IPS Threat Content Update Release Notes 101.0.1.314
Refer to the following summary of signatures deployed on 7th March, 2023 with the IPS content release:
Total signatures: 20407
Signatures added: 58
Signatures modified: 03
Signatures removed: 20
Signatures Added
SID | Description | Reference |
---|---|---|
61046 | MALWARE-OTHER Php.Webshell.HiddenShell download attempt | |
61047 | MALWARE-OTHER Php.Webshell.HiddenShell upload attempt | |
61072 | MALWARE-OTHER JSP.Webshell.JSPShell upload attempt | |
61073 | MALWARE-OTHER JSP.Webshell.JSPShell download attempt | |
61074 | MALWARE-CNC JSP.Webshell.JSPShell outbound connection | |
61075 | MALWARE-OTHERwin.Ransomware.Agenda variant binary download attempt | |
61083 | MALWARE-CNC Php.Webshell.IronShell outbound connection | |
61084 | MALWARE-CNC Php.Webshell.IronShell inbound connection | |
61085 | MALWARE-OTHER HTML.Exploit.C99 suspicious file upload | |
61096 | MALWARE-OTHERwin.Malware.Gazer variant download attempt | www.virustotal.com/gui/file/f16e2fc2e467580a7cac3f09757b048419b73c7687401c9266fbb146c8e449bb |
61098 | MALWARE-OTHERwin.Malware.Gazer variant download attempt | www.virustotal.com/gui/file/93e36c336b5b20b3c33b7d0f8844572ddcc10046d1fe91b7b106d78c7fea932c |
61156 | MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt | |
61157 | MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt | |
61158 | MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection | |
61159 | MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection | |
61160 | MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection | |
61161 | MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection | |
61174 | MALWARE-OTHERwin.Malware.LightNeuron mail transfer agent download | www.virustotal.com/gui/file/88c90c2b123a357423ab3241624cba49d57122ee3b8ff4130504090c174bb09d |
61176 | MALWARE-OTHERwin.Malware.LightNeuron mail transfer agent download | www.virustotal.com/gui/file/14f530e16e8c6dbac02f1bde53594f01b7edab9c45c4c371a3093120276ffaf1 |
61182 | MALWARE-CNCwin.Spyware.Carbon outbound connection attempt | www.cyber.nj.gov/threat-center/threat-profiles/trojan-variants/carbon |
61184 | MALWARE-OTHERwindows.Malware.Dacls malware file download attempt | www.virustotal.com/gui/file/82d33a67c68f7c476a9ac1e960abc6a911f797446a2c24f0e13b92af1eb385b8 |
61186 | MALWARE-OTHERwindows.Malware.Dacls malware file download attempt | www.virustotal.com/gui/file/d29bc522d23513cfbb5ff4542382e1b4f0df2fa6bced5fb479cd63b6f902c0eb |
61188 | MALWARE-OTHER Unix.Malware.Dacls logcollector file download attempt | www.virustotal.com/gui/file/d28a2ab02aeb26914c16089c1121f7fb6d45cad756b125bf18999cdf6da6e6fc |
61190 | MALWARE-OTHER Unix.Malware.Dacls malware file download attempt | www.virustotal.com/gui/file/ba5b781ebacac07c4b14f9430a23ca0442e294236bd8dd14d1f69c6661551db8 |
61202 | MALWARE-OTHER PowerSploit toolkit download attempt | |
61203 | MALWARE-OTHER PowerSCCM toolkit download attempt | |
61214 | MALWARE-OTHERwin.Malware.Gazer variant download attempt | No Reference |
61216 | MALWARE-OTHERwin.Malware.Gazer variant download attempt | www.virustotal.com/gui/file/9747f2d56b108d80cc4ae05ca6c4809a956c08b40e35c0e7dbf611aca80be9dd |
61218 | MALWARE-OTHERwin.Malware.Gazer variant download attempt | www.virustotal.com/gui/file/9747f2d56b108d80cc4ae05ca6c4809a956c08b40e35c0e7dbf611aca80be9dd |
61220 | MALWARE-OTHERwinPWN Powershell toolkit outbound connection attempt | |
61222 | MALWARE-OTHERwinPWN Powershell toolkit outbound connection attempt | |
61223 | MALWARE-CNC User-Agent Sality malicious user agent | No Reference |
61224 | MALWARE-CNC User-Agent Houdini malicious user agent | No Reference |
61250 | MALWARE-CNCwin.Dropper.Rhadamanthys variant outbound connection | elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88 |
61251 | MALWARE-CNCwin.Dropper.Rhadamanthys variant outbound connection | elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88 |
61253 | MALWARE-CNCwin.Trojan.StrongPity variant outbound connection | www.minerva-labs.com/blog/a-new-strongpity-variant-hides-behind-notepad-installation/ |
61259 | MALWARE-CNCwin.Trojan.Gamaredon variant outbound connection | No Reference |
61261 | MALWARE-OTHERwin.Ransomware.MortalKombat variant binary download attempt | www.virustotal.com/gui/file/e5f60df786e9da9850b7f01480ebffced3be396618c230fa94b5cbc846723553 |
61263 | MALWARE-CNCwin.Trojan.LaplasClipper variant outbound connection | www.virustotal.com/gui/file/63ec10e267a71885089fe6de698d2730c5c7bc6541f40370680b86ab4581a47d |
61264 | MALWARE-CNCwin.Trojan.LaplasClipper variant outbound connection | www.virustotal.com/gui/file/63ec10e267a71885089fe6de698d2730c5c7bc6541f40370680b86ab4581a47d |
61265 | MALWARE-CNCwin.Downloader.BatLoader variant outbound connection | www.virustotal.com/gui/file/9a5a5d50dea40645697fabc8168cc32faf8e71ca77a2ea3f5f73d1b9a57fc7b0 |
61274 | MALWARE-OTHERwin.Trojan.Turla Crutch backdoor download | www.virustotal.com/gui/file/030cbd1a51f8583ccfc3fa38a28a5550dc1c84c05d6c0f5eb887d13dedf1da01 |
61305 | MALWARE-CNCwin.Trojan.njRAT variant download attempt | |
61307 | MALWARE-CNCwin.Trojan.njRAT variant download attempt | |
61309 | MALWARE-CNCwin.Trojan.njRAT variant download attempt | |
61311 | MALWARE-CNCwin.Trojan.njRAT variant download attempt | |
61317 | FILE-OTHER Visual Studio Code malicious ipynb download attempt | CVE-2022-41034 |
61364 | MALWARE-OTHERwin.Trojan.Agent payload download attempt | No Reference |
61366 | MALWARE-OTHER Doc.Dropper.Agent payload download attempt | No Reference |
61379 | FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt | CVE-2015-2291 |
61381 | FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt | CVE-2015-2291 |
61383 | FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt | CVE-2015-2291 |
61389 | MALWARE-OTHERwin.Malware.Agent malicious PowerShell script download attempt | No Reference |
61391 | MALWARE-CNCwin.Malware.Agent data exfiltration attempt | No Reference |
61392 | SERVER-OTHER Fortinet Fortinac keyUpload.jsp remote code execution attempt | CVE-2022-39952 |
61401 | MALWARE-OTHER Iso.Trojan.BruteRatel binary download attempt | www.virustotal.com/gui/file/1fc7b0e1054d54ce8f1de0cc95976081c7a85c7926c03172a3ddaa672690042c |
61403 | MALWARE-OTHERwin.Trojan.BruteRatel binary download attempt | www.virustotal.com/gui/file/e1a9b35cf1378fda12310f0920c5c53ad461858b3cb575697ea125dfee829611 |
61405 | MALWARE-OTHERwin.Trojan.BruteRatel binary download attempt | www.virustotal.com/gui/file/e1a9b35cf1378fda12310f0920c5c53ad461858b3cb575697ea125dfee829611 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
20739
17378
56132
41338
44813
51341
39131
45821
59043
36749
17429
44061
8361
43740
35525
41595
17379
40703
49186
11834