Views:
Table of Contents
--------------------------
  New Filters - 11
  Modified Filters (logic changes) - 6
  Modified Filters (metadata changes only) - 0
  Removed Filters - 0
New Filters: 

    41346: HTTP: Trojan.JS.SocGholish.B Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: December 12, 2023

    43546: TCP: Backdoor.Win32.SugarGh0st.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.
      - Release Date: December 12, 2023

    43547: TCP: Trojan.Win32.PersianRAT.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: December 12, 2023

    43552: TCP: Trojan.Linux.Unstamirbot.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: December 12, 2023

    43553: TCP: Backdoor.MSIL.RevClient.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: December 12, 2023

    43555: HTTP: Backdoor.Win64.SessionsIIS.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: December 12, 2023

    43556: DNS: Backdoor.MSIL.AgentRacoon.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: December 12, 2023

    43557: HTTP: Trojan.MSIL.ScarletClient.A Runtime Detection (Card Exfiltration)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: December 12, 2023

    43558: HTTP: Trojan.MSIL.ScarletClient.A Runtime Detection (Wallet Exfiltration)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: December 12, 2023

    43559: HTTP: Trojan.MSIL.ScarletClient.A Runtime Detection (Scarlet Form Detection Telegram)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: December 12, 2023

    43560: HTTP: Trojan.JS.WMIGhost.66095740 Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: December 12, 2023

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 35779: HTTP: China Chopper ASP/JSP Webshell Payload Detection
      - IPS Version: 3.7.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: July 30, 2019
      - Last Modified Date: December 12, 2023

    * 38698: HTTP: Generic PHP/ASPX Webshell Payload Detected (Request)
      - IPS Version: 3.7.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: January 12, 2021
      - Last Modified Date: December 12, 2023

    43280: HTTP: Generic PHP/ASPX Webshell Payload Detected (Response)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: September 26, 2023
      - Last Modified Date: December 12, 2023

    * 43292: TCP: Backdoor.Linux.SprySocks.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: October 03, 2023
      - Last Modified Date: December 12, 2023

    * 43395: TLS: Cobalt Strike Team Server (Pwn3rs Leak Self-signed SSL/TLS Certificate)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: October 24, 2023
      - Last Modified Date: December 12, 2023

    * 43512: TCP: Trojan.Win32.Tibetls.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: December 05, 2023
      - Last Modified Date: December 12, 2023

  Modified Filters (metadata changes only): None
      
  Removed Filters: None
Keywords: ThreatDV - Malware Filter Package #1950