IPS Threat Content Update Release Notes 23.151.1
IPS Threat Content Update Release Notes 23.151.1
Following is the summary of signatures deployed on December 18th, 2023 with the IPS content release:
- Signatures Added: 71
- Signatures Modified: 1
- Signatures Removed: 1078
Signatures Added
| SID | Description | Reference |
|---|---|---|
| 150695 | MALWARE-CNC Cobalt Strike Safebrowsing Profile get beacon command result | cobaltstrike.com |
| 150696 | MALWARE-CNC Cobalt Strike Saefko Profile get command result | cobaltstrike.com |
| 150697 | MALWARE-CNC Cobalt Strike rtmp Profile beacon get command result | cobaltstrike.com |
| 150698 | MALWARE-CNC Cobalt Strike rigek Profile beacon get command result | cobaltstrike.com |
| 150699 | MALWARE-CNC Cobalt Strike reddit Profile beacon get command result | cobaltstrike.com |
| 150700 | MALWARE-CNC Cobalt Strike meterpreter Profile beacon get command result | cobaltstrike.com |
| 150701 | MALWARE-CNC Cobalt Strike mayoclinic Profile beacon get command result | cobaltstrike.com |
| 150702 | MALWARE-CNC Cobalt Strike mayoclinic Profile beacon get command result | cobaltstrike.com |
| 150703 | MALWARE-CNC Cobalt Strike mayoclinic Profile beacon get command result | cobaltstrike.com |
| 150704 | MALWARE-CNC Cobalt Strike mayoclinic Profile beacon get command result | cobaltstrike.com |
| 150705 | MALWARE-CNC Cobalt Strike magnitude Profile beacon get command result | cobaltstrike.com |
| 150706 | MALWARE-CNC Cobalt Strike kronos Profile beacon get command result | cobaltstrike.com |
| 150707 | MALWARE-CNC Cobalt Strike jaff ransomware Profile beacon get command result | cobaltstrike.com |
| 150708 | MALWARE-CNC Cobalt Strike iheartradio ransomware Profile beacon get command result | cobaltstrike.com |
| 150709 | MALWARE-CNC Cobalt Strike gdrive Profile beacon get command result | cobaltstrike.com |
| 150710 | MALWARE-CNC Cobalt Strike globeimposter Profile beacon get command result | cobaltstrike.com |
| 150711 | MALWARE-CNC Cobalt Strike chches Profile beacon get command result | cobaltstrike.com |
| 150712 | MALWARE-CNC Cobalt Strike fiesta Profile beacon get command result | cobaltstrike.com |
| 150713 | MALWARE-CNC Cobalt Strike fiesta Profile beacon get command result | cobaltstrike.com |
| 150714 | MALWARE-CNC Cobalt Strike emotet Profile beacon get command result | cobaltstrike.com |
| 150715 | MALWARE-CNC Cobalt Strike dukes.apt Profile beacon get command result | cobaltstrike.com |
| 150716 | MALWARE-CNC Cobalt Strike duckduckgo Profile beacon get command result | cobaltstrike.com |
| 150717 | MALWARE-CNC Cobalt Strike comfoo Profile beacon get command result | cobaltstrike.com |
| 150718 | MALWARE-CNC Cobalt Strike cnnvideo Profile beacon get command result | cobaltstrike.com |
| 150719 | MALWARE-CNC Cobalt Strike chrome Profile beacon get command result | cobaltstrike.com |
| 150720 | MALWARE-CNC Cobalt Strike bingmap Profile beacon get command result | cobaltstrike.com |
| 150721 | MALWARE-CNC Cobalt Strike bazarloader Profile beacon get command result | cobaltstrike.com |
| 150722 | MALWARE-CNC AIRDRY.C2.Post traffic detected | cobaltstrike.com |
| 150723 | MALWARE-CNC UNC2078.JSOUTPROX.C2.Post traffic detected | cobaltstrike.com |
| 150724 | MALWARE-CNC TEMP.SOGU.C2.Beacon traffic detected | cobaltstrike.com |
| 152001 | FILE-IMAGE Multiple products libwebp remote code execution attempt | CVE-2023-41064 |
| 152002 | FILE-OFFICE Microsoft Office HTML remote code execution attempt | CVE-2023-36884 |
| 160131 | FILE-PDF Adobe Acrobat Use-After-Free attempt | CVE-2023-44336 |
| 160132 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-44337 |
| 160133 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-44338 |
| 160134 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-44339 |
| 160135 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-44340 |
| 160136 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-44356 |
| 160137 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-44360 |
| 160138 | FILE-PDF Adobe Acrobat Use-After-Free attempt | CVE-2023-44361 |
| 160139 | FILE-PDF Adobe Acrobat Use-After-Free attempt | CVE-2023-44371 |
| 160140 | FILE-PDF Adobe Acrobat Use-After-Free attempt | CVE-2023-44372 |
| 62658 | MALWARE-OTHER Win.Trojan.Qakbot variant download attempt | virustotal.com/gui/file/0ff67bf13d217f92ffabfa8d4575cf19099574dd384230244be692b85d596b1a |
| 62660 | BROWSER-IE Windows Scripting Engine out-of-bounds write attempt | CVE-2023-36017 |
| 62670 | MALWARE-CNC Win.Trojan.FakeBat variant outbound connection attempt | www.virustotal.com/gui/file/f433a5982dfa78a47c826ccd0c5b0b8d7a8f8fc34dfdb403f171543f5fc09ba8/detection |
| 62681 | MALWARE-OTHER Win.Trojan.BlackDog malicious file download attempt | No Reference |
| 62684 | MALWARE-OTHER Win.Trojan.BlackDog malicious file download attempt | No Reference |
| 62685 | MALWARE-OTHER Win.Trojan.BlackDog dropper download attempt | No Reference |
| 62694 | OS-LINUX GNU C Library GLIBC_TUNABLES exploit download attempt | CVE-2023-4911 |
| 62702 | FILE-PDF Adobe Acrobat Reader DC Annots.api setProps use-after-free attempt | CVE-2021-28550 |
| 62709 | MALWARE-CNC Win.Malware.Lumma variant outbound connection | virustotal.com/gui/file/066fe4bb2fe09cad7df4e01f0eacc046faa304c9eb76812a636811acb44e936d |
| 62711 | MALWARE-OTHER Win.Malware.Lumma variant download attempt | virustotal.com/gui/file/066fe4bb2fe09cad7df4e01f0eacc046faa304c9eb76812a636811acb44e936d |
| 62713 | MALWARE-OTHER Win.Malware.Lumma variant download attempt | virustotal.com/gui/file/004f2b62840a91b011eaaafbcc429b374835b9274610f89c6a9ef6f9bfdde768 |
| 62715 | MALWARE-OTHER Win.Malware.Lumma variant download attempt | virustotal.com/gui/file/2fc17c5966753c0b6fa31e15399fe8c7adf3f33785dfed3e9a7fae5c9040eaee |
| 62717 | MALWARE-OTHER Win.Malware.Lumma variant download attempt | virustotal.com/gui/file/e57cfd368ad71d81543c22d1e12ef620eca6677254556cc00375fda768f2487f |
| 62719 | MALWARE-OTHER Unix.Ransomware.U-Bomb download attempt | www.virustotal.com/gui/file/b5d36076c67f46bb3cb96fc778d2df275eaacba33f41ef86d57ba426f3c9d2b4 |
| 62721 | MALWARE-CNC Win.Trojan.Andariel outbound connection | No Reference |
| 62722 | MALWARE-OTHER Win.Trojan.Andariel malicious download attempt | No Reference |
| 62739 | MALWARE-OTHER Win.Trojan.Rhadamanthys variant payload download attempt | virustotal.com/gui/file/af67a6bd0baf78191617c97aad2d21b7d6133e879c92c97b1b1345d629f79661/behavior |
| 62740 | MALWARE-CNC Win.Infostealer.Gamaredon outbound connection attempt | No Reference |
| 62755 | OS-WINDOWS Microsoft Windows Sysmain Service elevation of privilege attempt | CVE-2023-35644 |
| 62757 | MALWARE-OTHER Win.Trojan.Agent variant payload download attempt | www.virustotal.com/gui/file/4b322cd349f647ab5f84766cb2f2176bac77f0b8d64c2a59b91a6d30c4072315/details |
| 62760 | BROWSER-CHROME Google Chrome Blink renderer use after free attempt | CVE-2015-1256 |
| 62763 | OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt | CVE-2023-35631 |
| 62765 | FILE-EXECUTABLE Windows Telephony API escalation of privilege attempt | CVE-2023-36005 |
| 62766 | OS-WINDOWS Microsoft Windows LSAS Service privilege escalation attempt | CVE-2023-36391 |
| 62769 | OS-WINDOWS Windows Cloud Files Mini Filter Driver escalation of privilege attempt | CVE-2023-36696 |
| 62771 | OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt | CVE-2023-35633 |
| 62773 | MALWARE-OTHER Win.Trojan.Xworm download attempt | www.virustotal.com/gui/file/b122039acc71028b48a74c35885313dce5933b14f421d75236519c36aeb8000b |
| 62775 | MALWARE-OTHER Win.Trojan.Xworm download attempt | www.virustotal.com/gui/file/4f31161f780080caa828d8d26966e8391581ee687eced52b7fb3410db011363b |
| 62787 | OS-WINDOWS Microsoft Windows Ancillary Function driver elevation of privilege attempt | CVE-2023-35632 |
Signatures Removed
Removed the following retired signature from the package as these are more than 10 years:
| SID Removed |
|---|
| 30926, 29431, 30810, 30567, 32606, 28605, 29152, 6331, 23148, 30262, 19767, 28166, 29300, 31897, 32402, 19347, 28084, 30299, 27049, 32397, 29911, 31465, 28986, 29881, 31717, 29791, 31218, 28096, 7829, 29982, 30193, 28024, 28194, 29885, 29652, 28963, 25260, 31119, |
| 28554, 28164, 32030, 28799, 31466, 28106, 28558, 28042, 29464, 29331, 27558, 31184, 30773, 28022, 31644, 30809, 31683, 29045, 29981, 31214, 30332, 32510, 31836, 28883, 30987, 30979, 29562, 31091, 30168, 28265, 28399, 31272, 28811, 27935, 30314, 32072, 29012, 29079, 32330, 25025, |
| 31313, 31241, 28213, 30078, 28420, 31454, 29991, 31680, 32394, 30071, 29360, 28255, 31317, 28810, 27229, 29220, 32354, 30325, 32614, 30315, 32469, 31146, 31753, 32060, 29924, 28803, 29884, 29461, 28305, 31649, 32033, 20099, 31122, 28861, 29416, 29016, 31243, 32341, 32451, 32028, |
| 28075, 31826, 32036, 28820, 30167, 20104, 16289, 28023, 31014, 30968, 32018, 29985, 28483, 28885, 29148, 31966, 29638, 28421, 29447, 28008, 28599, 27665, 32383, 29260, 31531, 32075, 32586, 32585, 30518, 31424, 30547, 32338, 29125, 29380, 27969, 30331, 7550, 32096, 30284, 31722, |
| 26239, 31706, 32505, 32599, 30934, 31556, 28155, 31452, 28009, 20088, 31355, 29302, 31442, 32054, 20097, 28853, 28960, 31547, 31271, 30919, 31036, 28796, 32093, 30216, 30250, 29216, 28105, 28016, 30255, 31834, 29259, 28114, 27905, 31988, 30300, 30975, 30494, 28239, 20561, 28143, |
| 30967, 28852, 30231, 20064, 28994, 27958, 29566, 30198, 32367, 29176, 25599, 31053, 27864, 28371, 30334, 31066, 29493, 20083, 27078, 30776, 29371, 28988, 31062, 28125, 21195, 29907, 25448, 32670, 31299, 31768, 28990, 31433, 31713, 31260, 28242, 28608, 29878, 28864, 31229, 30047, |
| 27199, 32202, 31262, 29367, 32086, 31734, 27964, 31370, 31813, 21461, 31147, 27918, 31344, 7839, 19435, 25625, 32259, 24532, 32006, 30258, 20068, 29395, 32776, 29664, 31735, 30946, 29789, 31808, 31417, 30559, 28012, 29883, 30211, 32071, 30091, 28724, 28264, 29353, 32384, 28987, |
| 32665, 31835, 32390, 30210, 30965, 29489, 32037, 28444, 31928, 28450, 29891, 31450, 31859, 29389, 19975, 31083, 29349, 30496, 32175, 29133, 29109, 29925, 28914, 28045, 32270, 32195, 32329, 30034, 31242, 32050, 28247, 32494, 27912, 30976, 31510, 28148, 29140, 32334, 28095, 31929, |
| 28816, 28018, 31171, 28141, 29497, 30087, 32368, 28984, 32273, 28147, 7859, 30192, 31124, 20042, 31712, 31949, 32678, 31909, 28411, 30560, 29292, 28812, 29304, 32455, 32604, 32193, 30256, 25068, 32328, 32395, 28485, 29074, 32727, 29057, 28976, 28860, 28116, 7788, 30306, 29893, |
| 28107, 32073, 29186, 20108, 25239, 30333, 32293, 29352, 29563, 30493, 27956, 30310, 31833, 30271, 32180, 30999, 28346, 31545, 31913, 30072, 29973, 30138, 31699, 29090, 32121, 32254, 28859, 28210, 20067, 31089, 16311, 29059, 31346, 30495, 28446, 29861, 32015, 30251, 19484, 31079, |
| 31073, 27957, 31641, 17913, 30806, 28879, 28547, 32126, 32743, 32513, 28800, 30852, 31449, 19358, 31307, 31606, 29916, 32272, 25623, 30063, 32123, 29424, 32557, 31135, 29056, 28072, 6250, 25675, 32035, 28947, 25067, 25109, 28254, 27891, 32260, 31682, 30316, 31453, 31902, 30344, |
| 27867, 31114, 31558, 28007, 31605, 28813, 28564, 29164, 30920, 28548, 28565, 24884, 32388, 29108, 31955, 20078, 30988, 31172, 31306, 32052, 7858, 32250, 32040, 31273, 27980, 28300, 7878, 32256, 29001, 28097, 28074, 27936, 30257, 31898, 30335, 29484, 28144, 31718, 30938, 29990, |
| 31244, 31563, 31857, 32065, 28884, 32674, 31240, 31633, 32706, 30551, 16526, 30312, 32310, 31314, 29370, 26955, 28815, 29882, 30880, 28121, 20028, 30323, 30061, 29351, 32197, 32012, 29154, 28021, 30569, 29013, 29918, 28402, 20040, 28418, 23391, 30288, 28416, 30304, 24523, 32373, |
| 29332, 30074, 30066, 29887, 30070, 30278, 31329, 30566, 19057, 32623, 28146, 30060, 29337, 30308, 20080, 28244, 5891, 31916, 29412, 29325, 30196, 31255, 31343, 27817, 32074, 27970, 32331, 28886, 31116, 19864, 31261, 29901, 32285, 28817, 32583, 29376, 30214, 31964, 30765, 28362, |
| 32061, 31002, 32562, 30234, 31967, 31228, 32048, 28982, 28858, 30482, 29082, 30896, 29073, 32055, 32125, 31458, 26891, 30804, 19483, 29550, 31923, 28542, 30483, 32374, 31487, 31224, 29408, 31315, 29440, 31974, 32333, 19475, 32243, 32396, 28983, 30276, 32605, 31688, 32508, 30064, |
| 31901, 28285, 30927, 31293, 26293, 31000, 31533, 25242, 31903, 28017, 25107, 20043, 29379, 29824, 28847, 32512, 31885, 30133, 28405, 30235, 28073, 30983, 30966, 32009, 30277, 28985, 28209, 31183, 29348, 31837, 29426, 31930, 31173, 31113, 30947, 20037, 32770, 27664, 29880, 28365, |
| 31168, 28559, 31070, 28594, 28528, 30811, 31991, 31559, 29139, 29864, 29071, 20106, 28381, 28422, 30805, 32506, 28609, 32584, 25096, 32053, 31642, 30309, 29087, 32667, 31230, 31236, 31316, 30752, 30311, 32294, 32008, 32550, 32031, 30977, 28117, 30905, 30954, 31544, 32456, 28373, |
| 30985, 29879, 32578, 31459, 32769, 29862, 29363, 31586, 26692, 30036, 30978, 31319, 29565, 30073, 31924, 28328, 31468, 29002, 25610, 32521, 32196, 31973, 30208, 30982, 29115, 29289, 25256, 29561, 31080, 21181, 29356, 20038, 31603, 29788, 24265, 32554, 29873, 29334, 30935, 32610, |
| 29345, 28079, 32066, 29877, 30191, 31607, 31832, 32011, 28138, 32255, 556, 29422, 31681, 31947, 31235, 20057, 28538, 32399, 30998, 32220, 27965, 30917, 23978, 28195, 29495, 28019, 32379, 31669, 29828, 31972, 30900, 28814, 28080, 31225, 29117, 28033, 31748, 31112, 27659, 31820, |
| 31090, 31328, 30484, 30815, 29870, 31418, 30068, 29417, 31689, 30035, 28280, 26448, 28120, 29494, 23334, 29569, 28403, 30924, 31827, 28211, 32016, 32290, 29637, 31948, 30230, 28134, 30203, 32734, 28604, 30290, 32357, 30807, 20107, 31941, 30298, 28040, 30279, 28529, 31295, 32613, |
| 29666, 30261, 27955, 29114, 24531, 32401, 31055, 28856, 32289, 31174, 32387, 28417, 29179, 28562, 28543, 29863, 30548, 24259, 28192, 32600, 30568, 29301, 28593, 31467, 29899, 30519, 32457, 30065, 31907, 30914, 29423, 28410, 29378, 5749, 29261, 32013, 31298, 28325, 30955, 32464, |
| 32222, 31714, 29665, 20036, 30743, 28230, 28968, 29483, 29174, 32194, 28234, 32645, 31290, 28561, 29921, 32130, 6363, 31904, 29324, 28015, 32192, 25674, 20527, 20069, 32287, 29068, 31042, 29075, 31543, 28094, 31084, 29038, 31530, 28809, 28038, 32529, 30766, 20087, 29081, 31899, |
| 30986, 29293, 23252, 29922, 30088, 18934, 29923, 32225, 30260, 31944, 29339, 32372, 20039, 29636, 29104, 31896, 32067, 32735, 31231, 29333, 29127, 29103, 32070, 28118, 31019, 32493, 28808, 21208, 30812, 25268, 29306, 29091, 29146, 31691, 29150, 27734, 29557, 31817, 29670, 29897, |
| 31145, 28563, 29039, 30302, 21958, 32023, 30090, 28797, 28122, 28123, 6346, 29344, 31805, 31303, 29138, 31121, 31548, 29044, 32400, 29341, 29307, 28153, 31131, 27868, 30204, 32090, 30076, 29663, 31954, 32677, 29740, 28279, 30336, 7116, 30492, 28977, 32188, 20066, 32551, 31345, |
| 30808, 30570, 32034, 28010, 28607, 29076, 29816, 32548, 28006, 29175, 31895, 28119, 28484, 31221, 28250, 31020, 30134, 31004, 20077, 29496, 26785, 27890, 29645, 27939, 31081, 28154, 29135, 28948, 32736, 30751, 30137, 31359, 31007, 29153, 30552, 5807, 28372, 29058, 28324, 28011, |
| 29817, 28020, 7135, 31222, 27911, 29869, 32598, 29359, 32189, 32181, 31150, 31769, 20086, 20076, 25108, 29299, 5774, 31258, 29340, 31957, 32728, 29149, 29190, 31824, 29313, 31142, 31254, 13696, 28802, 28966, 29559, 29112, 29790, 30753, 24600, 28326, 28949, 29031, 30984, 32511, |
| 31828, 30397, 28804, 24349, 29060, 29874, 29335, 29920, 24791, 29291, 18356, 30270, 20081, 31234, 29026, 30239, 29361, 30897, 28857, 30259, 28606, 7552, 31604, 27981, 29180, 31990, 31755, 28541, 18717, 30915, 28044, 32747, 29635, 29460, 31275, 29077, 32622, 29358, 29886, 31900 |
