IPS Threat Content Update Release Notes 23.147.10
IPS Threat Content Update Release Notes 23.147.10
Following is the summary of signatures deployed on November 22nd, 2023 with the IPS content release:
- Signatures Added: 25
- Signatures Modified: 4
- Signatures Removed: 49
Signatures Added
SID | Description | Reference |
---|---|---|
150689 | MALWARE-CNC FROSTHEAVE.Endpoint traffic detected | No Reference |
150690 | MALWARE-CNC HYDROFLAX.Check-in traffic detected | No Reference |
150691 | MALWARE-CNC REALCRYPT.Beacon traffic detected | No Reference |
150692 | MALWARE-CNC NUTWAFFLE.C2 traffic detected | No Reference |
150693 | MALWARE-OTHER MultiOS.Malware.Bibi variant download attempt | http://virustotal.com/gui/file/23bae09b5699c2d5c4cb1b8aa908a3af898b00f88f06e021edcb16d7d558efad |
62572 | FILE-IMAGE Microsoft Windows Camera Codec Pack remote code execution attempt | CVE-2021-24091 |
62579 | BROWSER-CHROME Google Chrome Origin Trials type confusion attempt | CVE-2023-2724 |
62587 | BROWSER-CHROME Google Chrome SetChangePasswordResponseCode use-after-free attempt | CVE-2022-3842 |
62589 | BROWSER-CHROME Google Chrome SetChangePasswordResponseCode use-after-free attempt | CVE-2022-3842 |
62591 | BROWSER-CHROME Google Chrome OpenXrApiWrapper use-after-free attempt | CVE-2023-3217 |
62593 | BROWSER-CHROME Google Chrome Turbofan memory corruption attempt | CVE-2023-4352 |
62595 | BROWSER-OTHER Google Chrome OnItemRemoved heap overflow attempt | CVE-2022-2853 |
62598 | MALWARE-CNC Win.Trojan.AlpsAlpine CNC outbound connection | No Reference |
62599 | MALWARE-CNC Win.Trojan.AlpsAlpine CNC outbound connection | No Reference |
62602 | OS-WINDOWS Microsoft Windows Microsoft Streaming Service Proxy elevation of privilege attempt | CVE-2023-36802 |
62606 | OS-MOBILE Samsung Galaxy AppStore JavaScript execution attempt | CVE-2023-21434 |
62616 | MALWARE-OTHER MultiOS.Malware.Bibi variant download attempt | http://virustotal.com/gui/file/23bae09b5699c2d5c4cb1b8aa908a3af898b00f88f06e021edcb16d7d558efad |
62617 | MALWARE-CNC Unix.Trojan.POSEIDON variant outbound connection attempt | cert.gov.ua/article/6123309 |
62618 | MALWARE-CNC Win.Trojan.ExelaStealer CNC outbound connection | github.com/quicaxd/exela-v2.0 |
62619 | MALWARE-CNC Win.Trojan.CerberRansomware variant outbound connection attempt | redcanary.com/blog/confluence-exploit-ransomware/ |
62628 | OS-WINDOWS Microsoft Windows Storage elevation of privilege attempt | CVE-2023-36399 |
62631 | OS-WINDOWS Microsoft Windows Cloud Files Mini Filter driver elevation of privilege attempt | CVE-2023-36036 |
62633 | OS-WINDOWS Microsoft Windows Desktop Window Manager escalation of privilege attempt | CVE-2023-36033 |
62642 | OS-WINDOWS Microsoft Windows Search service elevation of privilege attempt | CVE-2023-36394 |
62644 | FILE-OFFICE Microsoft Office security feature bypass attempt | CVE-2023-36413 |
Signatures Removed
Removed the following signature due to False Positives (FP):
- 44933
- 42888
- 41808
- 49569
- 40201
- 40200
- 42789
- 43161
- 44977
- 27592
- 40677
- 44528
- 39139
- 39138
- 39115
- 39114
- 42932
- 27920
- 44829
- 54665
- 40383
- 44470
- 62284
- 53533
- 26576
- 41340
- 48781
- 49781
- 40896
- 28345
- 28415
- 40050
- 40051
- 45013
- 25532
- 38028
- 28025
- 35360
- 40998
- 40197
- 40191
- 32478
- 26449
- 27736
- 9817
- 38114
- 44469
- 44873
- 58814