IPS Threat Content Update Release Notes 23.128.15
IPS Threat Content Update Release Notes 23.128.15
Refer to the following summary of signatures deployed on 17th July, 2023 with the IPS content release:
- Signatures added: 29
- Signatures modified: 3
- Signatures removed: 17
Signatures Added
| SID | Description | Reference |
|---|---|---|
| 150628 | MALWARE-CNC ECHOBOT.C2 traffic detected | No Reference |
| 150629 | MALWARE-CNC COLDPOT.Process.Enumeration detected | No Reference |
| 150630 | MALWARE-CNC COLDPOT.Systemdata.Enumeration detected | No Reference |
| 150631 | MALWARE-CNC COLDPOT.Fileactions.Enumeration detected | No Reference |
| 150632 | MALWARE-CNC COLDPOT.Systemsurvey.traffic detected | No Reference |
| 150633 | MALWARE-CNC COLDPOT.Drive.Enumeration detected | No Reference |
| 150634 | MALWARE-CNC CLUBHOUSE.Beaconing detected | No Reference |
| 150635 | MALWARE-CNC TRIPMISS.System.Enumeration detected | No Reference |
| 150636 | MALWARE-CNC LOKIBOT.C2.Traffic detected | No Reference |
| 61721 | SERVER-WEBAPP Zyxel remote support attempt | CVE:CVE-2023-28771 |
| 61783 | SERVER-WEBAPP Keysight N6854A and N6841A insecure deserialization attempt | CVE:CVE-2022-1660 |
| 61784 | SERVER-WEBAPP D-Link HNAP1 buffer overflow attempt | CVE:CVE-2022-41140 |
| 61794 | SERVER-WEBAPP Sophos Virtual Web Appliance unauthenticated command injection attempt | CVE:CVE-2023-1671 |
| 61795 | SERVER-WEBAPP Sophos Virtual Web Appliance unauthenticated command injection attempt | CVE:CVE-2023-1671 |
| 61832 | SERVER-WEBAPP Bitrix CMS HTML Editor Module arbitrary code injection attempt | CVE:CVE-2022-27228 |
| 61833 | SERVER-WEBAPP Bitrix CMS Vote Module arbitrary code injection attempt | CVE:CVE-2022-27228 |
| 61834 | SERVER-WEBAPP Bitrix CMS Vote Module PHP file injection attempt | CVE:CVE-2022-27228 |
| 61835 | SERVER-WEBAPP Bitrix CMS HTML Editor Module PHP file injection attempt | CVE:CVE-2022-27228 |
| 61936 | SERVER-WEBAPP MOVEit Transfer moveitisapi.dll server side request forgery attempt | CVE:CVE-2023-34362 |
| 61940 | SERVER-WEBAPP FortiOS SSL VPN heap overflow attempt | CVE:CVE-2023-27997 |
| 61941 | SERVER-WEBAPP FortiOS SSL VPN heap overflow attempt | CVE:CVE-2023-27997 |
| 61943 | SERVER-WEBAPP VMware vRealize Network Insight createSupportBundle command injection attempt | CVE:CVE-2023-20887 |
| 61944 | SERVER-WEBAPP VMware vRealize Network Insight restricted endpoint bypass attempt | http://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887 |
| 61945 | POLICY-OTHER Draytek Vigor device registration attempt | CVE:CVE-2023-33778 |
| 61988 | INDICATOR-COMPROMISE Win.Tool.EDRSandBlast EDR bypass download attempt | http://github.com/wavestone-cdt/edrsandblast |
| 61990 | OS-WINDOWS MSI Afterburner driver privilege escalation attempt | CVE:CVE-2019-16098 |
| 62022 | OS-WINDOWS Microsoft Windows MSHTML platform elevation of privilege attempt | CVE:CVE-2023-32046 |
| 62024 | OS-WINDOWS Microsoft Windows MSHTML platform elevation of privilege attempt | CVE:CVE-2023-32046 |
| 62035 | OS-WINDOWS Microsoft Windows privilege escalation attempt | CVE:CVE-2023-36874 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
- 18373
- 18378
- 56585
- 41581
- 20019
- 21965
- 24111
- 47167
- 52070
- 41391
- 42454
- 45010
- 44362
- 60517
- 56188
- 57154
- 51522
