IPS Threat Content Update Release Notes 23.143.1
IPS Threat Content Update Release Notes 23.143.1
Following is the summary of signatures deployed on October 30th, 2023 with the IPS content release:
-
Signatures Added : 17
-
Signatures Modified : 88
-
Signatures Removed : 3
Signatures Added
SID | Description | Reference |
---|---|---|
150688 | MALWARE-CNC UNC2975.Paperdrop.Get traffic detected | No Reference |
150686 | MALWARE-CNC UNC4962.Darkgate.C2.Communication traffic detected | No Reference |
150687 | MALWARE-CNC UNC4915.Cabdriver.Get traffic detected | No Reference |
150683 | MALWARE-CNC APT37.Karae.C2.Beacon traffic detected | No Reference |
62495 | BROWSER-WEBKIT Apple WebKit type confusion attempt | CVE-2023-32439 |
62479 | FILE-IMAGE Multiple products libwebp remote code execution attempt | CVE-2023-41064 |
62558 | MALWARE-OTHER Win.Trojan.Ryuk malicious download attempt | No Reference |
62556 | MALWARE-OTHER Win.Trojan.Ryuk malicious download attempt | www.virustotal.com/gui/file/92f124ea5217f3fe5cbab1c37a961df0437d5a9cbde1af268c60c4b3194b80ed |
62514 | MALWARE-CNC MultiOS.Downloader.Supershell outbound connection | www.virustotal.com/gui/file/47f2635cf27f9112f12bf4599a82bc92fccc46e98eef1b5c0d7dddb7051fd1b2 |
62568 | MALWARE-OTHER Win.Trojan.Gamaredon variant download attempt | www.virustotal.com/gui/file/cedbbbc4deb6569c23aa20ac64ad1c2b2bef6f7b3405cef861f26a0b44d836d9 |
150685 | MALWARE-OTHER HTML.Smuggling.Exploit traffic detected | No Reference |
150682 | MALWARE-CNC APT41.jQuery.Malleable Profile traffic detected | No Reference |
62566 | FILE-PDF Adobe Acrobat use after free attempt | CVE-2023-21608 |
62564 | MALWARE-OTHER Win.Trojan.Ryuk malicious download attempt | www.virustotal.com/en/file/0856b3c06805d3935b1db325c4e9c9131572b4cf09f07d989911495807775cab/detection/ |
62562 | MALWARE-OTHER Win.Trojan.Ryuk malicious download attempt | www.virustotal.com/gui/file/6c7f43434e5db8703c0a47dedeeab976159d8704bfbe2e4ff65405f38d508e9d |
62560 | MALWARE-OTHER Win.Trojan.Ryuk malicious download attempt | www.virustotal.com/gui/file/d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe |
62549 | MALWARE-BACKDOOR Win.Trojan.Shadowpad persistence executable download attempt | symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-attacks |
Removed Signatures
Removed the following signature due to False Positives (FP):
-
32640
-
62084
-
62086