IPS Threat Content Update Release Notes 23.143.1

IPS Threat Content Update Release Notes 23.143.1

Following is the summary of signatures deployed on October 30th, 2023 with the IPS content release:

  • Signatures Added : 17

  • Signatures Modified : 88

  • Signatures Removed : 3

Signatures Added

150688MALWARE-CNC UNC2975.Paperdrop.Get traffic detectedNo Reference
150686MALWARE-CNC UNC4962.Darkgate.C2.Communication traffic detectedNo Reference
150687MALWARE-CNC UNC4915.Cabdriver.Get traffic detectedNo Reference
150683MALWARE-CNC APT37.Karae.C2.Beacon traffic detectedNo Reference
62495BROWSER-WEBKIT Apple WebKit type confusion attemptCVE-2023-32439
62479FILE-IMAGE Multiple products libwebp remote code execution attemptCVE-2023-41064
62558MALWARE-OTHER Win.Trojan.Ryuk malicious download attemptNo Reference
62556MALWARE-OTHER Win.Trojan.Ryuk malicious download
62514MALWARE-CNC MultiOS.Downloader.Supershell outbound
62568MALWARE-OTHER Win.Trojan.Gamaredon variant download
150685MALWARE-OTHER HTML.Smuggling.Exploit traffic detectedNo Reference
150682MALWARE-CNC APT41.jQuery.Malleable Profile traffic detectedNo Reference
62566FILE-PDF Adobe Acrobat use after free attemptCVE-2023-21608
62564MALWARE-OTHER Win.Trojan.Ryuk malicious download
62562MALWARE-OTHER Win.Trojan.Ryuk malicious download
62560MALWARE-OTHER Win.Trojan.Ryuk malicious download
62549MALWARE-BACKDOOR Win.Trojan.Shadowpad persistence executable download

Removed Signatures

Removed the following signature due to False Positives (FP):

  • 32640

  • 62084

  • 62086

Share this Doc
In this topic ...