Skip to main content

Netskope Help

IPS Threat Content Update Release Notes 101.0.1.314

Refer to the following summary of signatures deployed on 7^th March, 2023 with the IPS content release:

Total signatures: 20407
Signatures added: 58
Signatures modified: 03
Signatures removed: 20

Signatures Added

SID	Description	Reference
61046	MALWARE-OTHER Php.Webshell.HiddenShell download attempt	attack.mitre.org/techniques/T1505/003/
61047	MALWARE-OTHER Php.Webshell.HiddenShell upload attempt	attack.mitre.org/techniques/T1505/003/
61072	MALWARE-OTHER JSP.Webshell.JSPShell upload attempt	attack.mitre.org/techniques/T1505/003/
61073	MALWARE-OTHER JSP.Webshell.JSPShell download attempt	attack.mitre.org/techniques/T1505/003/
61074	MALWARE-CNC JSP.Webshell.JSPShell outbound connection	attack.mitre.org/techniques/T1505/003/
61075	MALWARE-OTHERwin.Ransomware.Agenda variant binary download attempt	www.trendmicro.com/en_us/research/22/l/agenda-ransomware-uses-rust-to-target-more-vital-industries.html
61083	MALWARE-CNC Php.Webshell.IronShell outbound connection	attack.mitre.org/techniques/T1505/003/
61084	MALWARE-CNC Php.Webshell.IronShell inbound connection	attack.mitre.org/techniques/T1505/003/
61085	MALWARE-OTHER HTML.Exploit.C99 suspicious file upload	www.virustotal.com/file/eb8c799f47fad06026e5e454e3dc56902055c9c6c55f5f1ded4f88f53ac9076c/analysis/1350929362/
61096	MALWARE-OTHERwin.Malware.Gazer variant download attempt	www.virustotal.com/gui/file/f16e2fc2e467580a7cac3f09757b048419b73c7687401c9266fbb146c8e449bb
61098	MALWARE-OTHERwin.Malware.Gazer variant download attempt	www.virustotal.com/gui/file/93e36c336b5b20b3c33b7d0f8844572ddcc10046d1fe91b7b106d78c7fea932c
61156	MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt	.attack.mitre.org/techniques/T1505/003/
61157	MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt	attack.mitre.org/techniques/T1505/003/
61158	MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection	attack.mitre.org/techniques/T1505/003/
61159	MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection	attack.mitre.org/techniques/T1505/003/
61160	MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection	attack.mitre.org/techniques/T1505/003/
61161	MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection	attack.mitre.org/techniques/T1505/003/
61174	MALWARE-OTHERwin.Malware.LightNeuron mail transfer agent download	www.virustotal.com/gui/file/88c90c2b123a357423ab3241624cba49d57122ee3b8ff4130504090c174bb09d
61176	MALWARE-OTHERwin.Malware.LightNeuron mail transfer agent download	www.virustotal.com/gui/file/14f530e16e8c6dbac02f1bde53594f01b7edab9c45c4c371a3093120276ffaf1
61182	MALWARE-CNCwin.Spyware.Carbon outbound connection attempt	www.cyber.nj.gov/threat-center/threat-profiles/trojan-variants/carbon
61184	MALWARE-OTHERwindows.Malware.Dacls malware file download attempt	www.virustotal.com/gui/file/82d33a67c68f7c476a9ac1e960abc6a911f797446a2c24f0e13b92af1eb385b8
61186	MALWARE-OTHERwindows.Malware.Dacls malware file download attempt	www.virustotal.com/gui/file/d29bc522d23513cfbb5ff4542382e1b4f0df2fa6bced5fb479cd63b6f902c0eb
61188	MALWARE-OTHER Unix.Malware.Dacls logcollector file download attempt	www.virustotal.com/gui/file/d28a2ab02aeb26914c16089c1121f7fb6d45cad756b125bf18999cdf6da6e6fc
61190	MALWARE-OTHER Unix.Malware.Dacls malware file download attempt	www.virustotal.com/gui/file/ba5b781ebacac07c4b14f9430a23ca0442e294236bd8dd14d1f69c6661551db8
61202	MALWARE-OTHER PowerSploit toolkit download attempt	attack.mitre.org/software/S0194/
61203	MALWARE-OTHER PowerSCCM toolkit download attempt	attack.mitre.org/software/S0194/
61214	MALWARE-OTHERwin.Malware.Gazer variant download attempt	No Reference
61216	MALWARE-OTHERwin.Malware.Gazer variant download attempt	www.virustotal.com/gui/file/9747f2d56b108d80cc4ae05ca6c4809a956c08b40e35c0e7dbf611aca80be9dd
61218	MALWARE-OTHERwin.Malware.Gazer variant download attempt	www.virustotal.com/gui/file/9747f2d56b108d80cc4ae05ca6c4809a956c08b40e35c0e7dbf611aca80be9dd
61220	MALWARE-OTHERwinPWN Powershell toolkit outbound connection attempt	www.github.com/s3cur3th1ssh1t/winpwn
61222	MALWARE-OTHERwinPWN Powershell toolkit outbound connection attempt	www.github.com/s3cur3th1ssh1t/winpwn
61223	MALWARE-CNC User-Agent Sality malicious user agent	No Reference
61224	MALWARE-CNC User-Agent Houdini malicious user agent	No Reference
61250	MALWARE-CNCwin.Dropper.Rhadamanthys variant outbound connection	elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88
61251	MALWARE-CNCwin.Dropper.Rhadamanthys variant outbound connection	elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88
61253	MALWARE-CNCwin.Trojan.StrongPity variant outbound connection	www.minerva-labs.com/blog/a-new-strongpity-variant-hides-behind-notepad-installation/
61259	MALWARE-CNCwin.Trojan.Gamaredon variant outbound connection	No Reference
61261	MALWARE-OTHERwin.Ransomware.MortalKombat variant binary download attempt	www.virustotal.com/gui/file/e5f60df786e9da9850b7f01480ebffced3be396618c230fa94b5cbc846723553
61263	MALWARE-CNCwin.Trojan.LaplasClipper variant outbound connection	www.virustotal.com/gui/file/63ec10e267a71885089fe6de698d2730c5c7bc6541f40370680b86ab4581a47d
61264	MALWARE-CNCwin.Trojan.LaplasClipper variant outbound connection	www.virustotal.com/gui/file/63ec10e267a71885089fe6de698d2730c5c7bc6541f40370680b86ab4581a47d
61265	MALWARE-CNCwin.Downloader.BatLoader variant outbound connection	www.virustotal.com/gui/file/9a5a5d50dea40645697fabc8168cc32faf8e71ca77a2ea3f5f73d1b9a57fc7b0
61274	MALWARE-OTHERwin.Trojan.Turla Crutch backdoor download	www.virustotal.com/gui/file/030cbd1a51f8583ccfc3fa38a28a5550dc1c84c05d6c0f5eb887d13dedf1da01
61305	MALWARE-CNCwin.Trojan.njRAT variant download attempt	www.virustotal.com/gui/file/49562fda46cfa05b2a6e2cb06a5d25711c9a435b578a7ec375f928aae9c08ff2/detection
61307	MALWARE-CNCwin.Trojan.njRAT variant download attempt	www.virustotal.com/gui/file/cd0cd9083db51c81b2cdbc35951ded23c3604379fd68796bc19932ac7e0238fe/detection
61309	MALWARE-CNCwin.Trojan.njRAT variant download attempt	www.virustotal.com/gui/file/50be00fcfe23b947d1a87ed5f052a64482f2674bb6d4db6ff8ab8791778a84ec/detection
61311	MALWARE-CNCwin.Trojan.njRAT variant download attempt	www.virustotal.com/gui/file/98b8abc11b157fc44826263595d6f978db9b345e0e7a0f8aac14b15dded1683a/detection
61317	FILE-OTHER Visual Studio Code malicious ipynb download attempt	CVE-2022-41034
61364	MALWARE-OTHERwin.Trojan.Agent payload download attempt	No Reference
61366	MALWARE-OTHER Doc.Dropper.Agent payload download attempt	No Reference
61379	FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt	CVE-2015-2291
61381	FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt	CVE-2015-2291
61383	FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt	CVE-2015-2291
61389	MALWARE-OTHERwin.Malware.Agent malicious PowerShell script download attempt	No Reference
61391	MALWARE-CNCwin.Malware.Agent data exfiltration attempt	No Reference
61392	SERVER-OTHER Fortinet Fortinac keyUpload.jsp remote code execution attempt	CVE-2022-39952
61401	MALWARE-OTHER Iso.Trojan.BruteRatel binary download attempt	www.virustotal.com/gui/file/1fc7b0e1054d54ce8f1de0cc95976081c7a85c7926c03172a3ddaa672690042c
61403	MALWARE-OTHERwin.Trojan.BruteRatel binary download attempt	www.virustotal.com/gui/file/e1a9b35cf1378fda12310f0920c5c53ad461858b3cb575697ea125dfee829611
61405	MALWARE-OTHERwin.Trojan.BruteRatel binary download attempt	www.virustotal.com/gui/file/e1a9b35cf1378fda12310f0920c5c53ad461858b3cb575697ea125dfee829611

Signatures Removed

Removed the following signatures due to False Positives (FP):

20739
17378
56132
41338
44813
51341
39131
45821
59043
36749
17429
44061
8361
43740
35525
41595
17379
40703
49186
11834

In this section:

Would you like to provide feedback? Just click here to suggest edits.