Netskope Help

CTEP/IPS Threat Content Update Release Notes 96.1.1.221

Refer to the following summary of signatures deployed with the IPS content release:

  • Total signatures: 21221

  • Signatures added: 74

  • Signatures modified: 17

  • Signatures removed: 04

Signatures Added

SID

Description

Reference

150169

MALWARE-CNC Subtlelime.Generic.Beacon outgoing connection detected-5

-

150168

MALWARE-CNC Subtlelime.Generic.Beacon outgoing connection detected-4

-

150167

MALWARE-CNC Birdwatch.Generic connection detected-1

-

150166

MALWARE-CNC Pyxie.Generic C2 traffic detected-1

-

150165

MALWARE-CNC Brickhouse.Get.Generic traffic detected-1

-

150164

MALWARE-CNC Emotet.Exfill C2 traffic detected

-

150163

MALWARE-CNC Emotet.Generic.DLL payload detected

-

150162

MALWARE-CNC Remcos.APT.bits traffic detected

-

150161

MALWARE-CNC Grimagent.Generic C2 traffic detected-3

-

150160

MALWARE-CNC Newpass.Generic C2 traffic detected-1

-

150325

MALWARE-CNC Command and Control BARTALEX instruction retrieval

-

150324

MALWARE-CNC Command and Control - AZORULT C2 communication variant1

-

150327

MALWARE-CNC Command and Control - BEARHUT C2 beacon

-

150326

MALWARE-CNC Command and Control BARTALEX instruction retrieval

-

150329

MALWARE-CNC Command and Control - DOUBLEBACK variant 1 and 2

-

150328

MALWARE-CNC Command and Control - AZORULT C2 communication variant 1

-

150308

MALWARE-CNC Command and Control Banking Trojan Pinterest Checkin

-

150259

MALWARE-CNC Command and Control - APT41 DEADEYE C2 communication detected

-

150258

MALWARE-CNC Command and Control - APT41 MOPSLED POST check-in detected

-

150255

MALWARE-CNC Command and Control - GhostEmperor C2 communication detected

-

150254

MALWARE-CNC Command and Control - MIRAGE check-in detected

-

150257

MALWARE-CNC Command and Control - APT41 POISONPLUG C2 check-in detected

-

150256

MALWARE-CNC Command and Control - APT41 SOGU POST beacon variant 2 detected

-

150251

MALWARE-CNC Command and Control - EMOTET Malware C2 check-in variant 2 detected

-

150250

MALWARE-CNC Command and Control - IXESHEMECKLOW check-in detected

-

150253

MALWARE-CNC Command and Control - LITRECOLA check-in detected

-

150252

MALWARE-CNC Command and Control - FIN13 DRAWSTRING C2 communication detected

-

150276

MALWARE-CNC Command and Control - WSHRAT beacon variant 2 detected

-

150275

MALWARE-CNC Command and Control - TEMP.Armageddon Winter 2022 Bomb Threat Lure variant 4 detected

-

150274

MALWARE-CNC Command and Control - STILLBOT Hardcoded IP callout detected

-

150273

MALWARE-CNC Command and Control - NUGGETPHANTOM Post-exploitation traffic variant 3 detected

-

150272

MALWARE-CNC Command and Control - NUGGETPHANTOM Post-exploitation traffic variant 2 detected

-

150270

MALWARE-CNC Command and Control - APT34 TWOTONE check-in detected

-

150156

MALWARE-CNC Subtlelime.Generic.Beacon outgoing connection detected-1

-

150155

MALWARE-CNC Birdwatch.Generic connection detected

-

150152

MALWARE-CNC Delimeat.Generic check-in traffic detected

-

150158

MALWARE-CNC Axeterror.Generic.Beacon outgoing connection detected-1

-

150159

MALWARE-CNC Beacon.Dropper.Generic outgoing connection detected

-

150271

MALWARE-CNC Command and Control - NUGGETPHANTOM Post-exploitation traffic variant 1 detected

-

150170

MALWARE-CNC Beacon.Dropper.Generic outgoing connection detected-1

-

150171

MALWARE-CNC Grimagent.Generic C2 traffic detected-4

-

150172

MALWARE-CNC Remcos.APT.bits.Head traffic detected-1

-

150173

MALWARE-CNC Remcos.APT.bits.Get traffic detected-1

-

150174

MALWARE-CNC PowerShell Empire variant outbound connection

-

150175

MALWARE-CNC Uppercut.check-in C2 traffic detected-1

-

150332

MALWARE-CNC Command and Control - DOUBLEDROP variant 1

-

150333

MALWARE-CNC Command and Control - DOUBLEDROP variant 2

-

150330

MALWARE-CNC Command and Control - DOUBLEBACK variant 3 and 4

-

150331

MALWARE-CNC Command and Control - DOUBLEBACK variant 5 and 6

-

150336

MALWARE-CNC Command and Control BEACON check-in

-

150337

MALWARE-CNC Command and Control - BAZARLOADER C2 traffic variant 3

-

150334

MALWARE-CNC Command and Control - DOUBLEDROP variant 3

-

150335

MALWARE-CNC Command and Control - Banking Trojan Pinterest check-in

-

150338

MALWARE-CNC Command and Control WINEKEY payload request

-

150417

MALWARE-CNC Emotet.Beacon C2 traffic detected-2

-

150416

MALWARE-CNC Emotet.Beacon C2 traffic detected-1

-

150157

MALWARE-CNC Subtlelime.Generic.Beacon outgoing connection detected-3

-

150154

POLICY-OTHER Netskope test string upload test

-

150268

MALWARE-CNC Command and Control - APT28 LITTLENAME C2 communication detected

-

150269

MALWARE-CNC Command and Control - APT28 LITTLENAME C2 communication detected

-

150260

MALWARE-CNC Command and Control - APT41 BEACON C2 check-in detected

-

150261

MALWARE-CNC Command and Control - APT29 BEACON Dropper C2 communication variant 1 detected

-

150262

MALWARE-CNC Command and Control - APT28 SOFACY Janes Campaign February 2018 detected

-

150263

MALWARE-CNC Command and Control - ABCBOT C2 communication variant 1 detected

-

150264

MALWARE-CNC Command and Control - ABCBOT beacon detected

-

150265

MALWARE-CNC Command and Control - TEMP.Hermit ONESTEP check-in detected

-

150266

MALWARE-CNC Command and Control - KEGTAP update payload request detected

-

150267

MALWARE-CNC Command and Control - KEGTAP Second Stage payload request detected

-

150413

MALWARE-CNC Spicytuna.Generic.Post traffic detected

-

150414

MALWARE-CNC Temp.Armageddon.APT 2020 Campaign traffic detected-1

-

150141

MALWARE-CNC Clubhouse.Generic C2 beacon detected

-

150415

MALWARE-CNC Emotet.Generic.Encrypted check-in traffic detected

-

150419

MALWARE-CNC Zerot.Generic C2 beacon detected

-

150418

MALWARE-CNS Emotet.Generic C2 check-in traffic detected

-