New Filters:
45647: SMB: Backdoor.Win64.RPipeCommander.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: April 01, 2025
45651: HTTP: Trojan.Shell.SrvdoStealer.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: April 01, 2025
45652: HTTP: Trojan.Shell.WarbatserStealer.A Runtime Detection (System Info; Screenshot; Browser Data)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: April 01, 2025
45655: HTTP: Trojan.MSIL.WinlogRAT.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: April 01, 2025
45656: HTTP: Ransomware.MSIL.Enmachproton.A Runtime Detection (Exfiltrate System Info)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: April 01, 2025
45657: HTTP: Ransomware.MSIL.Enmachproton.A Runtime Detection (Exfiltrate Encryption Password)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Evaluation (Permit / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
- Release Date: April 01, 2025
45669: TLS: Backdoor.MSIL.RatonRAT.A Runtime Detection (Default SSL/TLS Self-signed Certificate)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: April 01, 2025
45670: TCP: Backdoor.Python.Anubis.B Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: April 01, 2025
45671: HTTP: Trojan.Shell.Appofiade.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployments:
- Deployment: Default (Block / Notify)
- Deployment: Evaluation (Permit / Notify)
- Deployment: Performance-Optimized (Disabled)
- Release Date: April 01, 2025
Modified Filters (logic changes):
* = Enabled in Default deployments
* 41219: TLS: Backdoor.Win32.ShadowPad.A Runtime Detection (SSL/TLS Self-signed Certificate)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
- Release Date: April 26, 2022
- Last Modified Date: April 01, 2025
* 44528: TLS: Cobalt Strike Team Server (Cat Leak Self-signed SSL/TLS Certificate)
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Detection logic updated.
- Release Date: July 30, 2024
- Last Modified Date: April 01, 2025
Modified Filters (metadata changes only):
* = Enabled in Default deployments
* 45459: HTTP: Trojan.Python.Keespeedai.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Miscellaneous modification.
- Release Date: February 18, 2025
- Last Modified Date: April 01, 2025
* 45556: HTTP: Ransomware.MSIL.Werusaboba.A Runtime Detection
- IPS Version: 3.9.5 and after.
- TPS Version: 5.2.2 and after.
- vTPS Version: 5.2.2 and after.
- Deployments updated and are now:
- Deployment: Default (Block / Notify / Trace)
- Deployment: Evaluation (Permit / Notify / Trace)
- Deployment: Performance-Optimized (Disabled)
- Release Date: March 11, 2025
- Last Modified Date: April 01, 2025
Removed Filters: None
|
Views: 5
Keywords: ThreatDV Malware Filter Package #2037