Docy

CTEP/IPS Threat Content Update Release Notes 88.0.1.87

CTEP/IPS Threat Content Update Release Notes 88.0.1.87

Refer to the following summary of signatures deployed with the IPS content release:

  • Total signatures: 20748
  • Signatures added: 77
  • Signatures removed: 06
  • Signature modified: 03

Signatures Added

SIDDescriptionReference
57820MALWARE-OTHER ASPXSpy webshell download attemptwww.virustotal.com/g ui/file/e4ea1728e196 99612b5614cc0b882 9a4bf749870648be6 efc1b8a88c036f3607 /detection
57681MALWARE-OTHER Sliver HTTP implant outbound poll attemptgithub.com/bishopfox /sliver
57824MALWARE-CNC ASPXSpy webshell outbound connection attemptabs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/
57782MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attemptlabs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/
57780MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attemptlabs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/
57781MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attemptlabs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/
57786MALWARE-OTHER Win.Packed.SmokeLoader ransomware executable download attemptvirustotal.com/gui/file/d21c71a090cd6759 efc1f258b4d087e82c 281ce65a9d76f20a2 4857901e694fc/dete ction
57743MALWARE-CNC Java.Backdoor.StrRAT outbound connection attemptwww.virustotal.com/g ui/file/7c24d9968562 3b604aa4b2686e9c1 b843a4243eb1b0b7b 096d73bcae3d8d5a7 9/detection
57694MALWARE-TOOLS Py.Trojan.NecroBot malicious download attemptvirustotal.com/en/file/ d58c3694832812bc1 68834e2b8b3bfcb92f 85a9d4523140ad010 497baabc2c3d/analy sis/
57691MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon downloadattemptmicrosoft.com/securit y/blog/2021/05/27/ne w-sophisticated-emai l-based-attack-from-n obelium/
57693MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attemptvirustotal.com/en/file/ 8797ce228b32d8907 73d5dbac71cefa505 b788cc8b25929be98 32db422d8239b/anal ysis/
57702MALWARE-TOOLS Win.Trojan.NecroBot malicious download attemptvirustotal.com/en/file/ 19c25ce4302050aec 3c921dd5cac546e82 00a7e951d570b52fe 344c421105ea8/anal ysis/
57700MALWARE-TOOLS Js.Trojan.NecroBot malicious download attemptvirustotal.com/en/file/ e884bd4015d1b9722 7074bcf6cb9e8134b 7afcfb6a3db758ca46 54088403430a/analy sis/
57706MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attemptvirustotal.com/en/file/ 2b77b93b8e1b8ef86 50957d15aaf336cf70 a7df184da060f86b98 92c54eefb65/analysis/
57704MALWARE-TOOLS Win.Trojan.NecroBot malicious download attemptvirustotal.com/en/file/ 606258f10519be325 c39900504e50d79e5 51c7a9399efb9b22a 7323da3f6aa7a/anal ysis/
57708MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attemptvirustotal.com/en/file/ 80659cc37cb7fb8318 66f7d7b0043edc691 8a99590bd9122815e 18abb68daa35/analy sis/
57721MALWARE-BACKDOOR Win.Trojan.Moserpass outbound request attemptwww.virustotal.com/g ui/file/c2169ab4a392 20d21709964d57e2e afe4b68c115061cbb6 4507cfbbddbe635c6/
6407APP-DETECT Gizmo register VOIP statewww.gizmoproject.co m
57696MALWARE-TOOLS Py.Trojan.NecroBot malicious download attemptvirustotal.com/en/file/ 8797ce228b32d8907 73d5dbac71cefa505 b788cc8b25929be98 32db422d8239b/anal ysis/
57697MALWARE-TOOLS Html.Trojan.NecroBot malicious download attemptvirustotal.com/en/file/ d6403b9c069f08939f c2f9669dc7d5165ed 66a1cae07788c3b27 fffb30e890a0/analysi s/
57690MALWARE-OTHER Win.Trojan.Nobelium ISO download attemptmicrosoft.com/securit y/blog/2021/05/27/ne w-sophisticated-emai l-based-attack-from-n obelium/
57816MALWARE-OTHER ASPXSpy webshell download attemptwww.virustotal.com/g ui/file/e9c6f384b63eb eaa729b7c97a179d4 09cdd859315ee2f63 72a2a550e567445f/d etection
57817MALWARE-OTHER ASPXSpy webshell upload attemptwww.virustotal.com/gui/file/e9c6f384b63eb eaa729b7c97a179d4 09cdd859315ee2f63 72a2a550e567445f/d etection
57814MALWARE-OTHER Win.Trojan.Deadwood download attemptwww.virustotal.com/g ui/file/5eb5922b4674 74dccc7ab8780e326 97f5afd59e8108b0cd afefb627b02bbd9ba/ detection
57815MALWARE-OTHER Win.Trojan.Apostle download attemptwww.virustotal.com/g ui/file/19dbed996b1a 814658bef433bad62 b03e5c59c2bf2351b 793d1a5d4a5216d27 e/detection
57818MALWARE-OTHER Win.Backdoor.IPSecHelper download attemptwww.virustotal.com/g ui/file/40f329d0aaba0 d55fc657802761c78 be74e19a553de6fd2 df592bccf3119ec16/d etection
57819MALWARE-OTHER ASPXSpy webshell upload attemptwww.virustotal.com/g ui/file/e4ea1728e196 99612b5614cc0b882 9a4bf749870648be6 efc1b8a88c036f3607 /detection
57858MALWARE-CNC Win.Downloader.VictoryDll outbound connection attemptresearch.checkpoint. com/2021/chinese-ap t-group-targets-south east-asian-governme nt-with-previously-un known-backdoor/
57852MALWARE-OTHER Win.Downloader.VictoryDll variant download attemptwww.virustotal.com/g ui/file/d198c4d82eba 42cc3ae512e4a1d4c e85ed92f3e5fdff5c24 8acd7b32bd46dc75/ detection
57870MALWARE-CNC Netfilter rootkit outbound connection attemptmsrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/
57871MALWARE-CNC Netfilter rootkit download attemptmsrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/
57874MALWARE-OTHER Win.Ransomware.Babuk payload download attemptwww.virustotal.com/g ui/file/2138c8a34a1ef f40ba3fc81b6e3b756 4c6b695b140e82f3fc f23b2ec2bf291cf/det ection
57826MALWARE-CNC ASPXSpy webshell inbound connection attemptlabs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/
57676MALWARE-OTHER Sliver HTTP implant outbound public key request attemptgithub.com/bishopfox /sliver
57677MALWARE-OTHER Sliver HTTP implant outbound session initializationattemptgithub.com/bishopfox /sliver
57675MALWARE-OTHER Sliver HTTP implant outbound public key request attemptgithub.com/bishopfox /sliver
57678MALWARE-OTHER Sliver HTTP implant outbound message attemptgithub.com/bishopfox /sliver
57679MALWARE-OTHER Sliver HTTP implant outbound message attemptgithub.com/bishopfox /sliver
57797INDICATOR-OBFUSCATION Javascript obfuscation using parseIntattack.mitre.org/tech niques/t1027
57788MALWARE-OTHER Win.Trojan.Lazagne malicious executable downloadattemptvirustotal.com/gui/file /5a2e947aace9e081 ecd2cfa7bc2e485528 238555c7eeb6bcca5 60576d4750a50/dete ction
57787MALWARE-OTHER Win.Malware.Agent malicious executable download attemptvirustotal.com/gui/file /234e4df3d93041362 24f2a6c37cb6b5f6d8 336c4e105afce8578 32015e97f27a/detect ion
57838BROWSER-CHROME Google Chrome NewFixedDoubleArray memorycorruption attempt
57832OS-OTHER Apple macOS Gatekeeper bypass attemptCVE-2021-30657
57682MALWARE-OTHER Sliver HTTP implant outbound public key request attemptgithub.com/bishopfox /sliver
57773MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected
57710MALWARE-TOOLS Win.Trojan.NecroBot malicious download attemptvirustotal.com/en/file/ 19269ce9a0a44aca9 d6b2deed7de71cf57 6ac611787c2af46819 ca2aff44ce2a/analysi s/
57712MALWARE-TOOLS Win.Trojan.NecroBot malicious download attemptvirustotal.com/en/file/ a8bb386fa3a6791e7 2f5ec6f1dc26359b00 d0ee8cb0ce866f452 b7fff6dbb319/analysi s/
57715MALWARE-CNC Multios.Trojan.NecroBot outbound connection attemptvirustotal.com/en/file/ 8797ce228b32d8907 73d5dbac71cefa505 b788cc8b25929be98 32db422d8239b/anal ysis/
57714MALWARE-CNC Multios.Trojan.NecroBot outbound connection attemptvirustotal.com/en/file/ 8797ce228b32d8907 73d5dbac71cefa505 b788cc8b25929be98 32db422d8239b/anal ysis/
57717MALWARE-CNC Multios.Trojan.NecroBot outbound connection attemptvirustotal.com/en/file/ 8797ce228b32d8907 73d5dbac71cefa505 b788cc8b25929be98 32db422d8239b/anal ysis/
57716MALWARE-CNC Multios.Trojan.NecroBot outbound connection attemptvirustotal.com/en/file/ 8797ce228b32d8907 73d5dbac71cefa505 b788cc8b25929be98 32db422d8239b/anal ysis/
57739MALWARE-OTHER Win.Trojan.C3Framework payload download attemptwww.virustotal.com/g ui/file/04e4d5038235 157b0e708831ead40 cc97eeb1e82cb8eb4 be8357e3698ec2d51 a/detection
57840BROWSER-CHROME Google Chrome NewFixedDoubleArray memorycorruption attempt
57846MALWARE-CNC Win.Trojan.ActionRAT variant outbound connectionwww.virustotal.com/g ui/file/e53a25c5ee5d e4c9dc4ca53129327 0d1aa921b9fc110ecb 2a0afb57872c51324/ detection
57680MALWARE-OTHER Sliver HTTP implant outbound message attemptgithub.com/bishopfox /sliver
57687MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt
57850MALWARE-OTHER Win.Backdoor.VictoryDll variant download attemptwww.virustotal.com/g ui/file/0e8fb748cd58a b2fa754e2fa16e4390 327a10593ca72bb6a 3b90a1885cbe5387/ detection
57851MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attemptwww.virustotal.com/g ui/file/d198c4d82eba 42cc3ae512e4a1d4c e85ed92f3e5fdff5c24 8acd7b32bd46dc75/ detection
57740MALWARE-OTHER Win.Trojan.C3Framework payload download attemptwww.virustotal.com/g ui/file/04e4d5038235 157b0e708831ead40 cc97eeb1e82cb8eb4 be8357e3698ec2d51 a/detection
57823MALWARE-CNC ASPXSpy webshell outbound connection attemptlabs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/
57827MALWARE-CNC ASPXSpy webshell inbound connection attemptlabs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/
57825MALWARE-CNC ASPXSpy webshell inbound connection attemptlabs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/
57828MALWARE-CNC ASPXSpy webshell outbound connection attemptlabs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/
57849MALWARE-CNC Win.Trojan.CetaRAT variant outbound connectionwww.virustotal.com/g ui/file/3f34c61025b5c f46075d79e68efb5da 0f4ac01c113d8c1aaff 3903ccd9a0fa3e/det ection
57848MALWARE-CNC Win.Trojan.CetaRAT variant outbound connectionwww.virustotal.com/g ui/file/19e680eaa52c 0ad14274b04141a8e 172d2ec1a01a3f429 263090a990120ad9d f/detection
57843MALWARE-CNC Win.Trojan.ActionRAT variant outbound connectionwww.virustotal.com/g ui/file/45918acc04ad 790445fd423b348aa 88855570d57ebed87 0741603a7e5473d45 6/detection
57842MALWARE-CNC Win.Trojan.ActionRAT variant outbound connectionwww.virustotal.com/g ui/file/120d1835df79b 464dce91fd4151a69 bae5ef5603e6eb482 1a79f8a84767f7724/ detection
57845MALWARE-CNC Win.Trojan.ActionRAT variant outbound connectionwww.virustotal.com/g ui/file/433a3e302317 9959f8d99d29a645f0 c29ed86beb172c23b 22ca311a767cfbb74/ detection
57844MALWARE-CNC Win.Trojan.ActionRAT variant outbound connectionwww.virustotal.com/g ui/file/3a435ad1c013 35d31c05ca77a125d 0162c223c135363c1 20071b7bac284a64e 3/detection
57847MALWARE-CNC Win.Trojan.CetaRAT variant outbound connectionwww.virustotal.com/g ui/file/fa02de1f2dbd2 9f19e8ab0ff2931b06 3bd8f8ccadf0d7e321 f0a02d2e2f86419/det ection
57867MALWARE-CNC Netfilter rootkit download attemptmsrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/
57866MALWARE-CNC Netfilter rootkit outbound connection attemptmsrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/
57865MALWARE-CNC Netfilter rootkit download attemptmsrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/
57864MALWARE-CNC Netfilter rootkit outbound connection attemptmsrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/
57869MALWARE-CNC Netfilter rootkit outbound connection attemptmsrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/
57868MALWARE-CNC Netfilter rootkit outbound connection attemptmsrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/
57998BROWSER-IE Microsoft Internet Explorer memory corruption attemptCVE-2021-34480

Signatures Modified

SIDDescriptionReference
26527EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attemptblog.sucuri.net/2013/ 04/apache-binary-ba ckdoors-on-cpanel-b ased-servers.html
57429BROWSER-CHROME Google Chrome Math.max memory corruptionattemptCVE-2021-21224
3816SERVER-WEBAPP BadBlue ext.dll buffer overflow attemptCVE-2005-0595

Signatures Removed

SIDDescriptionReference
57901MALWARE-CNC Doc.Downloader.Emotet variant outbound connection attemptwww.virustotal.com/# /file/2cb81a1a59df4a 4fd222fbcb946db3d6 53185c2e79cf4d336 5b430b1988d485f/de tection
57890OS-WINDOWS Microsoft Windows Win32k privilege escalation attemptCVE-2021-34449
57894OS-WINDOWS Microsoft Windows Kernel privilege escalation attemptCVE-2021-31979
57896OS-WINDOWS Microsoft Windows kernel elevation of privilege attemptCVE-2021-33771
57893MALWARE-CNC Win.Trojan.TrickBot outbound connection attemptwww.virustotal.com/g ui/file/b33f1abe6c901 1aa598fb679135f0b5 43be2cd4e1178cba8 bcf70a5859cb2f5e/d etection
Share this Doc
In this topic ...