* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2016-11-14-001
Previous SRU number: 2016-11-10-001
Applies to:
This SEU number: 1573
Previous SEU: 1572
Applies to:
This is the complete list of rules added in SRU 2016-11-14-001 and SEU 1573.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 40761 | MALWARE-CNC | Win.Trojan.Syscan outbound connection | off | drop | drop |
| 1 | 40762 | MALWARE-CNC | Android.Trojan.SpyNote RAT variant inbound connection | off | drop | drop |
| 1 | 40763 | MALWARE-CNC | Android.Trojan.SpyNote RAT variant getSMS command response | off | drop | drop |
| 1 | 40764 | MALWARE-CNC | Android.Trojan.SpyNote RAT variant getContacts command response | off | drop | drop |
| 1 | 40766 | SERVER-OTHER | IBM Tivoli Storage Manager FastBack directory traversal attempt | drop | drop | drop |
| 3 | 40767 | FILE-OTHER | Cisco IOS-XE update directory traversal attempt | off | drop | drop |
| 3 | 40768 | FILE-OTHER | Cisco IOS-XE update directory traversal attempt | off | drop | drop |
| 3 | 40769 | FILE-OTHER | Cisco IOS-XE update directory traversal attempt | off | drop | drop |
| 3 | 40770 | FILE-OTHER | Cisco IOS-XE update directory traversal attempt | off | drop | drop |
| 1 | 40771 | MALWARE-CNC | Win.Trojan.Miuref variant outbound connection | off | drop | drop |
| 3 | 40773 | FILE-PDF | TRUFFLEHUNTER TALOS-2016-0198 attack attempt | off | off | off |
| 3 | 40774 | FILE-PDF | TRUFFLEHUNTER TALOS-2016-0198 attack attempt | off | off | off |
| 1 | 40775 | MALWARE-CNC | Win.Trojan.Banker variant outbound connection | off | drop | drop |
| 3 | 40776 | FILE-PDF | TRUFFLEHUNTER TALOS-2016-0218 attack attempt | off | drop | drop |
| 3 | 40777 | FILE-PDF | TRUFFLEHUNTER TALOS-2016-0218 attack attempt | off | drop | drop |
| 1 | 40778 | FILE-PDF | Acrobat Reader Open Cascade Library memory corruption attempt | off | drop | drop |
| 1 | 40779 | FILE-PDF | Acrobat Reader Open Cascade Library memory corruption attempt | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 40759 | OS-WINDOWS | Microsoft Windows LSASS GSS-API DER decoding null pointer dereference attempt | off | off | drop |
| 1 | 40760 | SERVER-OTHER | OpenLDAP deref control denial of service attempt | off | off | off |
| 1 | 40765 | SERVER-OTHER | Multiple products ICMP denial of service attempt | off | off | off |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 40772 | PUA-ADWARE | Win.Trojan.Miuref variant outbound connection | off | off | drop |
Updated rules can be found at this link.