Netskope Help

CTEP/IPS Threat Content Update Release Notes 94.1.1.190

Refer to the following summary of signatures deployed with the IPS content release:

  • Total signatures: 20844

  • Signatures added: 130

  • Signatures modified: 0

  • Signatures removed: 02

Signatures Added

SID

Description

Reference

59728

OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt

CVE-2022-23279

59731

OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt

CVE-2022-29104

59733

OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt

CVE-2022-29142

59038

MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt

virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection

59039

MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt

virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection

59036

MALWARE-OTHER Php.Webshell.AK74 outbound connection attempt

virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection

59037

MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt

virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection

59035

MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt

virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection

59262

MALWARE-OTHER Php.Webshell.C0ders outbound connection attempt

attack.mitre.org/techniques/t1505/003/

59008

OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt

CVE-2022-21996

59018

MALWARE-CNC Php.Webshell.AyyildizTim outbound connection attempt

attack.mitre.org/techniques/t1505/003/

59019

MALWARE-CNC Php.Webshell.AyyildizTim inbound connection attempt

attack.mitre.org/techniques/t1505/003/

59263

MALWARE-OTHER Php.Webshell.C0ders inbound connection attempt

attack.mitre.org/techniques/t1505/003/

59260

MALWARE-OTHER Php.Webshell.Generic outbound connection attempt

attack.mitre.org/techniques/t1505/003/

59207

MALWARE-OTHER Win.Trojan.Ursnif variant binary download attempt

virustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection

59201

MALWARE-OTHER Win.Infostealer.Vidar download attempt

virustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection

59200

MALWARE-OTHER Win.Infostealer.Vidar download attempt

virustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection

59203

MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt

blog.minerva-labs.com/a-long-list-of-arkei-stealers-browser-crypto-wallets

59209

MALWARE-CNC Win.Trojan.Ursnif variant outbound connection

virustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection

59147

MALWARE-OTHER Win.Trojan.Redline variant download attempt

blogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update

59195

MALWARE-OTHER Win.Trojan.WhisperGate download attempt

virustotal.com/gui/file/a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92

59196

MALWARE-OTHER Win.Loader.Agent download attempt

virustotal.com/gui/file/a5833236a73c66add109c8b53adda6f998bf92d63955fa06787d66d670d7889e/detection

59190

MALWARE-OTHER Win.Trojan.WhisperGate download attempt

virustotal.com/gui/file/9757ab43e767fe86ac238615e761b76745bba3596f47c6dcffd0aa2\06fd9981a

59198

MALWARE-OTHER Win.Downloader.Saintbot download attempt

virustotal.com/gui/file/a5833236a73c66add109c8b53adda6f998bf92d63955fa06787d66d670d7889e/detection

59223

MALWARE-CNC Win.Trojan.TransparentTribe outbound connection attempt

virustotal.com/gui/file/011bcca8feebaed8a2aa0297051dfd59595c4c4e1ee001b11d8fc3d97395cc5c

59222

MALWARE-OTHER Win.Downloader.TransparentTribe outbound connection attempt

virustotal.com/gui/file/2bb2a640376a52b1dc9c2b7560a027f07829ae9c5398506dc506063a3e334c3a

59227

MALWARE-CNC Win.Trojan.MuddyWater download attempt

virustotal.com/en/file/a500e5ab8ce265d1dc8af1c00ea54a75b57ede933f64cea794f87ef1daf287a1/analysis/

59226

MALWARE-CNC Win.Trojan.MuddyWater outbound connection attempt

virustotal.com/en/file/026868713d60e6790f41dc7046deb4e6795825faa903113d2f22b644f0d21141/analysis/

59229

MALWARE-CNC Win.Trojan.MuddyWater outbound connection attempt

virustotal.com/en/file/fb69c821f14cb0d89d3df9eef2af2d87625f333535eb1552b0fcd1caba38281f/analysis/

59092

MALWARE-OTHER Php.Webshell.Generic download attempt

attack.mitre.org/techniques/t1505/003/

59093

MALWARE-OTHER Php.Webshell.Azrail outbound connection attempt

attack.mitre.org/techniques/t1505/003/

59095

MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt

ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf

59248

FILE-PDF Adobe Acrobat PDF SMask height out of bounds write attempt

CVE-2021-39843

59240

MALWARE-OTHER Win.Trojan.Generic download attempt

59243

MALWARE-CNC Win.Trojan.Raccoon variant RC4 encrypted outbound request attempt

virustotal.com/gui/file/c2cc34d159ec0122c7b5d106755477fc2f9ac6df23a9b0dc49f1657acf4a6d0e

59266

MALWARE-OTHER Php.Webshell.C0ders inbound connection attempt

attack.mitre.org/techniques/t1505/003/

59265

MALWARE-OTHER Php.Webshell.C0ders upload attempt

attack.mitre.org/techniques/t1505/003/

59264

MALWARE-OTHER Php.Webshell.C0ders inbound connection attempt

attack.mitre.org/techniques/t1505/003/

59261

MALWARE-OTHER Php.Webshell.C0ders download attempt

attack.mitre.org/techniques/t1505/003/

59099

MALWARE-OTHER Win.Malware.HermeticWiper binary download attempt

virustotal.com/gui/file/1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591

59091

MALWARE-OTHER Php.Webshell.Azrail inbound connection attempt

attack.mitre.org/techniques/t1505/003/

59094

MALWARE-OTHER Php.Webshell.Generic upload attempt

attack.mitre.org/techniques/t1505/003/

59096

MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt

ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf

59006

OS-WINDOWS Windows Common log file system driver elevation of privilege attempt

CVE-2022-22000

59168

MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt

virustotal.com/gui/file/a8fd0a5de66fa39056c0ddf2ec74ccd38b2ede147afa602aba00a3f0b55a88e0/detection

59163

MALWARE-TOOLS Win.Malware.IsaacWiper variant download attempt

virustotal.com/gui/file/13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033

59165

MALWARE-CNC Win.Malware.SunSeed outbound cnc connection attempt

virustotal.com/gui/file/7bf33b494c70bd0a0a865b5fbcee0c58fa9274b8741b03695b45998bcd459328/detection

59115

SERVER-APACHE Apache Druid JDBC connection remote code execution attempt

CVE-2021-26919

59111

MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection

blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/

59110

MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection

blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/

59113

MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection

blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/

59112

MALWARE-CNC Win.Trojan.Patchwork RAT variant outbound connection

blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/

59138

MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt

ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf

59133

MALWARE-CNC Win.Trojan.AgentTesla outbound connection attempt

virustotal.com/gui/file/a4d54f94d70dcb5a029d89dcd3bcda4bb5e3e0b909fbcad04bb5ed4d09459c7d/detection

59131

MALWARE-OTHER Win.Trojan.Generic download attempt

virustotal.com/gui/file/a4d54f94d70dcb5a029d89dcd3bcda4bb5e3e0b909fbcad04bb5ed4d09459c7d/detection

59137

MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt

ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf

59136

MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt

ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf

59154

MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt

virustotal.com/gui/file/4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

59156

MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt

virustotal.com/gui/file/4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

59158

MALWARE-OTHER Win.Ransomware.HermeticRansom binary download attempt

virustotal.com/gui/file/4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

15939

SERVER-OTHER MSN Messenger IRC bot calling home attempt

59177

MALWARE-OTHER Win.Trojan.WhisperGate download attempt

virustotal.com/gui/file/34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907

59175

MALWARE-OTHER Win.Trojan.WhisperGate download attempt

virustotal.com/gui/file/dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78

59174

MALWARE-OTHER Win.Trojan.WhisperGate download attempt

virustotal.com/gui/file/9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d

59173

MALWARE-CNC Xls.Downloader.SunSeed payload download attempt

virustotal.com/gui/file/a1f7e9b76260c1be4fcd054e1d2ef000d0f58702927e4f29795e9cd5ae8a5a42/detection

59171

MALWARE-OTHER Xls.Downloader.SunSeed payload download attempt

virustotal.com/gui/file/d7ce7d6de1aa23c9f54a11a84238ec07281745e4ba67ad1b548c71cc18158891/detection

59202

MALWARE-CNC Win.Infostealer.Vidar outbound connection attempt

blog.minerva-labs.com/a-long-list-of-arkei-stealers-browser-crypto-wallets

59208

MALWARE-CNC Win.Trojan.Ursnif variant outbound connection

virustotal.com/gui/file/08e7c554aac9919a902570d2676ce8d128169ead024fcf41c4d4023c5ad87f43/detection

59043

MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt

virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection

59042

MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt

virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection

59041

MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt

virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection

59040

MALWARE-OTHER Php.Webshell.AK74 inbound connection attempt

virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection

59047

BROWSER-OTHER Slack command injection attempt

CVE-2018-1000006

59046

BROWSER-OTHER Slack command injection attempt

CVE-2018-1000006

59045

MALWARE-OTHER Php.Webshell.AK74 upload attempt

virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection

59044

MALWARE-OTHER Php.Webshell.AK74 download attempt

virustotal.com/gui/file/dc91561fd0b7a555e9e1a26fdd189d18832b9d896f50e7f8afa153773d1a851c/detection

59049

MALWARE-OTHER Php.Webshell.Andela inbound connection attempt

attack.mitre.org/techniques/t1505/003/

59048

MALWARE-OTHER Php.Webshell.Generic outbound connection attempt

attack.mitre.org/techniques/t1505/003/

59204

MALWARE-OTHER Win.Trojan.Saintbot variant binary download attempt

virustotal.com/gui/file/e8207e8c31a8613112223d126d4f12e7a5f8caf4acaaf40834302ce49f37cc9c/detection

59021

MALWARE-OTHER Php.Webshell.Antichat download attempt

attack.mitre.org/techniques/t1505/003/

59023

MALWARE-CNC Php.Webshell.Antichat outbound connection attempt

attack.mitre.org/techniques/t1505/003/

59022

MALWARE-OTHER Php.Webshell.Antichat upload attempt

attack.mitre.org/techniques/t1505/003/

59025

MALWARE-CNC Php.Webshell.Antichat inbound connection attempt

attack.mitre.org/techniques/t1505/003/

59024

MALWARE-CNC Php.Webshell.Antichat outbound connection attempt

attack.mitre.org/techniques/t1505/003/

59114

SERVER-APACHE Apache Druid JDBC connection remote code execution attempt

CVE-2021-26919

59116

PROTOCOL-OTHER Git LFS clone arbitrary code execution attempt

CVE-2021-21300

59004

OS-WINDOWS Microsoft Windows NPFS file system privilege escalation attempt

CVE-2022-22715

59001

OS-WINDOWS Microsoft Windows Kernel privilege escalation attempt

CVE-2022-21989

59218

MALWARE-OTHER Php.Webshell.C99Madnet outbound connection attempt

attack.mitre.org/techniques/t1505/003/

59219

MALWARE-OTHER Php.Webshell.C99Madnet inbound connection attempt

ttack.mitre.org/techniques/t1505/003/

59186

MALWARE-OTHER Win.Trojan.WhisperGate download attempt

virustotal.com/gui/file/c825afb0e994371ad88161d58989a1bf8686235acbcbd2cc9f9fd0dd76a7bfa9

59184

MALWARE-OTHER Win.Trojan.WhisperGate download attempt

virustotal.com/gui/file/c1f55ec94719afbf2b057c1e84fe2c1e8f76f490ee86d1272fac305126c1fdd9

59182

MALWARE-OTHER Win.Trojan.WhisperGate download attempt

virustotal.com/gui/file/d2b21cd01a1f68bca4b5186ee57234bd2595edec585f2b612ff377abbf60d582

59181

MALWARE-OTHER Win.Trojan.WhisperGate backwards DLL download attempt

virustotal.com/gui/file/923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6

59188

MALWARE-OTHER Win.Trojan.WhisperGate download attempt

virustotal.com/gui/file/87fc64935ce635388ca587082859b5d7dd316a9cfa358284ec5bc582d403f827

59239

MALWARE-OTHER Win.Trojan.Generic download attempt

59230

MALWARE-CNC Win.Trojan.MuddyWater outbound connection attempt

virustotal.com/en/file/fb69c821f14cb0d89d3df9eef2af2d87625f333535eb1552b0fcd1caba38281f/analysis/

59259

MALWARE-OTHER Php.Webshell.Bypass inbound connection attempt

attack.mitre.org/techniques/t1505/003/

59252

MALWARE-CNC Win.Infostealer.PhoenixStealer outbound connection

virustotal.com/gui/file/33e5d605c1c13a995d4a2d7cb9dca9facda4c97c1c7b41dc349cc756bfc0bd67/detection

59253

MALWARE-CNC Win.Infostealer.PhoenixStealer outbound connection

virustotal.com/gui/file/33e5d605c1c13a995d4a2d7cb9dca9facda4c97c1c7b41dc349cc756bfc0bd67/detection

59250

MALWARE-TOOLS Win.Malware.HermeticWizard variant download attempt

59256

OS-LINUX Linux Kernel Dirty Pipe privilege escalation attempt

CVE-2022-0847

59254

MALWARE-OTHER Win.Infostealer.PhoenixStealer download attempt

virustotal.com/gui/file/8881b797c89c4349ccadca96d22ea9d26b5b5b490131fc2e1ab420da813a950b/detection

59084

FILE-PDF Adobe Acrobat PDF buttonGetIcon use-after-free attempt

CVE-2021-39836

24265

MALWARE-OTHER Malicious UA detected on non-standard port

anubis.iseclab.org/?action=result&task_id=1691c3b8835221fa4692960681f39c736&format=html

59105

FILE-PDF Adobe Acrobat PDF thermometer use-after-free attempt

CVE-2021-28640

59101

FILE-PDF Adobe Acrobat PDF AcroForm addField use-after-free attempt

CVE-2021-28635

58992

MALWARE-CNC User-Agent known malicious user-agent string - Mirai

virustotal.com/en/file/3908cc1d8001f926031fbe55ce104448dbc20c9795b7c3cfbd9abe7b789f899d/analysis/

58993

OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attempt

CVE-2022-22718

58990

MALWARE-CNC Win.Trojan.Saintbot variant outbound connection

58991

MALWARE-OTHER Windows Defender disable script detected

58999

OS-WINDOWS Microsoft Windows Desktop Window Manager type confusion attempt

CVE-2022-21994

59142

MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt

ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf

59143

MALWARE-OTHER Unix.Trojan.CyclopsBlink download attempt

ncsc.gov.uk/files/cyclops-blink-malware-analysis-report.pdf

59145

MALWARE-OTHER Win.Trojan.Redline variant download attempt

blogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update

59149

MALWARE-CNC Win.Trojan.Redline variant outbound request detected

blogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update

59244

MALWARE-OTHER Win.Trojan.Raccoon download attempt

virustotal.com/gui/file/c2cc34d159ec0122c7b5d106755477fc2f9ac6df23a9b0dc49f1657acf4a6d0e

59169

MALWARE-CNC Win.Malware.SunSeed payload download attempt

virustotal.com/gui/file/31d765deae26fb5cb506635754c700c57f9bd0fc643a622dc0911c42bf93d18f/detection

59160

MALWARE-CNC Win.Trojan.Redline variant outbound request detected

blogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update

59162

MALWARE-OTHER Win.Ransomware.WhiteBlackCrypt variant binary download attempt

virustotal.com/gui/file/a2d60af7bebac9b299db109f8162ed6335fb5dda08f57f00e9dc809d4f138428

59166

MALWARE-CNC Xls.Downloader.SunSeed payload download attempt

virustotal.com/gui/file/a8fd0a5de66fa39056c0ddf2ec74ccd38b2ede147afa602aba00a3f0b55a88e0/detection

59167

MALWARE-CNC Xls.Downloader.SunSeed payload download attempt

virustotal.com/gui/file/d7ce7d6de1aa23c9f54a11a84238ec07281745e4ba67ad1b548c71cc18158891/detection

59088

SERVER-APACHE Apache Shiro HTTP Cookie insecure deserialization attempt

CVE-2016-4437

59150

MALWARE-CNC Win.Trojan.Redline variant outbound request detected

blogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update

59054

MALWARE-OTHER Php.Webshell.Alpha inbound connection attempt

virustotal.com/gui/file/6f13fa5a8e42bfdd127f17410bde002872de149b47e9153fb5b36ba007341306/detection

59055

MALWARE-OTHER Php.Webshell.Alpha outbound connection attempt

virustotal.com/gui/file/6f13fa5a8e42bfdd127f17410bde002872de149b47e9153fb5b36ba007341306/detection

59056

MALWARE-OTHER Php.Webshell.Generic download attempt

virustotal.com/gui/file/6f13fa5a8e42bfdd127f17410bde002872de149b47e9153fb5b36ba007341306/detection

59057

MALWARE-OTHER Php.Webshell.Generic upload attempt

virustotal.com/gui/file/6f13fa5a8e42bfdd127f17410bde002872de149b47e9153fb5b36ba007341306/detection

59050

MALWARE-OTHER Php.Webshell.Andela download attempt

attack.mitre.org/techniques/t1505/003/

59051

MALWARE-OTHER Php.Webshell.Andela upload attempt

attack.mitre.org/techniques/t1505/003/