IPS Threat Content Update Release Notes 23.125.17
Refer to the following summary of signatures deployed on 27th June, 2023 with the IPS content release:
Total signatures: 18248
Signatures added: 12
Signatures modified: 14
Signatures removed: 5
Signatures Added
SID | Description | Reference |
|---|---|---|
150621 | MALWARE-CNC Sliver.C2.Session Start traffic detected | No Reference |
150624 | MALWARE-CNC Sliver.C2.File traffic detected | No Reference |
150626 | MALWARE-CNC Sliver.C2.Generic traffic detected | No Reference |
61904 | MALWARE-CNC Win.Trojan.Gozi malicious file download | www.virustotal.com/gui/file/d67275e2cd7f5764d1d7fe088fa1683bc9aa873447e82d02fc2c6da2e11f01bc |
61902 | MALWARE-CNC Win.Trojan.Redline malicious file download | www.virustotal.com/gui/file/666e5755e21665e8fd2a26425563d05f1cbd0a5024ad763c71e6d62e68cac438 |
61948 | MALWARE-OTHER Win.Trojan.Barys file download attempt | No Reference |
150622 | MALWARE-CNC Sliver.C2.Session Message traffic detected | No Reference |
150623 | MALWARE-CNC Sliver.C2.Poll traffic detected | No Reference |
61906 | FILE-OTHER Microsoft Visual Studio Python Interpreter Services remote code execution attempt | CVE-2021-27068 |
61950 | MALWARE-OTHER Win.Trojan.Barys file download attempt | No Reference |
61916 | OS-WINDOWS Microsoft Windows TPM device driver elevation of privilege attempt | CVE-2023-29360 |
61914 | MALWARE-TOOLS Win.Proxy.frp download attempt |
Signatures Removed
Removed the following signatures due to False Positives (FP):
41457
18357
39603
39601
61455