* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2016-02-18-003
Previous SRU number: 2016-02-15-001
Applies to:
This SEU number: 1428
Previous SEU: 1425
Applies to:
This is the complete list of rules added in SRU 2016-02-18-003 and SEU 1428.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 37688 | FILE-FLASH | Adobe Flash Player remote code execution attempt | off | off | drop |
| 1 | 37689 | FILE-FLASH | Adobe Flash Player remote code execution attempt | off | off | drop |
| 1 | 37690 | FILE-FLASH | Adobe Flash Player invalid object reference code execution attempt | off | off | off |
| 1 | 37691 | FILE-OFFICE | Microsoft Office Outlook SMB attach by reference code execution attempt | off | off | drop |
| 1 | 37692 | FILE-OFFICE | Microsoft Office Outlook SMB attach by reference code execution attempt | off | off | drop |
| 1 | 37693 | FILE-OFFICE | Microsoft Office Outlook AttachMethods local file execution attempt | off | off | drop |
| 1 | 37694 | FILE-OFFICE | Microsoft Office Outlook AttachMethods local file execution attempt | off | off | drop |
| 1 | 37695 | FILE-OFFICE | Microsoft Office Outlook SMB attach by reference code execution attempt | off | off | drop |
| 1 | 37696 | FILE-OFFICE | Microsoft Office Outlook SMB attach by reference code execution attempt | off | off | drop |
| 1 | 37697 | FILE-OFFICE | Microsoft Office Outlook AttachMethods local file execution attempt | off | off | off |
| 1 | 37698 | FILE-OFFICE | Microsoft Office Outlook AttachMethods local file execution attempt | off | off | off |
| 1 | 37699 | FILE-OFFICE | Microsoft Office Outlook SMB attach by reference code execution attempt | off | off | drop |
| 1 | 37700 | FILE-OFFICE | Microsoft Office ole object external file loading attempt | off | drop | drop |
| 1 | 37701 | FILE-OFFICE | Microsoft Office ole object external file loading attempt | off | drop | drop |
| 1 | 37702 | FILE-OFFICE | Microsoft Office ole object external file loading attempt | off | drop | drop |
| 1 | 37703 | FILE-OFFICE | Microsoft Office ole object external file loading attempt | off | drop | drop |
| 1 | 37704 | FILE-OFFICE | Microsoft Office ole object external file loading attempt | off | drop | drop |
| 1 | 37705 | FILE-OFFICE | Microsoft Office ole object external file loading attempt | off | drop | drop |
| 1 | 37706 | FILE-OFFICE | Microsoft Office ole object external file loading attempt | off | drop | drop |
| 1 | 37707 | FILE-OFFICE | Microsoft Office ole object external file loading attempt | off | drop | drop |
| 1 | 37708 | FILE-FLASH | Adobe Flash copyPixelsToByteArray integer overflow attempt | drop | drop | drop |
| 1 | 37709 | FILE-FLASH | Adobe Flash copyPixelsToByteArray integer overflow attempt | drop | drop | drop |
| 1 | 37710 | FILE-FLASH | Adobe Flash copyPixelsToByteArray integer overflow attempt | drop | drop | drop |
| 1 | 37711 | FILE-FLASH | Adobe Flash copyPixelsToByteArray integer overflow attempt | drop | drop | drop |
| 1 | 37712 | FILE-PDF | Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt | off | off | off |
| 1 | 37713 | BROWSER-PLUGINS | Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt | off | off | off |
| 1 | 37714 | BROWSER-PLUGINS | Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt | off | off | off |
| 1 | 37715 | BROWSER-IE | Microsoft Internet Explorer onscroll DOS attempt | off | off | off |
| 1 | 37716 | BROWSER-IE | Microsoft Internet Explorer onscroll DOS attempt | off | off | off |
| 1 | 37717 | MALWARE-CNC | Win.Trojan.Teslacrypt outbound POST attempt | off | drop | drop |
| 1 | 37718 | MALWARE-CNC | Win.Trojan.Teslacrypt outbound POST attempt | off | drop | drop |
| 1 | 37719 | MALWARE-CNC | Win.Trojan.Teslacrypt outbound POST attempt | off | drop | drop |
| 1 | 37720 | FILE-FLASH | Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt | off | off | drop |
| 1 | 37721 | FILE-FLASH | Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt | off | off | drop |
| 1 | 37722 | FILE-FLASH | Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt | off | drop | drop |
| 1 | 37723 | FILE-FLASH | Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt | off | drop | drop |
| 1 | 37724 | BROWSER-IE | Microsoft Internet Explorer form selection reset attempt | off | off | off |
| 1 | 37725 | SERVER-OTHER | CA message queuing server buffer overflow attempt | off | off | off |
| 1 | 37726 | FILE-OTHER | Microsoft Office ole object external file loading attempt | off | drop | drop |
| 1 | 37727 | FILE-OTHER | Microsoft Office ole object external file loading attempt | off | drop | drop |
| 1 | 37728 | INDICATOR-OBFUSCATION | SWF with large binary blob | off | off | off |
| 1 | 37729 | INDICATOR-OBFUSCATION | Adobe Flash file with SecureSwfLoader packer detected | off | off | off |
| 1 | 37730 | PROTOCOL-DNS | glibc getaddrinfo A record stack buffer overflow attempt | off | off | drop |
| 1 | 37731 | PROTOCOL-DNS | glibc getaddrinfo AAAA record stack buffer overflow attempt | off | off | drop |
| 1 | 37733 | MALWARE-CNC | Win.Trojan.Dridex dropper variant outbound connection | off | drop | drop |
| 1 | 37734 | FILE-FLASH | Adobe Flash Player Point object integer overflow attempt | off | drop | drop |
| 1 | 37735 | FILE-FLASH | Adobe Flash Player Point object integer overflow attempt | off | drop | drop |
| 1 | 37736 | FILE-FLASH | Adobe Flash Player Point object integer overflow attempt | off | drop | drop |
| 1 | 37737 | FILE-FLASH | Adobe Flash Player Point object integer overflow attempt | off | drop | drop |
| 1 | 37738 | FILE-FLASH | Adobe Flash Player BlurFilter memory corruption attempt | off | drop | drop |
| 1 | 37739 | FILE-FLASH | Adobe Flash Player BlurFilter memory corruption attempt | off | drop | drop |
| 1 | 37740 | FILE-FLASH | Adobe Flash Player BlurFilter memory corruption attempt | off | drop | drop |
| 1 | 37741 | FILE-FLASH | Adobe Flash Player BlurFilter memory corruption attempt | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 37732 | POLICY-OTHER | eicar test string download attempt | off | off | off |
Updated rules can be found at this link.