Docy

IPS Threat Content Update Release Notes 104.0.0.346

IPS Threat Content Update Release Notes 104.0.0.346

Refer to the following summary of signatures deployed on 16th May, 2023 with the IPS content release:

  • Signatures added: 46
  • Signatures modified: 01
  • Signatures removed: 11
Signatures Added
SIDDescriptionReference
150589MALWARE-CNC TRUECORE.beacon traffic detectedNo Reference
150590MALWARE-CNC SUPERSPEED.UNC1530.beacon traffic detectedNo Reference
150591MALWARE-CNC SUPERSPEED.UNC1530.C2 traffic detectedNo Reference
150592MALWARE-CNC SUPERSPEED.UNC1530.C2 traffic detectedNo Reference
150593MALWARE-CNC SUPERSPEED.UNC1530.Upload traffic detectedNo Reference
60581SERVER-WEBAPP GitLab project import command injection attemptCVE-2022-2185
61621SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attemptCVE-2022-35829
61622SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attemptCVE-2022-35829
61623SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attemptCVE-2022-35829
61624SERVER-WEBAPP Azure Service Fabric Explorer Super FabriXss cross site scripting attemptCVE-2023-23383
61627MALWARE-CNC Win.Downloader.BrokenDynamo second stage download attempt www.virustotal.com/gui/file/882d95bdbca75ab9d13486e477ab76b3978e14d6fca30c11ec368f7e5fa1d0cb/
61632SERVER-WEBAPP GitLab project import command injection attemptCVE-2022-2185
61634OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attemptCVE-2023-28206
61636OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attemptCVE-2023-28206
61638OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attemptCVE-2023-28206
61641MALWARE-TOOLS Chrome infostealer download attempt www.virustotal.com/gui/file/3f808df5af6889c2219fd4982dd49946535528237cc00530cce5c69c3e7f0e34
61643MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt www.virustotal.com/gui/file/11f21d08f819dea21a09c602a4391142a5648f3e17a07a24d41418fcc17ea83f
61645MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt www.virustotal.com/gui/file/c65c435737ac02132d9dfeb6ec1d7d903648f61ecdda8a85b4250f064cb4673f
61647MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt www.virustotal.com/gui/file/2ada1b48457c169cf3f80e248190374102615e2c89b70e574fba4ddc09b5fcd5
61649MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt www.virustotal.com/gui/file/08dd5a9fdc387855fb5a23c167abec63b22272f66de099155036c5ce7e4deeb8
61653MALWARE-BACKDOOR Win.Backdoor.Chollima file download attemptNo Reference
61655OS-MOBILE Android Andr.Trojan.Pinduoduo APK file download attemptCVE-2023-20963
61657MALWARE-OTHER Osx.Exploit.Keysteal download attemptCVE-2019-8526
61659MALWARE-OTHER Osx.Exploit.Keysteal download attemptCVE-2019-8526
61661MALWARE-OTHER Osx.Exploit.Keysteal download attemptCVE-2019-8526
61663MALWARE-OTHER Osx.Exploit.Keysteal download attemptCVE-2019-8526
61664MALWARE-CNC Osx.Nukesped.Downloader beacon attempt virustotal.com/gui/file/89b5e248c222ebf2cb3b525d3650259e01cf7d8fff5e4aa15ccd7512b1e63957/detection
61665MALWARE-CNC Osx.Nukesped.Downloader beacon attempt virustotal.com/gui/file/9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa
61669MALWARE-OTHER Win.Trojan.IcedID variant binary download attempt news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
61671MALWARE-OTHER One.Dropper.Qakbot variant binary download attempt news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
61673MALWARE-OTHER One.Dropper.IcedID variant binary download attempt news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
61675MALWARE-OTHER One.Dropper.Remcos variant binary download attempt news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
61676MALWARE-CNC MultiOS.Backdoor.Chollima beacon attempt virustotal.com/gui/file/c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02
61678SERVER-WEBAPP PaperCut MF/NG PrintScript remote code execution attemptCVE-2023-27350
61679MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection
61680MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection
61681MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection
61682MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection
61683MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection
61684MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection
61688BROWSER-CHROME Google Chrome synchronous Mojo message handler use-after-free attemptCVE-2022-4178
61706OS-WINDOWS Microsoft Windows privilege escalation attemptCVE-2023-24902
61715OS-WINDOWS Microsoft Windows kernel denial of service attemptCVE-2023-24949
61717FILE-OFFICE Microsoft Office Outlook remote code execution attemptCVE-2023-29325
61719OS-WINDOWS Microsoft Windows Scripting elevation of privilege attemptCVE-2023-29324
61723OS-WINDOWS Microsoft Windows local privilege escalation attemptCVE-2023-29336
Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 59266
  • 60590
  • 149197
  • 59208
  • 59041
  • 61084
  • 148184
  • 38841
  • 4675
  • 33910
  • 23111
Share this Doc
In this topic ...