IPS Threat Content Update Release Notes 101.0.0.306

IPS Threat Content Update Release Notes 101.0.0.306

Refer to the following summary of signatures deployed on 21st February, 2023 with the IPS content release:

  • Signatures added: 71
  • Signatures modified: 09
  • Signatures removed: 03
Signatures Added
SIDDescriptionReference
140138POLICY-OTHER eicar file upload detectedNo Reference
150580MALWARE-CNC Ickytick.c2 traffic detectedNo Reference
60712FILE-JAVA Oracle Java JNLP progress-class remote code execution attemptCVE-2015-4902
60727POLICY-OTHER OWASP Amass default User-Agent recon traffic detected owasp.org/www-project-amass/
60728MALWARE-CNC Win.Trojan.HannabiGrabber info stealer outbound communication www.virustotal.com/gui/file/082e50f61aa3e649889defae5bccb1249fc1c1281b2b9f02e10cb1ede8a1d16f
60748MALWARE-CNC Win.Infostealer.MetaStealer outbound connection www.virustotal.com/gui/file/a0fd6bde5569b5a0abe9c0286b7c5683166f19b76178fc181c12ba15c0143882/detection
60749MALWARE-CNC Win.Infostealer.MetaStealer outbound connection www.virustotal.com/gui/file/a0fd6bde5569b5a0abe9c0286b7c5683166f19b76178fc181c12ba15c0143882/detection
60750MALWARE-CNC Win.Infostealer.MetaStealer outbound connection www.virustotal.com/gui/file/a0fd6bde5569b5a0abe9c0286b7c5683166f19b76178fc181c12ba15c0143882/detection
60754OS-LINUX Linux Kernel OverlayFS capabilities escalation of privileges attemptCVE-2021-3493
60755MALWARE-CNC Win.Trojan.Astaroth outbound connection attempt isc.sans.edu/diary/28962
60756MALWARE-CNC Win.Trojan.Astaroth outbound connection attempt isc.sans.edu/diary/28962
60758FILE-OTHER GNU gzip zgrep arbitrary file write attemptCVE-2022-1271
60759MALWARE-CNC Ppt.Downloader.Wirte outbound connection www.virustotal.com/gui/file/1f9d4bb8afa4031027df117e35e6c588893471e6ac8d10a9bc9c3899a48a9ef8
60779FILE-OTHER GIGABYTE Kernel Driver elevation of privilege attemptCVE-2018-19322
60794MALWARE-CNC Win.InfoStealer.Raccoon variant outbound connection www.virustotal.com/gui/file/5f1cae348c31c954f11e1b846cbcd7ad139c537e1025a5e4a3d314208e329a3c
60795MALWARE-CNC Win.InfoStealer.Raccoon variant outbound connection www.virustotal.com/gui/file/5f1cae348c31c954f11e1b846cbcd7ad139c537e1025a5e4a3d314208e329a3c
60814FILE-OTHER GIGABYTE GPCIDrv and GDrv driver privilege escalation attemptCVE-2018-19320
60817MALWARE-CNC Unix.Trojan.RedXOR variant outbound connection github.com/corelight/redxor
60824MALWARE-CNC Php.Webshell.GReatPost outbound connection attempt attack.mitre.org/techniques/T1505/003/
60825MALWARE-CNC Php.Webshell.GReatPost inbound connection attempt attack.mitre.org/techniques/T1505/003/
60827OS-WINDOWS GIGABYTE GPCI and GIO driver privilege escalation attemptCVE-2018-19321
60828MALWARE-CNC Win.Backdoor.Hoaxshell outbound connection attempt virustotal.com/gui/file/c3858ed123a8becd0b01b2a409a9a4d18f5fd1047f5e06675ce1d4af075151a6
60829MALWARE-OTHER Win.Backdoor.Hoaxshell payload template download attempt github.com/t3l3machus/hoaxshell
60835MALWARE-CNC Win.Trojan.TurlaMosquito outbound connection www.virustotal.com/gui/file/01badf37252ae8092a27fb2a85a21fcf6791c935d09b3c34275d06d960992d64/detection
60836MALWARE-CNC Win.Trojan.TurlaMosquito outbound connection www.virustotal.com/gui/file/01badf37252ae8092a27fb2a85a21fcf6791c935d09b3c34275d06d960992d64/detection
60838OS-WINDOWS MSI afterburner privilege escalation attemptCVE-2019-16098
60843MALWARE-CNC Win.Backdoor.TurlaMosquito outbound connection virustotal.com/gui/file/e7fd14ca45818044690ca67f201cc8cfb916ccc941a105927fc4c932c72b425d/detection
60844MALWARE-CNC Win.Backdoor.Truebot variant outbound connection www.virustotal.com/gui/file/c6c4f690f0d15b96034b4258bdfaf797432a3ec4f73fbc920384d27903143cb0
60845MALWARE-CNC Win.Backdoor.Truebot variant outbound connection www.virustotal.com/gui/file/c6c4f690f0d15b96034b4258bdfaf797432a3ec4f73fbc920384d27903143cb0
60892MALWARE-OTHER Doc.Downloader.MetaStealer file download attempt virustotal.com/gui/file/981247f5f23421e9ed736dd462801919fea2b60594a6ca0b6400ded463723a5e
60894MALWARE-OTHER Shikata Ga Nai polymorphic encoder encoded shellcode download attempt virustotal.com/gui/file/0233dcf6417ab33b48e7b54878893800d268b9b6e5ca6ad852693174226e3bed/detection
60902MALWARE-CNC Win.Infostealer.MetaStealer variant outbound connection www.virustotal.com/gui/file/a0fd6bde5569b5a0abe9c0286b7c5683166f19b76178fc181c12ba15c0143882/detection
60903MALWARE-CNC Xls.Downloader.AXQ variant outbound connection www.virustotal.com/gui/file/51e182045dfcef1336f98859e0fb17754ec9fc2b88d56b2cbf857a7aa038f99c
60916BROWSER-CHROME V8 CSS prop type defineProperty interceptor confusion attemptCVE-2022-1232
60918BROWSER-IE Google Chrome LinkToTextMenuObserver heap use-after-free attemptCVE-2022-2998
60943MALWARE-CNC Win.Trojan.Gamaredon outbound communication attempt www.virustotal.com/gui/file/432123e2e1a1e6026f12d36fea35e83708d6797a9a596613ce39e02f62f88fa8
60945BROWSER-CHROME Chrome JavaScript Array.map Out-of-Bounds Write attemptCVE-2019-5825
60948MALWARE-TOOLS Win.Trojan.Teleport download attempt www.virustotal.com/gui/file/dd94c2fc46a6670b4600cf439b35dc81a401b09d2c2372139afe7b754d1d24d4
60950BROWSER-CHROME Google Chrome PDFiumEngine RequestThumbnail use-after-free attemptCVE-2022-0306
60952BROWSER-CHROME Google Chrome PDFiumEngine RequestThumbnail use-after-free attemptCVE-2022-0306
60955MALWARE-OTHER Win.Malware.Gazer wiper variant download attemptNo Reference
60957MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf
60959MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf
60961MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf
60963MALWARE-TOOLS Win.Dropper.KopiLuwak browser extension download attempt virustotal.com/gui/file/cf1f52b0a160f19e3bd2b91ba4135782c9d0dc171a753a2c93fa645bee6ca301
60965MALWARE-TOOLS Win.Dropper.KopiLuwak download attempt virustotal.com/gui/file/7481e87023604e7534d02339540ddd9565273dd51c13d7677b9b4c9623f0440b
60969MALWARE-OTHER Win.Ransomware.Endurance variant download attempt www.virustotal.com/gui/file/7c2b9f77c0a4302b2bff5a7e08418d572c982e80d178b1bb9928a5f0ecf5d660?nocache=1
60979MALWARE-CNC Win.Trojan.FormBook malicious XLL outbound connection attempt virustotal.com/gui/file/55228eec31193a900e8216ab245391f1e40feb742d780caa91fdb1000d8434c2
60980MALWARE-CNC Win.Trojan.FormBook malicious XLL outbound connection attempt virustotal.com/gui/file/55228eec31193a900e8216ab245391f1e40feb742d780caa91fdb1000d8434c2
60981MALWARE-CNC Win.Trojan.FormBook malicious XLL outbound connection attempt virustotal.com/gui/file/55228eec31193a900e8216ab245391f1e40feb742d780caa91fdb1000d8434c2
60987FILE-PDF Foxit PhantomPDF JavaScript annotation use-after-free attemptNo Reference
60989MALWARE-OTHER Win.Malware.Gazer loader variant download attempt www.virustotal.com/gui/file/2e8ce1b1433ac62f5e665b272abd5e5288bfdf06278528b2f481668e3d85a3ac
60991MALWARE-OTHER Win.Malware.Gazer loader variant download attemptNo Reference
60993MALWARE-OTHER Win.Malware.Gazer loader variant download attempt www.virustotal.com/gui/file/2e8ce1b1433ac62f5e665b272abd5e5288bfdf06278528b2f481668e3d85a3ac
60995MALWARE-OTHER Win.Malware.Gazer loader variant download attemptNo Reference
60997MALWARE-OTHER Win.Malware.Gazer loader variant download attemptNo Reference
60999MALWARE-OTHER Win.Malware.Gazer loader variant download attempt www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf
61001MALWARE-OTHER Win.Malware.Gazer loader variant download attempt www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf
61003MALWARE-OTHER Win.Malware.Gazer loader variant download attempt www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf
61004POLICY-OTHER Oracle Access Manager deprecated OpenSSO access attemptCVE-2021-35587
61013MALWARE-CNC Win.Trojan.FlawedGrace outbound communication attempt www.virustotal.com/gui/file/27b6e71b4adeada41fb1e411a910872bfad999183d9d43ba6e63602e104d357b
61015POLICY-OTHER Foxit Reader exportAsFDF potential arbitrary file write attemptCVE-2018-14280
61017POLICY-OTHER Foxit Reader exportAsFDF potential arbitrary file write attemptCVE-2018-14280
61030BROWSER-CHROME Google Chrome safe_browsing malicious use-after-free attemptCVE-2022-0289
61031BROWSER-CHROME Google Chrome safe_browsing malicious use-after-free attemptCVE-2022-0289
61034FILE-OTHER Adobe ColdFusion XmlTransform arbitrary file read attemptCVE-2022-42340
61043MALWARE-CNC Php.Webshell.H4ntu outbound connection attempt attack.mitre.org/techniques/T1505/003/
61045MALWARE-OTHER Win.Downloader.BatLoader malicious PowerShell script download attempt virustotal.com/gui/file/016d978da55760bbe95343838f2cd0556fe6f39511b1d754fb06db747e867e76
61313OS-WINDOWS Microsoft Windows Kernel elevation of privilege attemptCVE-2023-21688
61314OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attemptCVE-2023-21823
61320OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attemptCVE-2023-23376
Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 140140
  • 33941
  • 21162
Share this Doc

IPS Threat Content Update Release Notes 101.0.0.306

Or copy link

In this topic ...