, 2022 with the IPS content release:
- Signatures added : 46
- Signatures modified : 0
- Signatures removed: 777
Signatures Added
| SID | Description | Reference |
|---|---|---|
| 59958 | MALWARE-OTHER Unix.Trojan.Symbiote variant binary download attempt | www.virustotal.com/gui/file/121157e0fcb728eb8a23b55457e89d45d76aa3b7d01d3d49105890a00662c924 |
| 59950 | OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attempt | CVE-2022-30190 |
| 59955 | MALWARE-OTHER Unix.Backdoor.Dnscat2 variant binary download attempt | www.virustotal.com/gui/file/45eacba032367db7f3b031e5d9df10b30d01664f24da6847322f6af1fd8e7f01 |
| 60050 | MALWARE-CNC Win.Rootkit.Daxin HTTP host information exchange attempt | No reference |
| 60052 | BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt | CVE-2020-6383 |
| 60057 | MALWARE-CNC Win.Trojan.Qakbot variant outbound connection | www.malware-traffic-analysis.net/2022/04/19/index.html |
| 60059 | MALWARE-CNC Win.Trojan.Gallium variant outbound beaconing attempt | unit42.paloaltonetworks.com/pingpull-gallium/ |
| 60155 | BROWSER-WEBKIT Apple Safari WebKit loadInSameDocument use-after-free attempt | CVE-2022-22620 |
| 60190 | FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt | CVE-2019-6537 |
| 59890 | OS-WINDOWS Microsoft Support Diagnostic Tool ms-msdt protocol use attempt | CVE-2022-30190 |
| 59892 | OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attempt | CVE-2022-30190 |
| 59894 | OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attempt | CVE-2022-30190 |
| 59896 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
| 59897 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
| 59898 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
| 59899 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
| 60116 | FILE-OTHER Fuji Electric Frenic Loader stack-based buffer overflow attempt | CVE-2018-14802 |
| 59878 | FILE-OTHER PEAR Archive Tar code deserialization attempt | CVE-2020-28948 |
| 59873 | FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt | CVE-2020-16234 |
| 59679 | FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt | CVE-2017-2960 |
| 59902 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
| 59903 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
| 59900 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
| 59901 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
| 59928 | MALWARE-BACKDOOR Jsp.Webshell.Chopper webshell download attempt | CVE-2022-26134 |
| 59929 | MALWARE-BACKDOOR Jsp.Webshell.Behinder download attempt | CVE-2022-26134 |
| 59920 | OS-WINDOWS Microsoft Windows search-ms protocol invocation attempt | CVE-2022-30190 |
| 150114 | MALWARE-CNC Fakeupdates Check-in and Response C2 Communication traffic detected | No reference |
| 60061 | MALWARE-CNC Win.Trojan.Gallium variant outbound beaconing attempt | unit42.paloaltonetworks.com/pingpull-gallium/ |
| 59945 | FILE-PDF Adobe Acrobat Reader DC out-of-bounds read attempt | CVE-2021-28554 |
| 60200 | SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt | CVE-2019-4716 |
| 59984 | MALWARE-OTHER Win.Ransomware.AvosLocker ransomware binary download | No reference |
| 59982 | MALWARE-OTHER Win.Trojan.Mimikatz binary download | No reference |
| 60222 | BROWSER-CHROME V8 WebAssembly remote code execution attempt | CVE-2020-15994 |
| 60220 | BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt | CVE-2020-6465 |
| 60186 | FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt | CVE-2019-6537 |
| 60048 | FILE-PDF Adobe Acrobat Reader DC heap-based buffer overflow attempt | CVE-2021-28560 |
| 59870 | FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt | CVE-2020-12497 |
| 59969 | FILE-OFFICE Microsoft Word malformed jpeg remote code execution attempt | CVE-2016-3318 |
| 60182 | MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt | www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0 |
| 60183 | MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt | www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0 |
| 60180 | MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt | www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0 |
| 60181 | MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt | www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0 |
| 60188 | FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt | CVE-2019-6537 |
| 17276 | FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt | CVE-2005-3370 |
| 59930 | MALWARE-BACKDOOR Jsp.Webshell.Noop download attempt | CVE-2022-26134 |
