This SRU number: 2018-07-19-001
Previous SRU number: 2018-07-16-001
Applies to:
This SEU number: 1885
Previous SEU: 1883
Applies to:
This is the complete list of rules added in SRU 2018-07-19-001 and SEU 1885.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 47236 | MALWARE-CNC | Unix.Trojan.Prowli variant outbound connection | off | drop | drop | drop |
| 1 | 47237 | FILE-OTHER | Adobe Acrobat Pro XPS out-of-bounds read attempt | off | drop | drop | drop |
| 1 | 47238 | FILE-OTHER | Adobe Acrobat Pro XPS out-of-bounds read attempt | off | drop | drop | drop |
| 1 | 47239 | FILE-PDF | Adobe Acrobat Reader U3D data stream heap overflow attempt | off | off | drop | drop |
| 1 | 47240 | FILE-PDF | Adobe Acrobat Reader U3D data stream heap overflow attempt | off | off | drop | drop |
| 1 | 47241 | MALWARE-CNC | Win.Trojan.Mylobot additional payload download | off | drop | drop | drop |
| 1 | 47242 | MALWARE-CNC | Win.Trojan.Mylobot additional payload download | off | drop | drop | drop |
| 1 | 47243 | MALWARE-CNC | Win.Trojan.Mylobot inbound connection | off | drop | drop | drop |
| 1 | 47244 | MALWARE-CNC | Win.Malware.Ramnit outbound REGISTER_BOT beacon | off | drop | drop | drop |
| 1 | 47247 | FILE-IMAGE | Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt | off | off | drop | drop |
| 1 | 47248 | FILE-IMAGE | Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt | off | off | drop | drop |
| 1 | 47251 | FILE-OTHER | Adobe Acrobat Pro use after free attempt | off | off | off | off |
| 1 | 47252 | FILE-OTHER | Adobe Acrobat Pro use after free attempt | off | off | off | off |
| 1 | 47253 | POLICY-OTHER | cryptomining javascript client detected | off | drop | drop | drop |
| 1 | 47254 | FILE-OTHER | Microsoft Excel malicious CSV code execution attempt | off | off | drop | drop |
| 1 | 47255 | FILE-OTHER | Microsoft Excel malicious CSV code execution attempt | off | off | drop | drop |
| 1 | 47256 | FILE-OTHER | Microsoft Excel malicious CSV code execution attempt | off | off | drop | drop |
| 1 | 47257 | FILE-OTHER | Microsoft Excel malicious CSV code execution attempt | off | off | drop | drop |
| 1 | 47258 | FILE-OTHER | Microsoft Excel malicious CSV code execution attempt | off | off | drop | drop |
| 1 | 47259 | FILE-OTHER | Microsoft Excel malicious CSV code execution attempt | off | off | drop | drop |
| 1 | 47260 | FILE-OTHER | Microsoft Excel malicious CSV code execution attempt | off | off | drop | drop |
| 1 | 47261 | FILE-OTHER | Microsoft Excel malicious CSV code execution attempt | off | off | drop | drop |
| 1 | 47262 | FILE-OTHER | Microsoft Excel malicious CSV code execution attempt | off | off | drop | drop |
| 1 | 47263 | FILE-OTHER | Microsoft Excel malicious CSV code execution attempt | off | off | drop | drop |
| 1 | 47264 | MALWARE-CNC | Win.Trojan.ICLoader outbound connection | off | drop | drop | drop |
| 1 | 47265 | MALWARE-CNC | Win.Trojan.ICLoader outbound connection | off | drop | drop | drop |
| 1 | 47266 | FILE-OTHER | Adobe Acrobat Pro out-of-bounds read attempt | off | off | off | off |
| 1 | 47267 | FILE-OTHER | Adobe Acrobat Pro out-of-bounds read attempt | off | off | off | off |
| 1 | 47268 | FILE-OTHER | Adobe Acrobat Pro out-of-bounds read attempt | off | off | off | off |
| 1 | 47269 | FILE-OTHER | Adobe Acrobat Pro out-of-bounds read attempt | off | off | off | off |
| 1 | 47270 | FILE-PDF | Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt | off | off | drop | drop |
| 1 | 47271 | FILE-PDF | Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt | off | off | drop | drop |
| 1 | 47274 | FILE-OTHER | Adobe Acrobat Pro out-of-bounds read attempt | off | off | off | off |
| 1 | 47275 | FILE-OTHER | Adobe Acrobat Pro out-of-bounds read attempt | off | off | off | off |
| 1 | 47276 | FILE-OTHER | Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt | off | off | drop | drop |
| 1 | 47277 | FILE-OTHER | Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt | off | off | drop | drop |
| 1 | 47278 | MALWARE-OTHER | Win.Ransomware.Gandcrab variant network share encryption attempt | off | drop | drop | drop |
| 1 | 47279 | FILE-OTHER | Adobe Acrobat Pro out-of-bounds read attempt | off | off | off | off |
| 1 | 47280 | FILE-OTHER | Adobe Acrobat Pro out-of-bounds read attempt | off | off | off | off |
| 3 | 47281 | SERVER-OTHER | Cisco SD-WAN Solution default login attempt | off | off | drop | drop |
| 3 | 47282 | SERVER-OTHER | Cisco SD-WAN Solution default login attempt | off | off | drop | drop |
| 1 | 47283 | FILE-OTHER | Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt | off | off | drop | drop |
| 1 | 47284 | FILE-OTHER | Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt | off | off | drop | drop |
| 3 | 47285 | SERVER-OTHER | Cisco Policy Suite interface unauthenticated access attempt | off | off | drop | drop |
| 3 | 47286 | SERVER-OTHER | Cisco Policy Suite interface unauthenticated access attempt | off | off | drop | drop |
| 1 | 47287 | FILE-PDF | Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt | off | off | drop | drop |
| 1 | 47288 | FILE-PDF | Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt | off | off | drop | drop |
| 1 | 47289 | FILE-PDF | Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt | off | off | drop | drop |
| 1 | 47290 | FILE-PDF | Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt | off | off | drop | drop |
| 1 | 47291 | BROWSER-IE | Microsoft Internet Explorer CTreePos type confusion attempt | off | drop | drop | drop |
| 1 | 47292 | BROWSER-IE | Microsoft Internet Explorer CTreePos type confusion attempt | off | drop | drop | drop |
| 1 | 47293 | BROWSER-IE | Microsoft Internet Explorer CTreePos type confusion attempt | off | drop | drop | drop |
| 1 | 47294 | BROWSER-IE | Microsoft Internet Explorer CTreePos type confusion attempt | off | drop | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | |||
|---|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | Max. | ||||
| 1 | 47245 | FILE-OTHER | Adobe Acrobat Pro XPS TTF out-of-bounds read attempt | off | off | off | drop |
| 1 | 47246 | FILE-OTHER | Adobe Acrobat Pro XPS TTF out-of-bounds read attempt | off | off | off | drop |
| 1 | 47249 | FILE-OTHER | Adobe Acrobat Pro XPS out-of-bounds read attempt | off | off | off | drop |
| 1 | 47250 | FILE-OTHER | Adobe Acrobat Pro XPS out-of-bounds read attempt | off | off | off | drop |
| 3 | 47272 | OS-OTHER | DHCPv6 flood denial of service attempt | off | off | drop | off |
| 3 | 47273 | OS-OTHER | DHCPv6 flood denial of service attempt | off | off | drop | off |