IPS Threat Content Update Release Notes 23.143.1

IPS Threat Content Update Release Notes 23.143.1

Following is the summary of signatures deployed on October 30th, 2023 with the IPS content release:

  • Signatures Added : 17

  • Signatures Modified : 88

  • Signatures Removed : 3

Signatures Added

SIDDescriptionReference
150688MALWARE-CNC UNC2975.Paperdrop.Get traffic detectedNo Reference
150686MALWARE-CNC UNC4962.Darkgate.C2.Communication traffic detectedNo Reference
150687MALWARE-CNC UNC4915.Cabdriver.Get traffic detectedNo Reference
150683MALWARE-CNC APT37.Karae.C2.Beacon traffic detectedNo Reference
62495BROWSER-WEBKIT Apple WebKit type confusion attemptCVE-2023-32439
62479FILE-IMAGE Multiple products libwebp remote code execution attemptCVE-2023-41064
62558MALWARE-OTHER Win.Trojan.Ryuk malicious download attemptNo Reference
62556MALWARE-OTHER Win.Trojan.Ryuk malicious download attemptwww.virustotal.com/gui/file/92f124ea5217f3fe5cbab1c37a961df0437d5a9cbde1af268c60c4b3194b80ed
62514MALWARE-CNC MultiOS.Downloader.Supershell outbound connectionwww.virustotal.com/gui/file/47f2635cf27f9112f12bf4599a82bc92fccc46e98eef1b5c0d7dddb7051fd1b2
62568MALWARE-OTHER Win.Trojan.Gamaredon variant download attemptwww.virustotal.com/gui/file/cedbbbc4deb6569c23aa20ac64ad1c2b2bef6f7b3405cef861f26a0b44d836d9
150685MALWARE-OTHER HTML.Smuggling.Exploit traffic detectedNo Reference
150682MALWARE-CNC APT41.jQuery.Malleable Profile traffic detectedNo Reference
62566FILE-PDF Adobe Acrobat use after free attemptCVE-2023-21608
62564MALWARE-OTHER Win.Trojan.Ryuk malicious download attemptwww.virustotal.com/en/file/0856b3c06805d3935b1db325c4e9c9131572b4cf09f07d989911495807775cab/detection/
62562MALWARE-OTHER Win.Trojan.Ryuk malicious download attemptwww.virustotal.com/gui/file/6c7f43434e5db8703c0a47dedeeab976159d8704bfbe2e4ff65405f38d508e9d
62560MALWARE-OTHER Win.Trojan.Ryuk malicious download attemptwww.virustotal.com/gui/file/d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe
62549MALWARE-BACKDOOR Win.Trojan.Shadowpad persistence executable download attemptsymantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-attacks

Removed Signatures

Removed the following signature due to False Positives (FP):

  • 32640

  • 62084

  • 62086

Share this Doc

IPS Threat Content Update Release Notes 23.143.1

Or copy link

In this topic ...