IPS Threat Content Update Release Notes 24.107.18
IPS Threat Content Update Release Notes 24.107.18
Following is the summary of signatures deployed on February 19th, 2024 with the IPS content release:
-
Signatures added: 62
-
Signatures modified: 3
-
Signatures removed: 3
Signatures Added
| SID | Description | Reference |
|---|---|---|
| 62931 | MALWARE-OTHER Win.Trojan.Fakebat variant download attempt | virustotal.com/gui/file/71eabcd065118985a02aa4aaf88360920801201f6982b64a494858e5c27e90db |
| 62936 | BROWSER-IE Microsoft Internet Explorer VML shape object malformed path attempt | CVE-2013-0030 |
| 62937 | MALWARE-CNC Win.Trojan.Agent CNC outbound connection | No Reference |
| 62942 | FILE-OTHER Microsoft Windows SmartScreen security bypass attempt | CVE-2023-36025 |
| 62944 | INDICATOR-COMPROMISE Microsoft Windows SmartScreen security bypass attempt | CVE-2023-36025 |
| 62967 | FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt | CVE-2010-0821 |
| 62972 | FILE-OFFICE ClamAV OLE2 file parsing denial of service attempt | CVE-2024-20290 |
| 62983 | MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt | www.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 |
| 62984 | MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt | www.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 |
| 62985 | MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt | www.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 |
| 62986 | MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt | www.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 |
| 62987 | MALWARE-CNC Win.Ransomware.GhostLocker variant outbound connection attempt | www.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 |
| 62989 | MALWARE-OTHER Win.Ransomware.GhostLocker variant download attempt | www.virustotal.com/gui/file/8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 |
| 62991 | BROWSER-CHROME Google Chrome FileReader use after free attempt | CVE-2019-5786 |
| 62993 | OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt | CVE-2024-21346 |
| 62994 | FILE-OFFICE Microsoft Word remote code execution attempt | CVE-2024-21379 |
| 62996 | MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection | www.virustotal.com/gui/file/267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b |
| 62997 | MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection | www.virustotal.com/gui/file/267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b |
| 62998 | OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt | CVE-2024-21371 |
| 63001 | OS-WINDOWS Microsoft Windows AppId driver elevation of privileges attempt | CVE-2024-21338 |
| 63005 | OS-WINDOWS Microsoft Windows ntoskrnl elevation of privileges attempt | CVE-2024-21345 |
| 150783 | MALWARE-CNC EK.Ironstrom.Beacon traffic detected | No Reference |
| 150784 | MALWARE-CNC Sardonic.c2 traffic detected | No Reference |
| 150785 | MALWARE-CNC Armageddon.ArmedCloud.c2 traffic detected | No Reference |
| 150786 | MALWARE-CNC EK.Hermit.Manuscrypt Beacon traffic detected | No Reference |
| 150787 | MALWARE-CNC Temp.Armageddon.Badborsch.Exfil traffic detected | No Reference |
| 150788 | MALWARE-CNC EK.APT42.Powerpost.Beacon traffic detected | No Reference |
| 150789 | MALWARE-CNC EK.Generic.Beacon traffic detected | CVE-2022-30190 |
| 150790 | MALWARE-CNC EK.Boomic.c2 traffic detected | No Reference |
| 150791 | MALWARE-CNC Generic.Loadout.Post traffic detected | No Reference |
| 150792 | MALWARE-CNC Generic.Powerplant.Init traffic detected | No Reference |
| 150793 | MALWARE-CNC Generic.Redlinestealer.Beacon traffic detected | No Reference |
| 150794 | MALWARE-CNC Generic.Axeterror.Beacon traffic detected | No Reference |
| 150795 | MALWARE-CNC Generic.Roguerooster.c2 traffic detected | No Reference |
| 150796 | MALWARE-CNC Generic.Birdpen.c2 traffic detected | No Reference |
| 150797 | MALWARE-CNC Generic.Nutwaffle.c2 traffic detected | No Reference |
| 150798 | MALWARE-CNC Generic.Darkside.Bits traffic detected | No Reference |
| 150799 | MALWARE-CNC Generic.Purplefox.c2 traffic detected | No Reference |
| 150800 | MALWARE-CNC Generic.Sliver.c2 traffic detected | No Reference |
| 150801 | MALWARE-CNC Generic.Nanocore.c2 traffic detected | No Reference |
| 150802 | MALWARE-CNC Generic.Hawakeye.c2 traffic detected | No Reference |
| 150803 | MALWARE-CNC Generic.Fullhouse.Tunneling traffic detected | No Reference |
| 150804 | MALWARE-CNC Generic.Formbook.c2 traffic detected | No Reference |
| 150805 | MALWARE-CNC Generic.VBSBackdoor.check-in traffic detected | No Reference |
| 150806 | MALWARE-CNC Generic.Glubteba.c2 traffic detected | No Reference |
| 150807 | MALWARE-CNC Generic.Ftcode.Guid traffic detected | No Reference |
| 150808 | MALWARE-CNC Generic.Grimagent.c2 traffic detected | No Reference |
| 150809 | MALWARE-CNC Generic.Emotet.Exfil traffic detected | No Reference |
| 150810 | MALWARE-OTHER Win.Trojan.GravityRat variant malware download attempt | virustotal.com/gui/file/caf0a39318cfc1e65eae773a28de62ce08b7cf1b9d4264e843576165411e2a84 |
| 152003 | OS-WINDOWS Microsoft Windows Theme code execution attempt | CVE-2023-38146 |
| 160141 | FILE-PDF Adobe Acrobat Out-of-Bounds write attempt | CVE-2024-20726 |
| 160142 | FILE-PDF Adobe Acrobat Out-of-Bounds write attempt | CVE-2024-20727 |
| 160143 | FILE-PDF Adobe Acrobat Out-of-Bounds write attempt | CVE-2024-20728 |
| 160144 | FILE-PDF Adobe Acrobat Use-After-Free attempt | CVE-2024-20729 |
| 160145 | FILE-PDF Adobe Acrobat Buffer Overflow attempt | CVE-2024-20730 |
| 160146 | FILE-PDF Adobe Acrobat Buffer overflow attempt | CVE-2024-20733 |
| 160147 | FILE-PDF Adobe PDF use after free attempt | CVE-2024-20734 |
| 160148 | FILE-PDF Adobe PDF out-of-bounds read attempt | CVE-2024-20735 |
| 160149 | FILE-PDF Adobe PDF out-of-bounds read attempt | CVE-2024-20736 |
| 160150 | FILE-PDF Adobe PDF out-of-bounds read attempt | CVE-2024-20747 |
| 160151 | FILE-PDF Adobe PDF out-of-bounds read attempt | CVE-2024-20748 |
| 160152 | FILE-PDF Adobe PDF out-of-bounds read attempt | CVE-2024-20749 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
-
18347
-
18374
-
43461
