IPS Threat Content Update Release Notes 24.104.19
IPS Threat Content Update Release Notes 24.104.19
Following is the summary of signatures deployed on January 31st, 2024 with the IPS content release:
-
Signatures Added: 41
-
Signatures Modified: 0
-
Signatures Removed: 0
Signatures Added
SID | Description | Reference |
---|---|---|
150694 | MALWARE-OTHER HTML.Smuggling.Exploit traffic detected | No Reference |
150751 | MALWARE-CNC Scanbox.Enumerate.Programs traffic detected | cobaltstrike.com |
150752 | MALWARE-CNC APT28.Sedkit traffic detected | cobaltstrike.com |
150753 | MALWARE-CNC EK.Flash.Generic traffic detected | cobaltstrike.com |
150754 | MALWARE-CNC UNC2653.Beacon.c2 traffic detected | cobaltstrike.com |
150755 | MALWARE-CNC Temp.Armageddon.Template.Download traffic detected | cobaltstrike.com |
150756 | MALWARE-CNC Recordstealer.c2 traffic detected | cobaltstrike.com |
150757 | MALWARE-CNC Havanacrypt.c2 traffic detected | cobaltstrike.com |
150758 | MALWARE-CNC Havanacrypt.c2 traffic detected | cobaltstrike.com |
150759 | MALWARE-CNC APT34.Generic.Payload traffic detected | cobaltstrike.com |
150760 | MALWARE-CNC Temp.Sogu.Payload traffic detected | cobaltstrike.com |
150761 | MALWARE-CNC Temp.Sogu.Payload traffic detected | cobaltstrike.com |
150762 | MALWARE-CNC Weevely.c2.Payload traffic detected | cobaltstrike.com |
150763 | MALWARE-CNC Weevely.c2.Payload traffic detected | cobaltstrike.com |
150764 | MALWARE-CNC Generic.Loadinfo.Beacon traffic detected | cobaltstrike.com |
150765 | MALWARE-CNC UNC1530.Sharkpizza.Beacon traffic detected | cobaltstrike.com |
150766 | MALWARE-CNC Python.Backdoor.Beacon traffic detected | cobaltstrike.com |
150767 | MALWARE-CNC UNC4742.CRABWISE.c2 traffic detected | cobaltstrike.com |
150768 | MALWARE-CNC UNC4864.Beacon.c2 traffic detected | cobaltstrike.com |
150769 | MALWARE-CNC UNC4814.Smokeloader.c2 traffic detected | cobaltstrike.com |
150770 | MALWARE-CNC UNC4968.Splitpush.Beacon traffic detected | cobaltstrike.com |
150771 | MALWARE-CNC UNC4968.Splitpush.Beacon traffic detected | cobaltstrike.com |
150772 | MALWARE-CNC UNC4962.Darkgate.c2 traffic detected | cobaltstrike.com |
150773 | MALWARE-CNC UNC4962.Darkgate.c2 traffic detected | cobaltstrike.com |
150774 | MALWARE-CNC Generic.Hydrolock.c2 traffic detected | cobaltstrike.com |
150775 | MALWARE-CNC Generic.Hunter.c2 traffic detected | cobaltstrike.com |
150776 | FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt | CVE-2021-40444 |
150777 | FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt | CVE-2021-40444 |
150778 | FILE-OFFICE Microsoft MSHTML Remote Code Execution Vulnerability | CVE-2021-40444 |
150779 | OS-LINUX GNU C Library GLIBC_TUNABLES exploit download attempt | CVE-2023-4911 |
150780 | MALWARE-CNC EK.Spelevo.c2 traffic detected | cobaltstrike.com |
150781 | MALWARE-CNC EK.Nuclear.c2 traffic detected | cobaltstrike.com |
150782 | MALWARE-CNC EK.Sundown.c2 traffic detected | cobaltstrike.com |
62891 | OS-WINDOWS Microsoft Windows Common Log File System escalation of privilege attempt | CVE-2023-28252 |
62905 | MALWARE-CNC Win.Downloader.VettaLoader CNC outbound connection | https://yoroi.company/wp-content/uploads/2023/12/202311-Vetta-Loader_Def-min.pdf |
62906 | MALWARE-CNC Win.Trojan.VettaLoader CNC outbound connection | https://yoroi.company/wp-content/uploads/2023/12/202311-Vetta-Loader_Def-min.pdf |
62910 | FILE-OFFICE Spreadsheet ParseExcel Perl module remote code execution attempt | CVE-2023-7101 |
62911 | MALWARE-CNC Win.Trojan.Agent CNC outbound connection | No Reference |
62913 | BROWSER-CHROME Google Chrome SetPropertyWithAccessor type confusion attempt | CVE-2023-2935 |
62915 | MALWARE-OTHER Win.Trojan.Gozi variant download attempt | https://www.virustotal.com/gui/file/59efe4a482adfd9e8e7268f3c6a14bef578e07cba6ff42a8f7d59b5507530cb7 |
62917 | MALWARE-OTHER Win.Trojan.FakeCPU-Z variant download attempt | https://www.virustotal.com/gui/file/c6e79473526e0c70389c7cf6c31987ef23cd59b4012b614dcb545d085118ef80 |