Skip to main content

Netskope Help

CTEP/IPS Threat Content Update Release Notes 98.0.0.257

Refer to the following summary of signatures deployed on 19th October, 2022 with the IPS content release:

Total signatures: 20120
Signatures added: 68
Signatures modified: 20
Signatures removed: 28

Signatures Added

SID	Description	Reference
60252	MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attempt	github.com/laeeth/gomet
60253	MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attempt	github.com/laeeth/gomet
60275	MALWARE-CNC Win.Trojan.Manjusaka outbound connection	No reference
60278	OS-MOBILE SetSockOpts elevation of privilege attempt	CVE-2021-22600
60398	MALWARE-OTHER Robin Banks credential phishing attempt	ironnet.com/blog/robin-banks-a-new-phishing-as-a-service-platform
60405	OS-MOBILE Apple iOS cfprefsd daemon privilege escalation attempt	CVE-2019-7286
60402	MALWARE-CNC Php.Webshell.DToolPro outbound connection attempt	attack.mitre.org/techniques/T1505/003/
60401	MALWARE-CNC Php.Webshell.DToolPro inbound connection attempt	attack.mitre.org/techniques/T1505/003/
60400	MALWARE-OTHER Php.Webshell.DToolPro upload attempt	attack.mitre.org/techniques/T1505/003/
60238	OS-WINDOWS Dell dbutil driver escalation of privilege attempt	CVE-2021-21551
60239	MALWARE-OTHER Win.Ransomware.Magniber download attempt	www.virustotal.com/gui/file/5ebbdce6f734602efb53cbad9f5334930d04382c3aa8d99f16117f4d2d3f5744/detection
60397	MALWARE-OTHER Robin Banks credential phishing attempt	www.ironnet.com/blog/robin-banks-a-new-phishing-as-a-service-platform
60396	BROWSER-CHROME Google Chrome V8 CSS prop type interceptor confusion attempt	CVE-2022-1096
60399	MALWARE-OTHER Php.Webshell.DToolPro download attempt	attack.mitre.org/techniques/T1505/003/
60282	BROWSER-CHROME Intent handling downgrade attempt	CVE-2021-38000
60276	OS-MOBILE SetSockOpts elevation of privilege attempt	CVE-2021-22600
60352	OS-MOBILE MediaTek cmdq driver escalation of privilege attempt	CVE-2020-0069
60354	BROWSER-CHROME V8 getThis type confusion attempt	CVE-2022-1364
60337	MALWARE-CNC Php.Webshell.DiveShell inbound connection attempt	attack.mitre.org/techniques/T1505/003/
60339	MALWARE-OTHER Php.Webshell.DiveShell upload attempt	attack.mitre.org/techniques/T1505/003/
60338	MALWARE-CNC Php.Webshell.DiveShell outbound connection attempt	attack.mitre.org/techniques/T1505/003/
60317	OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attempt	CVE-2022-21999
60315	OS-WINDOWS Microsoft Windows Print Spooler elevation of privilege attempt	CVE-2022-21999
60313	FILE-OTHER Omron CX-Supervisor malicious project file download attempt	CVE-2018-19015
60699	OS-WINDOWS Microsoft Windows DWM Core Library privilege escalation attempt	CVE-2022-37970
60696	OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt	CVE-2022-38050
60694	OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt	CVE-2022-38050
60283	MALWARE-OTHER Php.Webshell.CrewShell inbound connection attempt	attack.mitre.org/techniques/T1505/003/
60285	MALWARE-OTHER Php.Webshell.CrewShell inbound connection attempt	attack.mitre.org/techniques/T1505/003/
60284	MALWARE-OTHER Php.Webshell.CrewShell inbound connection attempt	attack.mitre.org/techniques/T1505/003/
60286	MALWARE-OTHER Php.Webshell.CrewShell outbound connection attempt	attack.mitre.org/techniques/T1505/003/
60250	MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attempt	github.com/laeeth/gomet
60246	FILE-OTHER McAfee Total Protection MTP arbitrary process execution attempt	CVE-2021-23874
150176	MALWARE-CNC Greenflash.Sundown.EK download detected	No reference
60248	MALWARE-OTHER MultiOS.Backdoor.GoMet agent download attempt	github.com/laeeth/gomet
60269	MALWARE-CNC Win.Backdoor.TreeTrunk outbound connection	www.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd
60268	MALWARE-CNC Win.Backdoor.TreeTrunk outbound connection	www.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd
60261	OS-OTHER Apple CoreGraphics library out of bounds write attempt	CVE-2021-30860
60267	MALWARE-OTHER Win.Backdoor.TreeTrunk download attempt	www.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd
60266	MALWARE-CNC Win.Backdoor.TreeTrunk outbound connection	www.virustotal.com/gui/file/sha256/8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd
60264	MALWARE-CNC Win.Backdoor.TreeTrunk outbound connection	www.virustotal.com/gui/file/sha256/-8d9444ac349502314f97d25f000dbabb33e3b9737ac8e77e5e8452b719211edd
60414	BROWSER-WEBKIT JavaScriptCore watchpoint type confusion attempt	CVE-2019-8506
60368	BROWSER-CHROME Chromium V8 Engine remote code execution attempt	CVE-2016-5198
60369	BROWSER-CHROME V8 ReadDenseJSArray out of bounds write attempt	CVE-2018-17480
60366	BROWSER-CHROME V8 Array concat remote code execution attempt	CVE-2017-5030
60362	BROWSER-CHROME Google Chrome Animation timeline use after free attempt	CVE-2022-0609
60344	BROWSER-CHROME WebRTC heap buffer overflow attempt	CVE-2022-2294
60340	MALWARE-OTHER Php.Webshell.DiveShell download attempt	attack.mitre.org/techniques/T1505/003/
60324	MALWARE-CNC MultiOS.Trojan.DarkUtilities variant outbound connection	www.virustotal.com/gui/file/c9deeda7cd7adb4ff584d13ea64cdb50c9e8b5c616f1dff476f372e86c9b9be6
60325	MALWARE-CNC MultiOS.Trojan.DarkUtilities variant outbound connection	www.virustotal.com/gui/file/c9deeda7cd7adb4ff584d13ea64cdb50c9e8b5c616f1dff476f372e86c9b9be6
60327	OS-OTHER Apple multiple products memory corruption attempt	CVE-2020-3837
60300	MALWARE-OTHER Php.Webshell.Cybershell inbound connection attempt	attack.mitre.org/techniques/T1505/003/
60301	MALWARE-OTHER Php.Webshell.Cybershell outbound connection attempt	attack.mitre.org/techniques/T1505/003/
60302	MALWARE-OTHER Php.Webshell.Cybershell outbound connection attempt	attack.mitre.org/techniques/T1505/003/
60407	OS-MOBILE Android Binder out of bounds write attempt	CVE-2020-0041
60709	OS-WINDOWS Windows Win32k.sys bSimpleFill elevation of privilege attempt	CVE-2022-38051
60705	OS-WINDOWS Microsoft Windows Client-Server Runtime Subsystem privilege escalation attempt	CVE-2022-37989
60707	OS-WINDOWS Microsoft Windows Client-Server Runtime Subsystem privilege escalation attempt	CVE-2022-37987
60701	OS-WINDOWS Microsoft Windows Perception Simulation service remote code execution attempt	CVE-2022-37974
60298	MALWARE-OTHER Php.Webshell.Cybershell inbound connection attempt	attack.mitre.org/techniques/T1505/003/
60299	MALWARE-OTHER Php.Webshell.Cybershell upload attempt	attack.mitre.org/techniques/T1505/003/
60292	MALWARE-OTHER Win.Downloader.ChromeLoader payload download attempt	virustotal.com/en/file/8f472d1dac64c1552ec4fa649044e7c29ed441517e2567bcaabc824294e00e81/analysis/
60290	BROWSER-CHROME Google Chrome v8 garbage collector use after free attempt	CVE-2021-37975
60296	MALWARE-OTHER Php.Webshell.Cybershell download attempt	attack.mitre.org/techniques/T1505/003/
60297	MALWARE-OTHER Php.Webshell.Cybershell inbound connection attempt	attack.mitre.org/techniques/T1505/003/
60294	MALWARE-OTHER Win.Downloader.ChromeLoader payload download attempt	virustotal.com/en/file/61d0336d952456c19683169d2fef78c5f5dfdb1f406a2f0e0f7a4c904bdcbadd/analysis/
60295	MALWARE-CNC Win.Downloader.ChromeLoader outbound connection attempt	virustotal.com/en/file/0f6ba4ae41a1f9aea6bc3b83e33dde6417cfd2484aea5406a053d2ec8acd666c/analysis/
60412	BROWSER-WEBKIT Apple WebKit property names type confusion attempt	CVE-2021-1789

Signatures Removed

Removed the following signatures due to False Positives (FP):

17154
17276
32501
36918
46384
58919
150114
150405

Removed the following signatures due to sql.rules are not required:

1057
1058
1059
1060
1077
13512
13513
13991
13992
13993
13994
13995
13996
13997
13998
16431
27723
37643
37648
38993

In this section:

Would you like to provide feedback? Just click here to suggest edits.