IPS Threat Content Update Release Notes 24.107.18
IPS Threat Content Update Release Notes 24.107.18
Following is the summary of signatures deployed on February 19th, 2024 with the IPS content release:
-
Signatures added: 62
-
Signatures modified: 3
-
Signatures removed: 3
Signatures Added
SID | Description | Reference |
---|---|---|
62931 | MALWARE-OTHER Win.Trojan.Fakebat variant download attempt | virustotal.com/gui/file/71eabcd065118985a02aa4aaf88360920801201f6982b64a494858e5c27e90db |
62936 | BROWSER-IE Microsoft Internet Explorer VML shape object malformed path attempt | CVE-2013-0030 |
62937 | MALWARE-CNC Win.Trojan.Agent CNC outbound connection | No Reference |
62942 | FILE-OTHER Microsoft Windows SmartScreen security bypass attempt | CVE-2023-36025 |
62944 | INDICATOR-COMPROMISE Microsoft Windows SmartScreen security bypass attempt | CVE-2023-36025 |
62967 | FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt | CVE-2010-0821 |
62972 | FILE-OFFICE ClamAV OLE2 file parsing denial of service attempt | CVE-2024-20290 |
62983 | MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt | www.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 |
62984 | MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt | www.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 |
62985 | MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt | www.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 |
62986 | MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt | www.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 |
62987 | MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt | www.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 |
62989 | MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt | www.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 |
62991 | BROWSER-CHROME Google Chrome FileReader use after free attempt | CVE-2019-5786 |
62993 | OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt | CVE-2024-21346 |
62994 | FILE-OFFICE Microsoft Word remote code execution attempt | CVE-2024-21379 |
62996 | MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection | www.virustotal.com/gui/file/267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b |
62997 | MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection | www.virustotal.com/gui/file/267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b |
62998 | OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt | CVE-2024-21371 |
63001 | OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt | CVE-2024-21338 |
63005 | OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt | CVE-2024-21345 |
150783 | MALWARE-CNC EK.Ironstrom.Beacon traffic detected | No Reference |
150784 | MALWARE-CNC Sardonic.c2 traffic detected | No Reference |
150785 | MALWARE-CNC Armageddon.ArmedCloud.c2 traffic detected | No Reference |
150786 | MALWARE-CNC EK.Hermit.Manuscrypt Beacon traffic detected | No Reference |
150787 | MALWARE-CNC Temp.Armageddon.Badborsch.Exfil traffic detected | No Reference |
150788 | MALWARE-CNC EK.APT42.Powerpost.Beacon traffic detected | No Reference |
150789 | MALWARE-CNC EK.Generic.Beacon traffic detected | CVE-2022-30190 |
150790 | MALWARE-CNC EK.Boomic.c2 traffic detected | No Reference |
150791 | MALWARE-CNC Generic.Loadout.Post traffic detected | No Reference |
150792 | MALWARE-CNC Generic.Powerplant.Init traffic detected | No Reference |
150793 | MALWARE-CNC Generic.Redlinestealer.Beacon traffic detected | No Reference |
150794 | MALWARE-CNC Generic.Axeterror.Beacon traffic detected | No Reference |
150795 | MALWARE-CNC Generic.Roguerooster.c2 traffic detected | No Reference |
150796 | MALWARE-CNC Generic.Birdpen.c2 traffic detected | No Reference |
150797 | MALWARE-CNC Generic.Nutwaffle.c2 traffic detected | No Reference |
150798 | MALWARE-CNC Generic.Darkside.Bits traffic detected | No Reference |
150799 | MALWARE-CNC Generic.Purplefox.c2 traffic detected | No Reference |
150800 | MALWARE-CNC Generic.Sliver.c2 traffic detected | No Reference |
150801 | MALWARE-CNC Generic.Nanocore.c2 traffic detected | No Reference |
150802 | MALWARE-CNC Generic.Hawakeye.c2 traffic detected | No Reference |
150803 | MALWARE-CNC Generic.Fullhouse.Tunneling traffic detected | No Reference |
150804 | MALWARE-CNC Generic.Formbook.c2 traffic detected | No Reference |
150805 | MALWARE-CNC Generic.VBSBackdoor.check-in traffic detected | No Reference |
150806 | MALWARE-CNC Generic.Glubteba.c2 traffic detected | No Reference |
150807 | MALWARE-CNC Generic.Ftcode.Guid traffic detected | No Reference |
150808 | MALWARE-CNC Generic.Grimagent.c2 traffic detected | No Reference |
150809 | MALWARE-CNC Generic.Emotet.Exfil traffic detected | No Reference |
150810 | MALWARE-OTHER Win.Trojan.GravityRat variant malware download attempt | virustotal.com/gui/file/caf0a39318cfc1e65eae773a28de62ce08b7cf1b9d4264e843576165411e2a84 |
152003 | OS-WINDOWS Microsoft Windows Theme code execution attempt | CVE-2023-38146 |
160141 | FILE-PDF Adobe Acrobat Out-of-Bounds write attempt | CVE-2024-20726 |
160142 | FILE-PDF Adobe Acrobat Out-of-Bounds write attempt | CVE-2024-20727 |
160143 | FILE-PDF Adobe Acrobat Out-of-Bounds write attempt | CVE-2024-20728 |
160144 | FILE-PDF Adobe Acrobat Use-After-Free attempt | CVE-2024-20729 |
160145 | FILE-PDF Adobe Acrobat Buffer Overflow attempt | CVE-2024-20730 |
160146 | FILE-PDF Adobe Acrobat Buffer overflow attempt | CVE-2024-20733 |
160147 | FILE-PDF Adobe PDF use after free attempt | CVE-2024-20734 |
160148 | FILE-PDF Adobe PDF out-of-bounds read attempt | CVE-2024-20735 |
160149 | FILE-PDF Adobe PDF out-of-bounds read attempt | CVE-2024-20736 |
160150 | FILE-PDF Adobe PDF out-of-bounds read attempt | CVE-2024-20747 |
160151 | FILE-PDF Adobe PDF out-of-bounds read attempt | CVE-2024-20748 |
160152 | FILE-PDF Adobe PDF out-of-bounds read attempt | CVE-2024-20749 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
-
18347
-
18374
-
43461