IPS Threat Content Update Release Notes 24.109.16
IPS Threat Content Update Release Notes 24.109.16
Following is the summary of signatures deployed on February 29th, 2024 with the IPS content release:
-
Signatures added: 34
-
Signatures modified: 0
-
Signatures removed: 1
Signatures Added
SID | Description | Reference |
---|---|---|
150811 | MALWARE-CNC EK.Angler.Generic traffic detected | No Reference |
150812 | MALWARE-CNC EK.Angler.Generic traffic detected | No Reference |
150813 | MALWARE-CNC Generic.BOF traffic detected | No Reference |
150814 | MALWARE-CNC Generic.EK.Java Applet traffic detected | No Reference |
150815 | MALWARE-CNC Generic.EK.Activity flash traffic detected | CVE-2015-5122 |
170001 | BROWSER-CHROME Google Chrome FileReader use after free attempt | CVE-2019-5786 |
63013 | MALWARE-CNC Win.Trojan.TinyTurla variant outbound connection | www.virustotal.com/gui/file/267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b |
63014 | MALWARE-OTHER Win.Malware.Astaroth variant payload download attempt | www.virustotal.com/gui/file/094e722972e6e4d2858dd2447d30c7025e7446f4ca60a7dc5a711f906ab5b1a0 |
63015 | MALWARE-OTHER Win.Malware.Astaroth variant payload download attempt | www.virustotal.com/gui/file/094e722972e6e4d2858dd2447d30c7025e7446f4ca60a7dc5a711f906ab5b1a0 |
63017 | MALWARE-OTHER Win.Malware.Astaroth variant payload download attempt | www.virustotal.com/gui/file/8d912a99076f0bdc4fcd6e76c51a1d598339c1502086a4381f5ef67520a0ddf2 |
63025 | MALWARE-OTHER Win.Trojan.Lagtoy variant download attempt | No Reference |
63027 | MALWARE-OTHER Win.Trojan.Metasploit variant download attempt | www.virustotal.com/gui/file/a95930ff02a0d13e4dbe603a33175dc73c0286cd53ae4a141baf99ae664f4132 |
63029 | MALWARE-OTHER Win.Trojan.Metasploit variant download attempt | www.virustotal.com/gui/file/c1bd624e83382668939535d47082c0a6de1981ef2194bb4272b62ecc7be1ff6b |
63031 | MALWARE-OTHER Win.Trojan.Metasploit variant download attempt | www.virustotal.com/gui/file/70077fde6c5fc5e4d607c75ff5312cc2fdf61ea08cae75f162d30fa7475880de |
63033 | MALWARE-OTHER Win.Trojan.Metasploit variant download attempt | www.virustotal.com/gui/file/5831b09c93f305e7d0a49d4936478fac3890b97e065141f82cda9a0d75b1066d |
63035 | MALWARE-OTHER Win.Trojan.Metasploit variant download attempt | www.virustotal.com/gui/file/691cc4a12fbada29d093e57bd02ca372bc10968b706c95370daeee43054f06e3 |
63037 | MALWARE-OTHER Win.Trojan.Metasploit variant download attempt | www.virustotal.com/gui/file/0a367cc7e7e297248fad57e27f83316b7606788db9468f59031fed811cfe4867 |
63038 | MALWARE-CNC Win.Trojan.MysticStealer CNC initial connection | www.zscaler.com/blogs/security-research/mystic-stealer-revisited |
63041 | MALWARE-CNC Win.Trojan.MysticStealer Download | www.zscaler.com/blogs/security-research/mystic-stealer-revisited |
63043 | MALWARE-CNC Win.Trojan.MysticStealer Download | www.zscaler.com/blogs/security-research/mystic-stealer-revisited |
63045 | MALWARE-CNC Win.Trojan.MysticStealer Download | www.zscaler.com/blogs/security-research/mystic-stealer-revisited |
63047 | MALWARE-CNC Win.Trojan.MysticStealer Download | www.zscaler.com/blogs/security-research/mystic-stealer |
63050 | POLICY-OTHER Chisel proxy tunnel outbound connection attempt | github.com/jpillora/chisel |
63056 | MALWARE-OTHER Win.Trojan.SectopRAT variant download attempt | www.virustotal.com/gui/file/74af05da0fd9610a75080b3e482d2fc05a76fbb55a937cc3134d2adab0eed0bc |
63057 | MALWARE-CNC Win.Trojan.Timbre variant outbound communication attempt | www.virustotal.com/gui/file/56612bb0ab00cbb7af24326b027a55ff25852ddab1f1c8e24471b7ce97003505 |
63058 | MALWARE-CNC Win.Trojan.Timbre variant outbound communication attempt | www.virustotal.com/gui/file/56612bb0ab00cbb7af24326b027a55ff25852ddab1f1c8e24471b7ce97003505 |
63059 | MALWARE-CNC Win.Trojan.Timbre variant outbound communication attempt | www.virustotal.com/gui/file/56612bb0ab00cbb7af24326b027a55ff25852ddab1f1c8e24471b7ce97003505 |
63060 | MALWARE-CNC Win.Trojan.Timbre variant outbound communication attempt | www.virustotal.com/gui/file/56612bb0ab00cbb7af24326b027a55ff25852ddab1f1c8e24471b7ce97003505 |
63061 | MALWARE-CNC Win.Trojan.Timbre variant outbound communication attempt | www.virustotal.com/gui/file/56612bb0ab00cbb7af24326b027a55ff25852ddab1f1c8e24471b7ce97003505 |
63063 | MALWARE-OTHER Win.Trojan.Timbre variant download attempt | No Reference |
63065 | MALWARE-OTHER Win.Trojan.Timbre variant download attempt | No Reference |
63067 | MALWARE-OTHER Win.Trojan.Timbre variant download attempt | www.virustotal.com/gui/file/e87325f4347f66b21b19cfb21c51fbf99ead6b63e1796fcb57cd2260bd720929 |
63069 | MALWARE-OTHER Win.Trojan.Timbre variant download attempt | No Reference |
63071 | MALWARE-OTHER Win.Trojan.Timbre variant download attempt | www.virustotal.com/gui/file/56612bb0ab00cbb7af24326b027a55ff25852ddab1f1c8e24471b7ce97003505 |
Signatures Removed
Removed the following signatures due to False Positives (FP): 30997.