IPS Threat Content Update Release Notes 102.0.0.324
IPS Threat Content Update Release Notes 102.0.0.324
Refer to the following summary of signatures deployed on 21st March, 2023 with the IPS content release:
- Signatures added: 28
- Signatures modified: 05
- Signatures removed: 30
Signatures Added
| SID | Description | Reference |
|---|---|---|
| 150581 | MALWARE-CNC Sparepart.c2 Beacon detected | No Reference |
| 150583 | MALWARE-CNC Cobalt strike reactjs profile traffic detected | No Reference |
| 61100 | OS-WINDOWS Microsoft Windows malicious LNK file download attempt | No Reference |
| 61101 | OS-WINDOWS Microsoft Windows malicious LNK file download attempt | No Reference |
| 61168 | SERVER-WEBAPP Lexmark MC3224adwe Web UI ImportFaxLogo command injection attempt | www.github.com/blasty/lexmark |
| 61196 | MALWARE-TOOLS Win.Tool.WinPwn toolkit download attempt | No Reference |
| 61198 | MALWARE-TOOLS Powershell AMSI bypass toolkit download attempt | No Reference |
| 61205 | MALWARE-TOOLS PowerSploit script download attempt | attack.mitre.org/software/S0194/ |
| 61226 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Mimikatz download attempt | www.github.com/s3cur3th1ssh1t/winpwn |
| 61228 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Mimikatz download attempt | www.github.com/s3cur3th1ssh1t/winpwn |
| 61230 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Inveigh download attempt | www.github.com/s3cur3th1ssh1t/winpwn |
| 61232 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PE injector download attempt | www.github.com/s3cur3th1ssh1t/winpwn |
| 61234 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt | No Reference |
| 61236 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt | www.github.com/s3cur3th1ssh1t/winpwn |
| 61238 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt | www.github.com/s3cur3th1ssh1t/winpwn |
| 61240 | MALWARE-TOOLS Win.Tool.TruffleSnout download attempt | No Reference |
| 61426 | MALWARE-CNC Win.Trojan.Prometei variant outbound connection | www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero |
| 61427 | MALWARE-CNC Win.Trojan.Prometei variant outbound connection | www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero |
| 61428 | MALWARE-CNC Win.Trojan.Prometei variant outbound connection | www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero |
| 61429 | MALWARE-CNC Win.Trojan.Prometei variant outbound connection | www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero |
| 61455 | SERVER-WEBAPP Joomla unauthorized configuration access attempt | CVE-2023-23752 |
| 61456 | SERVER-WEBAPP Joomla unauthorized configuration access attempt | CVE-2023-23752 |
| 61460 | FILE-OFFICE Microsoft Office RTF font table memory corruption attempt | CVE-2023-21716 |
| 61461 | MALWARE-CNC Win.Malware.Agent variant outbound cnc beacon detected | No Reference |
| 61463 | MALWARE-OTHER HTA VBScript powershell payload download attempt | www.virustotal.com/gui/file/5c9fbd70e73d463b0265881d904a8fca22f92b0cce24190ed16c3d8899d4120a/detection/ |
| 61464 | OS-WINDOWS Microsoft Windows http.sys elevation of privilege attempt | CVE-2023-23410 |
| 61466 | OS-WINDOWS Microsoft Windows cryptographic services code execution attempt | CVE-2023-23416 |
| 61471 | MALWARE-OTHER Win.Trojan.Frebniis file download attempt | www.virustotal.com/gui/file/6464f9a5da26aa53fb2221255e908fd4da8edf0633f94051beee74a14b9b001c |
Signatures Removed
Removed the following signatures due to False Positives (FP):
- 59037
- 59018
- 57824
- 57924
- 32891
- 60402
- 61389
- 60587
- 58451
- 60338
- 25093
- 48466
- 58713
- 59023
- 59024
- 60824
- 37356
- 15913
- 45016
- 44023
- 37357
- 61043
- 11232
- 60591
- 30883
- 60498
- 50386
- 57823
- 57828
- 31925
