IPS Threat Content Update Release Notes 101.0.0.306
Refer to the following summary of signatures deployed on 21st February, 2023 with the IPS content release:
Total signatures: 20369
Signatures added: 71
Signatures modified: 09
Signatures removed: 03
Signatures Added
SID | Description | Reference |
---|---|---|
140138 | POLICY-OTHER eicar file upload detected | No Reference |
150580 | MALWARE-CNC Ickytick.c2 traffic detected | No Reference |
60712 | FILE-JAVA Oracle Java JNLP progress-class remote code execution attempt | CVE-2015-4902 |
60727 | POLICY-OTHER OWASP Amass default User-Agent recon traffic detected | |
60728 | MALWARE-CNC Win.Trojan.HannabiGrabber info stealer outbound communication | www.virustotal.com/gui/file/082e50f61aa3e649889defae5bccb1249fc1c1281b2b9f02e10cb1ede8a1d16f |
60748 | MALWARE-CNC Win.Infostealer.MetaStealer outbound connection | |
60749 | MALWARE-CNC Win.Infostealer.MetaStealer outbound connection | |
60750 | MALWARE-CNC Win.Infostealer.MetaStealer outbound connection | |
60754 | OS-LINUX Linux Kernel OverlayFS capabilities escalation of privileges attempt | CVE-2021-3493 |
60755 | MALWARE-CNC Win.Trojan.Astaroth outbound connection attempt | |
60756 | MALWARE-CNC Win.Trojan.Astaroth outbound connection attempt | |
60758 | FILE-OTHER GNU gzip zgrep arbitrary file write attempt | CVE-2022-1271 |
60759 | MALWARE-CNC Ppt.Downloader.Wirte outbound connection | www.virustotal.com/gui/file/1f9d4bb8afa4031027df117e35e6c588893471e6ac8d10a9bc9c3899a48a9ef8 |
60779 | FILE-OTHER GIGABYTE Kernel Driver elevation of privilege attempt | CVE-2018-19322 |
60794 | MALWARE-CNC Win.InfoStealer.Raccoon variant outbound connection | www.virustotal.com/gui/file/5f1cae348c31c954f11e1b846cbcd7ad139c537e1025a5e4a3d314208e329a3c |
60795 | MALWARE-CNC Win.InfoStealer.Raccoon variant outbound connection | www.virustotal.com/gui/file/5f1cae348c31c954f11e1b846cbcd7ad139c537e1025a5e4a3d314208e329a3c |
60814 | FILE-OTHER GIGABYTE GPCIDrv and GDrv driver privilege escalation attempt | CVE-2018-19320 |
60817 | MALWARE-CNC Unix.Trojan.RedXOR variant outbound connection | |
60824 | MALWARE-CNC Php.Webshell.GReatPost outbound connection attempt | |
60825 | MALWARE-CNC Php.Webshell.GReatPost inbound connection attempt | |
60827 | OS-WINDOWS GIGABYTE GPCI and GIO driver privilege escalation attempt | CVE-2018-19321 |
60828 | MALWARE-CNC Win.Backdoor.Hoaxshell outbound connection attempt | virustotal.com/gui/file/c3858ed123a8becd0b01b2a409a9a4d18f5fd1047f5e06675ce1d4af075151a6 |
60829 | MALWARE-OTHER Win.Backdoor.Hoaxshell payload template download attempt | |
60835 | MALWARE-CNC Win.Trojan.TurlaMosquito outbound connection | |
60836 | MALWARE-CNC Win.Trojan.TurlaMosquito outbound connection | |
60838 | OS-WINDOWS MSI afterburner privilege escalation attempt | CVE-2019-16098 |
60843 | MALWARE-CNC Win.Backdoor.TurlaMosquito outbound connection | virustotal.com/gui/file/e7fd14ca45818044690ca67f201cc8cfb916ccc941a105927fc4c932c72b425d/detection |
60844 | MALWARE-CNC Win.Backdoor.Truebot variant outbound connection | www.virustotal.com/gui/file/c6c4f690f0d15b96034b4258bdfaf797432a3ec4f73fbc920384d27903143cb0 |
60845 | MALWARE-CNC Win.Backdoor.Truebot variant outbound connection | www.virustotal.com/gui/file/c6c4f690f0d15b96034b4258bdfaf797432a3ec4f73fbc920384d27903143cb0 |
60892 | MALWARE-OTHER Doc.Downloader.MetaStealer file download attempt | virustotal.com/gui/file/981247f5f23421e9ed736dd462801919fea2b60594a6ca0b6400ded463723a5e |
60894 | MALWARE-OTHER Shikata Ga Nai polymorphic encoder encoded shellcode download attempt | virustotal.com/gui/file/0233dcf6417ab33b48e7b54878893800d268b9b6e5ca6ad852693174226e3bed/detection |
60902 | MALWARE-CNC Win.Infostealer.MetaStealer variant outbound connection | |
60903 | MALWARE-CNC Xls.Downloader.AXQ variant outbound connection | www.virustotal.com/gui/file/51e182045dfcef1336f98859e0fb17754ec9fc2b88d56b2cbf857a7aa038f99c |
60916 | BROWSER-CHROME V8 CSS prop type defineProperty interceptor confusion attempt | CVE-2022-1232 |
60918 | BROWSER-IE Google Chrome LinkToTextMenuObserver heap use-after-free attempt | CVE-2022-2998 |
60943 | MALWARE-CNC Win.Trojan.Gamaredon outbound communication attempt | www.virustotal.com/gui/file/432123e2e1a1e6026f12d36fea35e83708d6797a9a596613ce39e02f62f88fa8 |
60945 | BROWSER-CHROME Chrome JavaScript Array.map Out-of-Bounds Write attempt | CVE-2019-5825 |
60948 | MALWARE-TOOLS Win.Trojan.Teleport download attempt | www.virustotal.com/gui/file/dd94c2fc46a6670b4600cf439b35dc81a401b09d2c2372139afe7b754d1d24d4 |
60950 | BROWSER-CHROME Google Chrome PDFiumEngine RequestThumbnail use-after-free attempt | CVE-2022-0306 |
60952 | BROWSER-CHROME Google Chrome PDFiumEngine RequestThumbnail use-after-free attempt | CVE-2022-0306 |
60955 | MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt | No Reference |
60957 | MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt | www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf |
60959 | MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt | www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf |
60961 | MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt | www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf |
60963 | MALWARE-TOOLS Win.Dropper.KopiLuwak browser extension download attempt | virustotal.com/gui/file/cf1f52b0a160f19e3bd2b91ba4135782c9d0dc171a753a2c93fa645bee6ca301 |
60965 | MALWARE-TOOLS Win.Dropper.KopiLuwak download attempt | virustotal.com/gui/file/7481e87023604e7534d02339540ddd9565273dd51c13d7677b9b4c9623f0440b |
60969 | MALWARE-OTHER Win.Ransomware.Endurance variant download attempt | |
60979 | MALWARE-CNC Win.Trojan.FormBook malicious XLL outbound connection attempt | virustotal.com/gui/file/55228eec31193a900e8216ab245391f1e40feb742d780caa91fdb1000d8434c2 |
60980 | MALWARE-CNC Win.Trojan.FormBook malicious XLL outbound connection attempt | virustotal.com/gui/file/55228eec31193a900e8216ab245391f1e40feb742d780caa91fdb1000d8434c2 |
60981 | MALWARE-CNC Win.Trojan.FormBook malicious XLL outbound connection attempt | virustotal.com/gui/file/55228eec31193a900e8216ab245391f1e40feb742d780caa91fdb1000d8434c2 |
60987 | FILE-PDF Foxit PhantomPDF JavaScript annotation use-after-free attempt | No Reference |
60989 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | www.virustotal.com/gui/file/2e8ce1b1433ac62f5e665b272abd5e5288bfdf06278528b2f481668e3d85a3ac |
60991 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | No Reference |
60993 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | www.virustotal.com/gui/file/2e8ce1b1433ac62f5e665b272abd5e5288bfdf06278528b2f481668e3d85a3ac |
60995 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | No Reference |
60997 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | No Reference |
60999 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf |
61001 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf |
61003 | MALWARE-OTHER Win.Malware.Gazer loader variant download attempt | www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf |
61004 | POLICY-OTHER Oracle Access Manager deprecated OpenSSO access attempt | CVE-2021-35587 |
61013 | MALWARE-CNC Win.Trojan.FlawedGrace outbound communication attempt | www.virustotal.com/gui/file/27b6e71b4adeada41fb1e411a910872bfad999183d9d43ba6e63602e104d357b |
61015 | POLICY-OTHER Foxit Reader exportAsFDF potential arbitrary file write attempt | CVE-2018-14280 |
61017 | POLICY-OTHER Foxit Reader exportAsFDF potential arbitrary file write attempt | CVE-2018-14280 |
61030 | BROWSER-CHROME Google Chrome safe_browsing malicious use-after-free attempt | CVE-2022-0289 |
61031 | BROWSER-CHROME Google Chrome safe_browsing malicious use-after-free attempt | CVE-2022-0289 |
61034 | FILE-OTHER Adobe ColdFusion XmlTransform arbitrary file read attempt | CVE-2022-42340 |
61043 | MALWARE-CNC Php.Webshell.H4ntu outbound connection attempt | |
61045 | MALWARE-OTHER Win.Downloader.BatLoader malicious PowerShell script download attempt | virustotal.com/gui/file/016d978da55760bbe95343838f2cd0556fe6f39511b1d754fb06db747e867e76 |
61313 | OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt | CVE-2023-21688 |
61314 | OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt | CVE-2023-21823 |
61320 | OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt | CVE-2023-23376 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
140140
33941
21162