Skip to main content

Netskope Help

CTEP/IPS Threat Content Update Release Notes 98.0.0.257

Refer to the following summary of signatures deployed on 19th October, 2022 with the IPS content release:

  • Total signatures: 20120

  • Signatures added: 68

  • Signatures modified: 20

  • Signatures removed: 28

Signatures Added

SID

Description

Reference

60252

MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attempt

github.com/laeeth/gomet

60253

MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attempt

github.com/laeeth/gomet

60275

MALWARE-CNC Win.Trojan.Manjusaka outbound connection

No reference

60278

OS-MOBILE SetSockOpts elevation of privilege attempt

CVE-2021-22600

60398

MALWARE-OTHER Robin Banks credential phishing attempt

ironnet.com/blog/robin-banks-a-new-phishing-as-a-service-platform

60405

OS-MOBILE Apple iOS cfprefsd daemon privilege escalation attempt

CVE-2019-7286

60402

MALWARE-CNC Php.Webshell.DToolPro outbound connection attempt

attack.mitre.org/techniques/T1505/003/

60401

MALWARE-CNC Php.Webshell.DToolPro inbound connection attempt

attack.mitre.org/techniques/T1505/003/

60400

MALWARE-OTHER Php.Webshell.DToolPro upload attempt

attack.mitre.org/techniques/T1505/003/

60238

OS-WINDOWS Dell dbutil driver escalation of privilege attempt

CVE-2021-21551

60239

MALWARE-OTHER Win.Ransomware.Magniber download attempt

www.virustotal.com/gui/file/5ebbdce6f734602efb53cbad9f5334930d04382c3aa8d99f16117f4d2d3f5744/detection

60397

MALWARE-OTHER Robin Banks credential phishing attempt

www.ironnet.com/blog/robin-banks-a-new-phishing-as-a-service-platform

60396

BROWSER-CHROME Google Chrome V8 CSS prop type interceptor confusion attempt

CVE-2022-1096

60399

MALWARE-OTHER Php.Webshell.DToolPro download attempt

attack.mitre.org/techniques/T1505/003/

60282

BROWSER-CHROME Intent handling downgrade attempt

CVE-2021-38000

60276

OS-MOBILE SetSockOpts elevation of privilege attempt

CVE-2021-22600

60352

OS-MOBILE MediaTek cmdq driver escalation of privilege attempt

CVE-2020-0069

60354

BROWSER-CHROME V8 getThis type confusion attempt

CVE-2022-1364

60337

MALWARE-CNC Php.Webshell.DiveShell inbound connection attempt

attack.mitre.org/techniques/T1505/003/

60339

MALWARE-OTHER Php.Webshell.DiveShell upload attempt

attack.mitre.org/techniques/T1505/003/

60338

MALWARE-CNC Php.Webshell.DiveShell outbound connection attempt

attack.mitre.org/techniques/T1505/003/

60317

OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attempt

CVE-2022-21999

60315

OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attempt

CVE-2022-21999

60313

FILE-OTHER Omron CX-Supervisor malicious project file download attempt

CVE-2018-19015

60699

OS-WINDOWS Microsoft Windows DWM Core Library privilege escalation attempt

CVE-2022-37970

60696

OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt

CVE-2022-38050

60694

OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt

CVE-2022-38050

60283

MALWARE-OTHER Php.Webshell.CrewShell inbound connection attempt

attack.mitre.org/techniques/T1505/003/

60285

MALWARE-OTHER Php.Webshell.CrewShell inbound connection attempt

attack.mitre.org/techniques/T1505/003/

60284

MALWARE-OTHER Php.Webshell.CrewShell inbound connection attempt

attack.mitre.org/techniques/T1505/003/

60286

MALWARE-OTHER Php.Webshell.CrewShell outbound connection attempt

attack.mitre.org/techniques/T1505/003/

60250

MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attempt

github.com/laeeth/gomet

60246

FILE-OTHER McAfee Total Protection MTP arbitrary process execution attempt

CVE-2021-23874

150176

MALWARE-CNC Greenflash.Sundown.EK download detected

No reference

60248

MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attempt

github.com/laeeth/gomet

60269

MALWARE-CNC Win.Backdoor.TreeTrunk outbound connection

www.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd

60268

MALWARE-CNC Win.Backdoor.TreeTrunk outbound connection

www.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd

60261

OS-OTHER Apple CoreGraphics library out of bounds write attempt

CVE-2021-30860

60267

MALWARE-OTHER Win.Backdoor.TreeTrunk download attempt

www.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd

60266

MALWARE-CNC Win.Backdoor.TreeTrunk outbound connection

www.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd

60264

MALWARE-CNC Win.Backdoor.TreeTrunk outbound connection

www.virustotal.com/gui/file/sha256/-8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd

60414

BROWSER-WEBKIT JavaScriptCore watchpoint type confusion attempt

CVE-2019-8506

60368

BROWSER-CHROME Chromium V8 Engine remote code execution attempt

CVE-2016-5198

60369

BROWSER-CHROME V8 ReadDenseJSArray out of bounds write attempt

CVE-2018-17480

60366

BROWSER-CHROME V8 Array concat remote code execution attempt

CVE-2017-5030

60362

BROWSER-CHROME Google Chrome Animation timeline use after free attempt

CVE-2022-0609

60344

BROWSER-CHROME WebRTC heap buffer overflow attempt

CVE-2022-2294

60340

MALWARE-OTHER Php.Webshell.DiveShell download attempt

attack.mitre.org/techniques/T1505/003/

60324

MALWARE-CNC MultiOS.Trojan.DarkUtilities variant outbound connection

www.virustotal.com/gui/file/c9deeda7cd7adb4ff584d13ea64cdb50c9e8b5c616f1dff476f372e86c9b9be6

60325

MALWARE-CNC MultiOS.Trojan.DarkUtilities variant outbound connection

www.virustotal.com/gui/file/c9deeda7cd7adb4ff584d13ea64cdb50c9e8b5c616f1dff476f372e86c9b9be6

60327

OS-OTHER Apple multiple products memory corruption attempt

CVE-2020-3837

60300

MALWARE-OTHER Php.Webshell.Cybershell inbound connection attempt

attack.mitre.org/techniques/T1505/003/

60301

MALWARE-OTHER Php.Webshell.Cybershell outbound connection attempt

attack.mitre.org/techniques/T1505/003/

60302

MALWARE-OTHER Php.Webshell.Cybershell outbound connection attempt

attack.mitre.org/techniques/T1505/003/

60407

OS-MOBILE Android Binder out of bounds write attempt

CVE-2020-0041

60709

OS-WINDOWS Windows Win32k.sys bSimpleFill elevation of privilege attempt

CVE-2022-38051

60705

OS-WINDOWS Microsoft Windows Client-Server Runtime Subsystem privilege escalation attempt

CVE-2022-37989

60707

OS-WINDOWS Microsoft Windows Client-Server Runtime Subsystem privilege escalation attempt

CVE-2022-37987

60701

OS-WINDOWS Microsoft Windows Perception Simulation service remote code execution attempt

CVE-2022-37974

60298

MALWARE-OTHER Php.Webshell.Cybershell inbound connection attempt

attack.mitre.org/techniques/T1505/003/

60299

MALWARE-OTHER Php.Webshell.Cybershell upload attempt

attack.mitre.org/techniques/T1505/003/

60292

MALWARE-OTHER Win.Downloader.ChromeLoader payload download attempt

virustotal.com/en/file/8f472d1dac64c1552ec4fa649044e7c29ed441517e2567bcaabc824294e00e81/analysis/

60290

BROWSER-CHROME Google Chrome v8 garbage collector use after free attempt

CVE-2021-37975

60296

MALWARE-OTHER Php.Webshell.Cybershell download attempt

attack.mitre.org/techniques/T1505/003/

60297

MALWARE-OTHER Php.Webshell.Cybershell inbound connection attempt

attack.mitre.org/techniques/T1505/003/

60294

MALWARE-OTHER Win.Downloader.ChromeLoader payload download attempt

virustotal.com/en/file/61d0336d952456c19683169d2fef78c5f5dfdb1f406a2f0e0f7a4c904bdcbadd/analysis/

60295

MALWARE-CNC Win.Downloader.ChromeLoader outbound connection attempt

virustotal.com/en/file/0f6ba4ae41a1f9aea6bc3b83e33dde6417cfd2484aea5406a053d2ec8acd666c/analysis/

60412

BROWSER-WEBKIT Apple WebKit property names type confusion attempt

CVE-2021-1789

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 17154

  • 17276

  • 32501

  • 36918

  • 46384

  • 58919

  • 150114

  • 150405

Removed the following signatures due to sql.rules are not required:

  • 1057

  • 1058

  • 1059

  • 1060

  • 1077

  • 13512

  • 13513

  • 13991

  • 13992

  • 13993

  • 13994

  • 13995

  • 13996

  • 13997

  • 13998

  • 16431

  • 27723

  • 37643

  • 37648

  • 38993