Skip to main content

Netskope Help

CTEP/IPS Threat Content Update Release Notes 100.0.1.298

Refer to the following summary of signatures deployed on 7th February, 2023 with the IPS content release:

  • Total signatures: 20301

  • Signatures added : 19

  • Signatures modified: 03

  • Signatures removed: 30

Signatures Added

SID

Description

Reference

140139

MALWARE-CNC HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

No Reference

150579

MALWARE-CNC Roboto.C2.Web outbound traffic detected

No Reference

150574

MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection

No Reference

150575

MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection

No Reference

150576

MALWARE-CNC GhostMiner.Ccbot.Trojan.C2.Web variant outbound connection

No Reference

150577

MALWARE-CNC Echobot.C2.Web.Communication outbound traffic detected

No Reference

150571

MALWARE-CNC MAJIKPOS.Beacon traffic detected

No Reference

150572

MALWARE-CNC MODPOS.Beacon traffic detected

No Reference

150573

MALWARE-CNC PoisonPlug.checkin traffic detected

No Reference

150290

MALWARE-CNC A101-031 Command and Control - MAZE C2 Beacon Variant2

No Reference

140140

MALWARE-CNC Win32/Suspected Reverse Shell Connection

github.com/eset/malware-ioc/tree/master/donot

140141

MALWARE-CNC Cobalt Strike Beacon (Bing Profile)

twitter.com/thedfirreport/status/1376878123061551104

150578

MALWARE-CNC Ngioweb.Botnet.Communication outbound traffic detected

No Reference

140144

MALWARE-CNC Possible Metasploit Payload Common Construct Bind_API (from server)

No Reference

140145

MALWARE-CNC Cobalt Strike Malleable C2 (Unknown Profile)

No Reference

140146

MALWARE-CNC Cobalt Strike Beacon Observed

No Reference

140142

MALWARE-CNC Cobalt Strike Malleable C2 JQuery Custom Profile Response

No Reference

140143

MALWARE-CNC Cobalt Strike Malleable C2 JQuery Custom Profile M3

No Reference

150289

MALWARE-CNC A100-277 Command and Control - APT35 SHAMOON C2 Beacon

virustotal.com/en/file/61c1c8fc8b268127751ac565ed4abd6bdab8d2d0f2ff6074291b2d54b0228842/analysis/

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 50518

  • 60483

  • 59209

  • 40073

  • 34518