IPS Threat Content Update Release Notes 24.104.19
IPS Threat Content Update Release Notes 24.104.19
Following is the summary of signatures deployed on January 31st, 2024 with the IPS content release:
-
Signatures Added: 41
-
Signatures Modified: 0
-
Signatures Removed: 0
Signatures Added
| SID | Description | Reference |
|---|---|---|
| 150694 | MALWARE-OTHER HTML.Smuggling.Exploit traffic detected | No Reference |
| 150751 | MALWARE-CNC Scanbox.Enumerate.Programs traffic detected | cobaltstrike.com |
| 150752 | MALWARE-CNC APT28.Sedkit traffic detected | cobaltstrike.com |
| 150753 | MALWARE-CNC EK.Flash.Generic traffic detected | cobaltstrike.com |
| 150754 | MALWARE-CNC UNC2653.Beacon.c2 traffic detected | cobaltstrike.com |
| 150755 | MALWARE-CNC Temp.Armageddon.Template.Download traffic detected | cobaltstrike.com |
| 150756 | MALWARE-CNC Recordstealer.c2 traffic detected | cobaltstrike.com |
| 150757 | MALWARE-CNC Havanacrypt.c2 traffic detected | cobaltstrike.com |
| 150758 | MALWARE-CNC Havanacrypt.c2 traffic detected | cobaltstrike.com |
| 150759 | MALWARE-CNC APT34.Generic.Payload traffic detected | cobaltstrike.com |
| 150760 | MALWARE-CNC Temp.Sogu.Payload traffic detected | cobaltstrike.com |
| 150761 | MALWARE-CNC Temp.Sogu.Payload traffic detected | cobaltstrike.com |
| 150762 | MALWARE-CNC Weevely.c2.Payload traffic detected | cobaltstrike.com |
| 150763 | MALWARE-CNC Weevely.c2.Payload traffic detected | cobaltstrike.com |
| 150764 | MALWARE-CNC Generic.Loadinfo.Beacon traffic detected | cobaltstrike.com |
| 150765 | MALWARE-CNC UNC1530.Sharkpizza.Beacon traffic detected | cobaltstrike.com |
| 150766 | MALWARE-CNC Python.Backdoor.Beacon traffic detected | cobaltstrike.com |
| 150767 | MALWARE-CNC UNC4742.CRABWISE.c2 traffic detected | cobaltstrike.com |
| 150768 | MALWARE-CNC UNC4864.Beacon.c2 traffic detected | cobaltstrike.com |
| 150769 | MALWARE-CNC UNC4814.Smokeloader.c2 traffic detected | cobaltstrike.com |
| 150770 | MALWARE-CNC UNC4968.Splitpush.Beacon traffic detected | cobaltstrike.com |
| 150771 | MALWARE-CNC UNC4968.Splitpush.Beacon traffic detected | cobaltstrike.com |
| 150772 | MALWARE-CNC UNC4962.Darkgate.c2 traffic detected | cobaltstrike.com |
| 150773 | MALWARE-CNC UNC4962.Darkgate.c2 traffic detected | cobaltstrike.com |
| 150774 | MALWARE-CNC Generic.Hydrolock.c2 traffic detected | cobaltstrike.com |
| 150775 | MALWARE-CNC Generic.Hunter.c2 traffic detected | cobaltstrike.com |
| 150776 | FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt | CVE-2021-40444 |
| 150777 | FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt | CVE-2021-40444 |
| 150778 | FILE-OFFICE Microsoft MSHTML Remote Code Execution Vulnerability | CVE-2021-40444 |
| 150779 | OS-LINUX GNU C Library GLIBC_TUNABLES exploit download attempt | CVE-2023-4911 |
| 150780 | MALWARE-CNC EK.Spelevo.c2 traffic detected | cobaltstrike.com |
| 150781 | MALWARE-CNC EK.Nuclear.c2 traffic detected | cobaltstrike.com |
| 150782 | MALWARE-CNC EK.Sundown.c2 traffic detected | cobaltstrike.com |
| 62891 | OS-WINDOWS Microsoft Windows Common Log File System escalation of privilege attempt | CVE-2023-28252 |
| 62905 | MALWARE-CNC Win.Downloader.VettaLoader CNC outbound connection | https://yoroi.company/wp-content/uploads/2023/12/202311-Vetta-Loader_Def-min.pdf |
| 62906 | MALWARE-CNC Win.Trojan.VettaLoader CNC outbound connection | https://yoroi.company/wp-content/uploads/2023/12/202311-Vetta-Loader_Def-min.pdf |
| 62910 | FILE-OFFICE Spreadsheet ParseExcel Perl module remote code execution attempt | CVE-2023-7101 |
| 62911 | MALWARE-CNC Win.Trojan.Agent CNC outbound connection | No Reference |
| 62913 | BROWSER-CHROME Google Chrome SetPropertyWithAccessor type confusion attempt | CVE-2023-2935 |
| 62915 | MALWARE-OTHER Win.Trojan.Gozi variant download attempt | https://www.virustotal.com/gui/file/59efe4a482adfd9e8e7268f3c6a14bef578e07cba6ff42a8f7d59b5507530cb7 |
| 62917 | MALWARE-OTHER Win.Trojan.FakeCPU-Z variant download attempt | https://www.virustotal.com/gui/file/c6e79473526e0c70389c7cf6c31987ef23cd59b4012b614dcb545d085118ef80 |
