IPS Threat Content Update Release Notes 23.134.17
IPS Threat Content Update Release Notes 23.134.17
Refer to the following summary of signatures deployed on August 30, 2023 with the IPS content release:
- Signatures added: 49
- Signatures modified: 3
- Signatures removed: 4
Signatures Added
| SID | Description | References |
|---|---|---|
| 150650 | MALWARE-CNC ANGLER.EK.JS.Exploit traffic detected | no reference |
| 150652 | MALWARE-CNC FALLOUT.EK.Generic traffic detected | No reference |
| 150653 | MALWARE-CNC EMOTET.Trickbot.C2 traffic detected | no reference |
| 150654 | MALWARE-CNC Brute.Ratel.Generic traffic detected | no reference |
| 150655 | MALWARE-CNC Bumblebee.Generic.Get traffic detected | no reference |
| 150656 | MALWARE-CNC QakBot.Generic.Post traffic detected | No reference |
| 150657 | MALWARE-CNC QakBot.Generic.Get traffic detected | no reference |
| 160118 | FILE-PDF Adobe Acrobat Use-After-Free read attempt | CVE-2023-29303 |
| 160119 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-38223 |
| 160120 | FILE-PDF Adobe Acrobat Use-After-Free read attempt | CVE-2023-38222 |
| 160121 | FILE-PDF Adobe Acrobat Use-After-Free read attempt | CVE-2023-38227 |
| 160122 | FILE-PDF Adobe Acrobat Use-After-Free read attempt | CVE-2023-38230 |
| 160123 | FILE-PDF Adobe Acrobat out-of-bound write attempt | CVE-2023-38231 |
| 160124 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-38226 |
| 160125 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-38242 |
| 160126 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-38248 |
| 160127 | FILE-PDF Adobe Acrobat out-of-bound write attempt | CVE-2023-38233 |
| 160128 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-38239 |
| 62196 | MALWARE-OTHER Win.Ransomware.Halo variant download attempt | no reference |
| 62198 | FILE-OTHER AMD Zen 2 VZEROUPPER instruction register File State leak attempt | CVE-2023-20593 |
| 62221 | MALWARE-OTHER Win.Infostealer.Invicta variant download attempt | sentinelone.com/blog/rhysida-ransomware-raas-crawls-out-of-crimeware-undergrowth-to-attack-chilean-army |
| 62223 | MALWARE-OTHER Win.Trojan.Rhysida variant download attempt | sentinelone.com/blog/rhysida-ransomware-raas-crawls-out-of-crimeware-undergrowth-to-attack-chilean-army |
| 62225 | MALWARE-OTHER Win.Trojan.Rhysida variant download attempt | sentinelone.com/blog/rhysida-ransomware-raas-crawls-out-of-crimeware-undergrowth-to-attack-chilean-army |
| 62229 | MALWARE-OTHER Win.Ransomware.Rhysida variant download attempt | sentinelone.com/blog/rhysida-ransomware-raas-crawls-out-of-crimeware-undergrowth-to-attack-chilean-army |
| 62233 | MALWARE-OTHER Win.Ransomware.BigHead variant download attempt | trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html |
| 62235 | MALWARE-OTHER Win.Ransomware.BigHead variant download attempt | trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html |
| 62237 | MALWARE-OTHER Win.Ransomware.BigHead variant download attempt | trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html |
| 62239 | MALWARE-OTHER Win.Ransomware.BigHead variant download attempt | trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html |
| 62244 | MALWARE-CNC Win.Malware.SapphireStealer variant outbound connection | github.com/0day2/sapphirestealer/ |
| 62245 | MALWARE-CNC Win.Malware.SapphireStealer variant outbound connection | github.com/0day2/sapphirestealer/ |
| 62246 | MALWARE-CNC Win.Malware.SapphireStealer variant outbound connection | github.com/0day2/sapphirestealer/ |
| 62247 | MALWARE-CNC Win.Malware.SapphireStealer variant outbound connection | github.com/0day2/sapphirestealer/ |
| 62248 | MALWARE-CNC Win.Malware.QuiteRAT variant outbound connection attempt | blog.talosintelligence.com/lazarus-three-rats/ |
| 62252 | MALWARE-OTHER Andr.Trojan.Bahamut variant download attempt | virustotal.com/gui/file/8a35d0b20b6f057fe42e606a124cb84d78fa95900a16b056269f1cc613853989 |
| 62253 | MALWARE-CNC Win.Malware.Lazarus variant outbound connection attempt | medium.com/@dcso_cytec/andariels-jupiter-malware-and-the-case-of-the-curious-c2-dbfe29f57499 |
| 62254 | MALWARE-CNC Win.Malware.Lazarus variant outbound connection attempt | medium.com/@dcso_cytec/andariels-jupiter-malware-and-the-case-of-the-curious-c2-dbfe29f57499 |
| 62255 | MALWARE-CNC Win.Malware.Lazarus variant outbound connection attempt | medium.com/@dcso_cytec/andariels-jupiter-malware-and-the-case-of-the-curious-c2-dbfe29f57499 |
| 62260 | POLICY-OTHER Ivanti Endpoint Manager Mobile restricted endpoint access attempt | CVE-2023-35081 |
| 62261 | POLICY-OTHER Ivanti Endpoint Manager Mobile restricted filetype access attempt | CVE-2023-35081 |
| 62262 | POLICY-OTHER Ivanti Endpoint Manager Mobile restricted endpoint access attempt | CVE-2023-35081 |
| 62263 | POLICY-OTHER Ivanti Endpoint Manager Mobile restricted endpoint access attempt | CVE-2023-35081 |
| 62265 | POLICY-OTHER HTML Sanitizer cross site scripting attempt | CVE-2021-42575 |
| 62284 | FILE-OTHER XSLT Java code execution attempt | CVE-2023-26119 |
| 62287 | OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt | CVE-2022-21881 |
| 62290 | MALWARE-OTHER Win.Backdoor.Gootloader variant download attempt | no reference |
| 62292 | OS-WINDOWS Microsoft Windows NPFS file system privilege escalation attempt | CVE-2022-22715 |
| 62293 | OS-WINDOWS Microsoft Windows NPFS file system privilege escalation attempt | CVE-2022-22715 |
| 62298 | MALWARE-CNC Win.Malware.DarkGate outbound connection attempt | 0xtoxin.github.io/threat%20breakdown/darkgate-camapign-analysis/ |
| 62302 | FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt | CVE-2010-1247 |
Signatures Removed
Following signatures are removed due to FP:
SIDS Removed – 25636, 40123, 46942, and 150202.
