IPS Threat Content Update Release Notes 24.102.13
IPS Threat Content Update Release Notes 24.102.13
Following is the summary of signatures deployed on January 16th, 2024 with the IPS content release:
-
Signatures Added: 36
-
Signatures Modified: 1
-
Signatures Removed: 2
Signatures Added
SID | Description | Reference |
---|---|---|
150725 | MALWARE-CNC Cobalt Strike APT1.VT.Profile traffic detected | cobaltstrike.com |
150726 | MALWARE-CNC Cobalt Strike msupdate.getonly traffic detected | cobaltstrike.com |
150727 | MALWARE-CNC Cobalt Strike amazon.db.search traffic detected | cobaltstrike.com |
150728 | MALWARE-CNC Cobalt Strike msnbc.video.get traffic detected | cobaltstrike.com |
150729 | MALWARE-CNC Cobalt Strike ocsp.get traffic detected | cobaltstrike.com |
150730 | MALWARE-CNC Cobalt Strike owa.calendar.get traffic detected | cobaltstrike.com |
150731 | MALWARE-CNC Cobalt Strike onedrive.get traffic detected | cobaltstrike.com |
150732 | MALWARE-CNC Cobalt Strike pandora.get traffic detected | cobaltstrike.com |
150733 | MALWARE-CNC Cobalt Strike poseidon.get traffic detected | cobaltstrike.com |
150734 | MALWARE-CNC Cobalt Strike powrunner.get traffic detected | cobaltstrike.com |
150735 | MALWARE-CNC Cobalt Strike qakbot.get traffic detected | cobaltstrike.com |
150736 | MALWARE-CNC Cobalt Strike ramnit.get traffic detected | cobaltstrike.com |
150737 | MALWARE-CNC Cobalt Strike ratankba.get traffic detected | cobaltstrike.com |
150738 | MALWARE-CNC Cobalt Strike salesforce.get traffic detected | cobaltstrike.com |
150739 | MALWARE-CNC Cobalt Strike slack.get traffic detected | cobaltstrike.com |
150740 | MALWARE-CNC Cobalt Strike sofacy.get traffic detected | cobaltstrike.com |
150741 | MALWARE-CNC Cobalt Strike stackoverflow.get traffic detected | cobaltstrike.com |
150742 | MALWARE-CNC Cobalt Strike so.paerls.get traffic detected | cobaltstrike.com |
150743 | MALWARE-CNC Cobalt Strike template.profile.get traffic detected | cobaltstrike.com |
150744 | MALWARE-CNC Cobalt Strike trevor.profile.get traffic detected | cobaltstrike.com |
150745 | MALWARE-CNC Cobalt Strike trick-ryuk.profile.get traffic detected | cobaltstrike.com |
150746 | MALWARE-CNC Cobalt Strike ursnif-icedid.profile.get traffic detected | cobaltstrike.com |
150747 | MALWARE-CNC Cobalt Strike xbash.profile.get traffic detected | cobaltstrike.com |
150748 | MALWARE-CNC Cobalt Strike zloader.profile.get traffic detected | cobaltstrike.com |
150749 | MALWARE-CNC Cobalt Strike zillow.profile.get traffic detected | cobaltstrike.com |
150750 | MALWARE-CNC Cobalt Strike zoom.profile.get traffic detected | cobaltstrike.com |
62788 | MALWARE-CNC Win.Trojan.GravityRAT variant outbound connection | https://www.virustotal.com/gui/file/caf0a39318cfc1e65eae773a28de62ce08b7cf1b9d4264e843576165411e2a84 |
62816 | MALWARE-OTHER Win.Dropper.Generic variant binary download attempt | No Reference |
62817 | MALWARE-CNC Win.Infostealer.Generic variant outbound connection | https://www.virustotal.com/gui/file/bc25f7836c273763827e1680856ec6d53bd73bbc4a03e9f743eddfc53cf68789 |
62818 | MALWARE-OTHER Win.Trojan.GravityRat variant malware download attempt | https://www.virustotal.com/gui/file/caf0a39318cfc1e65eae773a28de62ce08b7cf1b9d4264e843576165411e2a84 |
62848 | OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt | CVE-2024-20683 |
62850 | OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt | CVE-2024-20698 |
62855 | OS-WINDOWS Microsoft Windows Common Log File System escalation of privilege attempt | CVE-2024-20653 |
62857 | OS-WINDOWS Microsoft Windows Common Log File System escalation of privilege attempt | CVE-2024-20653 |
62859 | OS-WINDOWS Microsoft Windows Common Log File System escalation of privilege attempt | CVE-2024-20653 |
62861 | OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt | CVE-2024-21310 |
Signatures Removed
Removed the following signature due to False Positives (FP):
-
50436
-
62722