Updated on February 29, 2024

IPS Threat Content Update Release Notes 24.109.16

IPS Threat Content Update Release Notes 24.109.16

Following is the summary of signatures deployed on February 29th, 2024 with the IPS content release:

  • Signatures added: 34

  • Signatures modified: 0

  • Signatures removed: 1

Signatures Added

SIDDescriptionReference
150811MALWARE-CNC EK.Angler.Generic traffic detectedNo Reference
150812MALWARE-CNC EK.Angler.Generic traffic detectedNo Reference
150813MALWARE-CNC Generic.BOF traffic detectedNo Reference
150814MALWARE-CNC Generic.EK.Java Applet traffic detectedNo Reference
150815MALWARE-CNC Generic.EK.Activity flash traffic detectedCVE-2015-5122
170001BROWSER-CHROME Google Chrome FileReader use after free attemptCVE-2019-5786
63013MALWARE-CNC Win.Trojan.TinyTurla variant outbound connectionwww.virustotal.com/gui/file/267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b
63014MALWARE-OTHER Win.Malware.Astaroth variant payload download attemptwww.virustotal.com/gui/file/094e722972e6e4d2858dd2447d30c7025e7446f4ca60a7dc5a711f906ab5b1a0
63015MALWARE-OTHER Win.Malware.Astaroth variant payload download attemptwww.virustotal.com/gui/file/094e722972e6e4d2858dd2447d30c7025e7446f4ca60a7dc5a711f906ab5b1a0
63017MALWARE-OTHER Win.Malware.Astaroth variant payload download attemptwww.virustotal.com/gui/file/8d912a99076f0bdc4fcd6e76c51a1d598339c1502086a4381f5ef67520a0ddf2
63025MALWARE-OTHER Win.Trojan.Lagtoy variant download attemptNo Reference
63027MALWARE-OTHER Win.Trojan.Metasploit variant download attemptwww.virustotal.com/gui/file/a95930ff02a0d13e4dbe603a33175dc73c0286cd53ae4a141baf99ae664f4132
63029MALWARE-OTHER Win.Trojan.Metasploit variant download attemptwww.virustotal.com/gui/file/c1bd624e83382668939535d47082c0a6de1981ef2194bb4272b62ecc7be1ff6b
63031MALWARE-OTHER Win.Trojan.Metasploit variant download attemptwww.virustotal.com/gui/file/70077fde6c5fc5e4d607c75ff5312cc2fdf61ea08cae75f162d30fa7475880de
63033MALWARE-OTHER Win.Trojan.Metasploit variant download attemptwww.virustotal.com/gui/file/5831b09c93f305e7d0a49d4936478fac3890b97e065141f82cda9a0d75b1066d
63035MALWARE-OTHER Win.Trojan.Metasploit variant download attemptwww.virustotal.com/gui/file/691cc4a12fbada29d093e57bd02ca372bc10968b706c95370daeee43054f06e3
63037MALWARE-OTHER Win.Trojan.Metasploit variant download attemptwww.virustotal.com/gui/file/0a367cc7e7e297248fad57e27f83316b7606788db9468f59031fed811cfe4867
63038MALWARE-CNC Win.Trojan.MysticStealer CNC initial connectionwww.zscaler.com/blogs/security-research/mystic-stealer-revisited
63041MALWARE-CNC Win.Trojan.MysticStealer Downloadwww.zscaler.com/blogs/security-research/mystic-stealer-revisited
63043MALWARE-CNC Win.Trojan.MysticStealer Downloadwww.zscaler.com/blogs/security-research/mystic-stealer-revisited
63045MALWARE-CNC Win.Trojan.MysticStealer Downloadwww.zscaler.com/blogs/security-research/mystic-stealer-revisited
63047MALWARE-CNC Win.Trojan.MysticStealer Downloadwww.zscaler.com/blogs/security-research/mystic-stealer
63050POLICY-OTHER Chisel proxy tunnel outbound connection attemptgithub.com/jpillora/chisel
63056MALWARE-OTHER Win.Trojan.SectopRAT variant download attemptwww.virustotal.com/gui/file/74af05da0fd9610a75080b3e482d2fc05a76fbb55a937cc3134d2adab0eed0bc
63057MALWARE-CNC Win.Trojan.Timbre variant outbound communication attemptwww.virustotal.com/gui/file/56612bb0ab00cbb7af24326b027a55ff25852ddab1f1c8e24471b7ce97003505
63058MALWARE-CNC Win.Trojan.Timbre variant outbound communication attemptwww.virustotal.com/gui/file/56612bb0ab00cbb7af24326b027a55ff25852ddab1f1c8e24471b7ce97003505
63059MALWARE-CNC Win.Trojan.Timbre variant outbound communication attemptwww.virustotal.com/gui/file/56612bb0ab00cbb7af24326b027a55ff25852ddab1f1c8e24471b7ce97003505
63060MALWARE-CNC Win.Trojan.Timbre variant outbound communication attemptwww.virustotal.com/gui/file/56612bb0ab00cbb7af24326b027a55ff25852ddab1f1c8e24471b7ce97003505
63061MALWARE-CNC Win.Trojan.Timbre variant outbound communication attemptwww.virustotal.com/gui/file/56612bb0ab00cbb7af24326b027a55ff25852ddab1f1c8e24471b7ce97003505
63063MALWARE-OTHER Win.Trojan.Timbre variant download attemptNo Reference
63065MALWARE-OTHER Win.Trojan.Timbre variant download attemptNo Reference
63067MALWARE-OTHER Win.Trojan.Timbre variant download attemptwww.virustotal.com/gui/file/e87325f4347f66b21b19cfb21c51fbf99ead6b63e1796fcb57cd2260bd720929
63069MALWARE-OTHER Win.Trojan.Timbre variant download attemptNo Reference
63071MALWARE-OTHER Win.Trojan.Timbre variant download attemptwww.virustotal.com/gui/file/56612bb0ab00cbb7af24326b027a55ff25852ddab1f1c8e24471b7ce97003505

Signatures Removed

Removed the following signatures due to False Positives (FP): 30997.

Share this Doc

IPS Threat Content Update Release Notes 24.109.16

Or copy link

In this topic ...