Skip to main content

Netskope Help

CTEP/IPS Threat Content Update Release Notes 97.1.1.240

Refer to the following summary of signatures deployed on 1st September, 2022 with the IPS content release:

  • Total signatures : 20482

  • Signatures added : 46

  • Signatures modified : 0

  • Signatures removed: 777

Signatures Added

SID

Description

Reference

59958

MALWARE-OTHER Unix.Trojan.Symbiote variant binary download attempt

www.virustotal.com/gui/file/121157e0fcb728eb8a23b55457e89d45d76aa3b7d01d3d49105890a00662c924

59950

OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attempt

CVE-2022-30190

59955

MALWARE-OTHER Unix.Backdoor.Dnscat2 variant binary download attempt

www.virustotal.com/gui/file/45eacba032367db7f3b031e5d9df10b30d01664f24da6847322f6af1fd8e7f01

60050

MALWARE-CNC Win.Rootkit.Daxin HTTP host information exchange attempt

No reference

60052

BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt

CVE-2020-6383

60057

MALWARE-CNC Win.Trojan.Qakbot variant outbound connection

www.malware-traffic-analysis.net/2022/04/19/index.html

60059

MALWARE-CNC Win.Trojan.Gallium variant outbound beaconing attempt

unit42.paloaltonetworks.com/pingpull-gallium/

60155

BROWSER-WEBKIT Apple Safari WebKit loadInSameDocument use-after-free attempt

CVE-2022-22620

60190

FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt

CVE-2019-6537

59890

OS-WINDOWS Microsoft Support Diagnostic Tool ms-msdt protocol use attempt

CVE-2022-30190

59892

OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attempt

CVE-2022-30190

59894

OS-WINDOWS Microsoft Support Diagnostic Tool remote code execution attempt

CVE-2022-30190

59896

MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection

blog.talosintelligence.com/2020/05/the-wolf-is-back.html

59897

MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection

blog.talosintelligence.com/2020/05/the-wolf-is-back.html

59898

MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection

blog.talosintelligence.com/2020/05/the-wolf-is-back.html

59899

MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection

blog.talosintelligence.com/2020/05/the-wolf-is-back.html

60116

FILE-OTHER Fuji Electric Frenic Loader stack-based buffer overflow attempt

CVE-2018-14802

59878

FILE-OTHER PEAR Archive Tar code deserialization attempt

CVE-2020-28948

59873

FILE-OTHER Fatek Automation PLC WinProladder Tab stack buffer overflow attempt

CVE-2020-16234

59679

FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt

CVE-2017-2960

59902

MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection

blog.talosintelligence.com/2020/05/the-wolf-is-back.html

59903

MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection

blog.talosintelligence.com/2020/05/the-wolf-is-back.html

59900

MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection

blog.talosintelligence.com/2020/05/the-wolf-is-back.html

59901

MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection

blog.talosintelligence.com/2020/05/the-wolf-is-back.html

59928

MALWARE-BACKDOOR Jsp.Webshell.Chopper webshell download attempt

CVE-2022-26134

59929

MALWARE-BACKDOOR Jsp.Webshell.Behinder download attempt

CVE-2022-26134

59920

OS-WINDOWS Microsoft Windows search-ms protocol invocation attempt

CVE-2022-30190

150114

MALWARE-CNC Fakeupdates Check-in and Response C2 Communication traffic detected

No reference

60061

MALWARE-CNC Win.Trojan.Gallium variant outbound beaconing attempt

unit42.paloaltonetworks.com/pingpull-gallium/

59945

FILE-PDF Adobe Acrobat Reader DC out-of-bounds read attempt

CVE-2021-28554

60200

SERVER-OTHER IBM TM1 Planning Analytics unauthenticated remote code execution attempt

CVE-2019-4716

59984

MALWARE-OTHER Win.Ransomware.AvosLocker ransomware binary download

No reference

59982

MALWARE-OTHER Win.Trojan.Mimikatz binary download

No reference

60222

BROWSER-CHROME V8 WebAssembly remote code execution attempt

CVE-2020-15994

60220

BROWSER-CHROME Chrome IPC domDistiller sandbox escape attempt

CVE-2020-6465

60186

FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt

CVE-2019-6537

60048

FILE-PDF Adobe Acrobat Reader DC heap-based buffer overflow attempt

CVE-2021-28560

59870

FILE-OTHER Phoenix Contact Automationworx PLCOpen XML stack buffer overflow attempt

CVE-2020-12497

59969

FILE-OFFICE Microsoft Word malformed jpeg remote code execution attempt

CVE-2016-3318

60182

MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt

www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0

60183

MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt

www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0

60180

MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt

www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0

60181

MALWARE-CNC Win.Trojan.CrimsonRAT outbound communication attempt

www.virustotal.com/gui/file/8b786784c172c6f8b241b1286a2054294e8dc2c167d9b4daae0e310a1d923ba0

60188

FILE-OTHER Wecon LeviStudioU DataLogTool history curve set stack-based buffer overflow attempt

CVE-2019-6537

17276

FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt

CVE-2005-3370

59930

MALWARE-BACKDOOR Jsp.Webshell.Noop download attempt

CVE-2022-26134