IPS Threat Content Update Release Notes 104.0.0.346
IPS Threat Content Update Release Notes 104.0.0.346
Refer to the following summary of signatures deployed on 16th May, 2023 with the IPS content release:
- Signatures added: 46
- Signatures modified: 01
- Signatures removed: 11
Signatures Added
SID | Description | Reference |
---|---|---|
150589 | MALWARE-CNC TRUECORE.beacon traffic detected | No Reference |
150590 | MALWARE-CNC SUPERSPEED.UNC1530.beacon traffic detected | No Reference |
150591 | MALWARE-CNC SUPERSPEED.UNC1530.C2 traffic detected | No Reference |
150592 | MALWARE-CNC SUPERSPEED.UNC1530.C2 traffic detected | No Reference |
150593 | MALWARE-CNC SUPERSPEED.UNC1530.Upload traffic detected | No Reference |
60581 | SERVER-WEBAPP GitLab project import command injection attempt | CVE-2022-2185 |
61621 | SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attempt | CVE-2022-35829 |
61622 | SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attempt | CVE-2022-35829 |
61623 | SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attempt | CVE-2022-35829 |
61624 | SERVER-WEBAPP Azure Service Fabric Explorer Super FabriXss cross site scripting attempt | CVE-2023-23383 |
61627 | MALWARE-CNC Win.Downloader.BrokenDynamo second stage download attempt | www.virustotal.com/gui/file/882d95bdbca75ab9d13486e477ab76b3978e14d6fca30c11ec368f7e5fa1d0cb/ |
61632 | SERVER-WEBAPP GitLab project import command injection attempt | CVE-2022-2185 |
61634 | OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attempt | CVE-2023-28206 |
61636 | OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attempt | CVE-2023-28206 |
61638 | OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attempt | CVE-2023-28206 |
61641 | MALWARE-TOOLS Chrome infostealer download attempt | www.virustotal.com/gui/file/3f808df5af6889c2219fd4982dd49946535528237cc00530cce5c69c3e7f0e34 |
61643 | MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt | www.virustotal.com/gui/file/11f21d08f819dea21a09c602a4391142a5648f3e17a07a24d41418fcc17ea83f |
61645 | MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt | www.virustotal.com/gui/file/c65c435737ac02132d9dfeb6ec1d7d903648f61ecdda8a85b4250f064cb4673f |
61647 | MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt | www.virustotal.com/gui/file/2ada1b48457c169cf3f80e248190374102615e2c89b70e574fba4ddc09b5fcd5 |
61649 | MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt | www.virustotal.com/gui/file/08dd5a9fdc387855fb5a23c167abec63b22272f66de099155036c5ce7e4deeb8 |
61653 | MALWARE-BACKDOOR Win.Backdoor.Chollima file download attempt | No Reference |
61655 | OS-MOBILE Android Andr.Trojan.Pinduoduo APK file download attempt | CVE-2023-20963 |
61657 | MALWARE-OTHER Osx.Exploit.Keysteal download attempt | CVE-2019-8526 |
61659 | MALWARE-OTHER Osx.Exploit.Keysteal download attempt | CVE-2019-8526 |
61661 | MALWARE-OTHER Osx.Exploit.Keysteal download attempt | CVE-2019-8526 |
61663 | MALWARE-OTHER Osx.Exploit.Keysteal download attempt | CVE-2019-8526 |
61664 | MALWARE-CNC Osx.Nukesped.Downloader beacon attempt | virustotal.com/gui/file/89b5e248c222ebf2cb3b525d3650259e01cf7d8fff5e4aa15ccd7512b1e63957/detection |
61665 | MALWARE-CNC Osx.Nukesped.Downloader beacon attempt | virustotal.com/gui/file/9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa |
61669 | MALWARE-OTHER Win.Trojan.IcedID variant binary download attempt | news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/ |
61671 | MALWARE-OTHER One.Dropper.Qakbot variant binary download attempt | news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/ |
61673 | MALWARE-OTHER One.Dropper.IcedID variant binary download attempt | news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/ |
61675 | MALWARE-OTHER One.Dropper.Remcos variant binary download attempt | news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/ |
61676 | MALWARE-CNC MultiOS.Backdoor.Chollima beacon attempt | virustotal.com/gui/file/c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02 |
61678 | SERVER-WEBAPP PaperCut MF/NG PrintScript remote code execution attempt | CVE-2023-27350 |
61679 | MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt | www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection |
61680 | MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt | www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection |
61681 | MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt | www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection |
61682 | MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt | www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection |
61683 | MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt | www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection |
61684 | MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt | www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection |
61688 | BROWSER-CHROME Google Chrome synchronous Mojo message handler use-after-free attempt | CVE-2022-4178 |
61706 | OS-WINDOWS Microsoft Windows privilege escalation attempt | CVE-2023-24902 |
61715 | OS-WINDOWS Microsoft Windows kernel denial of service attempt | CVE-2023-24949 |
61717 | FILE-OFFICE Microsoft Office Outlook remote code execution attempt | CVE-2023-29325 |
61719 | OS-WINDOWS Microsoft Windows Scripting elevation of privilege attempt | CVE-2023-29324 |
61723 | OS-WINDOWS Microsoft Windows local privilege escalation attempt | CVE-2023-29336 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
- 59266
- 60590
- 149197
- 59208
- 59041
- 61084
- 148184
- 38841
- 4675
- 33910
- 23111