IPS Threat Content Update Release Notes 23.132.18

IPS Threat Content Update Release Notes 23.132.18

Refer to the following summary of signatures deployed on August 16th, 2023 with the IPS content release:

  • Signatures added: 31
  • Signatures modified: 330
  • Signatures removed: 8

Signatures Added

SIDDescriptionReference
62145MALWARE-OTHER Win.Trojan.Ursnif variant download attemptsocradar.io/ursnif-malware
62120MALWARE-BACKDOOR Php.Webshell.Generic download attemptvirustotal.com/gui
150648FILE-OFFICE Microsoft Office Word docx subDocument file include attemptNo Reference
150649FILE-OFFICE Microsoft Office RTF object remote code execution attemptCVE-2023-36884
150642OS-LINUX Polkit pkexec privilege escalation attemptCVE-2021-4034
150643OS-LINUX Polkit pkexec privilege escalation attemptCVE-2021-4034
150640MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attemptvirustotal.com/gui
150641MALWARE-TOOLS Win.Proxy.EarthWorm download attemptNo Reference
150646INDICATOR-COMPROMISE Microsoft Word internal OLE object update attemptCVE-2017-0199
150647FILE-OFFICE Microsoft Office Word rtf file ffdefres integer underflow attemptCVE-2016-0053
150644OS-LINUX Polkit pkexec privilege escalation attemptCVE-2021-4034
150645INDICATOR-COMPROMISE Microsoft Word internal object auto update attemptCVE-2017-0199
62140MALWARE-CNC Win.Ransomware.Yashma variant download attemptvirustotal.com/gui
62142MALWARE-OTHER Win.Ransomware.Yashma variant download attemptvirustotal.com/gui
62143MALWARE-CNC Win.Ransomware.Yashma outbound connection attemptvirustotal.com/gui
62147MALWARE-OTHER Win.Trojan.Ursnif variant download attemptsocradar.io/ursnif-malware
62149MALWARE-OTHER Win.Trojan.Ursnif variant download attemptsocradar.io/ursnif-malware
62138MALWARE-CNC Win.Ransomware.Yashma variant download attemptvirustotal.com/gui
62136MALWARE-CNC Win.Ransomware.Yashma variant download attemptvirustotal.com/gui
62203OS-WINDOWS Microsoft Windows kernel elevation of privilege attemptCVE-2023-35382
62209OS-WINDOWS Microsoft Windows kernel elevation of privilege attemptCVE-2023-35380
62134MALWARE-CNC Win.Ransomware.Yashma variant download attemptvirustotal.com/gui
62132MALWARE-CNC Win.Ransomware.Yashma variant download attemptvirustotal.com/gui
150639FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attemptCVE-2017-16383
150638OS-WINDOWS Microsoft Windows search-ms protocol invocation attemptCVE-2022-30190
62118MALWARE-BACKDOOR Php.Webshell.Generic download attemptvirustotal.com/gui
62155MALWARE-OTHER Win.Trojan.Ursnif variant download attemptsocradar.io/ursnif-malware
62153MALWARE-OTHER Win.Trojan.Ursnif variant download attemptsocradar.io/ursnif-malware
62151MALWARE-OTHER Win.Trojan.Ursnif variant download attemptsocradar.io/ursnif-malware
62211OS-WINDOWS Microsoft Windows kernel elevation of privilege attemptCVE-2023-35359
62216OS-WINDOWS Microsoft Windows kernel elevation of privilege attemptCVE-2023-35386

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 44912
  • 42137
  • 42177
  • 45819
  • 46840
  • 61392
  • 61525
  • 41202
Share this Doc

IPS Threat Content Update Release Notes 23.132.18

Or copy link

In this topic ...