Docy

IPS Threat Content Update Release Notes 23.137.18

IPS Threat Content Update Release Notes 23.137.18

Refer to the following summary of signatures deployed on September 19th, 2023 with the IPS content release:

  • Signatures added: 40
  • Signatures modified: 2
  • Signatures removed: 8

Signatures Added

SIDDescriptionReference
62339FILE-OTHER RARLabs WinRAR ZIP file code execution attemptCVE-2023-38831
62337FILE-OTHER RARLabs WinRAR ZIP file code execution attemptCVE-2023-38831
150664MALWARE-CNC QUESTDOWN.Generic.C2 traffic detectedNo Reference
150665MALWARE-CNC UNC3443.EMOTET download traffic detectedNo Reference
150666MALWARE-CNC UNC4034.Airdry.Checkin traffic detectedNo Reference
150667MALWARE-CNC APT43.GIANTDIME.Generic traffic detectedNo Reference
150660MALWARE-CNC UNC215.C2 traffic detectedNo Reference
150661MALWARE-CNC APT41.jQuery.Malleable Profile traffic detectedNo Reference
150662MALWARE-CNC UNC2589.DARKTACO traffic detectedNo Reference
150663MALWARE-CNC UNC3443.EMOTET download traffic detectedNo Reference
150668MALWARE-CNC APT43.GIANTDIME.Generic traffic detectedNo Reference
150669MALWARE-CNC APT43.GIANTDIME.Generic traffic detectedNo Reference
150680MALWARE-CNC UNC4713.FLATSHELL traffic detectedNo Reference
150681MALWARE-CNC UNC4713.FLATSHELL traffic detectedNo Reference
62370MALWARE-OTHER Unix.Trojan.Pupy variant download attemptblogs.infoblox.com/cyber-threat-intelligence
62341FILE-OTHER RARLabs WinRAR ZIP file code execution attemptCVE-2023-38831
160130FILE-PDF Adobe Acrobat out-of-bound write attemptCVE-2023-26369
62386OS-WINDOWS Microsoft Streaming Service Proxy elevation of privilege attemptCVE-2023-36802
62387OS-WINDOWS Microsoft Windows kernel elevation of privilege attemptCVE-2023-38142
150659MALWARE-CNC RADIOSTAR.VIDEOKILLER.Generic.Beacon.C2 traffic detectedNo Reference
150658MALWARE-CNC UNC4351.Generic.C2 traffic detectedNo Reference
62324MALWARE-OTHER Win.Trojan.Agent executable download attemptNo Reference
62325MALWARE-CNC Win.Dropper.PhoenixMiner dropper download attemptvirustotal.com/en
62320MALWARE-OTHER Win.Tool.SuperShell executable download attemptNo Reference
62322MALWARE-OTHER Win.Trojan.Agent executable download attemptNo Reference
150673MALWARE-CNC UNC1530.SHARKPIZZA.upload traffic detectedNo Reference
150672MALWARE-CNC UNC1530.SHARKPIZZA.Download traffic detectedNo Reference
150671MALWARE-CNC VIDAR.Generic.Beacon traffic detectedNo Reference
150670MALWARE-CNC APT43.GIANTDIME.Generic traffic detectedNo Reference
150677MALWARE-CNC ROCKDOLL.GET.Beacon traffic detectedNo Reference
150676MALWARE-CNC UNC4742.CRABCLAW.Beacon traffic detectedNo Reference
150675MALWARE-CNC UNC3922.GROUPTEXT.GET traffic detectedNo Reference
150674MALWARE-CNC Python.C2.Beacon.Generic traffic detectedNo Reference
62362MALWARE-CNC Win.Dropper.Gamaredon command and control beacon attemptwww.virustotal.com/gui
150679MALWARE-CNC UNC3443.EMOTET.Beacon traffic detectedNo Reference
62395OS-WINDOWS Microsoft Windows CLFS local privilege escalation attemptCVE-2023-38144
62390MALWARE-BACKDOOR Win.Backdoor.Graphican download attemptsymantec-enterprise-blogs.security.com/blogs/threat-intelligence
62393MALWARE-CNC Win.Backdoor.Graphican inbound C2 communicationsymantec-enterprise-blogs.security.com/blogs/threat-intelligence
62392MALWARE-BACKDOOR Win.Backdoor.Graphican download attemptsymantec-enterprise-blogs.security.com/blogs/threat-intelligence
160129FILE-PDF Adobe Acrobat out-of-bound write attemptCVE-2023-26369

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 47178
  • 40655
  • 47954
  • 45667
  • 43973
  • 47476
  • 33942
  • 160127
Share this Doc
In this topic ...