* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2015-07-29-001
Previous SRU number: 2015-07-27-001
Applies to:
This SEU number: 1327
Previous SEU: 1326
Applies to:
This is the complete list of rules added in SRU 2015-07-29-001 and SEU 1327.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 35384 | MALWARE-BACKDOOR | Win.Backdoor.Nicabown variant outbound connection | off | drop | drop |
1 | 35385 | MALWARE-CNC | Win.Trojan.MSIL-Pwsfcbk SQL connection | off | drop | drop |
1 | 35386 | MALWARE-CNC | Win.Trojan.Bedep initial outbound connection attempt | off | drop | drop |
1 | 35387 | MALWARE-CNC | Win.Trojan.Andromeda initial outbound connection attempt | off | drop | drop |
1 | 35388 | MALWARE-CNC | Win.Trojan.Andromeda download request | off | drop | drop |
1 | 35389 | BLACKLIST | DNS request for known malware domain poletaute.org - Win.Trojan.TorrentLocker/Teerac | off | drop | drop |
1 | 35390 | BLACKLIST | DNS request for known malware domain golemerix.com - Win.Trojan.TorrentLocker/Teerac | off | drop | drop |
1 | 35391 | BLACKLIST | DNS request for known malware domain bokepros.net - Win.Trojan.TorrentLocker/Teerac | off | drop | drop |
1 | 35392 | BLACKLIST | DNS request for known malware domain loawelis.org - Win.Trojan.TorrentLocker/Teerac | off | drop | off |
1 | 35393 | MALWARE-CNC | Win.Trojan.TorrentLocker/Teerac self-signed certificate | off | drop | drop |
1 | 35394 | MALWARE-CNC | Win.Trojan.TorrentLocker/Teerac payment page request | off | drop | drop |
1 | 35395 | BROWSER-PLUGINS | Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt | off | off | off |
1 | 35396 | BROWSER-PLUGINS | Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt | off | off | off |
1 | 35397 | BROWSER-PLUGINS | Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt | off | off | off |
1 | 35398 | BROWSER-PLUGINS | Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt | off | off | off |
1 | 35399 | SERVER-WEBAPP | WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt | off | off | off |
1 | 35400 | MALWARE-CNC | Win.Trojan.Inexsmar variant outbound connection | off | drop | drop |
1 | 35401 | BROWSER-PLUGINS | Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt | off | off | off |
1 | 35402 | BROWSER-PLUGINS | Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt | off | off | off |
1 | 35403 | BROWSER-PLUGINS | Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt | off | off | off |
1 | 35404 | BROWSER-PLUGINS | Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt | off | off | off |
1 | 35405 | SERVER-OTHER | HP Release Control authenticated privilege escalation attempt | off | off | off |
1 | 35407 | FILE-PDF | Adobe Reader setItems use-after-free attempt | drop | drop | drop |
1 | 35408 | FILE-PDF | Adobe Reader setItems use-after-free attempt | drop | drop | drop |
1 | 35409 | FILE-PDF | Adobe Reader setItems use-after-free attempt | drop | drop | drop |
1 | 35410 | FILE-PDF | Adobe Reader setItems use-after-free attempt | drop | drop | drop |
1 | 35411 | BROWSER-CHROME | Google Chrome XSSAuditor Policy ByPass command injection attempt | off | off | off |
1 | 35412 | BROWSER-CHROME | Google Chrome XSSAuditor Policy ByPass command injection attempt | off | off | off |
1 | 35413 | FILE-MULTIMEDIA | Apple iLife iPhoto Photocast XML format string code injection attempt | off | off | off |
1 | 35414 | FILE-MULTIMEDIA | Apple iLife iPhoto Photocast XML format string code injection attempt | off | off | off |
1 | 35415 | MALWARE-CNC | Win.Trojan.Sakurel outbound connection | off | drop | drop |
1 | 35416 | MALWARE-CNC | Win.Trojan.Mivast outbound connection | off | drop | drop |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 35406 | SERVER-APACHE | Apache HTTP Server mod_status heap buffer overflow attempt | off | off | off |
Updated rules can be found at this link.