Skip to main content

Netskope Help

CTEP/IPS Threat Content Update Release Notes 97.1.1.240

Refer to the following summary of signatures deployed on 1st September, 2022 with the IPS content release:

Total signatures : 20482
Signatures added : 46
Signatures modified : 0
Signatures removed: 777

Signatures Added

SID	Description	Reference
59958	MALWARE-OTHER Unix.Trojan.Symbiote variant binary download attempt	www.virustotal.com/gui/file/121157e0fcb728eb8a23b55457e89d45d76aa3b7d01d3d49105890a00662c924
59950	OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attempt	CVE-2022-30190
59955	MALWARE-OTHER Unix.Backdoor.Dnscat2 variant binary download attempt	www.virustotal.com/gui/file/45eacba032367db7f3b031e5d9df10b30d01664f24da6847322f6af1fd8e7f01
60050	MALWARE-CNC Win.Rootkit.Daxin HTTP host information exchange attempt	No reference
60052	BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt	CVE-2020-6383
60057	MALWARE-CNC Win.Trojan.Qakbot variant outbound connection	www.malware-traffic-analysis.net/2022/04/19/index.html
60059	MALWARE-CNC Win.Trojan.Gallium variant outbound beaconing attempt	unit42.paloaltonetworks.com/pingpull-gallium/
60155	BROWSER-WEBKIT Apple Safari WebKit loadInSameDocument use-after-free attempt	CVE-2022-22620
60190	FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt	CVE-2019-6537
59890	OS-WINDOWS Microsoft Support Diagnostic Tool ms-msdt protocol use attempt	CVE-2022-30190
59892	OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attempt	CVE-2022-30190
59894	OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attempt	CVE-2022-30190
59896	MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection	blog.talosintelligence.com/2020/05/the-wolf-is-back.html
59897	MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection	blog.talosintelligence.com/2020/05/the-wolf-is-back.html
59898	MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection	blog.talosintelligence.com/2020/05/the-wolf-is-back.html
59899	MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection	blog.talosintelligence.com/2020/05/the-wolf-is-back.html
60116	FILE-OTHER Fuji Electric Frenic Loader stack-based buffer overflow attempt	CVE-2018-14802
59878	FILE-OTHER PEAR Archive Tar code deserialization attempt	CVE-2020-28948
59873	FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt	CVE-2020-16234
59679	FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt	CVE-2017-2960
59902	MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection	blog.talosintelligence.com/2020/05/the-wolf-is-back.html
59903	MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection	blog.talosintelligence.com/2020/05/the-wolf-is-back.html
59900	MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection	blog.talosintelligence.com/2020/05/the-wolf-is-back.html
59901	MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection	blog.talosintelligence.com/2020/05/the-wolf-is-back.html
59928	MALWARE-BACKDOOR Jsp.Webshell.Chopper webshell download attempt	CVE-2022-26134
59929	MALWARE-BACKDOOR Jsp.Webshell.Behinder download attempt	CVE-2022-26134
59920	OS-WINDOWS Microsoft Windows search-ms protocol invocation attempt	CVE-2022-30190
150114	MALWARE-CNC Fakeupdates Check-in and Response C2 Communication traffic detected	No reference
60061	MALWARE-CNC Win.Trojan.Gallium variant outbound beaconing attempt	unit42.paloaltonetworks.com/pingpull-gallium/
59945	FILE-PDF Adobe Acrobat Reader DC out-of-bounds read attempt	CVE-2021-28554
60200	SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt	CVE-2019-4716
59984	MALWARE-OTHER Win.Ransomware.AvosLocker ransomware binary download	No reference
59982	MALWARE-OTHER Win.Trojan.Mimikatz binary download	No reference
60222	BROWSER-CHROME V8 WebAssembly remote code execution attempt	CVE-2020-15994
60220	BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt	CVE-2020-6465
60186	FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt	CVE-2019-6537
60048	FILE-PDF Adobe Acrobat Reader DC heap-based buffer overflow attempt	CVE-2021-28560
59870	FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt	CVE-2020-12497
59969	FILE-OFFICE Microsoft Word malformed jpeg remote code execution attempt	CVE-2016-3318
60182	MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt	www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0
60183	MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt	www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0
60180	MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt	www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0
60181	MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt	www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0
60188	FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt	CVE-2019-6537
17276	FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt	CVE-2005-3370
59930	MALWARE-BACKDOOR Jsp.Webshell.Noop download attempt	CVE-2022-26134

In this section:

Would you like to provide feedback? Just click here to suggest edits.