Skip to main content

Netskope Help

IPS Threat Content Update Release Notes 104.0.0.346

Refer to the following summary of signatures deployed on 16th May, 2023 with the IPS content release:

  • Total signatures: 19495

  • Signatures added: 46

  • Signatures modified: 01

  • Signatures removed: 11

Signatures Added

SID

Description

Reference

150589

MALWARE-CNC TRUECORE.beacon traffic detected

No Reference

150590

MALWARE-CNC SUPERSPEED.UNC1530.beacon traffic detected

No Reference

150591

MALWARE-CNC SUPERSPEED.UNC1530.C2 traffic detected

No Reference

150592

MALWARE-CNC SUPERSPEED.UNC1530.C2 traffic detected

No Reference

150593

MALWARE-CNC SUPERSPEED.UNC1530.Upload traffic detected

No Reference

60581

SERVER-WEBAPP GitLab project import command injection attempt

CVE-2022-2185

61621

SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attempt

CVE-2022-35829

61622

SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attempt

CVE-2022-35829

61623

SERVER-WEBAPP Microsoft Azure Fabric Explorer cross site scripting attempt

CVE-2022-35829

61624

SERVER-WEBAPP Azure Service Fabric Explorer Super FabriXss cross site scripting attempt

CVE-2023-23383

61627

MALWARE-CNC Win.Downloader.BrokenDynamo second stage download attempt

www.virustotal.com/gui/file/882d95bdbca75ab9d13486e477ab76b3978e14d6fca30c11ec368f7e5fa1d0cb/

61632

SERVER-WEBAPP GitLab project import command injection attempt

CVE-2022-2185

61634

OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attempt

CVE-2023-28206

61636

OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attempt

CVE-2023-28206

61638

OS-OTHER Apple macOS and iOS IOSurfaceAccelerator out-of-bounds write attempt

CVE-2023-28206

61641

MALWARE-TOOLS Chrome infostealer download attempt

www.virustotal.com/gui/file/3f808df5af6889c2219fd4982dd49946535528237cc00530cce5c69c3e7f0e34

61643

MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt

www.virustotal.com/gui/file/11f21d08f819dea21a09c602a4391142a5648f3e17a07a24d41418fcc17ea83f

61645

MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt

www.virustotal.com/gui/file/c65c435737ac02132d9dfeb6ec1d7d903648f61ecdda8a85b4250f064cb4673f

61647

MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt

www.virustotal.com/gui/file/2ada1b48457c169cf3f80e248190374102615e2c89b70e574fba4ddc09b5fcd5

61649

MALWARE-OTHER Linux.Trojan.SysUpdate variant download attempt

www.virustotal.com/gui/file/08dd5a9fdc387855fb5a23c167abec63b22272f66de099155036c5ce7e4deeb8

61653

MALWARE-BACKDOOR Win.Backdoor.Chollima file download attempt

No Reference

61655

OS-MOBILE Android Andr.Trojan.Pinduoduo APK file download attempt

CVE-2023-20963

61657

MALWARE-OTHER Osx.Exploit.Keysteal download attempt

CVE-2019-8526

61659

MALWARE-OTHER Osx.Exploit.Keysteal download attempt

CVE-2019-8526

61661

MALWARE-OTHER Osx.Exploit.Keysteal download attempt

CVE-2019-8526

61663

MALWARE-OTHER Osx.Exploit.Keysteal download attempt

CVE-2019-8526

61664

MALWARE-CNC Osx.Nukesped.Downloader beacon attempt

virustotal.com/gui/file/89b5e248c222ebf2cb3b525d3650259e01cf7d8fff5e4aa15ccd7512b1e63957/detection

61665

MALWARE-CNC Osx.Nukesped.Downloader beacon attempt

virustotal.com/gui/file/9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa

61669

MALWARE-OTHER Win.Trojan.IcedID variant binary download attempt

news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/

61671

MALWARE-OTHER One.Dropper.Qakbot variant binary download attempt

news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/

61673

MALWARE-OTHER One.Dropper.IcedID variant binary download attempt

news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/

61675

MALWARE-OTHER One.Dropper.Remcos variant binary download attempt

news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/

61676

MALWARE-CNC MultiOS.Backdoor.Chollima beacon attempt

virustotal.com/gui/file/c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02

61678

SERVER-WEBAPP PaperCut MF/NG PrintScript remote code execution attempt

CVE-2023-27350

61679

MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt

www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection

61680

MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt

www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection

61681

MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt

www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection

61682

MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt

www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection

61683

MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt

www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection

61684

MALWARE-CNC Win.Trojan.Agent variant inbound connection attempt

www.virustotal.com/gui/file/32746688a23543e674ce6dcf03256d99988a269311bf3a8f0f944016fe3a931d/detection

61688

BROWSER-CHROME Google Chrome synchronous Mojo message handler use-after-free attempt

CVE-2022-4178

61706

OS-WINDOWS Microsoft Windows privilege escalation attempt

CVE-2023-24902

61715

OS-WINDOWS Microsoft Windows kernel denial of service attempt

CVE-2023-24949

61717

FILE-OFFICE Microsoft Office Outlook remote code execution attempt

CVE-2023-29325

61719

OS-WINDOWS Microsoft Windows Scripting elevation of privilege attempt

CVE-2023-29324

61723

OS-WINDOWS Microsoft Windows local privilege escalation attempt

CVE-2023-29336

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 59266

  • 60590

  • 149197

  • 59208

  • 59041

  • 61084

  • 148184

  • 38841

  • 4675

  • 33910

  • 23111