Skip to main content

Netskope Help

IPS Threat Content Update Release Notes 104.0.1.358

Refer to the following summary of signatures deployed on 30th May, 2023 with the IPS content release:

  • Total signatures: 19519

  • Signatures added: 54

  • Signatures modified: 03

  • Signatures removed: 30

Signatures Added

SID

Description

Reference

150594

MALWARE-CNC AGENTTESLA.Telegram.Trojan traffic detected

No Reference

150595

MALWARE-CNC MOUNTSTEEL.fileExfiltration.Trojan traffic detected

No Reference

150596

MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected

No Reference

150597

MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected

No Reference

150598

MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected

No Reference

150599

MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected

No Reference

150600

MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected

No Reference

150601

MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected

No Reference

150602

MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected

No Reference

150603

MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected

No Reference

150604

MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected

No Reference

150605

MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected

No Reference

150606

MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected

No Reference

150607

MALWARE-CNC INCONTROLLER.OMSHELL.Trojan traffic detected

No Reference

150608

MALWARE-CNC MAJIKPOS.Beacon traffic detected

No Reference

150609

MALWARE-CNC BIGRAISIN.HTTP.POST.C2 traffic detected

No Reference

150610

MALWARE-CNC HANGMAN.Beacon traffic detected

No Reference

150616

MALWARE-CNC Snake.Generic.Trojan traffic detected

No Reference

150617

MALWARE-CNC Sliver.C2.Session Start traffic detected

No Reference

150618

MALWARE-CNC Sliver.C2.Session Message traffic detected

No Reference

150619

MALWARE-CNC Sliver.C2.Poll traffic detected

No Reference

150620

MALWARE-CNC Sliver.C2.File traffic detected

No Reference

151001

MALWARE-CNC LATEOP.Upload of Certutil detected

No Reference

151002

MALWARE-CNC PENCILDOWN.Check-in attempt detected

No Reference

151003

MALWARE-CNC QUIBBLEDOWN.C2 traffic detected

No Reference

61689

MALWARE-CNC Win.Ransomware.CryptoLocker variant outbound connection

www.secureworks.com/research/cryptolocker-ransomware

61692

POLICY-OTHER MinIO REST API information disclosure attempt

CVE:CVE-2023-28432

61702

POLICY-OTHER Industrial Control Links ScadaFlex II arbitrary file delete attempt

CVE:CVE-2022-25359

61703

POLICY-OTHER Industrial Control Links ScadaFlex II arbitrary file write attempt

CVE:CVE-2022-25359

61708

MALWARE-OTHER Win.Trojan.Greatness outbound communication attempt

No Reference

61713

SERVER-WEBAPP WordPress Comment Content Filter cross-site request forgery attempt

CVE:CVE-2019-9787

61724

POLICY-OTHER Cisco SD-WAN vManage cluster mode access

CVE:CVE-2023-20113

61725

POLICY-OTHER Cisco SD-WAN vManage cluster mode access

CVE:CVE-2023-20113

61726

POLICY-OTHER Cisco SD-WAN vManage cluster mode access

CVE:CVE-2023-20113

61727

POLICY-OTHER Cisco SD-WAN vManage cluster mode acess

CVE:CVE-2023-20113

61728

POLICY-OTHER Cisco SD-WAN vManage cluster mode access

CVE:CVE-2023-20113

61729

POLICY-OTHER Cisco SD-WAN vManage cluster mode access

CVE:CVE-2023-20113

61731

FILE-IMAGE ImageMagick tEXt profile arbitrary file read attempt

CVE:CVE-2022-44268

61733

MALWARE-OTHER Ps1.Downloader.Agent download attempt

cert.gov.ua/article/4492467

61735

FILE-IMAGE ImageMagick tEXt profile denial of service attempt

CVE:CVE-2022-44267

61737

MALWARE-OTHER Andr.Trojan.AridViper binary download attempt

virustotal.com/en/file/682b58cad9e815196b7d7ccf04ab7383a9bbf1f74e65679e6c708f2219b8692b/analysis/

61739

MALWARE-OTHER Andr.Trojan.AridViper binary download attempt

virustotal.com/en/file/f91e88dadc38e48215c81200920f0ac517da068ef00a75b1b67e3a0cd27a6552/analysis/

61741

MALWARE-OTHER Andr.Trojan.AridViper binary download attempt

virustotal.com/en/file/fb9306f6a0cacce21afd67d0887d7254172f61c7390fc06612c2ca9b55d28f80/analysis/

61743

MALWARE-OTHER Andr.Trojan.AridViper binary download attempt

virustotal.com/en/file/e0e2a101ede6ccc266d2f7b7068b813d65afa4a3f65cb0c19eb73716f67983f7/analysis/

61745

MALWARE-OTHER Andr.Trojan.AridViper binary download attempt

virustotal.com/en/file/9a7b9edddc3cd450aadc7340454465bd02c8619dda25c1ce8df12a87073e4a1f/analysis/

61747

MALWARE-OTHER Andr.Trojan.AridViper webshell download attempt

virustotal.com/en/file/768f5a914475a8d7dfae7b28267ca912e7baa0b84f2dcf2e7540f7c9041d94c6/analysis/

61749

MALWARE-OTHER Andr.Trojan.AridViper binary download attempt

virustotal.com/en/file/ee98fd4db0b153832b1d64d4fea1af86aff152758fe6b19d01438bc9940f2516/analysis/

61751

MALWARE-OTHER Andr.Trojan.AridViper binary download attempt

virustotal.com/en/file/a8ca778c5852ae05344ac60b01ad7f43bb21bd8aa709ea1bb03d23bde3146885/analysis/

61753

MALWARE-OTHER Andr.Trojan.AridViper binary download attempt

virustotal.com/en/file/8667482470edd4f7d484857fea5b560abe62553f299f25bb652f4c6baf697964/analysis/

61755

MALWARE-OTHER Andr.Trojan.AridViper binary download attempt

virustotal.com/en/file/8667482470edd4f7d484857fea5b560abe62553f299f25bb652f4c6baf697964/analysis/

61757

MALWARE-OTHER Andr.Trojan.AridViper binary download attempt

virustotal.com/en/file/8667482470edd4f7d484857fea5b560abe62553f299f25bb652f4c6baf697964/analysis/

61759

MALWARE-OTHER Andr.Trojan.AridViper binary download attempt

virustotal.com/en/file/33ae5c96f8589cc8bcd2f5152ba360ca61f93ef406369966e69428989583a14e/analysis/

61762

MALWARE-CNC Win.Ransomware.Babuk encrypted file exfiltration attempt

github.com/hildaboo/babukransomwaresourcecode

61764

MALWARE-OTHER Win.Ransomware.Babuk variant transfer attempt

github.com/hildaboo/babukransomwaresourcecode

Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 8397

  • 7980

  • 43223

  • 1439

  • 13864

  • 38053

  • 38027

  • 40370

  • 49149

  • 17131

  • 35969

  • 41385

  • 44349

  • 27242

  • 41140

  • 47519

  • 38954

  • 45011

  • 45005

  • 44793

  • 44940

  • 19081

  • 28323

  • 52845

  • 140878

  • 53031

  • 35434

  • 59521

  • 46415

  • 140337