New Filters: 44825: HTTP: Backdoor.MSIL.RCShell.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 24, 2024 44828: HTTP: Trojan-Downloader.MSIL.CKFndr.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployment: Not enabled by default in any deployment. - Release Date: September 24, 2024 44829: DNS: Backdoor.MSIL.Spearaldoor.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 24, 2024 44830: HTTP: Trojan-Downloader.JS.ConoleathLoader.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 24, 2024 44833: HTTP: Backdoor.PHP.Oomlasidwp.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 24, 2024 44835: HTTP: Worm.Shell.Hadoospread.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 24, 2024 44836: HTTP: Ransomware.Win64.RazrusheniyeCrypter.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify / Trace) - Deployment: Performance-Optimized (Disabled) - Release Date: September 24, 2024 44837: HTTP: Trojan.Win32.BadIIS.AE Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 24, 2024 44842: HTTP: Backdoor.MSIL.Veatydoor.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 24, 2024 Modified Filters (logic changes): * = Enabled in Default deployments * 35920: TCP: Backdoor.Win32.Winnti.A Runtime Detection - IPS Version: 3.7.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. - Release Date: August 06, 2019 - Last Modified Date: September 24, 2024 Modified Filters (metadata changes only): * = Enabled in Default deployments * 44050: HTTP: Trojan.Shell.KoiLoader.YXEFZZ Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Name changed from "44050: HTTP: Trojan.MSIL.Azorult.A Runtime Detection". - Description updated. - Vulnerability references updated. - Release Date: April 02, 2024 - Last Modified Date: September 24, 2024 Removed Filters: None

ThreatDV - Malware Filter Package #2005

Product / Version includes:

TippingPoint ThreatDV All

Last updated: 2024/09/25

Solution ID: KA-0017873

Category: Configure , Troubleshoot , Deploy

Summary

ThreatDV - Malware Filter Package #2005 September 24, 2024

Table of Contents
--------------------------
  New Filters - 9
  Modified Filters (logic changes) - 1
  Modified Filters (metadata changes only) - 1
  Removed Filters - 0

New Filters: 

    44825: HTTP: Backdoor.MSIL.RCShell.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: September 24, 2024

    44828: HTTP: Trojan-Downloader.MSIL.CKFndr.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.
      - Release Date: September 24, 2024

    44829: DNS: Backdoor.MSIL.Spearaldoor.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: September 24, 2024

    44830: HTTP: Trojan-Downloader.JS.ConoleathLoader.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: September 24, 2024

    44833: HTTP: Backdoor.PHP.Oomlasidwp.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: September 24, 2024

    44835: HTTP: Worm.Shell.Hadoospread.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: September 24, 2024

    44836: HTTP: Ransomware.Win64.RazrusheniyeCrypter.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: September 24, 2024

    44837: HTTP: Trojan.Win32.BadIIS.AE Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: September 24, 2024

    44842: HTTP: Backdoor.MSIL.Veatydoor.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: September 24, 2024

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 35920: TCP: Backdoor.Win32.Winnti.A Runtime Detection
      - IPS Version: 3.7.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 06, 2019
      - Last Modified Date: September 24, 2024

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 44050: HTTP: Trojan.Shell.KoiLoader.YXEFZZ Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "44050: HTTP: Trojan.MSIL.Azorult.A Runtime Detection".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: April 02, 2024
      - Last Modified Date: September 24, 2024

  Removed Filters: None

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

ThreatDV - Malware Filter Package #2005

ThreatDV - Malware Filter Package #2005

Product / Version includes:

Summary