IPS Threat Content Update Release Notes 23.137.18
IPS Threat Content Update Release Notes 23.137.18
Refer to the following summary of signatures deployed on September 19th, 2023 with the IPS content release:
- Signatures added: 40
- Signatures modified: 2
- Signatures removed: 8
Signatures Added
| SID | Description | Reference |
|---|---|---|
| 62339 | FILE-OTHER RARLabs WinRAR ZIP file code execution attempt | CVE-2023-38831 |
| 62337 | FILE-OTHER RARLabs WinRAR ZIP file code execution attempt | CVE-2023-38831 |
| 150664 | MALWARE-CNC QUESTDOWN.Generic.C2 traffic detected | No Reference |
| 150665 | MALWARE-CNC UNC3443.EMOTET download traffic detected | No Reference |
| 150666 | MALWARE-CNC UNC4034.Airdry.Checkin traffic detected | No Reference |
| 150667 | MALWARE-CNC APT43.GIANTDIME.Generic traffic detected | No Reference |
| 150660 | MALWARE-CNC UNC215.C2 traffic detected | No Reference |
| 150661 | MALWARE-CNC APT41.jQuery.Malleable Profile traffic detected | No Reference |
| 150662 | MALWARE-CNC UNC2589.DARKTACO traffic detected | No Reference |
| 150663 | MALWARE-CNC UNC3443.EMOTET download traffic detected | No Reference |
| 150668 | MALWARE-CNC APT43.GIANTDIME.Generic traffic detected | No Reference |
| 150669 | MALWARE-CNC APT43.GIANTDIME.Generic traffic detected | No Reference |
| 150680 | MALWARE-CNC UNC4713.FLATSHELL traffic detected | No Reference |
| 150681 | MALWARE-CNC UNC4713.FLATSHELL traffic detected | No Reference |
| 62370 | MALWARE-OTHER Unix.Trojan.Pupy variant download attempt | blogs.infoblox.com/cyber-threat-intelligence |
| 62341 | FILE-OTHER RARLabs WinRAR ZIP file code execution attempt | CVE-2023-38831 |
| 160130 | FILE-PDF Adobe Acrobat out-of-bound write attempt | CVE-2023-26369 |
| 62386 | OS-WINDOWS Microsoft Streaming Service Proxy elevation of privilege attempt | CVE-2023-36802 |
| 62387 | OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt | CVE-2023-38142 |
| 150659 | MALWARE-CNC RADIOSTAR.VIDEOKILLER.Generic.Beacon.C2 traffic detected | No Reference |
| 150658 | MALWARE-CNC UNC4351.Generic.C2 traffic detected | No Reference |
| 62324 | MALWARE-OTHER Win.Trojan.Agent executable download attempt | No Reference |
| 62325 | MALWARE-CNC Win.Dropper.PhoenixMiner dropper download attempt | virustotal.com/en |
| 62320 | MALWARE-OTHER Win.Tool.SuperShell executable download attempt | No Reference |
| 62322 | MALWARE-OTHER Win.Trojan.Agent executable download attempt | No Reference |
| 150673 | MALWARE-CNC UNC1530.SHARKPIZZA.upload traffic detected | No Reference |
| 150672 | MALWARE-CNC UNC1530.SHARKPIZZA.Download traffic detected | No Reference |
| 150671 | MALWARE-CNC VIDAR.Generic.Beacon traffic detected | No Reference |
| 150670 | MALWARE-CNC APT43.GIANTDIME.Generic traffic detected | No Reference |
| 150677 | MALWARE-CNC ROCKDOLL.GET.Beacon traffic detected | No Reference |
| 150676 | MALWARE-CNC UNC4742.CRABCLAW.Beacon traffic detected | No Reference |
| 150675 | MALWARE-CNC UNC3922.GROUPTEXT.GET traffic detected | No Reference |
| 150674 | MALWARE-CNC Python.C2.Beacon.Generic traffic detected | No Reference |
| 62362 | MALWARE-CNC Win.Dropper.Gamaredon command and control beacon attempt | www.virustotal.com/gui |
| 150679 | MALWARE-CNC UNC3443.EMOTET.Beacon traffic detected | No Reference |
| 62395 | OS-WINDOWS Microsoft Windows CLFS local privilege escalation attempt | CVE-2023-38144 |
| 62390 | MALWARE-BACKDOOR Win.Backdoor.Graphican download attempt | symantec-enterprise-blogs.security.com/blogs/threat-intelligence |
| 62393 | MALWARE-CNC Win.Backdoor.Graphican inbound C2 communication | symantec-enterprise-blogs.security.com/blogs/threat-intelligence |
| 62392 | MALWARE-BACKDOOR Win.Backdoor.Graphican download attempt | symantec-enterprise-blogs.security.com/blogs/threat-intelligence |
| 160129 | FILE-PDF Adobe Acrobat out-of-bound write attempt | CVE-2023-26369 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
- 47178
- 40655
- 47954
- 45667
- 43973
- 47476
- 33942
- 160127
