IPS Threat Content Update Release Notes 23.124.205
IPS Threat Content Update Release Notes 23.124.205
Refer to the following summary of signatures deployed on 19th June, 2023 with the IPS content release:
- Signatures added: 43
- Signatures modified: 0
- Signatures removed: 1321
Signatures Added
| SID | Description | Reference |
|---|---|---|
| 61811 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/3b2744e90fed4986b85795331edf6c3448896aa5c65f31f811783a9cb3fba96f/analysis |
| 61815 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/3b2744e90fed4986b85795331edf6c3448896aa5c65f31f811783a9cb3fba96f/analysis |
| 140878 | MALWARE-CNC Metastealer communication channel identified | No Reference |
| 61909 | OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt | CVE-2023-29358 |
| 61908 | OS-WINDOWS Microsoft Windows Cloud Files Mini Filter driver elevation of privilege attempt | CVE-2023-29361 |
| 61852 | MALWARE-CNC Win.Downloader.Horabot malicious file download attempt | No Reference |
| 61850 | MALWARE-CNC Win.Downloader.Horabot malicious file download attempt | No Reference |
| 61809 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/3b2744e90fed4986b85795331edf6c3448896aa5c65f31f811783a9cb3fba96f/analysis |
| 61805 | BROWSER-CHROME Google Chrome PerformLayout use after free attempt | CVE-2022-3654 |
| 61807 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/3b2744e90fed4986b85795331edf6c3448896aa5c65f31f811783a9cb3fba96f/analysis |
| 61803 | FILE-OTHER Microsoft Visual Studio Code Markdown Preview Enhanced extension command injection attempt | CVE-2022-45025 |
| 61884 | MALWARE-TOOLS Win.Proxy.EarthWorm download attempt | No Reference |
| 61860 | MALWARE-OTHER Win.Trojan.Cerbu file download | No Reference |
| 61882 | INDICATOR-COMPROMISE Veeam Backup Server credential stealer script download attempt | www.veeam.com/kb4349 |
| 61842 | MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt | No Reference |
| 61844 | MALWARE-OTHER Html.Downloader.Horabot trojan phishing attempt | No Reference |
| 61846 | MALWARE-CNC Win.Trojan.Horabot malicious file download attempt | No Reference |
| 61848 | MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt | No Reference |
| 61793 | OS-LINUX Red Hat polkit privilege escalation attempt | CVE-2021-3560 |
| 61827 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/53114a905b5b683bf19e39f54594dd7b01aca6f9db61e1622f3740c8ad1d5668/analysis |
| 61823 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/3b2744e90fed4986b85795331edf6c3448896aa5c65f31f811783a9cb3fba96f/analysis |
| 61912 | OS-WINDOWS Microsoft Windows User-mode Printer Driver privilege escalation attempt | CVE-2023-29371 |
| 61935 | MALWARE-OTHER Win.Exploit.CVE_2023_28310 download attempt | CVE-2023-28310 |
| 61821 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/783c7880798590218e39b5a0a594dc49f5700e7dbc8e4860f45d094f7dfdf897/analysis |
| 61829 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/4ebd0d8be840fb988eaf5fc6564e04374cba3fae52718e9f6defe472466e9099/analysis |
| 61831 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/277fb564eaf66291a48f8119bf80ff2461837efe05b10ccc9f20ef8510078dfc/analysis |
| 61839 | MALWARE-CNC Win.Trojan.Horabot data exfiltration attempt | No Reference |
| 61880 | MALWARE-CNC Win.Trojan.RedLine inbound command and control attempt | www.virustotal.com/gui/file/0795128a43b086cdc6b8a4036b318a5ba32762cc387a86b42e7211e6d3e164ad |
| 61819 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/783c7880798590218e39b5a0a594dc49f5700e7dbc8e4860f45d094f7dfdf897/analysis |
| 61879 | MALWARE-BACKDOOR Asp.Backdoor.MoveITShell download attempt | No Reference |
| 61871 | INDICATOR-SHELLCODE Windows Donut x64 loader download attempt | github.com/thewover/donut |
| 61873 | INDICATOR-SHELLCODE Windows Donut x86 loader download attempt | github.com/thewover/donut |
| 61877 | MALWARE-BACKDOOR Asp.Backdoor.MoveITShell connection attempt | No Reference |
| 61876 | MALWARE-BACKDOOR Asp.Backdoor.MoveITShell connection attempt | No Reference |
| 61813 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/3b2744e90fed4986b85795331edf6c3448896aa5c65f31f811783a9cb3fba96f/analysis |
| 61817 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/7278e6c8ef06fcfff3951aed692849833fe70c451a57e6aa97398ad5ca9ad343/analysis |
| 61856 | MALWARE-CNC Ps1.Trojan.Horabot malicious file download attempt | No Reference |
| 61854 | MALWARE-CNC Win.Downloader.Horabot malicious file download attempt | No Reference |
| 61858 | MALWARE-OTHER Ps1.Downloader.Horabot malicious file download attempt | No Reference |
| 61825 | MALWARE-OTHER Revoked.CRT.HookSignTool maliciously signed driver download | virustotal.com/en/file/783c7880798590218e39b5a0a594dc49f5700e7dbc8e4860f45d094f7dfdf897/analysis |
| 61890 | MALWARE-TOOLS Win.Loader.Meterpreter download attempt | virustotal.com/gui/file/41e5181b9553bbe33d91ee204fe1d2ca321ac123f9147bb475c0ed32f9488597 |
Signatures Removed
Removed the following signatures as they were more than eight years old:
| SIDS |
|---|
| 272, 495, 2100, 2375, 2707, 3192, 3683, 4132, 4133, 4134, 4147, 4150, 4153, 4156, 4160, 4167, 4171, 4174, 4175, 4178, 4179, 4181, 4182, 4183, 4184, 4185, 4187, 4188, 4189, 4192, 4198, 4199, 4200, 4201, 4202, 4203, 4204, 4205, 4206, 4207, 4208, 4209, 4210, 4211, 4212, 4213, 4214, 4215, 4216, 4217, 4218, 4219, 4220, 4221, 4222, 4223, 4224, 4225, 4226, 4227, 4228, 4229, 4230, 4231, 4232, 4233, 4234, 4235, 4236, 4647, 4916, 4982, 5713, 5772, 5814, 5816, 5819, 5821, 5823, 5958, 6002, 6003, 6004, 6005, |
| 6006, 6007, 6008, 6024, 6046, 6057, 6066, 6088, 6090, 6092, 6094, 6096, 6107, 6113, 6146, 6148, 6161, 6165, 6176, 6177, 6178, 6286, 6298, 6299, 6303, 6311, 6313, 6315, 6317, 6399, 6476, 6516, 6517, 7017, 7072, 7086, 7088, 7090, 7112, 7115, 7180, 7422, 7423, 7424, 7538, 7542, 7603, 7605, 7607, 7609, 7616, 7619, 7629, 7630, 7632, 7634, 7636, 7643, 7677, 7697, 7716, 7717, 7719, 7723, 7727, 7729, 7735, 7741, 7752, 7755, 7758, 7759, 7769, 7778, 7783, 7796, 7810, 7814, 7821, 7835, 7874, 7934, 7948, 7954, |
| 7970, 7976, 7989, 7991, 7993, 7995, 7997, 7999, 8001, 8003, 8005, 8007,8009, 8011, 8013, 8015, 8017, 8019, 8021, 8023, 8025, 8027, 8029, 8031, 8033, 8035, 8037, 8039, 8041, 8043, 8045, 8047, 8049, 8051, 8064, 8069, 8362, 8413, 8725, 9341, 9641, 9642, 9643, 9655, 9838, 9839, 9847, 10162, 11228, 13248, 13507, 13509, 13655, 14656, 16358, 16568, 18264, 20729, 23798, 25278, 25279, 25280, 25281, 27966, 27967, 27968, 29409, 29615, 29616, 29655, 29667, 29669, 29672, 29676, 29678, 29706, 29708, 29709, |
| 29711, 29716, 29717, 29721, 29724, 29726, 29727, 29728, 29731, 29733, 29735, 29737, 29741, 29743, 29760, 29835, 29902, 29904, 29928, 30079, 30080, 30106, 30108, 30110, 30111, 30116, 30118, 30120, 30122, 30123, 30125, 30127, 30129, 30131, 30140, 30142, 30144, 30499, 30501, 30536, 30794, 30847, 30876, 30892, 30948, 30956, 30961, 30962, 31008, 31011, 31015, 31017, 31021, 31023, 31188, 31190, 31196, 31198, 31202, 31204, 31206, 31215, 31219, 31284, 31351, 31353, 31380, 31382, 31384, 31388, |
| 31403, 31520, 31612, 31619, 31621, 31625, 31627, 31629, 31634, 31672, 31723, 31726, 31772, 31782, 31784, 31786, 31788, 31790, 31792, 31794, 31799, 31801, 31809, 31839, 31847, 31986, 32021, 32024, 32045, 32046, 32047, 32077, 32138, 32139, 32147, 32149, 32151, 32153, 32155, 32159, 32161, 32166, 32168, 32170, 32182, 32184, 32186, 32190, 32228, 32238, 32305, 32307, 32313, 32317, 32362, 32364, 32424, 32426, 32430, 32432, 32433, 32438, 32441, 32442, 32460, 32470, 32471, 32474, 32495, 32497, |
| 32534, 32540, 32544, 32552, 32560, 32567, 32574, 32592, 32629, 32679, 32683, 32685, 32687, 32689, 32703, 32707, 32711, 32714, 32716, 32718, 32720, 32722, 32724, 32750, 32764, 32783, 32793, 32815, 32819, 32834, 32835, 33051, 33077, 33085, 33091, 33093, 33115, 33157, 33191, 33192, 33195, 33203, 33263, 33264, 33265, 33272, 33289, 33290, 33312, 33314, 33315, 33317, 33323, 33324, 33331, 33333, 33335, 33340, 33345, 33347, 33348, 33350, 33353, 33356, 33359, 33361, 33362, 33365, 33369, 33371, |
| 33373, 33375, 33377, 33379, 33381, 33383, 33385, 33387, 33389, 33391, 33393, 33395, 33397, 33399, 33401, 33403, 33405, 33407, 33409, 33412, 33415, 33417, 33419, 33421, 33422, 33425, 33459, 33465, 33469, 33473, 33485, 33498, 33503, 33505, 33509, 33539, 33631, 33705, 33707, 33709, 33711, 33715, 33718, 33722, 33724, 33726, 33730, 33736, 33738, 33741, 33743, 33763, 33775, 33899, 33919, 33923, 33967, 33977, 33998, 34020, 34059, 34062, 34066, 34070, 34072, 34074, 34076, 34084, 34086, 34089, 34093, 34133, 34153, 34156, 34164, 34166, 34172, 34186, 34191, 34195, |
| 34196, 34197, 34198, 34199, 34200, 34201, 34202, 34203, 34240, 34247, 34255, 34256, 34264, 34265, 34268, 34270, 34272, 34276, 34302, 34355, 34371, 34381, 34383, 34385, 34387, 34389, 34400, 34401, 34403, 34409, 34411, 34415, 34419, 34420, 34422, 34424, 34428, 34430, 34432, 34437, 34440, 34444, 34466, 34473, 34502, 34510, 34511, 34514, 34516, 34520, 34524, 34526, 34538, 34542, 34546, 34548, 34550, 34553, 34557, 34559, 34561, 34582, 34589, 34590, 34592, 34650, 34652, 34721, 34723, 34725, |
| 34727, 34729, 34731, 34733, 34735, 34737, 34739, 34743, 34745, 34747, 34750, 34753, 34755, 34757, 34759, 34763, 34765, 34767, 34778, 34790, 34794, 34803, 34807, 34816, 34819, 34845, 34847, 34848, 34853, 34873, 34988, 35018, 35020, 35051, 35052, 35070, 35071, 35072, 35114, 35119, 35121, 35123, 35125, 35137, 35139, 35141, 35145, 35152, 35154, 35156, 35158, 35164, 35172, 35176, 35178, 35182, 35184, 35190, 35196, 35199, 35201, 35203, 35205, 35209, 35210, 35213, 35217, 35223, 35228, 35231, |
| 35235, 35239, 35240, 35267, 35271, 35275, 35292, 35296, 35304, 35308, 35319, 35321, 35323, 35325, 35362, 35364, 35380, 35382, 35408, 35410, 35430, 35453, 35463, 35467, 35468, 35469, 35473, 35475, 35481, 35483, 35485, 35489, 35491, 35493, 35495, 35497, 35499, 35501, 35503, 35505, 35509, 35511, 35515, 35517, 35519, 35521, 35523, 35536, 35571, 35576, 35578, 35582, 35584, 35589, 35599, 35605, 35607, 35618, 35632, 35642, 35648, 35651, 35656, 35658, 35662, 35666, 35671, 35693, 35695, 35715, |
| 35717, 35719, 35725, 35741, 35748, 35751, 35753, 35759, 35767, 35779, 35809, 35811, 35813, 35820, 35822, 35836, 35946, 35948, 35949, 35955, 35956, 35961, 35963, 35965, 35970, 35975, 35984, 35990, 35992, 35996, 36000, 36002, 36004, 36006, 36008, 36014, 36018, 36026, 36054, 36069, 36109, 36113, 36124, 36125, 36143, 36147, 36154, 36155, 36160, 36161, 36162, 36163, 36189, 36193, 36203, 36229, 36235, 36237, 36240, 36244, 36257, 36263, 36287, 36289, 36295, 36297, 36299, 36311, 36315, 36318, |
| 36321, 36341, 36347, 36351, 36352, 36367, 36371, 36398, 36401, 36421, 36423, 36427, 36429, 36437, 36439, 36441, 36443, 36450, 36507, 36512, 36549, 36551, 36574, 36582, 36586, 36590, 36597, 36605, 36671, 36673, 36675, 36679, 36681, 36683, 36685, 36687, 36689, 36691, 36693, 36695, 36697, 36699, 36701, 36703, 36705, 36707, 36709, 36712, 36714, 36716, 36720, 36722, 36737, 36738, 36740, 36742, 36746, 36751, 36761, 36827, 36836, 36838, 36842, 36844, 36848, 36850, 36852, 36861, 36873, 36875, |
| 36878, 36880, 36896, 36897, 36917, 36920, 36924, 36926, 36928, 36931, 36932, 36934, 36936, 36938, 36940, 36942, 36944, 36946, 36948, 36950, 36952, 36956, 36958, 36960, 36962, 36964, 36966, 36970, 36974, 36976, 36980, 36982, 36984, 36986, 36988, 36989, 36994, 36996, 36997, 36999, 37000, 37003, 37009, 37069, 37073, 37079, 37083, 37088, 37093, 37103, 37107, 37111, 37112, 37115, 37122, 37125, 37142, 37149, 37150, 37156, 37162, 37165, 37173, 37175, 37177, 37181, 37187, 37189, 37191, 37193, |
| 37199, 37201, 37203, 37209, 37217, 37220, 37223, 37229, 37231, 37234, 37236, 37240, 37245, 37254, 37344, 37350, 37352, 37409, 37441, 37453, 37626, 37629, 37631, 37633, 37644, 37668, 37684, 37700, 37702, 37704, 37706, 37708, 37709, 37722, 37726, 37806, 37824, 37925, 37926, 37927, 37937, 38102, 38209, 38217, 38311, 38576, 38580, 38623, 38778, 39294, 39438, 39439, 39526, 39528, 39530, 39560, 39710, 39788, 39798, 40009, |
| 40620, 40621, 40622, 40623, 40624, 40632, 40633, 40653, 40727, 40731, 40818, 41045, 41318, 41332, 41411, 41418, 41472, 41473, 41474, 41485, 41587, 41599, 41635, 41644, 41705, 41708, 41740, 41792, 41911, 42032, 42036, 42198, 42416, 42749, 42834, 42835, 42836, 42837, 42863, 43453, 43454, 43802, 43803, 43853, 43886, 44173, 44174, 44182, 44356, 44363, 44364, 44702, 45062, 45064, 45309, 45500, 45613, 45615, 46135, 46406, 46630, 47005, 47006, 47241, 47242, 47461, 48025, 48063, 48378, 48497, |
| 48498, 48823, 48824, 49048, 49091, 49092, 49312, 49324, 49361, 49374, 49583, 49585, 49805, 49900, 49902, 49917, 49941, 49950, 50121, 50171, 50276, 50277, 50278, 50387, 50388, 50389, 50520, 50521, 50800, 50947, 50948, 50950, 50951, 50952, 50953, 50954, 50955, 51025, 51081, 51163, 51309, 51368, 51857, 51858, 51860, 51864, 51865, 51943, 52079, 52100, 52288, 52517, 52661, 53142, 53400, 53401, 53631, 54279, 54280, 54281, 55802, 56223, 56290, 56391, 56406, 56407, 56574, 56768, 57235, 57236, |
| 57237, 57238, 57239, 57240, 57279, 57280, 57281, 57311, 57312, 57313, 57342, 57499, 57817, 57819, 57825, 57826, 57827, 57874, 57922, 57923, 57925, 57926, 57927, 57928, 57929, 57930, 57942, 57943, 57944, 57945, 57946, 57947, 57955, 57956, 57957, 57958, 57959, 57960, 57961, 57962, 57992, 57993, 57994, 57995, 57996, 58050, 58051, 58089, 58090, 58096, 58139, 58142, 58145, 58148, 58149, 58151, 58162, 58163, 58165, 58168, 58176, 58177, 58179, 58181, 58228, 58244, 58297, 58347, 58348, 58349, |
| 58350, 58351, 58435, 58436, 58438, 58453, 58492, 58493, 58700, 58711, 58912, 58916, 58917, 58918, 58921, 58922, 58923, 58924, 59019, 59022, 59025, 59035, 59038, 59039, 59040, 59042, 59045, 59049, 59051, 59054, 59057, 59091, 59094, 59219, 59259, 59263, 59264, 59265, 59347, 59349, 59350, 59351, 59354, 59396, 59398, 59400, 60283, 60284, 60285, 60297, 60298, 60299, 60300, 60337, 60339, 60400, 60401, 60451, 60452, 60469, 60494, 60496, 60497, 60582, 60584, 60585, 60586, 60588, 60637, 60638, |
| 60639, 60640, 60641, 60666, 60669, 60825, 61047, 61072, 61085, 61157, 61158, 61159, 149183, 149187, 149189, 149190, 149191, 149192, 149193, 149194, 149195, 149196, 149198, 149199, 149200 |
