IPS Threat Content Update Release Notes 104.0.0.346
Refer to the following summary of signatures deployed on 16th May, 2023 with the IPS content release:
Total signatures: 19495
Signatures added: 46
Signatures modified: 01
Signatures removed: 11
Signatures Added
SID | Description | Reference |
---|---|---|
150589 | MALWARE-CNC TRUECORE.beacon traffic detected | No Reference |
150590 | MALWARE-CNC SUPERSPEED.UNC1530.beacon traffic detected | No Reference |
150591 | MALWARE-CNC SUPERSPEED.UNC1530.C2 traffic detected | No Reference |
150592 | MALWARE-CNC SUPERSPEED.UNC1530.C2 traffic detected | No Reference |
150593 | MALWARE-CNC SUPERSPEED.UNC1530.Upload traffic detected | No Reference |
60581 | SERVER-WEBAPP GitLab project import command injection attempt | CVE-2022-2185 |
61621 | SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attempt | CVE-2022-35829 |
61622 | SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attempt | CVE-2022-35829 |
61623 | SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attempt | CVE-2022-35829 |
61624 | SERVER-WEBAPP Azure Service Fabric Explorer Super FabriXss cross site scripting attempt | CVE-2023-23383 |
61627 | MALWARE-CNC Win.Downloader.BrokenDynamo second stage download attempt | www.virustotal.com/gui/file/882d95bdbca75ab9d13486e477ab76b3978e14d6fca30c11ec368f7e5fa1d0cb/ |
61632 | SERVER-WEBAPP GitLab project import command injection attempt | CVE-2022-2185 |
61634 | OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attempt | CVE-2023-28206 |
61636 | OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attempt | CVE-2023-28206 |
61638 | OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attempt | CVE-2023-28206 |
61641 | MALWARE-TOOLS Chrome infostealer download attempt | www.virustotal.com/gui/file/3f808df5af6889c2219fd4982dd49946535528237cc00530cce5c69c3e7f0e34 |
61643 | MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt | www.virustotal.com/gui/file/11f21d08f819dea21a09c602a4391142a5648f3e17a07a24d41418fcc17ea83f |
61645 | MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt | www.virustotal.com/gui/file/c65c435737ac02132d9dfeb6ec1d7d903648f61ecdda8a85b4250f064cb4673f |
61647 | MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt | www.virustotal.com/gui/file/2ada1b48457c169cf3f80e248190374102615e2c89b70e574fba4ddc09b5fcd5 |
61649 | MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt | www.virustotal.com/gui/file/08dd5a9fdc387855fb5a23c167abec63b22272f66de099155036c5ce7e4deeb8 |
61653 | MALWARE-BACKDOOR Win.Backdoor.Chollima file download attempt | No Reference |
61655 | OS-MOBILE Android Andr.Trojan.Pinduoduo APK file download attempt | CVE-2023-20963 |
61657 | MALWARE-OTHER Osx.Exploit.Keysteal download attempt | CVE-2019-8526 |
61659 | MALWARE-OTHER Osx.Exploit.Keysteal download attempt | CVE-2019-8526 |
61661 | MALWARE-OTHER Osx.Exploit.Keysteal download attempt | CVE-2019-8526 |
61663 | MALWARE-OTHER Osx.Exploit.Keysteal download attempt | CVE-2019-8526 |
61664 | MALWARE-CNC Osx.Nukesped.Downloader beacon attempt | virustotal.com/gui/file/89b5e248c222ebf2cb3b525d3650259e01cf7d8fff5e4aa15ccd7512b1e63957/detection |
61665 | MALWARE-CNC Osx.Nukesped.Downloader beacon attempt | virustotal.com/gui/file/9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa |
61669 | MALWARE-OTHER Win.Trojan.IcedID variant binary download attempt | |
61671 | MALWARE-OTHER One.Dropper.Qakbot variant binary download attempt | |
61673 | MALWARE-OTHER One.Dropper.IcedID variant binary download attempt | |
61675 | MALWARE-OTHER One.Dropper.Remcos variant binary download attempt | |
61676 | MALWARE-CNC MultiOS.Backdoor.Chollima beacon attempt | virustotal.com/gui/file/c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02 |
61678 | SERVER-WEBAPP PaperCut MF/NG PrintScript remote code execution attempt | CVE-2023-27350 |
61679 | MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt | |
61680 | MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt | |
61681 | MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt | |
61682 | MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt | |
61683 | MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt | |
61684 | MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt | |
61688 | BROWSER-CHROME Google Chrome synchronous Mojo message handler use-after-free attempt | CVE-2022-4178 |
61706 | OS-WINDOWS Microsoft Windows privilege escalation attempt | CVE-2023-24902 |
61715 | OS-WINDOWS Microsoft Windows kernel denial of service attempt | CVE-2023-24949 |
61717 | FILE-OFFICE Microsoft Office Outlook remote code execution attempt | CVE-2023-29325 |
61719 | OS-WINDOWS Microsoft Windows Scripting elevation of privilege attempt | CVE-2023-29324 |
61723 | OS-WINDOWS Microsoft Windows local privilege escalation attempt | CVE-2023-29336 |
Signatures Removed
Removed the following signatures due to False Positives (FP):
59266
60590
149197
59208
59041
61084
148184
38841
4675
33910
23111