Skip to main content

Netskope Help

IPS Threat Content Update Release Notes 104.0.0.346

Refer to the following summary of signatures deployed on 16^th May, 2023 with the IPS content release:

Total signatures: 19495
Signatures added: 46
Signatures modified: 01
Signatures removed: 11

Signatures Added

SID	Description	Reference
150589	MALWARE-CNC TRUECORE.beacon traffic detected	No Reference
150590	MALWARE-CNC SUPERSPEED.UNC1530.beacon traffic detected	No Reference
150591	MALWARE-CNC SUPERSPEED.UNC1530.C2 traffic detected	No Reference
150592	MALWARE-CNC SUPERSPEED.UNC1530.C2 traffic detected	No Reference
150593	MALWARE-CNC SUPERSPEED.UNC1530.Upload traffic detected	No Reference
60581	SERVER-WEBAPP GitLab project import command injection attempt	CVE-2022-2185
61621	SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attempt	CVE-2022-35829
61622	SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attempt	CVE-2022-35829
61623	SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attempt	CVE-2022-35829
61624	SERVER-WEBAPP Azure Service Fabric Explorer Super FabriXss cross site scripting attempt	CVE-2023-23383
61627	MALWARE-CNC Win.Downloader.BrokenDynamo second stage download attempt	www.virustotal.com/gui/file/882d95bdbca75ab9d13486e477ab76b3978e14d6fca30c11ec368f7e5fa1d0cb/
61632	SERVER-WEBAPP GitLab project import command injection attempt	CVE-2022-2185
61634	OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attempt	CVE-2023-28206
61636	OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attempt	CVE-2023-28206
61638	OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attempt	CVE-2023-28206
61641	MALWARE-TOOLS Chrome infostealer download attempt	www.virustotal.com/gui/file/3f808df5af6889c2219fd4982dd49946535528237cc00530cce5c69c3e7f0e34
61643	MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt	www.virustotal.com/gui/file/11f21d08f819dea21a09c602a4391142a5648f3e17a07a24d41418fcc17ea83f
61645	MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt	www.virustotal.com/gui/file/c65c435737ac02132d9dfeb6ec1d7d903648f61ecdda8a85b4250f064cb4673f
61647	MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt	www.virustotal.com/gui/file/2ada1b48457c169cf3f80e248190374102615e2c89b70e574fba4ddc09b5fcd5
61649	MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt	www.virustotal.com/gui/file/08dd5a9fdc387855fb5a23c167abec63b22272f66de099155036c5ce7e4deeb8
61653	MALWARE-BACKDOOR Win.Backdoor.Chollima file download attempt	No Reference
61655	OS-MOBILE Android Andr.Trojan.Pinduoduo APK file download attempt	CVE-2023-20963
61657	MALWARE-OTHER Osx.Exploit.Keysteal download attempt	CVE-2019-8526
61659	MALWARE-OTHER Osx.Exploit.Keysteal download attempt	CVE-2019-8526
61661	MALWARE-OTHER Osx.Exploit.Keysteal download attempt	CVE-2019-8526
61663	MALWARE-OTHER Osx.Exploit.Keysteal download attempt	CVE-2019-8526
61664	MALWARE-CNC Osx.Nukesped.Downloader beacon attempt	virustotal.com/gui/file/89b5e248c222ebf2cb3b525d3650259e01cf7d8fff5e4aa15ccd7512b1e63957/detection
61665	MALWARE-CNC Osx.Nukesped.Downloader beacon attempt	virustotal.com/gui/file/9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa
61669	MALWARE-OTHER Win.Trojan.IcedID variant binary download attempt	news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
61671	MALWARE-OTHER One.Dropper.Qakbot variant binary download attempt	news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
61673	MALWARE-OTHER One.Dropper.IcedID variant binary download attempt	news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
61675	MALWARE-OTHER One.Dropper.Remcos variant binary download attempt	news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
61676	MALWARE-CNC MultiOS.Backdoor.Chollima beacon attempt	virustotal.com/gui/file/c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02
61678	SERVER-WEBAPP PaperCut MF/NG PrintScript remote code execution attempt	CVE-2023-27350
61679	MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt	www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection
61680	MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt	www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection
61681	MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt	www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection
61682	MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt	www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection
61683	MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt	www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection
61684	MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt	www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection
61688	BROWSER-CHROME Google Chrome synchronous Mojo message handler use-after-free attempt	CVE-2022-4178
61706	OS-WINDOWS Microsoft Windows privilege escalation attempt	CVE-2023-24902
61715	OS-WINDOWS Microsoft Windows kernel denial of service attempt	CVE-2023-24949
61717	FILE-OFFICE Microsoft Office Outlook remote code execution attempt	CVE-2023-29325
61719	OS-WINDOWS Microsoft Windows Scripting elevation of privilege attempt	CVE-2023-29324
61723	OS-WINDOWS Microsoft Windows local privilege escalation attempt	CVE-2023-29336

Signatures Removed

Removed the following signatures due to False Positives (FP):

59266
60590
149197
59208
59041
61084
148184
38841
4675
33910
23111

In this section:

Would you like to provide feedback? Just click here to suggest edits.