IPS Threat Content Update Release Notes 23.147.10

IPS Threat Content Update Release Notes 23.147.10

Following is the summary of signatures deployed on November 22nd, 2023 with the IPS content release:

  • Signatures Added: 25
  • Signatures Modified: 4
  • Signatures Removed: 49

Signatures Added

SIDDescriptionReference
150689MALWARE-CNC FROSTHEAVE.Endpoint traffic detectedNo Reference
150690MALWARE-CNC HYDROFLAX.Check-in traffic detectedNo Reference
150691MALWARE-CNC REALCRYPT.Beacon traffic detectedNo Reference
150692MALWARE-CNC NUTWAFFLE.C2 traffic detectedNo Reference
150693MALWARE-OTHER MultiOS.Malware.Bibi variant download attempthttp://virustotal.com/gui/file/23bae09b5699c2d5c4cb1b8aa908a3af898b00f88f06e021edcb16d7d558efad
62572FILE-IMAGE Microsoft Windows Camera Codec Pack remote code execution attemptCVE-2021-24091
62579BROWSER-CHROME Google Chrome Origin Trials type confusion attemptCVE-2023-2724
62587BROWSER-CHROME Google Chrome SetChangePasswordResponseCode use-after-free attemptCVE-2022-3842
62589BROWSER-CHROME Google Chrome SetChangePasswordResponseCode use-after-free attemptCVE-2022-3842
62591BROWSER-CHROME Google Chrome OpenXrApiWrapper use-after-free attemptCVE-2023-3217
62593BROWSER-CHROME Google Chrome Turbofan memory corruption attemptCVE-2023-4352
62595BROWSER-OTHER Google Chrome OnItemRemoved heap overflow attemptCVE-2022-2853
62598MALWARE-CNC Win.Trojan.AlpsAlpine CNC outbound connectionNo Reference
62599MALWARE-CNC Win.Trojan.AlpsAlpine CNC outbound connectionNo Reference
62602OS-WINDOWS Microsoft Windows Microsoft Streaming Service Proxy elevation of privilege attemptCVE-2023-36802
62606OS-MOBILE Samsung Galaxy AppStore JavaScript execution attemptCVE-2023-21434
62616MALWARE-OTHER MultiOS.Malware.Bibi variant download attempthttp://virustotal.com/gui/file/23bae09b5699c2d5c4cb1b8aa908a3af898b00f88f06e021edcb16d7d558efad
62617MALWARE-CNC Unix.Trojan.POSEIDON variant outbound connection attemptcert.gov.ua/article/6123309
62618MALWARE-CNC Win.Trojan.ExelaStealer CNC outbound connectiongithub.com/quicaxd/exela-v2.0
62619MALWARE-CNC Win.Trojan.CerberRansomware variant outbound connection attemptredcanary.com/blog/confluence-exploit-ransomware/
62628OS-WINDOWS Microsoft Windows Storage elevation of privilege attemptCVE-2023-36399
62631OS-WINDOWS Microsoft Windows Cloud Files Mini Filter driver elevation of privilege attemptCVE-2023-36036
62633OS-WINDOWS Microsoft Windows Desktop Window Manager escalation of privilege attemptCVE-2023-36033
62642OS-WINDOWS Microsoft Windows Search service elevation of privilege attemptCVE-2023-36394
62644FILE-OFFICE Microsoft Office security feature bypass attemptCVE-2023-36413

Signatures Removed

Removed the following signature due to False Positives (FP):

  • 44933
  • 42888
  • 41808
  • 49569
  • 40201
  • 40200
  • 42789
  • 43161
  • 44977
  • 27592
  • 40677
  • 44528
  • 39139
  • 39138
  • 39115
  • 39114
  • 42932
  • 27920
  • 44829
  • 54665
  • 40383
  • 44470
  • 62284
  • 53533
  • 26576
  • 41340
  • 48781
  • 49781
  • 40896
  • 28345
  • 28415
  • 40050
  • 40051
  • 45013
  • 25532
  • 38028
  • 28025
  • 35360
  • 40998
  • 40197
  • 40191
  • 32478
  • 26449
  • 27736
  • 9817
  • 38114
  • 44469
  • 44873
  • 58814
Share this Doc

IPS Threat Content Update Release Notes 23.147.10

Or copy link

In this topic ...