IPS Threat Content Update Release Notes 101.0.0.306
IPS Threat Content Update Release Notes 101.0.0.306
Refer to the following summary of signatures deployed on 21st February, 2023 with the IPS content release:
- Signatures added: 71
- Signatures modified: 09
- Signatures removed: 03
Signatures Added
SID | Description | Reference |
---|---|---|
140138 | POLICY-OTHER eicar file upload detected | No Reference |
150580 | MALWARE-CNC Ickytick.c2 traffic detected | No Reference |
60712 | FILE-JAVA Oracle Java JNLP progress-class remote code execution attempt | CVE-2015-4902 |
60727 | POLICY-OTHER OWASP Amass default User-Agent recon traffic detected | owasp.org/www-project-amass/ |
60728 | MALWARE-CNC Win.Trojan.HannabiGrabber info stealer outbound communication | www.virustotal.com/gui/file/082e50f61aa3e649889defae5bccb1249fc1c1281b2b9f02e10cb1ede8a1d16f |
60748 | MALWARE-CNC Win.Infostealer.MetaStealer outbound connection | www.virustotal.com/gui/file/a0fd6bde5569b5a0abe9c0286b7c5683166f19b76178fc181c12ba15c0143882/detection |
60749 | MALWARE-CNC Win.Infostealer.MetaStealer outbound connection | www.virustotal.com/gui/file/a0fd6bde5569b5a0abe9c0286b7c5683166f19b76178fc181c12ba15c0143882/detection |
60750 | MALWARE-CNC Win.Infostealer.MetaStealer outbound connection | www.virustotal.com/gui/file/a0fd6bde5569b5a0abe9c0286b7c5683166f19b76178fc181c12ba15c0143882/detection |
60754 | OS-LINUX Linux Kernel OverlayFS capabilities escalation of privileges attempt | CVE-2021-3493 |
60755 | MALWARE-CNC Win.Trojan.Astaroth outbound connection attempt | isc.sans.edu/diary/28962 |
60756 | MALWARE-CNC Win.Trojan.Astaroth outbound connection attempt | isc.sans.edu/diary/28962 |
60758 | FILE-OTHER GNU gzip zgrep arbitrary file write attempt | CVE-2022-1271 |
60759 | MALWARE-CNC Ppt.Downloader.Wirte outbound connection | www.virustotal.com/gui/file/1f9d4bb8afa4031027df117e35e6c588893471e6ac8d10a9bc9c3899a48a9ef8 |
60779 | FILE-OTHER GIGABYTE Kernel Driver elevation of privilege attempt | CVE-2018-19322 |
60794 | MALWARE-CNC Win.InfoStealer.Raccoon variant outbound connection | www.virustotal.com/gui/file/5f1cae348c31c954f11e1b846cbcd7ad139c537e1025a5e4a3d314208e329a3c |
60795 | MALWARE-CNC Win.InfoStealer.Raccoon variant outbound connection | www.virustotal.com/gui/file/5f1cae348c31c954f11e1b846cbcd7ad139c537e1025a5e4a3d314208e329a3c |
60814 | FILE-OTHER GIGABYTE GPCIDrv and GDrv driver privilege escalation attempt | CVE-2018-19320 |
60817 | MALWARE-CNC Unix.Trojan.RedXOR variant outbound connection | github.com/corelight/redxor |
60824 | MALWARE-CNC Php.Webshell.GReatPost outbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60825 | MALWARE-CNC Php.Webshell.GReatPost inbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
60827 | OS-WINDOWS GIGABYTE GPCI and GIO driver privilege escalation attempt | CVE-2018-19321 |
60828 | MALWARE-CNC Win.Backdoor.Hoaxshell outbound connection attempt | virustotal.com/gui/file/c3858ed123a8becd0b01b2a409a9a4d18f5fd1047f5e06675ce1d4af075151a6 |
60829 | MALWARE-OTHER Win.Backdoor.Hoaxshell payload template download attempt | github.com/t3l3machus/hoaxshell |
60835 | MALWARE-CNC Win.Trojan.TurlaMosquito outbound connection | www.virustotal.com/gui/file/01badf37252ae8092a27fb2a85a21fcf6791c935d09b3c34275d06d960992d64/detection |
60836 | MALWARE-CNC Win.Trojan.TurlaMosquito outbound connection | www.virustotal.com/gui/file/01badf37252ae8092a27fb2a85a21fcf6791c935d09b3c34275d06d960992d64/detection |
60838 | OS-WINDOWS MSI afterburner privilege escalation attempt | CVE-2019-16098 |
60843 | MALWARE-CNC Win.Backdoor.TurlaMosquito outbound connection | virustotal.com/gui/file/e7fd14ca45818044690ca67f201cc8cfb916ccc941a105927fc4c932c72b425d/detection |
60844 | MALWARE-CNC Win.Backdoor.Truebot variant outbound connection | www.virustotal.com/gui/file/c6c4f690f0d15b96034b4258bdfaf797432a3ec4f73fbc920384d27903143cb0 |
60845 | MALWARE-CNC Win.Backdoor.Truebot variant outbound connection | www.virustotal.com/gui/file/c6c4f690f0d15b96034b4258bdfaf797432a3ec4f73fbc920384d27903143cb0 |
60892 | MALWARE-OTHER Doc.Downloader.MetaStealer file download attempt | virustotal.com/gui/file/981247f5f23421e9ed736dd462801919fea2b60594a6ca0b6400ded463723a5e |
60894 | MALWARE-OTHER Shikata Ga Nai polymorphic encoder encoded shellcode download attempt | virustotal.com/gui/file/0233dcf6417ab33b48e7b54878893800d268b9b6e5ca6ad852693174226e3bed/detection |
60902 | MALWARE-CNC Win.Infostealer.MetaStealer variant outbound connection | www.virustotal.com/gui/file/a0fd6bde5569b5a0abe9c0286b7c5683166f19b76178fc181c12ba15c0143882/detection |
60903 | MALWARE-CNC Xls.Downloader.AXQ variant outbound connection | www.virustotal.com/gui/file/51e182045dfcef1336f98859e0fb17754ec9fc2b88d56b2cbf857a7aa038f99c |
60916 | BROWSER-CHROME V8 CSS prop type defineProperty interceptor confusion attempt | CVE-2022-1232 |
60918 | BROWSER-IE Google Chrome LinkToTextMenuObserver heap use-after-free attempt | CVE-2022-2998 |
60943 | MALWARE-CNC Win.Trojan.Gamaredon outbound communication attempt | www.virustotal.com/gui/file/432123e2e1a1e6026f12d36fea35e83708d6797a9a596613ce39e02f62f88fa8 |
60945 | BROWSER-CHROME Chrome JavaScript Array.map Out-of-Bounds Write attempt | CVE-2019-5825 |
60948 | MALWARE-TOOLS Win.Trojan.Teleport download attempt | www.virustotal.com/gui/file/dd94c2fc46a6670b4600cf439b35dc81a401b09d2c2372139afe7b754d1d24d4 |
60950 | BROWSER-CHROME Google Chrome PDFiumEngine RequestThumbnail use-after-free attempt | CVE-2022-0306 |
60952 | BROWSER-CHROME Google Chrome PDFiumEngine RequestThumbnail use-after-free attempt | CVE-2022-0306 |
60955 | MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt | No Reference |
60957 | MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt | www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf |
60959 | MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt | www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf |
60961 | MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt | www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf |
60963 | MALWARE-TOOLS Win.Dropper.KopiLuwak browser extension download attempt | virustotal.com/gui/file/cf1f52b0a160f19e3bd2b91ba4135782c9d0dc171a753a2c93fa645bee6ca301 |
60965 | MALWARE-TOOLS Win.Dropper.KopiLuwak download attempt | virustotal.com/gui/file/7481e87023604e7534d02339540ddd9565273dd51c13d7677b9b4c9623f0440b |
60969 | MALWARE-OTHER Win.Ransomware.Endurance variant download attempt | www.virustotal.com/gui/file/7c2b9f77c0a4302b2bff5a7e08418d572c982e80d178b1bb9928a5f0ecf5d660?nocache=1 |
60979 | MALWARE-CNC Win.Trojan.FormBook malicious XLL outbound connection attempt | virustotal.com/gui/file/55228eec31193a900e8216ab245391f1e40feb742d780caa91fdb1000d8434c2 |
60980 | MALWARE-CNC Win.Trojan.FormBook malicious XLL outbound connection attempt | virustotal.com/gui/file/55228eec31193a900e8216ab245391f1e40feb742d780caa91fdb1000d8434c2 |
60981 | MALWARE-CNC Win.Trojan.FormBook malicious XLL outbound connection attempt | virustotal.com/gui/file/55228eec31193a900e8216ab245391f1e40feb742d780caa91fdb1000d8434c2 |
60987 | FILE-PDF Foxit PhantomPDF JavaScript annotation use-after-free attempt | No Reference |
60989 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | www.virustotal.com/gui/file/2e8ce1b1433ac62f5e665b272abd5e5288bfdf06278528b2f481668e3d85a3ac |
60991 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | No Reference |
60993 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | www.virustotal.com/gui/file/2e8ce1b1433ac62f5e665b272abd5e5288bfdf06278528b2f481668e3d85a3ac |
60995 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | No Reference |
60997 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | No Reference |
60999 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf |
61001 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf |
61003 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf |
61004 | POLICY-OTHER Oracle Access Manager deprecated OpenSSO access attempt | CVE-2021-35587 |
61013 | MALWARE-CNC Win.Trojan.FlawedGrace outbound communication attempt | www.virustotal.com/gui/file/27b6e71b4adeada41fb1e411a910872bfad999183d9d43ba6e63602e104d357b |
61015 | POLICY-OTHER Foxit Reader exportAsFDF potential arbitrary file write attempt | CVE-2018-14280 |
61017 | POLICY-OTHER Foxit Reader exportAsFDF potential arbitrary file write attempt | CVE-2018-14280 |
61030 | BROWSER-CHROME Google Chrome safe_browsing malicious use-after-free attempt | CVE-2022-0289 |
61031 | BROWSER-CHROME Google Chrome safe_browsing malicious use-after-free attempt | CVE-2022-0289 |
61034 | FILE-OTHER Adobe ColdFusion XmlTransform arbitrary file read attempt | CVE-2022-42340 |
61043 | MALWARE-CNC Php.Webshell.H4ntu outbound connection attempt | attack.mitre.org/techniques/T1505/003/ |
61045 | MALWARE-OTHER Win.Downloader.BatLoader malicious PowerShell script download attempt | virustotal.com/gui/file/016d978da55760bbe95343838f2cd0556fe6f39511b1d754fb06db747e867e76 |
61313 | OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt | CVE-2023-21688 |
61314 | OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt | CVE-2023-21823 |
61320 | OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt | CVE-2023-23376 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
- 140140
- 33941
- 21162