Netskope Help

CTEP/IPS Threat Content Update Release Notes 92.0.1.157

Refer to the following summary of signatures deployed with the IPS content release:

  • Total signatures: 20703

  • Signatures added: 110

  • Signatures modified: 274

  • Signatures removed: 35

Signatures Added

SID

Description

Reference

58764

MALWARE-OTHER Vbs.Downloader.Agent payload download attempt

www.virustotal.com/gui/file/48951f6847400dd39cba2f5ba0376e08bb4b7e36a4c3567792289734758b7bf9

58762

MALWARE-OTHER Win.Downloader.Agent payload download attempt

www.virustotal.com/gui/file/44f5442b45a48365cdd6c7d1f16ba19dea4fb1865ea4e9178c5758929f59d0f7

58609

OS-OTHER Apple macOS kernel memory leak attempt

CVE-2020-27950

59008

OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt

CVE-2022-21996

58547

BROWSER-IE Microsoft Internet Explorer memory corruption attempt

CVE-2021-26411

58556

OS-MOBILE ARM Mali GPU kernel use-after-free attempt

CVE-2021-28663

58780

MALWARE-CNC Win.Infostealer.RedLine outbound connection

www.virustotal.com/gui/file/2f394d52b952eeea2fdc7b06629711193524d15f0b8b6d6765f02345c7185f99 /detection

58524

FILE-OTHER Apple Safari Type 1 fonts RCE attempt

CVE-2020-27930

140835

MALWARE-OTHER TA551 Bazarloader Infection Detected

www.virustotal.com/gui/file/4d1ba7c3d9cf95d861266734c00defbb10d3aae10aae1380029976a340a9e270

140837

MALWARE-OTHER QAKBOT Distribution Detected

www.virustotal.com/gui/file/bd445bae74162f8e6b8d8e855b91d292df13fe28f41d08867edb2a8668d8c734

58631

FILE-OTHER VMware Fusion privilege escalation attempt

CVE-2020-3950

140838

MALWARE-OTHER Bazarloader CS Infection Detected

www.virustotal.com/gui/file/981cdead74b028ee7fb081f369abfde84e1e2ab1cd54ddd3b602ec937651904d

58434

MALWARE-OTHER Php.Webshell.Generic download attempt

www.virustotal.com/gui/file/8cb4cf774c954dca6f0dcbacba4ff768c495b4c97861e0b4722f6b17fbc5294b/detection

58437

MALWARE-OTHER Php.Webshell.Generic download attempt

www.virustotal.com/gui/file/8cb4cf774c954dca6f0dcbacba4ff768c495b4c97861e0b4722f6b17fbc5294b/detection

58436

MALWARE-OTHER Php.Webshell.Generic upload attempt

www.virustotal.com/gui/file/8cb4cf774c954dca6f0dcbacba4ff768c495b4c97861e0b4722f6b17fbc5294b/detection

58431

MALWARE-CNC Win.Trojan.MirrorBlast outbound connection

www.virustotal.com/gui/file/a403eae5b12b909f4075e855f58d1742308d5e0d3450e79b60162fa9fb7caad7/detection

58430

MALWARE-CNC Win.Trojan.MirrorBlast outbound connection

www.virustotal.com/gui/file/e834acc3615f1b6ed00396d3db1e86770486f48433948a2a323b4f7bd99d9d19/detection

58433

MALWARE-CNC Win.Trojan.MirrorBlast outbound connection

www.virustotal.com/gui/file/a403eae5b12b909f4075e855f58d1742308d5e0d3450e79b60162fa9fb7caad7/detection

58432

MALWARE-CNC Win.Trojan.MirrorBlast outbound connection

www.virustotal.com/gui/file/a403eae5b12b909f4075e855f58d1742308d5e0d3450e79b60162fa9fb7caad7/detection

58439

MALWARE-OTHER Php.Webshell.Generic download attempt

www.virustotal.com/gui/file/004a3928509cbaa3a789c1647c9fccd914e1c64afdd47d9c1b33d60c1817680d/detection

58438

MALWARE-OTHER Php.Webshell.Generic upload attempt

www.virustotal.com/gui/file/004a3928509cbaa3a789c1647c9fccd914e1c64afdd47d9c1b33d60c1817680d/detection

58603

OS-MOBILE Apple iOS voucher release privilege escalation attempt

CVE-2021-1782

58600

BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

CVE-2021-30632

58685

FILE-OTHER HP Multi-Function Printer memory corruption attempt

CVE-2021-39238

58683

BROWSER-CHROME Google Chrome ScriptProcessorNode race condition exploit attempt

CVE-2021-21166

59006

OS-WINDOWS Windows Common log file system driver elevation of privilege attempt

CVE-2022-22000

58621

FILE-OTHER Apple iOS Webkit universal XSS attempt

CVE-2021-1879

58865

MALWARE-CNC Win.Trojan.Beacon outbound connection

www.virustotal.com/gui/file/83c92f0d8db0545ebae13b9ddbc38f57a31650a6afd80b5fee2e0eae54e25495/detection

58850

MALWARE-OTHER Win.Ransomware.Rollcoast download attempt

mandiant.com/resources/sabbath-ransomware-affiliate

58453

MALWARE-OTHER Php.Webshell.Generic upload attempt

www.virustotal.com/gui/file/1d4c1bc5afeca8d7755322dd900886f324e564d2969147bd90754438b63dab5f/detection

58451

MALWARE-CNC Php.Webshell.Generic outbound connection attempt

www.virustotal.com/gui/file/1d4c1bc5afeca8d7755322dd900886f324e564d2969147bd90754438b63dab5f/detection

58498

MALWARE-CNC Win.Trojan.Kimsuky outbound connection

www.virustotal.com/gui/file/cdfbcae99a3af4dc4d0e54aba1b2e4571d06f01efc4d7e43df4a7ab9557cd402/detection

58493

MALWARE-OTHER Tool.Webshell.Generic upload attempt

www.virustotal.com/gui/file/f0c6d7bae0139546de727a428d7ed5be1645177dbab0ef25b639336f271af606/detection

58491

MALWARE-OTHER Tool.Webshell.Generic download attempt

www.virustotal.com/gui/file/f0c6d7bae0139546de727a428d7ed5be1645177dbab0ef25b639336f271af606/detection

58497

MALWARE-CNC Win.Trojan.Kimsuky outbound connection

www.virustotal.com/gui/file/cdfbcae99a3af4dc4d0e54aba1b2e4571d06f01efc4d7e43df4a7ab9557cd402/detection

58496

MALWARE-CNC Win.Trojan.Kimsuky outbound connection

www.virustotal.com/gui/file/cdfbcae99a3af4dc4d0e54aba1b2e4571d06f01efc4d7e43df4a7ab9557cd402/detection

58495

MALWARE-CNC Win.Ransomware.Magniber variant beacon

www.virustotal.com/gui/file/10b9b1d8f6bafd9bb57ccfb1da4a658f10207d566781fa5fb3c4394d283e860e

58494

MALWARE-OTHER Tool.Webshell.Generic download attempt

www.virustotal.com/gui/file/f0c6d7bae0139546de727a428d7ed5be1645177dbab0ef25b639336f271af606/detection

58801

INDICATOR-COMPROMISE JNDI LDAP searchResEntry dynamic code download attempt

CVE-2021-4104

58777

MALWARE-CNC Win.Trojan.FormBook outbound connection attempt

any.run/malware-trends/formbook

58772

MALWARE-CNC Rat.Trojan.Netwire variant cnc connection

www.virustotal.com/gui/file/574b348f67921ce34f660afe2ff75d0538bd5ea203739a77479dba7f026f0476

58773

MALWARE-CNC Rat.Trojan.AsyncRAT variant cnc connection

www.virustotal.com/gui/file/1490f6303a675ded86c22841f87868c6f0867e922671e0426f499e46a72060d2

58770

MALWARE-CNC Rat.Trojan.Nanocore variant cnc connection

www.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545

58778

MALWARE-CNC Win.Infostealer.RedLine outbound connection

www.virustotal.com/gui/file/2f394d52b952eeea2fdc7b06629711193524d15f0b8b6d6765f02345c7185f99 /detection

58779

MALWARE-CNC Win.Infostealer.RedLine outbound connection

www.virustotal.com/gui/file/2f394d52b952eeea2fdc7b06629711193524d15f0b8b6d6765f02345c7185f99/detection

58759

MALWARE-OTHER Win.Trojan.Agent variant payload download attempt

www.virustotal.com/gui/file/8abecb0f68492aae05022d5881c9db1c7964646101be27b70c8b1ae3df985590

140836

MALWARE-OTHER QAKBOT Distribution Detected

www.virustotal.com/gui/file/ce1b3d798bfdcd7503d29ff5841039ef7cb3fec51d7dd56cd 3344b39a15fd4be

58492

MALWARE-OTHER Tool.Webshell.Generic upload attempt

www.virustotal.com/gui/file/f0c6d7bae0139546de727a428d7ed5be1645177dbab0ef25b639336f271af606/detection

140833

MALWARE-OTHER Emotet Epoch-4 Infection

www.virustotal.com/gui/file/555dff455242a5f82f79eecb66539bfd1daa842481168f1f1df911ac05a1cfba

58642

FILE-PDF Adobe Acrobat Reader DC memory corruption attempt

CVE-2021-28639

58640

FILE-PDF Adobe Acrobat Reader DC memory corruption attempt

CVE-2021-28639

58641

FILE-PDF Adobe Acrobat Reader DC memory corruption attempt

CVE-2021-28639

58711

MALWARE-OTHER Asp.Webshell.NewCon2 upload attempt

www.virustotal.com/gui/file/608a7c994916084ff0f91b3dbe31a52763eab03ee2dd35dbc14592cc7bf7a096/detection

58713

MALWARE-CNC Asp.Webshell.NewCon2 outbound connection attempt

www.virustotal.com/gui/file/608a7c994916084ff0f91b3dbe31a52763eab03ee2dd35dbc14592cc7bf7a096/detection

58582

POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt

CVE-2021-33044

58781

MALWARE-CNC Win.Infostealer.RedLine outbound connection

ui/file/0051c204c64ac8bc73788990d397d2c12b931529208f33dd3693d6ef9ba1380/detection

58452

MALWARE-OTHER Php.Webshell.Generic download attempt

www.virustotal.com/gui/file/1d4c1bc5afeca8d7755322dd900886f324e564d2969147bd90754438b63dab 5f/detection

58527

MALWARE-CNC Win.Trojan.STRRAT variant outbound connection

isc.sans.edu/forums/diary/strrat+a+javabased+rat+that+doesnt+care+if+you+have+java/27798/

58526

MALWARE-CNC Win.Trojan.STRRAT variant outbound connection

virustotal.com/en/file/f148e9a2089039a66fa624e1ffff5ddc5ac5190ee9fdef35a0e973725b60fbc9/analysis/

59004

OS-WINDOWS Microsoft Windows NPFS file system privilege escalation attempt

CVE-2022-22715

59001

OS-WINDOWS Microsoft Windows Kernel privilege escalation attempt

CVE-2022-21989

140845

MALWARE-OTHER Mirrorblast infection Detected-2

www.virustotal.com/gui/file/4648edc370e61a52c95d3f525391e0154406fd661d01d091f2d9dba9f8a485f2

140844

MALWARE-OTHER Mirrorblast infection Detected

www.virustotal.com/gui/file/f4891094d6623dadbf84486b85a29b4bd0badf28ee100bc0e44c550715614e62

140841

MALWARE-OTHER Obama Infection with CS Detected

www.virustotal.com/gui/file/73f9a63b139bf560cbbec05febf73cebbf4ca9051e0c8e14d9d45098e138c34a

140840

MALWARE-OTHER Stolen Images Bazarloader Infection Detected-2

www.virustotal.com/gui/file/a3d502012d1cded2d5a936372a08073db9b85dd2323908f9d55d802c24e8aa20

140842

MALWARE-OTHER Obama Infection with CS Detected-2

www.virustotal.com/gui/file/c4dfafbe698285e5f95e0e75a5bcda4642e9f6fcf826df51c90957a49cd2a4d1

57938

BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt

CVE-2021-30602

58791

MALWARE-OTHER Win.Ransomware.Blackbyte malicious javascript file download attempt

mcit.gov.ws/2021/08/06/cs-advisory-ca003-blackbyte-ransomware/

58792

MALWARE-OTHER Win.Ransomware.Blackbyte malicious executable file download attempt

mcit.gov.ws/2021/08/06/cs-advisory-ca003-blackbyte-ransomware/

58796

MALWARE-CNC Win.Backdoor.FatalRat variant beaconing attempt

www.virustotal.com/gui/file/e52af19dce25d51f9cf258613988b8edc583f7c7e134d3e1b834d9aab9c7c4c4

58571

FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt

CVE-2021-30713

58580

MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt

CVE-2019-18988

58619

OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt

CVE-2021-30807

58615

OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt

CVE-2004-0420

58617

OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt

CVE-2004-0420

58616

OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt

CVE-2004-0420

58611

BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt

CVE-2019-17026

58613

BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt

CVE-2021-30551

58429

MALWARE-CNC Win.Trojan.MirrorBlast outbound connection

www.virustotal.com/gui/file/a403eae5b12b909f4075e855f58d1742308d5e0d3450e79b60162fa9fb7caad 7/detection

58586

OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt

CVE-2020-0683

58651

MALWARE-CNC Win.Trojan.MagnatExtension outbound connection

www.virustotal.com/gui/file/0cae9a4e0e73ff75f3ffa7f2d58ee67df34bc93e976609162cd6381ea9eb6f5b/de tection

58650

MALWARE-CNC Win.Backdoor.Magnat outbound connection

www.virustotal.com/gui/file/0cae9a4e0e73ff75f3ffa7f2d58ee67df34bc93e976609162cd6381ea9eb6f5b/de tection

58655

OS-WINDOWS Microsoft Windows file signature spoofing attempt

CVE-2020-1464

58658

MALWARE-CNC Win.Trojan.DarkSide outbound connection attempt

www.virustotal.com/gui/file/ac092962654b46a670b030026d07f5b8161cecd2abd6eece52b7892965aa521b

140843

MALWARE-OTHER Ursniff Malware Infection Detected

www.virustotal.com/gui/file/04c39c93147e33357d02235bfd7b2a095e82f558b78c2a3ce2bfafed896a564c

58712

MALWARE-OTHER Asp.Webshell.NewCon2 download attempt

www.virustotal.com/gui/file/608a7c994916084ff0f91b3dbe31a52763eab03ee2dd35dbc14592cc7bf7a09 6/detection

58852

MALWARE-CNC Win.Trojan.BazarLoader outbound connection

www.virustotal.com/gui/file/c17e71c7ae15fdb02a4e22df4f50fb44215211755effd6e3fc56e7f3e586b299-2090773/detection

58993

OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attempt

CVE-2022-22718

58999

OS-WINDOWS Microsoft Windows Desktop Window Manager type confusion attempt

CVE-2022-21994

58448

MALWARE-CNC Win.Trojan.STRRAT variant outbound request detected

www.virustotal.com/gui/file/685549196c77e82e6273752a6fe522ee18da8076f0029ad8232c6e0d3685367 5/detection

58833

SERVER-WEBAPP Nagios XI remote command execution attempt

CVE-2019-15949

58782

FILE-PDF Adobe Reader Uninitialized object RCE attempt

no reference

58815

FILE-EXECUTABLE GIGABYTE GPCIDrv and GDrv driver privilege escalation attempt

CVE-2018-19323

58767

MALWARE-CNC Rat.Trojan.Nanocore variant cnc connection

www.virustotal.com/ui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545

58766

MALWARE-CNC Rat.Trojan.Nanocore variant cnc connection

www.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545

58761

MALWARE-OTHER Win.Dropper.Agent HCrypt PowerShell payload download attempt

www.virustotal.com/gui/file/be02ba931ff61e5fb9ea332d41cf347d12fc84b4557ad28d82d2b2551406e4da

58769

MALWARE-CNC Rat.Trojan.Nanocore variant cnc connection

www.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545

58768

MALWARE-CNC Rat.Trojan.Nanocore variant cnc connection

www.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c65754 5

140834

MALWARE-OTHER Matanbuchus Qakbot Infection Detected

www.virustotal.com/gui/file/18bd1ae701ff57a6d1119f18c53350688f41cbac0ea1ad0cb73234f6ab733404

140831

MALWARE-OTHER Emotet Epoch-5 Infection

www.virustotal.com/gui/file/4a1ea7affcba0788556ae5bd402178b65274dc2b8f1b7aea7b7813d9cc4346e5

140832

MALWARE-OTHER Bazarloader Infection Detected

www.virustotal.com/gui/file/30d991153e4d40909ff95b5252ce6f82b7e4ab064214da4ff28f02bd45ffd6fa

140839

MALWARE-OTHER Stolen Images Bazarloader Infection Detected-1

www.virustotal.com/gui/file/f136e8eebfa0c6caf9b0300ef18ed6a73fefa4e298e10620547692350c6a37c6

39242

BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt

CVE-2016-3210

58702

MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt

www.virustotal.com/gui/file/ed597809fdcb90dabc0a555c39353982bae3c99703b819 8a6e19923d0a75692/detection

58701

MALWARE-OTHER Php.Webshell.PhpJackal download attempt

www.virustotal.com/gui/file/ed597809fdcb90dabc0a555c39353982bae3c99703b819 38a6e19923d0a75692/detection

58700

MALWARE-OTHER Php.Webshell.PhpJackal upload attempt

www.virustotal.com/gui/file/ed597809fdcb90dabc0a555c39353982bae3c99703b819 38a6e19923d0a75692/detection

58435

MALWARE-OTHER Php.Webshell.Generic upload attempt

www.virustotal.com/gui/file/8cb4cf774c954dca6f0dcbacba4ff768c495b4c97861e0b4722f6b17fbc5294b/detection

58585

POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt

CVE-2021-33045

58814

POLICY-OTHER Java User-Agent remote class download attempt

CVE-2021-44228

58564

MALWARE-CNC Win.Trojan.SquirrelWaffle beacon attempt

www.virustotal.com/gui/file/3c280f4b81ca4773f89dc4882c1c1e50ab1255e1975372109b37cf782974e96f