Summary
ThreatDV - Malware Filter Package #1447 January 2, 2018
Details
Thank you for subscribing to Threat Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com To learn more about the capabilities of this new filter set, please reference: TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV). SMS customers can update the malware filter set through the SMS client. Go to SMS > Profile > Auxiliary DVs > Download to detect and load the latest update. |
System Requirements |
The malware filter package requires TOS v3.7.0.4200, NGFW v1.1.1.4200, TPS v4.0.0.4300, vTPS v4.0.1.4300 and higher. This filter package is supported only on the N and NX Platform IPS, NGFW, TPS and vTPS systems licensed for the ThreatDV (formerly ReputationDV) service. |
The Malware Filter Package can also be manually downloaded from the following URL: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=malware&contentId=Malware_3.7.0_1447.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
30149: HTTP: BadRabbit Ransomware Activity Via WebDAV (infpub)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30150: HTTP: Qtloader encrypted check-in Oct 19 M1
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30151: TLS: Observed Malicious SSL Cert (IcedID CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30152: HTTP: Kryptik/CodecPack.amda/TROJ_RENOS.SM3 Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30153: HTTP: Win32/Valden.E Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30154: HTTP: Trojan.Vobfus variant XP checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30155: HTTP: W32/TinyZBot Fake Resume Upload GET Request (Operation Cleaver)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30156: DNS: Win32/Filecoder.EB Ransomware .onion Proxy Domain
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30157: DNS: Win32/Filecoder Ransomware Variant .onion Proxy Domain
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30158: DNS: Unknown Trojan .onion Proxy Domain
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
Modified Filters (logic changes):
* = Enabled in Default deployments
14916: HTTP: Android/Opfake.A GetTask CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14917: HTTP: Android/Opfake.A Country CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14919: HTTP: 81a338 Hacked Site Response (Inbound)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
14922: HTTP: FakeAV Install
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14924: HTTP: W32/Badur.Spy User Agent lawl
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14929: HTTP: Possible CVE-2013-3906 CnC Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14933: HTTP: Downloader (P2P Zeus dropper UA)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
14937: HTTP: HiMan EK - Flash Exploit
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
14939: HTTP: Possible Safe/CritX/FlashPack Edwards Packed PluginDetect
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
14943: HTTP: Browlock Landing Page URI Struct
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
14947: HTTP: W32/Liftoh.Downloader Feed404 CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14948: HTTP: W32/Liftoh.Downloader Images CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14952: HTTP: W32/Ferret DDOS Bot CnC Beacon 2
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14953: TCP: Win32.Morix.B checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14958: HTTP: Kishop.A checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14961: TLS: Upatre SSL Compromised site appsredeeem
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
14964: SMTP: Limitless Logger Sending Data over SMTP
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14965: SMTP: Limitless Logger Sending Data over SMTP 2
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14966: SMTP: Predator Logger Sending Data over SMTP
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14967: SMTP: Win32/Antilam.2_0 Sending Data over SMTP
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14968: HTTP: Possible Win32/Dimegup.A Downloading Image Common URI Struct
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14969: TCP: Win32/Xtrat C2 Response
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14972: HTTP: CookieBomb 2.0 In Server Response Jan 29 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14976: HTTP: Suspicious User Agent Mozi11a
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14977: TCP: W32/FakeAlert.FT.gen.Eldorado Downloading VBS
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14978: HTTP: Suspicious Request for Pdf.exe Observed in Zeus/Luminosity Link
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
14979: HTTP: W32/Woai.Dropper Config Request
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14981: HTTP: vSkimmer.PoS Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14982: HTTP: Win32.Blackbeard Downloader
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14983: HTTP: Trojan/Win32.FraudPack User-Agent (Downloader MLR 1.0.0)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14986: TCP: Generic CnC
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14988: HTTP: Zeus.Downloader Campaign Unknown Initial CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14990: HTTP: Win32/Kryptik.BSYO Checkin 2
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
14994: HTTP: SWF filename used in IE 2014-0322 Watering Hole Attacks
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
14999: HTTP: Havex RAT CnC Server Response
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
15000: HTTP: Havex RAT CnC Server Response HTML Tag
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
15001: HTTP: W32/PointOfSales.Misc CnC Activity
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
15002: HTTP: RDP Brute Force Bot Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
15007: TLS: Upatre SSL Compromised site trudeausociety
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
15009: HTTP: W32/SpeedingUpMyPC.Rootkit CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
15010: HTTP: Kazy Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
15011: HTTP: EvilTDS Redirection
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
15013: HTTP: Suspicious User-Agent (hi)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 15014: HTTP: GreenDou Downloader User-Agent (hello crazyk)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
15015: HTTP: Trojan-Spy.Win32.Zbot.qgxi Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
15017: HTTP: W32/Hicrazyk.A Downloader Install CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
15018: HTTP: Goon/Infinity URI Struct EK Landing May 05 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
15019: TLS: Potential Sefnit C2 traffic (from server)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
16356: HTTP: W32/SpeedingUpMyPC.Rootkit Successful Install GET Type CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
16365: HTTP: Soraya C2 User-Agent
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
16366: HTTP: Soraya C2 User-Agent (Vulture)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
16367: HTTP: Soraya C2 User-Agent (xehanort321)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
16369: HTTP: Backdoor.Win32/Etumbot.B Requesting RC4 Key
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17334: HTTP: Unknown EK Initial Payload Internet Connectivity Check
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17338: HTTP: Android/DwnlAPK-A Configuration File Request
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17339: TCP: W32/FakeAlert.FT.gen.Eldorado Downloading DLL
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17341: HTTP: W32/Zeus.InfoStealer Infection Campaign Heap.exe Request
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17345: TCP: Win32/Tapazom.A
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17346: TCP: Win32/Tapazom.A 2
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17347: HTTP: W32/Dadobra.Downloader/DNSChanger Dnsmake CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17356: TCP: PandoraRat/Refroso.bsp Directory Listing Sent To Server
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17359: HTTP: Miniduke Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17360: TLS: SSL Cert Observed with Unkown Trojan (statswas)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17361: HTTP: Soraya C2 User-Agent (rhyno321)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17362: HTTP: Soraya C2 User-Agent (SBTCM)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17363: HTTP: Soraya C2 User-Agent (slayer)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17364: HTTP: Soraya C2 User-Agent (VHIbot/1.0)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17376: HTTP: Pandemiya User-Agent
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17377: TCP: Putter Panda 3PARA RAT initial beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17380: HTTP: Andr/com.sdwiurse
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17383: HTTP: Dyreza RAT Checkin Response
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17385: TLS: Likely CryptoWall .onion Proxy domain in SNI
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17386: HTTP: Possible W32/VBKlip BAN Download
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17391: HTTP: BANKER.WIN32.BANBRA.BEEC Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17392: HTTP: CyberGate RAT User-Agent (USER_CHECK)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17393: HTTP: Safe/CritX/FlashPack EK Secondary Landing Jul 11 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17395: SMTP: Predator Pain Sending Data over SMTP
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17396: SMTP: Pain File Stealer sending wallet.dat via SMTP
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17398: HTTP: XPSecurityCenter FakeAV Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17400: HTTP: Win32/Swizzor User-Agent (Swizz03r)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17407: TLS: Zbot .onion Proxy domain in SNI Aug 04 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17412: TCP: Archie.EK CVE-2013-2551 URI Struct
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17414: HTTP: Variant.Strictor Dropper
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17417: HTTP: Suspicious User-Agent (Asteria md5)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17421: TCP: Archie EK Secondary Landing Aug 24 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17423: HTTP: FlashPack EK Redirect Aug 25 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17424: HTTP: FlashPack EK Exploit Landing Aug 25 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17426: HTTP: BleedingLife EK Variant Aug 26 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17427: HTTP: Offensive Security EMET Bypass Observed in BleedingLife Variant Aug 26 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18075: HTTP: MtGox Leak wallet stealer UA
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18076: HTTP: Multiple EKs CVE-2013-3918
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
18191: HTTP: Possible Deep Panda WateringHole Related URI Struct
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20279: ICMP: PWS Win32/Lmir.BMQ checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20282: TLS: Possible Updatre SSL Certificate cardiffpower
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20283: TLS: Possible Updatre Compromised SSL Certificate marchsf
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20284: TLS: Possible Updatre Compromised SSL Certificate thebostonshaker
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20285: TCP: Java/Jacksbot Check-in
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20289: SMTP: Win32.WinSpy.pob Sending Data over SMTP
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20290: TCP: Win32.Genome.boescz Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20291: TCP: W32/Banker.AALV checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20365: HTTP: W32/Asprox.ClickFraudBot CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20366: HTTP: W32/Rshot.Backdoor File Upload CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20367: TCP: W32/Trojan-Gypikon Sending Data
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20368: TCP: W32/Trojan-Gypikon Server Check-in Response
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20369: TCP: Win32.Hack.PcClient.g CnC (OUTBOUND) XOR b5
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20371: TCP: W32/FakeFlash.Dropper Initial CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20372: TCP: W32/FakeFlash.Dropper Initial CnC Beacon Acknowledgement
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20374: TCP: W32/FakeFlash.Dropper GetInformation CnC Beacon Acknowledgement
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20375: TCP: Darkshell.A Checkin XOR C0 Win XP
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20376: HTTP: W32/PointOfSales.Misc CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20379: HTTP: W32/SpeedingUpMyPC.Rootkit Install CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20381: TCP: Backdoor Win32/Zegost.Q CnC traffic (OUTBOUND)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20383: HTTP: W32/Fsysna.Downloader CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20384: HTTP: W32/HelloBridge.Backdoor Register CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20385: HTTP: W32/HelloBridge.Backdoor Login CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20386: HTTP: Possible Malicious Injected Redirect June 02 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20387: DNS: Reply Sinkhole FBI Zeus P2P 1 - 142.0.36.234
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20389: TLS: Possible Upatre SSL Cert
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20390: TCP: Win32/Sharik Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20391: TCP: Win32/Sharik C2 Incoming Traffic
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20393: TCP: TrojanSpy.Win32/Banker.AMB SQL Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20394: TLS: Possible Upatre SSL Cert 999servers.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20396: TLS: Possible Upatre SSL Cert acesecureshop.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20397: TLS: Possible Upatre SSL Cert new-install.privatedns.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20398: TLS: Possible Upatre SSL Cert July 14 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20399: TLS: Possible Upatre SSL Cert faithmentoringandmore.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20400: TLS: Possible Upatre SSL Cert karinejoncas.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20401: TLS: Possible Upatre SSL Cert deslematin.ca
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20402: TLS: ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20403: TLS: ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20404: TLS: ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20405: HTTP: Asterope Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20406: TLS: Possible Upatre SSL Cert twitterbacklinks.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20407: HTTP: Hupigon.DF Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20408: TLS: Malicious SSL Cert (KINS C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20409: TLS: Possible Upatre SSL Cert thelabelnashville.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20410: TLS: Possible Upatre SSL Cert cactussports.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20411: TLS: Possible Upatre SSL Cert yellowdevilgear.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20412: TLS: Possible Upatre SSL Cert migsparkle.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20413: TLS: Possible Upatre SSL Cert server.abaphome.net
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20414: TLS: Possible Upatre SSL Cert 1stopmall.us
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20459: SMTP: Infostealer.KLPROXY Checkin via SMTP
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20460: TLS: Possible Upatre SSL Cert disenart.info
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20461: TLS: Possible Upatre SSL Cert host-galaxy.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20462: TLS: Possible Upatre SSL Cert fxbingpanel.fareexchange.co.uk
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20463: TLS: Possible Upatre SSL Cert 66h.66hosting.net
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20464: TLS: Possible Upatre SSL Cert businesswebstudios.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20465: TLS: Possible Upatre SSL Cert udderperfection.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20466: TLS: Possible Upatre SSL Cert www.senorwooly.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20467: TLS: Possible Upatre SSL Cert ns2.sicher.in
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20468: TLS: Malicious SSL Cert (KINS C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20469: TLS: Possible Upatre SSL Cert chinasemservice.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20470: TLS: Possible Upatre SSL Cert ns7-777.777servers.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20471: TLS: Possible Upatre SSL Cert adodis.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20472: TLS: Possible Upatre SSL Cert power2.mschosting.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20473: TLS: BitcoinMiner C2 SSL Cert
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20474: TLS: Possible Upatre SSL Cert tradeledstore.co.uk
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20475: TLS: ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20476: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20477: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20478: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (CryptoWall C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20479: HTTP: Malvertising Leading to EK Aug 19 2014 M3
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20480: TLS: Possible Dyre SSL Cert Aug 20 2014 D1
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20507: TLS: Possible Upatre SSL Cert uleideargan.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20653: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22913: HTTP: W32/Ke3chang.MovieStar.APT Campaign CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22914: HTTP: W32/Ke3chang.Dream.APT Campaign CnC Beacon 2
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22915: HTTP: W32/Ke3chang.MyWeb.APT Eourdegh Campaign CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22916: HTTP: W32/Neverquest.InfoStealer Configuration Request CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22919: HTTP: Bozok.RAT checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22920: TLS: Possible W32/Zbot.InfoStealer SSL Cert Parallels.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22922: TCP: PandoraRat/Refroso.bsp Activity
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
24147: HTTP: Soraya C2 User-Agent (default)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
24148: HTTP: Evil EK Redirector Cookie June 27 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
24271: TLS: Possible Dyre SSL Cert Aug 20 2014 D2
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
24505: HTTP: W32/Ke3chang.BMW.APT Campaign CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
25123: HTTP: FaceBook IM & Web Driven Facebook Trojan Posting Data
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
25124: HTTP: Trojan.BlackRev Botnet Command Request CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
25125: HTTP: Sisproc update
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
25127: HTTP: Common Zbot EXE filename Dec 09 2013
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
26954: HTTP: Agent.BAAB Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26955: HTTP: W32/LockscreenBEI.Scareware Cnc Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26956: HTTP: SolarBot Plugin Download ComputerInfo
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
26957: HTTP: SolarBot Plugin Download WalletSteal
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
26959: HTTP: Infostealer.Jackpos Checkin 2
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26960: HTTP: MSIL.Zapchast Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26961: HTTP: Win32/Matsnu.L Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26962: HTTP: Downloader.Win32.Geral Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26963: HTTP: Likely Geodo/Emotet Downloading PE
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
26965: HTTP: Win32/Expiro.CD Check-in
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26966: HTTP: BKDR_SLOTH.A Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26967: HTTP: Mal/Ransom-CE Connectivity Check
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26968: HTTP: Win32/Stoberox.B
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26969: HTTP: SMSSend Fake flappy bird APK
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26970: HTTP: W32/Zbot.InfoStealer WindowsUpdate Connectivity Check With Opera UA
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26972: HTTP: Trojan.Win32.Webprefix checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26973: HTTP: Trojan-Dropper.Win32.Agent.ksja
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26974: HTTP: Trojan.Win32.VBKrypt.cugq/Umbra Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26975: HTTP: AndroidOS/Lotoor.Q
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26980: HTTP: W32/Antifulai.APT CnC Beacon 1
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
26981: HTTP: Win32/Zemot Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS V