Views:
Table of Contents
--------------------------
  New Filters - 8
  Modified Filters (logic changes) - 0
  Modified Filters (metadata changes only) - 3
  Removed Filters - 0		 
New Filters: 

    45310: HTTP: Trojan.VBA.Efarpe.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: Critical
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.
      - Release Date: January 21, 2025

    45315: HTTP: Ransomware.Win64.HexaLocker.THAOBBE Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 21, 2025

    45316: HTTP: Trojan.MSIL.PrispdStealer.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 21, 2025

    45317: HTTP: Trojan.Shell.TworkemStealer.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 21, 2025

    45318: HTTP: Trojan-Downloader.Win32.Satacom.AD Runtime Detection (Download Config)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 21, 2025

    45319: HTTP: Trojan-Downloader.Win32.Satacom.AD Runtime Detection (Check-in Request)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 21, 2025

    45320: HTTP: Backdoor.Win64.SandCat.69E94105 Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 21, 2025

    45329: HTTP: Trojan.MSIL.Bobikbot.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: January 21, 2025

  Modified Filters (logic changes): None

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 38506: HTTP: Backdoor.ASP.ASpyDrv.A Runtime Detection (Authentication Request)
      - IPS Version: 3.7.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38506: HTTP: ASpyDrv Webshell Traffic Detected (Authentication Request)".
      - Vulnerability references updated.
      - Release Date: November 24, 2020
      - Last Modified Date: January 21, 2025

    * 38507: HTTP: Backdoor.ASP.ASpyDrv.A Runtime Detection (Control Commands)
      - IPS Version: 3.7.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38507: HTTP: ASpyDrv Webshell Traffic Detected (Control Commands)".
      - Vulnerability references updated.
      - Release Date: November 24, 2020
      - Last Modified Date: January 21, 2025

    * 38508: HTTP: Backdoor.ASP.RedhatHackerWS.A Runtime Detection (Control Commands)
      - IPS Version: 3.7.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38508: HTTP: RedHat Webshell Traffic Detected (Control Commands)".
      - Vulnerability references updated.
      - Release Date: November 24, 2020
      - Last Modified Date: January 21, 2025

  Removed Filters: None
Keywords: ThreatDV - Malware Filter Package #2024