Skip to main content

Netskope Help

CTEP/IPS Threat Content Update Release Notes 99.0.0.264

Refer to the following summary of signatures deployed on 15th November, 2022 with the IPS content release:

  • Total signatures: 20169

  • Signatures added: 51

  • Signatures modified: 00

  • Signatures removed: 02

Signatures Added

SID

Description

Reference

60442

MALWARE-OTHER Win.Trojan.Redline variant download attempt

virustotal.com/gui/file/6e1137447376815e733c74ab67f202be0d7c769837a0aaac044a9b2696a8fa89/details

60440

MALWARE-CNC Win.Trojan.ModernLoader outbound communication attempt

www.virustotal.com/gui/file/1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c

60447

PROTOCOL-VOIP Realtek eCos SDK SIP parsing stack buffer overflow attempt

CVE-2022-27255

60446

PROTOCOL-VOIP Realtek eCos SDK SIP parsing stack buffer overflow attempt

CVE-2022-27255

60445

MALWARE-CNC Win.Trojan.Matanbuchus outbound communication attempt

www.virustotal.com/gui/file/af356a39a298f6a48f8091afc2f2fc0639338b11813f4f4bd05aba4e65d2bbe3

60444

MALWARE-OTHER Win.Trojan.Matanbuchus variant binary download attempt

www.virustotal.com/gui/file/af356a39a298f6a48f8091afc2f2fc0639338b11813f4f4bd05aba4e65d2bbe3

60428

MALWARE-CNC Win.Trojan.BoratRat outbound connection request

www.virustotal.com/gui/file/sha256/70566aebcd8c141e593d00e189a43ee1d9b08e745aaf3043153c2087ba8c2671

150185

MALWARE-CNC Artshow C2 POST communication detected

No reference

150187

MALWARE-CNC Artshow C2 POST communication detected

No reference

150186

MALWARE-CNC Artshow C2 GET communication detected

No reference

150538

MALWARE-CNC APT42.Chairsmack.Variant traffic detected

No reference

150539

MALWARE-CNC APT42.Pineflower.Beacon traffic detected

No reference

150536

MALWARE-CNC Zumkong.C2 traffic detected

No reference

150537

MALWARE-CNC APT42.Chairsmack.Variant traffic detected

No reference

60834

BROWSER-IE Microsoft Windows Scripting Engine use-after-free attempt

CVE-2022-41118

60832

OS-WINDOWS Microsoft Windows CNG Key Isolation Service elevation of privilege attempt

CVE-2022-41125

60816

OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt

CVE-2022-41109

60819

OS-WINDOWS Windows Win32 Kernel subsystem elevation of privilege attempt

CVE-2022-41113

60821

OS-WINDOWS Microsoft Windows DWM core library elevation of privilege attempt

CVE-2022-41096

60457

FILE-OTHER UnRAR directory traversal attempt

CVE-2022-30333

60450

MALWARE-CNC Win.Trojan.SVCReady outbound connection attempt

virustotal.com/en/file/d3e69a33913507c80742a2d7a59c889efe7aa8f52beef8d172764e049e03ead5/analysis/

60451

MALWARE-OTHER Php.Webshell.Erne inbound connection attempt

attack.mitre.org/techniques/T1505/003/

60452

MALWARE-OTHER Php.Webshell.Erne inbound connection attempt

attack.mitre.org/techniques/T1505/003/

60453

MALWARE-OTHER Php.Webshell.Erne outbound connection attempt

attack.mitre.org/techniques/T1505/003/

60438

MALWARE-CNC Win.Trojan.ModernLoader inbound communication attempt

www.virustotal.com/gui/file/1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c

60439

MALWARE-CNC Win.Trojan.ModernLoader outbound communication attempt

www.virustotal.com/gui/file/1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c

60432

OS-LINUX Linux kernel PTRACE_TRACEME pkexec escalation of privileges attempt

CVE-2019-13272

60430

OS-WINDOWS Microsoft Windows Event Tracing privilege escalation attempt

CVE-2021-34486

60437

MALWARE-CNC Win.Trojan.ModernLoader inbound communication attempt

www.virustotal.com/gui/file/1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c

60417

OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt

CVE-2022-21882

150193

MALWARE-CNC UNC1733.Pyxie.C2 traffic detected

No reference

150196

MALWARE-CNC Timesplit.C2 traffic detected

No reference

150197

MALWARE-CNC Timesplit.HTTP.Get.C2 traffic detected

No reference

150194

MALWARE-CNC UNC3840.Birdbait.C2 traffic detected

No reference

150195

MALWARE-CNC UNC3840.Birdbait.C2 traffic detected

No reference

150198

MALWARE-CNC APT29.Bluestealer.C2 traffic detected

No reference

150199

MALWARE-CNC Smokedham.C2 traffic detected

No reference

150508

MALWARE-CNC Armageddon.Remotetemplate.Download detected

No reference

150505

MALWARE-CNC Zagros.Sourspigot.C2 traffic detected

No reference

150504

MALWARE-CNC Armageddon.ObfuscatedVBS.C2 traffic detected

No reference

150507

MALWARE-CNC Armageddon.Remotetemplate.Download detected

No reference

150506

MALWARE-CNC Armageddon.Remotetemplate.Download detected

No reference

150501

MALWARE-CNC APT41.Crackshot.Beacon traffic detected

No reference

150502

MALWARE-CNC UNC2565.Gootloader.C2 traffic detected

No reference

60823

OS-WINDOWS Microsoft Windows HTTP.sys elevation of privilege attempt

CVE-2022-41057

150541

MALWARE-CNC APT42.Tamecat.Post traffic detected

No reference

150540

MALWARE-CNC APT42.Tamecat.Get traffic detected

No reference

150543

MALWARE-CNC APT42.Vinethorn.POST traffic detected

No reference

150542

MALWARE-CNC APT42.Vinethorn.Beacon traffic detected

No reference

150545

MALWARE-CNC APT42.Vinethorn.POST traffic detected

No reference

150544

MALWARE-CNC APT42.Vinethorn.POST traffic detected

No reference

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 26292

  • 56933