Views:
Table of Contents
--------------------------
  New Filters - 12
  Modified Filters (logic changes) - 3
  Modified Filters (metadata changes only) - 0
  Removed Filters - 0		 
New Filters: 

     45573: HTTP: Backdoor.Win64.NighthawkC2.A Runtime Detection (GET Commands Requests)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: March 18, 2025

    45576: HTTP: Backdoor.Win64.NighthawkC2.A Runtime Detection (POST Results)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: March 18, 2025

    45582: HTTP: Backdoor.Win64.NighthawkC2.A Runtime Detection (Server Response)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: March 18, 2025

    45583: ICMP: Backdoor.Linux.Bpfdoor.USELVH222 Runtime Detection (Ingress - Activation Packet)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: March 18, 2025

    45587: HTTP: Backdoor.Shell.MuyuCR.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: March 18, 2025

    45588: HTTP: Backdoor.Shell.SSHadow.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: March 18, 2025

    45589: UDP: Backdoor.Linux.Bpfdoor.USELVH222 Runtime Detection (Ingress - Activation Packet)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.
      - Release Date: March 18, 2025

    45590: TCP: Backdoor.Linux.Bpfdoor.USELVH222 Runtime Detection (Ingress - Activation Packet)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: March 18, 2025

    45591: HTTP: Trojan.VBS.FmatruStealer.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: March 18, 2025

    45592: HTTP: Trojan.Win64.BadIIS.B325 Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.
      - Release Date: March 18, 2025

    45594: HTTP: Trojan.Shell.EncryptHubStealer.B Runtime Detection (Notification Request)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-26633
      - Release Date: March 18, 2025

    45595: HTTP: Trojan.Shell.MSCEvilTwin.A Runtime Detection (Payload - Server Response)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-26633
      - Release Date: March 18, 2025

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 42870: TCP: Backdoor.Linux.Bpfdoor.AT Runtime Detection (Activation Packet Inbound Request)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Deployments updated and are now:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: June 20, 2023
      - Last Modified Date: March 18, 2025

    * 45359: TCP: Backdoor.Shell.DarkWisp.A Runtime Detection
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 28, 2025
      - Last Modified Date: March 18, 2025

    * 45360: HTTP: Trojan.Shell.EncryptHubStealer.B Runtime Detection (Upload File, Callback - System Info.)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45360: HTTP: Trojan.Shell.EncryptHubStealer.B Runtime Detection".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 28, 2025
      - Last Modified Date: March 18, 2025

  Modified Filters (metadata changes only): None

  Removed Filters: None
Keywords: ThreatDV Malware Filter Package #2034