IPS Threat Content Update Release Notes 24.104.19

IPS Threat Content Update Release Notes 24.104.19

Following is the summary of signatures deployed on January 31st, 2024 with the IPS content release:

  • Signatures Added: 41

  • Signatures Modified: 0

  • Signatures Removed: 0

Signatures Added

SIDDescriptionReference
150694MALWARE-OTHER HTML.Smuggling.Exploit traffic detectedNo Reference
150751MALWARE-CNC Scanbox.Enumerate.Programs traffic detectedcobaltstrike.com
150752MALWARE-CNC APT28.Sedkit traffic detectedcobaltstrike.com
150753MALWARE-CNC EK.Flash.Generic traffic detectedcobaltstrike.com
150754MALWARE-CNC UNC2653.Beacon.c2 traffic detectedcobaltstrike.com
150755MALWARE-CNC Temp.Armageddon.Template.Download traffic detectedcobaltstrike.com
150756MALWARE-CNC Recordstealer.c2 traffic detectedcobaltstrike.com
150757MALWARE-CNC Havanacrypt.c2 traffic detectedcobaltstrike.com
150758MALWARE-CNC Havanacrypt.c2 traffic detectedcobaltstrike.com
150759MALWARE-CNC APT34.Generic.Payload traffic detectedcobaltstrike.com
150760MALWARE-CNC Temp.Sogu.Payload traffic detectedcobaltstrike.com
150761MALWARE-CNC Temp.Sogu.Payload traffic detectedcobaltstrike.com
150762MALWARE-CNC Weevely.c2.Payload traffic detectedcobaltstrike.com
150763MALWARE-CNC Weevely.c2.Payload traffic detectedcobaltstrike.com
150764MALWARE-CNC Generic.Loadinfo.Beacon traffic detectedcobaltstrike.com
150765MALWARE-CNC UNC1530.Sharkpizza.Beacon traffic detectedcobaltstrike.com
150766MALWARE-CNC Python.Backdoor.Beacon traffic detectedcobaltstrike.com
150767MALWARE-CNC UNC4742.CRABWISE.c2 traffic detectedcobaltstrike.com
150768MALWARE-CNC UNC4864.Beacon.c2 traffic detectedcobaltstrike.com
150769MALWARE-CNC UNC4814.Smokeloader.c2 traffic detectedcobaltstrike.com
150770MALWARE-CNC UNC4968.Splitpush.Beacon traffic detectedcobaltstrike.com
150771MALWARE-CNC UNC4968.Splitpush.Beacon traffic detectedcobaltstrike.com
150772MALWARE-CNC UNC4962.Darkgate.c2 traffic detectedcobaltstrike.com
150773MALWARE-CNC UNC4962.Darkgate.c2 traffic detectedcobaltstrike.com
150774MALWARE-CNC Generic.Hydrolock.c2 traffic detectedcobaltstrike.com
150775MALWARE-CNC Generic.Hunter.c2 traffic detectedcobaltstrike.com
150776FILE-OFFICE Microsoft MSHTML ActiveX control bypass attemptCVE-2021-40444
150777FILE-OFFICE Microsoft MSHTML ActiveX control bypass attemptCVE-2021-40444
150778FILE-OFFICE Microsoft MSHTML Remote Code Execution VulnerabilityCVE-2021-40444
150779OS-LINUX GNU C Library GLIBC_TUNABLES exploit download attemptCVE-2023-4911
150780MALWARE-CNC EK.Spelevo.c2 traffic detectedcobaltstrike.com
150781MALWARE-CNC EK.Nuclear.c2 traffic detectedcobaltstrike.com
150782MALWARE-CNC EK.Sundown.c2 traffic detectedcobaltstrike.com
62891OS-WINDOWS Microsoft Windows Common Log File System escalation of privilege attemptCVE-2023-28252
62905MALWARE-CNC Win.Downloader.VettaLoader CNC outbound connectionhttps://yoroi.company/wp-content/uploads/2023/12/202311-Vetta-Loader_Def-min.pdf
62906MALWARE-CNC Win.Trojan.VettaLoader CNC outbound connectionhttps://yoroi.company/wp-content/uploads/2023/12/202311-Vetta-Loader_Def-min.pdf
62910FILE-OFFICE Spreadsheet ParseExcel Perl module remote code execution attemptCVE-2023-7101
62911MALWARE-CNC Win.Trojan.Agent CNC outbound connectionNo Reference
62913BROWSER-CHROME Google Chrome SetPropertyWithAccessor type confusion attemptCVE-2023-2935
62915MALWARE-OTHER Win.Trojan.Gozi variant download attempthttps://www.virustotal.com/gui/file/59efe4a482adfd9e8e7268f3c6a14bef578e07cba6ff42a8f7d59b5507530cb7
62917MALWARE-OTHER Win.Trojan.FakeCPU-Z variant download attempthttps://www.virustotal.com/gui/file/c6e79473526e0c70389c7cf6c31987ef23cd59b4012b614dcb545d085118ef80
Share this Doc

IPS Threat Content Update Release Notes 24.104.19

Or copy link

In this topic ...