IPS Threat Content Update Release Notes 102.0.0.324
Refer to the following summary of signatures deployed on 21st March, 2023 with the IPS content release:
Total signatures: 20405
Signatures added: 28
Signatures modified: 05
Signatures removed: 30
Signatures Added
SID | Description | Reference |
---|---|---|
150581 | MALWARE-CNC Sparepart.c2 Beacon detected | No Reference |
150583 | MALWARE-CNC Cobalt strike reactjs profile traffic detected | No Reference |
61100 | OS-WINDOWS Microsoft Windows malicious LNK file download attempt | No Reference |
61101 | OS-WINDOWS Microsoft Windows malicious LNK file download attempt | No Reference |
61168 | SERVER-WEBAPP Lexmark MC3224adwe Web UI ImportFaxLogo command injection attempt | |
61196 | MALWARE-TOOLS Win.Tool.WinPwn toolkit download attempt | No Reference |
61198 | MALWARE-TOOLS Powershell AMSI bypass toolkit download attempt | No Reference |
61205 | MALWARE-TOOLS PowerSploit script download attempt | |
61226 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Mimikatz download attempt | |
61228 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Mimikatz download attempt | |
61230 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Inveigh download attempt | |
61232 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PE injector download attempt | |
61234 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt | No Reference |
61236 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt | |
61238 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt | |
61240 | MALWARE-TOOLS Win.Tool.TruffleSnout download attempt | No Reference |
61426 | MALWARE-CNC Win.Trojan.Prometei variant outbound connection | www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero |
61427 | MALWARE-CNC Win.Trojan.Prometei variant outbound connection | www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero |
61428 | MALWARE-CNC Win.Trojan.Prometei variant outbound connection | www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero |
61429 | MALWARE-CNC Win.Trojan.Prometei variant outbound connection | www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero |
61455 | SERVER-WEBAPP Joomla unauthorized configuration access attempt | CVE-2023-23752 |
61456 | SERVER-WEBAPP Joomla unauthorized configuration access attempt | CVE-2023-23752 |
61460 | FILE-OFFICE Microsoft Office RTF font table memory corruption attempt | CVE-2023-21716 |
61461 | MALWARE-CNC Win.Malware.Agent variant outbound cnc beacon detected | No Reference |
61463 | MALWARE-OTHER HTA VBScript powershell payload download attempt | |
61464 | OS-WINDOWS Microsoft Windows http.sys elevation of privilege attempt | CVE-2023-23410 |
61466 | OS-WINDOWS Microsoft Windows cryptographic services code execution attempt | CVE-2023-23416 |
61471 | MALWARE-OTHER Win.Trojan.Frebniis file download attempt | www.virustotal.com/gui/file/6464f9a5da26aa53fb2221255e908fd4da8edf0633f94051beee74a14b9b001c |
Signatures Removed
Removed the following signatures due to False Positives (FP):
59037
59018
57824
57924
32891
60402
61389
60587
58451
60338
25093
48466
58713
59023
59024
60824
37356
15913
45016
44023
37357
61043
11232
60591
30883
60498
50386
57823
57828
31925