Cisco Talos Update for FireSIGHT Management Center

Date: 2020-01-09

This SRU number: 2020-01-08-001
Previous SRU number: 2020-01-06-001

Applies to:

This SEU number: 2109
Previous SEU: 2108

Applies to:

This is the complete list of rules added in SRU 2020-01-08-001 and SEU 2109.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
152550SERVER-WEBAPPTechnicolor TD5130v2 TD5336 routers command injection attemptoffoffdropdrop
152551SERVER-WEBAPPTechnicolor TD5130v2 TD5336 routers command injection attemptoffoffdropdrop
152552SERVER-WEBAPPTechnicolor TD5130v2 TD5336 routers command injection attemptoffoffdropdrop
152553SERVER-WEBAPPTechnicolor TD5130v2 TD5336 routers command injection attemptoffoffdropdrop
152554MALWARE-CNCUnix.Trojan.Mirai variant outbound Technicolor TD5130v2 TD5336 routers command injection attemptoffdropdropdrop
352555SERVER-WEBAPPCisco Webex Video Mesh Node command injection attemptoffoffdropdrop
352559SERVER-WEBAPPCisco IOS Web UI cross site request forgery attemptoffoffoffdrop
352560SERVER-WEBAPPCisco IOS Web UI cross site request forgery attemptoffoffoffdrop
152561POLICY-OTHERYachtcontrol webserver unauthenticated remote code execution attemptoffoffdropdrop
152562POLICY-OTHERYachtcontrol webserver unauthenticated remote code execution attemptoffoffdropdrop
152563MALWARE-CNCUnix.Trojan.Mirai variant outbound Yachtcontrol webserver unauthenticated remote code execution attemptoffdropdropdrop
152564MALWARE-CNCUnix.Trojan.Mirai variant outbound Yachtcontrol webserver unauthenticated remote code execution attemptoffdropdropdrop
152569BROWSER-FIREFOXMozilla multiple products SharedWorker MessagePort memory corruption attemptoffoffoffdrop
352570FILE-OTHERTRUFFLEHUNTER TALOS-2019-0973 attack attemptoffoffdropdrop
352571FILE-OTHERTRUFFLEHUNTER TALOS-2019-0973 attack attemptoffoffdropdrop
152572MALWARE-OTHERWin.Trojan.ZeroCleare variant payload download attemptoffoffdropdrop
152573MALWARE-OTHERWin.Trojan.ZeroCleare variant payload download attemptoffoffdropdrop
152574MALWARE-OTHERWin.Trojan.ZeroCleare variant payload download attemptoffoffdropdrop
152575MALWARE-OTHERWin.Trojan.ZeroCleare variant payload download attemptoffoffdropdrop
152576MALWARE-OTHERWin.Trojan.ZeroCleare variant payload download attemptoffoffdropdrop
152577MALWARE-OTHERWin.Trojan.ZeroCleare variant payload download attemptoffoffdropdrop
152578MALWARE-OTHERWin.Trojan.ZeroCleare variant payload download attemptoffoffdropdrop
152579MALWARE-OTHERWin.Trojan.ZeroCleare variant payload download attemptoffoffdropdrop
152580MALWARE-OTHERWin.Trojan.ZeroCleare variant payload download attemptoffoffdropdrop
152581MALWARE-OTHERWin.Trojan.ZeroCleare variant payload download attemptoffoffdropdrop
152582BROWSER-IEMicrosoft Edge object manipulation use-after-free attemptoffoffoffdrop
152583BROWSER-IEMicrosoft Edge object manipulation use-after-free attemptoffoffoffdrop
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
152565DELETEDOS-WINDOWS Microsoft Windows hacking attemptoffoffoffoff
152566DELETEDOS-WINDOWS Microsoft Windows hacking attemptoffoffoffoff
152567DELETEDOS-WINDOWS Microsoft Windows hacking attemptoffoffoffoff
152568DELETEDOS-WINDOWS Microsoft Windows hacking attemptoffoffoffoff