Netskope Help

CTEP/IPS Threat Content Update Release : 88.0.1.87

Refer to the following summary of signatures deployed with the IPS content release:

  • Total signatures: 20748

  • Signatures added: 77

  • Signatures removed: 06

  • Signature modified: 03

Signatures Added

SID

Description

Reference

57820

MALWARE-OTHER ASPXSpy webshell download attempt

www.virustotal.com/g ui/file/e4ea1728e196 99612b5614cc0b882 9a4bf749870648be6 efc1b8a88c036f3607 /detection

57681

MALWARE-OTHER Sliver HTTP implant outbound poll attempt

github.com/bishopfox /sliver

57824

MALWARE-CNC ASPXSpy webshell outbound connection attempt

abs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/

57782

MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt

labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/

57780

MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt

labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/

57781

MALWARE-CNC Win.Backdoor.IPsecHelper outbound connection attempt

labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/

57786

MALWARE-OTHER Win.Packed.SmokeLoader ransomware executable download attempt

virustotal.com/gui/file/d21c71a090cd6759 efc1f258b4d087e82c 281ce65a9d76f20a2 4857901e694fc/dete ction

57743

MALWARE-CNC Java.Backdoor.StrRAT outbound connection attempt

www.virustotal.com/g ui/file/7c24d9968562 3b604aa4b2686e9c1 b843a4243eb1b0b7b 096d73bcae3d8d5a7 9/detection

57694

MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt

virustotal.com/en/file/ d58c3694832812bc1 68834e2b8b3bfcb92f 85a9d4523140ad010 497baabc2c3d/analy sis/

57691

MALWARE-OTHER Win.Trojan.Nobelium CobaltStrike beacon download attempt

microsoft.com/securit y/blog/2021/05/27/ne w-sophisticated-emai l-based-attack-from-n obelium/

57693

MALWARE-TOOLS Py.Trojan.NecroBot TODELETE ious download attempt

virustotal.com/en/file/ 8797ce228b32d8907 73d5dbac71cefa505 b788cc8b25929be98 32db422d8239b/anal ysis/

57702

MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt

virustotal.com/en/file/ 19c25ce4302050aec 3c921dd5cac546e82 00a7e951d570b52fe 344c421105ea8/anal ysis/

57700

MALWARE-TOOLS Js.Trojan.NecroBot malicious download attempt

virustotal.com/en/file/ e884bd4015d1b9722 7074bcf6cb9e8134b 7afcfb6a3db758ca46 54088403430a/analy sis/

57706

MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt

virustotal.com/en/file/ 2b77b93b8e1b8ef86 50957d15aaf336cf70 a7df184da060f86b98 92c54eefb65/analysis/

57704

MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt

virustotal.com/en/file/ 606258f10519be325 c39900504e50d79e5 51c7a9399efb9b22a 7323da3f6aa7a/anal ysis/

57708

MALWARE-TOOLS Unix.Trojan.NecroBot malicious download attempt

virustotal.com/en/file/ 80659cc37cb7fb8318 66f7d7b0043edc691 8a99590bd9122815e 18abb68daa35/analy sis/

57721

MALWARE-BACKDOOR Win.Trojan.Moserpass outbound request attempt

www.virustotal.com/g ui/file/c2169ab4a392 20d21709964d57e2e afe4b68c115061cbb6 4507cfbbddbe635c6/

6407

APP-DETECT Gizmo register VOIP state

www.gizmoproject.co m

57696

MALWARE-TOOLS Py.Trojan.NecroBot malicious download attempt

virustotal.com/en/file/ 8797ce228b32d8907 73d5dbac71cefa505 b788cc8b25929be98 32db422d8239b/anal ysis/

57697

MALWARE-TOOLS Html.Trojan.NecroBot malicious download attempt

virustotal.com/en/file/ d6403b9c069f08939f c2f9669dc7d5165ed 66a1cae07788c3b27 fffb30e890a0/analysi s/

57690

MALWARE-OTHER Win.Trojan.Nobelium ISO download attempt

microsoft.com/securit y/blog/2021/05/27/ne w-sophisticated-emai l-based-attack-from-n obelium/

57816

MALWARE-OTHER ASPXSpy webshell download attempt

www.virustotal.com/g ui/file/e9c6f384b63eb eaa729b7c97a179d4 09cdd859315ee2f63 72a2a550e567445f/d etection

57817

MALWARE-OTHER ASPXSpy webshell upload attempt

www.virustotal.com/gui/file/e9c6f384b63eb eaa729b7c97a179d4 09cdd859315ee2f63 72a2a550e567445f/d etection

57814

MALWARE-OTHER Win.Trojan.Deadwood download attempt

www.virustotal.com/g ui/file/5eb5922b4674 74dccc7ab8780e326 97f5afd59e8108b0cd afefb627b02bbd9ba/ detection

57815

MALWARE-OTHER Win.Trojan.Apostle download attempt

www.virustotal.com/g ui/file/19dbed996b1a 814658bef433bad62 b03e5c59c2bf2351b 793d1a5d4a5216d27 e/detection

57818

MALWARE-OTHER Win.Backdoor.IPSecHelper download attempt

www.virustotal.com/g ui/file/40f329d0aaba0 d55fc657802761c78 be74e19a553de6fd2 df592bccf3119ec16/d etection

57819

MALWARE-OTHER ASPXSpy webshell upload attempt

www.virustotal.com/g ui/file/e4ea1728e196 99612b5614cc0b882 9a4bf749870648be6 efc1b8a88c036f3607 /detection

57858

MALWARE-CNC Win.Downloader.VictoryDll outbound connection attempt

research.checkpoint. com/2021/chinese-ap t-group-targets-south east-asian-governme nt-with-previously-un known-backdoor/

57852

MALWARE-OTHER Win.Downloader.VictoryDll variant download attempt

www.virustotal.com/g ui/file/d198c4d82eba 42cc3ae512e4a1d4c e85ed92f3e5fdff5c24 8acd7b32bd46dc75/ detection

57870

MALWARE-CNC Netfilter rootkit outbound connection attempt

msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/

57871

MALWARE-CNC Netfilter rootkit download attempt

msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/

57874

MALWARE-OTHER Win.Ransomware.Babuk payload download attempt

www.virustotal.com/g ui/file/2138c8a34a1ef f40ba3fc81b6e3b756 4c6b695b140e82f3fc f23b2ec2bf291cf/det ection

57826

MALWARE-CNC ASPXSpy webshell inbound connection attempt

labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/

57676

MALWARE-OTHER Sliver HTTP implant outbound public key request attempt

github.com/bishopfox /sliver

57677

MALWARE-OTHER Sliver HTTP implant outbound session initialization attempt

github.com/bishopfox /sliver

57675

MALWARE-OTHER Sliver HTTP implant outbound public key request attempt

github.com/bishopfox /sliver

57678

MALWARE-OTHER Sliver HTTP implant outbound message attempt

github.com/bishopfox /sliver

57679

MALWARE-OTHER Sliver HTTP implant outbound message attempt

github.com/bishopfox /sliver

57797

INDICATOR-OBFUSCATION Javascript obfuscation using parseInt

attack.mitre.org/tech niques/t1027

57788

MALWARE-OTHER Win.Trojan.Lazagne malicious executable download attempt

virustotal.com/gui/file /5a2e947aace9e081 ecd2cfa7bc2e485528 238555c7eeb6bcca5 60576d4750a50/dete ction

57787

MALWARE-OTHER Win.Malware.Agent malicious executable download attempt

virustotal.com/gui/file /234e4df3d93041362 24f2a6c37cb6b5f6d8 336c4e105afce8578 32015e97f27a/detect ion

57838

BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt

57832

OS-OTHER Apple macOS Gatekeeper bypass attempt

CVE-2021-30657

57682

MALWARE-OTHER Sliver HTTP implant outbound public key request attempt

github.com/bishopfox /sliver

57773

MALWARE-CNC Win.Trojan.Bazaloader variant outbound request detected

57710

MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt

virustotal.com/en/file/ 19269ce9a0a44aca9 d6b2deed7de71cf57 6ac611787c2af46819 ca2aff44ce2a/analysi s/

57712

MALWARE-TOOLS Win.Trojan.NecroBot malicious download attempt

virustotal.com/en/file/ a8bb386fa3a6791e7 2f5ec6f1dc26359b00 d0ee8cb0ce866f452 b7fff6dbb319/analysi s/

57715

MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt

virustotal.com/en/file/ 8797ce228b32d8907 73d5dbac71cefa505 b788cc8b25929be98 32db422d8239b/anal ysis/

57714

MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt

virustotal.com/en/file/ 8797ce228b32d8907 73d5dbac71cefa505 b788cc8b25929be98 32db422d8239b/anal ysis/

57717

MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt

virustotal.com/en/file/ 8797ce228b32d8907 73d5dbac71cefa505 b788cc8b25929be98 32db422d8239b/anal ysis/

57716

MALWARE-CNC Multios.Trojan.NecroBot outbound connection attempt

virustotal.com/en/file/ 8797ce228b32d8907 73d5dbac71cefa505 b788cc8b25929be98 32db422d8239b/anal ysis/

57739

MALWARE-OTHER Win.Trojan.C3Framework payload download attempt

www.virustotal.com/g ui/file/04e4d5038235 157b0e708831ead40 cc97eeb1e82cb8eb4 be8357e3698ec2d51 a/detection

57840

BROWSER-CHROME Google Chrome NewFixedDoubleArray memory corruption attempt

57846

MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection

www.virustotal.com/g ui/file/e53a25c5ee5d e4c9dc4ca53129327 0d1aa921b9fc110ecb 2a0afb57872c51324/ detection

57680

MALWARE-OTHER Sliver HTTP implant outbound message attempt

github.com/bishopfox /sliver

57687

MALWARE-OTHER Win.Trojan.Nobelium malicious shortcut download attempt

57850

MALWARE-OTHER Win.Backdoor.VictoryDll variant download attempt

www.virustotal.com/g ui/file/0e8fb748cd58a b2fa754e2fa16e4390 327a10593ca72bb6a 3b90a1885cbe5387/ detection

57851

MALWARE-OTHER Doc.Dropper.RoyalRoadRTF variant download attempt

www.virustotal.com/g ui/file/d198c4d82eba 42cc3ae512e4a1d4c e85ed92f3e5fdff5c24 8acd7b32bd46dc75/ detection

57740

MALWARE-OTHER Win.Trojan.C3Framework payload download attempt

www.virustotal.com/g ui/file/04e4d5038235 157b0e708831ead40 cc97eeb1e82cb8eb4 be8357e3698ec2d51 a/detection

57823

MALWARE-CNC ASPXSpy webshell outbound connection attempt

labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/

57827

MALWARE-CNC ASPXSpy webshell inbound connection attempt

labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/

57825

MALWARE-CNC ASPXSpy webshell inbound connection attempt

labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/

57828

MALWARE-CNC ASPXSpy webshell outbound connection attempt

labs.sentinelone.com /from-wiper-to-ranso mware-the-evolutionof-agrius/

57849

MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection

www.virustotal.com/g ui/file/3f34c61025b5c f46075d79e68efb5da 0f4ac01c113d8c1aaff 3903ccd9a0fa3e/det ection

57848

MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection

www.virustotal.com/g ui/file/19e680eaa52c 0ad14274b04141a8e 172d2ec1a01a3f429 263090a990120ad9d f/detection

57843

MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection

www.virustotal.com/g ui/file/45918acc04ad 790445fd423b348aa 88855570d57ebed87 0741603a7e5473d45 6/detection

57842

MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection

www.virustotal.com/g ui/file/120d1835df79b 464dce91fd4151a69 bae5ef5603e6eb482 1a79f8a84767f7724/ detection

57845

MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection

www.virustotal.com/g ui/file/433a3e302317 9959f8d99d29a645f0 c29ed86beb172c23b 22ca311a767cfbb74/ detection

57844

MALWARE-CNC Win.Trojan.ActionRAT variant outbound connection

www.virustotal.com/g ui/file/3a435ad1c013 35d31c05ca77a125d 0162c223c135363c1 20071b7bac284a64e 3/detection

57847

MALWARE-CNC Win.Trojan.CetaRAT variant outbound connection

www.virustotal.com/g ui/file/fa02de1f2dbd2 9f19e8ab0ff2931b06 3bd8f8ccadf0d7e321 f0a02d2e2f86419/det ection

57867

MALWARE-CNC Netfilter rootkit download attempt

msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/

57866

MALWARE-CNC Netfilter rootkit outbound connection attempt

msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/

57865

MALWARE-CNC Netfilter rootkit download attempt

msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/

57864

MALWARE-CNC Netfilter rootkit outbound connection attempt

msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/

57869

MALWARE-CNC Netfilter rootkit outbound connection attempt

msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/

57868

MALWARE-CNC Netfilter rootkit outbound connection attempt

msrc-blog.microsoft.c om/2021/06/25/invest igating-and-mitigating -malicious-drivers/

57998

BROWSER-IE Microsoft Internet Explorer memory corruption attempt

CVE-2021-34480

Signatures Modified

SID

Description

Reference

26527

EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt

blog.sucuri.net/2013/ 04/apache-binary-ba ckdoors-on-cpanel-b ased-servers.html

57429

BROWSER-CHROME Google Chrome Math.max memory corruption attempt

CVE-2021-21224

3816

SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt

CVE-2005-0595

Signatures Removed

SID

Description

Reference

57901

MALWARE-CNC Doc.Downloader.Emotet variant outbound connection attempt

www.virustotal.com/# /file/2cb81a1a59df4a 4fd222fbcb946db3d6 53185c2e79cf4d336 5b430b1988d485f/de tection

57890

OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt

CVE-2021-34449

57894

OS-WINDOWS Microsoft Windows Kernel privilege escalation attempt

CVE-2021-31979

57896

OS-WINDOWS Microsoft Windows kernel elevation of privilege attempt

CVE-2021-33771

57893

MALWARE-CNC Win.Trojan.TrickBot outbound connection attempt

www.virustotal.com/g ui/file/b33f1abe6c901 1aa598fb679135f0b5 43be2cd4e1178cba8 bcf70a5859cb2f5e/d etection

To learn more, view IPS FAQ