Summary
ThreatDV - Malware Filter Package #1755 January 26, 2021
Details
Thank you for subscribing to Threat Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com SMS customers can update the malware filter set through the SMS client. Go to Profiles > Auxiliary DVs > Download to detect and load the latest update. |
System Requirements |
The malware filter package requires TOS v3.7.0, NGFW v1.1.1, TPS v4.0.0, vTPS v4.0.1 or later. This filter package is supported only on the N and NX Platform IPS, NGFW, TPS and vTPS systems licensed for the ThreatDV (formerly ReputationDV) service. |
The Malware Filter Package can also be manually downloaded from the following URL: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=malware&contentId=Malware_3.7.0_1755.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 8
Modified Filters (logic changes) - 2
Modified Filters (metadata changes only) - 6
Removed Filters - 0
Filters
----------------
New Filters: 38785: HTTP: Backdoor.PHP.Lulzwiper.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: January 26, 2021 38786: HTTP: Trojan.MSIL.Hosdevterat.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: January 26, 2021 38789: HTTP: Trojan.MSIL.Whonxbot.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: January 26, 2021 38790: HTTP: Ransomware.MSIL.Darkidlrow.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployment: Not enabled by default in any deployment. - Release Date: January 26, 2021 38792: HTTP: Trojan.Win32.Oskistealer.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployment: Not enabled by default in any deployment. - Release Date: January 26, 2021 38793: HTTP: Backdoor.Python.FreakOut.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: January 26, 2021 38795: HTTP: Backdoor.MSIL.Shreandent.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - Release Date: January 26, 2021 38810: HTTP: Backdoor.MSIL.FunnySwitch.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Virus - Severity: High - Description: This filter is deployed in the Malware Filter Package. - Deployment: Not enabled by default in any deployment. - Release Date: January 26, 2021 Modified Filters (logic changes): * = Enabled in Default deployments * 35709: HTTP: Backdoor.Win64.Crosswalk.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: July 09, 2019 - Last Modified Date: January 26, 2021 * 37032: HTTP: Backdoor.Linux.Kinsackor.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: February 04, 2020 - Last Modified Date: January 26, 2021 Modified Filters (metadata changes only): * = Enabled in Default deployments 32946: HTTP: Backdoor.Win32.Ketrumrat.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: June 02, 2020 - Last Modified Date: January 26, 2021 38030: HTTP: Backdoor.Win64.Rdat.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: August 11, 2020 - Last Modified Date: January 26, 2021 * 38631: HTTP: Trojan.Win64.Zebrocynim.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: December 15, 2020 - Last Modified Date: January 26, 2021 * 38633: HTTP: Trojan.JS.Denupsec.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: December 15, 2020 - Last Modified Date: January 26, 2021 38752: HTTP: Trojan.MSIL.MoleStage.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: January 19, 2021 - Last Modified Date: January 26, 2021 * 38767: HTTP: Backdoor.JS.JsOutProx.A Runtime Detection - IPS Version: 3.7.0 and after. - NGFW Version: 1.1.1 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: January 19, 2021 - Last Modified Date: January 26, 2021 Removed Filters: NoneTop of the Page