New Filters: 45194: HTTP: Backdoor.Win64.MoreEggs.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Evaluation (Permit / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: January 07, 2025 45195: SMB: Ransomware.Win32.ElpacoLocker.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Evaluation (Permit / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: January 07, 2025 45196: SMB: Ransomware.Win64.GoZoneLocker.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Evaluation (Permit / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: January 07, 2025 45252: HTTP: Trojan.MacOS.MeetenStealer.LYELY Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Evaluation (Permit / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: January 07, 2025 45254: IRC: Trojan.Linux.Capsaicin.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Evaluation (Permit / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, CVE-2024-33112 - Release Date: January 07, 2025 45263: HTTP: Trojan.Win64.BizfumStealer.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Evaluation (Permit / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: January 07, 2025 45264: HTTP: Trojan-Downloader.VBS.VBCloud.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Evaluation (Permit / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: January 07, 2025 45271: TCP: Trojan.MSIL.TwoDash.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Evaluation (Permit / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: January 07, 2025 Modified Filters (logic changes): * = Enabled in Default deployments * 45198: SMB: Ransomware.MSIL.CobraLocker.A Runtime Detection - IPS Version: 3.9.5 and after. - TPS Version: 5.2.2 and after. - vTPS Version: 5.2.2 and after. - Detection logic updated. - Release Date: December 31, 2024 - Last Modified Date: January 07, 2025 Modified Filters (metadata changes only): None Removed Filters: None

ThreatDV - Malware Filter Package #2022

Product / Version includes:

TippingPoint ThreatDV All

Last updated: 2025/01/08

Solution ID: KA-0018774

Category: Configure , Troubleshoot , Deploy

Summary

ThreatDV - Malware Filter Package #2022 January 7, 2025

Table of Contents
--------------------------
  New Filters - 8
  Modified Filters (logic changes) - 1
  Modified Filters (metadata changes only) - 0
  Removed Filters - 0

New Filters: 

    45194: HTTP: Backdoor.Win64.MoreEggs.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 07, 2025

    45195: SMB: Ransomware.Win32.ElpacoLocker.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 07, 2025

    45196: SMB: Ransomware.Win64.GoZoneLocker.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 07, 2025

    45252: HTTP: Trojan.MacOS.MeetenStealer.LYELY Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 07, 2025

    45254: IRC: Trojan.Linux.Capsaicin.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, CVE-2024-33112
      - Release Date: January 07, 2025

    45263: HTTP: Trojan.Win64.BizfumStealer.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 07, 2025

    45264: HTTP: Trojan-Downloader.VBS.VBCloud.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 07, 2025

    45271: TCP: Trojan.MSIL.TwoDash.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 07, 2025

  Modified Filters (logic changes):
     * = Enabled in Default deployments

    * 45198: SMB: Ransomware.MSIL.CobraLocker.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: December 31, 2024
      - Last Modified Date: January 07, 2025

  Modified Filters (metadata changes only): None

  Removed Filters: None

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

ThreatDV - Malware Filter Package #2022

ThreatDV - Malware Filter Package #2022

Product / Version includes:

Summary