IPS Threat Content Update Release Notes 23.125.17
IPS Threat Content Update Release Notes 23.125.17
Refer to the following summary of signatures deployed on 27th June, 2023 with the IPS content release:
- Signatures added: 12
- Signatures modified: 14
- Signatures removed: 5
Signatures Added
SID | Description | Reference |
---|---|---|
150621 | MALWARE-CNC Sliver.C2.Session Start traffic detected | No Reference |
150624 | MALWARE-CNC Sliver.C2.File traffic detected | No Reference |
150626 | MALWARE-CNC Sliver.C2.Generic traffic detected | No Reference |
61904 | MALWARE-CNC Win.Trojan.Gozi malicious file download | www.virustotal.com/gui/file/d67275e2cd7f5764d1d7fe088fa1683bc9aa873447e82d02fc2c6da2e11f01bc |
61902 | MALWARE-CNC Win.Trojan.Redline malicious file download | www.virustotal.com/gui/file/666e5755e21665e8fd2a26425563d05f1cbd0a5024ad763c71e6d62e68cac438 |
61948 | MALWARE-OTHER Win.Trojan.Barys file download attempt | No Reference |
150622 | MALWARE-CNC Sliver.C2.Session Message traffic detected | No Reference |
150623 | MALWARE-CNC Sliver.C2.Poll traffic detected | No Reference |
61906 | FILE-OTHER Microsoft Visual Studio Python Interpreter Services remote code execution attempt | CVE-2021-27068 |
61950 | MALWARE-OTHER Win.Trojan.Barys file download attempt | No Reference |
61916 | OS-WINDOWS Microsoft Windows TPM device driver elevation of privilege attempt | CVE-2023-29360 |
61914 | MALWARE-TOOLS Win.Proxy.frp download attempt | github.com/fatedier/frp |
Signatures Removed
Removed the following signatures due to False Positives (FP):
- 41457
- 18357
- 39603
- 39601
- 61455