Skip to main content

Netskope Help

IPS Threat Content Update Release Notes 101.0.0.306

Refer to the following summary of signatures deployed on 21st February, 2023 with the IPS content release:

  • Total signatures: 20369

  • Signatures added: 71

  • Signatures modified: 09

  • Signatures removed: 03

Signatures Added

SID

Description

Reference

140138

POLICY-OTHER eicar file upload detected

No Reference

150580

MALWARE-CNC Ickytick.c2 traffic detected

No Reference

60712

FILE-JAVA Oracle Java JNLP progress-class remote code execution attempt

CVE-2015-4902

60727

POLICY-OTHER OWASP Amass default User-Agent recon traffic detected

owasp.org/www-project-amass/

60728

MALWARE-CNC Win.Trojan.HannabiGrabber info stealer outbound communication

www.virustotal.com/gui/file/082e50f61aa3e649889defae5bccb1249fc1c1281b2b9f02e10cb1ede8a1d16f

60748

MALWARE-CNC Win.Infostealer.MetaStealer outbound connection

www.virustotal.com/gui/file/a0fd6bde5569b5a0abe9c0286b7c5683166f19b76178fc181c12ba15c0143882/detection

60749

MALWARE-CNC Win.Infostealer.MetaStealer outbound connection

www.virustotal.com/gui/file/a0fd6bde5569b5a0abe9c0286b7c5683166f19b76178fc181c12ba15c0143882/detection

60750

MALWARE-CNC Win.Infostealer.MetaStealer outbound connection

www.virustotal.com/gui/file/a0fd6bde5569b5a0abe9c0286b7c5683166f19b76178fc181c12ba15c0143882/detection

60754

OS-LINUX Linux Kernel OverlayFS capabilities escalation of privileges attempt

CVE-2021-3493

60755

MALWARE-CNC Win.Trojan.Astaroth outbound connection attempt

isc.sans.edu/diary/28962

60756

MALWARE-CNC Win.Trojan.Astaroth outbound connection attempt

isc.sans.edu/diary/28962

60758

FILE-OTHER GNU gzip zgrep arbitrary file write attempt

CVE-2022-1271

60759

MALWARE-CNC Ppt.Downloader.Wirte outbound connection

www.virustotal.com/gui/file/1f9d4bb8afa4031027df117e35e6c588893471e6ac8d10a9bc9c3899a48a9ef8

60779

FILE-OTHER GIGABYTE Kernel Driver elevation of privilege attempt

CVE-2018-19322

60794

MALWARE-CNC Win.InfoStealer.Raccoon variant outbound connection

www.virustotal.com/gui/file/5f1cae348c31c954f11e1b846cbcd7ad139c537e1025a5e4a3d314208e329a3c

60795

MALWARE-CNC Win.InfoStealer.Raccoon variant outbound connection

www.virustotal.com/gui/file/5f1cae348c31c954f11e1b846cbcd7ad139c537e1025a5e4a3d314208e329a3c

60814

FILE-OTHER GIGABYTE GPCIDrv and GDrv driver privilege escalation attempt

CVE-2018-19320

60817

MALWARE-CNC Unix.Trojan.RedXOR variant outbound connection

github.com/corelight/redxor

60824

MALWARE-CNC Php.Webshell.GReatPost outbound connection attempt

attack.mitre.org/techniques/T1505/003/

60825

MALWARE-CNC Php.Webshell.GReatPost inbound connection attempt

attack.mitre.org/techniques/T1505/003/

60827

OS-WINDOWS GIGABYTE GPCI and GIO driver privilege escalation attempt

CVE-2018-19321

60828

MALWARE-CNC Win.Backdoor.Hoaxshell outbound connection attempt

virustotal.com/gui/file/c3858ed123a8becd0b01b2a409a9a4d18f5fd1047f5e06675ce1d4af075151a6

60829

MALWARE-OTHER Win.Backdoor.Hoaxshell payload template download attempt

github.com/t3l3machus/hoaxshell

60835

MALWARE-CNC Win.Trojan.TurlaMosquito outbound connection

www.virustotal.com/gui/file/01badf37252ae8092a27fb2a85a21fcf6791c935d09b3c34275d06d960992d64/detection

60836

MALWARE-CNC Win.Trojan.TurlaMosquito outbound connection

www.virustotal.com/gui/file/01badf37252ae8092a27fb2a85a21fcf6791c935d09b3c34275d06d960992d64/detection

60838

OS-WINDOWS MSI afterburner privilege escalation attempt

CVE-2019-16098

60843

MALWARE-CNC Win.Backdoor.TurlaMosquito outbound connection

virustotal.com/gui/file/e7fd14ca45818044690ca67f201cc8cfb916ccc941a105927fc4c932c72b425d/detection

60844

MALWARE-CNC Win.Backdoor.Truebot variant outbound connection

www.virustotal.com/gui/file/c6c4f690f0d15b96034b4258bdfaf797432a3ec4f73fbc920384d27903143cb0

60845

MALWARE-CNC Win.Backdoor.Truebot variant outbound connection

www.virustotal.com/gui/file/c6c4f690f0d15b96034b4258bdfaf797432a3ec4f73fbc920384d27903143cb0

60892

MALWARE-OTHER Doc.Downloader.MetaStealer file download attempt

virustotal.com/gui/file/981247f5f23421e9ed736dd462801919fea2b60594a6ca0b6400ded463723a5e

60894

MALWARE-OTHER Shikata Ga Nai polymorphic encoder encoded shellcode download attempt

virustotal.com/gui/file/0233dcf6417ab33b48e7b54878893800d268b9b6e5ca6ad852693174226e3bed/detection

60902

MALWARE-CNC Win.Infostealer.MetaStealer variant outbound connection

www.virustotal.com/gui/file/a0fd6bde5569b5a0abe9c0286b7c5683166f19b76178fc181c12ba15c0143882/detection

60903

MALWARE-CNC Xls.Downloader.AXQ variant outbound connection

www.virustotal.com/gui/file/51e182045dfcef1336f98859e0fb17754ec9fc2b88d56b2cbf857a7aa038f99c

60916

BROWSER-CHROME V8 CSS prop type defineProperty interceptor confusion attempt

CVE-2022-1232

60918

BROWSER-IE Google Chrome LinkToTextMenuObserver heap use-after-free attempt

CVE-2022-2998

60943

MALWARE-CNC Win.Trojan.Gamaredon outbound communication attempt

www.virustotal.com/gui/file/432123e2e1a1e6026f12d36fea35e83708d6797a9a596613ce39e02f62f88fa8

60945

BROWSER-CHROME Chrome JavaScript Array.map Out-of-Bounds Write attempt

CVE-2019-5825

60948

MALWARE-TOOLS Win.Trojan.Teleport download attempt

www.virustotal.com/gui/file/dd94c2fc46a6670b4600cf439b35dc81a401b09d2c2372139afe7b754d1d24d4

60950

BROWSER-CHROME Google Chrome PDFiumEngine RequestThumbnail use-after-free attempt

CVE-2022-0306

60952

BROWSER-CHROME Google Chrome PDFiumEngine RequestThumbnail use-after-free attempt

CVE-2022-0306

60955

MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt

No Reference

60957

MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt

www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf

60959

MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt

www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf

60961

MALWARE-OTHER Win.Malware.Gazer wiper variant download attempt

www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf

60963

MALWARE-TOOLS Win.Dropper.KopiLuwak browser extension download attempt

virustotal.com/gui/file/cf1f52b0a160f19e3bd2b91ba4135782c9d0dc171a753a2c93fa645bee6ca301

60965

MALWARE-TOOLS Win.Dropper.KopiLuwak download attempt

virustotal.com/gui/file/7481e87023604e7534d02339540ddd9565273dd51c13d7677b9b4c9623f0440b

60969

MALWARE-OTHER Win.Ransomware.Endurance variant download attempt

www.virustotal.com/gui/file/7c2b9f77c0a4302b2bff5a7e08418d572c982e80d178b1bb9928a5f0ecf5d660?nocache=1

60979

MALWARE-CNC Win.Trojan.FormBook malicious XLL outbound connection attempt

virustotal.com/gui/file/55228eec31193a900e8216ab245391f1e40feb742d780caa91fdb1000d8434c2

60980

MALWARE-CNC Win.Trojan.FormBook malicious XLL outbound connection attempt

virustotal.com/gui/file/55228eec31193a900e8216ab245391f1e40feb742d780caa91fdb1000d8434c2

60981

MALWARE-CNC Win.Trojan.FormBook malicious XLL outbound connection attempt

virustotal.com/gui/file/55228eec31193a900e8216ab245391f1e40feb742d780caa91fdb1000d8434c2

60987

FILE-PDF Foxit PhantomPDF JavaScript annotation use-after-free attempt

No Reference

60989

MALWARE-OTHER Win.Malware.Gazer loader variant download attempt

www.virustotal.com/gui/file/2e8ce1b1433ac62f5e665b272abd5e5288bfdf06278528b2f481668e3d85a3ac

60991

MALWARE-OTHER Win.Malware.Gazer loader variant download attempt

No Reference

60993

MALWARE-OTHER Win.Malware.Gazer loader variant download attempt

www.virustotal.com/gui/file/2e8ce1b1433ac62f5e665b272abd5e5288bfdf06278528b2f481668e3d85a3ac

60995

MALWARE-OTHER Win.Malware.Gazer loader variant download attempt

No Reference

60997

MALWARE-OTHER Win.Malware.Gazer loader variant download attempt

No Reference

60999

MALWARE-OTHER Win.Malware.Gazer loader variant download attempt

www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf

61001

MALWARE-OTHER Win.Malware.Gazer loader variant download attempt

www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf

61003

MALWARE-OTHER Win.Malware.Gazer loader variant download attempt

www.virustotal.com/gui/file/4013d3c221c6924e8c525aac7ed0402bd5349a28dcbc20bc1ff6bd09079faacf

61004

POLICY-OTHER Oracle Access Manager deprecated OpenSSO access attempt

CVE-2021-35587

61013

MALWARE-CNC Win.Trojan.FlawedGrace outbound communication attempt

www.virustotal.com/gui/file/27b6e71b4adeada41fb1e411a910872bfad999183d9d43ba6e63602e104d357b

61015

POLICY-OTHER Foxit Reader exportAsFDF potential arbitrary file write attempt

CVE-2018-14280

61017

POLICY-OTHER Foxit Reader exportAsFDF potential arbitrary file write attempt

CVE-2018-14280

61030

BROWSER-CHROME Google Chrome safe_browsing malicious use-after-free attempt

CVE-2022-0289

61031

BROWSER-CHROME Google Chrome safe_browsing malicious use-after-free attempt

CVE-2022-0289

61034

FILE-OTHER Adobe ColdFusion XmlTransform arbitrary file read attempt

CVE-2022-42340

61043

MALWARE-CNC Php.Webshell.H4ntu outbound connection attempt

attack.mitre.org/techniques/T1505/003/

61045

MALWARE-OTHER Win.Downloader.BatLoader malicious PowerShell script download attempt

virustotal.com/gui/file/016d978da55760bbe95343838f2cd0556fe6f39511b1d754fb06db747e867e76

61313

OS-WINDOWS Microsoft Windows Kernel elevation of privilege attempt

CVE-2023-21688

61314

OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt

CVE-2023-21823

61320

OS-WINDOWS Microsoft Windows Common Log File System Driver elevation of privilege attempt

CVE-2023-23376

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 140140

  • 33941

  • 21162

In this section: