CTEP/IPS Threat Content Update Release Notes

CTEP/IPS Threat Content Update Release Notes

Refer to the following summary of signatures deployed on 19th October, 2022 with the IPS content release:

  • Signatures added: 68
  • Signatures modified: 20
  • Signatures removed: 28
Signatures Added
60252MALWARE-OTHER MultiOS.Backdoor.GoMet agent download
60253MALWARE-OTHER MultiOS.Backdoor.GoMet agent download
60275MALWARE-CNC Win.Trojan.Manjusaka outbound connectionNo reference
60278OS-MOBILE SetSockOpts elevation of privilege attemptCVE-2021-22600
60398MALWARE-OTHER Robin Banks credential phishing
60405OS-MOBILE Apple iOS cfprefsd daemon privilege escalation attemptCVE-2019-7286
60402MALWARE-CNC Php.Webshell.DToolPro outbound connection
60401MALWARE-CNC Php.Webshell.DToolPro inbound connection
60400MALWARE-OTHER Php.Webshell.DToolPro upload
60238OS-WINDOWS Dell dbutil driver escalation of privilege attemptCVE-2021-21551
60239MALWARE-OTHER Win.Ransomware.Magniber download
60397MALWARE-OTHER Robin Banks credential phishing
60396BROWSER-CHROME Google Chrome V8 CSS prop type interceptor confusion attemptCVE-2022-1096
60399MALWARE-OTHER Php.Webshell.DToolPro download
60282BROWSER-CHROME Intent handling downgrade attemptCVE-2021-38000
60276OS-MOBILE SetSockOpts elevation of privilege attemptCVE-2021-22600
60352OS-MOBILE MediaTek cmdq driver escalation of privilege attemptCVE-2020-0069
60354BROWSER-CHROME V8 getThis type confusion attemptCVE-2022-1364
60337MALWARE-CNC Php.Webshell.DiveShell inbound connection
60339MALWARE-OTHER Php.Webshell.DiveShell upload
60338MALWARE-CNC Php.Webshell.DiveShell outbound connection
60317OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attemptCVE-2022-21999
60315OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attemptCVE-2022-21999
60313FILE-OTHER Omron CX-Supervisor malicious project file download attemptCVE-2018-19015
60699OS-WINDOWS Microsoft Windows DWM Core Library privilege escalation attemptCVE-2022-37970
60696OS-WINDOWS Microsoft Windows Win32k elevation of privilege attemptCVE-2022-38050
60694OS-WINDOWS Microsoft Windows Win32k elevation of privilege attemptCVE-2022-38050
60283MALWARE-OTHER Php.Webshell.CrewShell inbound connection
60285MALWARE-OTHER Php.Webshell.CrewShell inbound connection
60284MALWARE-OTHER Php.Webshell.CrewShell inbound connection
60286MALWARE-OTHER Php.Webshell.CrewShell outbound connection
60250MALWARE-OTHER MultiOS.Backdoor.GoMet agent download
60246FILE-OTHER McAfee Total Protection MTP arbitrary process execution attemptCVE-2021-23874
150176MALWARE-CNC Greenflash.Sundown.EK download detectedNo reference
60248MALWARE-OTHER MultiOS.Backdoor.GoMet agent download
60269MALWARE-CNC Win.Backdoor.TreeTrunk outbound
60268MALWARE-CNC Win.Backdoor.TreeTrunk outbound
60261OS-OTHER Apple CoreGraphics library out of bounds write attemptCVE-2021-30860
60267MALWARE-OTHER Win.Backdoor.TreeTrunk download
60266MALWARE-CNC Win.Backdoor.TreeTrunk outbound
60264MALWARE-CNC Win.Backdoor.TreeTrunk outbound
60414BROWSER-WEBKIT JavaScriptCore watchpoint type confusion attemptCVE-2019-8506
60368BROWSER-CHROME Chromium V8 Engine remote code execution attemptCVE-2016-5198
60369BROWSER-CHROME V8 ReadDenseJSArray out of bounds write attemptCVE-2018-17480
60366BROWSER-CHROME V8 Array concat remote code execution attemptCVE-2017-5030
60362BROWSER-CHROME Google Chrome Animation timeline use after free attemptCVE-2022-0609
60344BROWSER-CHROME WebRTC heap buffer overflow attemptCVE-2022-2294
60340MALWARE-OTHER Php.Webshell.DiveShell download
60324MALWARE-CNC MultiOS.Trojan.DarkUtilities variant outbound
60325MALWARE-CNC MultiOS.Trojan.DarkUtilities variant outbound
60327OS-OTHER Apple multiple products memory corruption attemptCVE-2020-3837
60300MALWARE-OTHER Php.Webshell.Cybershell inbound connection
60301MALWARE-OTHER Php.Webshell.Cybershell outbound connection
60302MALWARE-OTHER Php.Webshell.Cybershell outbound connection
60407OS-MOBILE Android Binder out of bounds write attemptCVE-2020-0041
60709OS-WINDOWS Windows Win32k.sys bSimpleFill elevation of privilege attemptCVE-2022-38051
60705OS-WINDOWS Microsoft Windows Client-Server Runtime Subsystem privilege escalation attemptCVE-2022-37989
60707OS-WINDOWS Microsoft Windows Client-Server Runtime Subsystem privilege escalation attemptCVE-2022-37987
60701OS-WINDOWS Microsoft Windows Perception Simulation service remote code execution attemptCVE-2022-37974
60298MALWARE-OTHER Php.Webshell.Cybershell inbound connection
60299MALWARE-OTHER Php.Webshell.Cybershell upload
60292MALWARE-OTHER Win.Downloader.ChromeLoader payload download
60290BROWSER-CHROME Google Chrome v8 garbage collector use after free attemptCVE-2021-37975
60296MALWARE-OTHER Php.Webshell.Cybershell download
60297MALWARE-OTHER Php.Webshell.Cybershell inbound connection
60294MALWARE-OTHER Win.Downloader.ChromeLoader payload download
60295MALWARE-CNC Win.Downloader.ChromeLoader outbound connection
60412BROWSER-WEBKIT Apple WebKit property names type confusion attemptCVE-2021-1789
Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 17154
  • 17276
  • 32501
  • 36918
  • 46384
  • 58919
  • 150114
  • 150405

Removed the following signatures due to sql.rules are not required:

  • 1057
  • 1058
  • 1059
  • 1060
  • 1077
  • 13512
  • 13513
  • 13991
  • 13992
  • 13993
  • 13994
  • 13995
  • 13996
  • 13997
  • 13998
  • 16431
  • 27723
  • 37643
  • 37648
  • 38993
Share this Doc
In this topic ...