Skip to main content

Netskope Help

IPS Threat Content Update Release Notes 102.0.0.324

Refer to the following summary of signatures deployed on 21st March, 2023 with the IPS content release:

  • Total signatures: 20405

  • Signatures added: 28

  • Signatures modified: 05

  • Signatures removed: 30

Signatures Added

SID

Description

Reference

150581

MALWARE-CNC Sparepart.c2 Beacon detected

No Reference

150583

MALWARE-CNC Cobalt strike reactjs profile traffic detected

No Reference

61100

OS-WINDOWS Microsoft Windows malicious LNK file download attempt

No Reference

61101

OS-WINDOWS Microsoft Windows malicious LNK file download attempt

No Reference

61168

SERVER-WEBAPP Lexmark MC3224adwe Web UI ImportFaxLogo command injection attempt

www.github.com/blasty/lexmark

61196

MALWARE-TOOLS Win.Tool.WinPwn toolkit download attempt

No Reference

61198

MALWARE-TOOLS Powershell AMSI bypass toolkit download attempt

No Reference

61205

MALWARE-TOOLS PowerSploit script download attempt

attack.mitre.org/software/S0194/

61226

INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Mimikatz download attempt

www.github.com/s3cur3th1ssh1t/winpwn

61228

INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Mimikatz download attempt

www.github.com/s3cur3th1ssh1t/winpwn

61230

INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit Inveigh download attempt

www.github.com/s3cur3th1ssh1t/winpwn

61232

INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit PE injector download attempt

www.github.com/s3cur3th1ssh1t/winpwn

61234

INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt

No Reference

61236

INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt

www.github.com/s3cur3th1ssh1t/winpwn

61238

INDICATOR-COMPROMISE Win.Tool.WinPWN toolkit download attempt

www.github.com/s3cur3th1ssh1t/winpwn

61240

MALWARE-TOOLS Win.Tool.TruffleSnout download attempt

No Reference

61426

MALWARE-CNC Win.Trojan.Prometei variant outbound connection

www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero

61427

MALWARE-CNC Win.Trojan.Prometei variant outbound connection

www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero

61428

MALWARE-CNC Win.Trojan.Prometei variant outbound connection

www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero

61429

MALWARE-CNC Win.Trojan.Prometei variant outbound connection

www.blog.talosintelligence.com/prometei-botnet-and-its-quest-for-monero

61455

SERVER-WEBAPP Joomla unauthorized configuration access attempt

CVE-2023-23752

61456

SERVER-WEBAPP Joomla unauthorized configuration access attempt

CVE-2023-23752

61460

FILE-OFFICE Microsoft Office RTF font table memory corruption attempt

CVE-2023-21716

61461

MALWARE-CNC Win.Malware.Agent variant outbound cnc beacon detected

No Reference

61463

MALWARE-OTHER HTA VBScript powershell payload download attempt

www.virustotal.com/gui/file/5c9fbd70e73d463b0265881d904a8fca22f92b0cce24190ed16c3d8899d4120a/detection/

61464

OS-WINDOWS Microsoft Windows http.sys elevation of privilege attempt

CVE-2023-23410

61466

OS-WINDOWS Microsoft Windows cryptographic services code execution attempt

CVE-2023-23416

61471

MALWARE-OTHER Win.Trojan.Frebniis file download attempt

www.virustotal.com/gui/file/6464f9a5da26aa53fb2221255e908fd4da8edf0633f94051beee74a14b9b001c

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 59037

  • 59018

  • 57824

  • 57924

  • 32891

  • 60402

  • 61389

  • 60587

  • 58451

  • 60338

  • 25093

  • 48466

  • 58713

  • 59023

  • 59024

  • 60824

  • 37356

  • 15913

  • 45016

  • 44023

  • 37357

  • 61043

  • 11232

  • 60591

  • 30883

  • 60498

  • 50386

  • 57823

  • 57828

  • 31925