Skip to main content

Netskope Help

IPS Threat Content Update Release Notes 101.0.1.314

Refer to the following summary of signatures deployed on 7th March, 2023 with the IPS content release:

  • Total signatures: 20407

  • Signatures added: 58

  • Signatures modified: 03

  • Signatures removed: 20

Signatures Added

SID

Description

Reference

61046

MALWARE-OTHER Php.Webshell.HiddenShell download attempt

attack.mitre.org/techniques/T1505/003/

61047

MALWARE-OTHER Php.Webshell.HiddenShell upload attempt

attack.mitre.org/techniques/T1505/003/

61072

MALWARE-OTHER JSP.Webshell.JSPShell upload attempt

attack.mitre.org/techniques/T1505/003/

61073

MALWARE-OTHER JSP.Webshell.JSPShell download attempt

attack.mitre.org/techniques/T1505/003/

61074

MALWARE-CNC JSP.Webshell.JSPShell outbound connection

attack.mitre.org/techniques/T1505/003/

61075

MALWARE-OTHERwin.Ransomware.Agenda variant binary download attempt

www.trendmicro.com/en_us/research/22/l/agenda-ransomware-uses-rust-to-target-more-vital-industries.html

61083

MALWARE-CNC Php.Webshell.IronShell outbound connection

attack.mitre.org/techniques/T1505/003/

61084

MALWARE-CNC Php.Webshell.IronShell inbound connection

attack.mitre.org/techniques/T1505/003/

61085

MALWARE-OTHER HTML.Exploit.C99 suspicious file upload

www.virustotal.com/file/eb8c799f47fad06026e5e454e3dc56902055c9c6c55f5f1ded4f88f53ac9076c/analysis/1350929362/

61096

MALWARE-OTHERwin.Malware.Gazer variant download attempt

www.virustotal.com/gui/file/f16e2fc2e467580a7cac3f09757b048419b73c7687401c9266fbb146c8e449bb

61098

MALWARE-OTHERwin.Malware.Gazer variant download attempt

www.virustotal.com/gui/file/93e36c336b5b20b3c33b7d0f8844572ddcc10046d1fe91b7b106d78c7fea932c

61156

MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt

.attack.mitre.org/techniques/T1505/003/

61157

MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt

attack.mitre.org/techniques/T1505/003/

61158

MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection

attack.mitre.org/techniques/T1505/003/

61159

MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection

attack.mitre.org/techniques/T1505/003/

61160

MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection

attack.mitre.org/techniques/T1505/003/

61161

MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection

attack.mitre.org/techniques/T1505/003/

61174

MALWARE-OTHERwin.Malware.LightNeuron mail transfer agent download

www.virustotal.com/gui/file/88c90c2b123a357423ab3241624cba49d57122ee3b8ff4130504090c174bb09d

61176

MALWARE-OTHERwin.Malware.LightNeuron mail transfer agent download

www.virustotal.com/gui/file/14f530e16e8c6dbac02f1bde53594f01b7edab9c45c4c371a3093120276ffaf1

61182

MALWARE-CNCwin.Spyware.Carbon outbound connection attempt

www.cyber.nj.gov/threat-center/threat-profiles/trojan-variants/carbon

61184

MALWARE-OTHERwindows.Malware.Dacls malware file download attempt

www.virustotal.com/gui/file/82d33a67c68f7c476a9ac1e960abc6a911f797446a2c24f0e13b92af1eb385b8

61186

MALWARE-OTHERwindows.Malware.Dacls malware file download attempt

www.virustotal.com/gui/file/d29bc522d23513cfbb5ff4542382e1b4f0df2fa6bced5fb479cd63b6f902c0eb

61188

MALWARE-OTHER Unix.Malware.Dacls logcollector file download attempt

www.virustotal.com/gui/file/d28a2ab02aeb26914c16089c1121f7fb6d45cad756b125bf18999cdf6da6e6fc

61190

MALWARE-OTHER Unix.Malware.Dacls malware file download attempt

www.virustotal.com/gui/file/ba5b781ebacac07c4b14f9430a23ca0442e294236bd8dd14d1f69c6661551db8

61202

MALWARE-OTHER PowerSploit toolkit download attempt

attack.mitre.org/software/S0194/

61203

MALWARE-OTHER PowerSCCM toolkit download attempt

attack.mitre.org/software/S0194/

61214

MALWARE-OTHERwin.Malware.Gazer variant download attempt

No Reference

61216

MALWARE-OTHERwin.Malware.Gazer variant download attempt

www.virustotal.com/gui/file/9747f2d56b108d80cc4ae05ca6c4809a956c08b40e35c0e7dbf611aca80be9dd

61218

MALWARE-OTHERwin.Malware.Gazer variant download attempt

www.virustotal.com/gui/file/9747f2d56b108d80cc4ae05ca6c4809a956c08b40e35c0e7dbf611aca80be9dd

61220

MALWARE-OTHERwinPWN Powershell toolkit outbound connection attempt

www.github.com/s3cur3th1ssh1t/winpwn

61222

MALWARE-OTHERwinPWN Powershell toolkit outbound connection attempt

www.github.com/s3cur3th1ssh1t/winpwn

61223

MALWARE-CNC User-Agent Sality malicious user agent

No Reference

61224

MALWARE-CNC User-Agent Houdini malicious user agent

No Reference

61250

MALWARE-CNCwin.Dropper.Rhadamanthys variant outbound connection

elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88

61251

MALWARE-CNCwin.Dropper.Rhadamanthys variant outbound connection

elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88

61253

MALWARE-CNCwin.Trojan.StrongPity variant outbound connection

www.minerva-labs.com/blog/a-new-strongpity-variant-hides-behind-notepad-installation/

61259

MALWARE-CNCwin.Trojan.Gamaredon variant outbound connection

No Reference

61261

MALWARE-OTHERwin.Ransomware.MortalKombat variant binary download attempt

www.virustotal.com/gui/file/e5f60df786e9da9850b7f01480ebffced3be396618c230fa94b5cbc846723553

61263

MALWARE-CNCwin.Trojan.LaplasClipper variant outbound connection

www.virustotal.com/gui/file/63ec10e267a71885089fe6de698d2730c5c7bc6541f40370680b86ab4581a47d

61264

MALWARE-CNCwin.Trojan.LaplasClipper variant outbound connection

www.virustotal.com/gui/file/63ec10e267a71885089fe6de698d2730c5c7bc6541f40370680b86ab4581a47d

61265

MALWARE-CNCwin.Downloader.BatLoader variant outbound connection

www.virustotal.com/gui/file/9a5a5d50dea40645697fabc8168cc32faf8e71ca77a2ea3f5f73d1b9a57fc7b0

61274

MALWARE-OTHERwin.Trojan.Turla Crutch backdoor download

www.virustotal.com/gui/file/030cbd1a51f8583ccfc3fa38a28a5550dc1c84c05d6c0f5eb887d13dedf1da01

61305

MALWARE-CNCwin.Trojan.njRAT variant download attempt

www.virustotal.com/gui/file/49562fda46cfa05b2a6e2cb06a5d25711c9a435b578a7ec375f928aae9c08ff2/detection

61307

MALWARE-CNCwin.Trojan.njRAT variant download attempt

www.virustotal.com/gui/file/cd0cd9083db51c81b2cdbc35951ded23c3604379fd68796bc19932ac7e0238fe/detection

61309

MALWARE-CNCwin.Trojan.njRAT variant download attempt

www.virustotal.com/gui/file/50be00fcfe23b947d1a87ed5f052a64482f2674bb6d4db6ff8ab8791778a84ec/detection

61311

MALWARE-CNCwin.Trojan.njRAT variant download attempt

www.virustotal.com/gui/file/98b8abc11b157fc44826263595d6f978db9b345e0e7a0f8aac14b15dded1683a/detection

61317

FILE-OTHER Visual Studio Code malicious ipynb download attempt

CVE-2022-41034

61364

MALWARE-OTHERwin.Trojan.Agent payload download attempt

No Reference

61366

MALWARE-OTHER Doc.Dropper.Agent payload download attempt

No Reference

61379

FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt

CVE-2015-2291

61381

FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt

CVE-2015-2291

61383

FILE-OTHER Intel Network Adapter Diagnostic Driver exploitation attempt

CVE-2015-2291

61389

MALWARE-OTHERwin.Malware.Agent malicious PowerShell script download attempt

No Reference

61391

MALWARE-CNCwin.Malware.Agent data exfiltration attempt

No Reference

61392

SERVER-OTHER Fortinet Fortinac keyUpload.jsp remote code execution attempt

CVE-2022-39952

61401

MALWARE-OTHER Iso.Trojan.BruteRatel binary download attempt

www.virustotal.com/gui/file/1fc7b0e1054d54ce8f1de0cc95976081c7a85c7926c03172a3ddaa672690042c

61403

MALWARE-OTHERwin.Trojan.BruteRatel binary download attempt

www.virustotal.com/gui/file/e1a9b35cf1378fda12310f0920c5c53ad461858b3cb575697ea125dfee829611

61405

MALWARE-OTHERwin.Trojan.BruteRatel binary download attempt

www.virustotal.com/gui/file/e1a9b35cf1378fda12310f0920c5c53ad461858b3cb575697ea125dfee829611

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 20739

  • 17378

  • 56132

  • 41338

  • 44813

  • 51341

  • 39131

  • 45821

  • 59043

  • 36749

  • 17429

  • 44061

  • 8361

  • 43740

  • 35525

  • 41595

  • 17379

  • 40703

  • 49186

  • 11834