IPS Threat Content Update Release Notes 104.0.1.358
Refer to the following summary of signatures deployed on 30th May, 2023 with the IPS content release:
Total signatures: 19519
Signatures added: 54
Signatures modified: 03
Signatures removed: 30
Signatures Added
SID | Description | Reference |
---|---|---|
150594 | MALWARE-CNC AGENTTESLA.Telegram.Trojan traffic detected | No Reference |
150595 | MALWARE-CNC MOUNTSTEEL.fileExfiltration.Trojan traffic detected | No Reference |
150596 | MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected | No Reference |
150597 | MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected | No Reference |
150598 | MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected | No Reference |
150599 | MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected | No Reference |
150600 | MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected | No Reference |
150601 | MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected | No Reference |
150602 | MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected | No Reference |
150603 | MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected | No Reference |
150604 | MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected | No Reference |
150605 | MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected | No Reference |
150606 | MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected | No Reference |
150607 | MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected | No Reference |
150608 | MALWARE-CNC MAJIKPOS.Beacon traffic detected | No Reference |
150609 | MALWARE-CNC BIGRAISIN.HTTP.POST.C2 traffic detected | No Reference |
150610 | MALWARE-CNC HANGMAN.Beacon traffic detected | No Reference |
150616 | MALWARE-CNC Snake.Generic.Trojan traffic detected | No Reference |
150617 | MALWARE-CNC Sliver.C2.Session Start traffic detected | No Reference |
150618 | MALWARE-CNC Sliver.C2.Session Message traffic detected | No Reference |
150619 | MALWARE-CNC Sliver.C2.Poll traffic detected | No Reference |
150620 | MALWARE-CNC Sliver.C2.File traffic detected | No Reference |
151001 | MALWARE-CNC LATEOP.Upload of Certutil detected | No Reference |
151002 | MALWARE-CNC PENCILDOWN.Check-in attempt detected | No Reference |
151003 | MALWARE-CNC QUIBBLEDOWN.C2 traffic detected | No Reference |
61689 | MALWARE-CNC Win.Ransomware.CryptoLocker variant outbound connection | |
61692 | POLICY-OTHER MinIO REST API information disclosure attempt | CVE:CVE-2023-28432 |
61702 | POLICY-OTHER Industrial Control Links ScadaFlex II arbitrary file delete attempt | CVE:CVE-2022-25359 |
61703 | POLICY-OTHER Industrial Control Links ScadaFlex II arbitrary file write attempt | CVE:CVE-2022-25359 |
61708 | MALWARE-OTHER Win.Trojan.Greatness outbound communication attempt | No Reference |
61713 | SERVER-WEBAPP WordPress Comment Content Filter cross-site request forgery attempt | CVE:CVE-2019-9787 |
61724 | POLICY-OTHER Cisco SD-WAN vManage cluster mode access | CVE:CVE-2023-20113 |
61725 | POLICY-OTHER Cisco SD-WAN vManage cluster mode access | CVE:CVE-2023-20113 |
61726 | POLICY-OTHER Cisco SD-WAN vManage cluster mode access | CVE:CVE-2023-20113 |
61727 | POLICY-OTHER Cisco SD-WAN vManage cluster mode acess | CVE:CVE-2023-20113 |
61728 | POLICY-OTHER Cisco SD-WAN vManage cluster mode access | CVE:CVE-2023-20113 |
61729 | POLICY-OTHER Cisco SD-WAN vManage cluster mode access | CVE:CVE-2023-20113 |
61731 | FILE-IMAGE ImageMagick tEXt profile arbitrary file read attempt | CVE:CVE-2022-44268 |
61733 | MALWARE-OTHER Ps1.Downloader.Agent download attempt | |
61735 | FILE-IMAGE ImageMagick tEXt profile denial of service attempt | CVE:CVE-2022-44267 |
61737 | MALWARE-OTHER Andr.Trojan.AridViper binary download attempt | virustotal.com/en/file/682b58cad9e815196b7d7ccf04ab7383a9bbf1f74e65679e6c708f2219b8692b/analysis/ |
61739 | MALWARE-OTHER Andr.Trojan.AridViper binary download attempt | virustotal.com/en/file/f91e88dadc38e48215c81200920f0ac517da068ef00a75b1b67e3a0cd27a6552/analysis/ |
61741 | MALWARE-OTHER Andr.Trojan.AridViper binary download attempt | virustotal.com/en/file/fb9306f6a0cacce21afd67d0887d7254172f61c7390fc06612c2ca9b55d28f80/analysis/ |
61743 | MALWARE-OTHER Andr.Trojan.AridViper binary download attempt | virustotal.com/en/file/e0e2a101ede6ccc266d2f7b7068b813d65afa4a3f65cb0c19eb73716f67983f7/analysis/ |
61745 | MALWARE-OTHER Andr.Trojan.AridViper binary download attempt | virustotal.com/en/file/9a7b9edddc3cd450aadc7340454465bd02c8619dda25c1ce8df12a87073e4a1f/analysis/ |
61747 | MALWARE-OTHER Andr.Trojan.AridViper webshell download attempt | virustotal.com/en/file/768f5a914475a8d7dfae7b28267ca912e7baa0b84f2dcf2e7540f7c9041d94c6/analysis/ |
61749 | MALWARE-OTHER Andr.Trojan.AridViper binary download attempt | virustotal.com/en/file/ee98fd4db0b153832b1d64d4fea1af86aff152758fe6b19d01438bc9940f2516/analysis/ |
61751 | MALWARE-OTHER Andr.Trojan.AridViper binary download attempt | virustotal.com/en/file/a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885/analysis/ |
61753 | MALWARE-OTHER Andr.Trojan.AridViper binary download attempt | virustotal.com/en/file/8667482470edd4f7d484857fea5b560abe62553f299f25bb652f4c6baf697964/analysis/ |
61755 | MALWARE-OTHER Andr.Trojan.AridViper binary download attempt | virustotal.com/en/file/8667482470edd4f7d484857fea5b560abe62553f299f25bb652f4c6baf697964/analysis/ |
61757 | MALWARE-OTHER Andr.Trojan.AridViper binary download attempt | virustotal.com/en/file/8667482470edd4f7d484857fea5b560abe62553f299f25bb652f4c6baf697964/analysis/ |
61759 | MALWARE-OTHER Andr.Trojan.AridViper binary download attempt | virustotal.com/en/file/33ae5c96f8589cc8bcd2f5152ba360ca61f93ef406369966e69428989583a14e/analysis/ |
61762 | MALWARE-CNC Win.Ransomware.Babuk encrypted file exfiltration attempt | |
61764 | MALWARE-OTHER Win.Ransomware.Babuk variant transfer attempt |
Signatures Removed
Removed the following signatures due to False Positives (FP):
8397
7980
43223
1439
13864
38053
38027
40370
49149
17131
35969
41385
44349
27242
41140
47519
38954
45011
45005
44793
44940
19081
28323
52845
140878
53031
35434
59521
46415
140337