Summary
ThreatDV - Malware Filter Package #1726 September 1, 2020
Details
Thank you for subscribing to Threat Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the malware filter set through the SMS client. Go to Profiles > Auxiliary DVs > Download to detect and load the latest update. |
System Requirements The malware filter package requires TOS v3.7.0, NGFW v1.1.1, TPS v4.0.0, vTPS v4.0.1 or later. This filter package is supported only on the N and NX Platform IPS, NGFW, TPS and vTPS systems licensed for the ThreatDV (formerly ReputationDV) service. |
The Malware Filter Package can also be manually downloaded from the following URL: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=malware&contentId=Malware_3.7.0_1726.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 10
Modified Filters (logic changes) - 3
Modified Filters (metadata changes only) - 11
Removed Filters - 0
Filters
----------------
New Filters:
38077: HTTP: Ransomware.Win32.MatrixCryptor.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 01, 2020 38078: HTTP: Trojan.Shell.Hadglider.TSE Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 01, 2020 38081: TCP: Trojan.Win32.Vivaciousgift.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 01, 2020 38084: HTTP: Trojan.MSIL.Ryzeraction.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 01, 2020 38085: SMTP: Trojan.MSIL.AgentTesla.SD Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 01, 2020 38086: HTTP: Trojan.Python.AnstelgStealer.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 01, 2020 38087: HTTP: Trojan.Python.AnstelgStealer.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 01, 2020 38088: TCP: Trojan.Linux.Ballpitbot.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 01, 2020 38089: TCP: Worm.Win32.Lucifer.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: September 01, 2020 38091: HTTP: Worm.Shell.Lemonduck.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2017-0144, CVE-2017-8570 - Release Date: September 01, 2020 Modified Filters (logic changes): * = Enabled in Default deployments * 33624: HTTP: Backdoor.MSIL.Anfoorge.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Release Date: November 27, 2018 - Last Modified Date: September 01, 2020 * 34294: TCP: Trojan.MSIL.Welextobi.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Release Date: February 13, 2019 - Last Modified Date: September 01, 2020 * 34799: TCP: Worm.MSIL.Admixdiag.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Detection logic updated. - Release Date: March 19, 2019 - Last Modified Date: September 01, 2020 Modified Filters (metadata changes only): * = Enabled in Default deployments 28980: TCP: NotPetya Ransomware Payload Transfer - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: July 04, 2017 - Last Modified Date: September 01, 2020 29847: HTTP: BadRabbit JavaScript Reporting Request - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: October 31, 2017 - Last Modified Date: September 01, 2020 29857: SMB: BadRabbit File Creation Request - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: October 31, 2017 - Last Modified Date: September 01, 2020 * 33910: HTTP: Trojan.MSIL.Magentpass.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: January 01, 2019 - Last Modified Date: September 01, 2020 34022: TCP: FlawedGrace Checkin Request - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. - Release Date: January 15, 2019 - Last Modified Date: September 01, 2020 * 34814: HTTP: Backdoor.Shell.Powrun.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: March 19, 2019 - Last Modified Date: September 01, 2020 * 35723: TCP: Trojan.MSIL.Diplomcrypt.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: July 09, 2019 - Last Modified Date: September 01, 2020 * 36201: HTTP: Trojan-Downloader.Win32.Capracloader.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. - Release Date: September 24, 2019 - Last Modified Date: September 01, 2020 * 36505: HTTP: Trojan.MSIL.Nviditien.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: October 29, 2019 - Last Modified Date: September 01, 2020 * 36552: TCP: Backdoor.Win32.SDBbot.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. - Release Date: November 05, 2019 - Last Modified Date: September 01, 2020 36672: TCP: Backdoor.MSIL.VanillaRat.B Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Description updated. - Release Date: November 19, 2019 - Last Modified Date: September 01, 2020 Removed Filters: NoneTop of the Page