IPS Threat Content Update Release Notes 24.102.13
IPS Threat Content Update Release Notes 24.102.13
Following is the summary of signatures deployed on January 16th, 2024 with the IPS content release:
-
Signatures Added: 36
-
Signatures Modified: 1
-
Signatures Removed: 2
Signatures Added
| SID | Description | Reference |
|---|---|---|
| 150725 | MALWARE-CNC Cobalt Strike APT1.VT.Profile traffic detected | cobaltstrike.com |
| 150726 | MALWARE-CNC Cobalt Strike msupdate.getonly traffic detected | cobaltstrike.com |
| 150727 | MALWARE-CNC Cobalt Strike amazon.db.search traffic detected | cobaltstrike.com |
| 150728 | MALWARE-CNC Cobalt Strike msnbc.video.get traffic detected | cobaltstrike.com |
| 150729 | MALWARE-CNC Cobalt Strike ocsp.get traffic detected | cobaltstrike.com |
| 150730 | MALWARE-CNC Cobalt Strike owa.calendar.get traffic detected | cobaltstrike.com |
| 150731 | MALWARE-CNC Cobalt Strike onedrive.get traffic detected | cobaltstrike.com |
| 150732 | MALWARE-CNC Cobalt Strike pandora.get traffic detected | cobaltstrike.com |
| 150733 | MALWARE-CNC Cobalt Strike poseidon.get traffic detected | cobaltstrike.com |
| 150734 | MALWARE-CNC Cobalt Strike powrunner.get traffic detected | cobaltstrike.com |
| 150735 | MALWARE-CNC Cobalt Strike qakbot.get traffic detected | cobaltstrike.com |
| 150736 | MALWARE-CNC Cobalt Strike ramnit.get traffic detected | cobaltstrike.com |
| 150737 | MALWARE-CNC Cobalt Strike ratankba.get traffic detected | cobaltstrike.com |
| 150738 | MALWARE-CNC Cobalt Strike salesforce.get traffic detected | cobaltstrike.com |
| 150739 | MALWARE-CNC Cobalt Strike slack.get traffic detected | cobaltstrike.com |
| 150740 | MALWARE-CNC Cobalt Strike sofacy.get traffic detected | cobaltstrike.com |
| 150741 | MALWARE-CNC Cobalt Strike stackoverflow.get traffic detected | cobaltstrike.com |
| 150742 | MALWARE-CNC Cobalt Strike so.paerls.get traffic detected | cobaltstrike.com |
| 150743 | MALWARE-CNC Cobalt Strike template.profile.get traffic detected | cobaltstrike.com |
| 150744 | MALWARE-CNC Cobalt Strike trevor.profile.get traffic detected | cobaltstrike.com |
| 150745 | MALWARE-CNC Cobalt Strike trick-ryuk.profile.get traffic detected | cobaltstrike.com |
| 150746 | MALWARE-CNC Cobalt Strike ursnif-icedid.profile.get traffic detected | cobaltstrike.com |
| 150747 | MALWARE-CNC Cobalt Strike xbash.profile.get traffic detected | cobaltstrike.com |
| 150748 | MALWARE-CNC Cobalt Strike zloader.profile.get traffic detected | cobaltstrike.com |
| 150749 | MALWARE-CNC Cobalt Strike zillow.profile.get traffic detected | cobaltstrike.com |
| 150750 | MALWARE-CNC Cobalt Strike zoom.profile.get traffic detected | cobaltstrike.com |
| 62788 | MALWARE-CNC Win.Trojan.GravityRAT variant outbound connection | https://www.virustotal.com/gui/file/caf0a39318cfc1e65eae773a28de62ce08b7cf1b9d4264e843576165411e2a84 |
| 62816 | MALWARE-OTHER Win.Dropper.Generic variant binary download attempt | No Reference |
| 62817 | MALWARE-CNC Win.Infostealer.Generic variant outbound connection | https://www.virustotal.com/gui/file/bc25f7836c273763827e1680856ec6d53bd73bbc4a03e9f743eddfc53cf68789 |
| 62818 | MALWARE-OTHER Win.Trojan.GravityRat variant malware download attempt | https://www.virustotal.com/gui/file/caf0a39318cfc1e65eae773a28de62ce08b7cf1b9d4264e843576165411e2a84 |
| 62848 | OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt | CVE-2024-20683 |
| 62850 | OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt | CVE-2024-20698 |
| 62855 | OS-WINDOWS Microsoft Windows Common Log File System escalation of privilege attempt | CVE-2024-20653 |
| 62857 | OS-WINDOWS Microsoft Windows Common Log File System escalation of privilege attempt | CVE-2024-20653 |
| 62859 | OS-WINDOWS Microsoft Windows Common Log File System escalation of privilege attempt | CVE-2024-20653 |
| 62861 | OS-WINDOWS Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege attempt | CVE-2024-21310 |
Signatures Removed
Removed the following signature due to False Positives (FP):
-
50436
-
62722
