CTEP/IPS Threat Content Update Release Notes 97.1.1.240

CTEP/IPS Threat Content Update Release Notes 97.1.1.240

Refer to the following summary of signatures deployed on 1st September, 2022 with the IPS content release:

  • Signatures added : 46
  • Signatures modified : 0
  • Signatures removed: 777
Signatures Added
SIDDescriptionReference
59958MALWARE-OTHER Unix.Trojan.Symbiote variant binary download attemptwww.virustotal.com/gui/file/121157e0fcb728eb8a23b55457e89d45d76aa3b7d01d3d49105890a00662c924
59950OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attemptCVE-2022-30190
59955MALWARE-OTHER Unix.Backdoor.Dnscat2 variant binary download attemptwww.virustotal.com/gui/file/45eacba032367db7f3b031e5d9df10b30d01664f24da6847322f6af1fd8e7f01
60050MALWARE-CNC Win.Rootkit.Daxin HTTP host information exchange attemptNo reference
60052BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attemptCVE-2020-6383
60057MALWARE-CNC Win.Trojan.Qakbot variant outbound connectionwww.malware-traffic-analysis.net/2022/04/19/index.html
60059MALWARE-CNC Win.Trojan.Gallium variant outbound beaconing attemptunit42.paloaltonetworks.com/pingpull-gallium/
60155BROWSER-WEBKIT Apple Safari WebKit loadInSameDocument use-after-free attemptCVE-2022-22620
60190FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attemptCVE-2019-6537
59890OS-WINDOWS Microsoft Support Diagnostic Tool ms-msdt protocol use attemptCVE-2022-30190
59892OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attemptCVE-2022-30190
59894OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attemptCVE-2022-30190
59896MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connectionblog.talosintelligence.com/2020/05/the-wolf-is-back.html
59897MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connectionblog.talosintelligence.com/2020/05/the-wolf-is-back.html
59898MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connectionblog.talosintelligence.com/2020/05/the-wolf-is-back.html
59899MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connectionblog.talosintelligence.com/2020/05/the-wolf-is-back.html
60116FILE-OTHER Fuji Electric Frenic Loader stack-based buffer overflow attemptCVE-2018-14802
59878FILE-OTHER PEAR Archive Tar code deserialization attemptCVE-2020-28948
59873FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attemptCVE-2020-16234
59679FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attemptCVE-2017-2960
59902MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connectionblog.talosintelligence.com/2020/05/the-wolf-is-back.html
59903MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connectionblog.talosintelligence.com/2020/05/the-wolf-is-back.html
59900MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connectionblog.talosintelligence.com/2020/05/the-wolf-is-back.html
59901MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connectionblog.talosintelligence.com/2020/05/the-wolf-is-back.html
59928MALWARE-BACKDOOR Jsp.Webshell.Chopper webshell download attemptCVE-2022-26134
59929MALWARE-BACKDOOR Jsp.Webshell.Behinder download attemptCVE-2022-26134
59920OS-WINDOWS Microsoft Windows search-ms protocol invocation attemptCVE-2022-30190
150114MALWARE-CNC Fakeupdates Check-in and Response C2 Communication traffic detectedNo reference
60061MALWARE-CNC Win.Trojan.Gallium variant outbound beaconing attemptunit42.paloaltonetworks.com/pingpull-gallium/
59945FILE-PDF Adobe Acrobat Reader DC out-of-bounds read attemptCVE-2021-28554
60200SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attemptCVE-2019-4716
59984MALWARE-OTHER Win.Ransomware.AvosLocker ransomware binary downloadNo reference
59982MALWARE-OTHER Win.Trojan.Mimikatz binary downloadNo reference
60222BROWSER-CHROME V8 WebAssembly remote code execution attemptCVE-2020-15994
60220BROWSER-CHROME Chrome IPC domDistiller sandbox escape attemptCVE-2020-6465
60186FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attemptCVE-2019-6537
60048FILE-PDF Adobe Acrobat Reader DC heap-based buffer overflow attemptCVE-2021-28560
59870FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attemptCVE-2020-12497
59969FILE-OFFICE Microsoft Word malformed jpeg remote code execution attemptCVE-2016-3318
60182MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attemptwww.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0
60183MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attemptwww.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0
60180MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attemptwww.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0
60181MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attemptwww.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0
60188FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attemptCVE-2019-6537
17276FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attemptCVE-2005-3370
59930MALWARE-BACKDOOR Jsp.Webshell.Noop download attemptCVE-2022-26134
Share this Doc

CTEP/IPS Threat Content Update Release Notes 97.1.1.240

Or copy link

In this topic ...