CTEP/IPS Threat Content Update Release Notes 99.0.0.264

CTEP/IPS Threat Content Update Release Notes 99.0.0.264

Refer to the following summary of signatures deployed on 15th November, 2022 with the IPS content release:

  • Signatures added: 51
  • Signatures modified: 00
  • Signatures removed: 02
Signatures Added
SIDDescriptionReference
60442MALWARE-OTHER Win.Trojan.Redline variant download attemptvirustotal.com/gui/file/6e1137447376815e733c74ab67f202be0d7c769837a0aaac044a9b2696a8fa89/details
60440MALWARE-CNC Win.Trojan.ModernLoader outbound communication attemptwww.virustotal.com/gui/file/1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c
60447PROTOCOL-VOIP Realtek eCos SDK SIP parsing stack buffer overflow attemptCVE-2022-27255
60446PROTOCOL-VOIP Realtek eCos SDK SIP parsing stack buffer overflow attemptCVE-2022-27255
60445MALWARE-CNC Win.Trojan.Matanbuchus outbound communication attemptwww.virustotal.com/gui/file/af356a39a298f6a48f8091afc2f2fc0639338b11813f4f4bd05aba4e65d2bbe3
60444MALWARE-OTHER Win.Trojan.Matanbuchus variant binary download attemptwww.virustotal.com/gui/file/af356a39a298f6a48f8091afc2f2fc0639338b11813f4f4bd05aba4e65d2bbe3
60428MALWARE-CNC Win.Trojan.BoratRat outbound connection requestwww.virustotal.com/gui/file/sha256/70566aebcd8c141e593d00e189a43ee1d9b08e745aaf3043153c2087ba8c2671
150185MALWARE-CNC Artshow C2 POST communication detectedNo reference
150187MALWARE-CNC Artshow C2 POST communication detectedNo reference
150186MALWARE-CNC Artshow C2 GET communication detectedNo reference
150538MALWARE-CNC APT42.Chairsmack.Variant traffic detectedNo reference
150539MALWARE-CNC APT42.Pineflower.Beacon traffic detectedNo reference
150536MALWARE-CNC Zumkong.C2 traffic detectedNo reference
150537MALWARE-CNC APT42.Chairsmack.Variant traffic detectedNo reference
60834BROWSER-IE Microsoft Windows Scripting Engine use-after-free attemptCVE-2022-41118
60832OS-WINDOWS Microsoft Windows CNG Key Isolation Service elevation of privilege attemptCVE-2022-41125
60816OS-WINDOWS Microsoft Windows Win32k elevation of privilege attemptCVE-2022-41109
60819OS-WINDOWS Windows Win32 Kernel subsystem elevation of privilege attemptCVE-2022-41113
60821OS-WINDOWS Microsoft Windows DWM core library elevation of privilege attemptCVE-2022-41096
60457FILE-OTHER UnRAR directory traversal attemptCVE-2022-30333
60450MALWARE-CNC Win.Trojan.SVCReady outbound connection attemptvirustotal.com/en/file/d3e69a33913507c80742a2d7a59c889efe7aa8f52beef8d172764e049e03ead5/analysis/
60451MALWARE-OTHER Php.Webshell.Erne inbound connection attemptattack.mitre.org/techniques/T1505/003/
60452MALWARE-OTHER Php.Webshell.Erne inbound connection attemptattack.mitre.org/techniques/T1505/003/
60453MALWARE-OTHER Php.Webshell.Erne outbound connection attemptattack.mitre.org/techniques/T1505/003/
60438MALWARE-CNC Win.Trojan.ModernLoader inbound communication attemptwww.virustotal.com/gui/file/1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c
60439MALWARE-CNC Win.Trojan.ModernLoader outbound communication attemptwww.virustotal.com/gui/file/1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c
60432OS-LINUX Linux kernel PTRACE_TRACEME pkexec escalation of privileges attemptCVE-2019-13272
60430OS-WINDOWS Microsoft Windows Event Tracing privilege escalation attemptCVE-2021-34486
60437MALWARE-CNC Win.Trojan.ModernLoader inbound communication attemptwww.virustotal.com/gui/file/1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c
60417OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attemptCVE-2022-21882
150193MALWARE-CNC UNC1733.Pyxie.C2 traffic detectedNo reference
150196MALWARE-CNC Timesplit.C2 traffic detectedNo reference
150197MALWARE-CNC Timesplit.HTTP.Get.C2 traffic detectedNo reference
150194MALWARE-CNC UNC3840.Birdbait.C2 traffic detectedNo reference
150195MALWARE-CNC UNC3840.Birdbait.C2 traffic detectedNo reference
150198MALWARE-CNC APT29.Bluestealer.C2 traffic detectedNo reference
150199MALWARE-CNC Smokedham.C2 traffic detectedNo reference
150508MALWARE-CNC Armageddon.Remotetemplate.Download detectedNo reference
150505MALWARE-CNC Zagros.Sourspigot.C2 traffic detectedNo reference
150504MALWARE-CNC Armageddon.ObfuscatedVBS.C2 traffic detectedNo reference
150507MALWARE-CNC Armageddon.Remotetemplate.Download detectedNo reference
150506MALWARE-CNC Armageddon.Remotetemplate.Download detectedNo reference
150501MALWARE-CNC APT41.Crackshot.Beacon traffic detectedNo reference
150502MALWARE-CNC UNC2565.Gootloader.C2 traffic detectedNo reference
60823OS-WINDOWS Microsoft Windows HTTP.sys elevation of privilege attemptCVE-2022-41057
150541MALWARE-CNC APT42.Tamecat.Post traffic detectedNo reference
150540MALWARE-CNC APT42.Tamecat.Get traffic detectedNo reference
150543MALWARE-CNC APT42.Vinethorn.POST traffic detectedNo reference
150542MALWARE-CNC APT42.Vinethorn.Beacon traffic detectedNo reference
150545MALWARE-CNC APT42.Vinethorn.POST traffic detectedNo reference
150544MALWARE-CNC APT42.Vinethorn.POST traffic detectedNo reference
Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 26292
  • 56933
Share this Doc

CTEP/IPS Threat Content Update Release Notes 99.0.0.264

Or copy link

In this topic ...