CTEP/IPS Threat Content Update Release Notes 100.0.1.298
CTEP/IPS Threat Content Update Release Notes 100.0.1.298
Refer to the following summary of signatures deployed on 7th February, 2023 with the IPS content release:
- Signatures added : 19
- Signatures modified: 03
- Signatures removed: 30
Signatures Added
| SID | Description | Reference |
|---|---|---|
| 140139 | MALWARE-CNC HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | No Reference |
| 150579 | MALWARE-CNC Roboto.C2.Web outbound traffic detected | No Reference |
| 150574 | MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection | No Reference |
| 150575 | MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection | No Reference |
| 150576 | MALWARE-CNC GhostMiner.Ccbot.Trojan.C2.Web variant outbound connection | No Reference |
| 150577 | MALWARE-CNC Echobot.C2.Web.Communication outbound traffic detected | No Reference |
| 150571 | MALWARE-CNC MAJIKPOS.Beacon traffic detected | No Reference |
| 150572 | MALWARE-CNC MODPOS.Beacon traffic detected | No Reference |
| 150573 | MALWARE-CNC PoisonPlug.checkin traffic detected | No Reference |
| 150290 | MALWARE-CNC A101-031 Command and Control – MAZE C2 Beacon Variant2 | No Reference |
| 140140 | MALWARE-CNC Win32/Suspected Reverse Shell Connection | github.com/eset/malware-ioc/tree/master/donot |
| 140141 | MALWARE-CNC Cobalt Strike Beacon (Bing Profile) | twitter.com/thedfirreport/status/1376878123061551104 |
| 150578 | MALWARE-CNC Ngioweb.Botnet.Communication outbound traffic detected | No Reference |
| 140144 | MALWARE-CNC Possible Metasploit Payload Common Construct Bind_API (from server) | No Reference |
| 140145 | MALWARE-CNC Cobalt Strike Malleable C2 (Unknown Profile) | No Reference |
| 140146 | MALWARE-CNC Cobalt Strike Beacon Observed | No Reference |
| 140142 | MALWARE-CNC Cobalt Strike Malleable C2 JQuery Custom Profile Response | No Reference |
| 140143 | MALWARE-CNC Cobalt Strike Malleable C2 JQuery Custom Profile M3 | No Reference |
| 150289 | MALWARE-CNC A100-277 Command and Control – APT35 SHAMOON C2 Beacon | virustotal.com/en/file/61c1c8fc8b268127751ac565ed4abd6bdab8d2d0f2ff6074291b2d54b0228842/analysis/ |
Signatures Removed
Removed the following signatures due to False Positives (FP):
- 50518
- 60483
- 59209
- 40073
- 34518
