Summary
ThreatDV - Malware Filter Package #1449 January 9, 2018
Details
Thank you for subscribing to Threat Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com To learn more about the capabilities of this new filter set, please reference: TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV). SMS customers can update the malware filter set through the SMS client. Go to SMS > Profile > Auxiliary DVs > Download to detect and load the latest update. |
System Requirements |
The malware filter package requires TOS v3.7.0.4200, NGFW v1.1.1.4200, TPS v4.0.0.4300, vTPS v4.0.1.4300 and higher. This filter package is supported only on the N and NX Platform IPS, NGFW, TPS and vTPS systems licensed for the ThreatDV (formerly ReputationDV) service. |
The Malware Filter Package can also be manually downloaded from the following URL: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=malware&contentId=Malware_3.7.0_1449.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
30170: HTTP: OceanLotus System Profiling JavaScript HTTP Request
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30171: TCP: [PTsecurity] Win32/Downloader.op17 CnC Response
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30172: DNS: TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30173: SMTP: TrojanSpy.Webmoner.zr Checkin via SMTP
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30174: DNS: Win32/Injector.CGDU .onion Proxy Domain
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30175: HTTP: Garveep CnC Beacon Fake Headers
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30176: HTTP: Win32/TrojanDownloader.Banload.UKZ Receiving Payload
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30177: DNS: Fakben .onion Proxy Domain
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30178: HTTP: Ursnif Variant CnC Beacon 5
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
30179: IRC: MSIL/IRCBot.BK Upload Screenshot Notification via IRC
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Category: Virus
- Severity: High
- Description: This filter is deployed in the Malware Filter Package.
- Deployment: Not enabled by default in any deployment.
Modified Filters (logic changes):
* = Enabled in Default deployments
17429: HTTP: RIG EK Landing URI Struct
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17431: HTTP: FlashPack EK Redirect Sept 01 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17435: HTTP: Astrum EK Landing
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17436: HTTP: Astrum EK Landing
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17440: FTP: TSPY_POCARDL.U Possible FTP Login
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17441: HTTP: DecebalPOS Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17442: HTTP: DecebalPOS User-Agent
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17446: HTTP: Nuclear EK Redirect Sept 18 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17448: HTTP: NewPosThings Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17450: HTTP: NewPosThings POST with Fake UA and Accept Header
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17470: IRC: Reply Sinkhole - irc-sinkhole.cert.pl
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17481: DNS: TorrentLocker DNS Lookup
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17485: HTTP: Android/Koler.C Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17486: TLS: Win32/Chanitor.A Domain in SNI
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17487: HTTP: OLDBAIT Checkin sptr
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17488: HTTP: OLDBAIT Checkin 2 brvc
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17489: HTTP: Sofacy HTTP Request adawareblock.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17490: HTTP: Sofacy HTTP Request adobeincorp.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17503: HTTP: Sofacy HTTP Request updatepc.org
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17506: HTTP: Sofacy HTTP Request checkmalware.org
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17508: HTTP: Sofacy HTTP Request msonlinelive.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17509: HTTP: FlashPack Payload Download Oct 29
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17510: HTTP: FakeSupport - Landing Page - Windows Firewall Warning
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17511: HTTP: FakeSupport - URI - windows-firewall.png
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17512: HTTP: FakeSupport - Landing Page - Operating System Check
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17515: HTTP: Possible EITest Flash Redirect
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17528: HTTP: Job314 EK Landing Nov 10 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17529: DNS: Ponmocup Post Infection DNS Lookup intohave
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17530: DNS: Ponmocup Post Infection DNS Lookup fasternation
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17538: HTTP: Malware Connectivity Check to Google
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
17542: HTTP: SPL2 EK Flash Exploit Nov 18 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17544: HTTP: Rerdom/Asprox CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17547: HTTP: HTTP Request to a *.cvredirect.no-ip.net domain - CoinLocker Domain
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17548: HTTP: HTTP Request to a *.cvredirect.ddns.net domain - CoinLocker Domain
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17550: HTTP: W32/Hyteod.Downloader CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17552: HTTP: W32/Coinminer.Backdoor CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17553: HTTP: W32/Wadolin.Downloader CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
17554: HTTP: Trojan/W32.KRBanker.60928.C Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18021: HTTP: Evil Flash Redirector to Job314/Neutrino Reboot EK
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18023: SMTP: Infostealer.Bancos Sending Stolen info SMTP
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18025: HTTP: Trojan.Agent.AIXD Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18026: HTTP: W32/TRCrypt.ULPM Downloader CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18028: HTTP: Evil Flash Redirector to RIG EK Dec 17 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
18033: HTTP: Evil Redirector Leading to EK Dec 22 2014 Video
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
18034: HTTP: Evil Redirector Leading to EK Dec 22 2014 Player
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
18047: HTTP: Win32/Htbot.B Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18048: HTTP: Trojan.Generic.5325921 Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18055: HTTP: ArcDoor User-Agent (ALIZER)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18077: HTTP: ScanBox Framework used in WateringHole Attacks
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18087: HTTP: Trojan/MSIL.bfsx Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18088: HTTP: Nuclear EK Landing Dec 03 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
18090: HTTP: SoakSoak Malware GET request
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18103: HTTP: Win32/Neutrino Cookie
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18104: HTTP: Brontok User-Agent Detected (Rivest)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18106: HTTP: Win32/Scieron-A UA (HTClient)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18109: HTTP: Evil Redirector Leading to EK Feb 11 2015 Banner
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
18110: HTTP: Evil Redirector Leading to EK Feb 11 2015 Blog
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
* 18111: FTP: HawkEye Keylogger FTP
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18112: FTP: MSIL/Golroted.B Keylogger FTP
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
18115: HTTP: Unknown EK Landing Feb 16 2015 b64 2 M1
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20508: TLS: Possible Upatre SSL Cert picklingtank.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20550: TLS: Possible Upatre SSL Cert vcomdesign.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20551: TLS: Possible Upatre SSL Cert technosysuk.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20552: TLS: Possible Upatre SSL Cert slmp-550-105.slc.westdc.net
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20553: TLS: Possible Upatre SSL Cert itiltrainingcertworkshop.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20554: TLS: Possible Upatre SSL Cert udderperfection.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20555: TLS: Possible Upatre SSL Cert efind.co.il
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20556: TLS: Possible Upatre SSL Cert bloodsoft.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20557: TLS: Possible Upatre SSL Cert walletmix.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20558: TLS: Possible Upatre SSL Cert turnaliinsaat.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20559: TLS: Possible Upatre SSL Cert mdus-pp-wb12.webhostbox.net
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20560: TLS: Possible Upatre SSL Cert plastics-technology.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20562: TLS: Possible Upatre SSL Cert worldbuy.biz
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20563: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20564: TLS: Possible Upatre SSL Cert paydaypedro.co.uk
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20565: TLS: Possible Upatre SSL Cert chatso.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20567: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20569: TLS: Possible Dyre SSL Cert Sept 3 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20570: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Upatre C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20575: TLS: Possible Dyre SSL Cert Sept 15 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20576: TLS: Possible Dyre SSL Cert Sept 16 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20577: TLS: Possible Dyre SSL Cert Sept 16 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20578: HTTP: Nuclear EK CVE-2013-2551 Sept 17 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20579: TCP: Androm SSL Cert Sept 18 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20580: TLS: Possible Dyre SSL Cert Sept 19 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20581: TCP: Linux/BillGates Checkin Response
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20582: TLS: Possible Dyre SSL Cert Sept 22 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20585: TLS: Possible Dyre SSL Cert Sept 26 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20586: TCP: Possible Dyre SSL Cert Sept 26 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20587: TLS: Possible Upatre SSL Cert santa.my
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20588: TLS: Possible Upatre SSL Cert glynwedasia.com
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20589: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20590: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20591: TLS: BlackEnergy Possible SSL Cert Sept 26 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20592: TLS: Dyre SSL Cert 1
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20593: TLS: Dyre SSL Cert 2
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20594: TLS: Dyre SSL Cert 3
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20595: TLS: ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20596: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (UPATRE CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20597: TCP: Android/Code4hk.A Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20598: TLS: Possible Dyre SSL Cert Sept 30 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20599: TCP: Possible Dyre SSL Cert Sept 30 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20654: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (UPATRE CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20655: TLS: Possible Upatre SSL Cert mypreschool.sg
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20656: TLS: Possible Dyre SSL Cert Oct 3 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20658: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TeslaCrypt)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20659: TLS: Napolar SSL Cert Oct 9 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20660: TLS: ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20665: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20666: TLS: Win32/Zbot SSL Cert Oct 17 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20667: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20668: TCP: Possible Dyre SSL Cert Oct 22 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20669: TCP: Possible Dyre SSL Cert Oct 22 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20670: TCP: Possible Dyre SSL Cert Oct 22 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20671: TCP: Possible Dyre SSL Cert Oct 22 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20672: TLS: BlackEnergy SSL Cert
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20673: TLS: BlackEnergy SSL Cert
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20674: TLS: Possible Upatre SSL Cert Oct 24 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20676: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Backoff CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20677: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20683: HTTP: Win32/Coreshell Checkin (APT28 Related)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20684: TCP: W32/ZxShell Server Checkin Response
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20685: TCP: PoisonIvy Keepalive to CnC (Operation SMN Variant)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20686: TCP: PoisonIvy Keepalive to CnC (Operation SMN Variant)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20687: TCP: PoisonIvy Keepalive to CnC (Operation SMN Variant)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20688: TCP: PoisonIvy Keepalive to CnC (Operation SMN Variant)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20689: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20690: TCP: Win32/Trustezeb.J SSL Cert Oct 30 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20691: TLS: ROM/BackOff C2 SSL Cert
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20692: TCP: Win32.Zbot.umpz SSL Cert Nov 4 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20693: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20694: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20695: TCP: Possible Dyre SSL Cert Nov 05 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20696: TCP: Win32/Trustezeb.E SSL Cert Nov 05 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20697: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20698: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20701: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20702: TCP: Possible Dyre SSL Cert Nov 11 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20741: TCP: Possible Dyre SSL Cert Nov 11 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20742: TCP: Possible Dyre SSL Cert Nov 11 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20743: TCP: Possible Dyre SSL Cert Nov 11 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20744: TCP: Possible Dyre SSL Cert Nov 11 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20745: TCP: Possible Dyre SSL Cert Nov 12 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20746: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20748: TCP: Possible Dyre SSL Cert Nov 17 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20749: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20750: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20751: HTTP: SPL2 EK JS HashLib Nov 18 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20752: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20753: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20755: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20756: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Hesperbot CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20757: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20758: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20759: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20760: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20761: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Cridex CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20762: TCP: Gootkit SSL Cert Dec 10 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20763: TCP: Win32/Dalexis.A Possible SSL Cert (smartoptionsinc.com)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20764: TCP: Win32/Spy.Zbot.ACB SSL Cert Dec 15 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20765: TCP: Possible Zbot SSL Cert Dec 16 2014
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20766: TCP: Possible Trojan.Nurjax SSL Cert
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20768: HTTP: Cushion Redirection URI Struct Mon Jan 05 2015
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20769: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Malware CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20770: UDP: TinyLoader.A Checkin x86
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20771: UDP: TinyLoader.A Checkin x64
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20772: FTP: Mini/Cosmic Duke variant FTP upload
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20774: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20777: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20778: TCP: Scieron Possible SSL Cert
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20779: TCP: Possible Dyre SSL Cert Jan 22 2015
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20780: TCP: Possible Dyre SSL Cert Jan 22 2015
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
20782: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
20783: TCP: Linux/Xnote Keep-Alive
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
21687: TCP: Linux/ShellshockCampaign.DDOSBot Scanner CnC Server Message
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
22113: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22228: TCP: Linux/ShellshockCampaign.DDOSBot Terminate Process CnC Server Message
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
- Vulnerability references updated.
22927: TCP: Linux/Yangji.A Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22928: DNS: FrameworkPOS Covert DNS CnC Beacon 1
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
22929: DNS: FrameworkPOS Covert DNS CnC Beacon 2
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22933: TCP: Win32/Spy.Agent.OHT - AnunakAPT TCP Checkin 2
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22935: UDP: TinyLoader.A Sending UUID and Processes x86
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22936: UDP: TinyLoader.A Sending UUID and Processes x64
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22938: DNS: Scieron DNS Lookup (ls910329.my03.com)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22939: HTTP: W32/Upatre.Downloader Encoded Binary Download Request
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22940: TCP: MSIL/Agent.PYO Possible net.tcp CnC Beacon (stat)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
22941: TCP: MSIL/Agent.PYO Possible net.tcp CnC Beacon (control)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
24079: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
28840: HTTP: W32/Bapy.Downloader PE Download Request
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
28841: HTTP: W32/Bravix.Dropper CnC Beacon
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
28843: HTTP: Possible Zeus GameOver Connectivity Check 2
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
28844: HTTP: Win.Trojan.Chewbacca connectivity check
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
28846: HTTP: Job314 EK Payload Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Detection logic updated.
28848: HTTP: Cryptolocker Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
28849: HTTP: Gozi/Ursnif/Papras Connectivity Check
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
28850: HTTP: Win32/Ursnif Connectivity Check
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
28852: HTTP: Win32/Zemot Requesting PE
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updated.
28853: HTTP: Win32/Spy.KeyLogger.ODN Checkin
- IPS Version: 3.7.0 and after.
- NGFW Version: 1.1.1 and after.
- TPS Version: 4.0.0 and after.
- vTPS Version: 4.0.1 and after.
- Description updated.
- Detection logic updat