IPS Threat Content Update Release Notes 23.130.14
IPS Threat Content Update Release Notes 23.130.14
Refer to the following summary of signatures deployed on 31st July, 2023 with the IPS content release:
- Signatures added: 21
- Signatures modified: 0
- Signatures removed: 07
Signatures Added
SID | Description | Reference |
---|---|---|
150637 | MALWARE-CNC EMOTET.C2.Beacon detected | No Reference |
62015 | MALWARE-OTHER Win.Trojan.SmokeLoader variant download attempt | No Reference |
62017 | MALWARE-OTHER Win.Trojan.SmokeLoader variant download attempt | No Reference |
62019 | MALWARE-OTHER Win.Trojan.SmokeLoader variant download attempt | No Reference |
62021 | MALWARE-OTHER Win.Trojan.SmokeLoader variant download attempt | No Reference |
62054 | FILE-OFFICE Microsoft Office RTF object remote code execution attempt | CVE:CVE-2023-36884 |
62056 | MALWARE-BACKDOOR Php.Webshell.AntSword transfer attempt | github.com/antswordproject/antsword |
62061 | MALWARE-CNC Osx.Backdoor.Rustbucket stage three download attempt | virustotal.com |
62065 | MALWARE-OTHER Win.Ransomware.Trigona variant download attempt | blogs.blackberry.com |
62067 | MALWARE-OTHER Win.Ransomware.Trigona variant download attempt | blogs.blackberry.com |
62069 | MALWARE-OTHER Win.Trojan.RomCom variant download attempt | blogs.blackberry.com |
62071 | MALWARE-OTHER Win.Trojan.RomCom variant download attempt | blogs.blackberry.com |
62073 | MALWARE-OTHER Win.Trojan.RomCom variant download attempt | blogs.blackberry.com |
62075 | MALWARE-OTHER Win.Trojan.RomCom variant download attempt | blogs.blackberry.com |
62077 | MALWARE-OTHER Win.Trojan.RomCom variant download attempt | blogs.blackberry.com |
62079 | MALWARE-OTHER Win.Ransomware.IndustrialSpy variant download attempt | blogs.blackberry.com |
62081 | MALWARE-OTHER Win.Ransomware.IndustrialSpy variant download attempt | blogs.blackberry.com |
62083 | MALWARE-OTHER Win.Ransomware.Underground variant download attempt | blogs.blackberry.com |
62084 | MALWARE-CNC Win.Trojan.RomCom outbound connection attempt | blogs.blackberry.com |
62085 | MALWARE-CNC Win.Trojan.RomCom outbound connection attempt | blogs.blackberry.com |
62086 | MALWARE-CNC Win.Trojan.RomCom outbound connection attempt | blogs.blackberry.com |
Signatures Removed
Removed the following signatures due to False Positives (FP):
- 15119
- 48155
- 37575
- 47844
- 38787
- 15121
- 17042