IPS Threat Content Update Release Notes 23.132.18
IPS Threat Content Update Release Notes 23.132.18
Refer to the following summary of signatures deployed on August 16th, 2023 with the IPS content release:
- Signatures added: 31
- Signatures modified: 330
- Signatures removed: 8
Signatures Added
| SID | Description | Reference |
|---|---|---|
| 62145 | MALWARE-OTHER Win.Trojan.Ursnif variant download attempt | socradar.io/ursnif-malware |
| 62120 | MALWARE-BACKDOOR Php.Webshell.Generic download attempt | virustotal.com/gui |
| 150648 | FILE-OFFICE Microsoft Office Word docx subDocument file include attempt | No Reference |
| 150649 | FILE-OFFICE Microsoft Office RTF object remote code execution attempt | CVE-2023-36884 |
| 150642 | OS-LINUX Polkit pkexec privilege escalation attempt | CVE-2021-4034 |
| 150643 | OS-LINUX Polkit pkexec privilege escalation attempt | CVE-2021-4034 |
| 150640 | MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt | virustotal.com/gui |
| 150641 | MALWARE-TOOLS Win.Proxy.EarthWorm download attempt | No Reference |
| 150646 | INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt | CVE-2017-0199 |
| 150647 | FILE-OFFICE Microsoft Office Word rtf file ffdefres integer underflow attempt | CVE-2016-0053 |
| 150644 | OS-LINUX Polkit pkexec privilege escalation attempt | CVE-2021-4034 |
| 150645 | INDICATOR-COMPROMISE Microsoft Word internal object auto update attempt | CVE-2017-0199 |
| 62140 | MALWARE-CNC Win.Ransomware.Yashma variant download attempt | virustotal.com/gui |
| 62142 | MALWARE-OTHER Win.Ransomware.Yashma variant download attempt | virustotal.com/gui |
| 62143 | MALWARE-CNC Win.Ransomware.Yashma outbound connection attempt | virustotal.com/gui |
| 62147 | MALWARE-OTHER Win.Trojan.Ursnif variant download attempt | socradar.io/ursnif-malware |
| 62149 | MALWARE-OTHER Win.Trojan.Ursnif variant download attempt | socradar.io/ursnif-malware |
| 62138 | MALWARE-CNC Win.Ransomware.Yashma variant download attempt | virustotal.com/gui |
| 62136 | MALWARE-CNC Win.Ransomware.Yashma variant download attempt | virustotal.com/gui |
| 62203 | OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt | CVE-2023-35382 |
| 62209 | OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt | CVE-2023-35380 |
| 62134 | MALWARE-CNC Win.Ransomware.Yashma variant download attempt | virustotal.com/gui |
| 62132 | MALWARE-CNC Win.Ransomware.Yashma variant download attempt | virustotal.com/gui |
| 150639 | FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt | CVE-2017-16383 |
| 150638 | OS-WINDOWS Microsoft Windows search-ms protocol invocation attempt | CVE-2022-30190 |
| 62118 | MALWARE-BACKDOOR Php.Webshell.Generic download attempt | virustotal.com/gui |
| 62155 | MALWARE-OTHER Win.Trojan.Ursnif variant download attempt | socradar.io/ursnif-malware |
| 62153 | MALWARE-OTHER Win.Trojan.Ursnif variant download attempt | socradar.io/ursnif-malware |
| 62151 | MALWARE-OTHER Win.Trojan.Ursnif variant download attempt | socradar.io/ursnif-malware |
| 62211 | OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt | CVE-2023-35359 |
| 62216 | OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt | CVE-2023-35386 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
- 44912
- 42137
- 42177
- 45819
- 46840
- 61392
- 61525
- 41202
