IPS Threat Content Update Release Notes 101.0.1.314
IPS Threat Content Update Release Notes 101.0.1.314
Refer to the following summary of signatures deployed on 7th March, 2023 with the IPS content release:
- Signatures added: 58
- Signatures modified: 03
- Signatures removed: 20
Signatures Added
SID | Description | Reference |
---|---|---|
61046 | MALWARE-OTHER Php.Webshell.HiddenShell download attempt | attack.mitre.org/techniques/T1505/003/ |
61047 | MALWARE-OTHER Php.Webshell.HiddenShell upload attempt | attack.mitre.org/techniques/T1505/003/ |
61072 | MALWARE-OTHER JSP.Webshell.JSPShell upload attempt | attack.mitre.org/techniques/T1505/003/ |
61073 | MALWARE-OTHER JSP.Webshell.JSPShell download attempt | attack.mitre.org/techniques/T1505/003/ |
61074 | MALWARE-CNC JSP.Webshell.JSPShell outbound connection | attack.mitre.org/techniques/T1505/003/ |
61075 | MALWARE-OTHERwin.Ransomware.Agenda variant binary download attempt | www.trendmicro.com/en_us/research/22/l/agenda-ransomware-uses-rust-to-target-more-vital-industries.html |
61083 | MALWARE-CNC Php.Webshell.IronShell outbound connection | attack.mitre.org/techniques/T1505/003/ |
61084 | MALWARE-CNC Php.Webshell.IronShell inbound connection | attack.mitre.org/techniques/T1505/003/ |
61085 | MALWARE-OTHER HTML.Exploit.C99 suspicious file upload | www.virustotal.com/file/eb8c799f47fad06026e5e454e3dc56902055c9c6c55f5f1ded4f88f53ac9076c/analysis/1350929362/ |
61096 | MALWARE-OTHERwin.Malware.Gazer variant download attempt | www.virustotal.com/gui/file/f16e2fc2e467580a7cac3f09757b048419b73c7687401c9266fbb146c8e449bb |
61098 | MALWARE-OTHERwin.Malware.Gazer variant download attempt | www.virustotal.com/gui/file/93e36c336b5b20b3c33b7d0f8844572ddcc10046d1fe91b7b106d78c7fea932c |
61156 | MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt | .attack.mitre.org/techniques/T1505/003/ |
61157 | MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt | attack.mitre.org/techniques/T1505/003/ |
61158 | MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection | attack.mitre.org/techniques/T1505/003/ |
61159 | MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection | attack.mitre.org/techniques/T1505/003/ |
61160 | MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection | attack.mitre.org/techniques/T1505/003/ |
61161 | MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection | attack.mitre.org/techniques/T1505/003/ |
61174 | MALWARE-OTHERwin.Malware.LightNeuron mail transfer agent download | www.virustotal.com/gui/file/88c90c2b123a357423ab3241624cba49d57122ee3b8ff4130504090c174bb09d |
61176 | MALWARE-OTHERwin.Malware.LightNeuron mail transfer agent download | www.virustotal.com/gui/file/14f530e16e8c6dbac02f1bde53594f01b7edab9c45c4c371a3093120276ffaf1 |
61182 | MALWARE-CNCwin.Spyware.Carbon outbound connection attempt | www.cyber.nj.gov/threat-center/threat-profiles/trojan-variants/carbon |
61184 | MALWARE-OTHERwindows.Malware.Dacls malware file download attempt | www.virustotal.com/gui/file/82d33a67c68f7c476a9ac1e960abc6a911f797446a2c24f0e13b92af1eb385b8 |
61186 | MALWARE-OTHERwindows.Malware.Dacls malware file download attempt | www.virustotal.com/gui/file/d29bc522d23513cfbb5ff4542382e1b4f0df2fa6bced5fb479cd63b6f902c0eb |
61188 | MALWARE-OTHER Unix.Malware.Dacls logcollector file download attempt | www.virustotal.com/gui/file/d28a2ab02aeb26914c16089c1121f7fb6d45cad756b125bf18999cdf6da6e6fc |
61190 | MALWARE-OTHER Unix.Malware.Dacls malware file download attempt | www.virustotal.com/gui/file/ba5b781ebacac07c4b14f9430a23ca0442e294236bd8dd14d1f69c6661551db8 |
61202 | MALWARE-OTHER PowerSploit toolkit download attempt | attack.mitre.org/software/S0194/ |
61203 | MALWARE-OTHER PowerSCCM toolkit download attempt | attack.mitre.org/software/S0194/ |
61214 | MALWARE-OTHERwin.Malware.Gazer variant download attempt | No Reference |
61216 | MALWARE-OTHERwin.Malware.Gazer variant download attempt | www.virustotal.com/gui/file/9747f2d56b108d80cc4ae05ca6c4809a956c08b40e35c0e7dbf611aca80be9dd |
61218 | MALWARE-OTHERwin.Malware.Gazer variant download attempt | www.virustotal.com/gui/file/9747f2d56b108d80cc4ae05ca6c4809a956c08b40e35c0e7dbf611aca80be9dd |
61220 | MALWARE-OTHERwinPWN Powershell toolkit outbound connection attempt | www.github.com/s3cur3th1ssh1t/winpwn |
61222 | MALWARE-OTHERwinPWN Powershell toolkit outbound connection attempt | www.github.com/s3cur3th1ssh1t/winpwn |
61223 | MALWARE-CNC User-Agent Sality malicious user agent | No Reference |
61224 | MALWARE-CNC User-Agent Houdini malicious user agent | No Reference |
61250 | MALWARE-CNCwin.Dropper.Rhadamanthys variant outbound connection | elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88 |
61251 | MALWARE-CNCwin.Dropper.Rhadamanthys variant outbound connection | elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88 |
61253 | MALWARE-CNCwin.Trojan.StrongPity variant outbound connection | www.minerva-labs.com/blog/a-new-strongpity-variant-hides-behind-notepad-installation/ |
61259 | MALWARE-CNCwin.Trojan.Gamaredon variant outbound connection | No Reference |
61261 | MALWARE-OTHERwin.Ransomware.MortalKombat variant binary download attempt | www.virustotal.com/gui/file/e5f60df786e9da9850b7f01480ebffced3be396618c230fa94b5cbc846723553 |
61263 | MALWARE-CNCwin.Trojan.LaplasClipper variant outbound connection | www.virustotal.com/gui/file/63ec10e267a71885089fe6de698d2730c5c7bc6541f40370680b86ab4581a47d |
61264 | MALWARE-CNCwin.Trojan.LaplasClipper variant outbound connection | www.virustotal.com/gui/file/63ec10e267a71885089fe6de698d2730c5c7bc6541f40370680b86ab4581a47d |
61265 | MALWARE-CNCwin.Downloader.BatLoader variant outbound connection | www.virustotal.com/gui/file/9a5a5d50dea40645697fabc8168cc32faf8e71ca77a2ea3f5f73d1b9a57fc7b0 |
61274 | MALWARE-OTHERwin.Trojan.Turla Crutch backdoor download | www.virustotal.com/gui/file/030cbd1a51f8583ccfc3fa38a28a5550dc1c84c05d6c0f5eb887d13dedf1da01 |
61305 | MALWARE-CNCwin.Trojan.njRAT variant download attempt | www.virustotal.com/gui/file/49562fda46cfa05b2a6e2cb06a5d25711c9a435b578a7ec375f928aae9c08ff2/detection |
61307 | MALWARE-CNCwin.Trojan.njRAT variant download attempt | www.virustotal.com/gui/file/cd0cd9083db51c81b2cdbc35951ded23c3604379fd68796bc19932ac7e0238fe/detection |
61309 | MALWARE-CNCwin.Trojan.njRAT variant download attempt | www.virustotal.com/gui/file/50be00fcfe23b947d1a87ed5f052a64482f2674bb6d4db6ff8ab8791778a84ec/detection |
61311 | MALWARE-CNCwin.Trojan.njRAT variant download attempt | www.virustotal.com/gui/file/98b8abc11b157fc44826263595d6f978db9b345e0e7a0f8aac14b15dded1683a/detection |
61317 | FILE-OTHER Visual Studio Code malicious ipynb download attempt | CVE-2022-41034 |
61364 | MALWARE-OTHERwin.Trojan.Agent payload download attempt | No Reference |
61366 | MALWARE-OTHER Doc.Dropper.Agent payload download attempt | No Reference |
61379 | FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt | CVE-2015-2291 |
61381 | FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt | CVE-2015-2291 |
61383 | FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt | CVE-2015-2291 |
61389 | MALWARE-OTHERwin.Malware.Agent malicious PowerShell script download attempt | No Reference |
61391 | MALWARE-CNCwin.Malware.Agent data exfiltration attempt | No Reference |
61392 | SERVER-OTHER Fortinet Fortinac keyUpload.jsp remote code execution attempt | CVE-2022-39952 |
61401 | MALWARE-OTHER Iso.Trojan.BruteRatel binary download attempt | www.virustotal.com/gui/file/1fc7b0e1054d54ce8f1de0cc95976081c7a85c7926c03172a3ddaa672690042c |
61403 | MALWARE-OTHERwin.Trojan.BruteRatel binary download attempt | www.virustotal.com/gui/file/e1a9b35cf1378fda12310f0920c5c53ad461858b3cb575697ea125dfee829611 |
61405 | MALWARE-OTHERwin.Trojan.BruteRatel binary download attempt | www.virustotal.com/gui/file/e1a9b35cf1378fda12310f0920c5c53ad461858b3cb575697ea125dfee829611 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
- 20739
- 17378
- 56132
- 41338
- 44813
- 51341
- 39131
- 45821
- 59043
- 36749
- 17429
- 44061
- 8361
- 43740
- 35525
- 41595
- 17379
- 40703
- 49186
- 11834