IPS Threat Content Update Release Notes 103.0.0.336
Refer to the following summary of signatures deployed on 25 thApril, 2023 with the IPS content release:
Total signatures: 19460
Signatures added: 104
Signatures modified: 01
Signatures removed: 1049
Signatures Added
SID | Description | Reference |
|---|---|---|
150584 | MALWARE-CNC HTML.js.generic malware traffic detected | No Reference |
150585 | MALWARE-CNC HTML.js.generic malware traffic detected | No Reference |
150586 | MALWARE-CNC APT.PENCILDOWN.Check-in traffic detected | No Reference |
150587 | MALWARE-CNC APT.Hangmanv2.beacon traffic detected | No Reference |
150588 | MALWARE-CNC APT.Hangmanv2.beacon traffic detected | No Reference |
160106 | FILE-PDF Adobe Acrobat out-of-bound write attempt | CVE-2023-26395 |
160107 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-26397 |
160108 | FILE-PDF Adobe Acrobat improper input validation attempt | CVE-2023-26405 |
160109 | FILE-PDF Adobe Acrobat improper access attempt | CVE-2023-26408 |
160110 | FILE-PDF Adobe Acrobat Use-After-free attempt | CVE-2023-26417 |
160111 | FILE-PDF Adobe Acrobat Use-After-free attempt | CVE-2023-26418 |
160112 | FILE-PDF Adobe Acrobat Use-After-free attempt | CVE-2023-26419 |
160113 | FILE-PDF Adobe Acrobat Use-After-free attempt | CVE-2023-26420 |
160114 | FILE-PDF Adobe Acrobat Integer underflow attempt | CVE-2023-26421 |
160115 | FILE-PDF Adobe Acrobat Use-After-free attempt | CVE-2023-26422 |
160116 | FILE-PDF Adobe Acrobat Use-After-free attempt | CVE-2023-26423 |
160117 | FILE-PDF Adobe Acrobat out-of-bound read attempt | CVE-2023-26425 |
61276 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt | |
61278 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt | CVE-2017-0143 |
61280 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt | CVE-2016-0099 |
61282 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt | CVE-2016-7255 |
61284 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Zerologon download attempt | CVE-2020-1472 |
61286 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt | |
61288 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PrintNightmare download attempt | CVE-2021-1675 |
61290 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit JuicyPotato download attempt | |
61294 | MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt | |
61296 | MALWARE-TOOLS Win.Tool.WinPWN UAC bypass module download attempt | |
61298 | MALWARE-TOOLS Win.Tool.WinPWN Disk Cleanup UAC bypass module download attempt | |
61300 | MALWARE-TOOLS Win.Tool.WinPWN amsi module download attempt | |
61302 | MALWARE-TOOLS Win.Tool.WinPWN adpass module download attempt | |
61319 | MALWARE-TOOLS Win.Tool.WinPWN toolkit download attempt | |
61323 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit TeamViewerDecrypt download attempt | |
61325 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit SpoolerScan download attempt | |
61327 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PowerUpSQL download attempt | |
61329 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-Vulmap download attempt | |
61331 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SMBNegotiate download attempt | |
61333 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpPrinter download attempt | |
61335 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-SharpLdapRelayScan download attempt | |
61337 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-PowerDump download attempt | |
61339 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-LdapSignCheck download attempt | |
61341 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-HandleKatz download attempt | |
61343 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Invoke-EventLogParser download attempt | |
61345 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-DotNetServices download attempt | |
61347 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Get-ChromeDump download attempt | |
61349 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Find-Fruit download attempt | |
61351 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit BlueKeep scanner download attempt | CVE-2019-0708 |
61353 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit ADRecon download attempt | |
61355 | INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt | |
61389 | MALWARE-OTHER Win.Malware.Agent malicious PowerShell script download attempt | No Reference |
61431 | OS-WINDOWS Microsoft Windows Scripting Language remote code execution attempt | CVE-2022-41128 |
61436 | MALWARE-OTHER Php.Webshell.Generic file delivery attempt | No Reference |
61438 | MALWARE-OTHER Php.Webshell.Generic file delivery attempt | No Reference |
61440 | MALWARE-OTHER Php.Webshell.Generic file delivery attempt | No Reference |
61442 | MALWARE-OTHER Php.Webshell.Generic file delivery attempt | No Reference |
61472 | SERVER-WEBAPP Apache OFBiz XMLRPC unsafe deserialization attempt | CVE-2021-26295 |
61473 | MALWARE-CNC Win.Trojan.BlackLotus variant outbound connection | www.virustotal.com/gui/file/1f43703d2171ab90e98357b6dfdf824417baa191a59419c27fce42cbafdb7ecf |
61479 | FILE-OFFICE Microsoft Office Outlook appointment privilege escalation attempt | CVE-2023-23397 |
61482 | MALWARE-OTHER Win.Backdoor.MQsTTang variant download attempt | www.virustotal.com/gui/file/2139e3df912887b34b4d59fca098a8d511ea10530d7168b280acca844513ffad |
61485 | SERVER-WEBAPP FLIR AX8 Camera command injection attempt | CVE-2022-37061 |
61486 | SERVER-WEBAPP FLIR AX8 Camera command injection attempt | CVE-2022-37061 |
61488 | OS-WINDOWS Microsoft Windows Secure Boot bypass attempt | CVE-2022-21894 |
61489 | MALWARE-CNC Win.Ransomware.Mallox variant outbound connection | www.virustotal.com/gui/file/6c743c890151d0719150246382b5e0158e8abc4a29dd4b2f049ce7d313b1a330 |
61492 | MALWARE-OTHER Win.Ransomware.Mallox variant binary download attempt | www.virustotal.com/gui/file/6c743c890151d0719150246382b5e0158e8abc4a29dd4b2f049ce7d313b1a330 |
61493 | MALWARE-CNC Php.Webshell.Agent outbound connection | |
61494 | MALWARE-CNC Php.Webshell.Agent outbound connection | |
61495 | MALWARE-OTHER Ps1.Malware.Powercat shell download attempt | No Reference |
61497 | MALWARE-OTHER Ps1.Malware.Powercat shell download attempt | No Reference |
61506 | FILE-OFFICE Microsoft Office Outlook appointment privilege escalation attempt | CVE-2023-23397 |
61507 | MALWARE-CNC Win.Trojan.Chinotto variant outbound connection | www.virustotal.com/gui/file/07714027ad574f7c2bc667b85d514fe5cac90e64a3690c21d565e86ab0c56ff5 |
61508 | MALWARE-CNC Win.Trojan.Chinotto variant outbound connection | www.virustotal.com/gui/file/304d569374625857323cae7ce6a1a4bb56b32a3a0d5fdb7d4a9e7392c3f56fb3 |
61509 | MALWARE-CNC Win.Trojan.Chinotto variant outbound connection | www.virustotal.com/gui/file/304d569374625857323cae7ce6a1a4bb56b32a3a0d5fdb7d4a9e7392c3f56fb3 |
61510 | MALWARE-CNC Win.Trojan.Chinotto variant outbound connection | www.virustotal.com/gui/file/e9e13dd4434e2a2392228712f73c98ef |
61511 | MALWARE-CNC Win.Trojan.Chinotto variant outbound connection | www.virustotal.com/gui/file/2a7595263ad22157a8b507a275508b9d28b7293b6606386859920c4207a40b00 |
61512 | MALWARE-CNC Win.Trojan.Chinotto variant outbound connection | www.virustotal.com/gui/file/a373f33b4e80d47bb622302b1792b97a20b94df0563b54143efb4f00e07bd78e |
61513 | MALWARE-CNC Win.Trojan.Chinotto variant outbound connection | www.virustotal.com/gui/file/3b45e5bdc2ede079fa4f271e70325c63fd86eef044f3de1ed4d09f16b1692d3d |
61518 | MALWARE-OTHER OneNote.Dropper.Emotet variant download attempt | www.virustotal.com/gui/file/c607c4fb9d2620497936172d93a5180e6fb77be5311169e2c3003909c30a0542 |
61520 | MALWARE-OTHER OneNote.Dropper.Emotet variant download attempt | www.virustotal.com/gui/file/02c809c3dd49ccbecc9cf4689b29b1e485ea6c9bfe08b237c0e9dca17b840715 |
61522 | MALWARE-OTHER OneNote.Dropper.Emotet variant download attempt | www.virustotal.com/gui/file/02c809c3dd49ccbecc9cf4689b29b1e485ea6c9bfe08b237c0e9dca17b840715 |
61525 | SERVER-OTHER FortiOS SSLVPNd Content-Length memory corruption attempt | CVE-2022-42475 |
61528 | MALWARE-OTHER Win.Trojan.Agent variant payload download attempt | www.virustotal.com/gui/file/e14ee6302076a2bb9e5634407500757319d5de9c45305ec6269120b7283b24cf |
61530 | MALWARE-OTHER Win.Trojan.Agent variant payload download attempt | www.virustotal.com/gui/file/caaea7ec83956a823420a78dec430fddb5db65d9fa4bc6555659b9b0c05c817a |
61531 | SERVER-WEBAPP Sophos Firewall remote code execution attempt | CVE-2022-3236 |
61533 | MALWARE-OTHER Win.Trojan.Typhon variant download attempt | www.virustotal.com/gui/file/2d72877dc9c873a127599090b11b2fffaa74adc0cc268fec48d802307715c500 |
61539 | MALWARE-OTHER Win.Trojan.Rhadamanthys variant payload download attempt | |
61551 | MALWARE-BACKDOOR Win.Backdoor.Chollima shellcode runner download attempt | www.virustotal.com/gui/file/c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02 |
61553 | MALWARE-BACKDOOR Win.Backdoor.Chollima obfuscated .ico download attempt | www.virustotal.com/gui/file/c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02 |
61555 | OS-WINDOWS Microsoft Windows AFD.sys privilege escalation attempt | CVE-2023-21768 |
61557 | MALWARE-OTHER Win.Trojan.Agent variant download attempt | www.virustotal.com/gui/file/261435b9b2425b8ac2524dd38cf138a951873da88dc573528a7ddcdc5f24088c |
61559 | MALWARE-OTHER Win.Trojan.Emotet variant download attempt | www.virustotal.com/gui/file/1044db55e15ce9e106a5bbf4d22597de9851b8bb3b8a5d26b956efed106762a6 |
61561 | MALWARE-OTHER Win.Trojan.Agent variant download attempt | www.virustotal.com/gui/file/158bf7fd3e9d628c84022af880a013704cdba6e5ac4756f6a1326246b83d0b9b |
61563 | MALWARE-OTHER Win.Trojan.Agent variant download attempt | www.virustotal.com/gui/file/07e20aae3c59310b82e356739bd267cc8378a19e2fb9f7c76072bb74a043be88 |
61569 | MALWARE-OTHER Win.Trojan.XLoader variant download attempt | www.virustotal.com/gui/file/79823e47436e129def4fba8ee225347a05b7bb27477fb1cc8be6dc9e9ce75696 |
61571 | MALWARE-OTHER Win.Trojan.AgentTesla variant download attempt | www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/agent-tesla |
61583 | MALWARE-OTHER Win.Ransomware.Royal variant helper script download attempt | |
61585 | MALWARE-OTHER Win.Ransomware.Royal variant helper script download attempt | |
61587 | MALWARE-OTHER Win.Ransomware.Royal variant download attempt | |
61588 | MALWARE-CNC Win.Ransomware.Royal variant outbound connection attempt | |
61590 | MALWARE-OTHER Win.Ransomware.Royal variant helper script download attempt | |
61605 | FILE-OTHER Node.js vm2 prepareStackTrace sandbox escape attempt | CVE-2023-29017 |
61606 | OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt | CVE-2023-28274 |
61609 | BROWSER-CHROME Google Chrome URLLoader NotifyCompleted use-after-free attempt | CVE-2022-3038 |
61611 | OS-WINDOWS Microsoft Windows CD-ROM file system driver remote code execution attempt | CVE-2022-38044 |
61616 | OS-WINDOWS Microsoft Windows AFD.sys privilege escalation attempt | CVE-2023-23218 |
61617 | OS-WINDOWS Microsoft Windows graphics component elevation of privilege attempt | CVE-2023-24912 |
Signatures Removed
Removed the following signatures as they were more than ten years old:
SID |
|---|
12014, 52469, 26021, 26025, 37799, 27618, 27615, 27613, 26629, 26569, 40459, 24702, 25393, 20736, 25540, 36308, 36307, 21937,10390, 10393, 10395, 24864, 37293, 28429, 28424, 50884, 19103, 25043, 25044, 24888, 44031, 23836, 23834, 17398, 28873, 21292, 14643, 14645, 18546, 33525, 15118, 24637, 29128, 26600, 21661, 26540, 26541, 24769, 19257, 43337, 43335, 25387, 25386, 25383 |
25389, 25388, 25563, 27061, 25569, 25568, 7942, 19156, 26834, 21438, 18706, 26806, 21875, 21874, 21876, 26066, 26068, 37507, 33548, 23059, 21539, 18282, 26668, 26664, 26526, 26294, 26295, 26296, 26297, 10147, 25366, 20843, 26851, 38015, 31538, 31535, 20072, 34857, 28286, 23225, 16452, 19262, 24860, 23278, 25772, 25773, 25771, 25776, 25777, 25775, 43765, 43767, 43763, 27822 |
43642, 27842, 27843, 27841, 27845, 30037, 26508, 26509, 23612, 15540, 43377, 43375, 27889, 27885, 27883, 27271, 42422, 52306, 29640, 20820, 19444, 21801, 24125, 33623, 26878, 33622, 26871, 26876, 30217, 29061, 28911, 27040, 27041, 20880, 27154, 18244, 43298, 43742, 43746, 44044, 26036, 13321, 26033, 26495, 24649, 26687, 29183, 33588, 33584, 28589, 28581, 28585, 45183, 29526, 29524, 16566, 13903, 33982, 43362, 22092, 22093, 22090, 22091, 28356, 22094, 15703, 15707, 26125, 26129, 21070, 30240, 41718 |
41719, 15693, 29049, 29512, 27545, 26339, 26338, 26337, 27548, 13905, 27882, 27880, 27881, 21764, 28428, 28358, 28354, 25302, 25301, 21159, 27886, 26100, 36501, 45177, 41730, 29535, 21524, 29538, 29023, 40281, 29024, 29025, 20031, 26351, 26350, 26355, 26357, 26356, 26359, 26358, 24054, 25466, 25462, 25461, 24840, 24212, 13960, 13961, 13967, 13964, 13965, 23181, 25676, 26882, 7502, 16601, 21291, 21293, 26163, 21353, 24188, 36527, 29551, 27691, 28973, 28972, 28202, 26377, 23842, 23840, 25449, 7864 |
10142, 10145, 10148, 26973, 20593, 24231, 24232, 24233, 28568, 19008, 30528, 27766, 46912, 16668, 25611, 43519, 43516, 43515, 24970, 21069, 24904, 18097, 23288, 23289, 23285, 23286, 28339, 28338, 25136, 25138, 25139, 6681, 6684, 6686, 28335, 16347, 28337, 21259, 44131, 24546, 24547, 24544, 14033, 28502, 28506, 28504, 28505, 14262, 33627, 30503, 30505, 30504, 28341, 27702, 28430, 27706, 31104, 31103, 15094, 15460, 9423, 9422, 20444, 30990, 28866, 28862, 24841, 27132, 27133, 27131, 27136, 27135 |
21896, 21099, 24761, 28791, 21272, 45246, 28523, 18188, 18187, 23125, 23124, 23127, 23121, 23123, 23122, 25988, 25984, 16001, 24638, 26185, 43550, 43551, 25385, 17578, 24964, 24965, 24966, 24967, 24960, 24961, 24962, 24963, 24968, 24969, 45181, 18405, 24037, 24353, 24351, 24357, 28843, 28845, 21935, 21078, 21071, 7944, 25293, 28544, 18216, 28902, 26884, 26883, 26888, 8416, 36813, 15462, 24658, 24653, 28108, 17557, 27908, 25234, 18957, 20600, 8369, 7009, 53459, 21044, 30155, 30157, 30150, 30153 |
30159, 16044, 26221, 16543, 26343, 26223, 26222, 26225, 26224, 26227, 26226, 27067, 16024, 26419, 24673, 24675, 25784, 25788, 45491, 21549, 24063, 23294, 25808, 25805, 25806, 15238, 24187, 22041, 22040, 22042, 20780, 20781, 17075, 36661, 29453, 29450, 33634, 33630, 15531, 9849, 44046, 23146, 28496, 28490, 28492, 26430, 26434, 25392, 25275, 25270, 17260, 17220, 27220, 24057, 15191, 20999, 14611, 14613, 21658, 22038, 22039, 51393, 16506, 44305, 12614, 12612, 23302, 26599, 21902, 43674, 20767, 17166 |
23015, 7958, 18904, 28307, 28308, 28309, 28160, 16151, 21045, 25078, 25786, 26013, 21897, 26844, 23625, 37810, 27829, 28525, 11826, 27824, 27620, 27621, 27820, 28204, 19713, 19714, 50643, 22003, 17654, 21299, 21943, 28231, 26808, 26805, 26807, 29580, 28361, 13830, 50892, 8055, 31540, 23275, 23274, 23277, 23276, 24957, 28989, 24956, 44978, 27171, 26384, 26383, 16654, 26038, 26039, 26030, 26031, 24090, 14657, 27547, 27546, 27544, 27608, 27605, 27606, 27607, 26636, 26634, 26638, 29625, 17631, 13525 |
10144, 15506, 15505, 24548, 28439, 28340, 28342, 28343, 36812, 36811, 33088, 20842, 27832, 27831, 27835, 27839, 29754, 28332, 15107, 15100, 29130, 31485, 26617, 23060, 26535, 26537, 26536, 26539, 26538, 23396, 28881, 28880, 10154, 25390, 28158, 24234, 20704, 26875, 26843, 26845, 26847, 26849, 12269, 23797, 28413, 27082, 27083, 27080, 27081, 12474, 43678, 21508, 25769, 21640, 21646, 21869, 25795, 26070, 25790, 16382, 30005, 44217, 30001, 27858, 27852, 27854, 27856, 15126, 15120, 26988, 31716, 26982 |
37650, 30006, 30004, 28498, 30008, 30009, 23297, 23292, 23009, 26511, 28600, 28464, 28466, 28468, 26869, 16667, 33571, 28472, 28470, 28474, 28475, 30007, 23219, 31534, 12417, 31038, 31039, 44283, 27837, 27143, 27142, 27147, 27144, 17519, 43778, 24839, 21665, 21666, 26099, 26096, 26094, 26095, 26090, 17422, 25128, 38277, 25127, 25126, 25125, 27870, 27879, 23222, 23220, 33592, 21953, 26653, 28591, 28621, 24793, 43342, 25681, 22080, 22085, 22087, 22086, 27265, 25538, 26220, 26135, 26134, 26132, 21307 |
37828, 10151, 58615, 58617, 58616, 25129, 18307, 36498, 18300, 19263, 19264, 29054, 29503, 24862, 27814, 19217, 27208, 27898, 27895, 27897, 27896, 27893, 27892, 23144, 23143, 28491, 15164, 28597, 28029, 13269, 17363, 28494, 23957, 29579, 42412, 52335, 7938, 27084, 21141, 37151, 20814, 46913, 17588, 30754, 15901, 44048, 41720, 29520, 29034, 29036, 21457, 26753, 43731, 43738, 3632, 17462, 21800, 44729, 26867, 29796, 26927, 24201, 24204, 23287, 12762, 3079, 28478, 21340, 20431, 26641, 22101, 26342 |
26341, 26346, 26344, 26345, 26348, 27156, 27150, 27151, 25453, 25451, 25454, 21346, 15872, 21344, 18286, 18280, 24226, 28579, 28577, 28575, 31686, 13950, 8058, 29448, 27750, 25384, 23996, 23999, 18245, 26489, 26157, 26159, 26158, 25590, 25591, 18067, 23295, 26360, 26361, 26362, 26363, 26365, 27148, 44130, 25123, 25121, 21668, 10153, 10150, 21664, 21667, 9625, 49864, 14270, 30533, 28205, 17311, 23609, 29605, 29602, 24959, 24958, 21790, 21791, 13459, 30506, 21792, 20659, 19246, 21794, 39763, 21796 |
23145, 31580, 31581, 31584, 20131, 28236, 27129, 16359, 49846, 26873, 21901, 21900, 21903, 21905, 21904, 21906, 18170, 27716, 9640, 29624, 23489, 15147, 24593, 31821, 26197, 26196, 26195, 13470, 13472, 21301, 20900, 18671, 30165, 30161, 21505, 24024, 21507, 21506, 24020, 24022, 21509, 24028, 21305, 15489, 28252, 28703, 21308, 19102, 27894, 27127, 27126, 28876, 28875, 27102, 27100, 26666, 16371, 27042, 18197, 18193, 29641, 31623, 21657, 4154, 37801, 15083, 15082, 7016, 7014, 7015, 7013, 27697, 27696 |
25831, 28854, 27072, 21068, 26252, 26253, 14035, 18200, 26898, 31609, 31608, 23116, 23117, 23118, 24665, 24662, 24661, 17128, 17548, 37966, 45178, 45171, 16153, 26137, 20831, 20835, 16155, 53460, 16157, 24065, 41450, 21302, 35731, 15192, 25815, 25818, 23300, 23303, 23305, 22077, 16339, 27865, 27869, 26232, 26233, 6509, 17687, 17686, 17685, 17689, 17688, 43622, 49482, 25294, 33629, 33628, 33626, 33625, 33624, 44148, 29623, 44146, 18527, 37802, 18301, 28482, 28334, 28489, 28336, 28331, 28333, 26421 |
29182, 16032, 28151, 17236, 28521, 25792, 23142, 17216, 17217, 36884, 27612, 44281, 3552, 29988, 3149, 23126, 27656, 27137, 18296, 28580, 16586, 28587, 35747, 26216, 26217, 26218, 26219, 23211, 21798, 21799, 21793, 24501, 21899, 21898, 13573, 43649, 20779, 20778, 20777, 19809, 15428, 27071, 21097, 31645, 16366, 20279, 23158, 28310, 23157, 18262, 15090, 29445, 26000, 26008, 25320, 29821, 19216, 27888, 27188, 25972, 27887, 21006, 22079, 22075, 22076, 17399, 17642, 19894, 7896, 44670, 15098, 18066, 21504, 21096, 13828, 7928 |