Cisco Talos (VRT) Update for Sourcefire 3D System

* Talos combines our security experts from TRAC, SecApps, and VRT teams.

Date: 2017-02-09

This SRU number: 2017-02-09-001
Previous SRU number: 2017-02-06-001

Applies to:

3D Sensor versions: 5.x
Cisco FireSIGHT Management Center (formerly Defense Center) versions: 5.x

This SEU number: 1613
Previous SEU: 1610

Applies to:

3D Sensor Versions: 4.10
Cisco FireSIGHT Management Center (formerly Defense Center) versions: 4.10

This is the complete list of rules modified in SRU 2017-02-09-001 and SEU 1613.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

Updated Rules:

**High Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.
1	4142	SERVER-ORACLE	Oracle reports servlet command execution attempt	off	off	off
1	16809	MALWARE-CNC	Win.Trojan.FraudPack variant outbound connection	off	drop	drop
1	16810	MALWARE-CNC	known command and control channel traffic	off	drop	drop
1	16811	MALWARE-CNC	known command and control channel traffic	off	drop	drop
1	16812	MALWARE-CNC	known command and control channel traffic	off	drop	drop
1	16813	MALWARE-CNC	known command and control channel traffic	off	off	off
1	16814	MALWARE-CNC	known command and control channel traffic	off	off	off
1	16815	MALWARE-CNC	known command and control channel traffic	off	off	off
1	16816	MALWARE-CNC	known command and control channel traffic	off	drop	drop
1	16817	MALWARE-CNC	known command and control channel traffic	off	drop	drop
1	16818	MALWARE-CNC	known command and control channel traffic	off	off	off
1	16819	MALWARE-CNC	known command and control channel traffic	off	off	off
1	16820	MALWARE-CNC	Win.Trojan.Kryptik variant outbound connection	off	drop	drop
1	16821	MALWARE-CNC	known command and control channel traffic	off	off	off
1	16822	MALWARE-CNC	known command and control channel traffic	off	drop	drop
1	16823	MALWARE-CNC	Win.Trojan.FlyStudio known command and control channel traffic	off	drop	drop
1	16824	MALWARE-CNC	known command and control channel traffic	off	drop	drop
1	16825	MALWARE-CNC	known command and control channel traffic	off	off	off
1	16826	MALWARE-CNC	known command and control channel traffic	off	drop	drop
1	16827	MALWARE-CNC	known command and control channel traffic	off	drop	drop
1	16828	MALWARE-CNC	known command and control channel traffic	off	drop	drop
1	16829	MALWARE-CNC	known command and control channel traffic	off	off	off
1	16830	MALWARE-CNC	known command and control channel traffic	off	off	off
1	16831	MALWARE-CNC	known command and control channel traffic	off	off	off
1	16832	MALWARE-CNC	known command and control channel traffic	off	drop	drop
1	16833	MALWARE-CNC	known command and control channel traffic	off	drop	drop
1	16834	BLACKLIST	DNS request for known malware domain qd.netkill.com.cn - Trojan-Downloader.Win32.Adload.rzx	off	off	off
1	16835	BLACKLIST	DNS request for known malware domain exe.146843.com - Trojan.Win32.Opeg.a	off	off	off
1	16836	BLACKLIST	DNS request for known malware domain ra03.e5732.com - Trojan-Clicker.Win32.Small.afg	off	off	off
1	16837	BLACKLIST	DNS request for known malware domain dangercheats.com.br - Trojan.Win32.Refroso.arnq	off	off	off
1	16838	BLACKLIST	DNS request for known malware domain xlm.ppvsr.com - Trojan-GameThief.Win32.OnLineGames.wwcf	off	off	off
1	16839	BLACKLIST	DNS request for known malware domain sh16.e8753.com - Trojan.Win32.Scar.ccqb	off	off	off
1	16840	BLACKLIST	DNS request for known malware domain rx11.e6532.com - Trojan.Win32.Opeg.a	off	off	off
1	16841	BLACKLIST	DNS request for known malware domain podgorz.org - Trojan-Spy.Win32.Zbot.gen	off	off	off
1	16842	BLACKLIST	DNS request for known malware domain sp19.e4578.com - Trojan-Downloader.Win32.Genome.njz	off	off	off
1	16843	BLACKLIST	DNS request for known malware domain 1.7zsm.com - Trojan-Downloader.Win32.Agent.dtuo	off	off	off
1	16844	BLACKLIST	DNS request for known malware domain rm08.e4562.com - Trojan-Downloader.Win32.Agent.dngx	off	off	off
1	16845	BLACKLIST	DNS request for known malware domain rc04.e6532.com - Trojan-Downloader.Win32.Genome.awld	off	off	off
1	16846	BLACKLIST	DNS request for known malware domain bedayton.com - Trojan-Downloader.Win32.Agent.dlhe	off	off	off
1	16847	BLACKLIST	DNS request for known malware domain rz12.e6805.com - Trojan-Downloader.Win32.Genome.awld	off	off	off
1	16849	BLACKLIST	DNS request for known malware domain re05.e6532.com - Trojan-Downloader.Win32.Genome.awld	off	off	off
1	16850	BLACKLIST	DNS request for known malware domain kldmten.net - Trojan-Spy.Win32.Zbot.akra	off	off	off
1	16851	BLACKLIST	DNS request for known malware domain forelc.cc - Trojan-Ransom.Win32.XBlocker.ahe	off	off	off
1	16852	BLACKLIST	DNS request for known malware domain v.yao63.com - Trojan-Downloader.Win32.Agent.dqns	off	off	off
1	16853	BLACKLIST	DNS request for known malware domain vh26.e4578.com - Trojan.Win32.Opeg.a	off	off	off
1	16854	BLACKLIST	DNS request for known malware domain up1.give2sms.com - Trojan-Downloader.Win32.Genome.est	off	off	off
1	16855	BLACKLIST	DNS request for known malware domain d.123kuaihuo.com - Trojan.Win32.Scar.clbx	off	off	off
1	16856	BLACKLIST	DNS request for known malware domain andy.cd - Backdoor.Win32.Agent.auto	off	off	off
1	16858	BLACKLIST	DNS request for known malware domain charter-x.biz - Packed.Win32.Krap.ae	off	off	off
1	16859	BLACKLIST	DNS request for known malware domain gerherber.com - Trojan-Spy.Win32.Zbot.akdw	off	off	off
1	16860	BLACKLIST	DNS request for known malware domain urodinam.net - Trojan.Win32.TDSS.azsj	off	off	off
1	16861	BLACKLIST	DNS request for known malware domain gite-eguisheim.com - Trojan-Downloader.Win32.Piker.clp	off	off	off
1	16862	BLACKLIST	DNS request for known malware domain phaizeipeu.ru - Packed.Win32.Krap.gx	off	off	off
1	16863	BLACKLIST	DNS request for known malware domain teendx.com - Trojan-Spy.Win32.Zbot.gen	off	off	off
1	16864	BLACKLIST	DNS request for known malware domain taiping2033.2288.org - Trojan-Downloader.Win32.Selvice.afy	off	off	off
1	16865	BLACKLIST	DNS request for known malware domain cnfg.maxsitesrevenues.net - Trojan.Win32.BHO.afke	off	off	off
1	16868	BLACKLIST	DNS request for known malware domain hostshack.net - Trojan.Win32.Buzus.empl	off	off	off
1	16869	BLACKLIST	DNS request for known malware domain tt.vv49.com - Trojan-GameThief.Win32.OnLineGames.bnkb	off	off	off
1	16870	BLACKLIST	DNS request for known malware domain search.sidegreen.com - Backdoor.Win32.Agent.arqi	off	off	off
1	16871	BLACKLIST	DNS request for known malware domain parfaitpournous.com - Trojan-Spy.Win32.Zbot.gen	off	off	off
1	16872	BLACKLIST	DNS request for known malware domain postmetoday.ru - Packed.Win32.Katusha.j	off	off	off
1	16873	BLACKLIST	DNS request for known malware domain youword.cn - Trojan.Win32.Scar.bvgu	off	off	off
1	16874	BLACKLIST	DNS request for known malware domain ophaeghaev.ru - Trojan-Spy.Win32.Zbot.akmi	off	off	off
1	16875	BLACKLIST	DNS request for known malware domain up1.free-sms.co.kr - Trojan.Win32.Vilsel.akp	off	off	off
1	16876	BLACKLIST	DNS request for known malware domain c.softdowns.info - Trojan.BAT.Agent.yn	off	off	off
1	16877	BLACKLIST	DNS request for known malware domain ddkom.biz - Trojan.Win32.Scar.ckhr	off	off	off
1	16878	BLACKLIST	DNS request for known malware domain vopret.ru - Trojan.Win32.FraudPack.axwn	off	off	off
1	16879	BLACKLIST	DNS request for known malware domain dnfpomo.dnfranran.com - Trojan-GameThief.Win32.OnLineGames.bnkx	off	off	off
1	16881	BLACKLIST	DNS request for known malware domain sex-gifts.ru - Trojan-Spy.Win32.Zbot.gen	off	off	off
1	16882	BLACKLIST	DNS request for known malware domain 111.168lala.com - Backdoor.Win32.Popwin.cyn	off	off	off
1	16883	BLACKLIST	DNS request for known malware domain mcafee-registry.ru - Trojan-Spy.Win32.Zbot.akgb	off	off	off
1	16884	BLACKLIST	DNS request for known malware domain bits4ever.ru - Trojan-Spy.Win32.Zbot.aknt	off	off	off
1	16885	BLACKLIST	DNS request for known malware domain monicaecarlos.com - Trojan-Downloader.Win32.Genome.awxv	off	off	off
1	16887	BLACKLIST	DNS request for known malware domain hesneclimi.ru - Packed.Win32.Krap.ae	off	off	off
1	16888	BLACKLIST	DNS request for known malware domain dbtte.com - Trojan-Banker.Win32.Banz.crk	off	off	off
1	16890	BLACKLIST	DNS request for known malware domain in6cs.com - Trojan.Win32.Tdss.beea	off	off	off
1	16891	BLACKLIST	DNS request for known malware domain solo1928.ru - Trojan-Spy.Win32.Zbot.gen	off	off	off
1	16892	BLACKLIST	DNS request for known malware domain fg545633.host.zgridc.com - Trojan.Win32.Pincav.abub	off	off	off
1	16893	BLACKLIST	DNS request for known malware domain primusdns.ru - Backdoor.Win32.Havar.eh	off	off	off
1	16895	BLACKLIST	DNS request for known malware domain alodh.in - Backdoor.Win32.Delf.vde	off	off	off
1	16896	BLACKLIST	DNS request for known malware domain reward.pnshop.co.kr - Backdoor.Win32.Agent.ahra	off	off	off
1	16898	BLACKLIST	DNS request for known malware domain sx21.e4578.com - Trojan.Win32.Scar.ccqb	off	off	off
1	16900	BLACKLIST	DNS request for known malware domain reportes201.com - Trojan-Downloader.Win32.Genome.ashe	off	off	off
1	16901	BLACKLIST	DNS request for known malware domain local.1140.co.kr - Trojan-Downloader.Win32.Genome.aobm	off	off	off
1	16902	BLACKLIST	DNS request for known malware domain promojoy.net - Packed.Win32.Krap.gx	off	off	off
1	16903	BLACKLIST	DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca	off	off	off
1	16906	BLACKLIST	DNS request for known malware domain down.p2pplay.com - Trojan-GameThief.Win32.OnLineGames.wgkv	off	off	off
1	16907	BLACKLIST	DNS request for known malware domain livetrust.info - Trojan-Spy.Win32.Zbot.akku	off	off	off
1	16908	BLACKLIST	DNS request for known malware domain ootaivilei.ru - Trojan-Spy.Win32.Zbot.akme	off	off	off
1	16909	BLACKLIST	DNS request for known malware domain babah20122012.com - Trojan-Spy.Win32.Zbot.akbb	off	off	off
1	16910	BLACKLIST	DNS request for known malware domain pattern - 0-0-0-0-0-0-0.info	off	off	off
1	16911	BLACKLIST	URI request for known malicious URI - ucsp0416.exe?t=	off	off	off
1	16912	BLACKLIST	URI request for known malicious URI - net/cfg2.bin	off	off	off
1	16913	BLACKLIST	URI request for known malicious URI - count_log/log/boot.php?p=	off	off	off
1	16914	BLACKLIST	URI request for known malicious URI - .bin?ucsp	off	off	off
1	16915	BLACKLIST	URI request for known malicious URI - /MNG/Download/?File=AZF	off	off	off
1	16916	BLACKLIST	URI request for known malicious URI - /jarun/jezerce	off	off	off
1	16917	BLACKLIST	URI request for known malicious URI - /ekaterina/velika	off	off	off
1	16918	BLACKLIST	URI request for known malicious URI - /ultimate/fight	off	off	off
1	16919	BLACKLIST	URI request for known malicious URI - /tmp/pm.exe?t=	off	off	off
1	16920	BLACKLIST	URI request for known malicious URI - /DownLoadFile/BaePo/ver	off	off	off
1	16921	BLACKLIST	URI request for known malicious URI - /s1/launcher/update/Update/data/	off	off	off
1	16922	BLACKLIST	URI request for known malicious URI - /cgi-bin/rd.cgi?f=/vercfg.dat?AgentID=	off	off	off
1	16923	BLACKLIST	URI request for known malicious URI - /search.php?username=coolweb07&keywords=	off	off	off
1	16924	BLACKLIST	URI request for known malicious URI - /inst.php?fff=	off	drop	drop
1	16925	BLACKLIST	URI request for known malicious URI - /message.php?subid=	off	off	off
1	16926	BLACKLIST	URI request for known malicious URI - strMode=setup&strID=pcvaccine&strPC=	off	off	off
1	16927	BLACKLIST	URI request for known malicious URI - MGWEB.php?c=TestUrl	off	off	off
1	16928	BLACKLIST	URI request for known malicious URI - /stat.html?0dPg0uXTraCSqrOdlrKpmpyorePbz	off	off	off
1	16929	BLACKLIST	URI request for known malicious URI - gate.php?guid=	off	off	off
1	16930	BLACKLIST	URI request for known malicious URI - count.asp?mac=	off	off	off
1	16931	BLACKLIST	URI request for known malicious URI - feedbigfoot.php?m=	off	off	off
1	16932	BLACKLIST	URI request for known malicious URI - /qqnongchang/qqkj.	off	off	off
1	16933	BLACKLIST	URI request for known malicious URI - /root/9 frt.rar	off	off	off
1	17350	SERVER-ORACLE	Oracle Application Server forms arbitrary system command execution attempt	off	off	off
1	17819	BLACKLIST	DNS request for known malware domain motuh.com	off	off	off
1	17821	BLACKLIST	DNS request for known malware domain ketsymbol.com	off	off	off
1	17824	BLACKLIST	DNS request for known malware domain teenxmovs.net	off	off	off
1	17826	BLACKLIST	DNS request for known malware domain cheaps1.info	off	off	off
1	17827	BLACKLIST	DNS request for known malware domain sexmoviesland.net	off	off	off
1	17828	BLACKLIST	DNS request for known malware domain 67.201.36.16	off	off	off
1	17830	BLACKLIST	DNS request for known malware domain dickvsclit.net	off	off	off
1	17831	BLACKLIST	DNS request for known malware domain edrichfinearts.com	off	off	off
1	17834	BLACKLIST	DNS request for known malware domain 343.boolans.com	off	off	off
1	17835	BLACKLIST	DNS request for known malware domain xpresdnet.com	off	off	off
1	17836	BLACKLIST	DNS request for known malware domain gbsup.com	off	off	off
1	17837	BLACKLIST	DNS request for known malware domain xxsmovies.com	off	off	off
1	17838	BLACKLIST	DNS request for known malware domain vc.iwriteweb.com	off	off	off
1	17839	BLACKLIST	DNS request for known malware domain js.222233.com	off	off	off
1	17840	BLACKLIST	DNS request for known malware domain www.grannyplanet.com	off	off	off
1	17842	BLACKLIST	DNS request for known malware domain extrahotx.net	off	off	off
1	17843	BLACKLIST	DNS request for known malware domain extralargevideos.com	off	off	off
1	17844	BLACKLIST	DNS request for known malware domain www.derquda.com	off	off	off
1	17845	BLACKLIST	DNS request for known malware domain aahydrogen.com	off	off	off
1	17846	BLACKLIST	DNS request for known malware domain trumpetlicks.com	off	off	off
1	17847	BLACKLIST	DNS request for known malware domain mskla.com	off	off	off
1	17849	BLACKLIST	DNS request for known malware domain fuckersucker.com	off	off	off
1	17850	BLACKLIST	DNS request for known malware domain pornfucklist.com	off	off	off
1	17851	BLACKLIST	DNS request for known malware domain game.685faiudeme.com	off	off	off
1	17853	BLACKLIST	DNS request for known malware domain dommonview.com	off	off	off
1	17854	BLACKLIST	DNS request for known malware domain www.lamiaexragazza.com	off	off	off
1	17855	BLACKLIST	DNS request for known malware domain acofinder.com	off	off	off
1	17856	BLACKLIST	DNS request for known malware domain fuckfuckvids.com	off	off	off
1	17857	BLACKLIST	DNS request for known malware domain www.cnhack.cn	off	off	off
1	17858	BLACKLIST	DNS request for known malware domain kingsizematures.com	off	off	off
1	17859	BLACKLIST	DNS request for known malware domain promotds.com	off	off	off
1	17860	BLACKLIST	DNS request for known malware domain mejac.com	off	off	off
1	17863	BLACKLIST	DNS request for known malware domain rpt2.21civ.com	off	off	off
1	17864	BLACKLIST	DNS request for known malware domain tubexxxmatures.com	off	off	off
1	17866	BLACKLIST	DNS request for known malware domain aebankonline.com	off	off	off
1	17870	BLACKLIST	DNS request for known malware domain trojan8.com	off	off	off
1	17871	BLACKLIST	DNS request for known malware domain brutalxvideos.com	off	off	off
1	17872	BLACKLIST	DNS request for known malware domain www3.sexown.com	off	off	off
1	17873	BLACKLIST	DNS request for known malware domain mummimpegs.com	off	off	off
1	17874	BLACKLIST	DNS request for known malware domain f19dd4abb8b8bdf2.cn	off	off	off
1	17875	BLACKLIST	DNS request for known malware domain www.very-young-boys.com	off	off	off
1	17876	BLACKLIST	DNS request for known malware domain 91629.com	off	off	off
1	17878	BLACKLIST	DNS request for known malware domain ayb.host127-0-0-1.com	off	off	off
1	17879	BLACKLIST	DNS request for known malware domain cfg.353wanwan.com	off	off	off
1	17881	BLACKLIST	DNS request for known malware domain fucktosky.com	off	off	off
1	17882	BLACKLIST	DNS request for known malware domain procca.com	off	off	off
1	17883	BLACKLIST	DNS request for known malware domain autouploaders.net	off	off	off
1	17884	BLACKLIST	DNS request for known malware domain gimmemyporn.com	off	off	off
1	17885	BLACKLIST	DNS request for known malware domain waytoall.com	off	off	off
1	17886	BLACKLIST	DNS request for known malware domain www.spamature.com	off	off	off
1	17887	BLACKLIST	DNS request for known malware domain info.collectionerrorreport.com	off	off	off
1	17889	BLACKLIST	DNS request for known malware domain www.ajie520.com	off	off	off
1	17891	BLACKLIST	DNS request for known malware domain bestkind.ru	off	off	off
1	17893	BLACKLIST	DNS request for known malware domain www.zxc0001.com	off	off	off
1	17894	BLACKLIST	DNS request for known malware domain streq.cn	off	off	off
1	17895	BLACKLIST	DNS request for known malware domain pyow.prixi-soft.ir	off	off	off
1	17897	BLACKLIST	DNS request for known malware domain www.moneytw8.com	off	off	off
1	17898	BLACKLIST	URI request for known malicious URI - /get2.php?c=VTOXUGUI&d=	off	off	off
1	17899	BLACKLIST	URI request for known malicious URI - /reques0.asp?kind=006&mac=	off	off	off
1	17900	BLACKLIST	URI request for known malicious URI - /basic/cn3c2/c.*dll	off	off	off
1	17901	BLACKLIST	URI request for known malicious URI - /mybackup21.rar	off	off	off
1	17902	BLACKLIST	URI request for known malicious URI - /?getexe=loader.exe	off	off	off
1	17903	BLACKLIST	URI request for known malicious URI - stid=	off	off	off
1	17904	BLACKLIST	URI request for known malicious URI - /tongji.js	off	drop	drop
1	17905	BLACKLIST	URI request for known malicious URI - 1de49069b6044785e9dfcd4c035cfd0c.php	off	off	off
1	17906	BLACKLIST	URI request for known malicious URI - 2x/.*php	off	off	off
1	17907	BLACKLIST	URI request for known malicious URI - /MNG/Download/?File=AZF DATADIR Download	off	off	off
1	17908	BLACKLIST	URI request for known malicious URI - /images/crypt_22.exe	off	off	off
1	17909	BLACKLIST	URI request for known malicious URI - /images/css/1.exe	off	off	off
1	17910	BLACKLIST	URI request for known malicious URI - /7xdown.exe	off	off	off
1	17911	BLACKLIST	URI request for known malicious URI - /winhelper.exe	off	off	off
1	17912	BLACKLIST	URI request for known malicious URI - /upopwin/count.asp?mac=	off	off	off
1	17913	BLACKLIST	URI request for known malicious URI - /ok.exe	off	off	off
1	17914	BLACKLIST	URI request for known malicious URI - /LjBin/Bin.Dll	off	off	off
1	17915	BLACKLIST	URI request for known malicious URI - /1001ns/cfg3n.bin	off	off	off
1	17916	BLACKLIST	URI request for known malicious URI - /dh/stats.bin	off	off	off
1	17917	BLACKLIST	URI request for known malicious URI - /zeus/config.bin	off	off	off
1	18132	INDICATOR-OBFUSCATION	malware-associated JavaScript obfuscation function	off	off	off
1	18251	BLACKLIST	DNS request for known malware domain vcxde.com	off	off	off
1	18252	BLACKLIST	DNS request for known malware domain protectyourpc-11.com	off	off	off
1	18253	BLACKLIST	DNS request for known malware domain blogsmonitoringservice.com	off	off	off
1	18254	BLACKLIST	DNS request for known malware domain checkserverstux.com	off	off	off
1	18255	BLACKLIST	DNS request for known malware domain gopheisstoo.cc	off	off	off
1	18256	BLACKLIST	DNS request for known malware domain tutubest.com	off	off	off
1	18257	BLACKLIST	DNS request for known malware domain dns-check.biz	off	off	off
1	18258	BLACKLIST	DNS request for known malware domain ftuny.com	off	off	off
1	18259	BLACKLIST	DNS request for known malware domain whysohardx.com	off	off	off
1	18260	BLACKLIST	DNS request for known malware domain freenetgameonline.com	off	off	off
1	18336	BLACKLIST	User-Agent known malicious user-agent string gbot/2.3	off	off	off
1	18337	BLACKLIST	User-Agent known malicious user-agent string iamx/3.11	off	off	off
1	18338	BLACKLIST	User-Agent known malicious user-agent string NSISDL/1.2	off	off	off
1	18340	BLACKLIST	User-Agent known malicious user-agent string ClickAdsByIE 0.7.5	off	off	off
1	18341	BLACKLIST	User-Agent known malicious user-agent string UtilMind HTTPGet	off	off	off
1	18342	BLACKLIST	User-Agent known malicious user-agent string NSIS_DOWNLOAD	off	off	off
1	18343	BLACKLIST	User-Agent known malicious user-agent string WSEnrichment	off	off	off
1	18345	BLACKLIST	User-Agent known malicious user-agent string Macrovision_DM_2.4.15	off	off	off
1	18346	BLACKLIST	User-Agent known malicious user-agent string GPRecover	off	off	off
1	18347	BLACKLIST	User-Agent known malicious user-agent string AutoIt	off	off	off
1	18348	BLACKLIST	User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15	off	off	off
1	18349	BLACKLIST	User-Agent known malicious user-agent string Flipopia	off	off	off
1	18350	BLACKLIST	User-Agent known malicious user-agent string GabPath	off	off	off
1	18351	BLACKLIST	User-Agent known malicious user-agent string GPUpdater	off	off	off
1	18352	BLACKLIST	User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA	off	off	off
1	18353	BLACKLIST	User-Agent request for known PUA user agent - SelectRebates	off	drop	drop
1	18354	BLACKLIST	User-Agent known malicious user-agent string opera/8.11	off	off	off
1	18355	BLACKLIST	User-Agent known malicious user-agent string Se2011	off	off	off
1	18356	BLACKLIST	User-Agent known malicious user-agent string random	off	off	off
1	18357	BLACKLIST	User-Agent known malicious user-agent string Setup Factory	off	off	off
1	18358	BLACKLIST	User-Agent known malicious user-agent string NSIS_INETLOAD	off	off	off
1	18359	BLACKLIST	User-Agent known malicious user-agent string Shareaza	off	off	off
1	18360	BLACKLIST	User-Agent known malicious user-agent string Oncues	off	off	off
1	18361	BLACKLIST	User-Agent known malicious user-agent string Downloader1.1	off	off	off
1	18362	BLACKLIST	User-Agent known malicious user-agent string Search Toolbar 1.1	off	off	off
1	18363	BLACKLIST	User-Agent known malicious user-agent string GPRecover	off	off	off
1	18364	BLACKLIST	User-Agent known malicious user-agent string msndown	off	off	off
1	18365	BLACKLIST	User-Agent known malicious user-agent string Agentcc	off	off	off
1	18366	BLACKLIST	User-Agent known malicious user-agent string OCInstaller	off	off	off
1	18367	BLACKLIST	User-Agent known malicious user-agent string FPRecover	off	off	off
1	18368	BLACKLIST	User-Agent known malicious user-agent string Our_Agent	off	off	off
1	18369	BLACKLIST	User-Agent known malicious user-agent string iexp-get	off	off	off
1	18370	BLACKLIST	User-Agent known malicious user-agent string Mozilla Windows MSIE	off	off	off
1	18371	BLACKLIST	User-Agent known malicious user-agent string QvodDown	off	off	off
1	18373	BLACKLIST	User-Agent known malicious user-agent string Installer	off	off	off
1	18374	BLACKLIST	User-Agent known malicious user-agent string SurfBear	off	off	off
1	18375	BLACKLIST	User-Agent known malicious user-agent string HTTP Wininet	off	off	off
1	18376	BLACKLIST	User-Agent known malicious user-agent string Trololo	off	off	off
1	18377	BLACKLIST	User-Agent known malicious user-agent string malware	off	off	off
1	18378	BLACKLIST	User-Agent known malicious user-agent string AutoHotkey	off	off	off
1	18379	BLACKLIST	User-Agent known malicious user-agent string AskInstallChecker	off	off	off
1	18380	BLACKLIST	User-Agent known malicious user-agent string FPUpdater	off	off	off
1	18381	BLACKLIST	User-Agent known malicious user-agent string Travel Update	off	off	off
1	18382	BLACKLIST	User-Agent known malicious user-agent string WMUpdate	off	off	off
1	18383	BLACKLIST	User-Agent known malicious user-agent string GPInstaller	off	off	off
1	18385	BLACKLIST	User-Agent known malicious user-agent string HTTPCSDCENTER	off	off	off
1	18386	BLACKLIST	User-Agent known malicious user-agent string AHTTPConnection	off	off	off
1	18387	BLACKLIST	User-Agent known malicious user-agent string dwplayer	off	off	off
1	18388	BLACKLIST	User-Agent known malicious user-agent string RookIE/1.0	off	drop	drop
1	18389	BLACKLIST	User-Agent known malicious user-agent string 3653Client	off	off	off
1	18390	BLACKLIST	User-Agent known malicious user-agent string Delphi 5.x	off	off	off
1	18391	BLACKLIST	User-Agent known malicious user-agent string MyLove	off	off	off
1	18392	BLACKLIST	User-Agent known malicious user-agent string qixi	off	off	off
1	18393	BLACKLIST	User-Agent known malicious user-agent string vyre32	off	off	off
1	18394	BLACKLIST	User-Agent known malicious user-agent string OCRecover	off	off	off
1	18395	BLACKLIST	User-Agent known malicious user-agent string Duckling/1.0	off	off	off
1	18492	BLACKLIST	DNS request for known malware domain ilo.brenz.pl - Win.Trojan.Ramnit	off	off	off
1	18774	MALWARE-CNC	URI request for known malicious URI	off	off	off
1	18775	MALWARE-CNC	URI request for known malicious URI - /gpdcount	off	off	off
1	23157	EXPLOIT-KIT	Nuclear Pack exploit kit binary download	off	drop	drop
1	23218	EXPLOIT-KIT	Redkit Repeated Exploit Request Pattern	off	alert	alert
1	23636	INDICATOR-OBFUSCATION	JavaScript built-in function parseInt appears obfuscated - likely packer or encoder	off	off	off
1	35316	BLACKLIST	User-Agent known malicious user-agent string EI Plugin updater	off	drop	drop
1	37273	FILE-OFFICE	Microsoft Office RTF parser heap overflow attempt	off	drop	drop
1	37274	FILE-OFFICE	Microsoft Office RTF parser heap overflow attempt	off	drop	drop
1	39710	BLACKLIST	User-Agent known malicious user-agent string mozilla/2.0	off	drop	drop
1	40366	BROWSER-IE	Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt	off	off	drop
1	40367	BROWSER-IE	Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt	off	off	drop
1	41515	POLICY-OTHER	McAfee Virus Scan Linux outdated version detected	off	drop	drop

**Medium Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.
1	23156	EXPLOIT-KIT	Nuclear Pack exploit kit landing page	off	off	drop
1	24103	MALWARE-OTHER	HTTP POST request to a JPG file	off	off	off
1	24104	MALWARE-OTHER	HTTP POST request to a JPEG file	off	off	off
1	24105	MALWARE-OTHER	HTTP POST request to a GIF file	off	off	off
1	24106	MALWARE-OTHER	HTTP POST request to a PNG file	off	off	off
1	24107	MALWARE-OTHER	HTTP POST request to a BMP file	off	off	alert
1	24108	MALWARE-OTHER	HTTP POST request to a RAR file	off	off	off
1	24109	MALWARE-OTHER	HTTP POST request to a ZIP file	off	off	off
1	24110	MALWARE-OTHER	HTTP POST request to an MP3 file	off	off	off
1	35780	FILE-PDF	Adobe Reader out of bounds memory read attempt	off	drop	drop

**Low Priority**
GID	SID	Rule Group	Rule Message	Policy State
GID	SID	Rule Group	Rule Message	Con.	Bal.	Sec.
1	23113	INDICATOR-OBFUSCATION	eval gzinflate base64_decode call - likely malicious	off	off	off
1	23114	INDICATOR-OBFUSCATION	GIF header with PHP tags - likely malicious	off	off	off