Summary
ThreatDV - Malware Filter Package #1559 September 25, 2018
Details
Thank you for subscribing to Threat Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com To learn more about the capabilities of this filter set, please reference: TippingPoint Deployment Note: Threat Digital Vaccine (ThreatDV). SMS customers can update the malware filter set through the SMS client. Go to Profiles > Auxiliary DVs > Download to detect and load the latest update. |
System Requirements The malware filter package requires TOS v3.7.0.4200, NGFW v1.1.1.4200, TPS v4.0.0.4300, vTPS v4.0.1.4300 and higher. This filter package is supported only on the N and NX Platform IPS, NGFW, TPS and vTPS systems licensed for the ThreatDV (formerly ReputationDV) service. |
The Malware Filter Package can also be manually downloaded from the following URL: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=malware&contentId=Malware_3.7.0_1559.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters
Modified Filters (logic changes)
Modified Filters (metadata changes only)
Removed Filters
Filters
----------------
New Filters:
33069: HTTP: Trojan.Win32.CamuBot.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) 33070: TCP: Trojan.MSIL.Sqicrubo.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployment: Not enabled by default in any deployment. 33071: HTTP: Backdoor.Win32.PowerPool.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployment: Not enabled by default in any deployment. 33072: SMTP: Trojan.MSIL.Harsomrey.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployment: Not enabled by default in any deployment. 33073: HTTP: Trojan-Downloader.Win32.Gnayoleg.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) 33074: HTTP: Trojan.MSIL.Bodehuzaspy.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) 33075: SMTP: Trojan.MSIL.Bassifre.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployment: Not enabled by default in any deployment. 33076: SMTP: Trojan.MSIL.CryptoNar.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployment: Not enabled by default in any deployment. 33081: HTTP: Xbash Fetch Requests - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: Critical - Description: This filter is deployed in the Malware Filter Package. - Deployment: Not enabled by default in any deployment. 33116: TCP: ByShell Checkin Request - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) Modified Filters (logic changes): * = Enabled in Default deployments 29001: HTTP: Trojan.AndroidOS.Fyec.bna CnC Beacon 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29002: HTTP: MSIL/TrojanClicker.AdShow.NQB Initial Redirect Activity - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29003: TLS: Malicious SSL Certificate Observed (IcedID/BokBot CnC) - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29005: HTTP: Android/SMSreg.GB Checkin 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29006: HTTP: Android.Trojan.SLocker.TX CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29007: HTTP: Trojan.AndroidOS.Rootnik.bw CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29008: HTTP: Android.Trojan.Agent.EZ CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29010: TLS: ZLoader Malicious SSL Cert Observed - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29011: TCP: Ipdlacsing Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29012: HTTP: Android/TrojanDropper.Agent.AXD CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29013: HTTP: MSIL/Spy.Agent.AUE Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29015: HTTP: Android/SMForw.RL Contact Exfil - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29016: HTTP: Trojan-Spy.AndroidOS.SmForw.o Contact Exfil - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29017: HTTP: Android Unknown Trojan-Spy CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29019: HTTP: Cobalt Strike Malleable C2 Amazon Profile - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29020: HTTP: Monitor.AndroidOS.Hellospy.a CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29021: SMTP: Trojan-Spy.AndroidOS.SmsThief.mk Reporting via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29022: SMTP: Trojan-Spy.AndroidOS.SmsThief.ey Reporting via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29023: SMTP: Trojan-Spy.AndroidOS.SmsThief.dj Reporting via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29024: SMTP: Trojan-Spy.AndroidOS.SmsThief.es SMS/Contact Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29025: SMTP: Trojan-Spy.AndroidOS.SmsThief.es Reporting via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29026: HTTP: Win32/TrojanDownloader.Delf.BQI Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29027: HTTP: MSIL/Hidden-Tear Variant CnC Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29028: SMTP: Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29029: SMTP: Trojan-Spy.AndroidOS.SmsThief.ey Contact Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29030: SMTP: Trojan-Spy.AndroidOS.SmsThief.ey SMS Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29031: HTTP: KONNI Retrieving Payload - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29032: SMTP: Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil via SMTP 5 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29033: SMTP: Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil via SMTP 6 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29034: SMTP: Trojan-Spy.AndroidOS.SmsThief.mk Reporting via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29035: SMTP: Trojan-Spy.AndroidOS.SmsThief.mk Reporting via SMTP 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29036: SMTP: Trojan-Spy.AndroidOS.SmsThief.dj Reporting via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29037: SMTP: Trojan-Spy.AndroidOS.SmsThief.ac SMS Exfil via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29038: HTTP: Trojan-Banker.AndroidOS.Asacub.pac CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29039: SMTP: Trojan-Spy.AndroidOS.SmsThief.dj Reporting via SMTP 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29040: SMTP: Trojan-Spy.AndroidOS.SmsThief.dj Reporting via SMTP 4 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29041: SMTP: Android/Spy.SmsSpy.EQ SMS Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29042: DNS: IsmDoor DNS C2 Initial Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29043: DNS: IsmDoor DNS C2 Domain Name - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29044: DNS: IsmDoor DNS C2 Initial Data Sent - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29093: DNS: IsmDoor DNS C2 Checkin Stage 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29094: DNS: IsmDoor DNS C2 Checkin Stage 4 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29095: DNS: IsmDoor DNS C2 Checkin Stage 5 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29096: DNS: IsmDoor DNS C2 Domain Name - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29097: SMTP: Trojan-Spy.AndroidOS.SmsThief.mk Reporting via SMTP 4 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29098: SMTP: Trojan-Spy.AndroidOS.SmsThief.ac Contact Exfil via SMTP 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29100: SMTP: Trojan-Spy.AndroidOS.SmsThief.dj SMS/Contact Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29101: SMTP: Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29102: SMTP: Trojan-Spy.AndroidOS.SmForw.ar Reporting via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29103: HTTP: Anubis Android Loader / BankBot Checkin 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29104: HTTP: Anubis Android Loader / BankBot Checkin 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29105: HTTP: MSIL/Agent.AUK CnC Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29107: TCP: Loda Logger Downloading Password Stealer - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29108: HTTP: Win32/Serpent Ransomware Debug Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29109: HTTP: Anubis Android Loader / BankBot Checkin 5 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29110: TCP: Win32/Zegost.Ddos Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29112: HTTP: Win32/Slingup.A Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29113: HTTP: Android.Trojan.InfoStealer.JZ SMS/Contact Exfil - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29116: HTTP: Trojan-Banker.AndroidOS.Hqwar.jck Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29117: HTTP: Trojan-Banker.AndroidOS.Hqwar.jck Response - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29118: HTTP: Trojan-Banker.AndroidOS.Hqwar.jck Response 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29119: TLS: Hidden-Tear Ransomware Variant Malicious SSL Cert Observed - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29120: SMTP: Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29121: HTTP: Hidden-Tear Ransomware Variant CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29127: HTTP: Unknown Backdoor Request May 17 2017 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29129: HTTP: GhostAdmin/KeyTrap/BlakStar Requesting Config M2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29161: TLS: APT.Enfal SSL Cert - Downloaded by Cmstar - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29162: TCP: Observed Malicious SSL Cert (Orcus RAT) - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29163: SMTP: Trojan-Spy.AndroidOS.SmsThief.dj SMS/Contact Exfil via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29164: SMTP: Trojan-Spy.AndroidOS.SmForw.ar SMS Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29165: SMTP: Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 4 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29166: SMTP: Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 5 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29167: SMTP: Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 6 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29170: HTTP: MSIL/ClipBanker.BX CnC Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29171: HTTP: PyCL/Fatboy Ransomware External IP Check - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29176: HTTP: RTM Banker CnC M3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29178: HTTP: Trojan-Banker.Win32.Banbra .pac Download Request - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29179: TCP: Trojan.Win32.ServStart File Download - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29182: HTTP: Anubis Android Loader / BankBot Checkin 7 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29184: HTTP: Android.Trojan.SMSSend.PP CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29185: HTTP: Android/Agent.LK CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29186: HTTP: APT32 Win32/Agent.YFL Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29188: HTTP: Win32/Ibashade CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29189: HTTP: Core Bot IP Check - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29190: TCP: MSIL/njRAT/Bladabindi Variant (Microsoft_key_update) CnC Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29191: SMTP: Trojan-Spy.AndroidOS.SmForw.ic Contact Exfil via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29192: SMTP: Trojan-Spy.AndroidOS.SmForw.ar Reporting via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29193: SMTP: Trojan-Spy.AndroidOS.SmsThief.hs Reporting via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29195: HTTP: Hidden-Tear Ransomware Variant CnC Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29196: SMTP: Trojan-Spy.AndroidOS.SmsThief.ey SMS Exfil via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29197: SMTP: Trojan-Spy.AndroidOS.SmsThief.ey Contact Exfil via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29198: SMTP: Trojan-Spy.AndroidOS.SmsThief.ju Contact/SMS Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29199: SMTP: Trojan-Spy.AndroidOS.SmsThief.ju Contact/SMS Exfil via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29200: SMTP: Trojan-Spy.AndroidOS.SmsThief.ju Contact/SMS Exfil via SMTP 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29201: SMTP: Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 7 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29202: TLS: Malicious JS Downloader Domain in SNI - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29203: HTTP: Trojan-Spy.AndroidOS.Agent.cs CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29204: SMTP: Trojan-Spy.AndroidOS.SmForw.ar SMS Exfil via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29226: HTTP: Trojan-SMS.AndroidOS.FakeInst.ft CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29227: HTTP: APT.Debbocs CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29228: SMTP: Trojan-Spy.AndroidOS.SmsThief.lg Reporting via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29229: SMTP: Trojan-Spy.AndroidOS.SmsThief.lg Reporting via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29230: SMTP: Trojan-Spy.AndroidOS.SmsThief.es SMS/Contact Exfil via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29231: SMTP: Trojan-Spy.AndroidOS.SmsThief.es SMS/Contact Exfil via SMTP 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29232: HTTP: ColorFish Requesting Main Payload - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29233: HTTP: ColorFish Requesting Additional Modules - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29234: HTTP: ColorFish CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29235: HTTP: Trojan-Banker.AndroidOS.Rymner.f CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29236: HTTP: Trojan.AndroidOS.Boogr.gsh CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29237: HTTP: Trojan.AndroidOS.Boogr.gsh CnC Beacon 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29239: HTTP: Evil Redirector Leading to RigEK Jun 05 2017 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. 29240: SMTP: Trojan-Spy.AndroidOS.SmForw.ic Contact Exfil via SMTP 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29241: TLS: Malicious SSL certificate detected (PupyRat) - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29242: TCP: Win32/IRCBot.AVI Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29243: HTTP: Backdoor.AndroidOS.Dingwe.a Checkin 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29244: HTTP: Backdoor.AndroidOS.Dingwe.a SMS/Contact Exfil - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29245: HTTP: Anubis Android Loader / BankBot Checkin 9 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29247: HTTP: MSIL/Stimilik.CO Stealer CnC Activity - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29248: HTTP: Trojan-Banker.AndroidOS.Marcher.snt CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29249: DNS: Bunitu DNS Lookup - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29250: SMTP: Trojan-Spy.AndroidOS.SmForw.ic SMS Exfil via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29251: SMTP: Trojan-Spy.AndroidOS.SmForw.ic Contact Exfil via SMTP 4 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29252: SMTP: Trojan-Ransom.AndroidOS.Congur.san Reporting via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29253: SMTP: Trojan-Spy.AndroidOS.SmsThief.lg SMS Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29254: SMTP: Trojan-Spy.AndroidOS.SmForw.ic Contact Exfil via SMTP 4 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29255: SMTP: Trojan-Spy.AndroidOS.SmForw.ic SMS Exfil via SMTP 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29256: SMTP: Trojan-Spy.AndroidOS.SmsThief.ey Contact Exfil via SMTP 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29258: SMTP: Trojan-Spy.AndroidOS.SmsThief.mk Reporting via SMTP 5 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29259: SMTP: Trojan-Spy.AndroidOS.SmsThief.mk SMS Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29260: HTTP: Trojan-Clicker.AndroidOS.Simpo.bq CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29261: HTTP: Trojan-Clicker.AndroidOS.Simpo.az CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29262: HTTP: Trojan-Clicker.AndroidOS.Simpo.az CnC Beacon 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29263: HTTP: Anubis Android Loader / BankBot Checkin 11 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29264: SMTP: Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil via SMTP 7 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29265: SMTP: Trojan-Spy.AndroidOS.SmsThief.dj Contact Exfil via SMTP 5 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29266: HTTP: Win32/Filecoder CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29267: HTTP: Win32.Swisyn.fohg Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29282: HTTP: Android.Trojan.FakeApp.AS CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29284: SMTP: Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29285: SMTP: Trojan-Spy.AndroidOS.SmForw.iz SMS/Contact Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29286: HTTP: Win32/Dynamer!ac Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29287: HTTP: Trojan-PSW.AndroidOS.Inazun.h CnC Beacon 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29288: SMTP: Trojan-Spy.AndroidOS.SmsThief.fh Contact Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29289: HTTP: Win32.Dinwod CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29295: HTTP: Android.Trojan.SmsSpy.LP CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29296: HTTP: CoinMiner Downloader Retrieving Payload - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29297: TCP: MSIL/Injector.SKQ InfoStealer CnC Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29301: HTTP: wellfopay .ru CnC Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29302: HTTP: Android/Clicker.HA Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29303: HTTP: Magnitude EK (magnigate) Jun 23 2017 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. 29304: SMTP: Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29305: SMTP: Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29306: SMTP: Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29307: SMTP: Trojan-Spy.AndroidOS.SmForw.iz Contact Exfil via SMTP 8 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29308: SMTP: Trojan-Spy.AndroidOS.SmsThief.dj Contact Exfil via SMTP 6 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29309: SMTP: Trojan-Spy.AndroidOS.SmsThief.dj SMS Exfil via SMTP 8 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29310: SMTP: AgentTesla Reporting Infection via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29378: HTTP: Trojan-SMS.AndroidOS.FakeInst.fb CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29487: HTTP: Win32/Adonis/Other Screenlocker CnC Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29643: TCP: MSIL/IRCBot.BH CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29690: HTTP: APT19 PS Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29756: TLS: ZLoader Malicious SSL Cert Observed - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29757: HTTP: W32.Yakes Variant Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. 29839: HTTP: Android/Monitor.Spyoo.L CnC Beacon - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29840: HTTP: Android.Monitor.SpyApp.D Checkin 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 29890: HTTP: JS_NETREPSER.A Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Vulnerability references updated. 30321: HTTP: JS Loader Payload Request - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. Modified Filters (metadata changes only): * = Enabled in Default deployments 29099: SMTP: Android.Trojan.Lotus.A GPS Location Exfil via SMTP - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 29106: TCP: Loda Logger Executing Previously Downloaded File - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 29114: HTTP: Cobalt Strike Malleable C2 OCSP Profile - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 29115: HTTP: Android/Fadeb.P Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 29122: TCP: MSIL/Unk.RAT CnC Sending Screenshot (cp) - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 29128: HTTP: GhostAdmin/KeyTrap/BlakStar Requesting Config M1 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 29177: DNS: RTM Banker TCP Domain Lookup - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 29180: DNS: Steam PWS DNS Lookup - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 29283: DNS: DNS Query to Cerber Domain (135nt3 . top) - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 29292: HTTP: Win32/CoinMiner.AGW Downloader Requesting Payload - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 29430: DNS: DNS Query to Cerber Domain (086ux2 . top) - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 29533: HTTP: Ishtar Ransomware Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 29721: TCP: MSIL/Unk.RAT CnC Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 29955: DNS: DNS Query matching Cerber Domain Format (.top TLD) - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Vulnerability references updated. 32367: HTTP: KONNI Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 32371: TCP: Babylon RAT C2 Server Response M2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. 32374: TLS: Core Bot C2 SSL Certificate Detected - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 32375: HTTP: Win32/Neshta.A Download Request - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 32446: HTTP: Win32/TrojanDownloader.Banload Post Request - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 32451: HTTP: MSIL/Unk.Stealer CnC Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. 32452: TCP: Bitcoin Miner Known Malicious Basic Auth (TGlaTFNVdUtKN1NrZU51NFF2SGRZdDhmQ1N3amhpMXpwRDp4) - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. Removed Filters: 29018: HTTP: Android Unknown Trojan-Spy Contact Exfil - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. 29123: HTTP: Adylkuzz CnC Beacon 1 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. 29124: HTTP: Adylkuzz CnC Beacon 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. 29125: HTTP: Adylkuzz CnC Beacon 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. 29126: HTTP: Adylkuzz CnC Beacon 4 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. 29169: HTTP: Android/Agent.AKX Checkin 2 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. 29172: HTTP: Android.Trojan.Agent.GE Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. 29175: HTTP: Trojan-Spy.AndroidOS.Agent.hh SMS Exfil - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. 29183: HTTP: Anubis Android Loader / BankBot Checkin 8 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. 29238: HTTP: Trojan.AndroidOS.Boogr.gsh CnC Beacon 3 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. 29246: HTTP: Anubis Android Loader / BankBot Checkin 10 - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. 29281: HTTP: Android.Trojan.FakeApp.AS Checkin - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after.
Top of the Page