CTEP/IPS Threat Content Update Release Notes 98.0.0.257

CTEP/IPS Threat Content Update Release Notes 98.0.0.257

Refer to the following summary of signatures deployed on 19th October, 2022 with the IPS content release:

  • Signatures added: 68
  • Signatures modified: 20
  • Signatures removed: 28
Signatures Added
SIDDescriptionReference
60252MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attemptgithub.com/laeeth/gomet
60253MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attemptgithub.com/laeeth/gomet
60275MALWARE-CNC Win.Trojan.Manjusaka outbound connectionNo reference
60278OS-MOBILE SetSockOpts elevation of privilege attemptCVE-2021-22600
60398MALWARE-OTHER Robin Banks credential phishing attemptironnet.com/blog/robin-banks-a-new-phishing-as-a-service-platform
60405OS-MOBILE Apple iOS cfprefsd daemon privilege escalation attemptCVE-2019-7286
60402MALWARE-CNC Php.Webshell.DToolPro outbound connection attemptattack.mitre.org/techniques/T1505/003/
60401MALWARE-CNC Php.Webshell.DToolPro inbound connection attemptattack.mitre.org/techniques/T1505/003/
60400MALWARE-OTHER Php.Webshell.DToolPro upload attemptattack.mitre.org/techniques/T1505/003/
60238OS-WINDOWS Dell dbutil driver escalation of privilege attemptCVE-2021-21551
60239MALWARE-OTHER Win.Ransomware.Magniber download attemptwww.virustotal.com/gui/file/5ebbdce6f734602efb53cbad9f5334930d04382c3aa8d99f16117f4d2d3f5744/detection
60397MALWARE-OTHER Robin Banks credential phishing attemptwww.ironnet.com/blog/robin-banks-a-new-phishing-as-a-service-platform
60396BROWSER-CHROME Google Chrome V8 CSS prop type interceptor confusion attemptCVE-2022-1096
60399MALWARE-OTHER Php.Webshell.DToolPro download attemptattack.mitre.org/techniques/T1505/003/
60282BROWSER-CHROME Intent handling downgrade attemptCVE-2021-38000
60276OS-MOBILE SetSockOpts elevation of privilege attemptCVE-2021-22600
60352OS-MOBILE MediaTek cmdq driver escalation of privilege attemptCVE-2020-0069
60354BROWSER-CHROME V8 getThis type confusion attemptCVE-2022-1364
60337MALWARE-CNC Php.Webshell.DiveShell inbound connection attemptattack.mitre.org/techniques/T1505/003/
60339MALWARE-OTHER Php.Webshell.DiveShell upload attemptattack.mitre.org/techniques/T1505/003/
60338MALWARE-CNC Php.Webshell.DiveShell outbound connection attemptattack.mitre.org/techniques/T1505/003/
60317OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attemptCVE-2022-21999
60315OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attemptCVE-2022-21999
60313FILE-OTHER Omron CX-Supervisor malicious project file download attemptCVE-2018-19015
60699OS-WINDOWS Microsoft Windows DWM Core Library privilege escalation attemptCVE-2022-37970
60696OS-WINDOWS Microsoft Windows Win32k elevation of privilege attemptCVE-2022-38050
60694OS-WINDOWS Microsoft Windows Win32k elevation of privilege attemptCVE-2022-38050
60283MALWARE-OTHER Php.Webshell.CrewShell inbound connection attemptattack.mitre.org/techniques/T1505/003/
60285MALWARE-OTHER Php.Webshell.CrewShell inbound connection attemptattack.mitre.org/techniques/T1505/003/
60284MALWARE-OTHER Php.Webshell.CrewShell inbound connection attemptattack.mitre.org/techniques/T1505/003/
60286MALWARE-OTHER Php.Webshell.CrewShell outbound connection attemptattack.mitre.org/techniques/T1505/003/
60250MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attemptgithub.com/laeeth/gomet
60246FILE-OTHER McAfee Total Protection MTP arbitrary process execution attemptCVE-2021-23874
150176MALWARE-CNC Greenflash.Sundown.EK download detectedNo reference
60248MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attemptgithub.com/laeeth/gomet
60269MALWARE-CNC Win.Backdoor.TreeTrunk outbound connectionwww.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd
60268MALWARE-CNC Win.Backdoor.TreeTrunk outbound connectionwww.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd
60261OS-OTHER Apple CoreGraphics library out of bounds write attemptCVE-2021-30860
60267MALWARE-OTHER Win.Backdoor.TreeTrunk download attemptwww.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd
60266MALWARE-CNC Win.Backdoor.TreeTrunk outbound connectionwww.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd
60264MALWARE-CNC Win.Backdoor.TreeTrunk outbound connectionwww.virustotal.com/gui/file/sha256/-8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd
60414BROWSER-WEBKIT JavaScriptCore watchpoint type confusion attemptCVE-2019-8506
60368BROWSER-CHROME Chromium V8 Engine remote code execution attemptCVE-2016-5198
60369BROWSER-CHROME V8 ReadDenseJSArray out of bounds write attemptCVE-2018-17480
60366BROWSER-CHROME V8 Array concat remote code execution attemptCVE-2017-5030
60362BROWSER-CHROME Google Chrome Animation timeline use after free attemptCVE-2022-0609
60344BROWSER-CHROME WebRTC heap buffer overflow attemptCVE-2022-2294
60340MALWARE-OTHER Php.Webshell.DiveShell download attemptattack.mitre.org/techniques/T1505/003/
60324MALWARE-CNC MultiOS.Trojan.DarkUtilities variant outbound connectionwww.virustotal.com/gui/file/c9deeda7cd7adb4ff584d13ea64cdb50c9e8b5c616f1dff476f372e86c9b9be6
60325MALWARE-CNC MultiOS.Trojan.DarkUtilities variant outbound connectionwww.virustotal.com/gui/file/c9deeda7cd7adb4ff584d13ea64cdb50c9e8b5c616f1dff476f372e86c9b9be6
60327OS-OTHER Apple multiple products memory corruption attemptCVE-2020-3837
60300MALWARE-OTHER Php.Webshell.Cybershell inbound connection attemptattack.mitre.org/techniques/T1505/003/
60301MALWARE-OTHER Php.Webshell.Cybershell outbound connection attemptattack.mitre.org/techniques/T1505/003/
60302MALWARE-OTHER Php.Webshell.Cybershell outbound connection attemptattack.mitre.org/techniques/T1505/003/
60407OS-MOBILE Android Binder out of bounds write attemptCVE-2020-0041
60709OS-WINDOWS Windows Win32k.sys bSimpleFill elevation of privilege attemptCVE-2022-38051
60705OS-WINDOWS Microsoft Windows Client-Server Runtime Subsystem privilege escalation attemptCVE-2022-37989
60707OS-WINDOWS Microsoft Windows Client-Server Runtime Subsystem privilege escalation attemptCVE-2022-37987
60701OS-WINDOWS Microsoft Windows Perception Simulation service remote code execution attemptCVE-2022-37974
60298MALWARE-OTHER Php.Webshell.Cybershell inbound connection attemptattack.mitre.org/techniques/T1505/003/
60299MALWARE-OTHER Php.Webshell.Cybershell upload attemptattack.mitre.org/techniques/T1505/003/
60292MALWARE-OTHER Win.Downloader.ChromeLoader payload download attemptvirustotal.com/en/file/8f472d1dac64c1552ec4fa649044e7c29ed441517e2567bcaabc824294e00e81/analysis/
60290BROWSER-CHROME Google Chrome v8 garbage collector use after free attemptCVE-2021-37975
60296MALWARE-OTHER Php.Webshell.Cybershell download attemptattack.mitre.org/techniques/T1505/003/
60297MALWARE-OTHER Php.Webshell.Cybershell inbound connection attemptattack.mitre.org/techniques/T1505/003/
60294MALWARE-OTHER Win.Downloader.ChromeLoader payload download attemptvirustotal.com/en/file/61d0336d952456c19683169d2fef78c5f5dfdb1f406a2f0e0f7a4c904bdcbadd/analysis/
60295MALWARE-CNC Win.Downloader.ChromeLoader outbound connection attemptvirustotal.com/en/file/0f6ba4ae41a1f9aea6bc3b83e33dde6417cfd2484aea5406a053d2ec8acd666c/analysis/
60412BROWSER-WEBKIT Apple WebKit property names type confusion attemptCVE-2021-1789
Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 17154
  • 17276
  • 32501
  • 36918
  • 46384
  • 58919
  • 150114
  • 150405

Removed the following signatures due to sql.rules are not required:

  • 1057
  • 1058
  • 1059
  • 1060
  • 1077
  • 13512
  • 13513
  • 13991
  • 13992
  • 13993
  • 13994
  • 13995
  • 13996
  • 13997
  • 13998
  • 16431
  • 27723
  • 37643
  • 37648
  • 38993
Share this Doc

CTEP/IPS Threat Content Update Release Notes 98.0.0.257

Or copy link

In this topic ...