IPS Threat Content Update Release Notes 23.124.205

IPS Threat Content Update Release Notes 23.124.205

Refer to the following summary of signatures deployed on 19th June, 2023 with the IPS content release:

  • Signatures added: 43
  • Signatures modified: 0
  • Signatures removed: 1321
Signatures Added
SIDDescriptionReference
61811MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/3b2744e90fed4986b85795331edf6c3448896aa5c65f31f811783a9cb3fba96f/analysis
61815MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/3b2744e90fed4986b85795331edf6c3448896aa5c65f31f811783a9cb3fba96f/analysis
140878MALWARE-CNC Metastealer communication channel identifiedNo Reference
61909OS-WINDOWS Microsoft Windows GDI elevation of privilege attemptCVE-2023-29358
61908OS-WINDOWS Microsoft Windows Cloud Files Mini Filter driver elevation of privilege attemptCVE-2023-29361
61852MALWARE-CNC Win.Downloader.Horabot malicious file download attemptNo Reference
61850MALWARE-CNC Win.Downloader.Horabot malicious file download attemptNo Reference
61809MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/3b2744e90fed4986b85795331edf6c3448896aa5c65f31f811783a9cb3fba96f/analysis
61805BROWSER-CHROME Google Chrome PerformLayout use after free attemptCVE-2022-3654
61807MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/3b2744e90fed4986b85795331edf6c3448896aa5c65f31f811783a9cb3fba96f/analysis
61803FILE-OTHER Microsoft Visual Studio Code Markdown Preview Enhanced extension command injection attemptCVE-2022-45025
61884MALWARE-TOOLS Win.Proxy.EarthWorm download attemptNo Reference
61860MALWARE-OTHER Win.Trojan.Cerbu file downloadNo Reference
61882INDICATOR-COMPROMISE Veeam Backup Server credential stealer script download attemptwww.veeam.com/kb4349
61842MALWARE-CNC Ps1.Trojan.Horabot malicious file download attemptNo Reference
61844MALWARE-OTHER Html.Downloader.Horabot trojan phishing attemptNo Reference
61846MALWARE-CNC Win.Trojan.Horabot malicious file download attemptNo Reference
61848MALWARE-CNC Ps1.Trojan.Horabot malicious file download attemptNo Reference
61793OS-LINUX Red Hat polkit privilege escalation attemptCVE-2021-3560
61827MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/53114a905b5b683bf19e39f54594dd7b01aca6f9db61e1622f3740c8ad1d5668/analysis
61823MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/3b2744e90fed4986b85795331edf6c3448896aa5c65f31f811783a9cb3fba96f/analysis
61912OS-WINDOWS Microsoft Windows User-mode Printer Driver privilege escalation attemptCVE-2023-29371
61935MALWARE-OTHER Win.Exploit.CVE_2023_28310 download attemptCVE-2023-28310
61821MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/783c7880798590218e39b5a0a594dc49f5700e7dbc8e4860f45d094f7dfdf897/analysis
61829MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/4ebd0d8be840fb988eaf5fc6564e04374cba3fae52718e9f6defe472466e9099/analysis
61831MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/277fb564eaf66291a48f8119bf80ff2461837efe05b10ccc9f20ef8510078dfc/analysis
61839MALWARE-CNC Win.Trojan.Horabot data exfiltration attemptNo Reference
61880MALWARE-CNC Win.Trojan.RedLine inbound command and control attemptwww.virustotal.com/gui/file/0795128a43b086cdc6b8a4036b318a5ba32762cc387a86b42e7211e6d3e164ad
61819MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/783c7880798590218e39b5a0a594dc49f5700e7dbc8e4860f45d094f7dfdf897/analysis
61879MALWARE-BACKDOOR Asp.Backdoor.MoveITShell download attemptNo Reference
61871INDICATOR-SHELLCODE Windows Donut x64 loader download attemptgithub.com/thewover/donut
61873INDICATOR-SHELLCODE Windows Donut x86 loader download attemptgithub.com/thewover/donut
61877MALWARE-BACKDOOR Asp.Backdoor.MoveITShell connection attemptNo Reference
61876MALWARE-BACKDOOR Asp.Backdoor.MoveITShell connection attemptNo Reference
61813MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/3b2744e90fed4986b85795331edf6c3448896aa5c65f31f811783a9cb3fba96f/analysis
61817MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/7278e6c8ef06fcfff3951aed692849833fe70c451a57e6aa97398ad5ca9ad343/analysis
61856MALWARE-CNC Ps1.Trojan.Horabot malicious file download attemptNo Reference
61854MALWARE-CNC Win.Downloader.Horabot malicious file download attemptNo Reference
61858MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attemptNo Reference
61825MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver downloadvirustotal.com/en/file/783c7880798590218e39b5a0a594dc49f5700e7dbc8e4860f45d094f7dfdf897/analysis
61890MALWARE-TOOLS Win.Loader.Meterpreter download attemptvirustotal.com/gui/file/41e5181b9553bbe33d91ee204fe1d2ca321ac123f9147bb475c0ed32f9488597
Signatures Removed

Removed the following signatures as they were more than eight years old:

SIDS
272, 495, 2100, 2375, 2707, 3192, 3683, 4132, 4133, 4134, 4147, 4150, 4153, 4156, 4160, 4167, 4171, 4174, 4175, 4178, 4179, 4181, 4182, 4183, 4184, 4185, 4187, 4188, 4189, 4192, 4198, 4199, 4200, 4201, 4202, 4203, 4204, 4205, 4206, 4207, 4208, 4209, 4210, 4211, 4212, 4213, 4214, 4215, 4216, 4217, 4218, 4219, 4220, 4221, 4222, 4223, 4224, 4225, 4226, 4227, 4228, 4229, 4230, 4231, 4232, 4233, 4234, 4235, 4236, 4647, 4916, 4982, 5713, 5772, 5814, 5816, 5819, 5821, 5823, 5958, 6002, 6003, 6004, 6005,
6006, 6007, 6008, 6024, 6046, 6057, 6066, 6088, 6090, 6092, 6094, 6096, 6107, 6113, 6146, 6148, 6161, 6165, 6176, 6177, 6178, 6286, 6298, 6299, 6303, 6311, 6313, 6315, 6317, 6399, 6476, 6516, 6517, 7017, 7072, 7086, 7088, 7090, 7112, 7115, 7180, 7422, 7423, 7424, 7538, 7542, 7603, 7605, 7607, 7609, 7616, 7619, 7629, 7630, 7632, 7634, 7636, 7643, 7677, 7697, 7716, 7717, 7719, 7723, 7727, 7729, 7735, 7741, 7752, 7755, 7758, 7759, 7769, 7778, 7783, 7796, 7810, 7814, 7821, 7835, 7874, 7934, 7948, 7954,
7970, 7976, 7989, 7991, 7993, 7995, 7997, 7999, 8001, 8003, 8005, 8007,8009, 8011, 8013, 8015, 8017, 8019, 8021, 8023, 8025, 8027, 8029, 8031, 8033, 8035, 8037, 8039, 8041, 8043, 8045, 8047, 8049, 8051, 8064, 8069, 8362, 8413, 8725, 9341, 9641, 9642, 9643, 9655, 9838, 9839, 9847, 10162, 11228, 13248, 13507, 13509, 13655, 14656, 16358, 16568, 18264, 20729, 23798, 25278, 25279, 25280, 25281, 27966, 27967, 27968, 29409, 29615, 29616, 29655, 29667, 29669, 29672, 29676, 29678, 29706, 29708, 29709,
29711, 29716, 29717, 29721, 29724, 29726, 29727, 29728, 29731, 29733, 29735, 29737, 29741, 29743, 29760, 29835, 29902, 29904, 29928, 30079, 30080, 30106, 30108, 30110, 30111, 30116, 30118, 30120, 30122, 30123, 30125, 30127, 30129, 30131, 30140, 30142, 30144, 30499, 30501, 30536, 30794, 30847, 30876, 30892, 30948, 30956, 30961, 30962, 31008, 31011, 31015, 31017, 31021, 31023, 31188, 31190, 31196, 31198, 31202, 31204, 31206, 31215, 31219, 31284, 31351, 31353, 31380, 31382, 31384, 31388,
31403, 31520, 31612, 31619, 31621, 31625, 31627, 31629, 31634, 31672, 31723, 31726, 31772, 31782, 31784, 31786, 31788, 31790, 31792, 31794, 31799, 31801, 31809, 31839, 31847, 31986, 32021, 32024, 32045, 32046, 32047, 32077, 32138, 32139, 32147, 32149, 32151, 32153, 32155, 32159, 32161, 32166, 32168, 32170, 32182, 32184, 32186, 32190, 32228, 32238, 32305, 32307, 32313, 32317, 32362, 32364, 32424, 32426, 32430, 32432, 32433, 32438, 32441, 32442, 32460, 32470, 32471, 32474, 32495, 32497,
32534, 32540, 32544, 32552, 32560, 32567, 32574, 32592, 32629, 32679, 32683, 32685, 32687, 32689, 32703, 32707, 32711, 32714, 32716, 32718, 32720, 32722, 32724, 32750, 32764, 32783, 32793, 32815, 32819, 32834, 32835, 33051, 33077, 33085, 33091, 33093, 33115, 33157, 33191, 33192, 33195, 33203, 33263, 33264, 33265, 33272, 33289, 33290, 33312, 33314, 33315, 33317, 33323, 33324, 33331, 33333, 33335, 33340, 33345, 33347, 33348, 33350, 33353, 33356, 33359, 33361, 33362, 33365, 33369, 33371,
33373, 33375, 33377, 33379, 33381, 33383, 33385, 33387, 33389, 33391, 33393, 33395, 33397, 33399, 33401, 33403, 33405, 33407, 33409, 33412, 33415, 33417, 33419, 33421, 33422, 33425, 33459, 33465, 33469, 33473, 33485, 33498, 33503, 33505, 33509, 33539, 33631, 33705, 33707, 33709, 33711, 33715, 33718, 33722, 33724, 33726, 33730, 33736, 33738, 33741, 33743, 33763, 33775, 33899, 33919, 33923, 33967, 33977, 33998, 34020, 34059, 34062, 34066, 34070, 34072, 34074, 34076, 34084, 34086, 34089, 34093, 34133, 34153, 34156, 34164, 34166, 34172, 34186, 34191, 34195,
34196, 34197, 34198, 34199, 34200, 34201, 34202, 34203, 34240, 34247, 34255, 34256, 34264, 34265, 34268, 34270, 34272, 34276, 34302, 34355, 34371, 34381, 34383, 34385, 34387, 34389, 34400, 34401, 34403, 34409, 34411, 34415, 34419, 34420, 34422, 34424, 34428, 34430, 34432, 34437, 34440, 34444, 34466, 34473, 34502, 34510, 34511, 34514, 34516, 34520, 34524, 34526, 34538, 34542, 34546, 34548, 34550, 34553, 34557, 34559, 34561, 34582, 34589, 34590, 34592, 34650, 34652, 34721, 34723, 34725,
34727, 34729, 34731, 34733, 34735, 34737, 34739, 34743, 34745, 34747, 34750, 34753, 34755, 34757, 34759, 34763, 34765, 34767, 34778, 34790, 34794, 34803, 34807, 34816, 34819, 34845, 34847, 34848, 34853, 34873, 34988, 35018, 35020, 35051, 35052, 35070, 35071, 35072, 35114, 35119, 35121, 35123, 35125, 35137, 35139, 35141, 35145, 35152, 35154, 35156, 35158, 35164, 35172, 35176, 35178, 35182, 35184, 35190, 35196, 35199, 35201, 35203, 35205, 35209, 35210, 35213, 35217, 35223, 35228, 35231,
35235, 35239, 35240, 35267, 35271, 35275, 35292, 35296, 35304, 35308, 35319, 35321, 35323, 35325, 35362, 35364, 35380, 35382, 35408, 35410, 35430, 35453, 35463, 35467, 35468, 35469, 35473, 35475, 35481, 35483, 35485, 35489, 35491, 35493, 35495, 35497, 35499, 35501, 35503, 35505, 35509, 35511, 35515, 35517, 35519, 35521, 35523, 35536, 35571, 35576, 35578, 35582, 35584, 35589, 35599, 35605, 35607, 35618, 35632, 35642, 35648, 35651, 35656, 35658, 35662, 35666, 35671, 35693, 35695, 35715,
35717, 35719, 35725, 35741, 35748, 35751, 35753, 35759, 35767, 35779, 35809, 35811, 35813, 35820, 35822, 35836, 35946, 35948, 35949, 35955, 35956, 35961, 35963, 35965, 35970, 35975, 35984, 35990, 35992, 35996, 36000, 36002, 36004, 36006, 36008, 36014, 36018, 36026, 36054, 36069, 36109, 36113, 36124, 36125, 36143, 36147, 36154, 36155, 36160, 36161, 36162, 36163, 36189, 36193, 36203, 36229, 36235, 36237, 36240, 36244, 36257, 36263, 36287, 36289, 36295, 36297, 36299, 36311, 36315, 36318,
36321, 36341, 36347, 36351, 36352, 36367, 36371, 36398, 36401, 36421, 36423, 36427, 36429, 36437, 36439, 36441, 36443, 36450, 36507, 36512, 36549, 36551, 36574, 36582, 36586, 36590, 36597, 36605, 36671, 36673, 36675, 36679, 36681, 36683, 36685, 36687, 36689, 36691, 36693, 36695, 36697, 36699, 36701, 36703, 36705, 36707, 36709, 36712, 36714, 36716, 36720, 36722, 36737, 36738, 36740, 36742, 36746, 36751, 36761, 36827, 36836, 36838, 36842, 36844, 36848, 36850, 36852, 36861, 36873, 36875,
36878, 36880, 36896, 36897, 36917, 36920, 36924, 36926, 36928, 36931, 36932, 36934, 36936, 36938, 36940, 36942, 36944, 36946, 36948, 36950, 36952, 36956, 36958, 36960, 36962, 36964, 36966, 36970, 36974, 36976, 36980, 36982, 36984, 36986, 36988, 36989, 36994, 36996, 36997, 36999, 37000, 37003, 37009, 37069, 37073, 37079, 37083, 37088, 37093, 37103, 37107, 37111, 37112, 37115, 37122, 37125, 37142, 37149, 37150, 37156, 37162, 37165, 37173, 37175, 37177, 37181, 37187, 37189, 37191, 37193,
37199, 37201, 37203, 37209, 37217, 37220, 37223, 37229, 37231, 37234, 37236, 37240, 37245, 37254, 37344, 37350, 37352, 37409, 37441, 37453, 37626, 37629, 37631, 37633, 37644, 37668, 37684, 37700, 37702, 37704, 37706, 37708, 37709, 37722, 37726, 37806, 37824, 37925, 37926, 37927, 37937, 38102, 38209, 38217, 38311, 38576, 38580, 38623, 38778, 39294, 39438, 39439, 39526, 39528, 39530, 39560, 39710, 39788, 39798, 40009,
40620, 40621, 40622, 40623, 40624, 40632, 40633, 40653, 40727, 40731, 40818, 41045, 41318, 41332, 41411, 41418, 41472, 41473, 41474, 41485, 41587, 41599, 41635, 41644, 41705, 41708, 41740, 41792, 41911, 42032, 42036, 42198, 42416, 42749, 42834, 42835, 42836, 42837, 42863, 43453, 43454, 43802, 43803, 43853, 43886, 44173, 44174, 44182, 44356, 44363, 44364, 44702, 45062, 45064, 45309, 45500, 45613, 45615, 46135, 46406, 46630, 47005, 47006, 47241, 47242, 47461, 48025, 48063, 48378, 48497,
48498, 48823, 48824, 49048, 49091, 49092, 49312, 49324, 49361, 49374, 49583, 49585, 49805, 49900, 49902, 49917, 49941, 49950, 50121, 50171, 50276, 50277, 50278, 50387, 50388, 50389, 50520, 50521, 50800, 50947, 50948, 50950, 50951, 50952, 50953, 50954, 50955, 51025, 51081, 51163, 51309, 51368, 51857, 51858, 51860, 51864, 51865, 51943, 52079, 52100, 52288, 52517, 52661, 53142, 53400, 53401, 53631, 54279, 54280, 54281, 55802, 56223, 56290, 56391, 56406, 56407, 56574, 56768, 57235, 57236,
57237, 57238, 57239, 57240, 57279, 57280, 57281, 57311, 57312, 57313, 57342, 57499, 57817, 57819, 57825, 57826, 57827, 57874, 57922, 57923, 57925, 57926, 57927, 57928, 57929, 57930, 57942, 57943, 57944, 57945, 57946, 57947, 57955, 57956, 57957, 57958, 57959, 57960, 57961, 57962, 57992, 57993, 57994, 57995, 57996, 58050, 58051, 58089, 58090, 58096, 58139, 58142, 58145, 58148, 58149, 58151, 58162, 58163, 58165, 58168, 58176, 58177, 58179, 58181, 58228, 58244, 58297, 58347, 58348, 58349,
58350, 58351, 58435, 58436, 58438, 58453, 58492, 58493, 58700, 58711, 58912, 58916, 58917, 58918, 58921, 58922, 58923, 58924, 59019, 59022, 59025, 59035, 59038, 59039, 59040, 59042, 59045, 59049, 59051, 59054, 59057, 59091, 59094, 59219, 59259, 59263, 59264, 59265, 59347, 59349, 59350, 59351, 59354, 59396, 59398, 59400, 60283, 60284, 60285, 60297, 60298, 60299, 60300, 60337, 60339, 60400, 60401, 60451, 60452, 60469, 60494, 60496, 60497, 60582, 60584, 60585, 60586, 60588, 60637, 60638,
60639, 60640, 60641, 60666, 60669, 60825, 61047, 61072, 61085, 61157, 61158, 61159, 149183, 149187, 149189, 149190, 149191, 149192, 149193, 149194, 149195, 149196, 149198, 149199, 149200
Share this Doc

IPS Threat Content Update Release Notes 23.124.205

Or copy link

In this topic ...