Skip to main content

Netskope Help

CTEP/IPS Threat Content Update Release Notes 93.0.1.165

Refer to the following summary of signatures deployed with the IPS content release:

Total signatures: 20709
Signatures added: 36
Signatures modified: 0
Signatures removed: 29

Signatures Added

SID	DESCRIPTION	REFERENCE
59107	OS-WINDOWS Microsoft Windows RDP path redirection remote code execution attempt	CVE-2022-21990
59213	OS-WINDOWS Microsoft Windows Cloud Files Mini Filter driver elevation of privilege attempt	CVE-2022-23286
59210	OS-WINDOWS Microsoft Windows PDEV escalation of privilege attempt	CVE-2022-23299
59216	BROWSER-IE Microsoft Internet Explorer security zone bypass attempt	CVE-2022-24502
59221	OS-WINDOWS Microsoft Windows Winsock local privilege escalation attempt	CVE-2022-24507
58933	MALWARE-OTHER Xls.Dropper.MuddyWater variant download attempt	virustotal/fcdd38ff378605c66 333429d9df2242fbce25a5f6 9f4d6d4c11d9613bcb409b0/
58938	MALWARE-CNC Ps1.Malware.MuddyWater outbound cnc connection	-
58946	FILE-OTHER PEAR Archive Tar code deserialization attempt	CVE-2020-28949
58949	MALWARE-CNC Win.Trojan.Qakbot variant outbound connection	securelist.com/qakbot-techni cal-analysis/103931/
58903	MALWARE-CNC Win.Trojan.Qakbot variant beaconing attempt	virustotal/3ec118323b5c34e d63d56b7969a1cb2c605922 459210c174eb58a6cc19a86 3ea
58904	MALWARE-CNC Win.Trojan.Qakbot variant beaconing attempt	virustotal/3ec118323b5c34e d63d56b7969a1cb2c605922 459210c174eb58a6cc19a86 3ea
58925	MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell download attempt	virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/
58923	MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell inbound connection attempt	virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/
58941	FILE-OTHER PEAR Archive TAR symbolic link file overwrite attempt	CVE-2020-36193
58957	MALWARE-CNC Win.RAT.AridViper outbound connection	virustotal/1d4e54529feef538 50f97f39029a906d53f3d4b2 aea8373e27c413324a55681 c/
58955	OS-LINUX Polkit pkexec privilege escalation attempt	CVE-2021-4034
58958	MALWARE-CNC Win.RAT.AridViper outbound connection	virustotal/1d4e54529feef538 50f97f39029a906d53f3d4b2 aea8373e27c413324a55681 c/
58918	MALWARE-OTHER Php.Webshell.529 inbound connection attempt	virustotal/f1743a695b78e79 4a822f71601fbab666d72043 e06d36988289cd3d95d1c0c 2d/
58919	MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell outbound connection attempt	virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/
58912	MALWARE-OTHER Php.Webshell.AcceptLanguage upload attempt	attack.mitre.org/techniques/t 1505/003/
58913	MALWARE-OTHER Php.Webshell.AcceptLanguage download attempt	attack.mitre.org/techniques/t1505/003/
58916	MALWARE-OTHER Php.Webshell.529 inbound connection attempt	virustotal/f1743a695b78e79 4a822f71601fbab666d72043 e06d36988289cd3d95d1c0c 2d/
58917	MALWARE-OTHER Php.Webshell.529 upload attempt	virustotal/f0c6d7bae013954 6de727a428d7ed5be164517 7dbab0ef25b639336f271af6 06/
58914	MALWARE-OTHER Php.Webshell.529 outbound connection attempt	virustotal/f1743a695b78e79 4a822f71601fbab666d72043 e06d36988289cd3d95d1c0c 2d/
58915	MALWARE-OTHER Php.Webshell.529 download attempt	virustotal/f0c6d7bae013954 6de727a428d7ed5be164517 7dbab0ef25b639336f271af6 06/
58930	MALWARE-OTHER Ps1.Downloader.MuddyWater payload download attempt	virustotal/c9931382f844b61 a002f83db1ae475953bbab4 49529be737df1eee8b3065f6 eb/
58931	MALWARE-OTHER Ps1.Downloader.MuddyWater payload download attempt	virustotal/c9931382f844b61 a002f83db1ae475953bbab4 49529be737df1eee8b3065f6 eb/
58936	MALWARE-OTHER Xls.Dropper.MuddyWater variant download attempt	virustotal/26ed7e89b3c5058 836252e0a8ed9ec6b58f5f82 a2e543bc6a97b3fd17ae3e4 ec/
58937	MALWARE-CNC Ps1.Malware.MuddyWater outbound cnc connection	virustotal/b1e30cce6df16d83 b82b751edca57aa17795d8d 0cdd960ecee7d90832b0ee7 6c/
58943	MALWARE-CNC Win.Malware.Emotet cnc outbound connection attempt	isc.sans.edu/forums/diary/e motet+returns/28044/
140834	MALWARE-OTHER Matanbuchus Qakbot Infection Detected	virustotal/18bd1ae701ff57a6 d1119f18c53350688f41cbac 0ea1ad0cb73234f6ab73340 4
58924	MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell upload attempt	virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/
58922	MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell inbound connection attempt	virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/
58921	MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell inbound connection attempt	virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/
58920	MALWARE-OTHER Php.Webshell.AjaxPHPCommandShell outbound connection attempt	virustotal/b2197156b06c968 90c5c1e06ebe88f1c6e26c5 5a7bcd643db9a1c167728d6 cc6/
58929	MALWARE-OTHER Pdf.Downloader.MuddyWater variant download attempt	virustotal/d7de68febbbdb72f f820f6554afb464b5c204c43 4faa6ffe9b4daf6b691d535f/

In this section:

Would you like to provide feedback? Just click here to suggest edits.