Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

ThreatDV - Malware Filter Package #1412

    • Updated:
    • 16 Aug 2017
    • Product/Version:
    • TippingPoint ThreatDV
    • Platform:
Summary
ThreatDV - Malware Filter Package #1412      (August 15, 2017)
Details
Public
Thank you for subscribing to Threat Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC):https://tmc.tippingpoint.com

This is an out-of-band Malware Filter Package, the next regularly scheduled Malware Filter Package will be published on Tuesday, August 15, 2017.

To learn more about the capabilities of this new filter set, please reference: TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV).

SMS customers can update the malware filter set through the SMS client. Go to SMS > Profile > Auxiliary DVs > Download to detect and load the latest update.
 
System Requirements
The malware filter package requires TOS v3.7.0.4200, NGFW v1.1.1.4200, TPS v4.0.0.4300, vTPS v4.0.1.4300 and higher. This filter package is supported only on the N and NX Platform IPS, NGFW, TPS models, and vTPS licensed for the ThreatDV (formerly ReputationDV) service.
 
The Malware Filter Package can also be manually downloaded from the following URL:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=malware&contentId=Malware_3.7.0_1412.pkg

Update Details

Table of Contents

--------------------------
Filters
 New Filters
 Modified Filters (logic changes)
 Modified Filters (metadata changes only)
 Removed Filters

Filters
----------------
  New Filters:

    29372: HTTP: Terror EK Landing T1 Jun 02 2017 M2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29373: TCP: x0Proto File Info Request
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29375: TCP: Shifr Ransomware Malicious Domain in SNI Observed
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29376: HTTP: Revcode RAT CnC 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29377: HTTP: Android/SmsSpy.AS CnC Beacon 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29378: HTTP: Trojan-SMS.AndroidOS.FakeInst.fb CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29381: HTTP: Cerber Blockchain Query 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29382: SMTP: Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 3
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29383: SMTP: Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 4
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29384: SMTP: Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 4
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29385: HTTP: Android/Spy.SmsSpy.JX Download
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29386: HTTP: Android/TrojanDropper.Agent.BCS Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29387: TCP: Zeus Panda Banker Malicious SSL Certificate Detected
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29388: HTTP: Volk-Botnet Downloader Retrieving Payload
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29389: HTTP: Volk-Botnet Downloader User-Agent Observed (hackThemAll)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29391: SMTP: Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP 5
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29392: SMTP: Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 7
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29393: TLS: AgentTesla Downloader Malicious Domain in SNI Observed
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29394: HTTP: MSIL/SkyNet CnC Activity
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29395: DNS: Win32/FileCoder.Philadelphia DNS Query
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29396: HTTP: AlinaPOS Checkin 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29397: HTTP: MSIL/ClipBanker.BX CnC Checkin M2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29398: TCP: Winnti Related PcClient CnC 1
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29399: TCP: MSIL/XBBX CnC Activity
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29400: TCP: Observed Malicious SSL Cert (Upatre Downloader CnC - maitikio . com)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29401: TCP: Observed Malicious SSL Cert (Upatre Downloader CnC - cry-havok . org)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29402: HTTP: MSIL/Unk.CoinMiner/PWS CnC Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29403: SMTP: Trojan-Spy.AndroidOS.SmsThief.ic SMS/Contact Exfil via SMTP 8
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29404: HTTP: Imminent Monitor Style IP Check freegeoip.net
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29406: HTTP: Genome K2T IP Check
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29407: IRC: W32/Banpol.A Joining IRC Channel
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29408: HTTP: Win32/Trojan.Downloader.CSB Checkin 1
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29409: HTTP: Tick Related W32/Datper
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29410: HTTP: Android.Trojan.SmsSpy.GI CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29411: HTTP: Tick Related W32/HomamDownloader
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29412: DNS: DNS Query to Cerber Domain (143kzi . top)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployment: Not enabled by default in any deployment.

    29419: HTTP: Rig/Sundown Exploit Kit Landing Page
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Virus
      - Severity: High
      - Description: This filter is deployed in the Malware Filter Package.
      - Deployments:
        - Deployment: Performance-Optimized (Block / Notify)

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    26901: HTTP: Obfuscated HTML Usage in Exploit Kits (Rig/Sundown)
      - IPS Version: 3.8.3 and after.
      - NGFW Version: Not available.
      - TPS Version: 4.1.0 and after in IPS Persona mode.
      - vTPS Version: 4.1.0 and after in IPS Persona mode.
      - Requires: Only IPS models or TPS in IPS Persona
      - Deployments updated and are now:
        - Deployment: Security-Optimized (Block / Notify)

  Removed Filters:

    29290: HTTP: Android/Triada.DZ Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    29291: HTTP: Android/Triada.DZ Checkin 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    29293: HTTP: Trojan-Dropper.AndroidOS.Triada.d Checkin 3
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    29294: HTTP: Trojan-Dropper.AndroidOS.Triada.d Checkin 4
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    29298: HTTP: Trojan.AndroidOS.Triada.e CnC Beacon 4
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    29299: HTTP: Android.Trojan.Downloader.IJ CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    29318: HTTP: Android.Trojan.Agent.LN Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.  



Top of the Page
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000087065
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.