New Filters:
45504: DCERPC: Backdoor.VBS.WMIHacker.A Runtime Detection (Shell CMD Script)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45509: DCERPC: Backdoor.VBS.WMIHacker.A Runtime Detection (Upload/Download Script)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45517: TCP: Trojan.Python.Webcredstealer.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45518: HTTP: Trojan.Win32.SpectrumStealer.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45519: HTTP: Trojan.VBS.Mailcontenvia.A Runtime Detection (Exfiltrate Username and Computer Name)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45520: HTTP: Trojan.VBS.Mailcontenvia.A Runtime Detection (Exfiltrate List of Contacts)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45521: HTTP: Trojan.VBS.Mailcontenvia.A Runtime Detection (Retrieve Email to Send)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45522: HTTP: Trojan.VBS.Mailcontenvia.A Runtime Detection (Confirmation of Sent Email)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45524: HTTP: Trojan.Python.Taktivore.A Runtime Detection (PowerShell Plugin - File Name)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45525: HTTP: Trojan.Python.Taktivore.A Runtime Detection (System Info)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45529: TCP: Trojan.Java.SawRAT.A Runtime Detection - (System Info)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45535: HTTP: Trojan.Shell.Asyncrat.YXFBYZ Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45536: HTTP: Trojan.Shell.Berfinlin.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
45537: HTTP: Trojan.Shell.KimsumiStealer.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 04, 2025
Modified Filters (logic changes):
* = Enabled in Default deployments
* 39856: HTTP: Backdoor.Win64.Cobalt.DTI Runtime Detection
- IPS Version: 3.7.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: June 08, 2021
- Last Modified Date: March 04, 2025
* 42052: HTTP: Trojan.Linux.Kmsdbot.B Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Detection logic updated.
- Deployments updated and are now:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: December 06, 2022
- Last Modified Date: March 04, 2025
* 42160: UDP: Trojan.Linux.Rochparz.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Detection logic updated.
- Deployments updated and are now:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: January 10, 2023
- Last Modified Date: March 04, 2025
* 42469: FTP-DATA: Trojan.Shell.EyeSpy.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "42469: TCP: Trojan.Shell.EyeSpy.A Runtime Detection".
- Description updated.
- Detection logic updated.
- Deployments updated and are now:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 07, 2023
- Last Modified Date: March 04, 2025
* 42594: HTTP: Backdoor.PHP.PownyShell.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: April 11, 2023
- Last Modified Date: March 04, 2025
43603: TCP: Trojan.Java.SawRAT.A Runtime Detection - (Heart Beat)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Name changed from "43603: TCP: Trojan.Java.SawRAT.A Runtime Detection".
- Detection logic updated.
- Release Date: January 02, 2024
- Last Modified Date: March 04, 2025
* 45492: HTTP: Trojan.Python.Marsayhem.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: February 25, 2025
- Last Modified Date: March 04, 2025
Modified Filters (metadata changes only): None
Removed Filters: None
|
Views:
Keywords: ThreatDV Malware Filter Package #2032