IPS Threat Content Update Release Notes 102.0.0.324

IPS Threat Content Update Release Notes 102.0.0.324

Refer to the following summary of signatures deployed on 21st March, 2023 with the IPS content release:

  • Signatures added: 28
  • Signatures modified: 05
  • Signatures removed: 30
Signatures Added
SIDDescriptionReference
150581MALWARE-CNC Sparepart.c2 Beacon detectedNo Reference
150583MALWARE-CNC Cobalt strike reactjs profile traffic detectedNo Reference
61100OS-WINDOWS Microsoft Windows malicious LNK file download attemptNo Reference
61101OS-WINDOWS Microsoft Windows malicious LNK file download attemptNo Reference
61168SERVER-WEBAPP Lexmark MC3224adwe Web UI ImportFaxLogo command injection attempt www.github.com/blasty/lexmark
61196MALWARE-TOOLS Win.Tool.WinPwn toolkit download attemptNo Reference
61198MALWARE-TOOLS Powershell AMSI bypass toolkit download attemptNo Reference
61205MALWARE-TOOLS PowerSploit script download attempt attack.mitre.org/software/S0194/
61226INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Mimikatz download attempt www.github.com/s3cur3th1ssh1t/winpwn
61228INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Mimikatz download attempt www.github.com/s3cur3th1ssh1t/winpwn
61230INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Inveigh download attempt www.github.com/s3cur3th1ssh1t/winpwn
61232INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PE injector download attempt www.github.com/s3cur3th1ssh1t/winpwn
61234INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attemptNo Reference
61236INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt www.github.com/s3cur3th1ssh1t/winpwn
61238INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt www.github.com/s3cur3th1ssh1t/winpwn
61240MALWARE-TOOLS Win.Tool.TruffleSnout download attemptNo Reference
61426MALWARE-CNC Win.Trojan.Prometei variant outbound connection www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero
61427MALWARE-CNC Win.Trojan.Prometei variant outbound connection www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero
61428MALWARE-CNC Win.Trojan.Prometei variant outbound connection www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero
61429MALWARE-CNC Win.Trojan.Prometei variant outbound connection www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero
61455SERVER-WEBAPP Joomla unauthorized configuration access attemptCVE-2023-23752
61456SERVER-WEBAPP Joomla unauthorized configuration access attemptCVE-2023-23752
61460FILE-OFFICE Microsoft Office RTF font table memory corruption attemptCVE-2023-21716
61461MALWARE-CNC Win.Malware.Agent variant outbound cnc beacon detectedNo Reference
61463MALWARE-OTHER HTA VBScript powershell payload download attempt www.virustotal.com/gui/file/5c9fbd70e73d463b0265881d904a8fca22f92b0cce24190ed16c3d8899d4120a/detection/
61464OS-WINDOWS Microsoft Windows http.sys elevation of privilege attemptCVE-2023-23410
61466OS-WINDOWS Microsoft Windows cryptographic services code execution attemptCVE-2023-23416
61471MALWARE-OTHER Win.Trojan.Frebniis file download attempt www.virustotal.com/gui/file/6464f9a5da26aa53fb2221255e908fd4da8edf0633f94051beee74a14b9b001c
Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 59037
  • 59018
  • 57824
  • 57924
  • 32891
  • 60402
  • 61389
  • 60587
  • 58451
  • 60338
  • 25093
  • 48466
  • 58713
  • 59023
  • 59024
  • 60824
  • 37356
  • 15913
  • 45016
  • 44023
  • 37357
  • 61043
  • 11232
  • 60591
  • 30883
  • 60498
  • 50386
  • 57823
  • 57828
  • 31925
Share this Doc

IPS Threat Content Update Release Notes 102.0.0.324

Or copy link

In this topic ...