CTEP/IPS Threat Content Update Release Notes 99.0.0.264
CTEP/IPS Threat Content Update Release Notes 99.0.0.264
Refer to the following summary of signatures deployed on 15th November, 2022 with the IPS content release:
- Signatures added: 51
- Signatures modified: 00
- Signatures removed: 02
Signatures Added
SID | Description | Reference |
---|---|---|
60442 | MALWARE-OTHER Win.Trojan.Redline variant download attempt | virustotal.com/gui/file/6e1137447376815e733c74ab67f202be0d7c769837a0aaac044a9b2696a8fa89/details |
60440 | MALWARE-CNC Win.Trojan.ModernLoader outbound communication attempt | www.virustotal.com/gui/file/1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c |
60447 | PROTOCOL-VOIP Realtek eCos SDK SIP parsing stack buffer overflow attempt | CVE-2022-27255 |
60446 | PROTOCOL-VOIP Realtek eCos SDK SIP parsing stack buffer overflow attempt | CVE-2022-27255 |
60445 | MALWARE-CNC Win.Trojan.Matanbuchus outbound communication attempt | www.virustotal.com/gui/file/af356a39a298f6a48f8091afc2f2fc0639338b11813f4f4bd05aba4e65d2bbe3 |
60444 | MALWARE-OTHER Win.Trojan.Matanbuchus variant binary download attempt | www.virustotal.com/gui/file/af356a39a298f6a48f8091afc2f2fc0639338b11813f4f4bd05aba4e65d2bbe3 |
60428 | MALWARE-CNC Win.Trojan.BoratRat outbound connection request | www.virustotal.com/gui/file/sha256/70566aebcd8c141e593d00e189a43ee1d9b08e745aaf3043153c2087ba8c2671 |
150185 | MALWARE-CNC Artshow C2 POST communication detected | No reference |
150187 | MALWARE-CNC Artshow C2 POST communication detected | No reference |
150186 | MALWARE-CNC Artshow C2 GET communication detected | No reference |
150538 | MALWARE-CNC APT42.Chairsmack.Variant traffic detected | No reference |
150539 | MALWARE-CNC APT42.Pineflower.Beacon traffic detected | No reference |
150536 | MALWARE-CNC Zumkong.C2 traffic detected | No reference |
150537 | MALWARE-CNC APT42.Chairsmack.Variant traffic detected | No reference |
60834 | BROWSER-IE Microsoft Windows Scripting Engine use-after-free attempt | CVE-2022-41118 |
60832 | OS-WINDOWS Microsoft Windows CNG Key Isolation Service elevation of privilege attempt | CVE-2022-41125 |
60816 | OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt | CVE-2022-41109 |
60819 | OS-WINDOWS Windows Win32 Kernel subsystem elevation of privilege attempt | CVE-2022-41113 |
60821 | OS-WINDOWS Microsoft Windows DWM core library elevation of privilege attempt | CVE-2022-41096 |
60457 | FILE-OTHER UnRAR directory traversal attempt | CVE-2022-30333 |
60450 | MALWARE-CNC Win.Trojan.SVCReady outbound connection attempt | virustotal.com/en/file/d3e69a33913507c80742a2d7a59c889efe7aa8f52beef8d172764e049e03ead5/analysis/ |
60451 | MALWARE-OTHER Php.Webshell.Erne inbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60452 | MALWARE-OTHER Php.Webshell.Erne inbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60453 | MALWARE-OTHER Php.Webshell.Erne outbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60438 | MALWARE-CNC Win.Trojan.ModernLoader inbound communication attempt | www.virustotal.com/gui/file/1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c |
60439 | MALWARE-CNC Win.Trojan.ModernLoader outbound communication attempt | www.virustotal.com/gui/file/1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c |
60432 | OS-LINUX Linux kernel PTRACE_TRACEME pkexec escalation of privileges attempt | CVE-2019-13272 |
60430 | OS-WINDOWS Microsoft Windows Event Tracing privilege escalation attempt | CVE-2021-34486 |
60437 | MALWARE-CNC Win.Trojan.ModernLoader inbound communication attempt | www.virustotal.com/gui/file/1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c |
60417 | OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt | CVE-2022-21882 |
150193 | MALWARE-CNC UNC1733.Pyxie.C2 traffic detected | No reference |
150196 | MALWARE-CNC Timesplit.C2 traffic detected | No reference |
150197 | MALWARE-CNC Timesplit.HTTP.Get.C2 traffic detected | No reference |
150194 | MALWARE-CNC UNC3840.Birdbait.C2 traffic detected | No reference |
150195 | MALWARE-CNC UNC3840.Birdbait.C2 traffic detected | No reference |
150198 | MALWARE-CNC APT29.Bluestealer.C2 traffic detected | No reference |
150199 | MALWARE-CNC Smokedham.C2 traffic detected | No reference |
150508 | MALWARE-CNC Armageddon.Remotetemplate.Download detected | No reference |
150505 | MALWARE-CNC Zagros.Sourspigot.C2 traffic detected | No reference |
150504 | MALWARE-CNC Armageddon.ObfuscatedVBS.C2 traffic detected | No reference |
150507 | MALWARE-CNC Armageddon.Remotetemplate.Download detected | No reference |
150506 | MALWARE-CNC Armageddon.Remotetemplate.Download detected | No reference |
150501 | MALWARE-CNC APT41.Crackshot.Beacon traffic detected | No reference |
150502 | MALWARE-CNC UNC2565.Gootloader.C2 traffic detected | No reference |
60823 | OS-WINDOWS Microsoft Windows HTTP.sys elevation of privilege attempt | CVE-2022-41057 |
150541 | MALWARE-CNC APT42.Tamecat.Post traffic detected | No reference |
150540 | MALWARE-CNC APT42.Tamecat.Get traffic detected | No reference |
150543 | MALWARE-CNC APT42.Vinethorn.POST traffic detected | No reference |
150542 | MALWARE-CNC APT42.Vinethorn.Beacon traffic detected | No reference |
150545 | MALWARE-CNC APT42.Vinethorn.POST traffic detected | No reference |
150544 | MALWARE-CNC APT42.Vinethorn.POST traffic detected | No reference |
Signatures Removed
Removed the following signatures due to False Positives (FP):
- 26292
- 56933