Cisco Talos Update for FireSIGHT Management Center

Date: 2020-02-20

This SRU number: 2020-02-19-001
Previous SRU number: 2020-02-17-001

Applies to:

This SEU number: 2127
Previous SEU: 2126

Applies to:

This is the complete list of rules added in SRU 2020-02-19-001 and SEU 2127.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
153148FILE-PDFAdobe Acrobat CTextWidget memory corruption attemptoffoffdropdrop
153149FILE-PDFAdobe Acrobat CTextWidget memory corruption attemptoffoffdropdrop
153150BROWSER-IEMicrosoft Internet Explorer onscroll use after free attemptoffoffdropdrop
153151BROWSER-IEMicrosoft Internet Explorer onscroll use after free attemptoffoffdropdrop
153152MALWARE-CNCWin.Trojan.CrimsonRAT outbound connectionoffdropdropdrop
153153MALWARE-CNCWin.Trojan.CrimsonRAT inbound commandoffdropdropdrop
153154MALWARE-CNCWin.Trojan.ObliqueRAT outbound connectionoffdropdropdrop
153155MALWARE-CNCWin.Trojan.ObliqueRAT outbound connectionoffdropdropdrop
153156MALWARE-OTHERDoc.Dropper.CrimsonRAT download attemptoffdropdropdrop
153157MALWARE-OTHERDoc.Dropper.CrimsonRAT download attemptoffdropdropdrop
153158MALWARE-OTHERWin.Trojan.CrimsonRAT download attemptoffdropdropdrop
153159MALWARE-OTHERWin.Trojan.ObliqueRAT download attemptoffdropdropdrop
153160MALWARE-OTHERWin.Trojan.ObliqueRAT download attemptoffdropdropdrop
153161MALWARE-OTHERWin.Trojan.ObliqueRAT download attemptoffdropdropdrop
153162MALWARE-OTHERWin.Trojan.ObliqueRAT download attemptoffdropdropdrop
153163MALWARE-OTHERDoc.Dropper.ObliqueRAT download attemptoffdropdropdrop
153164MALWARE-OTHERDoc.Dropper.ObliqueRat download attemptoffdropdropdrop
153165MALWARE-OTHERWin.Trojan.CrimsonRAT download attemptoffdropdropdrop
153166MALWARE-OTHERWin.Trojan.CrimsonRAT download attemptoffdropdropdrop
153167MALWARE-OTHERWin.Trojan.CrimsonRAT download attemptoffdropdropdrop
353168SERVER-WEBAPPCisco Unified Contact Center Express arbitrary JSP file upload attemptoffdropdropdrop
353169POLICY-OTHERPostgreSQL default credential login detectedoffoffalertalert
353171POLICY-OTHERCisco Data Center Network Manager password change detectedoffoffoffoff
353172POLICY-OTHERCisco Data Center Network Manager user add detectedoffoffoffoff
353173POLICY-OTHERCisco Data Center Network Manager server properties update detectedoffoffoffoff
353174POLICY-OTHERCisco Data Center Network Manager saveDefaultCredentials detectedoffoffoffoff
353175SERVER-WEBAPPCisco Data Center Network Manager cross site request forgery attemptoffoffdropdrop
353176SERVER-WEBAPPCisco Data Center Network Manager cross site request forgery attemptoffoffdropdrop
153177MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153178MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153179MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153180MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153181MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153182MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153183MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153184MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153185MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153186MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153187MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153188MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153189MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153190MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153191MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153192MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153193MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153194MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153195MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153196MALWARE-OTHERDoc.Trojan.Valyria variant download attemptoffoffdropdrop
153197MALWARE-OTHERWin.Keylogger.WindowsKeylogger variant download attemptoffoffdropdrop
153198MALWARE-OTHERWin.Keylogger.WindowsKeylogger variant download attemptoffoffdropdrop
153199BROWSER-PLUGINSHP Sprinter Tidestone Formula One DefaultFontName buffer overflow attemptoffoffoffdrop
153200BROWSER-PLUGINSHP Sprinter Tidestone Formula One DefaultFontName buffer overflow attemptoffoffoffdrop
153201BROWSER-PLUGINSHP Sprinter Tidestone Formula One DefaultFontName buffer overflow attemptoffoffoffdrop
153202BROWSER-PLUGINSHP Sprinter Tidestone Formula One DefaultFontName buffer overflow attemptoffoffoffdrop
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
353170SERVER-OTHERCisco Email Security Appliance mail log parsing denial of service attemptoffoffoffdrop