Netskope Help

CTEP/IPS Threat Content Update Release Notes 95.0.1.199

Refer to the following summary of signatures deployed with the IPS content release:

  • Total signatures: 20949

  • Signatures added: 110

  • Signatures modified: 09

  • Signatures removed: 05

Signatures Added

SID

Description

Reference

57487

SERVER-WEBAPP Microsoft Exchange MeetingHandler remote code execution attempt

CVE-2021-28482

59625

MALWARE-CNC Win.Downloader.PlugX download attempt

www.virustotal.com/gui/file/bee9c438aced1fb1ca7402ef8665ebe42cab6f5167204933eaa07b11d44641bb/detection

59624

MALWARE-CNC Win.Downloader.PlugX outbound connection

www.virustotal.com/gui/file/709d693fafb10db63a0f27d3ca99ade4e3583359b873cb3abd80d48b604d9914/detection

59489

SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt

CVE-2019-2615

59481

SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt

CVE-2020-13945

59487

FILE-IMAGE LibTIFF tiffcrop integer overflow attempt

CVE-2016-9537

59548

FILE-IMAGE ImageMagick GIF comment off-by-one buffer overflow attempt

CVE-2013-4298

57252

SERVER-MAIL Microsoft Exchange Server arbitrary file write attempt

CVE-2021-27065

57253

SERVER-MAIL Microsoft Exchange Server arbitrary file write attempt

CVE-2021-27065

59560

FILE-OTHER LibreOffice and OpenOffice ODF document PrinterSetup integer underflow attempt

CVE-2015-5212

140810

MALWARE-CNC Communication with the Kelihos C&C Server over HTTP attempt

-

57233

SERVER-OTHER Microsoft Exchange Server Unified Messaging arbitrary code execution attempt

CVE-2021-26857

59505

FILE-OTHER Symantec Norton Antivirus ccScanw.dll Unpack ShortLZ memory corruption attempt

CVE-2016-2207

59500

PUA-OTHER XMRig cryptocurrency miner outbound connection

github.com/xmrig/xmrig

59501

MALWARE-CNC Win.Infostealer.ZingoStealer outbound connection

www.virustotal.com/gui/file/265efd080e5100aadcd7874af4c756cee2887bc9eab3ed51e3306daf81021b16/detection

59353

MALWARE-OTHER Php.Webshell.SmallShell download attempt

attack.mitre.org/techniques/t1505/003/

59352

MALWARE-OTHER Php.Webshell.SmallShelldownload attempt

attack.mitre.org/techniques/t1505/003/

140134

SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity

www.cisa.gov/uscert/ncas/alerts/aa21-062a

140131

SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity

www.cisa.gov/uscert/ncas/alerts/aa21-062a

140130

SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity

www.cisa.gov/uscert/ncas/alerts/aa21-062a

140133

SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity

www.cisa.gov/uscert/ncas/alerts/aa21-062a

140132

SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity

www.cisa.gov/uscert/ncas/alerts/aa21-062a

59623

MALWARE-CNC Win.Downloader.PlugX outbound connection

www.virustotal.com/gui/file/709d693fafb10db63a0f27d3ca99ade4e3583359b873cb3abd80d48b604d9914/detection

59622

MALWARE-CNC Win.Downloader.PlugX outbound connection

www.virustotal.com/gui/file/492fd69150d0cb6765e5201c144e26783b785242f4cf807d3425f8b8df060062/detection

59268

MALWARE-OTHER Win.Trojan.CaddyWiper download attempt

www.virustotal.com/gui/file/a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea/detection

59480

SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt

CVE-2020-13945

59556

PROTOCOL-SCADA RedLion cd3 untrusted pointer dereference attempt

CVE-2019-10984

59553

FILE-JAVA IBM Java SDK privilege escalation attempt

CVE-2012-4822

59424

FILE-OTHER LAquis SCADA LGX report arbitrary file write attempt

CVE-2018-18988

59348

MALWARE-OTHER Php.Webshell.CWShell outbound connection attempt

attack.mitre.org/techniques/t1505/003/

59582

FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt

CVE-2019-10947

59543

FILE-OTHER Red Lion Crimson CD3 file port list type confusion attempt

CVE-2019-10996

59492

FILE-OTHER Microsoft Windows GDI memory corruption attempt

CVE-2018-8472

59503

FILE-IMAGE Microsoft Windows asycfilt.dll malformed jpeg buffer overread attempt

CVE-2016-7212

59490

SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt

CVE-2019-2615

59467

FILE-PDF Foxit Reader and PhantonPDF XFA gotoURL command injection attempt

CVE-2017-10953

59430

MALWARE-OTHER Unix.Malware.B1txor20 download attempt

blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/

59347

MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt

attack.mitre.org/techniques/t1505/003/

59349

MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt

attack.mitre.org/techniques/t1505/003/

59431

MALWARE-OTHER Unix.Malware.B1txor20 download attempt

blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/

140900

MALWARE-CNC Lokibot c2c outbound connection attempt

virustotal.com/gui/file/c9038e31f798119d9e93e7eafbdd3e0f215e24ee2200fcd2a3ba460d549894ab/detection

59405

EXPLOIT-KIT Operation Dream Job profile attempt

virustotal.com/gui/file/03a41d29e3c9763093aca13f1cc8bcc41b201a6839c381aaaccf891204335685

59418

SERVER-OTHER Git HTTP server submodule potential remote code execution attempt

CVE-2017-1000117

59419

SERVER-OTHER Git HTTP server submodule potential remote code execution attempt

CVE-2017-1000117

59422

FILE-OTHER LAquis SCADA LGX report file parsing out-of-bounds write attempt

CVE-2018-18986

59428

FILE-OTHER OMRON CX-One CX-Protocol CSCU type confusion attempt

CVE-2018-19027

59478

FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt

CVE-2018-4904

59476

SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt

CVE-2019-3975

59477

SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt

CVE-2019-3953

59474

FILE-OTHER FreeBSD bspatch utility remote code execution attempt

CVE-2014-9862

140876

MALWARE-CNC Win.Trojan.OleAut32.Win.Trojan.Malicious Activity

www.virustotal.com/gui/file/152c4ed36cdcc5dc3c3f073b90041233a3a7b7b2953c0e21f6d90db393bc8257

59452

FILE-OTHER 7-Zip crafted RAR solid compression memory corruption attempt

CVE-2018-10115

59332

SERVER-WEBAPP Car Rental Management System local file inclusion attempt

CVE-2020-29227

59545

FILE-OTHER HP LoadRunner Controller Scenario file stack buffer overflow attempt

CVE-2015-5426

59552

FILE-JAVA IBM Java SDK privilege escalation attempt

CVE-2012-4822

59632

FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt

CVE-2014-9163

57243

SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt

CVE-2021-26855

57242

SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt

CVE-2021-26855

57241

SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt

CVE-2021-26855

57246

SERVER-WEBAPP Microsoft Exchange Server arbitrary file write attempt

CVE-2021-26858

57245

SERVER-WEBAPP Microsoft Exchange Server arbitrary file write attempt

CVE-2021-26858

57244

SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt

CVE-2021-26855

59575

FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt

CVE-2011-2696

59580

FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt

CVE-2019-10947

140809

MALWARE-CNC Communication with the Kelihos C&C Server over HTTP attempt

-

140808

MALWARE-CNC Communication with aa20-301a using HTTP attempt

www.cisa.gov/uscert/ncas/alerts/aa20-301a

140801

MALWARE-CNC Zeus C&C Connection attempt

malpedia.caad.fkie.fraunhofer.de/details/win.zeus

140803

MALWARE-CNC Ransom.CryptoBit C&C server outbound connection attempt

unit42.paloaltonetworks.com/unit42-cryptobit-another-ransomware-family-gets-an-update/

140802

MALWARE-CNC Zeus C&C Connection attempt

malpedia.caad.fkie.fraunhofer.de/details/win.zeus

140805

MALWARE-CNC Communication with aa20-301a using HTTP attempt

www.cisa.gov/uscert/ncas/alerts/aa20-301a

140806

MALWARE-CNC Communication with aa20-301a using HTTP attempt

www.cisa.gov/uscert/ncas/alerts/aa20-301a

59538

BROWSER-OTHER Electronic Arts Origin Client template injection attempt

CVE-2019-11354

140128

SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity

www.cisa.gov/uscert/ncas/alerts/aa21-062a

140129

SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity

www.cisa.gov/uscert/ncas/alerts/aa21-062a

140124

SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity

www.cisa.gov/uscert/ncas/alerts/aa21-062a

140120

SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt

www.cisa.gov/uscert/ncas/alerts/aa21-062a

140121

SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt

-

53063

POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt

CVE-2020-0692

59273

SERVER-WEBAPP DOTNETNUKE DNNPersonalization Cookie Deserialization RCE

CVE-2018-18326

59463

INDICATOR-SHELLCODE Java object deserialization exploit attempt

CVE-2020-3280

59509

FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt

CVE-2019-1788

59507

FILE-OTHER ClamAV OLE2 uniq_add out of bounds write attempt

CVE-2019-1788

140804

MALWARE-CNC Communication with aa20-301a using HTTP attempt

www.cisa.gov/uscert/ncas/alerts/aa20-301a

140807

MALWARE-CNC Communication with aa20-301a using HTTP attempt

www.cisa.gov/uscert/ncas/alerts/aa20-301a

59491

SERVER-WEBAPP Oracle WebLogic Server FileDistributionServlet information disclosure attempt

CVE-2019-2615

59472

FILE-OFFICE Microsoft JET Database remote code execution attempt

CVE-2018-1003

59354

MALWARE-OTHER Php.Webshell.SmallShell upload attempt

attack.mitre.org/techniques/t1505/003/

59421

MALWARE-CNC Win.Infostealer.MarsStealer outbound connection

www.virustotal.com/gui/file/f67ff70f862cdcb001763c69e88434d335b185a216e2944698f20807df28bdf2/detection

59420

MALWARE-CNC Win.Trojan.GraphSteel outbound connection

www.virustotal.com/gui/file/9e9fa8b3b0a59762b429853a36674608df1fa7d7f7140c8fccd7c1946070995a/detection

59351

MALWARE-OTHER Php.Webshell.SmallShell upload attempt

attack.mitre.org/techniques/t1505/003/

59350

MALWARE-OTHER Php.Webshell.CWShell inbound connection attempt

attack.mitre.org/techniques/t1505/003/

59454

FILE-OTHER Perl archive tar arbitrary file overwrite attempt

CVE-2018-12015

140126

SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity

www.cisa.gov/uscert/ncas/alerts/aa21-062a

140127

SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity

www.cisa.gov/uscert/ncas/alerts/aa21-062a

140125

SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity

www.cisa.gov/uscert/ncas/alerts/aa21-062a

140122

SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt

www.cisa.gov/uscert/ncas/alerts/aa21-062a

140123

SERVER-WEBAPP Microsoft Exchange Server server Web-Shell Activity

www.cisa.gov/uscert/ncas/alerts/aa21-062a

59400

FILE-OFFICE Microsoft Word tblStylePr use after free attempt

CVE-2014-4117

59455

FILE-OTHER Perl archive tar arbitrary file overwrite attempt

CVE-2018-12015

59469

FILE-IMAGE JasPer jp2_decode out of bounds read attempt

CVE-2017-9782

59398

FILE-OFFICE Microsoft Word tblStylePr use after free attempt

CVE-2014-4117

59396

FILE-OFFICE Microsoft Word tblStylePr use after free attempt

CVE-2014-4117

59466

FILE-OTHER Fuji Electric V-Server VPR heap buffer overflow attempt

CVE-2019-18240

59667

SERVER-APACHE SVN URL command injection attempt

CVE-2017-9800

59664

FILE-OFFICE Microsoft Word internal object auto update attempt

CVE-2017-0199

59447

PROTOCOL-SCADA WeCon LeviStudioU HFT font buffer overflow attempt

CVE-2020-16243

59446

MALWARE-CNC Java.Trojan.Verblecon variant outbound connection

www.virustotal.com/gui/file/f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6

59445

MALWARE-CNC Java.Trojan.Verblecon variant outbound connection

www.virustotal.com/gui/file/f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6

59607

MALWARE-CNC Doc.Dropper.Lazarus variant outbound connection

blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/

59584

FILE-OFFICE Microsoft Office XML nested num tag double-free attempt

CVE-2015-1650