Netskope Help

CTEP/IPS Threat Content Update Release Notes 96.0.1.208

Refer to the following summary of signatures deployed with the IPS content release:

  • Total signatures : 21133

  • Signatures added : 146

  • Signatures modified : 01

  • Signatures removed : 02

Signatures Added

SID

Description

Reference

59766

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

59762

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

59858

FILE-OTHER Omron CX-One CX-Programmer malicious cxp file download attempt

CVE-2019-6556

140878

MALWARE-CNC Metastealer communication channel identified

research.nccgroup.com/2022/05/20/metastealer-filling-the-racoon-void/

59786

FILE-MULTIMEDIA Apple QuickTime ftab atom buffer overflow attempt

CVE-2014-1246

150123

MALWARE-CNC Poshrat.Systeminfo information leakage C2 channel detected

-

150122

MALWARE-CNC Pony.check-in C2 communication traffic detected

-

150121

MALWARE-CNC Nutwaffle C2 communication traffic detected

-

150120

MALWARE-CNC Punchbuggy.check-in C2 communication traffic detected

-

150127

MALWARE-CNC Silenttrininty.C2 traffic detected

-

150126

MALWARE-CNC Scanbox.Check-in traffic detected

-

150125

MALWARE-CNC PutterPanda.HTTPBeacon C2 traffic detected

-

150124

MALWARE-CNC Powruner.PS1.check-in C2 traffic detected

-

150129

MALWARE-CNC Uppercut.check-in C2 traffic detected

-

150128

MALWARE-CNC Smokeloader.C2 traffic detected

-

59764

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

59768

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

150321

MALWARE-CNC Command and Control - DOUBLEDROP variant 1

-

150320

MALWARE-CNC Command and Control - DOUBLEBACK variant 6

-

150323

MALWARE-CNC Command and Control - DOUBLEDROP variant 3

-

150322

MALWARE-CNC Command and Control - DOUBLEDROP variant 2

-

59744

SERVER-WEBAPP TuziCMS SQL injection attempt

CVE-2022-23882

59748

SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt

CVE-2022-28818

59749

SERVER-WEBAPP Adobe ColdFusion cross-site scripting attempt

CVE-2022-28818

150300

MALWARE-CNC Command and Control - AZORULT C2 communication variant 1

-

150307

MALWARE-CNC Command and Control AZORUL C2 communication variant 8

-

140135

MALWARE OTHER JAVA JRE1.7 Applet Remote Code Execution

-

140137

MALWARE OTHER Java7 JRE/JDK Applet Remote Code Execution

CVE-2012-4681

140136

MALWARE OTHER Firefox Proto crmf request

CVE-2012-3993

59722

SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt

success.trendmicro.com/solution/1116750

59723

SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt

success.trendmicro.com/solution/1116750

59720

SERVER-WEBAPP Xinuos Openserver command injection attempt

CVE-2020-25494

59721

SERVER-WEBAPP Xinuos Openserver command injection attempt

CVE-2020-25494

59701

POLICY-OTHER Golang get remote command execution attempt

CVE-2018-16873

59704

POLICY-OTHER Golang get remote command execution attempt

CVE-2018-16873

59848

FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor DPB GIFFILE stack buffer overflow attempt

CVE-2020-7002

59830

FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt

CVE-2014-0301

59700

POLICY-OTHER Golang get remote command execution attempt

CVE-2018-16873

59698

FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt

CVE-2011-3170

59795

POLICY-OTHER IBM Data Risk Management administrative login attempt

CVE-2020-4427

140901

MALWARE-CNC PowerShell Empire variant outbound connection

attack.mitre.org/techniques/t1086

140902

MALWARE-CNC Backdoor PUNCHBUGGY outbound connection detected

-

140903

MALWARE-CNC Suspected trojan outbound connection detected

-

140904

MALWARE-CNC Suspected malware outbound connection detected

-

140905

MALWARE-CNC greenflash sundown outbound connection detected

-

59717

FILE-IMAGE Directshow GIF logical width overflow attempt

CVE-2013-3174

59713

FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt

CVE-2013-2460

150211

MALWARE-CNC Command and Control - CRIDEX configuration download detected

-

150210

MALWARE-CNC Command and Control - CORESHELL HTTP Post detected

-

150213

MALWARE-CNC Command and Control - EGGHATCH C2 communication variant 4

-

150212

MALWARE-CNC Command and Control - EGGHATCH C2 communication variant 3 detected

-

150215

MALWARE-CNC Command and Control - FORMBOOK C2 beacon variant 4 detected

-

150214

MALWARE-CNC Command and Control - EGREGOR GET DLL payload detected

-

150217

MALWARE-CNC Command and Control - CROSSWALK check-in detected

-

150216

MALWARE-CNC Command and Control - FORMBOOK C2 beacon variant 5 detected

-

150219

MALWARE-CNC Command and Control - GOOSECHASE Request FINETIDE payload detected

-

150218

MALWARE-CNC Command and Control - GOLDDRAGON C2 communication detected

-

150136

MALWARE-CNC BATELEUR.Generic C2 traffic detected

-

150405

MALWARE-CNC TEMP.Armageddon Russia-Ukraine Conflict Lure variant detected

-

150406

MALWARE-CNC TEMP.Armageddon Bomb Threat Lure variant detected

-

150407

MALWARE-CNC TEMP.Armageddon Bomb Threat Lure variant detected

-

150408

MALWARE-CNC TEMP.Armageddon Bomb Threat Lure variant detected

-

150409

MALWARE-CNC Troibomb.Check-in malware traffic detected

-

150239

MALWARE-CNC Command and Control - PENDOWN beacon variant 2 detected

-

150238

MALWARE-CNC Command and Control - PENDOWN beacon variant 1 detected

-

150232

MALWARE-CNC Command and Control - LOGCABIN Next Stage GET request detected

-

150231

MALWARE-CNC Command and Control - LOUDTRAWL C2 communication variant 1 detected

-

150230

MALWARE-CNC Command and Control - MAZE C2 beacon variant 1 detected

-

150236

MALWARE-CNC Command and Control - PENCILDOWN C2 check-in detected

-

150235

MALWARE-CNC Command and Control - NOKKI FinalstSpy ommunication over HTTP detected

-

150234

MALWARE-CNC Command and Control - NEWPOSTHINGS check-in detected

-

59780

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

59784

FILE-PDF Adobe Acrobat DC memory corruption attempt

CVE-2019-7125

59789

FILE-OTHER ABB Panel Builder BeModBus CommandLineOptions stack-based buffer overflow attempt

CVE-2018-10616

59794

MALWARE-OTHER Win.Trojan.WhisperGate download attempt

virustotal.com/gui/file/35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a

59790

MALWARE-OTHER Win.Trojan.WhisperGate download attempt

virustotal.com/gui/file/35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a

59851

FILE-OTHER Eaton HMiSoft VU3 GIFFILE stack buffer overflow attempt

CVE-2020-10639

150134

MALWARE-CNC Brickhouse.Get.Generic traffic detected

-

150135

MALWARE-CNC Beatdrop.Generic C2 traffic detected

-

150137

MALWARE-CNC Poshrat.Generic C2 traffic detected

-

150130

MALWARE-CNC Sixplus.check-in C2 traffic detected

-

150131

MALWARE-CNC Houseblend.Generic C2 traffic detected

-

150132

MALWARE-CNC Lifeboat.Generic C2 traffic detected

-

150133

MALWARE-CNC Meterpreter.Generic download detected

-

150138

MALWARE-CNC Powerhouse.Generic C2 traffic detected

-

150139

MALWARE-CNC Pyxie.Generic C2 traffic detected

-

59778

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

59770

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

59772

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

59754

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

59756

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

150318

MALWARE-CNC Command and Control - DOUBLEBACK variant 4

-

150319

MALWARE-CNC Command and Control - DOUBLEBACK variant 5

-

150314

MALWARE-CNC Command and Control - BEARHUT C2 beacon

-

150315

MALWARE-CNC Command and Control - DOUBLEBACK variant 1

-

150316

MALWARE-CNC Command and Control - DOUBLEBACK variant 2

-

150317

MALWARE-CNC Command and Control - DOUBLEBACK variant 3

-

150310

MALWARE-CNC Command and Control BARTALEX instruction retrieval

-

150311

MALWARE-CNC Command and Control WINEKEY payload request

-

150312

MALWARE-CNC Command and Control beacon check-in

-

150313

MALWARE-CNC Command and Control - BAZARLOADER C2 traffic variant 3

-

59731

OS-WINDOWS Microsoft Windows Print Spooler escalation of privilege attempt

CVE-2022-29104

59733

OS-WINDOWS Microsoft Windows win32k local privilege escalation attempt

CVE-2022-29142

59736

MALWARE-CNC Win.Trojan.ZxxZ variant outbound connection

www.virustotal.com/gui/file/fa0ed2faa3da831976fee90860ac39d50484b20bee692ce7f0ec35a15670fa92/detection

59719

SERVER-WEBAPP Xinuos Openserver command injection attempt

CVE-2020-25494

59718

SERVER-WEBAPP Xinuos Openserver command injection attempt

CVE-2020-25494

59714

FILE-IMAGE Directshow GIF logical height overflow attempt

CVE-2013-3174

59860

FILE-MULTIMEDIA AVI file chunk length integer overflow attempt

CVE-2011-3834

59862

FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt

CVE-2018-4899

59760

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

59774

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

59776

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

59840

FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt

CVE-2018-5056

59821

OS-WINDOWS Microsoft Windows malicious LNK file download attempt

CVE-2020-0729

59827

FILE-OTHER Adobe Acrobat malicious joboptions file download attempt

CVE-2019-7111

59856

FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor stack buffer overflow attempt

CVE-2020-16199

59831

FILE-IMAGE Microsoft Windows DirectShow JPEG double free attempt

CVE-2014-0301

59758

FILE-OTHER Info-ZIP Unzip malformed extra field buffer overflow attempt

CVE-2014-9636

59681

SERVER-WEBAPP Online Learning Management System SQL injection attempt

exploitdb:49326

59680

SERVER-WEBAPP Online Learning Management System SQL injection attempt

exploitdb:49326

150242

MALWARE-CNC Command and Control - FUNRUN check-in detected

-

150240

MALWARE-CNC Command and Control - PENDOWN beacon variant 3 detected

-

150241

MALWARE-CNC Command and Control - PENDOWN beacon variant 4 detected

-

59745

SERVER-WEBAPP TuziCMS SQL injection attempt

CVE-2022-23882

59702

POLICY-OTHER Golang get remote command execution attempt

CVE-2018-16873

150233

MALWARE-CNC Command and Control - LOCKLOAD check-in detected

-

59724

SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector Virtual Appliance firewall_setting command injection attempt

success.trendmicro.com/solution/1116750

150209

MALWARE-CNC Command and Control - APT38 RATANKBAPOS beacon variant 2 detected

-

150228

MALWARE-CNC Command and Control - MAZE C2 beacon variant 3 detected

-

150229

MALWARE-CNC Command and Control - MAZE C2 beacon variant 2 detected

-

150224

MALWARE-CNC Command and Control - HYTEOD beacon detected

-

150225

MALWARE-CNC Command and Control - MpCmdRun file download detected

-

150226

MALWARE-CNC Command and Control - METALJACK check-in detected

-

150227

MALWARE-CNC Command and Control - MAZE C2 check-in detected

-

150220

MALWARE-CNC Command and Control - HALFSHELL C2 beacon detected

-

150221

MALWARE-CNC Command and Control - NEUTRINO EK Afraidgate LOCKY callback detected

-

150222

MALWARE-CNC Command and Control - HIDDENVALUE C2 beacon variant 1 detected

-

150223

MALWARE-CNC Command and Control - HIDDENVALUE C2 beacon variant 2 detected

-

150412

MALWARE-CNC Zerot.Generic C2 beacon detected

-

150411

MALWARE-CNC Vawtrak.Generic instruction retrieval traffic detected

-

150410

MALWARE-CNC Ursnif.Generic C2 traffic detected

-

150140

MALWARE-CNC Quinstatus.Generic C2 traffic detected

-

150142

MALWARE-CNC Beatdrop.Generic C2 traffic detected

-