Updated on December 14, 2023

IPS Threat Content Update Release Notes 104.0.1.358

IPS Threat Content Update Release Notes 104.0.1.358

Refer to the following summary of signatures deployed on 30th May, 2023 with the IPS content release:

  • Signatures added: 54
  • Signatures modified: 03
  • Signatures removed: 30
Signatures Added
SIDDescriptionReference
150594MALWARE-CNC AGENTTESLA.Telegram.Trojan traffic detectedNo Reference
150595MALWARE-CNC MOUNTSTEEL.fileExfiltration.Trojan traffic detectedNo Reference
150596MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150597MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150598MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150599MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150600MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150601MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150602MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150603MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150604MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150605MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150606MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150607MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150608MALWARE-CNC MAJIKPOS.Beacon traffic detectedNo Reference
150609MALWARE-CNC BIGRAISIN.HTTP.POST.C2 traffic detectedNo Reference
150610MALWARE-CNC HANGMAN.Beacon traffic detectedNo Reference
150616MALWARE-CNC Snake.Generic.Trojan traffic detectedNo Reference
150617MALWARE-CNC Sliver.C2.Session Start traffic detectedNo Reference
150618MALWARE-CNC Sliver.C2.Session Message traffic detectedNo Reference
150619MALWARE-CNC Sliver.C2.Poll traffic detectedNo Reference
150620MALWARE-CNC Sliver.C2.File traffic detectedNo Reference
151001MALWARE-CNC LATEOP.Upload of Certutil detectedNo Reference
151002MALWARE-CNC PENCILDOWN.Check-in attempt detectedNo Reference
151003MALWARE-CNC QUIBBLEDOWN.C2 traffic detectedNo Reference
61689MALWARE-CNC Win.Ransomware.CryptoLocker variant outbound connectionwww.secureworks.com/research/cryptolocker-ransomware
61692POLICY-OTHER MinIO REST API information disclosure attemptCVE:CVE-2023-28432
61702POLICY-OTHER Industrial Control Links ScadaFlex II arbitrary file delete attemptCVE:CVE-2022-25359
61703POLICY-OTHER Industrial Control Links ScadaFlex II arbitrary file write attemptCVE:CVE-2022-25359
61708MALWARE-OTHER Win.Trojan.Greatness outbound communication attemptNo Reference
61713SERVER-WEBAPP WordPress Comment Content Filter cross-site request forgery attemptCVE:CVE-2019-9787
61724POLICY-OTHER Cisco SD-WAN vManage cluster mode accessCVE:CVE-2023-20113
61725POLICY-OTHER Cisco SD-WAN vManage cluster mode accessCVE:CVE-2023-20113
61726POLICY-OTHER Cisco SD-WAN vManage cluster mode accessCVE:CVE-2023-20113
61727POLICY-OTHER Cisco SD-WAN vManage cluster mode acessCVE:CVE-2023-20113
61728POLICY-OTHER Cisco SD-WAN vManage cluster mode accessCVE:CVE-2023-20113
61729POLICY-OTHER Cisco SD-WAN vManage cluster mode accessCVE:CVE-2023-20113
61731FILE-IMAGE ImageMagick tEXt profile arbitrary file read attemptCVE:CVE-2022-44268
61733MALWARE-OTHER Ps1.Downloader.Agent download attemptcert.gov.ua/article/4492467
61735FILE-IMAGE ImageMagick tEXt profile denial of service attemptCVE:CVE-2022-44267
61737MALWARE-OTHER Andr.Trojan.AridViper binary download attemptvirustotal.com/en/file/682b58cad9e815196b7d7ccf04ab7383a9bbf1f74e65679e6c708f2219b8692b/analysis/
61739MALWARE-OTHER Andr.Trojan.AridViper binary download attemptvirustotal.com/en/file/f91e88dadc38e48215c81200920f0ac517da068ef00a75b1b67e3a0cd27a6552/analysis/
61741MALWARE-OTHER Andr.Trojan.AridViper binary download attemptvirustotal.com/en/file/fb9306f6a0cacce21afd67d0887d7254172f61c7390fc06612c2ca9b55d28f80/analysis/
61743MALWARE-OTHER Andr.Trojan.AridViper binary download attemptvirustotal.com/en/file/e0e2a101ede6ccc266d2f7b7068b813d65afa4a3f65cb0c19eb73716f67983f7/analysis/
61745MALWARE-OTHER Andr.Trojan.AridViper binary download attemptvirustotal.com/en/file/9a7b9edddc3cd450aadc7340454465bd02c8619dda25c1ce8df12a87073e4a1f/analysis/
61747MALWARE-OTHER Andr.Trojan.AridViper webshell download attemptvirustotal.com/en/file/768f5a914475a8d7dfae7b28267ca912e7baa0b84f2dcf2e7540f7c9041d94c6/analysis/
61749MALWARE-OTHER Andr.Trojan.AridViper binary download attemptvirustotal.com/en/file/ee98fd4db0b153832b1d64d4fea1af86aff152758fe6b19d01438bc9940f2516/analysis/
61751MALWARE-OTHER Andr.Trojan.AridViper binary download attemptvirustotal.com/en/file/a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885/analysis/
61753MALWARE-OTHER Andr.Trojan.AridViper binary download attemptvirustotal.com/en/file/8667482470edd4f7d484857fea5b560abe62553f299f25bb652f4c6baf697964/analysis/
61755MALWARE-OTHER Andr.Trojan.AridViper binary download attemptvirustotal.com/en/file/8667482470edd4f7d484857fea5b560abe62553f299f25bb652f4c6baf697964/analysis/
61757MALWARE-OTHER Andr.Trojan.AridViper binary download attemptvirustotal.com/en/file/8667482470edd4f7d484857fea5b560abe62553f299f25bb652f4c6baf697964/analysis/
61759MALWARE-OTHER Andr.Trojan.AridViper binary download attemptvirustotal.com/en/file/33ae5c96f8589cc8bcd2f5152ba360ca61f93ef406369966e69428989583a14e/analysis/
61762MALWARE-CNC Win.Ransomware.Babuk encrypted file exfiltration attemptgithub.com/hildaboo/babukransomwaresourcecode
61764MALWARE-OTHER Win.Ransomware.Babuk variant transfer attemptgithub.com/hildaboo/babukransomwaresourcecode
Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 8397
  • 7980
  • 43223
  • 1439
  • 13864
  • 38053
  • 38027
  • 40370
  • 49149
  • 17131
  • 35969
  • 41385
  • 44349
  • 27242
  • 41140
  • 47519
  • 38954
  • 45011
  • 45005
  • 44793
  • 44940
  • 19081
  • 28323
  • 52845
  • 140878
  • 53031
  • 35434
  • 59521
  • 46415
  • 140337
Share this Doc

IPS Threat Content Update Release Notes 104.0.1.358

Or copy link

In this topic ...