Updated on December 14, 2023

IPS Threat Content Update Release Notes 101.0.1.314

IPS Threat Content Update Release Notes 101.0.1.314

Refer to the following summary of signatures deployed on 7th March, 2023 with the IPS content release:

  • Signatures added: 58
  • Signatures modified: 03
  • Signatures removed: 20
Signatures Added
SIDDescriptionReference
61046MALWARE-OTHER Php.Webshell.HiddenShell download attemptattack.mitre.org/techniques/T1505/003/
61047MALWARE-OTHER Php.Webshell.HiddenShell upload attemptattack.mitre.org/techniques/T1505/003/
61072MALWARE-OTHER JSP.Webshell.JSPShell upload attemptattack.mitre.org/techniques/T1505/003/
61073MALWARE-OTHER JSP.Webshell.JSPShell download attemptattack.mitre.org/techniques/T1505/003/
61074MALWARE-CNC JSP.Webshell.JSPShell outbound connectionattack.mitre.org/techniques/T1505/003/
61075MALWARE-OTHERwin.Ransomware.Agenda variant binary download attemptwww.trendmicro.com/en_us/research/22/l/agenda-ransomware-uses-rust-to-target-more-vital-industries.html
61083MALWARE-CNC Php.Webshell.IronShell outbound connectionattack.mitre.org/techniques/T1505/003/
61084MALWARE-CNC Php.Webshell.IronShell inbound connectionattack.mitre.org/techniques/T1505/003/
61085MALWARE-OTHER HTML.Exploit.C99 suspicious file uploadwww.virustotal.com/file/eb8c799f47fad06026e5e454e3dc56902055c9c6c55f5f1ded4f88f53ac9076c/analysis/1350929362/
61096MALWARE-OTHERwin.Malware.Gazer variant download attemptwww.virustotal.com/gui/file/f16e2fc2e467580a7cac3f09757b048419b73c7687401c9266fbb146c8e449bb
61098MALWARE-OTHERwin.Malware.Gazer variant download attemptwww.virustotal.com/gui/file/93e36c336b5b20b3c33b7d0f8844572ddcc10046d1fe91b7b106d78c7fea932c
61156MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt.attack.mitre.org/techniques/T1505/003/
61157MALWARE-OTHER JSP.Webshell.JSP2Shell upload attemptattack.mitre.org/techniques/T1505/003/
61158MALWARE-CNC JSP.Webshell.JSP2Shell inbound connectionattack.mitre.org/techniques/T1505/003/
61159MALWARE-CNC JSP.Webshell.JSP2Shell inbound connectionattack.mitre.org/techniques/T1505/003/
61160MALWARE-CNC JSP.Webshell.JSP2Shell outbound connectionattack.mitre.org/techniques/T1505/003/
61161MALWARE-CNC JSP.Webshell.JSP2Shell inbound connectionattack.mitre.org/techniques/T1505/003/
61174MALWARE-OTHERwin.Malware.LightNeuron mail transfer agent downloadwww.virustotal.com/gui/file/88c90c2b123a357423ab3241624cba49d57122ee3b8ff4130504090c174bb09d
61176MALWARE-OTHERwin.Malware.LightNeuron mail transfer agent downloadwww.virustotal.com/gui/file/14f530e16e8c6dbac02f1bde53594f01b7edab9c45c4c371a3093120276ffaf1
61182MALWARE-CNCwin.Spyware.Carbon outbound connection attemptwww.cyber.nj.gov/threat-center/threat-profiles/trojan-variants/carbon
61184MALWARE-OTHERwindows.Malware.Dacls malware file download attemptwww.virustotal.com/gui/file/82d33a67c68f7c476a9ac1e960abc6a911f797446a2c24f0e13b92af1eb385b8
61186MALWARE-OTHERwindows.Malware.Dacls malware file download attemptwww.virustotal.com/gui/file/d29bc522d23513cfbb5ff4542382e1b4f0df2fa6bced5fb479cd63b6f902c0eb
61188MALWARE-OTHER Unix.Malware.Dacls logcollector file download attemptwww.virustotal.com/gui/file/d28a2ab02aeb26914c16089c1121f7fb6d45cad756b125bf18999cdf6da6e6fc
61190MALWARE-OTHER Unix.Malware.Dacls malware file download attemptwww.virustotal.com/gui/file/ba5b781ebacac07c4b14f9430a23ca0442e294236bd8dd14d1f69c6661551db8
61202MALWARE-OTHER PowerSploit toolkit download attemptattack.mitre.org/software/S0194/
61203MALWARE-OTHER PowerSCCM toolkit download attemptattack.mitre.org/software/S0194/
61214MALWARE-OTHERwin.Malware.Gazer variant download attemptNo Reference
61216MALWARE-OTHERwin.Malware.Gazer variant download attemptwww.virustotal.com/gui/file/9747f2d56b108d80cc4ae05ca6c4809a956c08b40e35c0e7dbf611aca80be9dd
61218MALWARE-OTHERwin.Malware.Gazer variant download attemptwww.virustotal.com/gui/file/9747f2d56b108d80cc4ae05ca6c4809a956c08b40e35c0e7dbf611aca80be9dd
61220MALWARE-OTHERwinPWN Powershell toolkit outbound connection attemptwww.github.com/s3cur3th1ssh1t/winpwn
61222MALWARE-OTHERwinPWN Powershell toolkit outbound connection attemptwww.github.com/s3cur3th1ssh1t/winpwn
61223MALWARE-CNC User-Agent Sality malicious user agentNo Reference
61224MALWARE-CNC User-Agent Houdini malicious user agentNo Reference
61250MALWARE-CNCwin.Dropper.Rhadamanthys variant outbound connectionelis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88
61251MALWARE-CNCwin.Dropper.Rhadamanthys variant outbound connectionelis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88
61253MALWARE-CNCwin.Trojan.StrongPity variant outbound connectionwww.minerva-labs.com/blog/a-new-strongpity-variant-hides-behind-notepad-installation/
61259MALWARE-CNCwin.Trojan.Gamaredon variant outbound connectionNo Reference
61261MALWARE-OTHERwin.Ransomware.MortalKombat variant binary download attemptwww.virustotal.com/gui/file/e5f60df786e9da9850b7f01480ebffced3be396618c230fa94b5cbc846723553
61263MALWARE-CNCwin.Trojan.LaplasClipper variant outbound connectionwww.virustotal.com/gui/file/63ec10e267a71885089fe6de698d2730c5c7bc6541f40370680b86ab4581a47d
61264MALWARE-CNCwin.Trojan.LaplasClipper variant outbound connectionwww.virustotal.com/gui/file/63ec10e267a71885089fe6de698d2730c5c7bc6541f40370680b86ab4581a47d
61265MALWARE-CNCwin.Downloader.BatLoader variant outbound connectionwww.virustotal.com/gui/file/9a5a5d50dea40645697fabc8168cc32faf8e71ca77a2ea3f5f73d1b9a57fc7b0
61274MALWARE-OTHERwin.Trojan.Turla Crutch backdoor downloadwww.virustotal.com/gui/file/030cbd1a51f8583ccfc3fa38a28a5550dc1c84c05d6c0f5eb887d13dedf1da01
61305MALWARE-CNCwin.Trojan.njRAT variant download attemptwww.virustotal.com/gui/file/49562fda46cfa05b2a6e2cb06a5d25711c9a435b578a7ec375f928aae9c08ff2/detection
61307MALWARE-CNCwin.Trojan.njRAT variant download attemptwww.virustotal.com/gui/file/cd0cd9083db51c81b2cdbc35951ded23c3604379fd68796bc19932ac7e0238fe/detection
61309MALWARE-CNCwin.Trojan.njRAT variant download attemptwww.virustotal.com/gui/file/50be00fcfe23b947d1a87ed5f052a64482f2674bb6d4db6ff8ab8791778a84ec/detection
61311MALWARE-CNCwin.Trojan.njRAT variant download attemptwww.virustotal.com/gui/file/98b8abc11b157fc44826263595d6f978db9b345e0e7a0f8aac14b15dded1683a/detection
61317FILE-OTHER Visual Studio Code malicious ipynb download attemptCVE-2022-41034
61364MALWARE-OTHERwin.Trojan.Agent payload download attemptNo Reference
61366MALWARE-OTHER Doc.Dropper.Agent payload download attemptNo Reference
61379FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attemptCVE-2015-2291
61381FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attemptCVE-2015-2291
61383FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attemptCVE-2015-2291
61389MALWARE-OTHERwin.Malware.Agent malicious PowerShell script download attemptNo Reference
61391MALWARE-CNCwin.Malware.Agent data exfiltration attemptNo Reference
61392SERVER-OTHER Fortinet Fortinac keyUpload.jsp remote code execution attemptCVE-2022-39952
61401MALWARE-OTHER Iso.Trojan.BruteRatel binary download attemptwww.virustotal.com/gui/file/1fc7b0e1054d54ce8f1de0cc95976081c7a85c7926c03172a3ddaa672690042c
61403MALWARE-OTHERwin.Trojan.BruteRatel binary download attemptwww.virustotal.com/gui/file/e1a9b35cf1378fda12310f0920c5c53ad461858b3cb575697ea125dfee829611
61405MALWARE-OTHERwin.Trojan.BruteRatel binary download attemptwww.virustotal.com/gui/file/e1a9b35cf1378fda12310f0920c5c53ad461858b3cb575697ea125dfee829611
Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 20739
  • 17378
  • 56132
  • 41338
  • 44813
  • 51341
  • 39131
  • 45821
  • 59043
  • 36749
  • 17429
  • 44061
  • 8361
  • 43740
  • 35525
  • 41595
  • 17379
  • 40703
  • 49186
  • 11834
Share this Doc

IPS Threat Content Update Release Notes 101.0.1.314

Or copy link

In this topic ...