* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-05-03-001
Previous SRU number: 2017-05-01-002
Applies to:
This SEU number: 1666
Previous SEU: 1665
Applies to:
This is the complete list of rules added in SRU 2017-05-03-001 and SEU 1666.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 3 | 42432 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0328 attack attempt | off | off | drop |
| 3 | 42433 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0328 attack attempt | off | off | drop |
| 3 | 42434 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0328 attack attempt | off | off | drop |
| 3 | 42435 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0330 attack attempt | off | off | drop |
| 3 | 42436 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0330 attack attempt | off | off | drop |
| 3 | 42437 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0331 attack attempt | off | off | drop |
| 3 | 42438 | SERVER-MAIL | IBM Domino BMP parsing integer overflow attempt | off | drop | drop |
| 1 | 42439 | MALWARE-CNC | Win.Trojan.Axespec outbound request | off | drop | drop |
| 1 | 42440 | OS-WINDOWS | Microsoft Jet DB Engine Buffer Overflow attempt | off | off | off |
| 1 | 42441 | OS-WINDOWS | Microsoft Jet DB Engine Buffer Overflow attempt | off | off | off |
| 1 | 42442 | OS-WINDOWS | Microsoft Jet DB Engine Buffer Overflow attempt | off | off | off |
| 1 | 42443 | OS-WINDOWS | Microsoft Jet DB Engine Buffer Overflow attempt | off | drop | drop |
| 1 | 42444 | OS-WINDOWS | Microsoft Jet DB Engine Buffer Overflow attempt | off | off | off |
| 1 | 42445 | OS-WINDOWS | Microsoft Jet DB Engine Buffer Overflow attempt | off | off | off |
| 1 | 42446 | OS-WINDOWS | Microsoft Jet DB Engine Buffer Overflow attempt | off | off | off |
| 1 | 42447 | MALWARE-CNC | Win.Trojan.Batlopma variant outbound connection attempt | off | drop | drop |
| 1 | 42448 | BROWSER-IE | Microsoft Internet Explorer deleted object access memory corruption attempt | off | off | off |
| 1 | 42449 | BROWSER-IE | Microsoft Internet Explorer deleted object access memory corruption attempt | off | off | off |
| 1 | 42450 | BROWSER-IE | Microsoft Internet Explorer deleted object access memory corruption attempt | off | off | off |
| 1 | 42451 | SERVER-WEBAPP | MCA Sistemas ScadaBR index.php brute force login attempt | off | off | off |
| 1 | 42452 | MALWARE-CNC | Win.Trojan.Frethog variant outbound connection attempt | off | drop | drop |
| 1 | 42453 | MALWARE-CNC | Win.Trojan.Frethog variant inbound connection attempt | off | drop | drop |
| 1 | 42454 | BLACKLIST | User-Agent known malicious user-agent string - Frethog | off | drop | drop |
| 1 | 42455 | SERVER-WEBAPP | Unitrends Enterprise Backup Appliance password.php command injection attempt | off | off | drop |
| 1 | 42456 | SERVER-WEBAPP | Unitrends Enterprise Backup Appliance password.php command injection attempt | off | off | drop |
| 1 | 42457 | SERVER-WEBAPP | Unitrends Enterprise Backup Appliance password.php command injection attempt | off | off | drop |
| 1 | 42461 | SERVER-WEBAPP | Unitrends Enterprise Backup Appliance reports.php PHP file injection attempt | off | off | drop |
| 1 | 42462 | SERVER-WEBAPP | Unitrends Enterprise Backup Appliance reports.php directory traversal attempt | off | off | drop |
| 1 | 42465 | SERVER-WEBAPP | triple dot directory traversal attempt | off | off | off |
| 1 | 42467 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42468 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42469 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42470 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42471 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42472 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42473 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42474 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42477 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42478 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42479 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42480 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42481 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42482 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42483 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42484 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42485 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42486 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42487 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 1 | 42488 | SERVER-WEBAPP | Edimax 802.11AC repeater command injection attempt | off | off | drop |
| 3 | 42489 | SERVER-OTHER | Cisco Aironet Mobility Express PnP agent directory traversal attempt | off | off | drop |
| 1 | 42490 | POLICY-OTHER | Intel AMT remote administration tool access attempt | off | off | off |
| 1 | 42491 | POLICY-OTHER | Intel AMT remote administration tool access attempt | off | off | off |
| 1 | 42492 | APP-DETECT | Intel AMT DHCP boot request detected | off | off | off |
| 3 | 42493 | SERVER-OTHER | Cisco CVR100W VPN Router SSDP uuid stack buffer overflow attempt | off | off | drop |
| 1 | 42494 | FILE-EXECUTABLE | XOR 0x01 encrypted portable executable file download attempt | off | off | off |
| 1 | 42495 | FILE-EXECUTABLE | XOR 0x02 encrypted portable executable file download attempt | off | off | off |
| 1 | 42496 | FILE-EXECUTABLE | XOR 0x03 encrypted portable executable file download attempt | off | off | off |
| 1 | 42497 | FILE-EXECUTABLE | XOR 0x04 encrypted portable executable file download attempt | off | off | off |
| 1 | 42498 | FILE-EXECUTABLE | XOR 0x05 encrypted portable executable file download attempt | off | off | off |
| 1 | 42499 | FILE-EXECUTABLE | XOR 0x06 encrypted portable executable file download attempt | off | off | off |
| 1 | 42500 | FILE-EXECUTABLE | XOR 0x07 encrypted portable executable file download attempt | off | off | off |
| 1 | 42501 | FILE-EXECUTABLE | XOR 0x08 encrypted portable executable file download attempt | off | off | off |
| 1 | 42502 | FILE-EXECUTABLE | XOR 0x09 encrypted portable executable file download attempt | off | off | off |
| 1 | 42503 | FILE-EXECUTABLE | XOR 0x0a encrypted portable executable file download attempt | off | off | off |
| 1 | 42504 | FILE-EXECUTABLE | XOR 0x0b encrypted portable executable file download attempt | off | off | off |
| 1 | 42505 | FILE-EXECUTABLE | XOR 0x0c encrypted portable executable file download attempt | off | off | off |
| 1 | 42506 | FILE-EXECUTABLE | XOR 0x0d encrypted portable executable file download attempt | off | off | off |
| 1 | 42507 | FILE-EXECUTABLE | XOR 0x0e encrypted portable executable file download attempt | off | off | off |
| 1 | 42508 | FILE-EXECUTABLE | XOR 0x0f encrypted portable executable file download attempt | off | off | off |
| 1 | 42509 | FILE-EXECUTABLE | XOR 0x10 encrypted portable executable file download attempt | off | off | off |
| 1 | 42510 | FILE-EXECUTABLE | XOR 0x11 encrypted portable executable file download attempt | off | off | off |
| 1 | 42511 | FILE-EXECUTABLE | XOR 0x12 encrypted portable executable file download attempt | off | off | off |
| 1 | 42512 | FILE-EXECUTABLE | XOR 0x13 encrypted portable executable file download attempt | off | off | off |
| 1 | 42513 | FILE-EXECUTABLE | XOR 0x14 encrypted portable executable file download attempt | off | off | off |
| 1 | 42514 | FILE-EXECUTABLE | XOR 0x15 encrypted portable executable file download attempt | off | off | off |
| 1 | 42515 | FILE-EXECUTABLE | XOR 0x16 encrypted portable executable file download attempt | off | off | off |
| 1 | 42516 | FILE-EXECUTABLE | XOR 0x17 encrypted portable executable file download attempt | off | off | off |
| 1 | 42517 | FILE-EXECUTABLE | XOR 0x18 encrypted portable executable file download attempt | off | off | off |
| 1 | 42518 | FILE-EXECUTABLE | XOR 0x19 encrypted portable executable file download attempt | off | off | off |
| 1 | 42519 | FILE-EXECUTABLE | XOR 0x1a encrypted portable executable file download attempt | off | off | off |
| 1 | 42520 | FILE-EXECUTABLE | XOR 0x1b encrypted portable executable file download attempt | off | off | off |
| 1 | 42521 | FILE-EXECUTABLE | XOR 0x1c encrypted portable executable file download attempt | off | off | off |
| 1 | 42522 | FILE-EXECUTABLE | XOR 0x1d encrypted portable executable file download attempt | off | off | off |
| 1 | 42523 | FILE-EXECUTABLE | XOR 0x1e encrypted portable executable file download attempt | off | off | off |
| 1 | 42524 | FILE-EXECUTABLE | XOR 0x1f encrypted portable executable file download attempt | off | off | off |
| 1 | 42525 | FILE-EXECUTABLE | XOR 0x20 encrypted portable executable file download attempt | off | off | off |
| 1 | 42526 | FILE-EXECUTABLE | XOR 0x21 encrypted portable executable file download attempt | off | off | off |
| 1 | 42527 | FILE-EXECUTABLE | XOR 0x22 encrypted portable executable file download attempt | off | off | off |
| 1 | 42528 | FILE-EXECUTABLE | XOR 0x23 encrypted portable executable file download attempt | off | off | off |
| 1 | 42529 | FILE-EXECUTABLE | XOR 0x24 encrypted portable executable file download attempt | off | off | off |
| 1 | 42530 | FILE-EXECUTABLE | XOR 0x25 encrypted portable executable file download attempt | off | off | off |
| 1 | 42531 | FILE-EXECUTABLE | XOR 0x26 encrypted portable executable file download attempt | off | off | off |
| 1 | 42532 | FILE-EXECUTABLE | XOR 0x27 encrypted portable executable file download attempt | off | off | off |
| 1 | 42533 | FILE-EXECUTABLE | XOR 0x28 encrypted portable executable file download attempt | off | off | off |
| 1 | 42534 | FILE-EXECUTABLE | XOR 0x29 encrypted portable executable file download attempt | off | off | off |
| 1 | 42535 | FILE-EXECUTABLE | XOR 0x2a encrypted portable executable file download attempt | off | off | off |
| 1 | 42536 | FILE-EXECUTABLE | XOR 0x2b encrypted portable executable file download attempt | off | off | off |
| 1 | 42537 | FILE-EXECUTABLE | XOR 0x2c encrypted portable executable file download attempt | off | off | off |
| 1 | 42538 | FILE-EXECUTABLE | XOR 0x2d encrypted portable executable file download attempt | off | off | off |
| 1 | 42539 | FILE-EXECUTABLE | XOR 0x2e encrypted portable executable file download attempt | off | off | off |
| 1 | 42540 | FILE-EXECUTABLE | XOR 0x2f encrypted portable executable file download attempt | off | off | off |
| 1 | 42541 | FILE-EXECUTABLE | XOR 0x30 encrypted portable executable file download attempt | off | off | off |
| 1 | 42542 | FILE-EXECUTABLE | XOR 0x31 encrypted portable executable file download attempt | off | off | off |
| 1 | 42543 | FILE-EXECUTABLE | XOR 0x32 encrypted portable executable file download attempt | off | off | off |
| 1 | 42544 | FILE-EXECUTABLE | XOR 0x33 encrypted portable executable file download attempt | off | off | off |
| 1 | 42545 | FILE-EXECUTABLE | XOR 0x34 encrypted portable executable file download attempt | off | off | off |
| 1 | 42546 | FILE-EXECUTABLE | XOR 0x35 encrypted portable executable file download attempt | off | off | off |
| 1 | 42547 | FILE-EXECUTABLE | XOR 0x36 encrypted portable executable file download attempt | off | off | off |
| 1 | 42548 | FILE-EXECUTABLE | XOR 0x37 encrypted portable executable file download attempt | off | off | off |
| 1 | 42549 | FILE-EXECUTABLE | XOR 0x38 encrypted portable executable file download attempt | off | off | off |
| 1 | 42550 | FILE-EXECUTABLE | XOR 0x39 encrypted portable executable file download attempt | off | off | off |
| 1 | 42551 | FILE-EXECUTABLE | XOR 0x3a encrypted portable executable file download attempt | off | off | off |
| 1 | 42552 | FILE-EXECUTABLE | XOR 0x3b encrypted portable executable file download attempt | off | off | off |
| 1 | 42553 | FILE-EXECUTABLE | XOR 0x3c encrypted portable executable file download attempt | off | off | off |
| 1 | 42554 | FILE-EXECUTABLE | XOR 0x3d encrypted portable executable file download attempt | off | off | off |
| 1 | 42555 | FILE-EXECUTABLE | XOR 0x3e encrypted portable executable file download attempt | off | off | off |
| 1 | 42556 | FILE-EXECUTABLE | XOR 0x3f encrypted portable executable file download attempt | off | off | off |
| 1 | 42557 | FILE-EXECUTABLE | XOR 0x40 encrypted portable executable file download attempt | off | off | off |
| 1 | 42558 | FILE-EXECUTABLE | XOR 0x41 encrypted portable executable file download attempt | off | off | off |
| 1 | 42559 | FILE-EXECUTABLE | XOR 0x42 encrypted portable executable file download attempt | off | off | off |
| 1 | 42560 | FILE-EXECUTABLE | XOR 0x43 encrypted portable executable file download attempt | off | off | off |
| 1 | 42561 | FILE-EXECUTABLE | XOR 0x44 encrypted portable executable file download attempt | off | off | off |
| 1 | 42562 | FILE-EXECUTABLE | XOR 0x45 encrypted portable executable file download attempt | off | off | off |
| 1 | 42563 | FILE-EXECUTABLE | XOR 0x46 encrypted portable executable file download attempt | off | off | off |
| 1 | 42564 | FILE-EXECUTABLE | XOR 0x47 encrypted portable executable file download attempt | off | off | off |
| 1 | 42565 | FILE-EXECUTABLE | XOR 0x48 encrypted portable executable file download attempt | off | off | off |
| 1 | 42566 | FILE-EXECUTABLE | XOR 0x49 encrypted portable executable file download attempt | off | off | off |
| 1 | 42567 | FILE-EXECUTABLE | XOR 0x4a encrypted portable executable file download attempt | off | off | off |
| 1 | 42568 | FILE-EXECUTABLE | XOR 0x4b encrypted portable executable file download attempt | off | off | off |
| 1 | 42569 | FILE-EXECUTABLE | XOR 0x4c encrypted portable executable file download attempt | off | off | off |
| 1 | 42570 | FILE-EXECUTABLE | XOR 0x4d encrypted portable executable file download attempt | off | off | off |
| 1 | 42571 | FILE-EXECUTABLE | XOR 0x4e encrypted portable executable file download attempt | off | off | off |
| 1 | 42572 | FILE-EXECUTABLE | XOR 0x4f encrypted portable executable file download attempt | off | off | off |
| 1 | 42573 | FILE-EXECUTABLE | XOR 0x50 encrypted portable executable file download attempt | off | off | off |
| 1 | 42574 | FILE-EXECUTABLE | XOR 0x51 encrypted portable executable file download attempt | off | off | off |
| 1 | 42575 | FILE-EXECUTABLE | XOR 0x52 encrypted portable executable file download attempt | off | off | off |
| 1 | 42576 | FILE-EXECUTABLE | XOR 0x53 encrypted portable executable file download attempt | off | off | off |
| 1 | 42577 | FILE-EXECUTABLE | XOR 0x54 encrypted portable executable file download attempt | off | off | off |
| 1 | 42578 | FILE-EXECUTABLE | XOR 0x55 encrypted portable executable file download attempt | off | off | off |
| 1 | 42579 | FILE-EXECUTABLE | XOR 0x56 encrypted portable executable file download attempt | off | off | off |
| 1 | 42580 | FILE-EXECUTABLE | XOR 0x57 encrypted portable executable file download attempt | off | off | off |
| 1 | 42581 | FILE-EXECUTABLE | XOR 0x58 encrypted portable executable file download attempt | off | off | off |
| 1 | 42582 | FILE-EXECUTABLE | XOR 0x59 encrypted portable executable file download attempt | off | off | off |
| 1 | 42583 | FILE-EXECUTABLE | XOR 0x5a encrypted portable executable file download attempt | off | off | off |
| 1 | 42584 | FILE-EXECUTABLE | XOR 0x5b encrypted portable executable file download attempt | off | off | off |
| 1 | 42585 | FILE-EXECUTABLE | XOR 0x5c encrypted portable executable file download attempt | off | off | off |
| 1 | 42586 | FILE-EXECUTABLE | XOR 0x5d encrypted portable executable file download attempt | off | off | off |
| 1 | 42587 | FILE-EXECUTABLE | XOR 0x5e encrypted portable executable file download attempt | off | off | off |
| 1 | 42588 | FILE-EXECUTABLE | XOR 0x5f encrypted portable executable file download attempt | off | off | off |
| 1 | 42589 | FILE-EXECUTABLE | XOR 0x60 encrypted portable executable file download attempt | off | off | off |
| 1 | 42590 | FILE-EXECUTABLE | XOR 0x61 encrypted portable executable file download attempt | off | off | off |
| 1 | 42591 | FILE-EXECUTABLE | XOR 0x62 encrypted portable executable file download attempt | off | off | off |
| 1 | 42592 | FILE-EXECUTABLE | XOR 0x63 encrypted portable executable file download attempt | off | off | off |
| 1 | 42593 | FILE-EXECUTABLE | XOR 0x64 encrypted portable executable file download attempt | off | off | off |
| 1 | 42594 | FILE-EXECUTABLE | XOR 0x65 encrypted portable executable file download attempt | off | off | off |
| 1 | 42595 | FILE-EXECUTABLE | XOR 0x66 encrypted portable executable file download attempt | off | off | off |
| 1 | 42596 | FILE-EXECUTABLE | XOR 0x67 encrypted portable executable file download attempt | off | off | off |
| 1 | 42597 | FILE-EXECUTABLE | XOR 0x68 encrypted portable executable file download attempt | off | off | off |
| 1 | 42598 | FILE-EXECUTABLE | XOR 0x69 encrypted portable executable file download attempt | off | off | off |
| 1 | 42599 | FILE-EXECUTABLE | XOR 0x6a encrypted portable executable file download attempt | off | off | off |
| 1 | 42600 | FILE-EXECUTABLE | XOR 0x6b encrypted portable executable file download attempt | off | off | off |
| 1 | 42601 | FILE-EXECUTABLE | XOR 0x6c encrypted portable executable file download attempt | off | off | off |
| 1 | 42602 | FILE-EXECUTABLE | XOR 0x6d encrypted portable executable file download attempt | off | off | off |
| 1 | 42603 | FILE-EXECUTABLE | XOR 0x6e encrypted portable executable file download attempt | off | off | off |
| 1 | 42604 | FILE-EXECUTABLE | XOR 0x6f encrypted portable executable file download attempt | off | off | off |
| 1 | 42605 | FILE-EXECUTABLE | XOR 0x70 encrypted portable executable file download attempt | off | off | off |
| 1 | 42606 | FILE-EXECUTABLE | XOR 0x71 encrypted portable executable file download attempt | off | off | off |
| 1 | 42607 | FILE-EXECUTABLE | XOR 0x72 encrypted portable executable file download attempt | off | off | off |
| 1 | 42608 | FILE-EXECUTABLE | XOR 0x73 encrypted portable executable file download attempt | off | off | off |
| 1 | 42609 | FILE-EXECUTABLE | XOR 0x74 encrypted portable executable file download attempt | off | off | off |
| 1 | 42610 | FILE-EXECUTABLE | XOR 0x75 encrypted portable executable file download attempt | off | off | off |
| 1 | 42611 | FILE-EXECUTABLE | XOR 0x76 encrypted portable executable file download attempt | off | off | off |
| 1 | 42612 | FILE-EXECUTABLE | XOR 0x77 encrypted portable executable file download attempt | off | off | off |
| 1 | 42613 | FILE-EXECUTABLE | XOR 0x78 encrypted portable executable file download attempt | off | off | off |
| 1 | 42614 | FILE-EXECUTABLE | XOR 0x79 encrypted portable executable file download attempt | off | off | off |
| 1 | 42615 | FILE-EXECUTABLE | XOR 0x7a encrypted portable executable file download attempt | off | off | off |
| 1 | 42616 | FILE-EXECUTABLE | XOR 0x7b encrypted portable executable file download attempt | off | off | off |
| 1 | 42617 | FILE-EXECUTABLE | XOR 0x7c encrypted portable executable file download attempt | off | off | off |
| 1 | 42618 | FILE-EXECUTABLE | XOR 0x7d encrypted portable executable file download attempt | off | off | off |
| 1 | 42619 | FILE-EXECUTABLE | XOR 0x7e encrypted portable executable file download attempt | off | off | off |
| 1 | 42620 | FILE-EXECUTABLE | XOR 0x7f encrypted portable executable file download attempt | off | off | off |
| 1 | 42621 | FILE-EXECUTABLE | XOR 0x80 encrypted portable executable file download attempt | off | off | off |
| 1 | 42622 | FILE-EXECUTABLE | XOR 0x81 encrypted portable executable file download attempt | off | off | off |
| 1 | 42623 | FILE-EXECUTABLE | XOR 0x82 encrypted portable executable file download attempt | off | off | off |
| 1 | 42624 | FILE-EXECUTABLE | XOR 0x83 encrypted portable executable file download attempt | off | off | off |
| 1 | 42625 | FILE-EXECUTABLE | XOR 0x84 encrypted portable executable file download attempt | off | off | off |
| 1 | 42626 | FILE-EXECUTABLE | XOR 0x85 encrypted portable executable file download attempt | off | off | off |
| 1 | 42627 | FILE-EXECUTABLE | XOR 0x86 encrypted portable executable file download attempt | off | off | off |
| 1 | 42628 | FILE-EXECUTABLE | XOR 0x87 encrypted portable executable file download attempt | off | off | off |
| 1 | 42629 | FILE-EXECUTABLE | XOR 0x88 encrypted portable executable file download attempt | off | off | off |
| 1 | 42630 | FILE-EXECUTABLE | XOR 0x89 encrypted portable executable file download attempt | off | off | off |
| 1 | 42631 | FILE-EXECUTABLE | XOR 0x8a encrypted portable executable file download attempt | off | off | off |
| 1 | 42632 | FILE-EXECUTABLE | XOR 0x8b encrypted portable executable file download attempt | off | off | off |
| 1 | 42633 | FILE-EXECUTABLE | XOR 0x8c encrypted portable executable file download attempt | off | off | off |
| 1 | 42634 | FILE-EXECUTABLE | XOR 0x8d encrypted portable executable file download attempt | off | off | off |
| 1 | 42635 | FILE-EXECUTABLE | XOR 0x8e encrypted portable executable file download attempt | off | off | off |
| 1 | 42636 | FILE-EXECUTABLE | XOR 0x8f encrypted portable executable file download attempt | off | off | off |
| 1 | 42637 | FILE-EXECUTABLE | XOR 0x90 encrypted portable executable file download attempt | off | off | off |
| 1 | 42638 | FILE-EXECUTABLE | XOR 0x91 encrypted portable executable file download attempt | off | off | off |
| 1 | 42639 | FILE-EXECUTABLE | XOR 0x92 encrypted portable executable file download attempt | off | off | off |
| 1 | 42640 | FILE-EXECUTABLE | XOR 0x93 encrypted portable executable file download attempt | off | off | off |
| 1 | 42641 | FILE-EXECUTABLE | XOR 0x94 encrypted portable executable file download attempt | off | off | off |
| 1 | 42642 | FILE-EXECUTABLE | XOR 0x95 encrypted portable executable file download attempt | off | off | off |
| 1 | 42643 | FILE-EXECUTABLE | XOR 0x96 encrypted portable executable file download attempt | off | off | off |
| 1 | 42644 | FILE-EXECUTABLE | XOR 0x97 encrypted portable executable file download attempt | off | off | off |
| 1 | 42645 | FILE-EXECUTABLE | XOR 0x98 encrypted portable executable file download attempt | off | off | off |
| 1 | 42646 | FILE-EXECUTABLE | XOR 0x99 encrypted portable executable file download attempt | off | off | off |
| 1 | 42647 | FILE-EXECUTABLE | XOR 0x9a encrypted portable executable file download attempt | off | off | off |
| 1 | 42648 | FILE-EXECUTABLE | XOR 0x9b encrypted portable executable file download attempt | off | off | off |
| 1 | 42649 | FILE-EXECUTABLE | XOR 0x9c encrypted portable executable file download attempt | off | off | off |
| 1 | 42650 | FILE-EXECUTABLE | XOR 0x9d encrypted portable executable file download attempt | off | off | off |
| 1 | 42651 | FILE-EXECUTABLE | XOR 0x9e encrypted portable executable file download attempt | off | off | off |
| 1 | 42652 | FILE-EXECUTABLE | XOR 0x9f encrypted portable executable file download attempt | off | off | off |
| 1 | 42653 | FILE-EXECUTABLE | XOR 0xa0 encrypted portable executable file download attempt | off | off | off |
| 1 | 42654 | FILE-EXECUTABLE | XOR 0xa1 encrypted portable executable file download attempt | off | off | off |
| 1 | 42655 | FILE-EXECUTABLE | XOR 0xa2 encrypted portable executable file download attempt | off | off | off |
| 1 | 42656 | FILE-EXECUTABLE | XOR 0xa3 encrypted portable executable file download attempt | off | off | off |
| 1 | 42657 | FILE-EXECUTABLE | XOR 0xa4 encrypted portable executable file download attempt | off | off | off |
| 1 | 42658 | FILE-EXECUTABLE | XOR 0xa5 encrypted portable executable file download attempt | off | off | off |
| 1 | 42659 | FILE-EXECUTABLE | XOR 0xa6 encrypted portable executable file download attempt | off | off | off |
| 1 | 42660 | FILE-EXECUTABLE | XOR 0xa7 encrypted portable executable file download attempt | off | off | off |
| 1 | 42661 | FILE-EXECUTABLE | XOR 0xa8 encrypted portable executable file download attempt | off | off | off |
| 1 | 42662 | FILE-EXECUTABLE | XOR 0xa9 encrypted portable executable file download attempt | off | off | off |
| 1 | 42663 | FILE-EXECUTABLE | XOR 0xaa encrypted portable executable file download attempt | off | off | off |
| 1 | 42664 | FILE-EXECUTABLE | XOR 0xab encrypted portable executable file download attempt | off | off | off |
| 1 | 42665 | FILE-EXECUTABLE | XOR 0xac encrypted portable executable file download attempt | off | off | off |
| 1 | 42666 | FILE-EXECUTABLE | XOR 0xad encrypted portable executable file download attempt | off | off | off |
| 1 | 42667 | FILE-EXECUTABLE | XOR 0xae encrypted portable executable file download attempt | off | off | off |
| 1 | 42668 | FILE-EXECUTABLE | XOR 0xaf encrypted portable executable file download attempt | off | off | off |
| 1 | 42669 | FILE-EXECUTABLE | XOR 0xb0 encrypted portable executable file download attempt | off | off | off |
| 1 | 42670 | FILE-EXECUTABLE | XOR 0xb1 encrypted portable executable file download attempt | off | off | off |
| 1 | 42671 | FILE-EXECUTABLE | XOR 0xb2 encrypted portable executable file download attempt | off | off | off |
| 1 | 42672 | FILE-EXECUTABLE | XOR 0xb3 encrypted portable executable file download attempt | off | off | off |
| 1 | 42673 | FILE-EXECUTABLE | XOR 0xb4 encrypted portable executable file download attempt | off | off | off |
| 1 | 42674 | FILE-EXECUTABLE | XOR 0xb5 encrypted portable executable file download attempt | off | off | off |
| 1 | 42675 | FILE-EXECUTABLE | XOR 0xb6 encrypted portable executable file download attempt | off | off | off |
| 1 | 42676 | FILE-EXECUTABLE | XOR 0xb7 encrypted portable executable file download attempt | off | off | off |
| 1 | 42677 | FILE-EXECUTABLE | XOR 0xb8 encrypted portable executable file download attempt | off | off | off |
| 1 | 42678 | FILE-EXECUTABLE | XOR 0xb9 encrypted portable executable file download attempt | off | off | off |
| 1 | 42679 | FILE-EXECUTABLE | XOR 0xba encrypted portable executable file download attempt | off | off | off |
| 1 | 42680 | FILE-EXECUTABLE | XOR 0xbb encrypted portable executable file download attempt | off | off | off |
| 1 | 42681 | FILE-EXECUTABLE | XOR 0xbc encrypted portable executable file download attempt | off | off | off |
| 1 | 42682 | FILE-EXECUTABLE | XOR 0xbd encrypted portable executable file download attempt | off | off | off |
| 1 | 42683 | FILE-EXECUTABLE | XOR 0xbe encrypted portable executable file download attempt | off | off | off |
| 1 | 42684 | FILE-EXECUTABLE | XOR 0xbf encrypted portable executable file download attempt | off | off | off |
| 1 | 42685 | FILE-EXECUTABLE | XOR 0xc0 encrypted portable executable file download attempt | off | off | off |
| 1 | 42686 | FILE-EXECUTABLE | XOR 0xc1 encrypted portable executable file download attempt | off | off | off |
| 1 | 42687 | FILE-EXECUTABLE | XOR 0xc2 encrypted portable executable file download attempt | off | off | off |
| 1 | 42688 | FILE-EXECUTABLE | XOR 0xc3 encrypted portable executable file download attempt | off | off | off |
| 1 | 42689 | FILE-EXECUTABLE | XOR 0xc4 encrypted portable executable file download attempt | off | off | off |
| 1 | 42690 | FILE-EXECUTABLE | XOR 0xc5 encrypted portable executable file download attempt | off | off | off |
| 1 | 42691 | FILE-EXECUTABLE | XOR 0xc6 encrypted portable executable file download attempt | off | off | off |
| 1 | 42692 | FILE-EXECUTABLE | XOR 0xc7 encrypted portable executable file download attempt | off | off | off |
| 1 | 42693 | FILE-EXECUTABLE | XOR 0xc8 encrypted portable executable file download attempt | off | off | off |
| 1 | 42694 | FILE-EXECUTABLE | XOR 0xc9 encrypted portable executable file download attempt | off | off | off |
| 1 | 42695 | FILE-EXECUTABLE | XOR 0xca encrypted portable executable file download attempt | off | off | off |
| 1 | 42696 | FILE-EXECUTABLE | XOR 0xcb encrypted portable executable file download attempt | off | off | off |
| 1 | 42697 | FILE-EXECUTABLE | XOR 0xcc encrypted portable executable file download attempt | off | off | off |
| 1 | 42698 | FILE-EXECUTABLE | XOR 0xcd encrypted portable executable file download attempt | off | off | off |
| 1 | 42699 | FILE-EXECUTABLE | XOR 0xce encrypted portable executable file download attempt | off | off | off |
| 1 | 42700 | FILE-EXECUTABLE | XOR 0xcf encrypted portable executable file download attempt | off | off | off |
| 1 | 42701 | FILE-EXECUTABLE | XOR 0xd0 encrypted portable executable file download attempt | off | off | off |
| 1 | 42702 | FILE-EXECUTABLE | XOR 0xd1 encrypted portable executable file download attempt | off | off | off |
| 1 | 42703 | FILE-EXECUTABLE | XOR 0xd2 encrypted portable executable file download attempt | off | off | off |
| 1 | 42704 | FILE-EXECUTABLE | XOR 0xd3 encrypted portable executable file download attempt | off | off | off |
| 1 | 42705 | FILE-EXECUTABLE | XOR 0xd4 encrypted portable executable file download attempt | off | off | off |
| 1 | 42706 | FILE-EXECUTABLE | XOR 0xd5 encrypted portable executable file download attempt | off | off | off |
| 1 | 42707 | FILE-EXECUTABLE | XOR 0xd6 encrypted portable executable file download attempt | off | off | off |
| 1 | 42708 | FILE-EXECUTABLE | XOR 0xd7 encrypted portable executable file download attempt | off | off | off |
| 1 | 42709 | FILE-EXECUTABLE | XOR 0xd8 encrypted portable executable file download attempt | off | off | off |
| 1 | 42710 | FILE-EXECUTABLE | XOR 0xd9 encrypted portable executable file download attempt | off | off | off |
| 1 | 42711 | FILE-EXECUTABLE | XOR 0xda encrypted portable executable file download attempt | off | off | off |
| 1 | 42712 | FILE-EXECUTABLE | XOR 0xdb encrypted portable executable file download attempt | off | off | off |
| 1 | 42713 | FILE-EXECUTABLE | XOR 0xdc encrypted portable executable file download attempt | off | off | off |
| 1 | 42714 | FILE-EXECUTABLE | XOR 0xdd encrypted portable executable file download attempt | off | off | off |
| 1 | 42715 | FILE-EXECUTABLE | XOR 0xde encrypted portable executable file download attempt | off | off | off |
| 1 | 42716 | FILE-EXECUTABLE | XOR 0xdf encrypted portable executable file download attempt | off | off | off |
| 1 | 42717 | FILE-EXECUTABLE | XOR 0xe0 encrypted portable executable file download attempt | off | off | off |
| 1 | 42718 | FILE-EXECUTABLE | XOR 0xe1 encrypted portable executable file download attempt | off | off | off |
| 1 | 42719 | FILE-EXECUTABLE | XOR 0xe2 encrypted portable executable file download attempt | off | off | off |
| 1 | 42720 | FILE-EXECUTABLE | XOR 0xe3 encrypted portable executable file download attempt | off | off | off |
| 1 | 42721 | FILE-EXECUTABLE | XOR 0xe4 encrypted portable executable file download attempt | off | off | off |
| 1 | 42722 | FILE-EXECUTABLE | XOR 0xe5 encrypted portable executable file download attempt | off | off | off |
| 1 | 42723 | FILE-EXECUTABLE | XOR 0xe6 encrypted portable executable file download attempt | off | off | off |
| 1 | 42724 | FILE-EXECUTABLE | XOR 0xe7 encrypted portable executable file download attempt | off | off | off |
| 1 | 42725 | FILE-EXECUTABLE | XOR 0xe8 encrypted portable executable file download attempt | off | off | off |
| 1 | 42726 | FILE-EXECUTABLE | XOR 0xe9 encrypted portable executable file download attempt | off | off | off |
| 1 | 42727 | FILE-EXECUTABLE | XOR 0xea encrypted portable executable file download attempt | off | off | off |
| 1 | 42728 | FILE-EXECUTABLE | XOR 0xeb encrypted portable executable file download attempt | off | off | off |
| 1 | 42729 | FILE-EXECUTABLE | XOR 0xec encrypted portable executable file download attempt | off | off | off |
| 1 | 42730 | FILE-EXECUTABLE | XOR 0xed encrypted portable executable file download attempt | off | off | off |
| 1 | 42731 | FILE-EXECUTABLE | XOR 0xee encrypted portable executable file download attempt | off | off | off |
| 1 | 42732 | FILE-EXECUTABLE | XOR 0xef encrypted portable executable file download attempt | off | off | off |
| 1 | 42733 | FILE-EXECUTABLE | XOR 0xf0 encrypted portable executable file download attempt | off | off | off |
| 1 | 42734 | FILE-EXECUTABLE | XOR 0xf1 encrypted portable executable file download attempt | off | off | off |
| 1 | 42735 | FILE-EXECUTABLE | XOR 0xf2 encrypted portable executable file download attempt | off | off | off |
| 1 | 42736 | FILE-EXECUTABLE | XOR 0xf3 encrypted portable executable file download attempt | off | off | off |
| 1 | 42737 | FILE-EXECUTABLE | XOR 0xf4 encrypted portable executable file download attempt | off | off | off |
| 1 | 42738 | FILE-EXECUTABLE | XOR 0xf5 encrypted portable executable file download attempt | off | off | off |
| 1 | 42739 | FILE-EXECUTABLE | XOR 0xf6 encrypted portable executable file download attempt | off | off | off |
| 1 | 42740 | FILE-EXECUTABLE | XOR 0xf7 encrypted portable executable file download attempt | off | off | off |
| 1 | 42741 | FILE-EXECUTABLE | XOR 0xf8 encrypted portable executable file download attempt | off | off | off |
| 1 | 42742 | FILE-EXECUTABLE | XOR 0xf9 encrypted portable executable file download attempt | off | off | off |
| 1 | 42743 | FILE-EXECUTABLE | XOR 0xfa encrypted portable executable file download attempt | off | off | off |
| 1 | 42744 | FILE-EXECUTABLE | XOR 0xfb encrypted portable executable file download attempt | off | off | off |
| 1 | 42745 | FILE-EXECUTABLE | XOR 0xfc encrypted portable executable file download attempt | off | off | off |
| 1 | 42746 | FILE-EXECUTABLE | XOR 0xfd encrypted portable executable file download attempt | off | off | off |
| 1 | 42747 | FILE-EXECUTABLE | XOR 0xfe encrypted portable executable file download attempt | off | off | off |
| 1 | 42748 | FILE-EXECUTABLE | XOR 0xff encrypted portable executable file download attempt | off | off | off |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 42458 | PROTOCOL-DNS | ISC BIND unexpected DNAME CNAME ordering denial of service attempt | off | off | off |
| 1 | 42463 | FILE-IMAGE | Foxit Reader malformed DataSubBlock size attempt | off | off | off |
| 1 | 42464 | FILE-IMAGE | Foxit Reader malformed DataSubBlock size attempt | off | off | off |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 42459 | INDICATOR-COMPROMISE | Adobe Reader PDF embedded null JPEG image | off | off | off |
| 1 | 42460 | INDICATOR-COMPROMISE | Adobe Reader PDF embedded null JPEG image | off | off | off |
| 1 | 42466 | SERVER-OTHER | WinRadius long password denial of service attempt | off | off | off |
| 1 | 42475 | FILE-PDF | malformed embedded JPEG2000 image information disclosure attempt | off | off | drop |
| 1 | 42476 | FILE-PDF | malformed embedded JPEG2000 image information disclosure attempt | off | off | drop |
Updated rules can be found at this link.