ThreatDV - Malware Filter Package #1451 (CONT)

    21068: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Ransomware CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21069: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (BlackEnergy CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21071: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21072: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21073: HTTP: Loki Bot User-Agent (Charon/Inferno)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    21074: DNS: Ponmocup Post Infection DNS Lookup messagewild
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    21075: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21076: HTTP: Possible TDS Redirecting to EK Aug 19 2015
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    21078: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21079: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Ursnif CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21080: HTTP: Magnitude/Hunter EK IE Exploit Aug 23 2015
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    21082: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21083: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21084: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21085: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21086: HTTP: Evil Redirector Leading to EK Aug 31 2015 T2 (BizCN)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    21087: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21088: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21089: HTTP: Grey Advertising Often Leading to EK
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21090: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21091: TLS: Malicious SSL certificate detected (FindPOS)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21093: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21094: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21095: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    21347: TCP: Possible Dridex downloader SSL Certificate srv1.mainsftdomain.com
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    21843: HTTP: Evil Redirector Leading to EK September 04 2015
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    22018: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    22697: TCP: Linux/ChinaZ 2.0 DDoS Bot Checkin 3
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    22942: TCP: Carbanak APT CnC Beacon 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    22946: TLS: Mocelpa Client Hello CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    22947: TCP: Java/QRat Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    22948: HTTP: Win32.VBKrypt.vquj Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    23716: TCP: Email Contains InternetOpen WinInet API Call - Potentially Dridex MalDoc 3
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    23913: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    23914: TCP: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    23976: TLS: ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    23977: TCP: Email Contains InternetOpen WinInet API Call - Potentially Dridex MalDoc 1
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    23978: TCP: Email Contains InternetOpen WinInet API Call - Potentially Dridex MalDoc 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    24080: HTTP: Scanbox Sending Host Data
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    24172: DNS: APT Hellsing Proxy Checker Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    24173: HTTP: Trojan-Banker.AndroidOS.Wroba.m Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    24174: FTP: PredatorPain Keylogger FTP Activity
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    24506: TCP: SuperFish Possible SSL Cert CnC Traffic
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    25948: HTTP: Possible Successful Remax Phish - AOL Creds Jun 23 2015
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    26122: HTTP: Possible Successful Yahoo Phish Jun 23 2015
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    28558: TCP: Email Contains wininet.dll Call - Potentially Dridex MalDoc 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    29218: HTTP: Possible Successful Remax Phish - Other Creds Jun 23 2015
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    30029: TCP: SuperFish Possible SSL Cert Signed By Compromised Root CA
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    30666: HTTP: Arid Viper APT Checkin 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    30670: HTTP: Arid Viper APT Possible User-Agent (SK)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    30671: HTTP: Arid Viper APT Possible User-Agent (Skype)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    30672: HTTP: Arid Viper APT Possible User-Agent (Skypee)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    30673: HTTP: Babar POST Request
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32397: HTTP: Trojan.NSIS.Comame.A Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32398: HTTP: SuperFish CnC Beacon 1
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32399: HTTP: Possible Bedep Connectivity Check (2)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32400: HTTP: Win32/HydraCrypt CnC Beacon 3
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32401: HTTP: Win32/LockScreen CnC Beacon 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32405: HTTP: Gamarue/Andromeda Downloading Payload
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32406: HTTP: Vicepass CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32408: HTTP: Win32/Teslacrypt Ransomware HTTP CnC Beacon M2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32411: HTTP: Win32/TrojanProxy.JpiProx.B CnC Beacon 1
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32412: HTTP: Win32/TrojanProxy.JpiProx.B CnC Beacon 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    32413: HTTP: Mikey Variant HTTP CnC Beacon 3
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    32415: HTTP: Kriptovor Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32416: HTTP: Kriptovor Retrieving RAR Payload
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32417: HTTP: Kriptovor External IP Lookup checkip.dyndns.org
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32418: HTTP: Operation Buhtrap CnC Beacon 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    32419: HTTP: Possible Maldoc Retrieving Dridex from pastebin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32420: HTTP: Possible APT30 or Win32/Nuclear HTTP Framework
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32421: HTTP: LankerBoy HTTP CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32423: HTTP: Win32/Ruckguv.A Requesting Payload
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32424: HTTP: FighterPOS CnC Beacon 1
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32425: HTTP: FighterPOS CnC Beacon 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    32426: HTTP: FighterPOS CnC Beacon 3
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32427: HTTP: Sysget/HelloBridge HTTP GET CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32428: HTTP: Zacom/NFlog HTTP POST Connectivity Check
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32429: HTTP: Dalexis CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    32430: HTTP: PunkeyPOS HTTP CnC Beacon Fake UA
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32431: HTTP: PunkeyPOS HTTP CnC Beacon 5
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32432: HTTP: PunkeyPOS HTTP CnC Beacon 6
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32433: HTTP: Win32/StreamFlaw.A Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32437: HTTP: Downeks Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32441: HTTP: Yahoyah CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    32445: HTTP: Blue Bot DDoS Logger Request
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34162: HTTP: JavaScriptBackdoor HTTP GET CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34165: HTTP: Win32/Bancos URL Structure
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34167: HTTP: Win32/Gatak.DR Payload Instructions
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34168: HTTP: PunkeyPOS HTTP CnC Beacon 7
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34171: HTTP: KeyBase Keylogger Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34172: HTTP: Databack CnC
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34173: HTTP: Sakula/Mivast RAT CnC Beacon 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34174: HTTP: Sakula/Mivast RAT CnC Beacon 3
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34175: HTTP: IsSpace/Zacom Connectivity Check
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34177: HTTP: Win32/Gatak.DR Activity
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34178: HTTP: Gatak CnC
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34183: HTTP: W2KM_BARTALEX Downloading Payload 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34184: HTTP: Gozi/Ursnif/Papras Grabftp Module Download
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34185: HTTP: Win32/Vflooder.C Connectivity Check
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    34187: HTTP: Matsnu Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34189: HTTP: KeyBase Keylogger HTTP Pattern
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34190: HTTP: KeyBase Keylogger Uploading Screenshots
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34197: HTTP: PSEmpire Checkin via POST
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34198: HTTP: W2KM_BARTALEX August 11 2015
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34200: HTTP: AlphaCrypt CnC Beacon 3
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34202: HTTP: Corebot Requesting Module
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34204: HTTP: Win32/Reconyc.equo Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

    34207: HTTP: Unknown Malicious Second Stage Download URI Struct Sept 15 2015
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.

    34208: HTTP: Win32/Spy.Odlanor CnC Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    14701: HTTP: Incognito - Payload Request - /load.php by Java Client
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    20943: HTTP: Win32/Agent.WVW CnC Beacon 3
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    20961: TCP: APT CozyCar SSL Cert 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    22695: TCP: Linux/ChinaZ DDoS Bot Checkin 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    22944: HTTP: Operation Buhtrap CnC Beacon 1
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    30665: HTTP: Arid Viper APT Checkin 1
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    30667: HTTP: Arid Viper APT Checking filename
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    30669: HTTP: Arid Viper APT Transmitting Date
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    32396: HTTP: Possible Babar POST Request
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    32404: HTTP: Win32/Trapwot FakeAV Post Infection CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    32422: HTTP: CoinVault Mailer CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    32443: HTTP: Blue Bot DDoS Proxy Request
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    34166: HTTP: MSIL/Autorun.AD Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    34182: HTTP: Downloader.Win32.Adload (KaiXin Payload) Checkin
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

    34188: HTTP: SeaDuke CnC Beacon
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.

  Removed Filters:

    14658: HTTP: HTTP Request to a a known malware domain (sektori.org)
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    32442: HTTP: SPEAR CnC Beacon 2
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    34169: HTTP: PunkeyPOS HTTP CnC Beacon 8
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.

    34181: HTTP: Downloader.Win32.Adload (KaiXin Payload) Config Download
      - IPS Version: 3.7.0 and after.
      - NGFW Version: 1.1.1 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.  

Did this article help you? Yes No