Refer to the following summary of signatures deployed with the IPS content release:
Total signatures: 20677
Signatures added: 05
Signatures removed: 00
Signature modified: 03
Signatures Added
SID | Description | Reference |
|---|---|---|
57901 | MALWARE-CNC Doc.Downloader.Emotet variant outbound connection attempt | http://www.virusto tal.com/#/file/2cb 81a1a59df4a4fd2 22fbcb946db3d6 53185c2e79cf4d 3365b430b1988d 485f/detection |
57893 | MALWARE-CNC Win.Trojan.TrickBot outbound connection attempt | http://www.virusto tal.com/gui/file/b3 3f1abe6c9011aa 598fb679135f0b5 43be2cd4e1178c ba8bcf70a5859c b2f5e/detection |
57896 | OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt | CVE-2021-33771 |
57894 | OS-WINDOWS Microsoft Windows Kernel privilege escalation attempt | CVE-2021-31979 |
57890 | OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt | CVE-2021-34449 |
Signatures Modified
SID | Description | Reference |
|---|---|---|
42749 | BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt | CVE-2018-0872 |
57197 | SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt | http://github.com/ samyk/slipstream |
57199 | SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt | http://github.com/ samyk/slipstream |