IPS Threat Content Update Release Notes 24.107.18

IPS Threat Content Update Release Notes 24.107.18

Following is the summary of signatures deployed on February 19th, 2024 with the IPS content release:

  • Signatures added: 62

  • Signatures modified: 3

  • Signatures removed: 3

Signatures Added

SIDDescriptionReference
62931MALWARE-OTHER Win.Trojan.Fakebat variant download attemptvirustotal.com/gui/file/71eabcd065118985a02aa4aaf88360920801201f6982b64a494858e5c27e90db
62936BROWSER-IE Microsoft Internet Explorer VML shape object malformed path attemptCVE-2013-0030
62937MALWARE-CNC Win.Trojan.Agent CNC outbound connectionNo Reference
62942FILE-OTHER Microsoft Windows SmartScreen security bypass attemptCVE-2023-36025
62944INDICATOR-COMPROMISE Microsoft Windows SmartScreen security bypass attemptCVE-2023-36025
62967FILE-OFFICE Microsoft Office Excel SxView heap overflow attemptCVE-2010-0821
62972FILE-OFFICE ClamAV OLE2 file parsing denial of service attemptCVE-2024-20290
62983MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attemptwww.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9
62984MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attemptwww.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9
62985MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attemptwww.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9
62986MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attemptwww.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9
62987MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attemptwww.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9
62989MALWARE-OTHER Win.Ransomware.GhostLocker variant download attemptwww.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9
62991BROWSER-CHROME Google Chrome FileReader use after free attemptCVE-2019-5786
62993OS-WINDOWS Microsoft Windows Win32k elevation of privilege attemptCVE-2024-21346
62994FILE-OFFICE Microsoft Word remote code execution attemptCVE-2024-21379
62996MALWARE-CNC Win.Trojan.TinyTurla variant outbound connectionwww.virustotal.com/gui/file/267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b
62997MALWARE-CNC Win.Trojan.TinyTurla variant outbound connectionwww.virustotal.com/gui/file/267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b
62998OS-WINDOWS Microsoft Windows kernel elevation of privilege attemptCVE-2024-21371
63001OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attemptCVE-2024-21338
63005OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attemptCVE-2024-21345
150783MALWARE-CNC EK.Ironstrom.Beacon traffic detectedNo Reference
150784MALWARE-CNC Sardonic.c2 traffic detectedNo Reference
150785MALWARE-CNC Armageddon.ArmedCloud.c2 traffic detectedNo Reference
150786MALWARE-CNC EK.Hermit.Manuscrypt Beacon traffic detectedNo Reference
150787MALWARE-CNC Temp.Armageddon.Badborsch.Exfil traffic detectedNo Reference
150788MALWARE-CNC EK.APT42.Powerpost.Beacon traffic detectedNo Reference
150789MALWARE-CNC EK.Generic.Beacon traffic detectedCVE-2022-30190
150790MALWARE-CNC EK.Boomic.c2 traffic detectedNo Reference
150791MALWARE-CNC Generic.Loadout.Post traffic detectedNo Reference
150792MALWARE-CNC Generic.Powerplant.Init traffic detectedNo Reference
150793MALWARE-CNC Generic.Redlinestealer.Beacon traffic detectedNo Reference
150794MALWARE-CNC Generic.Axeterror.Beacon traffic detectedNo Reference
150795MALWARE-CNC Generic.Roguerooster.c2 traffic detectedNo Reference
150796MALWARE-CNC Generic.Birdpen.c2 traffic detectedNo Reference
150797MALWARE-CNC Generic.Nutwaffle.c2 traffic detectedNo Reference
150798MALWARE-CNC Generic.Darkside.Bits traffic detectedNo Reference
150799MALWARE-CNC Generic.Purplefox.c2 traffic detectedNo Reference
150800MALWARE-CNC Generic.Sliver.c2 traffic detectedNo Reference
150801MALWARE-CNC Generic.Nanocore.c2 traffic detectedNo Reference
150802MALWARE-CNC Generic.Hawakeye.c2 traffic detectedNo Reference
150803MALWARE-CNC Generic.Fullhouse.Tunneling traffic detectedNo Reference
150804MALWARE-CNC Generic.Formbook.c2 traffic detectedNo Reference
150805MALWARE-CNC Generic.VBSBackdoor.check-in traffic detectedNo Reference
150806MALWARE-CNC Generic.Glubteba.c2 traffic detectedNo Reference
150807MALWARE-CNC Generic.Ftcode.Guid traffic detectedNo Reference
150808MALWARE-CNC Generic.Grimagent.c2 traffic detectedNo Reference
150809MALWARE-CNC Generic.Emotet.Exfil traffic detectedNo Reference
150810MALWARE-OTHER Win.Trojan.GravityRat variant malware download attemptvirustotal.com/gui/file/caf0a39318cfc1e65eae773a28de62ce08b7cf1b9d4264e843576165411e2a84
152003OS-WINDOWS Microsoft Windows Theme code execution attemptCVE-2023-38146
160141FILE-PDF Adobe Acrobat Out-of-Bounds write attemptCVE-2024-20726
160142FILE-PDF Adobe Acrobat Out-of-Bounds write attemptCVE-2024-20727
160143FILE-PDF Adobe Acrobat Out-of-Bounds write attemptCVE-2024-20728
160144FILE-PDF Adobe Acrobat Use-After-Free attemptCVE-2024-20729
160145FILE-PDF Adobe Acrobat Buffer Overflow attemptCVE-2024-20730
160146FILE-PDF Adobe Acrobat Buffer overflow attemptCVE-2024-20733
160147FILE-PDF Adobe PDF use after free attemptCVE-2024-20734
160148FILE-PDF Adobe PDF out-of-bounds read attemptCVE-2024-20735
160149FILE-PDF Adobe PDF out-of-bounds read attemptCVE-2024-20736
160150FILE-PDF Adobe PDF out-of-bounds read attemptCVE-2024-20747
160151FILE-PDF Adobe PDF out-of-bounds read attemptCVE-2024-20748
160152FILE-PDF Adobe PDF out-of-bounds read attemptCVE-2024-20749

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 18347

  • 18374

  • 43461

Share this Doc

IPS Threat Content Update Release Notes 24.107.18

Or copy link

In this topic ...