IPS Threat Content Update Release Notes 23.130.14

IPS Threat Content Update Release Notes 23.130.14

Refer to the following summary of signatures deployed on 31st July, 2023 with the IPS content release:

  • Signatures added: 21
  • Signatures modified: 0
  • Signatures removed: 07

Signatures Added

SIDDescriptionReference
150637MALWARE-CNC EMOTET.C2.Beacon detectedNo Reference
62015MALWARE-OTHER Win.Trojan.SmokeLoader variant download attemptNo Reference
62017MALWARE-OTHER Win.Trojan.SmokeLoader variant download attemptNo Reference
62019MALWARE-OTHER Win.Trojan.SmokeLoader variant download attemptNo Reference
62021MALWARE-OTHER Win.Trojan.SmokeLoader variant download attemptNo Reference
62054FILE-OFFICE Microsoft Office RTF object remote code execution attemptCVE:CVE-2023-36884
62056MALWARE-BACKDOOR Php.Webshell.AntSword transfer attemptgithub.com/antswordproject/antsword
62061MALWARE-CNC Osx.Backdoor.Rustbucket stage three download attempt
virustotal.com
62065MALWARE-OTHER Win.Ransomware.Trigona variant download attemptblogs.blackberry.com
62067MALWARE-OTHER Win.Ransomware.Trigona variant download attemptblogs.blackberry.com
62069MALWARE-OTHER Win.Trojan.RomCom variant download attemptblogs.blackberry.com
62071MALWARE-OTHER Win.Trojan.RomCom variant download attemptblogs.blackberry.com
62073MALWARE-OTHER Win.Trojan.RomCom variant download attemptblogs.blackberry.com
62075MALWARE-OTHER Win.Trojan.RomCom variant download attemptblogs.blackberry.com
62077MALWARE-OTHER Win.Trojan.RomCom variant download attemptblogs.blackberry.com
62079MALWARE-OTHER Win.Ransomware.IndustrialSpy variant download attemptblogs.blackberry.com
62081MALWARE-OTHER Win.Ransomware.IndustrialSpy variant download attemptblogs.blackberry.com
62083MALWARE-OTHER Win.Ransomware.Underground variant download attemptblogs.blackberry.com
62084MALWARE-CNC Win.Trojan.RomCom outbound connection attemptblogs.blackberry.com
62085MALWARE-CNC Win.Trojan.RomCom outbound connection attemptblogs.blackberry.com
62086MALWARE-CNC Win.Trojan.RomCom outbound connection attemptblogs.blackberry.com

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 15119
  • 48155
  • 37575
  • 47844
  • 38787
  • 15121
  • 17042
Share this Doc

IPS Threat Content Update Release Notes 23.130.14

Or copy link

In this topic ...