IPS Threat Content Update Release Notes

IPS Threat Content Update Release Notes

Refer to the following summary of signatures deployed on 30th May, 2023 with the IPS content release:

  • Signatures added: 54
  • Signatures modified: 03
  • Signatures removed: 30
Signatures Added
150594MALWARE-CNC AGENTTESLA.Telegram.Trojan traffic detectedNo Reference
150595MALWARE-CNC MOUNTSTEEL.fileExfiltration.Trojan traffic detectedNo Reference
150596MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150597MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150598MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150599MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150600MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150601MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150602MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150603MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150604MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150605MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150606MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150607MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detectedNo Reference
150608MALWARE-CNC MAJIKPOS.Beacon traffic detectedNo Reference
150609MALWARE-CNC BIGRAISIN.HTTP.POST.C2 traffic detectedNo Reference
150610MALWARE-CNC HANGMAN.Beacon traffic detectedNo Reference
150616MALWARE-CNC Snake.Generic.Trojan traffic detectedNo Reference
150617MALWARE-CNC Sliver.C2.Session Start traffic detectedNo Reference
150618MALWARE-CNC Sliver.C2.Session Message traffic detectedNo Reference
150619MALWARE-CNC Sliver.C2.Poll traffic detectedNo Reference
150620MALWARE-CNC Sliver.C2.File traffic detectedNo Reference
151001MALWARE-CNC LATEOP.Upload of Certutil detectedNo Reference
151002MALWARE-CNC PENCILDOWN.Check-in attempt detectedNo Reference
151003MALWARE-CNC QUIBBLEDOWN.C2 traffic detectedNo Reference
61689MALWARE-CNC Win.Ransomware.CryptoLocker variant outbound
61692POLICY-OTHER MinIO REST API information disclosure attemptCVE:CVE-2023-28432
61702POLICY-OTHER Industrial Control Links ScadaFlex II arbitrary file delete attemptCVE:CVE-2022-25359
61703POLICY-OTHER Industrial Control Links ScadaFlex II arbitrary file write attemptCVE:CVE-2022-25359
61708MALWARE-OTHER Win.Trojan.Greatness outbound communication attemptNo Reference
61713SERVER-WEBAPP WordPress Comment Content Filter cross-site request forgery attemptCVE:CVE-2019-9787
61724POLICY-OTHER Cisco SD-WAN vManage cluster mode accessCVE:CVE-2023-20113
61725POLICY-OTHER Cisco SD-WAN vManage cluster mode accessCVE:CVE-2023-20113
61726POLICY-OTHER Cisco SD-WAN vManage cluster mode accessCVE:CVE-2023-20113
61727POLICY-OTHER Cisco SD-WAN vManage cluster mode acessCVE:CVE-2023-20113
61728POLICY-OTHER Cisco SD-WAN vManage cluster mode accessCVE:CVE-2023-20113
61729POLICY-OTHER Cisco SD-WAN vManage cluster mode accessCVE:CVE-2023-20113
61731FILE-IMAGE ImageMagick tEXt profile arbitrary file read attemptCVE:CVE-2022-44268
61733MALWARE-OTHER Ps1.Downloader.Agent download
61735FILE-IMAGE ImageMagick tEXt profile denial of service attemptCVE:CVE-2022-44267
61737MALWARE-OTHER Andr.Trojan.AridViper binary download
61739MALWARE-OTHER Andr.Trojan.AridViper binary download
61741MALWARE-OTHER Andr.Trojan.AridViper binary download
61743MALWARE-OTHER Andr.Trojan.AridViper binary download
61745MALWARE-OTHER Andr.Trojan.AridViper binary download
61747MALWARE-OTHER Andr.Trojan.AridViper webshell download
61749MALWARE-OTHER Andr.Trojan.AridViper binary download
61751MALWARE-OTHER Andr.Trojan.AridViper binary download
61753MALWARE-OTHER Andr.Trojan.AridViper binary download
61755MALWARE-OTHER Andr.Trojan.AridViper binary download
61757MALWARE-OTHER Andr.Trojan.AridViper binary download
61759MALWARE-OTHER Andr.Trojan.AridViper binary download
61762MALWARE-CNC Win.Ransomware.Babuk encrypted file exfiltration
61764MALWARE-OTHER Win.Ransomware.Babuk variant transfer
Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 8397
  • 7980
  • 43223
  • 1439
  • 13864
  • 38053
  • 38027
  • 40370
  • 49149
  • 17131
  • 35969
  • 41385
  • 44349
  • 27242
  • 41140
  • 47519
  • 38954
  • 45011
  • 45005
  • 44793
  • 44940
  • 19081
  • 28323
  • 52845
  • 140878
  • 53031
  • 35434
  • 59521
  • 46415
  • 140337
Share this Doc
In this topic ...