CTEP/IPS Threat Content Update Release Notes 98.0.0.257
CTEP/IPS Threat Content Update Release Notes 98.0.0.257
Refer to the following summary of signatures deployed on 19th October, 2022 with the IPS content release:
- Signatures added: 68
- Signatures modified: 20
- Signatures removed: 28
Signatures Added
SID | Description | Reference |
---|---|---|
60252 | MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attempt | github.com/laeeth/gomet |
60253 | MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attempt | github.com/laeeth/gomet |
60275 | MALWARE-CNC Win.Trojan.Manjusaka outbound connection | No reference |
60278 | OS-MOBILE SetSockOpts elevation of privilege attempt | CVE-2021-22600 |
60398 | MALWARE-OTHER Robin Banks credential phishing attempt | ironnet.com/blog/robin-banks-a-new-phishing-as-a-service-platform |
60405 | OS-MOBILE Apple iOS cfprefsd daemon privilege escalation attempt | CVE-2019-7286 |
60402 | MALWARE-CNC Php.Webshell.DToolPro outbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60401 | MALWARE-CNC Php.Webshell.DToolPro inbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60400 | MALWARE-OTHER Php.Webshell.DToolPro upload attempt | attack.mitre.org/techniques/T1505/003/ |
60238 | OS-WINDOWS Dell dbutil driver escalation of privilege attempt | CVE-2021-21551 |
60239 | MALWARE-OTHER Win.Ransomware.Magniber download attempt | www.virustotal.com/gui/file/5ebbdce6f734602efb53cbad9f5334930d04382c3aa8d99f16117f4d2d3f5744/detection |
60397 | MALWARE-OTHER Robin Banks credential phishing attempt | www.ironnet.com/blog/robin-banks-a-new-phishing-as-a-service-platform |
60396 | BROWSER-CHROME Google Chrome V8 CSS prop type interceptor confusion attempt | CVE-2022-1096 |
60399 | MALWARE-OTHER Php.Webshell.DToolPro download attempt | attack.mitre.org/techniques/T1505/003/ |
60282 | BROWSER-CHROME Intent handling downgrade attempt | CVE-2021-38000 |
60276 | OS-MOBILE SetSockOpts elevation of privilege attempt | CVE-2021-22600 |
60352 | OS-MOBILE MediaTek cmdq driver escalation of privilege attempt | CVE-2020-0069 |
60354 | BROWSER-CHROME V8 getThis type confusion attempt | CVE-2022-1364 |
60337 | MALWARE-CNC Php.Webshell.DiveShell inbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60339 | MALWARE-OTHER Php.Webshell.DiveShell upload attempt | attack.mitre.org/techniques/T1505/003/ |
60338 | MALWARE-CNC Php.Webshell.DiveShell outbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60317 | OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attempt | CVE-2022-21999 |
60315 | OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attempt | CVE-2022-21999 |
60313 | FILE-OTHER Omron CX-Supervisor malicious project file download attempt | CVE-2018-19015 |
60699 | OS-WINDOWS Microsoft Windows DWM Core Library privilege escalation attempt | CVE-2022-37970 |
60696 | OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt | CVE-2022-38050 |
60694 | OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt | CVE-2022-38050 |
60283 | MALWARE-OTHER Php.Webshell.CrewShell inbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60285 | MALWARE-OTHER Php.Webshell.CrewShell inbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60284 | MALWARE-OTHER Php.Webshell.CrewShell inbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60286 | MALWARE-OTHER Php.Webshell.CrewShell outbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60250 | MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attempt | github.com/laeeth/gomet |
60246 | FILE-OTHER McAfee Total Protection MTP arbitrary process execution attempt | CVE-2021-23874 |
150176 | MALWARE-CNC Greenflash.Sundown.EK download detected | No reference |
60248 | MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attempt | github.com/laeeth/gomet |
60269 | MALWARE-CNC Win.Backdoor.TreeTrunk outbound connection | www.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd |
60268 | MALWARE-CNC Win.Backdoor.TreeTrunk outbound connection | www.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd |
60261 | OS-OTHER Apple CoreGraphics library out of bounds write attempt | CVE-2021-30860 |
60267 | MALWARE-OTHER Win.Backdoor.TreeTrunk download attempt | www.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd |
60266 | MALWARE-CNC Win.Backdoor.TreeTrunk outbound connection | www.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd |
60264 | MALWARE-CNC Win.Backdoor.TreeTrunk outbound connection | www.virustotal.com/gui/file/sha256/-8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd |
60414 | BROWSER-WEBKIT JavaScriptCore watchpoint type confusion attempt | CVE-2019-8506 |
60368 | BROWSER-CHROME Chromium V8 Engine remote code execution attempt | CVE-2016-5198 |
60369 | BROWSER-CHROME V8 ReadDenseJSArray out of bounds write attempt | CVE-2018-17480 |
60366 | BROWSER-CHROME V8 Array concat remote code execution attempt | CVE-2017-5030 |
60362 | BROWSER-CHROME Google Chrome Animation timeline use after free attempt | CVE-2022-0609 |
60344 | BROWSER-CHROME WebRTC heap buffer overflow attempt | CVE-2022-2294 |
60340 | MALWARE-OTHER Php.Webshell.DiveShell download attempt | attack.mitre.org/techniques/T1505/003/ |
60324 | MALWARE-CNC MultiOS.Trojan.DarkUtilities variant outbound connection | www.virustotal.com/gui/file/c9deeda7cd7adb4ff584d13ea64cdb50c9e8b5c616f1dff476f372e86c9b9be6 |
60325 | MALWARE-CNC MultiOS.Trojan.DarkUtilities variant outbound connection | www.virustotal.com/gui/file/c9deeda7cd7adb4ff584d13ea64cdb50c9e8b5c616f1dff476f372e86c9b9be6 |
60327 | OS-OTHER Apple multiple products memory corruption attempt | CVE-2020-3837 |
60300 | MALWARE-OTHER Php.Webshell.Cybershell inbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60301 | MALWARE-OTHER Php.Webshell.Cybershell outbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60302 | MALWARE-OTHER Php.Webshell.Cybershell outbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60407 | OS-MOBILE Android Binder out of bounds write attempt | CVE-2020-0041 |
60709 | OS-WINDOWS Windows Win32k.sys bSimpleFill elevation of privilege attempt | CVE-2022-38051 |
60705 | OS-WINDOWS Microsoft Windows Client-Server Runtime Subsystem privilege escalation attempt | CVE-2022-37989 |
60707 | OS-WINDOWS Microsoft Windows Client-Server Runtime Subsystem privilege escalation attempt | CVE-2022-37987 |
60701 | OS-WINDOWS Microsoft Windows Perception Simulation service remote code execution attempt | CVE-2022-37974 |
60298 | MALWARE-OTHER Php.Webshell.Cybershell inbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60299 | MALWARE-OTHER Php.Webshell.Cybershell upload attempt | attack.mitre.org/techniques/T1505/003/ |
60292 | MALWARE-OTHER Win.Downloader.ChromeLoader payload download attempt | virustotal.com/en/file/8f472d1dac64c1552ec4fa649044e7c29ed441517e2567bcaabc824294e00e81/analysis/ |
60290 | BROWSER-CHROME Google Chrome v8 garbage collector use after free attempt | CVE-2021-37975 |
60296 | MALWARE-OTHER Php.Webshell.Cybershell download attempt | attack.mitre.org/techniques/T1505/003/ |
60297 | MALWARE-OTHER Php.Webshell.Cybershell inbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60294 | MALWARE-OTHER Win.Downloader.ChromeLoader payload download attempt | virustotal.com/en/file/61d0336d952456c19683169d2fef78c5f5dfdb1f406a2f0e0f7a4c904bdcbadd/analysis/ |
60295 | MALWARE-CNC Win.Downloader.ChromeLoader outbound connection attempt | virustotal.com/en/file/0f6ba4ae41a1f9aea6bc3b83e33dde6417cfd2484aea5406a053d2ec8acd666c/analysis/ |
60412 | BROWSER-WEBKIT Apple WebKit property names type confusion attempt | CVE-2021-1789 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
- 17154
- 17276
- 32501
- 36918
- 46384
- 58919
- 150114
- 150405
Removed the following signatures due to sql.rules are not required:
- 1057
- 1058
- 1059
- 1060
- 1077
- 13512
- 13513
- 13991
- 13992
- 13993
- 13994
- 13995
- 13996
- 13997
- 13998
- 16431
- 27723
- 37643
- 37648
- 38993