New Filters:
45540: HTTP: Backdoor.Win64.Finaldraft.A Runtime Detection (Session and Command Polling Requests)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 11, 2025
45541: HTTP: Backdoor.Win64.Finaldraft.A Runtime Detection (Session and Command Response Requests)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 11, 2025
45542: TCP: Backdoor.Win64.Finaldraft.A Runtime Detection (Authentication Request)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 11, 2025
45552: HTTP: Trojan.Python.ClipBanker.ADEN Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 11, 2025
45556: HTTP: Ransomware.MSIL.Werusaboba.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Permit / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 11, 2025
45557: HTTP: Trojan.MSIL.DestinyStealer.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 11, 2025
45558: HTTP: Trojan.Win64.ThunderKitty.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 11, 2025
45559: HTTP: Trojan.Win64.Myuomi.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 11, 2025
45562: TLS: Backdoor.Win64.NighthawkC2.A Runtime Detection (Self-signed SSL/TLS Default Certificate)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 11, 2025
45564: HTTP: Backdoor.Shell.Tnuocul.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
- Release Date: March 11, 2025
45565: HTTP: Trojan.Python.Chrobracliplogger.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 11, 2025
Modified Filters (logic changes):
* = Enabled in Default deployments
37609: SMB: Possible Ransomware File Creation Request With Specific Extension
- IPS Version: 3.7.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
- Release Date: April 14, 2020
- Last Modified Date: March 11, 2025
Modified Filters (metadata changes only): None
Removed Filters:
27920: TCP: BKDR_MOONWIND.A Checkin
- IPS Version: 3.7.0 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Release Date: April 18, 2017
45461: HTTP: Trojan.Shell.KimsumiStealer.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Release Date: February 18, 2025
|
Views:
Keywords: ThreatDV Malware Filter Package #2033