CTEP/IPS Threat Content Update Release Notes 97.1.1.240
CTEP/IPS Threat Content Update Release Notes 97.1.1.240
Refer to the following summary of signatures deployed on 1st September, 2022 with the IPS content release:
- Signatures added : 46
- Signatures modified : 0
- Signatures removed: 777
Signatures Added
SID | Description | Reference |
---|---|---|
59958 | MALWARE-OTHER Unix.Trojan.Symbiote variant binary download attempt | www.virustotal.com/gui/file/121157e0fcb728eb8a23b55457e89d45d76aa3b7d01d3d49105890a00662c924 |
59950 | OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attempt | CVE-2022-30190 |
59955 | MALWARE-OTHER Unix.Backdoor.Dnscat2 variant binary download attempt | www.virustotal.com/gui/file/45eacba032367db7f3b031e5d9df10b30d01664f24da6847322f6af1fd8e7f01 |
60050 | MALWARE-CNC Win.Rootkit.Daxin HTTP host information exchange attempt | No reference |
60052 | BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt | CVE-2020-6383 |
60057 | MALWARE-CNC Win.Trojan.Qakbot variant outbound connection | www.malware-traffic-analysis.net/2022/04/19/index.html |
60059 | MALWARE-CNC Win.Trojan.Gallium variant outbound beaconing attempt | unit42.paloaltonetworks.com/pingpull-gallium/ |
60155 | BROWSER-WEBKIT Apple Safari WebKit loadInSameDocument use-after-free attempt | CVE-2022-22620 |
60190 | FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt | CVE-2019-6537 |
59890 | OS-WINDOWS Microsoft Support Diagnostic Tool ms-msdt protocol use attempt | CVE-2022-30190 |
59892 | OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attempt | CVE-2022-30190 |
59894 | OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attempt | CVE-2022-30190 |
59896 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
59897 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
59898 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
59899 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
60116 | FILE-OTHER Fuji Electric Frenic Loader stack-based buffer overflow attempt | CVE-2018-14802 |
59878 | FILE-OTHER PEAR Archive Tar code deserialization attempt | CVE-2020-28948 |
59873 | FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt | CVE-2020-16234 |
59679 | FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt | CVE-2017-2960 |
59902 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
59903 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
59900 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
59901 | MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection | blog.talosintelligence.com/2020/05/the-wolf-is-back.html |
59928 | MALWARE-BACKDOOR Jsp.Webshell.Chopper webshell download attempt | CVE-2022-26134 |
59929 | MALWARE-BACKDOOR Jsp.Webshell.Behinder download attempt | CVE-2022-26134 |
59920 | OS-WINDOWS Microsoft Windows search-ms protocol invocation attempt | CVE-2022-30190 |
150114 | MALWARE-CNC Fakeupdates Check-in and Response C2 Communication traffic detected | No reference |
60061 | MALWARE-CNC Win.Trojan.Gallium variant outbound beaconing attempt | unit42.paloaltonetworks.com/pingpull-gallium/ |
59945 | FILE-PDF Adobe Acrobat Reader DC out-of-bounds read attempt | CVE-2021-28554 |
60200 | SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt | CVE-2019-4716 |
59984 | MALWARE-OTHER Win.Ransomware.AvosLocker ransomware binary download | No reference |
59982 | MALWARE-OTHER Win.Trojan.Mimikatz binary download | No reference |
60222 | BROWSER-CHROME V8 WebAssembly remote code execution attempt | CVE-2020-15994 |
60220 | BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt | CVE-2020-6465 |
60186 | FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt | CVE-2019-6537 |
60048 | FILE-PDF Adobe Acrobat Reader DC heap-based buffer overflow attempt | CVE-2021-28560 |
59870 | FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt | CVE-2020-12497 |
59969 | FILE-OFFICE Microsoft Word malformed jpeg remote code execution attempt | CVE-2016-3318 |
60182 | MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt | www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0 |
60183 | MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt | www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0 |
60180 | MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt | www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0 |
60181 | MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt | www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0 |
60188 | FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt | CVE-2019-6537 |
17276 | FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt | CVE-2005-3370 |
59930 | MALWARE-BACKDOOR Jsp.Webshell.Noop download attempt | CVE-2022-26134 |