Netskope Help

CTEP/IPS Threat Content Update Release Notes 93.0.1.165

Refer to the following summary of signatures deployed with the IPS content release:

  • Total signatures: 20709

  • Signatures added: 36

  • Signatures modified: 0

  • Signatures removed: 29

Signatures Added

SID

DESCRIPTION

REFERENCE

59107

OS-WINDOWS Microsoft Windows RDP path redirection remote code execution attempt

CVE-2022-21990

59213

OS-WINDOWS Microsoft Windows Cloud Files Mini Filter driver elevation of privilege attempt

CVE-2022-23286

59210

OS-WINDOWS Microsoft Windows PDEV escalation of privilege attempt

CVE-2022-23299

59216

BROWSER-IE Microsoft Internet Explorer security zone bypass attempt

CVE-2022-24502

59221

OS-WINDOWS Microsoft Windows Winsock local privilege escalation attempt

CVE-2022-24507

58933

MALWARE-OTHER Xls.Dropper.MuddyWater variant download attempt

virustotal/fcdd38ff378605c66 333429d9df2242fbce25a5f6 9f4d6d4c11d9613bcb409b0/

58938

MALWARE-CNC Ps1.Malware.MuddyWater outbound cnc connection

-

58946

FILE-OTHER PEAR Archive Tar code deserialization attempt

CVE-2020-28949

58949

MALWARE-CNC Win.Trojan.Qakbot variant outbound connection

securelist.com/qakbot-techni cal-analysis/103931/

58903

MALWARE-CNC Win.Trojan.Qakbot variant beaconing attempt

virustotal/3ec118323b5c34e d63d56b7969a1cb2c605922 459210c174eb58a6cc19a86 3ea

58904

MALWARE-CNC Win.Trojan.Qakbot variant beaconing attempt

virustotal/3ec118323b5c34e d63d56b7969a1cb2c605922 459210c174eb58a6cc19a86 3ea

58925

MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell download attempt

virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/

58923

MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell inbound connection attempt

virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/

58941

FILE-OTHER PEAR Archive TAR symbolic link file overwrite attempt

CVE-2020-36193

58957

MALWARE-CNC Win.RAT.AridViper outbound connection

virustotal/1d4e54529feef538 50f97f39029a906d53f3d4b2 aea8373e27c413324a55681 c/

58955

OS-LINUX Polkit pkexec privilege escalation attempt

CVE-2021-4034

58958

MALWARE-CNC Win.RAT.AridViper outbound connection

virustotal/1d4e54529feef538 50f97f39029a906d53f3d4b2 aea8373e27c413324a55681 c/

58918

MALWARE-OTHER Php.Webshell.529 inbound connection attempt

virustotal/f1743a695b78e79 4a822f71601fbab666d72043 e06d36988289cd3d95d1c0c 2d/

58919

MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell outbound connection attempt

virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/

58912

MALWARE-OTHER Php.Webshell.AcceptLanguage upload attempt

attack.mitre.org/techniques/t 1505/003/

58913

MALWARE-OTHER Php.Webshell.AcceptLanguage download attempt

attack.mitre.org/techniques/t1505/003/

58916

MALWARE-OTHER Php.Webshell.529 inbound connection attempt

virustotal/f1743a695b78e79 4a822f71601fbab666d72043 e06d36988289cd3d95d1c0c 2d/

58917

MALWARE-OTHER Php.Webshell.529 upload attempt

virustotal/f0c6d7bae013954 6de727a428d7ed5be164517 7dbab0ef25b639336f271af6 06/

58914

MALWARE-OTHER Php.Webshell.529 outbound connection attempt

virustotal/f1743a695b78e79 4a822f71601fbab666d72043 e06d36988289cd3d95d1c0c 2d/

58915

MALWARE-OTHER Php.Webshell.529 download attempt

virustotal/f0c6d7bae013954 6de727a428d7ed5be164517 7dbab0ef25b639336f271af6 06/

58930

MALWARE-OTHER Ps1.Downloader.MuddyWater payload download attempt

virustotal/c9931382f844b61 a002f83db1ae475953bbab4 49529be737df1eee8b3065f6 eb/

58931

MALWARE-OTHER Ps1.Downloader.MuddyWater payload download attempt

virustotal/c9931382f844b61 a002f83db1ae475953bbab4 49529be737df1eee8b3065f6 eb/

58936

MALWARE-OTHER Xls.Dropper.MuddyWater variant download attempt

virustotal/26ed7e89b3c5058 836252e0a8ed9ec6b58f5f82 a2e543bc6a97b3fd17ae3e4 ec/

58937

MALWARE-CNC Ps1.Malware.MuddyWater outbound cnc connection

virustotal/b1e30cce6df16d83 b82b751edca57aa17795d8d 0cdd960ecee7d90832b0ee7 6c/

58943

MALWARE-CNC Win.Malware.Emotet cnc outbound connection attempt

isc.sans.edu/forums/diary/e motet+returns/28044/

140834

MALWARE-OTHER Matanbuchus Qakbot Infection Detected

virustotal/18bd1ae701ff57a6 d1119f18c53350688f41cbac 0ea1ad0cb73234f6ab73340 4

58924

MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell upload attempt

virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/

58922

MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell inbound connection attempt

virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/

58921

MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell inbound connection attempt

virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/

58920

MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell outbound connection attempt

virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/

58929

MALWARE-OTHER Pdf.Downloader.MuddyWater variant download attempt

virustotal/d7de68febbbdb72f f820f6554afb464b5c204c43 4faa6ffe9b4daf6b691d535f/