This SRU number: 2014-04-28-003
Previous SRU number: 2014-04-28-002
Applies to:
This SEU number: 1098
Previous SEU: 1097
Applies to:
This is the complete list of rules added in SRU 2014-04-28-003 and SEU 1098.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 30824 | BLACKLIST | DNS request for known malware domain betterbrowse.net - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30825 | BLACKLIST | DNS request for known malware domain browsemark.net - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30826 | BLACKLIST | DNS request for known malware domain browsesmart.net - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30827 | BLACKLIST | DNS request for known malware domain diamondata.net - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30828 | BLACKLIST | DNS request for known malware domain grabmyrez.co - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30829 | BLACKLIST | DNS request for known malware domain jotzey.net - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30830 | BLACKLIST | DNS request for known malware domain kozaka.net - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30831 | BLACKLIST | DNS request for known malware domain lemurleap.info - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30832 | BLACKLIST | DNS request for known malware domain luckyleap.net - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30833 | BLACKLIST | DNS request for known malware domain megabrowse.biz - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30834 | BLACKLIST | DNS request for known malware domain outobox.net - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30835 | BLACKLIST | DNS request for known malware domain plurpush.net - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30836 | BLACKLIST | DNS request for known malware domain qualitink.net - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30837 | BLACKLIST | DNS request for known malware domain saltarsmart.biz - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30838 | BLACKLIST | DNS request for known malware domain secretsauce.biz - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30839 | BLACKLIST | DNS request for known malware domain serialtrunc.com - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30840 | BLACKLIST | DNS request for known malware domain towertilt.com - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30841 | BLACKLIST | DNS request for known malware domain websparkle.biz - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30842 | BLACKLIST | DNS request for known malware domain wisenwizard.net - Win.Trojan.Mudrop | off | drop | drop |
| 1 | 30843 | FILE-FLASH | Adobe Acrobat Reader cross-site scripting attempt | off | off | off |
| 1 | 30844 | FILE-FLASH | Adobe Acrobat Reader cross-site scripting attempt | off | off | off |
| 1 | 30845 | FILE-FLASH | Adobe Flash Player SWF ActionScript exploit attempt | off | drop | drop |
| 1 | 30846 | FILE-FLASH | Adobe Flash Player SWF ActionScript exploit attempt | off | drop | drop |
| 1 | 30847 | BROWSER-IE | Microsoft Internet Explorer CElement event handler use after free attempt | off | drop | drop |
| 1 | 30848 | BROWSER-IE | Microsoft Internet Explorer CElement event handler use after free attempt | off | drop | drop |
| 1 | 30849 | BROWSER-IE | Microsoft Internet Explorer type confusion attempt | off | drop | drop |
| 1 | 30850 | BROWSER-IE | Microsoft Internet Explorer type confusion attempt | off | drop | drop |
| 1 | 30851 | BROWSER-IE | Microsoft Internet Explorer type confusion attempt | off | drop | drop |
| 1 | 30852 | EXPLOIT-KIT | Angler exploit kit landing page - base64 encoded xml/jnlp statement | off | drop | drop |
| 1 | 30853 | APP-DETECT | DNS request for known bitcoin domain bitseed.xf2.org | off | off | off |
| 1 | 30854 | APP-DETECT | DNS request for known bitcoin domain dnsseed.btcltcftc.com | off | off | off |
| 1 | 30855 | APP-DETECT | DNS request for known bitcoin domain dnsseed.fc.altcointech.net | off | off | off |
| 1 | 30856 | APP-DETECT | DNS request for known bitcoin domain dnsseed.feathercoin.com | off | off | off |
| 1 | 30857 | APP-DETECT | DNS request for known bitcoin domain dnsseed.koin-project.com | off | off | off |
| 1 | 30858 | APP-DETECT | DNS request for known bitcoin domain dnsseed.litecoinpool.org | off | off | off |
| 1 | 30859 | APP-DETECT | DNS request for known bitcoin domain dnsseed.litecointools.com | off | off | off |
| 1 | 30860 | APP-DETECT | DNS request for known bitcoin domain dnsseed.ltc.xurious.com | off | off | off |
| 1 | 30861 | APP-DETECT | DNS request for known bitcoin domain dnsseed.ppc.altcointech.net | off | off | off |
| 1 | 30862 | APP-DETECT | DNS request for known bitcoin domain dnsseed.xpm.altcointech.net | off | off | off |
| 1 | 30863 | APP-DETECT | DNS request for known bitcoin domain dvcstable01.dvcnode.org | off | off | off |
| 1 | 30864 | APP-DETECT | DNS request for known bitcoin domain dvcstable02.dvcnode.org | off | off | off |
| 1 | 30865 | APP-DETECT | DNS request for known bitcoin domain seed.bitcoinstats.com | off | off | off |
| 1 | 30866 | APP-DETECT | DNS request for known bitcoin domain seed.dglibrary.org | off | off | off |
| 1 | 30867 | APP-DETECT | DNS request for known bitcoin domain seed.dogechain.info | off | off | off |
| 1 | 30868 | APP-DETECT | DNS request for known bitcoin domain seed.dogecoin.com | off | off | off |
| 1 | 30869 | APP-DETECT | DNS request for known bitcoin domain seed.mophides.com | off | off | off |
| 1 | 30870 | APP-DETECT | DNS request for known bitcoin domain seed.ppcoin.net | off | off | off |
| 1 | 30871 | APP-DETECT | DNS request for known bitcoin domain seed1.metiscoininvest.info | off | off | off |
| 1 | 30872 | APP-DETECT | DNS request for known bitcoin domain seed1.net.terracoin.org | off | off | off |
| 1 | 30873 | APP-DETECT | DNS request for known bitcoin domain seed1.qrkcoin.org | off | off | off |
| 1 | 30874 | APP-DETECT | DNS request for known bitcoin domain seed2.net.terracoin.org | off | off | off |
| 1 | 30875 | APP-DETECT | DNS request for known bitcoin domain tnseed.ppcoin.net | off | off | off |
| 1 | 30876 | FILE-MULTIMEDIA | Adobe Flash pixel bender buffer overflow attempt | off | drop | drop |
| 1 | 30877 | FILE-MULTIMEDIA | Adobe Flash pixel bender buffer overflow attempt | off | drop | drop |
Updated rules can be found at this link.