Cisco Talos (VRT) Update for Sourcefire 3D System

* Talos combines our security experts from TRAC, SecApps, and VRT teams.

Date: 2018-01-18

This SRU number: 2018-01-18-001
Previous SRU number: 2018-01-16-001

Applies to:

This SEU number: 1785
Previous SEU: 1783

Applies to:

This is the complete list of rules added in SRU 2018-01-18-001 and SEU 1785.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.
145455EXPLOIT-KITRig Exploit Kit URI redirect attemptoffoffoff
145456SERVER-WEBAPPSamsung SRN-1670D network_ssl_upload.php arbitrary PHP file upload attemptoffoffoff
145458FILE-FLASHAdobe Flash Player movieclip attachbitmap use-after-free attemptoffoffoff
145459FILE-FLASHAdobe Flash Player movieclip attachbitmap use-after-free attemptoffdropdrop
145460PROTOCOL-FTPAyukov NFTP FTP Client buffer overflow attempt offoffdrop
145461PROTOCOL-FTPAyukov NFTP FTP Client buffer overflow attemptoffoffdrop
145462BROWSER-IEMicrosoft ChakraCore scripting engine memory corruption attemptoffoffoff
145463BROWSER-IEMicrosoft ChakraCore scripting engine memory corruption attemptoffoffoff
345465SERVER-WEBAPPSplunk daemon default admin credentials login attemptoffoffdrop
145466FILE-OFFICEMicrosoft Office None type objclass RTF evasion attemptoffdropdrop
145467FILE-OFFICEMicrosoft Office None type objclass RTF evasion attemptoffdropdrop
145468MALWARE-CNCSambaCry ransomware download attemptoffdropdrop
145469MALWARE-CNCSambaCry ransomware download attemptoffdropdrop
145470MALWARE-CNCSambaCry ransomware download attemptoffdropdrop
145471MALWARE-CNCSambaCry ransomware download attemptoffdropdrop
145472MALWARE-CNCSambaCry ransomware download attemptoffdropdrop
145473MALWARE-CNCSambaCry ransomware download attemptoffdropdrop
145474BROWSER-IEMicrosoft Edge scripting engine uninitialized pointers memory corruption attemptoffoffoff
145475BROWSER-IEMicrosoft Edge scripting engine uninitialized pointers memory corruption attemptoffoffoff
145476BROWSER-FIREFOXMozilla Firefox HTTP index format out of bounds read attemptoffoffoff
145477MALWARE-CNCWin.Backdoor.Triton Triton ICS malware transfer attemptoffdropdrop
145478MALWARE-CNCWin.Backdoor.Triton Triton ICS malware transfer attemptoffdropdrop
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.
145457SERVER-WEBAPPSamsung SRN-1670D cslog_export.php arbitrary file read attemptoffoffoff
345464PROTOCOL-VOIPCisco Unified Customer Voice Portal denial of service attemptoffoffoff